Need help with own PXE/bootloader and SDI images

[Yann Blue]

Hi,

For specific needs, I have to make my own bootloader to boot a SDI
image.
I used the white paper "RAM Boot Using SDI in Windows XP Embedded with
Service Pack 1" from Saad Syed.

Everything seems to work correctly until jumping to 07c00h adress to
run startrom.com, at this point, the system hangs with the following
text:

Press F12 for network service boot.


Details:
--------

I begin with a SDI file tested with the classic Remote Boot procedure
(download of startrom.n12, download of sdi image, progress bar,
booting...). I add the BOOT and LOAD parts as suggested in the white
paper. At last, I pack it. When I run sdimgr on the final image, I get
the following result:

Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

SDI File Manager version 1.00.621
Copyright (C) 1999-2001 Microsoft Corp. All Rights Reserved.

SDI File : C:\image.sdi
MDB Type : ---
Boot Code Offset : 0x00000000.00001000
Boot Code Size : 0x00000000.00005EC2
Vendor ID : 0x0000 (0)
Device ID : 0x0000 (0)
Device Model : {00000000-0000-0000-0000-000000000000}
Device Role : 0
Runtime GUID : {00000000-0000-0000-0000-000000000000}
Runtime OEM Rev : 0
Page Alignment : 1 (4096 bytes)

Type Offset Size Base Address Attr
---- ------------------- ------------------- -------------------
----------
BOOT 0x00000000.00001000 0x00000000.00005EC2 0x00000000.00000000
0x00000000
PART 0x00000000.00007000 0x00000000.0F324000 0x00000000.00000007
0x00000000
LOAD 0x00000000.0F32B000 0x00000000.00034400 0x00000000.00000000
0x00000000

My bootloader downloads this sdi image in high memory (above 0200000h
as suggested somewhere in this forum because of NTLDR cloberring),
then I copy the boot code (from offset 01000h and size of 05EC2h) at
07c00h.

In real mode, before jumping to 07c00h, I prepare esp and ss:
mov ax,30
mov ss,ax
mov esp,0100h

I put the SDI header address in edx and jump to 07c00h, but the system
is not loading, instead, the system hangs with the text 'Press F12 for
network service boot.". There is a cursor on the following line.
(Pressing F12 does nothing).

Does someone have an idea what I made wrong ? I really need this to
work but can't find the issue.

P.S:
- If I use reboot.com instead of startrom.com, the system unload pxe
and reboots normally.
- The initial sdi image (before adding BOOT and LOAD PART) works fine
with the same system and classic Remote Boot.
- I get the same result if I put a false SDI address in edx before
jumping to 07c00h, so I don't think startrom.com comes to this point ?

Thanks in advance for your help.

Y. Blue

 

[Slobodan Brcin \(eMVP\)]

Hi Yann,

1. You never mentioned location of your code. Did you reallocate it away from segment 7c00?
2. You can find my working code for custom SDI boot in this NG.
3. I can't remember but I think that I'm using addresses above 4MB. 0400000h. Two MB is too close to beginning of mem.
4. You never mentioned mechanism that you use to load data in memory above 1MB.
5. Make sure that your image is working fine after adding BOOT and LOAD blobs. Change offset address of PART in boot.ini.
6. Make sure that you are in real mode before doing the final jump.

Regards,
Slobodan

 

[Yann Blue]

Hi Yann,

1. You never mentioned location of your code. Did you reallocate it
away from segment 7c00?

My code is initially at location 07c00h, so I effectively reallocate the
last part (which copy from/to highmem then jump to 07c00h) at 01000h
before running it.

2. You can find my working code for custom SDI boot in this NG.

The code I found from you boot from a CD, mine use PXE to
download the SDI image, it is however very usefull, thanks for that.

3. I can't remember but I think that I'm using addresses above 4MB.
0400000h. Two MB is too close to beginning of mem.

I changed my code to use 0400000h but the result is the same.

4. You never mentioned mechanism that you use to load data in memory
above 1MB.

I use protected mode to copy data in high memory. I've read how you do it
with int vector, but I already had code to do it in
protected mode.

5. Make sure that your image is working fine after adding BOOT and
LOAD blobs. Change offset address of PART in boot.ini.

My image is working fine with BOOT and LOAD blobs, I just changed the
offset to 28672 (07000h) as advised by you.

6. Make sure that you are in real mode before doing the final jump.

I am in protected mode, but I don't know if I do enough: I re-enable
interrupts then put esp and ss as said previously, is it sufficient ?

I would like to know if I'm stucked in the startrom.com part, the
NTLDR one or the PART one. Does NTLDR display something before booting the
system ?

Thanks a lot for you help

Y. Blue

 

[Slobodan Brcin \(eMVP\)]

1. You never mentioned location of your code. Did you reallocate it

My code is initially at location 07c00h, so I effectively reallocate the
last part (which copy from/to highmem then jump to 07c00h) at 01000h
before running it.

I did not understand this answer:
Did you reallocate your code at 0100h:0000h address before you switched to protected mode? You should do that.
Also don't go so low in memory you should better stick little lower than 7c00h 512 bytes lower.
Also you need to initialize stack at the beginning of your code for your internal use not for use by startrom it should do it by
itself when you transfer control to it.

I use protected mode to copy data in high memory. I've read how you do it
with int vector, but I already had code to do it in
protected mode.

I used protected mode very long time ago when I was very young and was writing my simple OS. (Before the days of Windows 95).
I hope that you know what you are doing (or trust code you have) and that you switch correctly back and forth between protected and
real mode.


6. You must ensure that you are NOT IN PROTECTED MODE. Also you must restore all segments/selectors you used so they have 64K limits
etc.
Only after you make sure that you left in perfect order (Like that you never gone to protected mode) only then you should jump to
7c00h. (Otherwise what can happen is unpredictable)

Make sure that you do things right in step 6.

I would like to know if I'm stucked in the startrom.com part, the
NTLDR one or the PART one.

This is tough one to detect.

Does NTLDR display something before booting the system ?

I can't remember it was a while ago.

Best regards,
Slobodan

 

[Yann Blue]

On Sun, 27 Jun 2004 04:18:41 +0200, Slobodan Brcin (eMVP) wrote:

Ok , thanks, I found some errors. The issue didn't seem to be in the
real/protected mode switch but I didn't clean properly the vga stuff I
used before jumping. I think I'm closer to my aim, but unfortunatly, I now
get:

Invalid BOOT.INI File
Booting from C:\windows\
NTDETECT failed

However, I have a boot.ini file in the root directory of the SDI image
with:
[boot loader]
default=ramdisk(0)\WINDOWS
[operating systems]
ramdisk(0)\WINDOWS="Windows XPE From RAM" /fastdetect

as said in the white paper.

I searched in this group for related issues but didn't find anything
similar to my problem.
I put also the ntdetect.com file in the root directory.

What could be wrong ? I think I might use a bad NTLDR file ? (Mine is
214016 bytes long).

Thanks for being so active on this group Slobodan Brcin \(eMVP\).
Y. Blue

PS: Where do you think I am in the booting process ? (NTLDR ?)

 

[Slobodan Brcin \(eMVP\)]

Hi Yann,

Where do you think I am in the booting process ? (NTLDR ?)

So far you know that you successfully relinquished control, and that SDI is loaded in memory where it is expected.

Invalid BOOT.INI File
Booting from C:\windows\
NTDETECT failed

This errors are reported by ntldr. so you know that it at least started executing.

What XPe service pack do you use?

Anyhow 214016 is too short for SP1 or newer releases. Please search in xpe repository for some ntldr with newer date.

233632 bytes long or bigger. (You probably should not use ewfntldr)

Best regards,
Slobodan

On Sun, 27 Jun 2004 04:18:41 +0200, Slobodan Brcin (eMVP) wrote:

Ok , thanks, I found some errors. The issue didn't seem to be in the
real/protected mode switch but I didn't clean properly the vga stuff I
used before jumping. I think I'm closer to my aim, but unfortunatly, I now
get:

Invalid BOOT.INI File
Booting from C:\windows\
NTDETECT failed

However, I have a boot.ini file in the root directory of the SDI image
with:
[boot loader]
default=ramdisk(0)\WINDOWS
[operating systems]
ramdisk(0)\WINDOWS="Windows XPE From RAM" /fastdetect

as said in the white paper.

I searched in this group for related issues but didn't find anything
similar to my problem.
I put also the ntdetect.com file in the root directory.

What could be wrong ? I think I might use a bad NTLDR file ? (Mine is
214016 bytes long).

Thanks for being so active on this group Slobodan Brcin \(eMVP\).
Y. Blue

PS: Where do you think I am in the booting process ? (NTLDR ?)

I did not understand this answer:
Did you reallocate your code at 0100h:0000h address before you switched to protected mode? You should do that.
Also don't go so low in memory you should better stick little lower than 7c00h 512 bytes lower.
Also you need to initialize stack at the beginning of your code for your internal use not for use by startrom it should do it by
itself when you transfer control to it.


I used protected mode very long time ago when I was very young and was writing my simple OS. (Before the days of Windows 95).
I hope that you know what you are doing (or trust code you have) and that you switch correctly back and forth between protected and
real mode.


6. You must ensure that you are NOT IN PROTECTED MODE. Also you must restore all segments/selectors you used so they have 64K limits
etc.
Only after you make sure that you left in perfect order (Like that you never gone to protected mode) only then you should jump to
7c00h. (Otherwise what can happen is unpredictable)

Make sure that you do things right in step 6.


This is tough one to detect.


I can't remember it was a while ago.

Best regards,
Slobodan

 

[Yann Blue]

So far you know that you successfully relinquished control, and that SDI is loaded in memory where it is expected.

Good news, I will think of this as a progress S:

What XPe service pack do you use?

I use SP1 of Windows Embedded.

I tried with the NTLDR present on SP1, the one with a size of 233632 bytes.
Unfortunately, I now get a black screen. I thought I was cleaning
protected mode and everything else properly, but now, I doubt... (The
image still boot properly with classic Remote Boot and adjusted offset in
boot.ini).

Y. Blue

Hi Yann,233632

Where do you think I am in the booting process ? (NTLDR233632 ?)

So far you know that you successfully relinquished control, and that SDI is loaded in memory where it is expected.

Invalid BOOT.INI File233632
Booting from C:\windows\
NTDETECT failed

This errors are reported by ntldr. so you know that it at least started executing.

What XPe service pack do you use?

Anyhow 214016 is too short for SP1 or newer releases. Please search in xpe repository for some ntldr with newer date.

233632 bytes long or bigger. (You probably should not use ewfntldr)

Best regards,
Slobodan

On Sun, 27 Jun 2004 04:18:41 +0200, Slobodan Brcin (eMVP) wrote:

Ok , thanks, I found some errors. The issue didn't seem to be in the
real/protected mode switch but I didn't clean properly the vga stuff I
used before jumping. I think I'm closer to my aim, but unfortunatly, I now
get:

Invalid BOOT.INI File
Booting from C:\windows\
NTDETECT failed

However, I have a boot.ini file in the root directory of the SDI image
with:
[boot loader]
default=ramdisk(0)\WINDOWS
[operating systems]
ramdisk(0)\WINDOWS="Windows XPE From RAM" /fastdetect

as said in the white paper.

I searched in this group for related issues but didn't find anything
similar to my problem.
I put also the ntdetect.com file in the root directory.

