- NAME
- Funny Little Numbers
- Abbreviations
- A Detour
- Memory Addresses
- Common Values
- A Memory Map
- RAM
- ROM
- PROM = Programmable Read-Only Memory
- EPROM = Erasable Programmable Read-Only Memory
- POST = Power On Self Test.
- BIOS = Basic Input-Output System
- ROM BIOS
- ROM BIOS Extensions
- CMOS Memory = Complementary Metal-Oxide Semiconductor (read/write) Memory
- Conventional Memory
- Interrupt Vector Table
- Extended Memory
- Expansion Memory
- XMS
- Expanded Memory
- EMS
- LIM 3.2
- EEMS
- EMS 4.0
- Expanded-Enhanced Confusion
- Physical Memory
- It matters, sometimes
- Modes
- A Real IBM AT
- An Unreal Memorex Telex AT
- Author
In this article I shall refer to numbers in two ways.
One way is to specify the number in decimal, just by stating it. Eg: 1024.
The other way is to specify the number in hexadecimal. I shall use theconvention of preceding every hex number with 0x. Eg: 0xF = 15.
Other writers use the convention of appending an 'h' or an 'H' to hexnumbers. Thus FH = Fh = 15.
1 Kb = 1 Kilobyte = 1024 bytes. 1 Mb = 1 Megabyte = 1024 * 1 Kb = 1,048,576 bytes. 1 Gb = 1 Gigabyte = 1024 * 1 Mb = heaps.The preceding would suggest 360 Kb floppies hold 360 * 1024 = 368,640 bytesof data. They don't.
Floppy disk sizes (that is, available space):
360 Kb = 362,496 bytes. 720 Kb = 730,112 bytes. 1.2 Mb = 1,213,592 bytes. 1.44 Mb = 1,457,664 bytes.Just to make things difficult, memory addresses are normally written not asone but as two hex numbers. Eg: 0x9FFF:000F. On the left of the colon isthe Segment part, and on the right is the Offset part.
What does this number really mean? Well, the Segment and Offset parts areadded by shifting the Segment left one (hex) digit and then adding theOffset, thus:
0x9FFF0 + 0x 000F = 0x9FFFF = 655,359
Now, 0 to 655,359 is the same as 1 to 655,360. That is, 1 to 640 Kb. Lo andbehold! The infamous 640 Kb DOS memory limit consists of memory addressesfrom 0 to 655,359, that is, 0 to 0x9FFF:000F.
Another example: 1 Mb of memory occupies addresses from 0 to 0xFFFF:000F.That is, since 1 Mb = 1,048,576, 0 to
0xFFFF0 + 0x 000F = 0xFFFFF = 1,048,575
Note also that a memory address can be written in many equivalent ways.0x000F:0045 = 0x0010:0035 = 0x0011:0025 = 0x0013:0005.
Let's see what these mean:
0x00130 + 0x 0005 = 0x00135 = 309
0x000F0 + 0x 0045 = 0x00135 = 309
That is, all represent physical address 309. By convention, when the Offsetpart is from 0 to 0xF the address is said to be Normalized. Thus0x0013:0005 is Normalized, whereas the other forms aren't.
0xFFFF = 65535 0xFF = 255
Since 0xFF = 255, then 0 to 0xFF = 0 to 255. Now, in 0 to 255 there are 256different values, which is precisely how many different values can berepresented in 8 bits. And 8 bits is a byte!
So all values from 0 to 0xFF can be stored in 1 byte, and all values from 0to 0xFFFF can be stored in 2 bytes (1 word on some machines. Some machinesuse 4 bytes per word).
Consequently, it takes 2 bytes to hold a Segment part and 2 bytes to holdan Offset part.
Finally then, it takes 4 bytes to hold a complete memory address of theform Segment:Offset.
