[mirror_edk2.git] / MdePkg / Library / BaseLib / X64 / Thunk16.asm

\r
#include "BaseLibInternals.h"\r
\r
;------------------------------------------------------------------------------\r
;\r
; Copyright (c) 2006 - 2008, Intel Corporation. All rights reserved.<BR>\r
; This program and the accompanying materials\r
; are licensed and made available under the terms and conditions of the BSD License\r
; which accompanies this distribution.  The full text of the license may be found at\r
; http://opensource.org/licenses/bsd-license.php\r
;\r
; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
;\r
; Module Name:\r
;\r
;   Thunk.asm\r
;\r
; Abstract:\r
;\r
;   Real mode thunk\r
;\r
;------------------------------------------------------------------------------\r
\r
EXTERNDEF   m16Start:BYTE\r
EXTERNDEF   m16Size:WORD\r
EXTERNDEF   mThunk16Attr:WORD\r
EXTERNDEF   m16Gdt:WORD\r
EXTERNDEF   m16GdtrBase:WORD\r
EXTERNDEF   mTransition:WORD\r
\r
IA32_REGS   STRUC   4t\r
_EDI        DD      ?\r
_ESI        DD      ?\r
_EBP        DD      ?\r
_ESP        DD      ?\r
_EBX        DD      ?\r
_EDX        DD      ?\r
_ECX        DD      ?\r
_EAX        DD      ?\r
_DS         DW      ?\r
_ES         DW      ?\r
_FS         DW      ?\r
_GS         DW      ?\r
_EFLAGS     DQ      ?\r
_EIP        DD      ?\r
_CS         DW      ?\r
_SS         DW      ?\r
IA32_REGS   ENDS\r
\r
    .const\r
\r
m16Size         DW      InternalAsmThunk16 - m16Start\r
mThunk16Attr    DW      _ThunkAttr - m16Start\r
m16Gdt          DW      _NullSeg - m16Start\r
m16GdtrBase     DW      _16GdtrBase - m16Start\r
mTransition     DW      _EntryPoint - m16Start\r
\r
    .code\r
\r
m16Start    LABEL   BYTE\r
\r
SavedGdt    LABEL   FWORD\r
            DW      ?\r
            DQ      ?\r
\r
;------------------------------------------------------------------------------\r
; _BackFromUserCode() takes control in real mode after 'retf' has been executed\r
; by user code. It will be shadowed to somewhere in memory below 1MB.\r
;------------------------------------------------------------------------------\r
_BackFromUserCode   PROC\r
    ;\r
    ; The order of saved registers on the stack matches the order they appears\r
    ; in IA32_REGS structure. This facilitates wrapper function to extract them\r
    ; into that structure.\r
    ;\r
    ; Some instructions for manipulation of segment registers have to be written\r
    ; in opcode since 64-bit MASM prevents accesses to those registers.\r
    ;\r
    DB      16h                         ; push ss\r
    DB      0eh                         ; push cs\r
    DB      66h\r
    call    @Base                       ; push eip\r
@Base:\r
    DB      66h\r
    push    0                           ; reserved high order 32 bits of EFlags\r
    pushf                               ; pushfd actually\r
    cli                                 ; disable interrupts\r
    push    gs\r
    push    fs\r
    DB      6                           ; push es\r
    DB      1eh                         ; push ds\r
    DB      66h, 60h                    ; pushad\r
    DB      66h, 0bah                   ; mov edx, imm32\r
_ThunkAttr  DD      ?\r