What could be wrong ? I think I might use a bad NTLDR file ? (Mine is
214016 bytes long).

Thanks for being so active on this group Slobodan Brcin \(eMVP\).
Y. Blue

PS: Where do you think I am in the booting process ? (NTLDR ?)

1. You never mentioned location of your code. Did you reallocate it
away from segment 7c00?

My code is initially at location 07c00h, so I effectively reallocate the
last part (which copy from/to highmem then jump to 07c00h) at 01000h
before running it.

I did not understand this answer:
Did you reallocate your code at 0100h:0000h address before you switched to protected mode? You should do that.
Also don't go so low in memory you should better stick little lower than 7c00h 512 bytes lower.
Also you need to initialize stack at the beginning of your code for your internal use not for use by startrom it should do it by
itself when you transfer control to it.

4. You never mentioned mechanism that you use to load data in memory
above 1MB.

I use protected mode to copy data in high memory. I've read how you do it
with int vector, but I already had code to do it in
protected mode.

I used protected mode very long time ago when I was very young and was writing my simple OS. (Before the days of Windows 95).
I hope that you know what you are doing (or trust code you have) and that you switch correctly back and forth between protected and
real mode.


6. You must ensure that you are NOT IN PROTECTED MODE. Also you must restore all segments/selectors you used so they have 64K limits
etc.
Only after you make sure that you left in perfect order (Like that you never gone to protected mode) only then you should jump to
7c00h. (Otherwise what can happen is unpredictable)

Make sure that you do things right in step 6.

I would like to know if I'm stucked in the startrom.com part, the
NTLDR one or the PART one.

This is tough one to detect.

Does NTLDR display something before booting the system ?

I can't remember it was a while ago.

Best regards,
Slobodan


On Sat, 26 Jun 2004 21:04:15 +0200, Slobodan Brcin (eMVP) wrote:

Hi Yann,

1. You never mentioned location of your code. Did you reallocate it
away from segment 7c00?

My code is initially at location 07c00h, so I effectively reallocate the
last part (which copy from/to highmem then jump to 07c00h) at 01000h
before running it.

2. You can find my working code for custom SDI boot in this NG.

The code I found from you boot from a CD, mine use PXE to
download the SDI image, it is however very usefull, thanks for that.

3. I can't remember but I think that I'm using addresses above 4MB.
0400000h. Two MB is too close to beginning of mem.

I changed my code to use 0400000h but the result is the same.

4. You never mentioned mechanism that you use to load data in memory
above 1MB.

I use protected mode to copy data in high memory. I've read how you do it
with int vector, but I already had code to do it in
protected mode.

5. Make sure that your image is working fine after adding BOOT and
LOAD blobs. Change offset address of PART in boot.ini.

My image is working fine with BOOT and LOAD blobs, I just changed the
offset to 28672 (07000h) as advised by you.

6. Make sure that you are in real mode before doing the final jump.

I am in protected mode, but I don't know if I do enough: I re-enable
interrupts then put esp and ss as said previously, is it sufficient ?

I would like to know if I'm stucked in the startrom.com part, the
NTLDR one or the PART one. Does NTLDR display something before booting the
system ?

Thanks a lot for you help

Y. Blue


Regards,
Slobodan



For specific needs, I have to make my own bootloader to boot a SDI
image.
I used the white paper "RAM Boot Using SDI in Windows XP Embedded with
Service Pack 1" from Saad Syed.

Everything seems to work correctly until jumping to 07c00h adress to
run startrom.com, at this point, the system hangs with the following
text:

Press F12 for network service boot.


Details:
--------

I begin with a SDI file tested with the classic Remote Boot procedure
(download of startrom.n12, download of sdi image, progress bar,
booting...). I add the BOOT and LOAD parts as suggested in the white
paper. At last, I pack it. When I run sdimgr on the final image, I get
the following result:

Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

SDI File Manager version 1.00.621
Copyright (C) 1999-2001 Microsoft Corp. All Rights Reserved.

SDI File : C:\image.sdi
MDB Type : ---
Boot Code Offset : 0x00000000.00001000
Boot Code Size : 0x00000000.00005EC2
Vendor ID : 0x0000 (0)
Device ID : 0x0000 (0)
Device Model : {00000000-0000-0000-0000-000000000000}
Device Role : 0
Runtime GUID : {00000000-0000-0000-0000-000000000000}
Runtime OEM Rev : 0
Page Alignment : 1 (4096 bytes)

Type Offset Size Base Address Attr
---- ------------------- ------------------- -------------------
----------
BOOT 0x00000000.00001000 0x00000000.00005EC2 0x00000000.00000000
0x00000000
PART 0x00000000.00007000 0x00000000.0F324000 0x00000000.00000007
0x00000000
LOAD 0x00000000.0F32B000 0x00000000.00034400 0x00000000.00000000
0x00000000

My bootloader downloads this sdi image in high memory (above 0200000h
as suggested somewhere in this forum because of NTLDR cloberring),
then I copy the boot code (from offset 01000h and size of 05EC2h) at
07c00h.

In real mode, before jumping to 07c00h, I prepare esp and ss:
mov ax,30
mov ss,ax
mov esp,0100h

I put the SDI header address in edx and jump to 07c00h, but the system
is not loading, instead, the system hangs with the text 'Press F12 for
network service boot.". There is a cursor on the following line.
(Pressing F12 does nothing).

Does someone have an idea what I made wrong ? I really need this to
work but can't find the issue.

P.S:
- If I use reboot.com instead of startrom.com, the system unload pxe
and reboots normally.
- The initial sdi image (before adding BOOT and LOAD PART) works fine
with the same system and classic Remote Boot.
- I get the same result if I put a false SDI address in edx before
jumping to 07c00h, so I don't think startrom.com comes to this point ?

Thanks in advance for your help.

Y. Blue

 

[Slobodan Brcin \(eMVP\)]

Hi Yann,

Why do you need protected mode switches?
If you can try BIOS copy function to copy memory to addresses above 1MB. In that way you will not have to mess with PM.

Regards,
Slobodan

So far you know that you successfully relinquished control, and that SDI is loaded in memory where it is expected.

Good news, I will think of this as a progress S:

What XPe service pack do you use?

I use SP1 of Windows Embedded.

I tried with the NTLDR present on SP1, the one with a size of 233632 bytes.
Unfortunately, I now get a black screen. I thought I was cleaning
protected mode and everything else properly, but now, I doubt... (The
image still boot properly with classic Remote Boot and adjusted offset in
boot.ini).

Y. Blue

Hi Yann,233632

Where do you think I am in the booting process ? (NTLDR233632 ?)

So far you know that you successfully relinquished control, and that SDI is loaded in memory where it is expected.

Invalid BOOT.INI File233632
Booting from C:\windows\
NTDETECT failed

This errors are reported by ntldr. so you know that it at least started executing.

What XPe service pack do you use?

Anyhow 214016 is too short for SP1 or newer releases. Please search in xpe repository for some ntldr with newer date.

233632 bytes long or bigger. (You probably should not use ewfntldr)

Best regards,
Slobodan

On Sun, 27 Jun 2004 04:18:41 +0200, Slobodan Brcin (eMVP) wrote:

Ok , thanks, I found some errors. The issue didn't seem to be in the
real/protected mode switch but I didn't clean properly the vga stuff I
used before jumping. I think I'm closer to my aim, but unfortunatly, I now
get:

Invalid BOOT.INI File
Booting from C:\windows\
NTDETECT failed

However, I have a boot.ini file in the root directory of the SDI image
with:
[boot loader]
default=ramdisk(0)\WINDOWS
[operating systems]
ramdisk(0)\WINDOWS="Windows XPE From RAM" /fastdetect

as said in the white paper.

I searched in this group for related issues but didn't find anything
similar to my problem.
I put also the ntdetect.com file in the root directory.

What could be wrong ? I think I might use a bad NTLDR file ? (Mine is
214016 bytes long).

Thanks for being so active on this group Slobodan Brcin \(eMVP\).
Y. Blue

PS: Where do you think I am in the booting process ? (NTLDR ?)

1. You never mentioned location of your code. Did you reallocate it
away from segment 7c00?

My code is initially at location 07c00h, so I effectively reallocate the
last part (which copy from/to highmem then jump to 07c00h) at 01000h
before running it.

I did not understand this answer:
Did you reallocate your code at 0100h:0000h address before you switched to protected mode? You should do that.
Also don't go so low in memory you should better stick little lower than 7c00h 512 bytes lower.
Also you need to initialize stack at the beginning of your code for your internal use not for use by startrom it should do it by
itself when you transfer control to it.

4. You never mentioned mechanism that you use to load data in memory
above 1MB.

I use protected mode to copy data in high memory. I've read how you do it
with int vector, but I already had code to do it in
protected mode.

I used protected mode very long time ago when I was very young and was writing my simple OS. (Before the days of Windows 95).
I hope that you know what you are doing (or trust code you have) and that you switch correctly back and forth between

protected
and

real mode.


6. You must ensure that you are NOT IN PROTECTED MODE. Also you must restore all segments/selectors you used so they have 64K limits
etc.
Only after you make sure that you left in perfect order (Like that you never gone to protected mode) only then you should

jump
to

7c00h. (Otherwise what can happen is unpredictable)

Make sure that you do things right in step 6.

I would like to know if I'm stucked in the startrom.com part, the
NTLDR one or the PART one.

This is tough one to detect.

Does NTLDR display something before booting the system ?

I can't remember it was a while ago.

Best regards,
Slobodan


On Sat, 26 Jun 2004 21:04:15 +0200, Slobodan Brcin (eMVP) wrote:

Hi Yann,

1. You never mentioned location of your code. Did you reallocate it
away from segment 7c00?

My code is initially at location 07c00h, so I effectively reallocate the
last part (which copy from/to highmem then jump to 07c00h) at 01000h
before running it.

2. You can find my working code for custom SDI boot in this NG.

The code I found from you boot from a CD, mine use PXE to
download the SDI image, it is however very usefull, thanks for that.

3. I can't remember but I think that I'm using addresses above 4MB.
0400000h. Two MB is too close to beginning of mem.

I changed my code to use 0400000h but the result is the same.

4. You never mentioned mechanism that you use to load data in memory
above 1MB.

I use protected mode to copy data in high memory. I've read how you do it
with int vector, but I already had code to do it in
protected mode.

5. Make sure that your image is working fine after adding BOOT and
LOAD blobs. Change offset address of PART in boot.ini.

My image is working fine with BOOT and LOAD blobs, I just changed the
offset to 28672 (07000h) as advised by you.

6. Make sure that you are in real mode before doing the final jump.

I am in protected mode, but I don't know if I do enough: I re-enable
interrupts then put esp and ss as said previously, is it sufficient ?

I would like to know if I'm stucked in the startrom.com part, the
NTLDR one or the PART one. Does NTLDR display something before booting the
system ?

Thanks a lot for you help

Y. Blue


Regards,
Slobodan



For specific needs, I have to make my own bootloader to boot a SDI
image.
I used the white paper "RAM Boot Using SDI in Windows XP Embedded with
Service Pack 1" from Saad Syed.

Everything seems to work correctly until jumping to 07c00h adress to
run startrom.com, at this point, the system hangs with the following
text:

Press F12 for network service boot.


