保护模式下写变量有关问题

保护模式下写变量问题
现在在学习写内核 

一写变量就出现内核错误呀 怎么搞的？ 
我把内核放到了0x80000处 
链接内核用的是ld 
-N -s --oformat binary -e _start -Ttext 0x80000 

我知道这也许是保护模式下定位变量的问题 
但我用的是C语言怎么会这样？ 


kernel.asm 
[section .text] 
[bits 32] 
global _start 
extern init 

_start: 
  mov ax,cs 
  mov ds,ax 
  mov es,ax 
  mov fs,ax  
  jmp init 

init.c 
void init() 
{ 
  qwe=1; <----------------运行到这里就出现堆栈错误 
  while(1) 
  ; 
} 
堆栈没有问题 已经检查了 
用bochs调试结果： 


D:\Program Files\Bochs-2.3.pre3\tinix> D:\Progra~1\Bochs-2.3.pre3\bochsdbg.exe -q -f bochsrc.bxrc 
00000000000i[APIC?] local apic in initializing 
======================================================================== 
  Bochs x86 Emulator 2.3.pre3 
  Build from CVS snapshot on August 6, 2006 
======================================================================== 
00000000000i[ ] reading configuration from bochsrc.bxrc 
00000000000i[ ] installing win32 module as the Bochs GUI 
00000000000i[ ] using log file bochsout.txt 
Next at t=0 
(0) [0xfffffff0] f000:fff0 (unk. ctxt): jmp far f000:e05b ; ea5be000f0 
<bochs:1> pb 0x80000 
<bochs:2> c 
(0) Breakpoint 1, 0x00080000 in ?? () 
Next at t=1796393 
(0) [0x00080000] 0030:00080000 (unk. ctxt): mov ax, cs ; 668cc8 
<bochs:3> s 
Next at t=1796394 
(0) [0x00080003] 0030:00080003 (unk. ctxt): mov ds, ax ; 8ed8 
<bochs:4> 
Next at t=1796395 
(0) [0x00080005] 0030:00080005 (unk. ctxt): mov es, ax ; 8ec0 
<bochs:5> 
Next at t=1796396 
(0) [0x00080007] 0030:00080007 (unk. ctxt): mov fs, ax ; 8ee0 
<bochs:6> 
Next at t=1796397 
(0) [0x00080009] 0030:00080009 (unk. ctxt): jmp .+0x00000046 (0x00080054) ; e946000000 
<bochs:7> 
Next at t=1796398 
(0) [0x00080054] 0030:00080054 (unk. ctxt): push ebp ; 55 
<bochs:8> 
Next at t=1796399 
(0) [0x00080055] 0030:00080055 (unk. ctxt): mov ebp, esp ; 89e5 
<bochs:9> 
Next at t=1796400 
(0) [0x00080057] 0030:00080057 (unk. ctxt): sub esp, 0x00000008 ; 83ec08 
<bochs:10> 
Next at t=1796401 
(0) [0x0008005a] 0030:0008005a (unk. ctxt): mov dword ptr ds:0x80080, 0x0000004e ; c705800008004e000000 
<bochs:11> print-stack 
Stack address size 4 
  ¦ STACK 0x000003f3 [0x00ff53f0] 
  ¦ STACK 0x000003f7 [0x00ff53f0] 
  ¦ STACK 0x000003fb [0x00ff53f0] 
  ¦ STACK 0x000003ff [0x0003f8f0] 
  ¦ STACK 0x00000403 [0x00000000] 
  ¦ STACK 0x00000407 [0x00037800] 
  ¦ STACK 0x0000040b [0xc0000000] 