1 Mb = 0x10000:0000
1 Mb-1 = 0xFFFF:000F End System BIOS area 960 Kb 0xF000:0000 | = 128 Kb 896 Kb 0xE000:0000 Start System BIOS area
896 Kb-1 = 0xDFFF:000F End Expansion card BIOS area 832 Kb 0xD000:0000 | = 128 Kb 768 Kb 0xC000:0000 Start Expansion card BIOS area
768 Kb-1 = 0xBFFF:000F End Video RAM 704 Kb 0xB000:0000 | = 128 Kb 640 Kb 0xA000:0000 Start Video RAM
640 Kb-1 = 0x9FFF:000F End DOS RAM 576 Kb 0x9000:0000 | 512 Kb 0x8000:0000 | 448 Kb 0x7000:0000 | 384 Kb 0x6000:0000 | 320 Kb 0x5000:0000 | = 640 Kb 256 Kb 0x4000:0000 | 192 Kb 0x3000:0000 | 128 Kb 0x2000:0000 | 64 Kb 0x1000:0000 | 0 Kb 0x0000:0000 Start DOS RAMRandom Access (read/write) Memory. This is a generic term which appliesequally to Conventional Memory, Expansion Memory, Extended Memory, ExpandedMemory and (perhaps) CMOS Memory.Read-Only Memory. A chip with an unchangeable bit pattern burned into it.The bit pattern may in fact be data or a program.Writing into a read-only chip sounds like a contradiction in terms. What itmeans is that by putting the chip in some piece of special equipment (aPROM burner) the input current can be made so high that a bit pattern isforced into the chip despite its 'read-only' design.
When such a chip is put in a PC it is read-only because the design of thePC ensures such high currents do not appear on the chip's input lines,except during a catastrophe!
In other words, you can obliterate the existing bit pattern and re-programthe chip, perhaps repeatedly, as you debug the program.In contradistinction to the English saying 'crash-and-burn', thisprogramming technique is called 'burn-and-crash'. First you burn theprogram into the chip. Then you run the program and it crashes...
That is, when the power is switched on, the machine runs a self-testprogram. Guess where the POST program is stored. Right! In ROM. Part ofthis self-test is the determination of the amount of physical memory in themachine. The result is stored in CMOS.This is actually the name of a program which has been burned into a chip.The chip is a ROM chip.This BIOS is a feature of Intel microprocessors, rather than of DOS. See p68 of The MS-DOS Encyclopedia.
When the computer starts running the microprocessor automatically beginsexecuting code at 0xFFFF:0000. It does this by setting the Code Segment(CS) register to segment 0xFFFF, and the Instruction Pointer (IP) registerto 0x0000.
Thus CS:IP points to (contains) 0xFFFF:0000, and it is from this addressthat the CPU takes the next instruction to be executed.
This instruction is usually a jump to the BIOS's initialization code, afterwhich the code scans bootable drives looking for a copy of DOS (or someother operating system) to load and run.
Same as BIOS.More programs in ROM chips. Usually, each expansion card in your machinewill have on it a ROM chip containing a program - a ROM BIOS Extension. Theprogram is dedicated to control of that expansion card.ROM BIOS Extensions are sometimes called Supplementary ROM support.
These ROM BIOS Extensions are executed at boot time because the one trueROM BIOS scans memory addresses from 0xC000:0000 to 0xE800:0000 (or, saysthe MS-DOS Encyclopedia, from 0xA000:0000 to 0xF000:0000) in 2 Kb jumps,looking for signature bytes. These bytes, 0x55 0xAA I believe, indicatecode is lurking at that address, waiting to be executed.
When the BIOS code sees the signature it jumps to that address (or maybejust beyond it), and the code is executed. This gives the ROM BIOSExtension the chance the strut its stuff. Most likely it will do twothings: (1) Execute initialization code, and (2) store into DOS's InterruptTable the address of its Strategy Routine - that is the code to which DOSis to jump when an interrupt of the appropriate type occurs.
You can look for this signature using Debug as follows. The '-' below isDebug's prompt. The 'd' means dump (i.e. display) memory starting from thegiven address. The 'q' means quit. Each line is terminated with an<Enter>. This process is quite safe.
Warning. Hex numbers in Debug do not have 0x signs.
C:\>debug -d C000:0 -d C800:0 -q
The output looks like:
C000:0000 55 AA ... C000:0010 AB CD ...
This means Segment 0xC000 is being dumped. The first line consists of byteswhose Offsets are 0x0000 to 0x000F (0 to 15). The second consists of bytes0x0010 to 0x001F (16 to 31).