Details:
--------

I begin with a SDI file tested with the classic Remote Boot procedure
(download of startrom.n12, download of sdi image, progress bar,
booting...). I add the BOOT and LOAD parts as suggested in the white
paper. At last, I pack it. When I run sdimgr on the final image, I get
the following result:

Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

SDI File Manager version 1.00.621
Copyright (C) 1999-2001 Microsoft Corp. All Rights Reserved.

SDI File : C:\image.sdi
MDB Type : ---
Boot Code Offset : 0x00000000.00001000
Boot Code Size : 0x00000000.00005EC2
Vendor ID : 0x0000 (0)
Device ID : 0x0000 (0)
Device Model : {00000000-0000-0000-0000-000000000000}
Device Role : 0
Runtime GUID : {00000000-0000-0000-0000-000000000000}
Runtime OEM Rev : 0
Page Alignment : 1 (4096 bytes)

Type Offset Size Base Address Attr
---- ------------------- ------------------- -------------------
----------
BOOT 0x00000000.00001000 0x00000000.00005EC2 0x00000000.00000000
0x00000000
PART 0x00000000.00007000 0x00000000.0F324000 0x00000000.00000007
0x00000000
LOAD 0x00000000.0F32B000 0x00000000.00034400 0x00000000.00000000
0x00000000

My bootloader downloads this sdi image in high memory (above 0200000h
as suggested somewhere in this forum because of NTLDR cloberring),
then I copy the boot code (from offset 01000h and size of 05EC2h) at
07c00h.

In real mode, before jumping to 07c00h, I prepare esp and ss:
mov ax,30
mov ss,ax
mov esp,0100h

I put the SDI header address in edx and jump to 07c00h, but the system
is not loading, instead, the system hangs with the text 'Press F12 for
network service boot.". There is a cursor on the following line.
(Pressing F12 does nothing).

Does someone have an idea what I made wrong ? I really need this to
work but can't find the issue.

P.S:
- If I use reboot.com instead of startrom.com, the system unload pxe
and reboots normally.
- The initial sdi image (before adding BOOT and LOAD PART) works fine
with the same system and classic Remote Boot.
- I get the same result if I put a false SDI address in edx before
jumping to 07c00h, so I don't think startrom.com comes to this point ?

Thanks in advance for your help.

Y. Blue

 

[Yann Blue]

On Mon, 28 Jun 2004 22:54:37 +0200, Slobodan Brcin (eMVP) wrote:

Hi,

Ok, this time, I am really desperate of getting this to work.

I replaced my protected mode function by one using the int 15h 87h bios
call, but I still get the same result: black screen (If I change the edx
value (SDI address) before jumping to 7C00h, I get "corrupt NTLDR), so I
must be in NTLDR).

Something must be wrong with my combination of
startrom.com/NTLDR/ntdetect.com or perhaps I don't prepare the stack and
segment registers correctly ?
My image is still booting correctly with
classic Remote Boot method and offset adjusted to 7000h (28672). I really
don't understand, do you have an idea ?

startrom.com: 24258 bytes
NTLDR: 233632 bytes
ntdetect.com: 47580 bytes

Best regards
Y. Blue

Hi Yann,

Why do you need protected mode switches?
If you can try BIOS copy function to copy memory to addresses above 1MB. In that way you will not have to mess with PM.

Regards,
Slobodan

So far you know that you successfully relinquished control, and that SDI is loaded in memory where it is expected.

Good news, I will think of this as a progress S:

What XPe service pack do you use?

I use SP1 of Windows Embedded.

I tried with the NTLDR present on SP1, the one with a size of 233632 bytes.
Unfortunately, I now get a black screen. I thought I was cleaning
protected mode and everything else properly, but now, I doubt... (The
image still boot properly with classic Remote Boot and adjusted offset in
boot.ini).

Y. Blue

Hi Yann,233632

Where do you think I am in the booting process ? (NTLDR233632 ?)

So far you know that you successfully relinquished control, and that SDI is loaded in memory where it is expected.

Invalid BOOT.INI File233632
Booting from C:\windows\
NTDETECT failed

This errors are reported by ntldr. so you know that it at least started executing.

What XPe service pack do you use?

Anyhow 214016 is too short for SP1 or newer releases. Please search in xpe repository for some ntldr with newer date.

233632 bytes long or bigger. (You probably should not use ewfntldr)

Best regards,
Slobodan

On Sun, 27 Jun 2004 04:18:41 +0200, Slobodan Brcin (eMVP) wrote:

Ok , thanks, I found some errors. The issue didn't seem to be in the
real/protected mode switch but I didn't clean properly the vga stuff I
used before jumping. I think I'm closer to my aim, but unfortunatly, I now
get:

Invalid BOOT.INI File
Booting from C:\windows\
NTDETECT failed

However, I have a boot.ini file in the root directory of the SDI image
with:
[boot loader]
default=ramdisk(0)\WINDOWS
[operating systems]
ramdisk(0)\WINDOWS="Windows XPE From RAM" /fastdetect

as said in the white paper.

I searched in this group for related issues but didn't find anything
similar to my problem.
I put also the ntdetect.com file in the root directory.

What could be wrong ? I think I might use a bad NTLDR file ? (Mine is
214016 bytes long).

Thanks for being so active on this group Slobodan Brcin \(eMVP\).
Y. Blue

PS: Where do you think I am in the booting process ? (NTLDR ?)

1. You never mentioned location of your code. Did you reallocate it
away from segment 7c00?

My code is initially at location 07c00h, so I effectively reallocate the
last part (which copy from/to highmem then jump to 07c00h) at 01000h
before running it.

I did not understand this answer:
Did you reallocate your code at 0100h:0000h address before you switched to protected mode? You should do that.
Also don't go so low in memory you should better stick little lower than 7c00h 512 bytes lower.
Also you need to initialize stack at the beginning of your code for your internal use not for use by startrom it should do it by
itself when you transfer control to it.

4. You never mentioned mechanism that you use to load data in memory
above 1MB.

I use protected mode to copy data in high memory. I've read how you do it
with int vector, but I already had code to do it in
protected mode.

I used protected mode very long time ago when I was very young and was writing my simple OS. (Before the days of Windows 95).
I hope that you know what you are doing (or trust code you have) and that you switch correctly back and forth between protected
and
real mode.


6. You must ensure that you are NOT IN PROTECTED MODE. Also you must restore all segments/selectors you used so they have 64K
limits
etc.
Only after you make sure that you left in perfect order (Like that you never gone to protected mode) only then you should jump
to
7c00h. (Otherwise what can happen is unpredictable)

Make sure that you do things right in step 6.

I would like to know if I'm stucked in the startrom.com part, the
NTLDR one or the PART one.

This is tough one to detect.

Does NTLDR display something before booting the system ?

I can't remember it was a while ago.

Best regards,
Slobodan


On Sat, 26 Jun 2004 21:04:15 +0200, Slobodan Brcin (eMVP) wrote:

Hi Yann,

1. You never mentioned location of your code. Did you reallocate it
away from segment 7c00?

My code is initially at location 07c00h, so I effectively reallocate the
last part (which copy from/to highmem then jump to 07c00h) at 01000h
before running it.

2. You can find my working code for custom SDI boot in this NG.

The code I found from you boot from a CD, mine use PXE to
download the SDI image, it is however very usefull, thanks for that.

3. I can't remember but I think that I'm using addresses above 4MB.
0400000h. Two MB is too close to beginning of mem.

I changed my code to use 0400000h but the result is the same.

4. You never mentioned mechanism that you use to load data in memory
above 1MB.

I use protected mode to copy data in high memory. I've read how you do it
with int vector, but I already had code to do it in
protected mode.

5. Make sure that your image is working fine after adding BOOT and
LOAD blobs. Change offset address of PART in boot.ini.

My image is working fine with BOOT and LOAD blobs, I just changed the
offset to 28672 (07000h) as advised by you.

6. Make sure that you are in real mode before doing the final jump.

I am in protected mode, but I don't know if I do enough: I re-enable
interrupts then put esp and ss as said previously, is it sufficient ?

I would like to know if I'm stucked in the startrom.com part, the
NTLDR one or the PART one. Does NTLDR display something before booting the
system ?

Thanks a lot for you help

Y. Blue


Regards,
Slobodan



For specific needs, I have to make my own bootloader to boot a SDI
image.
I used the white paper "RAM Boot Using SDI in Windows XP Embedded with
Service Pack 1" from Saad Syed.

Everything seems to work correctly until jumping to 07c00h adress to
run startrom.com, at this point, the system hangs with the following
text:

Press F12 for network service boot.


Details:
--------

I begin with a SDI file tested with the classic Remote Boot procedure
(download of startrom.n12, download of sdi image, progress bar,
booting...). I add the BOOT and LOAD parts as suggested in the white
paper. At last, I pack it. When I run sdimgr on the final image, I get
the following result:

Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

SDI File Manager version 1.00.621
Copyright (C) 1999-2001 Microsoft Corp. All Rights Reserved.

SDI File : C:\image.sdi
MDB Type : ---
Boot Code Offset : 0x00000000.00001000
Boot Code Size : 0x00000000.00005EC2
Vendor ID : 0x0000 (0)
Device ID : 0x0000 (0)
Device Model : {00000000-0000-0000-0000-000000000000}
Device Role : 0
Runtime GUID : {00000000-0000-0000-0000-000000000000}
Runtime OEM Rev : 0
Page Alignment : 1 (4096 bytes)

Type Offset Size Base Address Attr
---- ------------------- ------------------- -------------------
----------
BOOT 0x00000000.00001000 0x00000000.00005EC2 0x00000000.00000000
0x00000000
PART 0x00000000.00007000 0x00000000.0F324000 0x00000000.00000007
0x00000000
LOAD 0x00000000.0F32B000 0x00000000.00034400 0x00000000.00000000
0x00000000

My bootloader downloads this sdi image in high memory (above 0200000h
as suggested somewhere in this forum because of NTLDR cloberring),
then I copy the boot code (from offset 01000h and size of 05EC2h) at
07c00h.

In real mode, before jumping to 07c00h, I prepare esp and ss:
mov ax,30
mov ss,ax
mov esp,0100h

I put the SDI header address in edx and jump to 07c00h, but the system
is not loading, instead, the system hangs with the text 'Press F12 for
network service boot.". There is a cursor on the following line.
(Pressing F12 does nothing).

Does someone have an idea what I made wrong ? I really need this to
work but can't find the issue.

P.S:
- If I use reboot.com instead of startrom.com, the system unload pxe
and reboots normally.
- The initial sdi image (before adding BOOT and LOAD PART) works fine
with the same system and classic Remote Boot.
- I get the same result if I put a false SDI address in edx before
jumping to 07c00h, so I don't think startrom.com comes to this point ?

Thanks in advance for your help.

Y. Blue

 

[Yann Blue]

On Sat, 03 Jul 2004 21:34:19 +0200, Yann Blue wrote:

I said something wrong, I don't get "corrupt NTLDR" if I change edx but
"SDI image format corrupt.". A better proof of being in NTLDR is that I
get "Invalid boot.ini file" if I use the old NTLDR (see previous posts).

Y.Blue

On Mon, 28 Jun 2004 22:54:37 +0200, Slobodan Brcin (eMVP) wrote:

Hi,

Ok, this time, I am really desperate of getting this to work.

I replaced my protected mode function by one using the int 15h 87h bios
call, but I still get the same result: black screen (If I change the edx
value (SDI address) before jumping to 7C00h, I get "corrupt NTLDR), so I
must be in NTLDR).

