id,summary,reporter,owner,description,type,status,component,version,resolution,keywords,cc,guest,host
5200,"mov rsi,rcx doesn't work in Virtual Box 3.0.8",Jonathan Markland,,"
** NOTE:  This report does NOT concern a mainstream guest OS. **

I have developed a loader for a small X86-64 hobby OS system.  This consists of a bootable floppy-disc image, which loads a binary image into memory, and executes it in 64-bit ""long"" mode.  I have the following to report:

My system boots and runs fine on:

	- The BOCHS PC Simulator 2.4.1 (booting from floppy image file)
	- Advent T9610 PC Intel Quad Core Q6600 (booting from CD el-torito floppy emu)
	- DELL M2300 Laptop Dual core Intel (booting from CD el-torito floppy emu)

However, my system does NOT work when booting from floppy image mounted in Virtual Box 3.0.8.  I get a guru error and VBOX bombs out with *either* a clean guru error box, or a dirty Vista-standard ""this program has stopped working"" dialog.  [In fact this might even be a second issue I can report -- something to do with MSVCR80.dll] However, the primary issue concerns me more.

I do not know if there are debug facilities within VBOX, so I am debugging by inserting an infinite loop ""jmp $"" in my NASM code, re-building and running.  If VBOX hits this and loops forever and does NOT guru on me, I consider this a ""test pass"".  If VBOX does not get this far because of a guru error I consider this a ""test fail"". 

Test results and source code snippets included below.


In brief:

In a routine to render a text message onto the (graphics mode) linear frame buffer :

mov rsi,rcx (of all things) appears not to work:

	0x0000000000210781    4889CE   mov rsi,rcx

On entry, rcx is 0x210fdd, which is the address of a message string:

	0x0000000000210fdd    db ""TEST MESSAGE"",0

When executed at address 0x210781, with rcx=0x210fdd and rsi=0xccccCCCCccccCCCC,
and the null-terminated ASCII string ""TEST MESSAGE"" at address 0x210fdd, according to VBOX.LOG, ""mov rsi,rcx"" appears to load rcx with value ""0x53454d2054534554"" rather than the expected 0x210fdd.

** Interestingly, ""0x53454d2054534554"" would be mov rsi,[rcx] **


OTHER NOTES

I am using the 2MB page size.  The above memory is covered by a 2MB page at address 0x200000 (2MB).

Opcode ""4889CE"" was generated by the NASM assembler, version 2.06 compiled on Jun 29 2009, and was dis-assembled by the graphic debugger in BOCHS PC Simulator v 2.4.1

Also, the following is the first line of code in my GP Fault (exception 13) handler, however the system is so broken by this stage, it never runs:

00:00:03.487 CPUM: 0008:0000000000210b60 4c 8d 3d 05 00 00 00    lea r15, [000000005h wrt rip]


TEST NOTES IN DETAIL FOLLOW.  
Here I am illustrating the pertinent part of the routine, and I move the ""jmp $"" infinite-loop instruction down one place per test:


=== TEST 1 : Prove RCX is an OK address  ========

sv_printf:

	; Called from C++
	; RCX = address of message string

	PUSHAQ

	call get_kh_screen_base 
	; NOTE: RDI is now the screen memory base address
		
	xchg bx,bx     ; DEBUG:  This is just the BOCHS Pc-Simulator's breakpoint (benign otherwise)
	mov AL,[RCX]   ; DEBUG:  Prove RCX is OK (if VirtualBox doesn't crash)
jmp $          ; DEBUG   Infinite loop here (no Guru message if all is OK)

	mov RSI,RCX ; Move address of string into RSI

	mov AL,[RSI]   ; DEBUG   Prove RSI is OK (if VirtualBox doesn't crash)
		
TEST RESULT:  PASS




=== TEST 2 : Prove mov RSI,RCX doesn't immediately crash ===========

sv_printf:

	; Called from C++
	; RCX = address of message string

	PUSHAQ

	call get_kh_screen_base 
	; NOTE: RDI is now the screen memory base address
		
	xchg bx,bx     ; DEBUG:  This is just the BOCHS Pc-Simulator's breakpoint (benign otherwise)
	mov AL,[RCX]   ; DEBUG:  Prove RCX is OK (if VirtualBox doesn't crash)

	mov RSI,RCX ; Move address of string into RSI
jmp $          ; DEBUG   Infinite loop here (no Guru message if all is OK)
	mov AL,[RSI]   ; DEBUG   Prove RSI is OK (if VirtualBox doesn't crash)

TEST RESULT:  PASS






=== TEST 3 : Prove RCX's value copied into RSI OK  (FAIL) ===========

sv_printf:

	; Called from C++
	; RCX = address of message string

	PUSHAQ
	call get_kh_screen_base 

	; NOTE: RDI is now the screen memory base address
		
	xchg bx,bx     ; DEBUG:  This is just the BOCHS Pc-Simulator's breakpoint (benign otherwise)
	mov AL,[RCX]   ; DEBUG:  Prove RCX is OK (if VirtualBox doesn't crash)

	mov RSI,RCX ; Move address of string into RSI

	mov AL,[RSI]   ; DEBUG   Prove RSI is OK (if VirtualBox doesn't crash)
jmp $          ; DEBUG   Infinite loop here (no Guru message if all is OK)

TEST RESULT:  FAIL





I appreciate this is not a standard guest system, so may not be high priority, however, this system does run on the systems listed above, and it is odd that this 
crashes Virtual Box, which I would quite like to starting using.  Please contact me if you need the image file of the boot floppy disc and instructions.

Thanks for your time,

Jonathan.

",defect,closed,other,VirtualBox 3.0.8,invalid,,,other,Windows