Hi again! Excuse a beginner!
Can anybody give me a pointer on how to find, understand and acess the Master Boot Record.
I want to have the choice either boot XP, or jump to a place where I can have my own minimalistic OS, based only on BIOS-functions.
How should I proceed to accomplish this?
Kindest regards,
Lasse
Hi laskar01,
you should use a boot manager like grub to start different operating systems. That would be my advice.
Gunther
Thank you Gunther, but I want to learn to do this by hand. I want to acess the MBR by myself. Is it a too big bite for a beginner? :icon_confused:
Hi Lasse,
QuoteIs it a too big bite for a beginner? :icon_confused:
That might be. Playing with the MBR can lead not only to a complete data loss, but also to serious hardware damage. You should know, what is the purpose of every entry. For a good overview, you should have a look into the grub sources. Such things are really complicated.
Gunther
I doubt that recent versions of Windows would allow an app to do anything with the MBR other than read it.
Lasse,
It sound like from the questions you have been asking that your real interest is in OS development or at least a bootable disk where you write the startup code yourself to get he computer going. Trying to do this on any late model Windows box is more or less impossible but writing boot disk code is something that various members have done here and know something about.
Now what you can learn doing this type of stuff is booting in real mode, switching to protected mode and accessing any hardware you like, its just that you will not succeed trying to do this type of stuff in a protected mode operating system that specifically excludes hardware access by design.
Now if you can find yourself an old box to play with you can experiment with this style of low level stuff without having to try and digest the sheer complexity of a 32 bit or 64 bit protected mode OS.
it would appear that it can be done - programs like MbrWizard do it
i imagine there is a myriad of IOCTL and access/permissions stuff to wade through
Quote from: laskar01 on July 11, 2012, 06:38:23 AM
Hi again! Excuse a beginner!
Can anybody give me a pointer on how to find, understand and acess the Master Boot Record.
I want to have the choice either boot XP, or jump to a place where I can have my own minimalistic OS, based only on BIOS-functions.
How should I proceed to accomplish this?
Add another older hard drive, use F12 to boot to it.
The ONLY reason to have a MBR access is to co-exist with M$. AND the possibility of ruining your existing M$ drive, due to your learning process. Not to mention, the lost of your development files.
If you MUST do this, use canned MBR software, the risk to your existing partition is not worth it.
Go from scratch, you learn more. Or go with a boot loader off of floppy to start yourself off, instead of F12. Start out like DOS did.
F12 technique will let you boot from USB drive and you will have more space to develop on.
Building on top of M$, is not a "minimalistic OS".
Please excuse me, but I just got over an encrypting File System virus using the MBR.
Regards, P1 8)
Hi laskar01,
You can check the grub4dos project. With this boot manager, you can boot Windows, Linux or another OS.
You can make a back up of your Boot Sector, with Diskedit.exe an Old Dos Norton Utility (NU) , If something goes wrong u can Boot ur system with a DOS bootable disk and restore ur Boot Sector .
MbrWizard is good for making and restoring backups of the MBR
You can access any drive and read any sector in normal use.
Here is a simple mbr backup, no error checking, run as administrator
include \masm32\include\masm32rt.inc
.data
volume db '\\.\PhysicalDrive0',0
fname db 'mbr.bin',0
.data?
buffer db 512 dup (?)
.code
start: invoke CreateFile,offset volume,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,0,0
mov esi,eax
invoke CreateFile,offset fname,GENERIC_WRITE,0,0,CREATE_ALWAYS,0,0
mov edi,eax
push eax
mov eax,esp
invoke ReadFile,esi,offset buffer,512,eax,0
mov eax,esp
invoke WriteFile,edi,offset buffer,512,eax,0
pop edx
finish: invoke ExitProcess,0
end start
In combination with some ioctl calls you can read an entire disk sector by sector.
For a quick and dirty cloner, this will do the job.
Haven't tested this by writing sectors, for obvious reasons...
Hi laskar01,
Here is a simple application to backup the MBR. Source code is included.
Thank you all for your kind help. :t
I have an old Win98 computer at my old father! I'll start with dusting off old knowledge about booting from a 1.44MB disc, then I'll install MASM on it to run the code's you´ve supplied me with and I'll also look up grub4dos :biggrin:
/Lasse
Hi,
In the 16-bit DOS Programming subforum there
were some code to boot from floppies. Search the
old forum.
For boot managers, look at Grub and AirBoot.
The newsgroup alt.os.development has some
discussion of boot code. Look for some threads
by Mike Gonta there. There is some good discussion
of using the BIOS by him as well.