Something must be wrong with my combination of
startrom.com/NTLDR/ntdetect.com or perhaps I don't prepare the stack and
segment registers correctly ?
My image is still booting correctly with
classic Remote Boot method and offset adjusted to 7000h (28672). I really
don't understand, do you have an idea ?

startrom.com: 24258 bytes
NTLDR: 233632 bytes
ntdetect.com: 47580 bytes

Best regards
Y. Blue

Hi Yann,

Why do you need protected mode switches?
If you can try BIOS copy function to copy memory to addresses above 1MB. In that way you will not have to mess with PM.

Regards,
Slobodan

On Sun, 27 Jun 2004 17:51:20 +0200, Slobodan Brcin (eMVP) wrote:

So far you know that you successfully relinquished control, and that SDI is loaded in memory where it is expected.
Good news, I will think of this as a progress S:

What XPe service pack do you use?
I use SP1 of Windows Embedded.

I tried with the NTLDR present on SP1, the one with a size of 233632 bytes.
Unfortunately, I now get a black screen. I thought I was cleaning
protected mode and everything else properly, but now, I doubt... (The
image still boot properly with classic Remote Boot and adjusted offset in
boot.ini).

Y. Blue


Hi Yann,

Where do you think I am in the booting process ? (NTLDR ?)

So far you know that you successfully relinquished control, and that SDI is loaded in memory where it is expected.

Invalid BOOT.INI File
Booting from C:\windows\
NTDETECT failed

This errors are reported by ntldr. so you know that it at least started executing.

What XPe service pack do you use?

Anyhow 214016 is too short for SP1 or newer releases. Please search in xpe repository for some ntldr with newer date.

233632 bytes long or bigger. (You probably should not use ewfntldr)

Best regards,
Slobodan

On Sun, 27 Jun 2004 04:18:41 +0200, Slobodan Brcin (eMVP) wrote:

Ok , thanks, I found some errors. The issue didn't seem to be in the
real/protected mode switch but I didn't clean properly the vga stuff I
used before jumping. I think I'm closer to my aim, but unfortunatly, I now
get:

Invalid BOOT.INI File
Booting from C:\windows\
NTDETECT failed

However, I have a boot.ini file in the root directory of the SDI image
with:
[boot loader]
default=ramdisk(0)\WINDOWS
[operating systems]
ramdisk(0)\WINDOWS="Windows XPE From RAM" /fastdetect

as said in the white paper.

I searched in this group for related issues but didn't find anything
similar to my problem.
I put also the ntdetect.com file in the root directory.

What could be wrong ? I think I might use a bad NTLDR file ? (Mine is
214016 bytes long).

Thanks for being so active on this group Slobodan Brcin \(eMVP\).
Y. Blue

PS: Where do you think I am in the booting process ? (NTLDR ?)

1. You never mentioned location of your code. Did you reallocate it
away from segment 7c00?

My code is initially at location 07c00h, so I effectively reallocate the
last part (which copy from/to highmem then jump to 07c00h) at 01000h
before running it.

I did not understand this answer:
Did you reallocate your code at 0100h:0000h address before you switched to protected mode? You should do that.
Also don't go so low in memory you should better stick little lower than 7c00h 512 bytes lower.
Also you need to initialize stack at the beginning of your code for your internal use not for use by startrom it should do it by
itself when you transfer control to it.

4. You never mentioned mechanism that you use to load data in memory
above 1MB.

I use protected mode to copy data in high memory. I've read how you do it
with int vector, but I already had code to do it in
protected mode.

I used protected mode very long time ago when I was very young and was writing my simple OS. (Before the days of Windows 95).
I hope that you know what you are doing (or trust code you have) and that you switch correctly back and forth between protected
and
real mode.


6. You must ensure that you are NOT IN PROTECTED MODE. Also you must restore all segments/selectors you used so they have 64K
limits
etc.
Only after you make sure that you left in perfect order (Like that you never gone to protected mode) only then you should jump
to
7c00h. (Otherwise what can happen is unpredictable)

Make sure that you do things right in step 6.

I would like to know if I'm stucked in the startrom.com part, the
NTLDR one or the PART one.

This is tough one to detect.

Does NTLDR display something before booting the system ?

I can't remember it was a while ago.

Best regards,
Slobodan


On Sat, 26 Jun 2004 21:04:15 +0200, Slobodan Brcin (eMVP) wrote:

Hi Yann,

1. You never mentioned location of your code. Did you reallocate it
away from segment 7c00?

My code is initially at location 07c00h, so I effectively reallocate the
last part (which copy from/to highmem then jump to 07c00h) at 01000h
before running it.

2. You can find my working code for custom SDI boot in this NG.

The code I found from you boot from a CD, mine use PXE to
download the SDI image, it is however very usefull, thanks for that.

3. I can't remember but I think that I'm using addresses above 4MB.
0400000h. Two MB is too close to beginning of mem.

I changed my code to use 0400000h but the result is the same.

4. You never mentioned mechanism that you use to load data in memory
above 1MB.

I use protected mode to copy data in high memory. I've read how you do it
with int vector, but I already had code to do it in
protected mode.

5. Make sure that your image is working fine after adding BOOT and
LOAD blobs. Change offset address of PART in boot.ini.

My image is working fine with BOOT and LOAD blobs, I just changed the
offset to 28672 (07000h) as advised by you.

6. Make sure that you are in real mode before doing the final jump.

I am in protected mode, but I don't know if I do enough: I re-enable
interrupts then put esp and ss as said previously, is it sufficient ?

I would like to know if I'm stucked in the startrom.com part, the
NTLDR one or the PART one. Does NTLDR display something before booting the
system ?

Thanks a lot for you help

Y. Blue


Regards,
Slobodan



For specific needs, I have to make my own bootloader to boot a SDI
image.
I used the white paper "RAM Boot Using SDI in Windows XP Embedded with
Service Pack 1" from Saad Syed.

Everything seems to work correctly until jumping to 07c00h adress to
run startrom.com, at this point, the system hangs with the following
text:

Press F12 for network service boot.


Details:
--------

I begin with a SDI file tested with the classic Remote Boot procedure
(download of startrom.n12, download of sdi image, progress bar,
booting...). I add the BOOT and LOAD parts as suggested in the white
paper. At last, I pack it. When I run sdimgr on the final image, I get
the following result:

Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

SDI File Manager version 1.00.621
Copyright (C) 1999-2001 Microsoft Corp. All Rights Reserved.

SDI File : C:\image.sdi
MDB Type : ---
Boot Code Offset : 0x00000000.00001000
Boot Code Size : 0x00000000.00005EC2
Vendor ID : 0x0000 (0)
Device ID : 0x0000 (0)
Device Model : {00000000-0000-0000-0000-000000000000}
Device Role : 0
Runtime GUID : {00000000-0000-0000-0000-000000000000}
Runtime OEM Rev : 0
Page Alignment : 1 (4096 bytes)

Type Offset Size Base Address Attr
---- ------------------- ------------------- -------------------
----------
BOOT 0x00000000.00001000 0x00000000.00005EC2 0x00000000.00000000
0x00000000
PART 0x00000000.00007000 0x00000000.0F324000 0x00000000.00000007
0x00000000
LOAD 0x00000000.0F32B000 0x00000000.00034400 0x00000000.00000000
0x00000000

My bootloader downloads this sdi image in high memory (above 0200000h
as suggested somewhere in this forum because of NTLDR cloberring),
then I copy the boot code (from offset 01000h and size of 05EC2h) at
07c00h.

In real mode, before jumping to 07c00h, I prepare esp and ss:
mov ax,30
mov ss,ax
mov esp,0100h

I put the SDI header address in edx and jump to 07c00h, but the system
is not loading, instead, the system hangs with the text 'Press F12 for
network service boot.". There is a cursor on the following line.
(Pressing F12 does nothing).

Does someone have an idea what I made wrong ? I really need this to
work but can't find the issue.

P.S:
- If I use reboot.com instead of startrom.com, the system unload pxe
and reboots normally.
- The initial sdi image (before adding BOOT and LOAD PART) works fine
with the same system and classic Remote Boot.
- I get the same result if I put a false SDI address in edx before
jumping to 07c00h, so I don't think startrom.com comes to this point ?

Thanks in advance for your help.

Y. Blue

 

[Slobodan Brcin \(eMVP\)]

Hi Yann,

I know that you must feel frustrated because you can't see anything (can't use debugger)

Try making boot.ini with two entries and set some time in timeout.
If boot.ini get loaded by ntldr. you should at least see multi boot choice screen.

Also make sure that this is true:"EDX = 32-bit physical address of the page aligned SDI image bitwise ORed with 41h"

BTW:
First thing when your code is executed you should set stack values. Look at my code.

Good luck,
Slobodan

PS:
Give me more info about what you did so far if yuo still have problems.

On Sat, 03 Jul 2004 21:34:19 +0200, Yann Blue wrote:

I said something wrong, I don't get "corrupt NTLDR" if I change edx but
"SDI image format corrupt.". A better proof of being in NTLDR is that I
get "Invalid boot.ini file" if I use the old NTLDR (see previous posts).

Y.Blue

On Mon, 28 Jun 2004 22:54:37 +0200, Slobodan Brcin (eMVP) wrote:

Hi,

Ok, this time, I am really desperate of getting this to work.

I replaced my protected mode function by one using the int 15h 87h bios
call, but I still get the same result: black screen (If I change the edx
value (SDI address) before jumping to 7C00h, I get "corrupt NTLDR), so I
must be in NTLDR).

Something must be wrong with my combination of
startrom.com/NTLDR/ntdetect.com or perhaps I don't prepare the stack and
segment registers correctly ?
My image is still booting correctly with
classic Remote Boot method and offset adjusted to 7000h (28672). I really
don't understand, do you have an idea ?

startrom.com: 24258 bytes
NTLDR: 233632 bytes
ntdetect.com: 47580 bytes

Best regards
Y. Blue

Hi Yann,

Why do you need protected mode switches?
If you can try BIOS copy function to copy memory to addresses above 1MB. In that way you will not have to mess with PM.

Regards,
Slobodan


On Sun, 27 Jun 2004 17:51:20 +0200, Slobodan Brcin (eMVP) wrote:

So far you know that you successfully relinquished control, and that SDI is loaded in memory where it is expected.
Good news, I will think of this as a progress S:

What XPe service pack do you use?
I use SP1 of Windows Embedded.

I tried with the NTLDR present on SP1, the one with a size of 233632 bytes.
Unfortunately, I now get a black screen. I thought I was cleaning
protected mode and everything else properly, but now, I doubt... (The
image still boot properly with classic Remote Boot and adjusted offset in
boot.ini).

Y. Blue


Hi Yann,

Where do you think I am in the booting process ? (NTLDR ?)

So far you know that you successfully relinquished control, and that SDI is loaded in memory where it is expected.

Invalid BOOT.INI File
Booting from C:\windows\
NTDETECT failed

This errors are reported by ntldr. so you know that it at least started executing.

What XPe service pack do you use?

Anyhow 214016 is too short for SP1 or newer releases. Please search in xpe repository for some ntldr with newer date.