Debug always puts a '-' in the middle of the line.
Alternately, run the Norton utility SI - System Information.
Another example: At 0xFFFF:000E is the machine ID byte. If you examine thisbyte you might find one of these values:
Value Machine 0xFF PC 0xFE XT 0xFD PC jr 0xFC AT 0xFB XT/2 0xFA PS/2 model 30 0xF9 Convertible 0xF8 PS/2 model 80
Try
C:\>debug -d FFFF:0 -q
The output looks like:
FFFF:0000 EA 5B E0 00 F0 30 31 2F-31 35 2F 38 38 FF FC 00 .[...01/15/88...
30 31 2F 31 35 2F 38 38 is just 01/15/88, i.e. a date in Month/Day/Yearformat.
Further, since this line is bytes 0x0000 to 0x000F, the second last is byte0x000E, i.e. 0xFFFF:000E. You can see its value is 0xFC. Thus the machineis an AT.
Given a lot of other information which I'll skip, it is possible todetermine the machine sub-model. Eg: there are three (3) types of XTs, notcounting the PS/2 pseudo-XTs.
In other words, RAM.CMOS is only present in AT class machines. Earlier machines, PCs and XTs,don't have it.
This type of RAM consumes an extremely small amount of power. The data init is preserved, when the machine's power is off, by torch-style batteries.
CMOS holds certain configuration data describing the machine's hardware, aswell as the date and time.
CMOS normally consists of just 64 bytes.
Many AT class machines come with a program called SETUP which allows you toread and write the values in CMOS. In some machines this program is not ondisk, but in ROM. During the POST the checksum of the CMOS is calculated,and if the calculated value does not match the value stored in CMOS theSETUP program is run, or at least a message appears giving you a choice ofrunning it or ignoring the error.
Of course, given the format of the CMOS memory and the format of the readand write commands required, you can access this memory with your ownprogram.
This is the term for memory up to 1 Mb.This Conventional Memory is directly addressable by an Intel microprocessor(running DOS, say, in Real Mode).
In fact, machines which are alleged to come with only 640 Kb of RAM willalways comes with at least some memory in the range 640 Kb to 1 Mb. Afterall, they need Video RAM (at 0xA000:0000) to use a screen, and all8086/8088-compatible microprocessors will have a BIOS (at 0xF000:0000).
DOS and other programs occupy the region 0 to 640 Kb.
If the machine has only 512 Kb, a gap exists from 512 Kb to 640 Kb.However, there will still be some memory above 640 Kb, as stated above.
In other words, memory need not be contiguous. There can be gaps in it,meaning there literally is no memory at certain addresses (address ranges).
In fact, IBM generously delivered my AT with a whopping 128 Kb ofConventional Memory! That's why I bought an Extended Memory card... Thelatter has 2 Mb on it, 512 Kb of which is used to 'backfill' ConventionalMemory up to 640 Kb (128 + 512), while the other 1536 Kb (2048 - 512) isused for a RAM disk.
The first 1 Kb of Conventional Memory holds the Interrupt Vector Table,which consists of 256 addresses, each of 4 bytes.Remember, it takes 4 bytes to hold a memory address of the formSegment:Offset.
Each 4-byte address is called an interrupt vector, and is allocated to aninterrupt of a specific type.
When an interrupt occurs, the CPU saves the state of the machine and jumpsto the corresponding interrupt address. The code pointed to is a StrategyRoutine which handles its own interrupt and returns. The CPU restores thestate of the machine and continues executing the interrupted program.
Eg: every time a key is pressed or released, interrupt 0x09 is triggered.That is, the CPU jumps to the address stored in bytes 0x24 to 0x27.
Various programs (the BIOS, ROM BIOS Extensions and user programs) storeaddresses into this first 1 Kb. By doing so they announce they will handleinterrupts of the type whose address they have changed to point tothemselves. This process is called 'hooking an interrupt'.
Let's take the case of a non-BIOS program. Eg: we might write a programsuch that when a particular key is hit, the program 'pops-up'.
