Adressing in Real Mode in x86

Posted on April 14, 2015

I am planning to write a bunch of posts about memory and x86 architecture and virtualization. This is the first post among hopefully many which will deep dive into the x86 architecture.

In this post I will cover about the real mode which is the default mode that x86 runs in when it boots up. This was the default mode before intel introduced paging in the 80286. In real mode, all registers are 16 bits and the processor can adress upto 20-bits of address space giving \( 2^{20} -1 \approx 1M \) addressable bytes. Although it should be possible to address all 4G of memory (16 bit segment and 16 bit offset), the hardare at the time had only 20 address pins hence they were restricted to a 20-bit address in real mode. All the addresses are directly mapped to physical memory with no protection. Accessing memory beyond the 1M limit causes a wraparound which some ill-thinking developers used as a feature.

These 20-bit address are accessed using a combination of segment address and offset (logical address). To get a physical address, the 16-bit segement address is sifted left 4 bits and a 16-bit offset is added to it making a total of 20-bit address.

Let us look at a sample instruction and see how it works in real mode.


mov ax, [080h]

The above instruction copies the value present at the logical address 0x80 to the ax register.

Segment addressing

The figure above shoes how the final physical address is calculated. If no register is given, the DS register is chosen as the segment register which decides which 64k segment we are working with. The value in the DS is multiplied by 16 and added to the immidiate value 0x80 which is the offset in the segment, to get the final physicial address. If DS contained 0x100 then the physical address will be

$$ 0\mathtt{X}100*4 + 0\mathtt{X}80 = 0\mathtt{X}480 $$

High Memory Area

Now there is a corner case if you set the segement selector to 0xFFFF you can start accessing memory from 16 bytes below the 1M limit and go beyond 1M upto (64 - 16) 48 bytes. In the segment:offset FFFF:0000 to FFFF:FFFF This is the high memory area. In older processors, this would wrap around as they only had 20 address lines and this is a 21 bit address but you could access the high memory in newer models. To maintain backward compatibility with the older real mode, the wraparound was emulated and was controlled by setting the A20 line.