233632 bytes long or bigger. (You probably should not use ewfntldr)

Best regards,
Slobodan

On Sun, 27 Jun 2004 04:18:41 +0200, Slobodan Brcin (eMVP) wrote:

Ok , thanks, I found some errors. The issue didn't seem to be in the
real/protected mode switch but I didn't clean properly the vga stuff I
used before jumping. I think I'm closer to my aim, but unfortunatly, I now
get:

Invalid BOOT.INI File
Booting from C:\windows\
NTDETECT failed

However, I have a boot.ini file in the root directory of the SDI image
with:
[boot loader]
default=ramdisk(0)\WINDOWS
[operating systems]
ramdisk(0)\WINDOWS="Windows XPE From RAM" /fastdetect

as said in the white paper.

I searched in this group for related issues but didn't find anything
similar to my problem.
I put also the ntdetect.com file in the root directory.

What could be wrong ? I think I might use a bad NTLDR file ? (Mine is
214016 bytes long).

Thanks for being so active on this group Slobodan Brcin \(eMVP\).
Y. Blue

PS: Where do you think I am in the booting process ? (NTLDR ?)

1. You never mentioned location of your code. Did you reallocate it
away from segment 7c00?

My code is initially at location 07c00h, so I effectively reallocate the
last part (which copy from/to highmem then jump to 07c00h) at 01000h
before running it.

I did not understand this answer:
Did you reallocate your code at 0100h:0000h address before you switched to protected mode? You should do that.
Also don't go so low in memory you should better stick little lower than 7c00h 512 bytes lower.
Also you need to initialize stack at the beginning of your code for your internal use not for use by startrom it should do it
by
itself when you transfer control to it.

4. You never mentioned mechanism that you use to load data in memory
above 1MB.

I use protected mode to copy data in high memory. I've read how you do it
with int vector, but I already had code to do it in
protected mode.

I used protected mode very long time ago when I was very young and was writing my simple OS. (Before the days of Windows 95).
I hope that you know what you are doing (or trust code you have) and that you switch correctly back and forth between
protected
and
real mode.


6. You must ensure that you are NOT IN PROTECTED MODE. Also you must restore all segments/selectors you used so they have 64K
limits
etc.
Only after you make sure that you left in perfect order (Like that you never gone to protected mode) only then you should
jump
to
7c00h. (Otherwise what can happen is unpredictable)

Make sure that you do things right in step 6.

I would like to know if I'm stucked in the startrom.com part, the
NTLDR one or the PART one.

This is tough one to detect.

Does NTLDR display something before booting the system ?

I can't remember it was a while ago.

Best regards,
Slobodan


On Sat, 26 Jun 2004 21:04:15 +0200, Slobodan Brcin (eMVP) wrote:

Hi Yann,

1. You never mentioned location of your code. Did you reallocate it
away from segment 7c00?

My code is initially at location 07c00h, so I effectively reallocate the
last part (which copy from/to highmem then jump to 07c00h) at 01000h
before running it.

2. You can find my working code for custom SDI boot in this NG.

The code I found from you boot from a CD, mine use PXE to
download the SDI image, it is however very usefull, thanks for that.

3. I can't remember but I think that I'm using addresses above 4MB.
0400000h. Two MB is too close to beginning of mem.

I changed my code to use 0400000h but the result is the same.

4. You never mentioned mechanism that you use to load data in memory
above 1MB.

I use protected mode to copy data in high memory. I've read how you do it
with int vector, but I already had code to do it in
protected mode.

5. Make sure that your image is working fine after adding BOOT and
LOAD blobs. Change offset address of PART in boot.ini.

My image is working fine with BOOT and LOAD blobs, I just changed the
offset to 28672 (07000h) as advised by you.

6. Make sure that you are in real mode before doing the final jump.

I am in protected mode, but I don't know if I do enough: I re-enable
interrupts then put esp and ss as said previously, is it sufficient ?

I would like to know if I'm stucked in the startrom.com part, the
NTLDR one or the PART one. Does NTLDR display something before booting the
system ?

Thanks a lot for you help

Y. Blue


Regards,
Slobodan



For specific needs, I have to make my own bootloader to boot a SDI
image.
I used the white paper "RAM Boot Using SDI in Windows XP Embedded with
Service Pack 1" from Saad Syed.

Everything seems to work correctly until jumping to 07c00h adress to
run startrom.com, at this point, the system hangs with the following
text:

Press F12 for network service boot.


Details:
--------

I begin with a SDI file tested with the classic Remote Boot procedure
(download of startrom.n12, download of sdi image, progress bar,
booting...). I add the BOOT and LOAD parts as suggested in the white
paper. At last, I pack it. When I run sdimgr on the final image, I get
the following result:

Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

SDI File Manager version 1.00.621
Copyright (C) 1999-2001 Microsoft Corp. All Rights Reserved.

SDI File : C:\image.sdi
MDB Type : ---
Boot Code Offset : 0x00000000.00001000
Boot Code Size : 0x00000000.00005EC2
Vendor ID : 0x0000 (0)
Device ID : 0x0000 (0)
Device Model : {00000000-0000-0000-0000-000000000000}
Device Role : 0
Runtime GUID : {00000000-0000-0000-0000-000000000000}
Runtime OEM Rev : 0
Page Alignment : 1 (4096 bytes)

Type Offset Size Base Address Attr
---- ------------------- ------------------- -------------------
----------
BOOT 0x00000000.00001000 0x00000000.00005EC2 0x00000000.00000000
0x00000000
PART 0x00000000.00007000 0x00000000.0F324000 0x00000000.00000007
0x00000000
LOAD 0x00000000.0F32B000 0x00000000.00034400 0x00000000.00000000
0x00000000

My bootloader downloads this sdi image in high memory (above 0200000h
as suggested somewhere in this forum because of NTLDR cloberring),
then I copy the boot code (from offset 01000h and size of 05EC2h) at
07c00h.

In real mode, before jumping to 07c00h, I prepare esp and ss:
mov ax,30
mov ss,ax
mov esp,0100h

I put the SDI header address in edx and jump to 07c00h, but the system
is not loading, instead, the system hangs with the text 'Press F12 for
network service boot.". There is a cursor on the following line.
(Pressing F12 does nothing).

Does someone have an idea what I made wrong ? I really need this to
work but can't find the issue.

P.S:
- If I use reboot.com instead of startrom.com, the system unload pxe
and reboots normally.
- The initial sdi image (before adding BOOT and LOAD PART) works fine
with the same system and classic Remote Boot.
- I get the same result if I put a false SDI address in edx before
jumping to 07c00h, so I don't think startrom.com comes to this point ?

Thanks in advance for your help.

Y. Blue

 

[KM]

I was actually wondering why not use debugger?

If the problem is in NT Loader, switching to serial debug may show some good
info (noone can promise that but debug output has always been helpful).

Also, there is a debug version of the ntldr in DDK. If you use this version
in the LOAD blob, set proper parameters in boot.ini and have the KD
connected from another machine, it may help.

Or did I miss anything?

KM

Hi Yann,

I know that you must feel frustrated because you can't see anything (can't use debugger)

Try making boot.ini with two entries and set some time in timeout.
If boot.ini get loaded by ntldr. you should at least see multi boot choice screen.

Also make sure that this is true:"EDX = 32-bit physical address of the

page aligned SDI image bitwise ORed with 41h"

BTW:
First thing when your code is executed you should set stack values. Look at my code.

Good luck,
Slobodan

PS:
Give me more info about what you did so far if yuo still have problems.

On Sat, 03 Jul 2004 21:34:19 +0200, Yann Blue wrote:

I said something wrong, I don't get "corrupt NTLDR" if I change edx but
"SDI image format corrupt.". A better proof of being in NTLDR is that I
get "Invalid boot.ini file" if I use the old NTLDR (see previous posts).

Y.Blue

On Mon, 28 Jun 2004 22:54:37 +0200, Slobodan Brcin (eMVP) wrote:

Hi,

Ok, this time, I am really desperate of getting this to work.

I replaced my protected mode function by one using the int 15h 87h bios
call, but I still get the same result: black screen (If I change the edx
value (SDI address) before jumping to 7C00h, I get "corrupt NTLDR), so I
must be in NTLDR).

Something must be wrong with my combination of
startrom.com/NTLDR/ntdetect.com or perhaps I don't prepare the stack and
segment registers correctly ?
My image is still booting correctly with
classic Remote Boot method and offset adjusted to 7000h (28672). I really
don't understand, do you have an idea ?

startrom.com: 24258 bytes
NTLDR: 233632 bytes
ntdetect.com: 47580 bytes

Best regards
Y. Blue

Hi Yann,

Why do you need protected mode switches?
If you can try BIOS copy function to copy memory to addresses above 1MB. In that way you will not have to mess with PM.

Regards,
Slobodan


On Sun, 27 Jun 2004 17:51:20 +0200, Slobodan Brcin (eMVP) wrote:

So far you know that you successfully relinquished control, and that SDI is loaded in memory where it is expected.
Good news, I will think of this as a progress S:

What XPe service pack do you use?
I use SP1 of Windows Embedded.

I tried with the NTLDR present on SP1, the one with a size of 233632 bytes.
Unfortunately, I now get a black screen. I thought I was cleaning
protected mode and everything else properly, but now, I doubt... (The
image still boot properly with classic Remote Boot and adjusted offset in
boot.ini).

Y. Blue


Hi Yann,

Where do you think I am in the booting process ? (NTLDR ?)

So far you know that you successfully relinquished control, and that SDI is loaded in memory where it is expected.

Invalid BOOT.INI File
Booting from C:\windows\
NTDETECT failed

This errors are reported by ntldr. so you know that it at least started executing.

What XPe service pack do you use?

Anyhow 214016 is too short for SP1 or newer releases. Please search in xpe repository for some ntldr with newer date.

233632 bytes long or bigger. (You probably should not use ewfntldr)

Best regards,
Slobodan

On Sun, 27 Jun 2004 04:18:41 +0200, Slobodan Brcin (eMVP) wrote:

Ok , thanks, I found some errors. The issue didn't seem to be in the
real/protected mode switch but I didn't clean properly the vga stuff I
used before jumping. I think I'm closer to my aim, but unfortunatly, I now
get:

Invalid BOOT.INI File
Booting from C:\windows\
NTDETECT failed

However, I have a boot.ini file in the root directory of the SDI image
with:
[boot loader]
default=ramdisk(0)\WINDOWS
[operating systems]
ramdisk(0)\WINDOWS="Windows XPE From RAM" /fastdetect

as said in the white paper.

I searched in this group for related issues but didn't find anything
similar to my problem.
I put also the ntdetect.com file in the root directory.

What could be wrong ? I think I might use a bad NTLDR file ? (Mine is
214016 bytes long).

Thanks for being so active on this group Slobodan Brcin \(eMVP\).
Y. Blue

PS: Where do you think I am in the booting process ? (NTLDR ?)

1. You never mentioned location of your code. Did you reallocate it
away from segment 7c00?

My code is initially at location 07c00h, so I effectively reallocate the
last part (which copy from/to highmem then jump to 07c00h) at 01000h
before running it.

I did not understand this answer:
Did you reallocate your code at 0100h:0000h address before you switched to protected mode? You should do that.
Also don't go so low in memory you should better stick little lower than 7c00h 512 bytes lower.
Also you need to initialize stack at the beginning of your code

for your internal use not for use by startrom it should

do it

and was writing my simple OS. (Before the days of Windows

95).

must restore all segments/selectors you used so they have

64K

limits
etc.
Only after you make sure that you left in perfect order (Like that you never gone to protected mode) only then you should
jump
to
7c00h. (Otherwise what can happen is unpredictable)

Make sure that you do things right in step 6.