From the program's point of view, here's what happens:
1. The program is written in such a way that part of it is a Strategy Routine for a given interrupt. 2. The program is run by the user. 3. While running, the program determines the address in memory of its Strategy Routine. 4. The program stores this address in the interrupt vector table, at the address corresponding to key-stroke interrupts. 5. The program jumps into DOS via interrupt 0x21, and requests DOS that it, the program, Terminate-and-Stay-Resident (TSR). 6. Thereafter, whenever the user hits a key, the key-stroke interrupt is executed. The Strategy Routine examines the key-stroke and decides whether or not to pop-up.
In reality, we wouldn't hook interrupt 0x09, which is executed twice perkey-stroke (press, release). We'd hook interrupt 0x16, which is executedevery time a complete key-stroke is available in the BIOS's key-boardbuffer.
Since DOS was not designed to cleanly support such manoeuvres, suchprogramming is fraught with difficulties...
PCs and XTs can't have Extended Memory.It is memory beyond the 1 Mb boundary. That is, its physical address startsat 1 Mb. There can be up to 15 Mb of Extended Memory.
It is only addressed by a 286/386 processor running in Protected Mode.Since DOS runs in Real Mode, it (DOS) cannot directly address ExtendedMemory, let alone execute code residing in the latter. However, somesoftware can access this memory.
In fact, there are several ways to access it.
1. Use a DOS program like VDISK or RAMDRIVE to treat the memory as a RAM disk. 2. Use certain DOS functions to transfer blocks of data between Conventional Memory and Extended Memory. 3. Use an Extended Memory Manager written to the Extended Memory Specification. These have names like HIMEM.SYS, 386^MAX, QEMM...This is IBM's phrase for Extended Memory. I kid you not.
IBM ATs come with a diagnostic floppy. Booting from this enables you tostore and change values in CMOS.
When specifying the amount of Extended Memory in your machine, you do itwhen the SETUP program asks for Expansion Memory.
Clear? I'm so glad.
By the way, this SETUP program has a menu choice for copying floppies. Youmust use it to copy the diagnostics floppy itself. If you use DISKCOPY tocopy the diagnostics floppy, there are no error messages, but the resultantcopy will not boot.
The Extended Memory Specification. It is a systematic method for readingand writing Extended Memory. This spec is much more recent than theExpanded Memory Specification (EMS).PCs, XTs and ATs can all have Expanded Memory.Access to it is via the EMS, a hardware and software combination tocircumvent the 1 Mb addressing limit of the Intel processors operating inReal Mode. I'll refer to it as EMS Memory. The software is called anExpanded Memory Manager (EMM).
There can be up to 8 Mb of EMS Memory.
It's physical address doesn't sit beyond the 1 Mb boundary. In fact, itdoesn't sit anywhere. This is explained in LIM 3.2 below.
The Expanded Memory Specification. It is a systematic method for readingand writing Expanded Memory. This spec has gone through several versions.EMS is now taken to mean EMS 4.0.
Lotus/Intel/Microsoft: These companies produced the first EMS, version 3.2,which is thus known as LIM 3.2.It allows programs to map (utilize) pages of Expanded Memory, each of 16Kb. At most, 4 such pages can be mapped at once.
Mapping means the pages have their addresses fiddled so that they look likethey reside in the address range 640 Kb to 1 Mb. This in turn means theyare accessible by DOS, but cannot reside in the lower 640 Kb address range.
The Enhanced Expanded Memory Specification. This followed LIM 3.2. It wasdesigned by AST Research, Quadram and Ashton-Tate.It allows programs to map up to 64 pages at a time. Pages can be mappedinto the address range 0 Kb to 1 Mb.
The LIM companies upgraded EMS to be a super-set of EEMS, producing EMSversion 4.0 in the process. AST Research, Quadram and Ashton-Tate then cameto the party.As if all that madness wasn't enough, there is Expanded Memory and ExpandedMemory.Some PC memory expansion cards contain hardware support for EMS 4.0, aswell as the memory chips themselves, and thus this memory is absolutelyExpanded Memory. However, an EMS Manager can make some or all of it looklike Extended Memory.