Regards,
Steve N.
Thanks Steve I'll look it up.
Got the Win98 computer up and running, unfortunately no 1.4MB disqette yet. have to raid the cellar...
Switched to the code uploaded by Vortex, edited the output with adresses and read Wikipedia on MBR.
Structure of a master boot record
Address Description Size in bytes
Hex Oct Dec
0000 0000 0 code area 440
(max. 446)
01B8 0670 440 disk signature (optional) 4
01BC 0674 444 Usually nulls; 0x0000 2
01BE 0676 446 Table of primary partitions
(Four 16-byte entries, IBM partition table scheme) 64
01FE 0776 510 55h MBR signature 2
01FF 0777 511 AAh
MBR, total size: 446 + 64 + 2 = 512
Here is the dump can somebody decode the first two or three bytes?
; File C:\Documents and Settings\laskar01\Skrivbord\ReadMBR11\master_boot_record_file.ext opened at 512 bytes
00 db 033h,0C0h,08Eh,0D0h,0BCh,000h,07Ch,08Eh,0C0h,08Eh,0D8h,0BEh,000h,07Ch,0BFh,000h
10 db 006h,0B9h,000h,002h,0FCh,0F3h,0A4h,050h,068h,01Ch,006h,0CBh,0FBh,0B9h,004h,000h
20 db 0BDh,0BEh,007h,080h,07Eh,000h,000h,07Ch,00Bh,00Fh,085h,00Eh,001h,083h,0C5h,010h
30 db 0E2h,0F1h,0CDh,018h,088h,056h,000h,055h,0C6h,046h,011h,005h,0C6h,046h,010h,000h
40 db 0B4h,041h,0BBh,0AAh,055h,0CDh,013h,05Dh,072h,00Fh,081h,0FBh,055h,0AAh,075h,009h
50 db 0F7h,0C1h,001h,000h,074h,003h,0FEh,046h,010h,066h,060h,080h,07Eh,010h,000h,074h
60 db 026h,066h,068h,000h,000h,000h,000h,066h,0FFh,076h,008h,068h,000h,000h,068h,000h
70 db 07Ch,068h,001h,000h,068h,010h,000h,0B4h,042h,08Ah,056h,000h,08Bh,0F4h,0CDh,013h
80 db 09Fh,083h,0C4h,010h,09Eh,0EBh,014h,0B8h,001h,002h,0BBh,000h,07Ch,08Ah,056h,000h
90 db 08Ah,076h,001h,08Ah,04Eh,002h,08Ah,06Eh,003h,0CDh,013h,066h,061h,073h,01Ch,0FEh
A0 db 04Eh,011h,075h,00Ch,080h,07Eh,000h,080h,00Fh,084h,08Ah,000h,0B2h,080h,0EBh,084h
B0 db 055h,032h,0E4h,08Ah,056h,000h,0CDh,013h,05Dh,0EBh,09Eh,081h,03Eh,0FEh,07Dh,055h
C0 db 0AAh,075h,06Eh,0FFh,076h,000h,0E8h,08Dh,000h,075h,017h,0FAh,0B0h,0D1h,0E6h,064h
D0 db 0E8h,083h,000h,0B0h,0DFh,0E6h,060h,0E8h,07Ch,000h,0B0h,0FFh,0E6h,064h,0E8h,075h
E0 db 000h,0FBh,0B8h,000h,0BBh,0CDh,01Ah,066h,023h,0C0h,075h,03Bh,066h,081h,0FBh,054h
F0 db 043h,050h,041h,075h,032h,081h,0F9h,002h,001h,072h,02Ch,066h,068h,007h,0BBh,000h
100db 000h,066h,068h,000h,002h,000h,000h,066h,068h,008h,000h,000h,000h,066h,053h,066h
110db 053h,066h,055h,066h,068h,000h,000h,000h,000h,066h,068h,000h,07Ch,000h,000h,066h
120db 061h,068h,000h,000h,007h,0CDh,01Ah,05Ah,032h,0F6h,0EAh,000h,07Ch,000h,000h,0CDh
130db 018h,0A0h,0B7h,007h,0EBh,008h,0A0h,0B6h,007h,0EBh,003h,0A0h,0B5h,007h,032h,0E4h
140db 005h,000h,007h,08Bh,0F0h,0ACh,03Ch,000h,074h,009h,0BBh,007h,000h,0B4h,00Eh,0CDh
150db 010h,0EBh,0F2h,0F4h,0EBh,0FDh,02Bh,0C9h,0E4h,064h,0EBh,000h,024h,002h,0E0h,0F8h
160db 024h,002h,0C3h,049h,06Eh,076h,061h,06Ch,069h,064h,020h,070h,061h,072h,074h,069h
170db 074h,069h,06Fh,06Eh,020h,074h,061h,062h,06Ch,065h,000h,045h,072h,072h,06Fh,072h
180db 020h,06Ch,06Fh,061h,064h,069h,06Eh,067h,020h,06Fh,070h,065h,072h,061h,074h,069h
190db 06Eh,067h,020h,073h,079h,073h,074h,065h,06Dh,000h,04Dh,069h,073h,073h,069h,06Eh
1A0db 067h,020h,06Fh,070h,065h,072h,061h,074h,069h,06Eh,067h,020h,073h,079h,073h,074h
1B0db 065h,06Dh,000h,000h,000h,063h,07Bh,09Ah,036h,067h,036h,067h,000h,000h,080h,020h
1C0db 021h,000h,007h,0FEh,0FFh,0FFh,000h,008h,000h,000h,000h,068h,0FCh,006h,000h,000h
1D0db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
1E0db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
1F0db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,055h,0AAh