I would like to know if I'm stucked in the startrom.com part, the
NTLDR one or the PART one.

This is tough one to detect.

Does NTLDR display something before booting the system ?

I can't remember it was a while ago.

Best regards,
Slobodan

 

[Slobodan Brcin \(eMVP\)]

Hi Konstantin,

Debugger is implemented in kernel so it probably would not work with regular ntldr.

Good point about debug version of ntldr. I used it few times but never with RAM boot, so I can't guarantee that it will support RAM
boot.
But it will definitely give some nice info acquired by ntdetect

Best regards,
Slobodan

I was actually wondering why not use debugger?

If the problem is in NT Loader, switching to serial debug may show some good
info (noone can promise that but debug output has always been helpful).

Also, there is a debug version of the ntldr in DDK. If you use this version
in the LOAD blob, set proper parameters in boot.ini and have the KD
connected from another machine, it may help.

Or did I miss anything?

KM

Hi Yann,

I know that you must feel frustrated because you can't see anything (can't use debugger)

Try making boot.ini with two entries and set some time in timeout.
If boot.ini get loaded by ntldr. you should at least see multi boot choice screen.

Also make sure that this is true:"EDX = 32-bit physical address of the

page aligned SDI image bitwise ORed with 41h"

BTW:
First thing when your code is executed you should set stack values. Look at my code.

Good luck,
Slobodan

PS:
Give me more info about what you did so far if yuo still have problems.

On Sat, 03 Jul 2004 21:34:19 +0200, Yann Blue wrote:

I said something wrong, I don't get "corrupt NTLDR" if I change edx but
"SDI image format corrupt.". A better proof of being in NTLDR is that I
get "Invalid boot.ini file" if I use the old NTLDR (see previous posts).

Y.Blue

On Mon, 28 Jun 2004 22:54:37 +0200, Slobodan Brcin (eMVP) wrote:

Hi,

Ok, this time, I am really desperate of getting this to work.

I replaced my protected mode function by one using the int 15h 87h bios
call, but I still get the same result: black screen (If I change the edx
value (SDI address) before jumping to 7C00h, I get "corrupt NTLDR), so I
must be in NTLDR).

Something must be wrong with my combination of
startrom.com/NTLDR/ntdetect.com or perhaps I don't prepare the stack and
segment registers correctly ?
My image is still booting correctly with
classic Remote Boot method and offset adjusted to 7000h (28672). I really
don't understand, do you have an idea ?

startrom.com: 24258 bytes
NTLDR: 233632 bytes
ntdetect.com: 47580 bytes

Best regards
Y. Blue

Hi Yann,

Why do you need protected mode switches?
If you can try BIOS copy function to copy memory to addresses above 1MB. In that way you will not have to mess with PM.

Regards,
Slobodan


On Sun, 27 Jun 2004 17:51:20 +0200, Slobodan Brcin (eMVP) wrote:

So far you know that you successfully relinquished control, and that SDI is loaded in memory where it is expected.
Good news, I will think of this as a progress S:

What XPe service pack do you use?
I use SP1 of Windows Embedded.

I tried with the NTLDR present on SP1, the one with a size of 233632 bytes.
Unfortunately, I now get a black screen. I thought I was cleaning
protected mode and everything else properly, but now, I doubt... (The
image still boot properly with classic Remote Boot and adjusted offset in
boot.ini).

Y. Blue


Hi Yann,

Where do you think I am in the booting process ? (NTLDR ?)

So far you know that you successfully relinquished control, and that SDI is loaded in memory where it is expected.

Invalid BOOT.INI File
Booting from C:\windows\
NTDETECT failed

This errors are reported by ntldr. so you know that it at least started executing.

What XPe service pack do you use?

Anyhow 214016 is too short for SP1 or newer releases. Please search in xpe repository for some ntldr with newer date.

233632 bytes long or bigger. (You probably should not use ewfntldr)

Best regards,
Slobodan

On Sun, 27 Jun 2004 04:18:41 +0200, Slobodan Brcin (eMVP) wrote:

Ok , thanks, I found some errors. The issue didn't seem to be in the
real/protected mode switch but I didn't clean properly the vga stuff I
used before jumping. I think I'm closer to my aim, but unfortunatly, I now
get:

Invalid BOOT.INI File
Booting from C:\windows\
NTDETECT failed

However, I have a boot.ini file in the root directory of the SDI image
with:
[boot loader]
default=ramdisk(0)\WINDOWS
[operating systems]
ramdisk(0)\WINDOWS="Windows XPE From RAM" /fastdetect

as said in the white paper.

I searched in this group for related issues but didn't find anything
similar to my problem.
I put also the ntdetect.com file in the root directory.

What could be wrong ? I think I might use a bad NTLDR file ? (Mine is
214016 bytes long).

Thanks for being so active on this group Slobodan Brcin \(eMVP\).
Y. Blue

PS: Where do you think I am in the booting process ? (NTLDR ?)

1. You never mentioned location of your code. Did you reallocate it
away from segment 7c00?

My code is initially at location 07c00h, so I effectively reallocate the
last part (which copy from/to highmem then jump to 07c00h) at 01000h
before running it.

I did not understand this answer:
Did you reallocate your code at 0100h:0000h address before you switched to protected mode? You should do that.
Also don't go so low in memory you should better stick little lower than 7c00h 512 bytes lower.
Also you need to initialize stack at the beginning of your code

for your internal use not for use by startrom it should

do it

and was writing my simple OS. (Before the days of Windows

95).

must restore all segments/selectors you used so they have

64K

 

[KM]

Slobodan,

Soory for the wrong statement. I should not use KD when I speak about ntldr.
What I meant was just *regular* debug/serial output of ntldr that you can
watch on another machine attached.
At least I always use serial output of any boot loader (not only NT). If the
loader is good written, it will thorw out some helful messages.

With release version of ntldr, it won't give much info but with debug - much
more. At least Yann may finally be able to confirm if NT loader is the
broken part.

I have just read the thread and I missed if he has bitwise OR'ed EDX
(actually, DL) with the SDI address in it. This is a requirement, IIRC.

KM

Hi Konstantin,

Debugger is implemented in kernel so it probably would not work with regular ntldr.

Good point about debug version of ntldr. I used it few times but never

with RAM boot, so I can't guarantee that it will support RAM

boot.
But it will definitely give some nice info acquired by ntdetect

Best regards,
Slobodan

I was actually wondering why not use debugger?

If the problem is in NT Loader, switching to serial debug may show some good
info (noone can promise that but debug output has always been helpful).

Also, there is a debug version of the ntldr in DDK. If you use this version
in the LOAD blob, set proper parameters in boot.ini and have the KD
connected from another machine, it may help.

Or did I miss anything?

KM

Hi Yann,

I know that you must feel frustrated because you can't see anything

(can't
use debugger)

Try making boot.ini with two entries and set some time in timeout.
If boot.ini get loaded by ntldr. you should at least see multi boot

choice
screen.

Also make sure that this is true:"EDX = 32-bit physical address of the

page aligned SDI image bitwise ORed with 41h"

BTW:
First thing when your code is executed you should set stack values.

Look
at my code.

Good luck,
Slobodan

PS:
Give me more info about what you did so far if yuo still have problems.

On Sat, 03 Jul 2004 21:34:19 +0200, Yann Blue wrote:

I said something wrong, I don't get "corrupt NTLDR" if I change edx but
"SDI image format corrupt.". A better proof of being in NTLDR is that I
get "Invalid boot.ini file" if I use the old NTLDR (see previous posts).

Y.Blue

On Mon, 28 Jun 2004 22:54:37 +0200, Slobodan Brcin (eMVP) wrote:

Hi,

Ok, this time, I am really desperate of getting this to work.

I replaced my protected mode function by one using the int 15h 87h bios
call, but I still get the same result: black screen (If I change

the
edx

value (SDI address) before jumping to 7C00h, I get "corrupt

NTLDR), so
I

must be in NTLDR).

Something must be wrong with my combination of
startrom.com/NTLDR/ntdetect.com or perhaps I don't prepare the

stack
and

segment registers correctly ?
My image is still booting correctly with
classic Remote Boot method and offset adjusted to 7000h (28672). I really
don't understand, do you have an idea ?

startrom.com: 24258 bytes
NTLDR: 233632 bytes
ntdetect.com: 47580 bytes

Best regards
Y. Blue

Hi Yann,

Why do you need protected mode switches?
If you can try BIOS copy function to copy memory to addresses

above
1MB. In that way you will not have to mess with PM.

Regards,
Slobodan


On Sun, 27 Jun 2004 17:51:20 +0200, Slobodan Brcin (eMVP) wrote:

So far you know that you successfully relinquished control,

and
that SDI is loaded in memory where it is expected.

Good news, I will think of this as a progress S:

What XPe service pack do you use?
I use SP1 of Windows Embedded.

I tried with the NTLDR present on SP1, the one with a size of

233632
bytes.

Unfortunately, I now get a black screen. I thought I was cleaning
protected mode and everything else properly, but now, I doubt... (The
image still boot properly with classic Remote Boot and adjusted offset in
boot.ini).

Y. Blue


Hi Yann,

Where do you think I am in the booting process ? (NTLDR ?)

So far you know that you successfully relinquished control,

and
that SDI is loaded in memory where it is expected.

Invalid BOOT.INI File
Booting from C:\windows\
NTDETECT failed

This errors are reported by ntldr. so you know that it at

least
started executing.

What XPe service pack do you use?

Anyhow 214016 is too short for SP1 or newer releases. Please

search in xpe repository for some ntldr with newer date.

233632 bytes long or bigger. (You probably should not use ewfntldr)

Best regards,
Slobodan

Ok , thanks, I found some errors. The issue didn't seem to be

in
the

real/protected mode switch but I didn't clean properly the

vga
stuff I

used before jumping. I think I'm closer to my aim, but unfortunatly, I now
get:

Invalid BOOT.INI File
Booting from C:\windows\
NTDETECT failed

However, I have a boot.ini file in the root directory of the

SDI
image

with:
[boot loader]
default=ramdisk(0)\WINDOWS
[operating systems]
ramdisk(0)\WINDOWS="Windows XPE From RAM" /fastdetect

as said in the white paper.

I searched in this group for related issues but didn't find anything
similar to my problem.
I put also the ntdetect.com file in the root directory.

What could be wrong ? I think I might use a bad NTLDR file ? (Mine is
214016 bytes long).

Thanks for being so active on this group Slobodan Brcin \(eMVP\).
Y. Blue

PS: Where do you think I am in the booting process ? (NTLDR ?)

1. You never mentioned location of your code. Did you reallocate it
away from segment 7c00?

My code is initially at location 07c00h, so I effectively reallocate the
last part (which copy from/to highmem then jump to 07c00h)

at
01000h

before running it.

I did not understand this answer:
Did you reallocate your code at 0100h:0000h address before

you
switched to protected mode? You should do that.

Also don't go so low in memory you should better stick

little
lower than 7c00h 512 bytes lower.

Also you need to initialize stack at the beginning of your

code
for your internal use not for use by startrom it should

do it
by
itself when you transfer control to it.

4. You never mentioned mechanism that you use to load

data
in memory

above 1MB.

I use protected mode to copy data in high memory. I've

read
how you do it

with int vector, but I already had code to do it in
protected mode.

