Before analyzing the MBR structure, let's take a look at the computer's boot sequence)
Step 1. Enable and initialize the internal power supply, and wait for a short period of time to generate a stable current. If the motherboard chip and CPU receive an invalid current, a reset signal is automatically generated. Repeat Step 1 before the motherboard receives the power good signal from the power supply.
Step 2. ExecuteCode. There is only one JMP command, which will jump to the real BIOS bootProgram.
Step 3. the BIOS starts power-on self test and post. If an error occurs, start and stop. If successful, run int 19 h (system-bootstrap loader)
Step 4. the BIOS starts searching for the video card. If it is found, the BIOS of the video card will be executed. Then the video card initialization will display a piece of video card information, and the first screen we see at startup will be it.
Step 5. the BIOS starts to execute the BIOS of all other devices, including software drives and hard disks.
Step 6. BIOS display startup information
Step 7. Start additional BIOS detection. Generally, there is a memory check. If there is a memory problem, an error message is displayed.
Step 8. the BIOS detects all hardware, such as hard disk/Optical area information.
Step 9. BIOS provides a list of known hardware
Step 10. the BIOS finds the drive according to the set drive sequence. If the drive exists, it continues to find the boot sector. The Boot Sector of the soft drive/hard drive is in the 0-column, 0-header, 1-sector (cylinder 0, head 0, sector 1)
Step 11. Read the Boot Sector to the memory at 0000: 7c00, and run the code at 0000: 7c00 at int H.
Step 12. If the drive cannot be found, the system displays the error message and stops. Usually "No boot device" or "No Rom basic-system halted"
The above is the cold start process. The hot start starts from Step 8.
The Boot Sector of the disk is the Master Boot Record, which contains 512 bytes of the zero-column, zero-header, and one-sector data. Its task is to complete the BIOS-to-operating system handover.
MBR structure:
Offset content
0000 MBR program code
01be Partition Table
End mark of 01fe
Partition Table Structure
Byte
1. If it is a boot partition, it is 80 h. If not, it is 00 H.
2-4 is the start fan ID of the partition.
5 Mark bytes. For example, 05 indicates extended partitions.
6-8 ending fan ID of the partition
9-12 Number of slice used by the partition
13-16 the total number of sectors occupied by the partition
This is the MBR extracted from my hard disk (the hard disk is a golden drill of 20 GB for maxtor, And the netfay computer is outdated: P). Different Hard Disk MBR models are slightly different, however, the functions are the same.
0000 33 C0 8e D0 BC 00 7C FB-50 07 50 1f FC be 1B 7C 3 ...... |. P. P... |
0010 BF 1B 06 50 57 B9 E5 01-f3 A4 CB be 07 B1 04 ...... PW ...........
0020 38 2C 7C 09 75 15 83 C6-10 E2 F5 CD 18 8B 14 8B 8, |. U ...........
0030 EE 83 C6 10 49 74 16 38-2c 74 F6 be 10 07 4E ac... it.8, t... n.
0040 3C 00 74 fa BB 07 00 B4-0E CD 10 EB F2 89 46 25 <. t ...... F %
0050 96 8A 46 04 B4 06 3C 0e-74 11 B4 0b 3C 0C 74 05. F... <. T... <. T.
0060 3A C4 75 2B 40 C6 46 25-06 75 24 bb AA 55 50 B4:. U + @. F %. U $... up.
0070 41 CD 13 58 72 16 81 FB-55 AA 75 10 F6 C1 01 74 A... XR... u... t
0080 0b 8A E0 88 56 24 C7 06-a1 06 EB 1E 88 66 04 BF ...... v $ ..
0090 0a 00 B8 01 02 8B DC 33-c9 83 ff 05 7f 03 8B 4E ...... 3 ...... n
00a0 25 03 4E 02 CD 13 72 29-be 59 07 81 3E Fe 7d 55%. N... r). Y...>.} u
00b0 AA 74 5A 83 EF 05 7f DA-85 F6 75 83 be 2E 07 EB. TZ .....
00c0 8A 98 91 52 99 03 46 08-13 56 0a E8 12 00 5A EB... r... F... V... z.