Kindest regards,
Lasse
Hi laskar01,
Starman's site is a very good source to study MBR :
http://thestarman.pcministry.com
A nice study :
An Examination of the Windows 2000 ( NT5.0 ) and Windows XP ( NT5.1 ) MBR ( Master Boot Record )
http://thestarman.pcministry.com/asm/mbr/Win2kmbr.htm
QuoteThe first 300 bytes (000h through 12Bh) of this 512-byte sector are executable code and the next 80 bytes (12Ch through 17Bh) contain error messages. The last 66 bytes of the sector contain the 64-byte Partition Table (1BEh through 1FDh); data in the Table area will depend upon the size, structure and file systems on each hard disk. The sector ends with the Word-sized signature ID of AA55h (often called the sector's Magic number); on PCs using an Intel (or x86 compatible) CPU, hex Words are stored with the Low-byte first and the High-byte last.
Hi all
Very nice tutorial Vortex.
Ran XVI32 and saw that
from 163h to 179h I have "Invalid partition table"
from 17Bh to 198fh "Error loading operating system"
from 19Ah to 1B1h "Missing operating system"
A slight difference from the author's thats start at 12Ch to17Bh.
It seems that I have code from 0h to 162h. That is 353 bytes of code, a some work to disassemble nothing else...
I'll start right off!
/Lasse
0000:7C00 33C0 XOR AX,AX
0000:7C02 8ED0 MOV SS,AX
0000:7C04 BC007C MOV SP,7C00
0000:7C07 8EC0 MOV ES,AX
0000:7C09 8ED8 MOV DS,AX
0000:7C0B BE007C MOV SI,7C00
0000:7C0E BF0006 MOV DI,0600
0000:7C11 B90002 MOV CX,0200
0000:7C14 FC CLD
0000:7C15 F3A4 REPZ MOVSB
Holy! dedndave! :dazzled:
Which tool did you use for that!?!
lol
open a console window and type in "debug" :biggrin:
once you get the '-' prompt, type '?' for a list of commands
i am not too fond of that particular boot sector
it doesn't seem to follow ms format very well
i might add...
the easiest way to multi-boot is to modify the boot.ini files on each partition you want to boot from :t
http://support.microsoft.com/kb/289022 (http://support.microsoft.com/kb/289022)
There is no boot.ini in Windows 7.
Ryan is right. Dedndave, Your link points to an article with the headline: How to edit the Boot.ini file in Windows XP.
Gunther
Vista and 7 use bcdedit.
http://www.sevenforums.com/tutorials/2676-bcdedit-how-use.html
Hi again, Debug seemed to difficult, I found IDA that did a disassemble and also supplied comments :icon14:
(Mine starts with '--')
Need to understand this below now! :badgrin:
seg000:0000 ; Format : Binary file
seg000:0000 ; Base Address: 0000h Range: 0000h - 0200h Loaded length: 0200h
seg000:0000
seg000:0000 .686p
seg000:0000 .mmx
seg000:0000 .model flat
seg000:0000
seg000:0000 ; -----------------------
seg000:0000
seg000:0000 ; Segment type: Pure code
seg000:0000 seg000 segment byte public 'CODE' use16
seg000:0000 assume cs:seg000
seg000:0000 assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
seg000:0000 xor ax, ax -- Clear ax
seg000:0002 mov ss, ax -- Clear ss
seg000:0004 mov sp, 7C00h -- Set stackpointer to 7C00h
seg000:0007 mov es, ax -- Clear es
seg000:0009 mov ds, ax -- Clear ds
seg000:000B mov si, 7C00h -- Load general purpose register si with immediate 7C00h =SOURCE
seg000:000E mov di, 600h -- Load general purpose register di with immediate 600h = TARGET
seg000:0011 mov cx, 200h -- Load counter cx with 200h= 512
seg000:0014 cld -- Clear direction flag will string instructions will increment (E)SI and (E)DI
seg000:0015 rep movsb -- Repeat while cx>0
--Until here 512 bytes are copied from adress 7C00h to 600h.