I used protected mode very long time ago when I was very

young
and was writing my simple OS. (Before the days of Windows

95).
I hope that you know what you are doing (or trust code you

have) and that you switch correctly back and forth between

protected
and
real mode.


6. You must ensure that you are NOT IN PROTECTED MODE. Also

you
must restore all segments/selectors you used so they have

64K
limits
etc.
Only after you make sure that you left in perfect order

(Like
that you never gone to protected mode) only then you should

jump
to
7c00h. (Otherwise what can happen is unpredictable)

Make sure that you do things right in step 6.

I would like to know if I'm stucked in the startrom.com

part,
the

NTLDR one or the PART one.

This is tough one to detect.

Does NTLDR display something before booting the system ?

I can't remember it was a while ago.

Best regards,
Slobodan


at
01000h this
NG. for
that. data
in memory read
how you do it adding
BOOT and part,
the before
booting the XP
Embedded with 07c00h
adress to the
following Boot
procedure progress
bar, in
the white final
image, I get rights
reserved. Address
Attr of
05EC2h) at and
ss: but
the system following
line. need
this to system
unload pxe PART)
works fine edx
before to
this point ?

 

[Slobodan Brcin \(eMVP\)]

Konstantin,

He never said anything about EDX but I mentioned it just in case that he forgot.

Best regards,
Slobodan

Slobodan,

Soory for the wrong statement. I should not use KD when I speak about ntldr.
What I meant was just *regular* debug/serial output of ntldr that you can
watch on another machine attached.
At least I always use serial output of any boot loader (not only NT). If the
loader is good written, it will thorw out some helful messages.

With release version of ntldr, it won't give much info but with debug - much
more. At least Yann may finally be able to confirm if NT loader is the
broken part.

I have just read the thread and I missed if he has bitwise OR'ed EDX
(actually, DL) with the SDI address in it. This is a requirement, IIRC.

KM

Hi Konstantin,

Debugger is implemented in kernel so it probably would not work with regular ntldr.

Good point about debug version of ntldr. I used it few times but never

with RAM boot, so I can't guarantee that it will support RAM

boot.
But it will definitely give some nice info acquired by ntdetect

Best regards,
Slobodan

I was actually wondering why not use debugger?

If the problem is in NT Loader, switching to serial debug may show some good
info (noone can promise that but debug output has always been helpful).

Also, there is a debug version of the ntldr in DDK. If you use this version
in the LOAD blob, set proper parameters in boot.ini and have the KD
connected from another machine, it may help.

Or did I miss anything?

KM

Hi Yann,

I know that you must feel frustrated because you can't see anything (can't
use debugger)

Try making boot.ini with two entries and set some time in timeout.
If boot.ini get loaded by ntldr. you should at least see multi boot choice
screen.

Also make sure that this is true:"EDX = 32-bit physical address of the
page aligned SDI image bitwise ORed with 41h"

BTW:
First thing when your code is executed you should set stack values. Look
at my code.

Good luck,
Slobodan

PS:
Give me more info about what you did so far if yuo still have problems.

On Sat, 03 Jul 2004 21:34:19 +0200, Yann Blue wrote:

I said something wrong, I don't get "corrupt NTLDR" if I change edx but
"SDI image format corrupt.". A better proof of being in NTLDR is that I
get "Invalid boot.ini file" if I use the old NTLDR (see previous posts).

Y.Blue

On Mon, 28 Jun 2004 22:54:37 +0200, Slobodan Brcin (eMVP) wrote:

Hi,

Ok, this time, I am really desperate of getting this to work.

I replaced my protected mode function by one using the int 15h 87h
bios
call, but I still get the same result: black screen (If I change the
edx
value (SDI address) before jumping to 7C00h, I get "corrupt NTLDR), so
I
must be in NTLDR).

Something must be wrong with my combination of
startrom.com/NTLDR/ntdetect.com or perhaps I don't prepare the stack
and
segment registers correctly ?
My image is still booting correctly with
classic Remote Boot method and offset adjusted to 7000h (28672). I
really
don't understand, do you have an idea ?

startrom.com: 24258 bytes
NTLDR: 233632 bytes
ntdetect.com: 47580 bytes

Best regards
Y. Blue

Hi Yann,

Why do you need protected mode switches?
If you can try BIOS copy function to copy memory to addresses above
1MB. In that way you will not have to mess with PM.

Regards,
Slobodan


On Sun, 27 Jun 2004 17:51:20 +0200, Slobodan Brcin (eMVP) wrote:

So far you know that you successfully relinquished control, and
that SDI is loaded in memory where it is expected.
Good news, I will think of this as a progress S:

What XPe service pack do you use?
I use SP1 of Windows Embedded.

I tried with the NTLDR present on SP1, the one with a size of 233632
bytes.
Unfortunately, I now get a black screen. I thought I was cleaning
protected mode and everything else properly, but now, I doubt...
(The
image still boot properly with classic Remote Boot and adjusted
offset in
boot.ini).

Y. Blue


Hi Yann,

Where do you think I am in the booting process ? (NTLDR ?)

So far you know that you successfully relinquished control, and
that SDI is loaded in memory where it is expected.

Invalid BOOT.INI File
Booting from C:\windows\
NTDETECT failed

This errors are reported by ntldr. so you know that it at least
started executing.

What XPe service pack do you use?

Anyhow 214016 is too short for SP1 or newer releases. Please
search in xpe repository for some ntldr with newer date.

233632 bytes long or bigger. (You probably should not use
ewfntldr)

Best regards,
Slobodan

Ok , thanks, I found some errors. The issue didn't seem to be in
the
real/protected mode switch but I didn't clean properly the vga
stuff I
used before jumping. I think I'm closer to my aim, but
unfortunatly, I now
get:

Invalid BOOT.INI File
Booting from C:\windows\
NTDETECT failed

However, I have a boot.ini file in the root directory of the SDI
image
with:
[boot loader]
default=ramdisk(0)\WINDOWS
[operating systems]
ramdisk(0)\WINDOWS="Windows XPE From RAM" /fastdetect

as said in the white paper.

I searched in this group for related issues but didn't find
anything
similar to my problem.
I put also the ntdetect.com file in the root directory.

What could be wrong ? I think I might use a bad NTLDR file ?
(Mine is
214016 bytes long).

Thanks for being so active on this group Slobodan Brcin \(eMVP\).
Y. Blue

PS: Where do you think I am in the booting process ? (NTLDR ?)

1. You never mentioned location of your code. Did you
reallocate it
away from segment 7c00?

My code is initially at location 07c00h, so I effectively
reallocate the
last part (which copy from/to highmem then jump to 07c00h) at
01000h
before running it.

I did not understand this answer:
Did you reallocate your code at 0100h:0000h address before you
switched to protected mode? You should do that.
Also don't go so low in memory you should better stick little
lower than 7c00h 512 bytes lower.
Also you need to initialize stack at the beginning of your code
for your internal use not for use by startrom it should
do it
by
itself when you transfer control to it.

4. You never mentioned mechanism that you use to load data
in memory
above 1MB.

I use protected mode to copy data in high memory. I've read
how you do it
with int vector, but I already had code to do it in
protected mode.

I used protected mode very long time ago when I was very young
and was writing my simple OS. (Before the days of Windows
95).
I hope that you know what you are doing (or trust code you
have) and that you switch correctly back and forth between
protected
and
real mode.


6. You must ensure that you are NOT IN PROTECTED MODE. Also you
must restore all segments/selectors you used so they have
64K
limits
etc.
Only after you make sure that you left in perfect order (Like
that you never gone to protected mode) only then you should
jump
to
7c00h. (Otherwise what can happen is unpredictable)

Make sure that you do things right in step 6.

I would like to know if I'm stucked in the startrom.com part,
the
NTLDR one or the PART one.

This is tough one to detect.

Does NTLDR display something before booting the system ?

I can't remember it was a while ago.

Best regards,
Slobodan


Hi Yann,

1. You never mentioned location of your code. Did you
reallocate it
away from segment 7c00?

My code is initially at location 07c00h, so I effectively
reallocate the
last part (which copy from/to highmem then jump to 07c00h) at
01000h
before running it.

2. You can find my working code for custom SDI boot in this
NG.

The code I found from you boot from a CD, mine use PXE to
download the SDI image, it is however very usefull, thanks for
that.

3. I can't remember but I think that I'm using addresses
above 4MB.
0400000h. Two MB is too close to beginning of mem.

I changed my code to use 0400000h but the result is the same.

4. You never mentioned mechanism that you use to load data
in memory
above 1MB.

I use protected mode to copy data in high memory. I've read
how you do it
with int vector, but I already had code to do it in
protected mode.

5. Make sure that your image is working fine after adding
BOOT and
LOAD blobs. Change offset address of PART in boot.ini.

My image is working fine with BOOT and LOAD blobs, I just
changed the
offset to 28672 (07000h) as advised by you.

6. Make sure that you are in real mode before doing the
final jump.

I am in protected mode, but I don't know if I do enough: I
re-enable
interrupts then put esp and ss as said previously, is it
sufficient ?

I would like to know if I'm stucked in the startrom.com part,
the
NTLDR one or the PART one. Does NTLDR display something before
booting the
system ?

Thanks a lot for you help

Y. Blue


Regards,
Slobodan



For specific needs, I have to make my own bootloader to
boot a SDI
image.
I used the white paper "RAM Boot Using SDI in Windows XP
Embedded with
Service Pack 1" from Saad Syed.

Everything seems to work correctly until jumping to 07c00h
adress to
run startrom.com, at this point, the system hangs with the
following
text:

Press F12 for network service boot.


Details:
--------

I begin with a SDI file tested with the classic Remote Boot
procedure
(download of startrom.n12, download of sdi image, progress
bar,
booting...). I add the BOOT and LOAD parts as suggested in
the white
paper. At last, I pack it. When I run sdimgr on the final
image, I get
the following result:

Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights
reserved.

SDI File Manager version 1.00.621
Copyright (C) 1999-2001 Microsoft Corp. All Rights
Reserved.

SDI File : C:\image.sdi
MDB Type : ---
Boot Code Offset : 0x00000000.00001000
Boot Code Size : 0x00000000.00005EC2
Vendor ID : 0x0000 (0)
Device ID : 0x0000 (0)
Device Model :
{00000000-0000-0000-0000-000000000000}
Device Role : 0
Runtime GUID :
{00000000-0000-0000-0000-000000000000}
Runtime OEM Rev : 0
Page Alignment : 1 (4096 bytes)

Type Offset Size Base Address
Attr

---- ------------------- ------------------- -------------------
----------
BOOT 0x00000000.00001000 0x00000000.00005EC2
0x00000000.00000000
0x00000000
PART 0x00000000.00007000 0x00000000.0F324000
0x00000000.00000007
0x00000000
LOAD 0x00000000.0F32B000 0x00000000.00034400
0x00000000.00000000
0x00000000

My bootloader downloads this sdi image in high memory
(above 0200000h
as suggested somewhere in this forum because of NTLDR
cloberring),
then I copy the boot code (from offset 01000h and size of
05EC2h) at
07c00h.

In real mode, before jumping to 07c00h, I prepare esp and
ss:
mov ax,30
mov ss,ax
mov esp,0100h

I put the SDI header address in edx and jump to 07c00h, but
the system
is not loading, instead, the system hangs with the text
'Press F12 for
network service boot.". There is a cursor on the following
line.
(Pressing F12 does nothing).

