Unreal mode

In x86 computing, unreal mode, also big real mode, huge real mode, flat real mode, or voodoo mode^[1] is a variant of real mode, in which one or more segment descriptors has been loaded with non-standard values, like 32-bit limits allowing access to the entire memory. Contrary to its name, it is not a separate addressing mode that the x86 processors can operate in. It is used in the 80286 and later x86 processors.

Overview[]

For efficiency reasons, the 80286 and all later x86 processors use the base address, size and other attributes stored in their internal segment descriptor cache whenever computing effective memory addresses, even in real mode. Therefore a modification of the internal segment descriptor allows altering some properties of segments in real mode, like the size of addressable memory. This technique became widely used and is supported by all Intel processors.^[2]

HIMEM.SYS uses this feature to address extended memory,^[3] unless DOS is switched to run in a virtual 8086 mode that is incompatible with unreal mode.

One of the very few games—if not the only one—that used unreal mode was Ultima VII.^[4]^[5]

Unreal mode is used by BIOS code as this is the initial mode of modern Intel processors.^[6] Furthermore, the System Management Mode (SMM) in Intel 386SL and later processors places the processor in huge real mode.^[7]

A program in unreal mode can call 16-bit code programmed for real mode (BIOS, DOS kernel and drivers) without any thunking. This makes an unreal mode driver simpler than a DPMI driver. However unreal mode is incompatible with protected mode operating systems such as Windows 3.x/9x/NT and OS/2.

Big real mode has a 1 MB code segment and a 4 GB data segment.^[8]^[9]

Some boot loaders (such as LILO) use the unreal mode to access up to 4 GB of memory.

Enabling unreal mode[]

To put an 80386 or higher microprocessor into unreal mode, a program must first enter protected mode, find or create a flat descriptor in the GDT or LDT, load some of the data segment registers with the respective protected mode "selector", and then switch back to real mode. After returning to real mode, the processor will continue using the cached descriptors as established in protected mode, thus allowing access to 4 GiB of extended memory from real mode.^[9]

The 80286 microprocessor can be put into unreal mode only with help of the undocumented instruction LOADALL to modify the hidden segment base registers to point to the source or target memory location above 1 MiB.^[3]

Starting with the 80386, real mode programs can use the 32 bit registers with the Address Size Override Prefix.^[10] This allows programs to use an address like DS:[EBX]. In normal real mode, a fault occurs if EBX exceeds 0xFFFF. In unreal mode, the access is allowed.

Variants of unreal mode[]

As described above, unreal mode usually involves using one or more data selectors to address data in memory more efficiently. This has been common practice and often referred to as "flat real mode"^[11] or "big real mode".^[12] The "huge real mode" is a variant where also the code segment is extended to 4 GiB.^[13]^[9]

A special case of unreal mode is attained by, in addition, loading the code selector (CS) from a descriptor having the 32-bit attribute ("D" bit) set to one. This rarely used variant presents some advantages, mainly because it allows avoiding the Operand Size Override Prefixes normally required when using 32-bit addressing in 16-bit code segment, but it is more difficult to set up. Since real mode interrupts do not automatically preserve the high sixteen bits of the extended instruction pointer (EIP), the code needs to either fit in the low portion of code segment or be able to preserve and restore the high bits of EIP in some way. In addition, if BIOS or DOS interrupt functions that use 16-bit code are to be called, mode switching is required to switch the "D" bit back and forth. Some emulators do not support emulation of programs running in this variant of unreal mode.^[14]

References[]

^ Salihun, Darmawan (2013-09-16). "System Address Map Initialization in x86/x64 Architecture Part 1: PCI-Based Systems" (PDF). Retrieved 2019-08-19.
^ Gutmann, Peter (2004) [2003]. Cryptographic Security Architecture: Design and Verification. Springer Science & Business Media. p. 58. ISBN 978-0-387-95387-8. Retrieved 2017-01-04. […] Unreal mode became so widely used […] that Intel was forced to support it in all later processors, although its presence was never documented […]
^ ^a ^b Necasek, Michal (2011-03-18). "HIMEM.SYS, unreal mode, and LOADALL". OS/2 Museum. Archived from the original on 2017-01-03. Retrieved 2017-01-03.
^ Riiser, Haakon. "HIMEM.SYS and unreal/flat real mode, EMM386 and UMBs". Newsgroup: comp.os.msdos.programmer. Archived from the original on 2019-04-21. Retrieved 2017-10-14.
^ http://www.os2museum.com/wp/a-brief-history-of-unreal-mode/
^ Pelner, Jenny; Pelner, James. "Minimal Intel Architecture Boot Loader". Retrieved 2017-10-14.
^ Domas, Christopher (2015). "The Memory Sinkhole: An architectural privilege escalation vulnerability" (PDF). Battelle Memorial Institute. Archived (PDF) from the original on 2017-01-04. Retrieved 2017-01-04. The processor loads an architecturally defined system state "Unreal" mode
^ https://images2015.cnblogs.com/blog/363515/201512/363515-20151204133744658-1001794631.jpg
^ ^a ^b ^c "Unreal Mode". Archived from the original on 2017-01-03. Retrieved 2015-02-18.
^ "X86-64 Instruction Coding". Archived from the original on 2017-01-03. Retrieved 2015-02-18.
^ "Flat Real Mode". 1998-03-16. Archived from the original on 2017-10-14.
^ Brown, Ralf D. "Interrupt List". INT 80 (AMI BIOS). Retrieved 2017-10-14.
^ Brown, Ralf D. "Interrupt List". INT 78 (HugeRealMode Driver). Retrieved 2017-10-14.
^ Grysztar, Tomasz (2010-09-17). "unREAL Mode". Retrieved 2017-10-14.