    test    dl, THUNK_ATTRIBUTE_DISABLE_A20_MASK_INT_15\r
    jz      @1\r
    mov     eax, 15cd2401h              ; mov ax, 2401h & int 15h\r
    cli                                 ; disable interrupts\r
    jnc     @2\r
@1:\r
    test    dl, THUNK_ATTRIBUTE_DISABLE_A20_MASK_KBD_CTRL\r
    jz      @2\r
    in      al, 92h\r
    or      al, 2\r
    out     92h, al                     ; deactivate A20M#\r
@2:\r
    mov     eax, ss\r
    lea     bp, [esp + sizeof (IA32_REGS)]\r
    ;\r
    ; rsi in the following 2 instructions is indeed bp in 16-bit code\r
    ;\r
    mov     word ptr (IA32_REGS ptr [rsi - sizeof (IA32_REGS)])._ESP, bp\r
    DB      66h\r
    mov     ebx, (IA32_REGS ptr [rsi - sizeof (IA32_REGS)])._EIP\r
    shl     ax, 4                       ; shl eax, 4\r
    add     bp, ax                      ; add ebp, eax\r
    mov     ax, cs\r
    shl     ax, 4\r
    lea     ax, [eax + ebx + (@64BitCode - @Base)]\r
    DB      66h, 2eh, 89h, 87h          ; mov cs:[bx + (@64Eip - @Base)], eax\r
    DW      @64Eip - @Base\r
    DB      66h, 0b8h                   ; mov eax, imm32\r
SavedCr4    DD      ?\r
    mov     cr4, rax\r
    ;\r
    ; rdi in the instruction below is indeed bx in 16-bit code\r
    ;\r
    DB      66h, 2eh                    ; 2eh is "cs:" segment override\r
    lgdt    fword ptr [rdi + (SavedGdt - @Base)]\r
    DB      66h\r
    mov     ecx, 0c0000080h\r
    rdmsr\r
    or      ah, 1\r
    wrmsr\r
    DB      66h, 0b8h                   ; mov eax, imm32\r
SavedCr0    DD      ?\r
    mov     cr0, rax\r
    DB      66h, 0eah                   ; jmp far cs:@64Bit\r
@64Eip      DD      ?\r
SavedCs     DW      ?\r
@64BitCode:\r
    db      090h \r
    db      067h, 0bch                 ; mov esp, imm32\r
SavedSp     DD   ?                     ; restore stack\r
    nop\r
    ret\r
_BackFromUserCode   ENDP\r
\r
_EntryPoint DD      _ToUserCode - m16Start\r
            DW      CODE16\r
_16Gdtr     LABEL   FWORD\r
            DW      GDT_SIZE - 1\r
_16GdtrBase DQ      _NullSeg\r
_16Idtr     FWORD   (1 SHL 10) - 1\r
\r
;------------------------------------------------------------------------------\r
; _ToUserCode() takes control in real mode before passing control to user code.\r
; It will be shadowed to somewhere in memory below 1MB.\r
;------------------------------------------------------------------------------\r
_ToUserCode PROC\r
    mov     ss, edx                     ; set new segment selectors\r
    mov     ds, edx\r
    mov     es, edx\r
    mov     fs, edx\r
    mov     gs, edx\r
    DB      66h\r
    mov     ecx, 0c0000080h\r
    mov     cr0, rax                    ; real mode starts at next instruction\r
    rdmsr\r
    and     ah, NOT 1\r
    wrmsr\r
    mov     cr4, rbp\r
    mov     ss, esi                     ; set up 16-bit stack segment\r
    mov     sp, bx                      ; set up 16-bit stack pointer\r
    DB      66h                         ; make the following call 32-bit\r
    call    @Base                       ; push eip\r
@Base:\r
    pop     bp                          ; ebp <- address of @Base\r
    push    [esp + sizeof (IA32_REGS) + 2]\r
    lea     eax, [rsi + (@RealMode - @Base)]    ; rsi is "bp" in 16-bit code\r