Does someone have an idea what I made wrong ? I really need
this to
work but can't find the issue.

P.S:
- If I use reboot.com instead of startrom.com, the system
unload pxe
and reboots normally.
- The initial sdi image (before adding BOOT and LOAD PART)
works fine
with the same system and classic Remote Boot.
- I get the same result if I put a false SDI address in edx
before
jumping to 07c00h, so I don't think startrom.com comes to
this point ?

Thanks in advance for your help.

Y. Blue

 

[KM]

Slobodan,

He did I quote: "I put the SDI header address in edx and jump to
07c00h".
That sounded he did not use OR.

Anyway.. there is not point from me to bet. I just confirmed that you were
right mentioning the EDX/OR.

KM

Konstantin,

He never said anything about EDX but I mentioned it just in case that he forgot.

Best regards,
Slobodan

Slobodan,

Soory for the wrong statement. I should not use KD when I speak about ntldr.
What I meant was just *regular* debug/serial output of ntldr that you can
watch on another machine attached.
At least I always use serial output of any boot loader (not only NT). If the
loader is good written, it will thorw out some helful messages.

With release version of ntldr, it won't give much info but with debug - much
more. At least Yann may finally be able to confirm if NT loader is the
broken part.

I have just read the thread and I missed if he has bitwise OR'ed EDX
(actually, DL) with the SDI address in it. This is a requirement, IIRC.

KM

Hi Konstantin,

Debugger is implemented in kernel so it probably would not work with regular ntldr.

Good point about debug version of ntldr. I used it few times but never

with RAM boot, so I can't guarantee that it will support RAM

boot.
But it will definitely give some nice info acquired by ntdetect

Best regards,
Slobodan

I was actually wondering why not use debugger?

If the problem is in NT Loader, switching to serial debug may show

some
good

info (noone can promise that but debug output has always been helpful).

Also, there is a debug version of the ntldr in DDK. If you use this version
in the LOAD blob, set proper parameters in boot.ini and have the KD
connected from another machine, it may help.

Or did I miss anything?

KM

Hi Yann,

I know that you must feel frustrated because you can't see

anything
(can't

use debugger)

Try making boot.ini with two entries and set some time in timeout.
If boot.ini get loaded by ntldr. you should at least see multi

boot
choice

screen.

Also make sure that this is true:"EDX = 32-bit physical address of the
page aligned SDI image bitwise ORed with 41h"

BTW:
First thing when your code is executed you should set stack

values.
Look

at my code.

Good luck,
Slobodan

PS:
Give me more info about what you did so far if yuo still have problems.

On Sat, 03 Jul 2004 21:34:19 +0200, Yann Blue wrote:

I said something wrong, I don't get "corrupt NTLDR" if I change

edx
but

"SDI image format corrupt.". A better proof of being in NTLDR is that I
get "Invalid boot.ini file" if I use the old NTLDR (see previous posts).

Y.Blue

Hi,

Ok, this time, I am really desperate of getting this to work.

I replaced my protected mode function by one using the int 15h 87h
bios
call, but I still get the same result: black screen (If I

change
the

edx
value (SDI address) before jumping to 7C00h, I get "corrupt NTLDR), so
I
must be in NTLDR).

Something must be wrong with my combination of
startrom.com/NTLDR/ntdetect.com or perhaps I don't prepare the stack
and
segment registers correctly ?
My image is still booting correctly with
classic Remote Boot method and offset adjusted to 7000h (28672). I
really
don't understand, do you have an idea ?

startrom.com: 24258 bytes
NTLDR: 233632 bytes
ntdetect.com: 47580 bytes

Best regards
Y. Blue

Hi Yann,

Why do you need protected mode switches?
If you can try BIOS copy function to copy memory to addresses above
1MB. In that way you will not have to mess with PM.

Regards,
Slobodan

So far you know that you successfully relinquished

control,
and

that SDI is loaded in memory where it is expected.
Good news, I will think of this as a progress S:

What XPe service pack do you use?
I use SP1 of Windows Embedded.

I tried with the NTLDR present on SP1, the one with a size

of
233632

bytes.
Unfortunately, I now get a black screen. I thought I was cleaning
protected mode and everything else properly, but now, I doubt...
(The
image still boot properly with classic Remote Boot and adjusted
offset in
boot.ini).

Y. Blue


Hi Yann,

Where do you think I am in the booting process ? (NTLDR ?)

So far you know that you successfully relinquished

control,
and

that SDI is loaded in memory where it is expected.

Invalid BOOT.INI File
Booting from C:\windows\
NTDETECT failed

This errors are reported by ntldr. so you know that it at least
started executing.

What XPe service pack do you use?

Anyhow 214016 is too short for SP1 or newer releases. Please
search in xpe repository for some ntldr with newer date.

233632 bytes long or bigger. (You probably should not use
ewfntldr)

Best regards,
Slobodan

Ok , thanks, I found some errors. The issue didn't seem

to be
in

the
real/protected mode switch but I didn't clean properly

the
vga

stuff I
used before jumping. I think I'm closer to my aim, but
unfortunatly, I now
get:

Invalid BOOT.INI File
Booting from C:\windows\
NTDETECT failed

However, I have a boot.ini file in the root directory of

the
SDI

image
with:
[boot loader]
default=ramdisk(0)\WINDOWS
[operating systems]
ramdisk(0)\WINDOWS="Windows XPE From RAM" /fastdetect

as said in the white paper.

I searched in this group for related issues but didn't find
anything
similar to my problem.
I put also the ntdetect.com file in the root directory.

What could be wrong ? I think I might use a bad NTLDR file ?
(Mine is
214016 bytes long).

Thanks for being so active on this group Slobodan Brcin \(eMVP\).
Y. Blue

PS: Where do you think I am in the booting process ?

(NTLDR
?)

1. You never mentioned location of your code. Did you
reallocate it
away from segment 7c00?

My code is initially at location 07c00h, so I effectively
reallocate the
last part (which copy from/to highmem then jump to

07c00h)
at

01000h
before running it.

I did not understand this answer:
Did you reallocate your code at 0100h:0000h address

before
you

switched to protected mode? You should do that.
Also don't go so low in memory you should better stick little
lower than 7c00h 512 bytes lower.
Also you need to initialize stack at the beginning of

your
code

for your internal use not for use by startrom it should
do it
by
itself when you transfer control to it.

4. You never mentioned mechanism that you use to

load
data

in memory
above 1MB.

I use protected mode to copy data in high memory. I've read
how you do it
with int vector, but I already had code to do it in
protected mode.

I used protected mode very long time ago when I was

very
young

and was writing my simple OS. (Before the days of Windows
95).
I hope that you know what you are doing (or trust code you
have) and that you switch correctly back and forth between
protected
and
real mode.


6. You must ensure that you are NOT IN PROTECTED MODE.

Also
you

must restore all segments/selectors you used so they have
64K
limits
etc.
Only after you make sure that you left in perfect order (Like
that you never gone to protected mode) only then you should
jump
to
7c00h. (Otherwise what can happen is unpredictable)

Make sure that you do things right in step 6.

I would like to know if I'm stucked in the

startrom.com
part,

the
NTLDR one or the PART one.

This is tough one to detect.

Does NTLDR display something before booting the system ?

I can't remember it was a while ago.

Best regards,
Slobodan


Hi Yann,

1. You never mentioned location of your code. Did you
reallocate it
away from segment 7c00?

My code is initially at location 07c00h, so I effectively
reallocate the
last part (which copy from/to highmem then jump to

07c00h)
at

01000h
before running it.

2. You can find my working code for custom SDI boot

in
this

NG.

The code I found from you boot from a CD, mine use PXE to
download the SDI image, it is however very usefull,

thanks
for

that.

3. I can't remember but I think that I'm using addresses
above 4MB.
0400000h. Two MB is too close to beginning of mem.

I changed my code to use 0400000h but the result is

the
same.

4. You never mentioned mechanism that you use to

load
data

in memory
above 1MB.

I use protected mode to copy data in high memory. I've read
how you do it
with int vector, but I already had code to do it in
protected mode.

5. Make sure that your image is working fine after adding
BOOT and
LOAD blobs. Change offset address of PART in boot.ini.

My image is working fine with BOOT and LOAD blobs, I just
changed the
offset to 28672 (07000h) as advised by you.

6. Make sure that you are in real mode before doing the
final jump.

I am in protected mode, but I don't know if I do enough: I
re-enable
interrupts then put esp and ss as said previously, is it
sufficient ?

I would like to know if I'm stucked in the

startrom.com
part,

the
NTLDR one or the PART one. Does NTLDR display

something
before

booting the
system ?

Thanks a lot for you help

Y. Blue


Regards,
Slobodan



For specific needs, I have to make my own bootloader to
boot a SDI
image.
I used the white paper "RAM Boot Using SDI in

Windows
XP

Embedded with
Service Pack 1" from Saad Syed.

Everything seems to work correctly until jumping to 07c00h
adress to
run startrom.com, at this point, the system hangs

with
the

following
text:

Press F12 for network service boot.


Details:

Remote
Boot

procedure
(download of startrom.n12, download of sdi image, progress
bar,
booting...). I add the BOOT and LOAD parts as

suggested
in

the white
paper. At last, I pack it. When I run sdimgr on the final
image, I get
the following result:

Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights
reserved.

SDI File Manager version 1.00.621
Copyright (C) 1999-2001 Microsoft Corp. All Rights
Reserved.

SDI File : C:\image.sdi
MDB Type : ---
Boot Code Offset : 0x00000000.00001000
Boot Code Size : 0x00000000.00005EC2
Vendor ID : 0x0000 (0)
Device ID : 0x0000 (0)
Device Model :
{00000000-0000-0000-0000-000000000000}
Device Role : 0
Runtime GUID :
{00000000-0000-0000-0000-000000000000}
Runtime OEM Rev : 0
Page Alignment : 1 (4096 bytes)

Type Offset Size Base Address
Attr

---- ------------------- ------------------- -------------------
----------
BOOT 0x00000000.00001000 0x00000000.00005EC2
0x00000000.00000000
0x00000000
PART 0x00000000.00007000 0x00000000.0F324000
0x00000000.00000007
0x00000000
LOAD 0x00000000.0F32B000 0x00000000.00034400
0x00000000.00000000
0x00000000

My bootloader downloads this sdi image in high memory
(above 0200000h
as suggested somewhere in this forum because of NTLDR
cloberring),
then I copy the boot code (from offset 01000h and

size
of

05EC2h) at
07c00h.

In real mode, before jumping to 07c00h, I prepare

esp
and

ss:
mov ax,30
mov ss,ax
mov esp,0100h

I put the SDI header address in edx and jump to

07c00h,
but

the system
is not loading, instead, the system hangs with the text
'Press F12 for
network service boot.". There is a cursor on the following
line.
(Pressing F12 does nothing).

Does someone have an idea what I made wrong ? I

really
need

this to
work but can't find the issue.

P.S:
- If I use reboot.com instead of startrom.com, the system
unload pxe
and reboots normally.
- The initial sdi image (before adding BOOT and

LOAD
PART)

works fine
with the same system and classic Remote Boot.
- I get the same result if I put a false SDI

address in
edx

before
jumping to 07c00h, so I don't think startrom.com

comes
to

this point ?

Thanks in advance for your help.

Y. Blue