《IA-32 Intel Architecture Software Developer 's Manual》:
In realaddress mode, the base address is normally formed by shifting the 16-bit segment selector value 4 bits to the left to produce a 20-bit base address. However, during a hardware reset, the segment selector in the CS register
is loaded with F000H and the base address is loaded with FFFF0000H. The starting address is thus formed by adding the base address to the value in the EIP register (that is, FFFF0000 + FFF0H = FFFFFFF0H).
CPU强行把CS的影子寄存器的base(descriptor的bit16 ~ bit38 + bit56 ~ bit63)设置成FFFF0000h,IP设置成FFF0h(eip = 0000FFF0h)。
在实模式下,cs的影子寄存器会被如此设置:base = cs << 4; limit = FFFFh。p,dpl,s,type,g,d/b等位根据是cs/ds/es/fs/gs 来设置(除了cs外其余段寄存器的base全部是0)。
这样可以在16位段上使用32位偏移来工作,于是CS的影子寄存器的base 成了FFFF0000h之后,就可以寻址32位地址(big real mode),可以理解成一开机系统处于一种奇怪的保护模式之下。