    push    rax\r
    retf                                ; execution begins at next instruction\r
@RealMode:\r
    DB      66h, 2eh                    ; CS and operand size override\r
    lidt    fword ptr [rsi + (_16Idtr - @Base)]\r
    DB      66h, 61h                    ; popad\r
    DB      1fh                         ; pop ds\r
    DB      07h                         ; pop es\r
    pop     fs\r
    pop     gs\r
    popf                                ; popfd\r
    lea     sp, [esp + 4]               ; skip high order 32 bits of EFlags\r
    DB      66h                         ; make the following retf 32-bit\r
    retf                                ; transfer control to user code\r
_ToUserCode ENDP\r
\r
CODE16  = _16Code - $\r
DATA16  = _16Data - $\r
DATA32  = _32Data - $\r
\r
_NullSeg    DQ      0\r
_16Code     LABEL   QWORD\r
            DW      -1\r
            DW      0\r
            DB      0\r
            DB      9bh\r
            DB      8fh                 ; 16-bit segment, 4GB limit\r
            DB      0\r
_16Data     LABEL   QWORD\r
            DW      -1\r
            DW      0\r
            DB      0\r
            DB      93h\r
            DB      8fh                 ; 16-bit segment, 4GB limit\r
            DB      0\r
_32Data     LABEL   QWORD\r
            DW      -1\r
            DW      0\r
            DB      0\r
            DB      93h\r
            DB      0cfh                ; 16-bit segment, 4GB limit\r
            DB      0\r
\r
GDT_SIZE = $ - _NullSeg\r
\r
;------------------------------------------------------------------------------\r
; IA32_REGISTER_SET *\r
; EFIAPI\r
; InternalAsmThunk16 (\r
;   IN      IA32_REGISTER_SET         *RegisterSet,\r
;   IN OUT  VOID                      *Transition\r
;   );\r
;------------------------------------------------------------------------------\r
InternalAsmThunk16  PROC    USES    rbp rbx rsi rdi\r
    mov     rbx, ds\r
    push    rbx          ; Save ds segment register on the stack\r
    mov     rbx, es\r
    push    rbx          ; Save es segment register on the stack\r
    mov     rbx, ss\r
    push    rbx          ; Save ss segment register on the stack\r
    \r
    push    fs\r
    push    gs\r
    mov     rsi, rcx\r
    movzx   r8d, (IA32_REGS ptr [rsi])._SS\r
    mov     edi, (IA32_REGS ptr [rsi])._ESP\r
    lea     rdi, [edi - (sizeof (IA32_REGS) + 4)]\r
    imul    eax, r8d, 16                ; eax <- r8d(stack segment) * 16\r
    mov     ebx, edi                    ; ebx <- stack for 16-bit code\r
    push    sizeof (IA32_REGS) / 4\r
    add     edi, eax                    ; edi <- linear address of 16-bit stack\r
    pop     rcx\r
    rep     movsd                       ; copy RegSet\r
    lea     ecx, [rdx + (SavedCr4 - m16Start)]\r
    mov     eax, edx                    ; eax <- transition code address\r
    and     edx, 0fh\r
    shl     eax, 12                     ; segment address in high order 16 bits\r
    lea     ax, [rdx + (_BackFromUserCode - m16Start)]  ; offset address\r
    stosd                               ; [edi] <- return address of user code\r
  \r