seg000:0017 push ax
seg000:0018 push 61Ch
seg000:001B retf --pops the stack first into (E)IP, and then into CS : IP=61Ch, CS=Ax=0
--Holy! IP=Instruction pointer. Execution starts at 61Ch now!
--This is the code of the active partition according to
-- http://thestarman.pcministry.com/asm/mbr/Win2kmbr.htm#CHS
seg000:001C ;
--My guess is that we are here because we didn't load the OS, and must do some sort of trouble shooting.
seg000:001C sti --Set interrupt enables maskable interrupt
seg000:001D mov cx, 4 --Sets counter register to 4, becasue partitiontable is 4*16=64 Bytes
seg000:0020 mov bp, 7BEh --Sets basepointer to 7BEh. This is at the beginning of the partition table of the copied MBR
--that is 600h+1BEh
seg000:0023
seg000:0023 loc_23:
seg000:0023 cmp byte ptr [bp+0], 0 --Compare the byte at adress bp+0 with zero. Valid partition table should start with 80h
seg000:0027 jl short loc_34 --Jump to shortloc_34 if the byte was negative
seg000:0029 jnz loc_13B --Jump to loc_13B if the byte was positive. Print out "Invalid partiton table", without further do.
seg000:002D add bp, 10h --The byte is zero, add 10h to the basepointer, the next entry in the partition-
--table.
seg000:0030 loop loc_23
seg000:0032 int 18h ; TRANSFER TO ROM BASIC
seg000:0032 ; causes transfer to ROM-based BASIC (IBM-PC)
seg000:0032 ; often reboots a compatible; often has no effect at all
seg000:0034
seg000:0034 loc_34:
--here because of the byte at bp+0 is less than zero from seg000:0027
-- Or becasue we had an error and jumped from seg000:00AE jmp short loc_34.
-- We read sectors from drive with error at seg000:007E int 13h , and for some reason
--we didn't want to jump to reset disks at seg000:00A2 or jump to loc_136 from seg000:00AC
seg000:0034
seg000:0034 mov [bp+0], dl --What is the value of the low byte of DX???
--Must have been filled in INT 18h, but if we came here from
--seg000:0027. If it is a repair it must be 80h.
seg000:0037 push bp
seg000:0038 mov byte ptr [bp+11h], 5 --5 is put at adress bp+11h. heads = 5
-- This is position +1 from the base of the second entry of the partitiontable
seg000:003C mov byte ptr [bp+10h], 0 -- 0 is put at adress bp+10h, base adress of the seond entry of the partitiontable
-- 0 in the 0:th place means, non-bootable partition.
seg000:0040
seg000:0040 loc_40:
--here because of the byte at bp+0 is less than zero and continuing from just above
seg000:0040 mov ah, 41h ; 'A'
seg000:0042 mov bx, 55AAh -- AA55h is always the last word on a master boot record. A signature.The so called "magic
-- number".
seg000:0045 int 13h -- http://en.wikipedia.org/wiki/INT_13H#INT_13h_AH.3D41h:_Check_Extensions_Present
seg000:0047 pop bp
seg000:0048 jb short loc_59 -- Jump if carry is set i.e. "not present",
seg000:004A cmp bx, 0AA55h -- We didn't jump result was "present" Compare Bx
--to the standard result of the above interrupt?
seg000:004A
seg000:004E jnz short loc_59 --The standard test didn't show OK, the interrupt didn't go well.