Further reading[]

IBM Operating System/2 Technical Reference - Programming Family (PDF). Vol. 1 (1st ed.). IBM. September 1987 [1986]. Archived (PDF) from the original on 2017-01-03.
Roden, Thomas (November–December 1989). Written at Irvine, California, USA. "Four Gigabytes in Real Mode - A slick trick to access large memory spaces on the 80386 from DOS". Programmer's Journal - The Resource Journal for IBM PC Programmers. 386 Now. Vol. 7, no. 6. Eugene, Oregon, USA: Oakley Publishing Company. pp. 89–94. ISSN 0747-5861. Archived from the original on 2020-02-21. Retrieved 2020-02-21.
Williams, Al (July 1990). "DOS + 386 = 4 Gigabytes!". Dr. Dobb's Journal. Vol. 15. People's Computer Company. pp. 62–71. [1][2] Errata: [3]
Williams, Al (1991). "Chapter 18: Accessing 4 Gigabytes in Real Mode". DOS 5: A Developer's Guide - Advanced Programming Guide to DOS (1 ed.). Redwood City, California, USA: M&T Publishing, Inc. / Prentice Hall International (UK) Limited. pp. 691–712. ISBN 0-13-217993-8. (NB. Implements "Big real mode" SEG4G.)
Lespinasse, Michel. "How to kick out a memory manager". Amiens, France: Walken / Impact Studios. Archived from the original on 2017-01-03. Retrieved 2015-10-21.
Intel IA-32 Software Developer's Manual - Volume 3A
The Unabridged Pentium 4: IA32 Processor Genealogy, Addison Wesley ISBN 0-321-24656-X. "Big real mode"
"Call HugeRealMode Server "Enable Two-Stage Interrupt Model" function".
Necasek, Michal (2018-06-15). "A Brief History of Unreal Mode". OS/2 Museum. Archived from the original on 2018-09-15. Retrieved 2018-09-15.
"Descriptor Cache Registers".
Chappell, Geoff (January 1994). Schulman, Andrew; Pedersen, Amorette (eds.). DOS Internals. The Andrew Schulman Programming Series (1st printing, 1st ed.). Addison Wesley Publishing Company. ISBN 978-0-201-60835-9. (xxvi+738+iv pages, 3.5"-floppy [4][5]) Errata: [6][7][8]
https://patents.google.com/patent/US5642491 "Method for expanding addressable memory range in real-mode processing to facilitate loading of large programs into high memory"

[Darmawan_1-1] Salihun, Darmawan (2013-09-16). "System Address Map Initialization in x86/x64 Architecture Part 1: PCI-Based Systems" (PDF). Retrieved 2019-08-19.

[Gutmann_2004-2] Gutmann, Peter (2004) [2003]. Cryptographic Security Architecture: Design and Verification. Springer Science & Business Media. p. 58. ISBN 978-0-387-95387-8. Retrieved 2017-01-04. […] Unreal mode became so widely used […] that Intel was forced to support it in all later processors, although its presence was never documented […]

[Necasek_2011-3] Necasek, Michal (2011-03-18). "HIMEM.SYS, unreal mode, and LOADALL". OS/2 Museum. Archived from the original on 2017-01-03. Retrieved 2017-01-03.

[Riiser_2004-4] Riiser, Haakon. "HIMEM.SYS and unreal/flat real mode, EMM386 and UMBs". Newsgroup: comp.os.msdos.programmer. Archived from the original on 2019-04-21. Retrieved 2017-10-14.

[History-5] ttp://www.os2museum.com/wp/a-brief-history-of-unreal-mode/

[Intel_Boot-6] Pelner, Jenny; Pelner, James. "Minimal Intel Architecture Boot Loader". Retrieved 2017-10-14.

[Domas_2015-7] Domas, Christopher (2015). "The Memory Sinkhole: An architectural privilege escalation vulnerability" (PDF). Battelle Memorial Institute. Archived (PDF) from the original on 2017-01-04. Retrieved 2017-01-04. The processor loads an architecturally defined system state "Unreal" mode

[CNBlogs-8] ttps://images2015.cnblogs.com/blog/363515/201512/363515-20151204133744658-1001794631.jpg

[Unreal_Mode-9] "Unreal Mode". Archived from the original on 2017-01-03. Retrieved 2015-02-18.

[X86-64-10] "X86-64 Instruction Coding". Archived from the original on 2017-01-03. Retrieved 2015-02-18.

[FRM-11] "Flat Real Mode". 1998-03-16. Archived from the original on 2017-10-14.

[RBIL_80-12] Brown, Ralf D. "Interrupt List". INT 80 (AMI BIOS). Retrieved 2017-10-14.

[RBIL_780000-13] Brown, Ralf D. "Interrupt List". INT 78 (HugeRealMode Driver). Retrieved 2017-10-14.

[Grysztar_2010-14] Grysztar, Tomasz (2010-09-17). "unREAL Mode". Retrieved 2017-10-14.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]