    sgdt    fword ptr [rsp + 60h]       ; save GDT stack in argument space\r
    movzx   r10, word ptr [rsp + 60h]   ; r10 <- GDT limit \r
    lea     r11, [rcx + (InternalAsmThunk16 - SavedCr4) + 0xf]\r
    and     r11, 0xfffffff0             ; r11 <- 16-byte aligned shadowed GDT table in real mode buffer\r
    \r
    mov     word ptr [rcx + (SavedGdt - SavedCr4)], r10w      ; save the limit of shadowed GDT table\r
    mov     qword ptr [rcx + (SavedGdt - SavedCr4) + 2], r11  ; save the base address of shadowed GDT table\r
    \r
    mov     rsi, qword ptr [rsp + 62h]  ; rsi <- the original GDT base address\r
    xchg    rcx, r10                    ; save rcx to r10 and initialize rcx to be the limit of GDT table\r
    inc     rcx                         ; rcx <- the size of memory to copy\r
    xchg    rdi, r11                    ; save rdi to r11 and initialize rdi to the base address of shadowed GDT table\r
    rep     movsb                       ; perform memory copy to shadow GDT table\r
    mov     rcx, r10                    ; restore the orignal rcx before memory copy\r
    mov     rdi, r11                    ; restore the original rdi before memory copy\r
    \r
    sidt    fword ptr [rsp + 50h]       ; save IDT stack in argument space\r
    mov     rax, cr0\r
    mov     [rcx + (SavedCr0 - SavedCr4)], eax\r
    and     eax, 7ffffffeh              ; clear PE, PG bits\r
    mov     rbp, cr4\r
    mov     [rcx], ebp                  ; save CR4 in SavedCr4\r
    and     ebp, 300h                   ; clear all but PCE and OSFXSR bits\r
    mov     esi, r8d                    ; esi <- 16-bit stack segment\r
    DB      6ah, DATA32                 ; push DATA32\r
    pop     rdx                         ; rdx <- 32-bit data segment selector\r
    lgdt    fword ptr [rcx + (_16Gdtr - SavedCr4)]\r
    mov     ss, edx\r
    pushfq\r
    lea     edx, [rdx + DATA16 - DATA32]\r
    lea     r8, @RetFromRealMode\r
    push    r8\r
    mov     r8d, cs\r
    mov     [rcx + (SavedCs - SavedCr4)], r8w\r
    mov     [rcx + (SavedSp - SavedCr4)], esp\r
    jmp     fword ptr [rcx + (_EntryPoint - SavedCr4)]\r
@RetFromRealMode:\r
    popfq\r
    lgdt    fword ptr [rsp + 60h]       ; restore protected mode GDTR\r
    lidt    fword ptr [rsp + 50h]       ; restore protected mode IDTR\r
    lea     eax, [rbp - sizeof (IA32_REGS)]\r
    pop     gs\r
    pop     fs\r
    pop     rbx\r
    mov     ss, rbx\r
    pop     rbx\r
    mov     es, rbx\r
    pop     rbx\r
    mov     ds, rbx\r
    ret\r
InternalAsmThunk16  ENDP\r
\r
    END\r
Commit	Line	Data
1efcc4ae	1	\r
47fc17d8	2	#include "BaseLibInternals.h"\r
f1baef62	3	\r
	4	;------------------------------------------------------------------------------\r
	5	;\r
bb817c56 HT	6	; Copyright (c) 2006 - 2008, Intel Corporation. All rights reserved.<BR>\r
bb817c56 HT	7	; This program and the accompanying materials\r
f1baef62	8	; are licensed and made available under the terms and conditions of the BSD License\r
	9	; which accompanies this distribution. The full text of the license may be found at\r
	10	; http://opensource.org/licenses/bsd-license.php\r
	11	;\r
	12	; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