--Is the interpretation correct?
seg000:0050 test cx, 1 --implied and of cx with 1 (1=Device Access using the packet structure)
seg000:0054 jz short loc_59 --jump to short loc_59 if result of implied AND is 0.
seg000:0056 inc byte ptr [bp+10h] -- if ( cx==1) -> inc the byte in bp+10h
--(maybe bp+10h=7BEh+10=7CF, was 0, now =1, would make the partition entry
-- invalid)
seg000:0059
seg000:0059 loc_59:
--Here because the "standard test" after INT 13h, at seg000:004A cmp bx, 0AA55h above didn't return OK
seg000:0059
seg000:0059 pushad --Push all 32-bit registers
seg000:005B cmp byte ptr [bp+10h], 0 --0 is a valid number at the second entry of the partition table.
seg000:005F jz short loc_87
seg000:005F
seg000:0061 push large 0 --what is large?
seg000:0067 push large dword ptr [bp+8] -- Offset 8 in a partitiontable entry contains the
seg000:0067 --LBA of first absolut sector in the partition
seg000:006B push 0
seg000:006E push 7C00h
seg000:0071 push 1
seg000:0074 push 10h
seg000:0077 mov ah, 42h ; 'B'
seg000:0079 mov dl, [bp+0] --See
seg000:007C mov si, sp -- http://en.wikipedia.org/wiki/INT_13H#INT_13h_AH.3D42h:_Extended_Read_Sectors_From_Drive
seg000:007E int 13h ; DISK
seg000:0080 lahf --Load AH from flags
seg000:0081 add sp, 10h --Make place for local variables
seg000:0084 sahf --Restore flags from AH
seg000:0085 jmp short loc_9B
seg000:0087 ; --------
seg000:0087
seg000:0087 loc_87:
--Here because of instr. at seg000:005B cmp byte ptr [bp+10h], 0
seg000:0087 mov ax, 201h --We are doing the work of BIOS after POST, BIos read the content of (C,H,S)
seg000:008A mov bx, 7C00h -- = (0,0,1) to adress 0000:7C00h
seg000:008D mov dl, [bp+0]
seg000:0090 mov dh, [bp+1]
seg000:0093 mov cl, [bp+2]
seg000:0096 mov ch, [bp+3] -- http://en.wikipedia.org/wiki/INT_13H#INT_13h_AH.3D02h:_Read_Sectors_From_Drive
seg000:0099 int 13h ; DISK - READ SECTORS INTO MEMORY
seg000:0099 ; AL = number of sectors to read, CH = track, CL = sector
seg000:0099 ; DH = head, DL = drive, ES:BX -> buffer to fill
seg000:0099 ; Return: CF set on error, AH = status, AL = number of sectors read
seg000:009B
seg000:009B loc_9B:
seg000:009B popad --EDI=10h;ESI=?;EBP=?;ESP=?;EBX=?;EDX=?;ECX=?;EAX=?;
seg000:009D jnb short loc_BB --Same as JAE Jump if CF=0, that is no error
seg000:009F dec byte ptr [bp+11h] --No jump, we have an error, decrement byte at location [bp+11h]
seg000:00A2 jnz short loc_B0 --Jump below to reset discs
seg000:00A4 cmp byte ptr [bp+0], 80h ; 'Ç'
seg000:00A8 jz loc_136 -- Jump to loc_136 if byte at bp+0 was 80h. Valid partition table entry.
seg000:00AC mov dl, 80h ; 'Ç'
seg000:00AE jmp short loc_34
seg000:00B0 ; ---------------------------
seg000:00B0
seg000:00B0 loc_B0:
seg000:00B0 push bp
seg000:00B1 xor ah, ah
seg000:00B3 mov dl, [bp+0] -- http://en.wikipedia.org/wiki/INT_13H#INT_13h_AH.3D00h:_Reset_Disk_Drive
seg000:00B6 int 13h ; DISK - RESET DISK SYSTEM
seg000:00B6 ; DL = drive (if bit 7 is set both hard disks and floppy disks reset)
seg000:00B8 pop bp
seg000:00B9 jmp short loc_59
seg000:00BB ; --------------------
seg000:00BB
seg000:00BB loc_BB:
seg000:00BB cmp word ptr ds:7DFEh, 0AA55h --Check if the copied MBR contains the "magic number" at the end
seg000:00C1 jnz short loc_131 --Missing go to print out "Missing operating system"
seg000:00C3 push word ptr [bp+0]
seg000:00C6 call sub_156
seg000:00C9 jnz short loc_E2
seg000:00CB cli
seg000:00CC mov al, 0D1h ; 'Ð'
seg000:00CE out 64h, al ; AT Keyboard controller 8042. --Flashing of the Keyboard Leds?
seg000:00D0 call sub_156
seg000:00D3 mov al, 0DFh ; '¯'
seg000:00D5 out 60h, al ; AT Keyboard controller 8042. --Flashing of the Keyboard Leds?
