I ran the ROM BIOS of a Zenith 286 through an x86 disassembler and I got the following instruction at the reset vector (FFF0)
FFF0: JMP 0C252h
Looking at location 0xC252 in the code there is a "disable interrupts" command, a "output 0 to port 80h" (post code port) etc, so I assume that is the true start of the BIOS.
All looks normal, until you look at the raw byes in the input file to the disassembler:
FFF0: E95F C200 0000
We can tell from the logic analyzer that the these 6 bytes are loaded from the ROM at startup (actually reads rom addresses 7FF8, 7FF9, and 7FFA, because it's two 8-bits roms with hi and low bytes)
After some thought, and research on opcode E9 (JMP relative, 16 or 32bit) I am going to ass/u/me the following:
- FFF0 is the correct RESET vector and processing starts here
- C252 IS the correct target for the JMP command
- The reason the command appears to say "JMP C25F" is because it is a "relative jump from the address of the next instruction"
--- At FFF0 the JMP XXXXh is a 16-bit relative jump a 3-byte command. The next command would be at FFF3
--- Adding FFF3 to C25F gives 1C252, and being a 16-bit address it ignores the "1".
--- It is simply a coincidence that C25F and C252 are very similar numbers
Am I following this correctly, or am I making an obvious simple mistake anywhere in this thought pattern?
FFF0: JMP 0C252h
Looking at location 0xC252 in the code there is a "disable interrupts" command, a "output 0 to port 80h" (post code port) etc, so I assume that is the true start of the BIOS.
All looks normal, until you look at the raw byes in the input file to the disassembler:
FFF0: E95F C200 0000
We can tell from the logic analyzer that the these 6 bytes are loaded from the ROM at startup (actually reads rom addresses 7FF8, 7FF9, and 7FFA, because it's two 8-bits roms with hi and low bytes)
After some thought, and research on opcode E9 (JMP relative, 16 or 32bit) I am going to ass/u/me the following:
- FFF0 is the correct RESET vector and processing starts here
- C252 IS the correct target for the JMP command
- The reason the command appears to say "JMP C25F" is because it is a "relative jump from the address of the next instruction"
--- At FFF0 the JMP XXXXh is a 16-bit relative jump a 3-byte command. The next command would be at FFF3
--- Adding FFF3 to C25F gives 1C252, and being a 16-bit address it ignores the "1".
--- It is simply a coincidence that C25F and C252 are very similar numbers
Am I following this correctly, or am I making an obvious simple mistake anywhere in this thought pattern?