	13	; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	14	;\r
	15	; Module Name:\r
	16	;\r
	17	; Thunk.asm\r
	18	;\r
	19	; Abstract:\r
	20	;\r
	21	; Real mode thunk\r
	22	;\r
	23	;------------------------------------------------------------------------------\r
	24	\r
	25	EXTERNDEF m16Start:BYTE\r
	26	EXTERNDEF m16Size:WORD\r
	27	EXTERNDEF mThunk16Attr:WORD\r
	28	EXTERNDEF m16Gdt:WORD\r
	29	EXTERNDEF m16GdtrBase:WORD\r
	30	EXTERNDEF mTransition:WORD\r
	31	\r
	32	IA32_REGS STRUC 4t\r
	33	_EDI DD ?\r
	34	_ESI DD ?\r
	35	_EBP DD ?\r
	36	_ESP DD ?\r
	37	_EBX DD ?\r
	38	_EDX DD ?\r
	39	_ECX DD ?\r
	40	_EAX DD ?\r
	41	_DS DW ?\r
	42	_ES DW ?\r
	43	_FS DW ?\r
	44	_GS DW ?\r
	45	_EFLAGS DQ ?\r
	46	_EIP DD ?\r
	47	_CS DW ?\r
	48	_SS DW ?\r
	49	IA32_REGS ENDS\r
	50	\r
	51	.const\r
	52	\r
	53	m16Size DW InternalAsmThunk16 - m16Start\r
	54	mThunk16Attr DW _ThunkAttr - m16Start\r
	55	m16Gdt DW _NullSeg - m16Start\r
	56	m16GdtrBase DW _16GdtrBase - m16Start\r
	57	mTransition DW _EntryPoint - m16Start\r
	58	\r
	59	.code\r
	60	\r
	61	m16Start LABEL BYTE\r
	62	\r
	63	SavedGdt LABEL FWORD\r
	64	DW ?\r
	65	DQ ?\r
	66	\r
	67	;------------------------------------------------------------------------------\r
	68	; _BackFromUserCode() takes control in real mode after 'retf' has been executed\r
	69	; by user code. It will be shadowed to somewhere in memory below 1MB.\r
	70	;------------------------------------------------------------------------------\r
	71	_BackFromUserCode PROC\r
72	;\r
73	; The order of saved registers on the stack matches the order they appears\r
74	; in IA32_REGS structure. This facilitates wrapper function to extract them\r
75	; into that structure.\r
76	;\r
77	; Some instructions for manipulation of segment registers have to be written\r
78	; in opcode since 64-bit MASM prevents accesses to those registers.\r
79	;\r
80	DB 16h ; push ss\r
81	DB 0eh ; push cs\r
82	DB 66h\r
83	call @Base ; push eip\r
84	@Base:\r
85	DB 66h\r
86	push 0 ; reserved high order 32 bits of EFlags\r
87	pushf ; pushfd actually\r
88	cli ; disable interrupts\r
89	push gs\r
90	push fs\r
91	DB 6 ; push es\r
92	DB 1eh ; push ds\r
93	DB 66h, 60h ; pushad\r
94	DB 66h, 0bah ; mov edx, imm32\r
95	_ThunkAttr DD ?\r
96	test dl, THUNK_ATTRIBUTE_DISABLE_A20_MASK_INT_15\r
97	jz @1\r
98	mov eax, 15cd2401h ; mov ax, 2401h & int 15h\r
99	cli ; disable interrupts\r
100	jnc @2\r
101	@1:\r
102	test dl, THUNK_ATTRIBUTE_DISABLE_A20_MASK_KBD_CTRL\r
103	jz @2\r
104	in al, 92h\r
105	or al, 2\r
106	out 92h, al ; deactivate A20M#\r
107	@2:\r
108	mov eax, ss\r
109	lea bp, [esp + sizeof (IA32_REGS)]\r
110	;\r
111	; rsi in the following 2 instructions is indeed bp in 16-bit code\r
112	;\r
113	mov word ptr (IA32_REGS ptr [rsi - sizeof (IA32_REGS)])._ESP, bp\r
114	DB 66h\r
115	mov ebx, (IA32_REGS ptr [rsi - sizeof (IA32_REGS)])._EIP\r
116	shl ax, 4 ; shl eax, 4\r
117	add bp, ax ; add ebp, eax\r
118	mov ax, cs\r
119	shl ax, 4\r
120	lea ax, [eax + ebx + (@64BitCode - @Base)]\r
121	DB 66h, 2eh, 89h, 87h ; mov cs:[bx + (@64Eip - @Base)], eax\r
122	DW @64Eip - @Base\r
123	DB 66h, 0b8h ; mov eax, imm32\r
124	SavedCr4 DD ?\r
125	mov cr4, rax\r
126	;\r
127	; rdi in the instruction below is indeed bx in 16-bit code\r