Some expansion cards don't have this hardware support, and thus the memoryis absolutely Extended Memory. However, an EMS Manager can make some or allof it look like Expanded Memory.
Lastly, a few early expansion cards had hardware support for only 4 pagesof Expanded Memory, not 64 pages, and thus don't fit the definition of EMS4.0. At the worst they are misrepresented as being EMS 4.0 compatible. Theyaren't.
Now, does it matter? Yes, but first another detour.
This is the amount of memory held in two (2) places in CMOS. It is ExtendedMemory. One value is the amount specified by the user of the SETUP program.The other value is the amount detected during the POST.These values do not include Expanded Memory with hardware support.
These values do include Extended Memory made to look like Expanded Memoryby an EMS Manager.
Don't forget, at the time of the POST the EMS Manager has not yet startedrunning. After the POST, DOS will be loaded and CONFIG.SYS will beprocessed. A command in CONFIG.SYS will load the EMS Manager.
Going back to the POST, memory will be of three types:
- Conventional Memory. - Expanded Memory forced to look like Expanded Memory by the presence of hardware support. - Extended Memory, i.e. everything else.I have just written a program which displays the amount of memory in amachine. Simple, you'd think. It wasn't.
Eg: DOS might tell you Total Extended Memory is 0, because an XMS Manageris installed.
On the other hand, getting Physical Extended Memory from CMOS is notdefinitive, because an EMS Manager might be supplying extra Extended Memoryout of Expanded Memory.
8086/8088-compatible microprocessors run in Real Mode.The 286/386/486 series can run in Real or Protected Mode.
Now, what do these Modes mean?
In short, very short, I'll just say: Be aware that in Protected Mode themicroprocessor can execute certain privileged instructions not available inReal Mode. In other words the chip is more powerful in Protected Mode thanin Real Mode.
This begs the question: Why manufacture a chip like this?
The simple answer is that many years ago when the 8086/8088s were beingdesigned, chip fabrication technology was only good enough to allow RealMode chips to be manufactured. Don't forget the design constraints ofsimplicity and an incredibly cheap retail price.
The real answer is that at first technology restricted the sophisticationof the chip, for sure, but later new technology enabled a chip to bemanufactured whose design (Real/Protected Mode) modelled the human brain(Conscious/Unconscious Mode).
Similarly, humans create institutions which also model the brain. Takedemocracy for example.
It is implemented with two Houses of Parliament:
State Real Protected Victoria Legislative Council Legislative Assembly Australia Senate House of Representatives England House of Lords House of Commons America Congress House of Representatives - Brain Conscious Unconscious Literature Dr. Jekyll Mr. Hyde (hide, get it?)
This arrangement contrasts nicely with that pertaining in a dictatorship...
0x0000:0000 to 0x9FFF:000F = 640 Kb of DOS RAM. 0xB800:0000 to 0xBFFF:000F = 32 Kb of Video RAM. 0xC000:0000 to 0xC9FF:000F = 32 Kb of Video (EGA/VGA) BIOS, that is, a ROM BIOS Extension. 0xCA00:0000 to 0xCFFF:000F = 32 Kb of Floppy controller card BIOS, that is, a ROM BIOS Extension.
Note 1: The Video BIOS and Floppy controller card BIOS are not reallyexactly 32 Kb long.
Note 2: Using Debug to dump memory, I see that printable text (displayedduring booting) in the Floppy controller card BIOS actually starts at0xC9EF:0378.
0x0000:0000 to 0x9FFF:000F = 640 Kb of DOS RAM. 0xB800:0000 to 0xBFFF:000F = 32 Kb of Video RAM. 0xC000:0000 to 0xC9FF:000F = 32 Kb of Video (VGA) BIOS.
Author
Ron Savage.
Home page: http://savage.net.au/index.html
- Version: 1.01 01-Jun-2006
This version disguises my email address.
- Version: 1.00 18-Feb-2002
Original version.
Licence
Australian Copyright © 2002 Ron Savage. All rights reserved.
All Programs of mine are 'OSI Certified Open Source Software';you can redistribute them and/or modify them under the terms ofThe Artistic License, a copy of which is available at:http://www.opensource.org/licenses/index.html