  ¦ STACK 0x0000040f [0x0042279f] 
  ¦ STACK 0x00000413 [0x0000027f] 
  ¦ STACK 0x00000417 [0x1e000000] 
  ¦ STACK 0x0000041b [0x00001e00] 
  ¦ STACK 0x0000041f [0x00000000] 
  ¦ STACK 0x00000423 [0x00000000] 
  ¦ STACK 0x00000427 [0x00000000] 
  ¦ STACK 0x0000042b [0x00000000] 
  ¦ STACK 0x0000042f [0x00000000] 
<bochs:12> s 
Next at t=1796401 
(0) [0x0008005a] 0030:8005a (unk. ctxt): mov dword ptr ds:0x80080, 0x0000004e ; c705800008004e000000 
<bochs:13> print-stack 
Stack address size 2 
  ¦ STACK 0x0000 [0xff53] 
  ¦ STACK 0x0002 [0xf000] 
  ¦ STACK 0x0004 [0xff53] 
  ¦ STACK 0x0006 [0xf000] 
  ¦ STACK 0x0008 [0xff53] 
  ¦ STACK 0x000a [0xf000] 
  ¦ STACK 0x000c [0xff53] 
  ¦ STACK 0x000e [0xf000] 
  ¦ STACK 0x0010 [0xff53] 
  ¦ STACK 0x0012 [0xf000] 
  ¦ STACK 0x0014 [0xff53] 
  ¦ STACK 0x0016 [0xf000] 
  ¦ STACK 0x0018 [0xff53] 
  ¦ STACK 0x001a [0xf000] 
  ¦ STACK 0x001c [0xff53] 
  ¦ STACK 0x001e [0xf000] 
<bochs:14> 


这个是对kernel.bin反汇编后的文件： 


00000000 668CC8 mov ax,cs 
00000003 8ED8 mov ds,ax 
00000005 8EC0 mov es,ax 
00000007 8EE0 mov fs,ax 
00000009 E946000000 jmp 0x54 

0000000E 90 nop 
0000000F 90 nop 

00000010 56 push esi 
00000011 57 push edi 
00000012 8B74240C mov esi,[esp+0xc] 
00000016 8B3D80000800 mov edi,[0x80080] 
0000001C AC lodsb 
0000001D 84C0 test al,al 
0000001F 742A jz 0x4b 
00000021 3C0A cmp al,0xa 
00000023 7518 jnz 0x3d 
00000025 50 push eax 
00000026 53 push ebx 
00000027 89F8 mov eax,edi 
00000029 B3A0 mov bl,0xa0 
0000002B F6F3 div bl 
0000002D 25FF000000 and eax,0xff 
00000032 40 inc eax 
00000033 B3A0 mov bl,0xa0 
00000035 F6E3 mul bl 
00000037 89C7 mov edi,eax 
00000039 5B pop ebx 
0000003A 58 pop eax 
0000003B EBDF jmp short 0x1c 
0000003D B40F mov ah,0xf 
0000003F 65668907 mov [gs:edi],ax 
00000043 81C702000000 add edi,0x2 
00000049 EBD1 jmp short 0x1c 

0000004B 893D80000800 mov [0x80080],edi 
00000051 5F pop edi 
00000052 5E pop esi 
00000053 C3 ret 


00000054 55 push ebp 
00000055 89E5 mov ebp,esp 
00000057 83EC08 sub esp,byte +0x8 
0000005A C705800008004E00 mov dword [0x80080],0x4e-0000 
00000064 83EC0C sub esp,byte +0xc 
00000067 6878000800 push dword 0x80078 
0000006C E89FFFFFFF call 0x10 
00000071 83C410 add esp,byte +0x10 
00000074 EBFE jmp short 0x74 
00000076 90 nop 
00000077 90 nop 
00000078 4B dec ebx 
00000079 4B dec ebx 
0000007A 4B dec ebx 
0000007B 4B dec ebx 
0000007C 4B dec ebx 
0000007D 4B dec ebx 
0000007E 0A00 or al,[eax] 


qwe是我测试用的一个全局变量 定义在别的文件中 在init.c中已经extern了 

bochs调试那里 mov后堆栈变为2byte 


[解决办法]
兄弟，你的实模式部分的代码呢？？？X86一启动是进入的实模式，转换到保护模式的代码呢？MMU那部分代码呢？
还有就是你对BSS段的赋初值相关的代码呢？栈指针指向的空间那段代码呢？