128	;\r
129	DB 66h, 2eh ; 2eh is "cs:" segment override\r
130	lgdt fword ptr [rdi + (SavedGdt - @Base)]\r
131	DB 66h\r
132	mov ecx, 0c0000080h\r
133	rdmsr\r
134	or ah, 1\r
135	wrmsr\r
136	DB 66h, 0b8h ; mov eax, imm32\r
137	SavedCr0 DD ?\r
138	mov cr0, rax\r
139	DB 66h, 0eah ; jmp far cs:@64Bit\r
140	@64Eip DD ?\r
141	SavedCs DW ?\r
142	@64BitCode:\r
0fe43214	143	db 090h \r
	144	db 067h, 0bch ; mov esp, imm32\r
	145	SavedSp DD ? ; restore stack\r
	146	nop\r
f1baef62	147	ret\r
	148	_BackFromUserCode ENDP\r
	149	\r
	150	_EntryPoint DD _ToUserCode - m16Start\r
	151	DW CODE16\r
	152	_16Gdtr LABEL FWORD\r
	153	DW GDT_SIZE - 1\r
	154	_16GdtrBase DQ _NullSeg\r
	155	_16Idtr FWORD (1 SHL 10) - 1\r
	156	\r
	157	;------------------------------------------------------------------------------\r
	158	; _ToUserCode() takes control in real mode before passing control to user code.\r
	159	; It will be shadowed to somewhere in memory below 1MB.\r
	160	;------------------------------------------------------------------------------\r
	161	_ToUserCode PROC\r
	162	mov ss, edx ; set new segment selectors\r
	163	mov ds, edx\r
	164	mov es, edx\r
	165	mov fs, edx\r
	166	mov gs, edx\r
	167	DB 66h\r
	168	mov ecx, 0c0000080h\r
	169	mov cr0, rax ; real mode starts at next instruction\r
	170	rdmsr\r
	171	and ah, NOT 1\r
	172	wrmsr\r
	173	mov cr4, rbp\r
	174	mov ss, esi ; set up 16-bit stack segment\r
	175	mov sp, bx ; set up 16-bit stack pointer\r
	176	DB 66h ; make the following call 32-bit\r
	177	call @Base ; push eip\r
	178	@Base:\r
	179	pop bp ; ebp <- address of @Base\r
	180	push [esp + sizeof (IA32_REGS) + 2]\r
	181	lea eax, [rsi + (@RealMode - @Base)] ; rsi is "bp" in 16-bit code\r
	182	push rax\r
	183	retf ; execution begins at next instruction\r
	184	@RealMode:\r
	185	DB 66h, 2eh ; CS and operand size override\r
	186	lidt fword ptr [rsi + (_16Idtr - @Base)]\r
	187	DB 66h, 61h ; popad\r
	188	DB 1fh ; pop ds\r
	189	DB 07h ; pop es\r
	190	pop fs\r
	191	pop gs\r
	192	popf ; popfd\r
	193	lea sp, [esp + 4] ; skip high order 32 bits of EFlags\r
	194	DB 66h ; make the following retf 32-bit\r
	195	retf ; transfer control to user code\r
	196	_ToUserCode ENDP\r
	197	\r
	198	CODE16 = _16Code - $\r
	199	DATA16 = _16Data - $\r
	200	DATA32 = _32Data - $\r
	201	\r
	202	_NullSeg DQ 0\r
	203	_16Code LABEL QWORD\r
	204	DW -1\r
	205	DW 0\r
	206	DB 0\r
	207	DB 9bh\r
	208	DB 8fh ; 16-bit segment, 4GB limit\r
	209	DB 0\r
	210	_16Data LABEL QWORD\r
211	DW -1\r
212	DW 0\r
213	DB 0\r
214	DB 93h\r
215	DB 8fh ; 16-bit segment, 4GB limit\r
216	DB 0\r
217	_32Data LABEL QWORD\r
218	DW -1\r
219	DW 0\r
220	DB 0\r
221	DB 93h\r
222	DB 0cfh ; 16-bit segment, 4GB limit\r
223	DB 0\r
224	\r
225	GDT_SIZE = $ - _NullSeg\r
226	\r
227	;------------------------------------------------------------------------------\r
228	; IA32_REGISTER_SET *\r
229	; EFIAPI\r
230	; InternalAsmThunk16 (\r
231	; IN IA32_REGISTER_SET *RegisterSet,\r
232	; IN OUT VOID *Transition\r
233	; );\r
234	;------------------------------------------------------------------------------\r
235	InternalAsmThunk16 PROC USES rbp rbx rsi rdi\r
0fe43214	236	mov rbx, ds\r
	237	push rbx ; Save ds segment register on the stack\r