seg000:00D7 call sub_156
seg000:00DA mov al, 0FFh
seg000:00DC out 64h, al ; AT Keyboard controller 8042.
seg000:00DC ; Reset the keyboard and start internal diagnostics
seg000:00DE call sub_156
seg000:00E1 sti
seg000:00E2
seg000:00E2 loc_E2:
seg000:00E2 mov ax, 0BB00h
seg000:00E5 int 1Ah -- http://maven.smith.edu/~thiebaut/ArtOfAssembly/CH13/CH13-3.html#HEADING3-193
seg000:00E7 and eax, eax
seg000:00EA jnz short loc_127
seg000:00EC cmp ebx, 41504354h
seg000:00F3 jnz short loc_127
seg000:00F5 cmp cx, 102h
seg000:00F9 jb short loc_127
seg000:00FB push large 0BB07h
seg000:0101 push large 200h
seg000:0107 push large 8
seg000:010D push ebx
seg000:010F push ebx
seg000:0111 push ebp
seg000:0113 push large 0
seg000:0119 push large 7C00h
seg000:011F popad
seg000:0121 push 0
seg000:0124 pop es
seg000:0125 int 1Ah
seg000:0127
seg000:0127 loc_127:
seg000:0127
seg000:0127 pop dx
seg000:0128 xor dh, dh
seg000:012A jmp far ptr 0:7C00h
seg000:012F ; -----------------------
seg000:012F int 18h ; TRANSFER TO ROM BASIC
seg000:012F ; causes transfer to ROM-based BASIC (IBM-PC)
seg000:012F ; often reboots a compatible; often has no effect at all
seg000:0131
seg000:0131 loc_131:
seg000:0131 mov al, ds:7B7h --600+1B7, 1B7 is the pointer to the third message
seg000:0134 jmp short loc_13E --"Missing operating system"
seg000:0136 ; --------------------
seg000:0136
seg000:0136 loc_136:
--We returned with an error when reading sectors at seg000:0099
--We didn't reset discs going from seg000:00A2 jnz short loc_B0 Jump below to reset dics
--And then because of evaluation at seg000:00A4 cmp byte ptr [bp+0], 80h ;
seg000:0136 mov al, ds:7B6h --600+1B6, 1B6 is the pointer to the second message
seg000:0139 jmp short loc_13E --"Error loading operating system"
seg000:013B ; ----------------------
seg000:013B
seg000:013B loc_13B:
--Here because of the byte at bp+0 was positive. Should always be 80h.
seg000:013B mov al, ds:7B5h --600+1B5, 1B5 is pointer to first message
seg000:013E --"Invalid partition table"
seg000:013E loc_13E:
--Here inderectly because of {seg000:00A4 cmp byte ptr [bp+0], 80h} and then from {seg000:0139 jmp short loc_13E}
seg000:013E
seg000:013E xor ah, ah
seg000:0140 add ax, 700h
seg000:0143 mov si, ax
seg000:0145
seg000:0145 loc_145:
seg000:0145 lodsb
seg000:0146 cmp al, 0 --The errormessagestring is terminated with zero
seg000:0148 jz short loc_153
seg000:014A mov bx, 7
seg000:014D mov ah, 0Eh
seg000:014F int 10h ; - VIDEO - WRITE CHARACTER AND ADVANCE CURSOR (TTY WRITE)
seg000:014F ; AL = character, BH = display page (alpha modes)
seg000:014F ; BL = foreground color (graphics modes)
--Prints out a character at the time
seg000:0151 jmp short loc_145
seg000:0153 ; ----------------------
seg000:0153
seg000:0153 loc_153:
seg000:0153 ; seg000:0154j
seg000:0153 hlt
seg000:0154 jmp short loc_153 --Do nothing after the errormessage is printed.
seg000:0156
seg000:0156 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
seg000:0156
seg000:0156
seg000:0156 sub_156 proc near ; CODE XREF: seg000:00C6p
seg000:0156 ; seg000:00D0p ...
seg000:0156 sub cx, cx
seg000:0158
seg000:0158 loc_158: ; CODE XREF: sub_156+8j
seg000:0158 in al, 64h ; AT Keyboard controller 8042.
