reset后的第一条指令

问题提出： 开机后第一条指令是在实模式，real address mode. 可是第一条指令是在FFFFFFF0处抓到的。那么问题来了，实模式可访问的地址窨是1M 。FFFFFFF0 是远远大于1M的，那Intel 是怎么做到的呢？

首先把ia 32 architectures software developer manual翻开到 9.1.4

The first instruction that is fetched and executed following a hardware reset is located at physical address FFFFFFF0H. This address is 16 bytes below the processor's uppermost physical address. The EPROM containing the software initialization code must be located at this address.

The address FFFFFFF0H is beyond the 1-MByte addressable range of the processor while in real-address mode. The processor is initialized to this starting address as follows. The CS register has two parts: the visible segment selector part and the hidden base address part. In real-address mode, the base address is normally formed by shifting the 16-bit segment selector value 4 bits to the left to produce a 20-bit base address. However, during a hardware reset, the segment selector is the CS register is loaded with F000H and the base address is loaded with FFFF0H, The starting address is thus formed by adding the base address to the value in the EIP register (that is, FFFF0000 + FFF0H = FFFFFFF0H).

The first time the CS register is loaded with a new value after a hardware reset, the processor will follow the normal rule for address translation in real-address mode(that is, [CS base address = CS segment selector * 16]), To insure that the base address in the CS register remains unchanged until the EPROM based software-initializaiton code is completed, the code must not contain a far jump or far call or allow an interrupt to occur(which would cause the CS selector value to be changed).

没啥花头，原来啊，CS有两部分，一部是visible , 一部分hidden. 刚开机那会就往hdden部分填了一些值。