	238	mov rbx, es\r
	239	push rbx ; Save es segment register on the stack\r
	240	mov rbx, ss\r
	241	push rbx ; Save ss segment register on the stack\r
	242	\r
f1baef62	243	push fs\r
	244	push gs\r
	245	mov rsi, rcx\r
	246	movzx r8d, (IA32_REGS ptr [rsi])._SS\r
	247	mov edi, (IA32_REGS ptr [rsi])._ESP\r
	248	lea rdi, [edi - (sizeof (IA32_REGS) + 4)]\r
	249	imul eax, r8d, 16 ; eax <- r8d(stack segment) * 16\r
	250	mov ebx, edi ; ebx <- stack for 16-bit code\r
	251	push sizeof (IA32_REGS) / 4\r
	252	add edi, eax ; edi <- linear address of 16-bit stack\r
	253	pop rcx\r
	254	rep movsd ; copy RegSet\r
	255	lea ecx, [rdx + (SavedCr4 - m16Start)]\r
	256	mov eax, edx ; eax <- transition code address\r
	257	and edx, 0fh\r
	258	shl eax, 12 ; segment address in high order 16 bits\r
	259	lea ax, [rdx + (_BackFromUserCode - m16Start)] ; offset address\r
	260	stosd ; [edi] <- return address of user code\r
a1487801	261	\r
	262	sgdt fword ptr [rsp + 60h] ; save GDT stack in argument space\r
	263	movzx r10, word ptr [rsp + 60h] ; r10 <- GDT limit \r
	264	lea r11, [rcx + (InternalAsmThunk16 - SavedCr4) + 0xf]\r
	265	and r11, 0xfffffff0 ; r11 <- 16-byte aligned shadowed GDT table in real mode buffer\r
	266	\r
	267	mov word ptr [rcx + (SavedGdt - SavedCr4)], r10w ; save the limit of shadowed GDT table\r
	268	mov qword ptr [rcx + (SavedGdt - SavedCr4) + 2], r11 ; save the base address of shadowed GDT table\r
	269	\r
	270	mov rsi, qword ptr [rsp + 62h] ; rsi <- the original GDT base address\r
	271	xchg rcx, r10 ; save rcx to r10 and initialize rcx to be the limit of GDT table\r
	272	inc rcx ; rcx <- the size of memory to copy\r
	273	xchg rdi, r11 ; save rdi to r11 and initialize rdi to the base address of shadowed GDT table\r
	274	rep movsb ; perform memory copy to shadow GDT table\r
	275	mov rcx, r10 ; restore the orignal rcx before memory copy\r
	276	mov rdi, r11 ; restore the original rdi before memory copy\r
	277	\r
0fe43214	278	sidt fword ptr [rsp + 50h] ; save IDT stack in argument space\r
f1baef62	279	mov rax, cr0\r
	280	mov [rcx + (SavedCr0 - SavedCr4)], eax\r
	281	and eax, 7ffffffeh ; clear PE, PG bits\r
	282	mov rbp, cr4\r
	283	mov [rcx], ebp ; save CR4 in SavedCr4\r
	284	and ebp, 300h ; clear all but PCE and OSFXSR bits\r
	285	mov esi, r8d ; esi <- 16-bit stack segment\r
	286	DB 6ah, DATA32 ; push DATA32\r
	287	pop rdx ; rdx <- 32-bit data segment selector\r
	288	lgdt fword ptr [rcx + (_16Gdtr - SavedCr4)]\r
	289	mov ss, edx\r
	290	pushfq\r
	291	lea edx, [rdx + DATA16 - DATA32]\r
	292	lea r8, @RetFromRealMode\r
	293	push r8\r
	294	mov r8d, cs\r
	295	mov [rcx + (SavedCs - SavedCr4)], r8w\r
0fe43214	296	mov [rcx + (SavedSp - SavedCr4)], esp\r
f1baef62	297	jmp fword ptr [rcx + (_EntryPoint - SavedCr4)]\r
	298	@RetFromRealMode:\r
	299	popfq\r
a1487801	300	lgdt fword ptr [rsp + 60h] ; restore protected mode GDTR\r
0fe43214	301	lidt fword ptr [rsp + 50h] ; restore protected mode IDTR\r
f1baef62	302	lea eax, [rbp - sizeof (IA32_REGS)]\r
	303	pop gs\r
	304	pop fs\r
0fe43214	305	pop rbx\r
	306	mov ss, rbx\r
	307	pop rbx\r
	308	mov es, rbx\r
	309	pop rbx\r
	310	mov ds, rbx\r
f1baef62	311	ret\r
	312	InternalAsmThunk16 ENDP\r
	313	\r
	314	END\r