seg000:015A jmp short $+2
seg000:015C and al, 2
seg000:015E loopne loc_158
seg000:0160 and al, 2
seg000:0162 retn
seg000:0162 sub_156 endp
seg000:0162
seg000:0162 ; ----------------------------
seg000:0163 aInvalidPartiti db 'Invalid partition table',0
seg000:017B aErrorLoadingOp db 'Error loading operating system',0
seg000:019A aMissingOperati db 'Missing operating system',0
seg000:01B3 db 2 dup(0), 63h, 7Bh, 9Ah, 36h, 67h, 36h, 67h, 2 dup(0)
seg000:01B3 db 80h, 20h, 21h, 0, 7, 0FEh, 2 dup(0FFh), 0, 8, 3 dup(0)
seg000:01B3 db 68h, 0FCh, 6, 30h dup(0), 55h, 0AAh
seg000:01B3 seg000 ends
seg000:01B3
seg000:01B3
seg000:01B3 end
You can also change the default operating system and time delay once the options are set by going through System (via Control Panel or Computer->Properties), then Advanced system settings->Advanced tab->Startup and Recovery group->Settings button.
QuoteVista and 7 use bcdedit.
well - i got you close :P
Hi again all !
:( Forgive that I am taking up so much space, but my believe was that somebody would find the decoding interesting :icon_rolleyes: , and that I guessed that I would need help.
Feeling sorry though for occupying so many bits on the server :icon_redface:
I've decoded a couple of instructions but now I am stuck on INT 18h and the content of the low byte of DX.
I downloaded Ralf Brown's interrupt list, but I dont know how to read it. It doesn't seem to be what I need... :icon_confused:
I need to read the code at that interrupt vector. How? :shock:
Could you people help?
INT 18h is really really old stuff - lol
on old computers (mainly the IBM XT), it would boot up BASIC-in-ROM
these machines had BASIC resident in EPROMS :P
if you had no boot disk (or a faulty one), it would come up with BASIC
on really old computers (mainly the IBM PC), it would boot from a cassette :shock:
it used an audio port with a connector similar to the keyboard connector
cassettes were terribly slow - you could boot up today - and come back tomorrow
INT 18h had no parameters for those machines - so the contents of BX didn't matter
some early third-party manufacturers used the interrupt for things like keyboards or sound cards
it may be used for something entirely different on modern machines - like accessing data in the RTC memory - i don't know - there are other functions for that
INT 19h reboots the system and also has no parameters
ok - this is from a more recent Phoenix AT-class BIOS document...
Quote1.1.2.1.9 INT 18h, Boot Fault Routine
After POST initializes the system, it calls INT 19h to boot the operating system from the appropriate device. If the INT 19h service fails to load the operating system, then the BIOS (or the operating system boot record) executes an INT 18h instruction, so that the ROM BIOS can regain control and perform an alternate function. By default, EMBEDDED BIOS initializes the INT 18h function to a routine that prints "No boot device available.", and prompts to enter the debugger or SETUP system, or reboot the system. At any point prior to the boot process, user-written code, such as code in ROM BIOS Extensions, can "hook" the INT 18h interrupt vector and gain control in this situation, thereby replacing the default handler in the BIOS. In the original PC, INT 18h jumped to a separate ROM that contained ROM BASIC. The embedded system developer might use this mechanism to execute application code from ROM in the event of a boot device failure.
Hi y'all!
I need a little help on how EDI, ESI,EBP,ESP,EBX,EDX, ECX and EAX is filled from these instructions.
seg000:0061 push large 0 //what is large?
seg000:0067 push large dword ptr [bp+8] ; DATA XREF: seg000:00E5r
seg000:0067 ; seg000:0125r
seg000:006B push 0
seg000:006E push 7C00h
seg000:0071 push 1
seg000:0074 push 10h
then
seg000:009B popad
Kindest regards,
Lasse
The PUSHAD instruction pushes the registers in the following order:
eax,ecx,edx,ebx,esp,ebp,esi,edi (esi is pushed as its value at the start of the process)
The POPAD instruction pops them off of the stack such that the registers are restored to their state at the time of the PUSHAD (just reverses the process).
Dave.
...PUSHAD stores the contents of ESP (what it was before the PUSHAD instruction)
POPAD does not alter the ESP register
Dave,
You are absolutely correct, as usual.
Dave.
lol
nahhhhh
i just happened to have previously made the same mistake :lol:
Dave,
The esi for the PUSHAD was a typo, the POPAD was an omission.
I did this off of the top of my head - I have not yet put my data on this laptop so I cannot yet get to my AMD specs.
If you are interested in a long sad story, I will make up a text description of my "challenges" in updating my systems and PM you, otherwise I will save my energy for the real work to complete my task.
I'll be off-line for a while, see you in a bit.
Dave.
here's a little trick...
mov edi,sizeof ICONMETRICS
pushad
bang - you made a structure on the stack with the size filled in :biggrin:
Quotebang - you made a structure on the stack with the size filled in :biggrin:
Good trick. I hope that I can remember, if I need some day this technique.
Gunther
Hi y'all and thank you for all help you've given me! :t
Could you prooofread my comments that I've added to the code? :icon_redface:
I still don't know how the rest of the code works after the copying of the 512 bytes from 7C00h to 600h and starting of execution from 612h.
My guess is that it is troubleshootingcode and the system through tests with the help of in13, makes it choose between the three error mesages.
Here is a part of my MBR
(http://C:%5Cnamnl%C3%B6s.jpg)
(http://C:%5Cnamnl%C3%B6s.zip)
The grey part is the three error strings, the yellow part is the adresses to the three strings, the blue is a partition table(?)
//Correction the blue number 036h,067h,036h,067h a signature, where the second and fourth byte is always the same.
according to
http://thestarman.pcministry.com/asm/mbr/Win2kmbr.htm#CHS
and the green is a number all MBR have at the end
Quote from: laskar01 on July 14, 2012, 12:36:15 AM
I still don't know how the rest of the code works after the copying of the 512 bytes from 7C00h to 600h and starting of execution from 612h.
My guess is that it is troubleshootingcode and the system through tests with the help of in13, makes it choose between the three error mesages.
well - hopefully, the error messages are not needed, right ? :P
when the computer boots up, the BIOS code reads the boot sector into memory and executes it
it is 512 bytes - not a lot of room for advanced code
the task of the boot sector code is to load a more advanced piece of code into memory and execute it
this process varies from OS to OS
some OS's may read 1 sector in and execute it
some may locate a series of sectors and read them
in DOS, the bootloader had to be the first thing in the data area of the disk
and it had to be in contiguous sectors
that way, the code that loaded it did not have to find it or chain sectors together to load it
i think modern ones read several sectors in and execute
now - the code has some room for more advanced code
like code that is complex enough to locate files on an NTFS drive and load/execute
Hi people!
I think I understand ca 70% of the code in the MBR-record know. The key to understand the troubleshooting part is to know the structure of the partitiontable http://en.wikipedia.org/wiki/Master_boot_record
Almost all troubleshooting is done checking offset 0, of the four 16 byte partitiontable-sections.
Should be 80h or 00h. 80 means bootable, 00 is not bootable but is a valid number for offset 0.
If anything else than 0 or 80h at offset 0, immediately the code redirects to output the message "invalid partition table".
The reason we enter a loop that runs maximum 4 times at the beginning of the troubleshooting part is that we are doing an analysis of
of the 4 partitiontable sections.
There is something that bothers me...
1. This MBR is supposed to start at adress 0000:0000.
According to http://thestarman.pcministry.com/asm/mbr/STDMBR.htm#F2
Bios copies this MBR to 0000:7C00 after Power on reset. Where is the code executed if the code itself has a part where it copies
itself to 0000:0600. Can it execute the code that it is copying at the same time?
2. Can I dump 512 bytes from location 0000:7C00? The code that I received on this thread
Dumps memory through this primitive, I believe "szFileName db '\\.\PhysicalDrive0',0", Can I modify this code for the purpose?
Greatful for your patience :t
Kindes regards,
Lasse
You can check syslinux code for this purpose. On the 16-bit mode, you can access the disk function using Interupt. I believe reading and writing to the MBR is an easy task, but making it work as you want is the difficult task. You will need to understand how the Disk File System work and it is complicated.
Laskar1...in repsonse to your question about whether it can execute code it is copying at the same time:
once the bios passes control to the loaded boot sector at 0000:7C00 the "boot code" starts to execute...in 16-bit REAL MODE. The memory contents are not "protected" meaning you can read/write to any locations. So, once the "code" copies itself to address 0000:0600 it then "restarts/continues" execution at whatever "offset" it designated. The original code that was loaded by the BIOS is essentially "inactive" at that time and can even be "reclaimed" by the copy running at the 0000:0600 location.
Does this help explain anything to you? I am a new to not only assembler but boot loader code so I have been doing alot of research. This is my understanding of how the "copy and transfer of control" code works. Can any experienced coders confirm this for me? :biggrin:
The old fashioned way was to use the dos debug tool to look at the MBR. the MBR is the first 1024 bytes or so in the hard drive...wait that is the boot sector.. meh I guess I don't know.