00d0 D5 4f 74 E4 33 C0 CD 13-eb B8 00 00 80 08 10 16. ot.3 ...........
00e0 56 33 F6 56 52 50 06-53 51 be 10 00 56 8B F4 v3.vvrp. SQ ..
00f0 50 52 B8 00 42 8A 56 24-CD 13 5A 58 8d 64 10 72 PR .. B. V $ .. ZX. D. r
0100 0a 40 75 01 42 80 C7 02-e2 F7 F8 5E C3 EB 74 B7. @ U. B ...... ^. T.
0110 D6 C7 F8 B1 ed ce de D0-A7 A1 A3 B0 B2 D7 B0 B3 ................
0120 CC D0 F2 ce de B7 A8 BC-CC D0 F8 A1 A3 00 BC D3 ................
0130 D4 D8 B2 D9 D7 F7 CF B5-CD B3 ca B1 B3 F6 CF D6 ................
0140 B4 ed ce F3 A1 A3 B0 B2-D7 B0 B3 CC D0 F2 ce de ................
0150 B7 A8 bc cc D0 F8 A1 A3-00 C8 B1 C9 D9 B2 D9 D7 ................
0160 F7 CF B5 CD B3 00 00 00 00 00 00 00 00 00 00 ................
0170 00 00 00 00 00 00 00 00-00 00 00 00 00 00 ................
0180 00 00 00 8B FC 1E 57 8b-f5 CB 00 00 00 00 00 00 ...... W .........
0190 00 00 00 00 00 00 00 00-00 00 00 00 00 00 ................
01a0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 ................
01b0 00 00 00 00 2C 44 63-b5 D7 B5 D7 00 00 80 01 ......, DC ........
01c0 01 00 0b Fe 7f FD 3f 00-00 00 3f 04 7d 00 00 00 ......?...?.}...
01d0 41 Fe 0C Fe FF 7E 04-7d 00 7d 9B E5 01 00 00 .....~.}.}.....
01e0 00 00 00 00 00 00 00-00 00 00 00 00 00 00 ................
01f0 00 00 00 00 00 00 00 00-00 00 00 00 00 55 AA.
Since the program code starts from 0000: 7c00, The Decompilation result (modified) is shown below)
7c00 33c0 XOR ax, ax; AX = 0
7c02 8ed0 mov SS, ax; SS = 0
7c04 bc007c mov sp, 7c00; SP = 7c00
7c07 fb sti; interrupt allowed
7c08 50 PUSH AX
7c09 07 pop es; es = 0
7c0a 50 PUSH AX
7c0b 1f pop Ds; DS = 0
7c0c fc cld; string operation direction: from low to high
7c0d be1b7c mov Si, 7c1b; Source Address DS: SI = 0000: 7c1b
7c10 bf1b06 mov Di, 061b; Destination Address: Es: di = 0000: 061b
7c13 50 PUSH AX
7c14 57 push di
7c15 b9e501 mov CX, 01e5; Total 1e5h bytes
7c6 F3 repz
0000 A4 movsb; move MBR from 0000: 7c00 to 0600:
7c1a CB retf; jump to 0000: 061b
Partition_search_loop:
061b bebe07 mov Si, 07be; Si points to the beginning of the Partition Table
061e b104 mov Cl, 04; four cycles, hard drive up to four primary partitions
0620 382c CMP [Si], CH
0622 7c09 JL active_partition_found
Partitions are active partitions.
0624 7515 jnz invalid_partition_table
; Invalid Partition Table
0626 83c610 Add Si, + 10; each partition occupies 16 bytes, AND Si points to the next Partition
0629 e2f5 loop partition_search_loop
062b CD18 int 18; Partition Table search complete, no active partition, int 18 h = diskless boot hook
Active_partiton_found:
062d 8b14 mov dx, [Si]; The following search ensures that only one active partition exists; otherwise, the partition table is invalid.
062f 8bee mov bp, Si; the pilot partition mark and start address are saved to DX, bp respectively.
Only_one_active_partiton_search_loop:
0631 83c610 Add Si, + 10
0634 49 dec CX
0635 7416 JZ good_partition_table; after the search is completed, no active partitions exist in the remaining partitions, And the partition table is normal.
0637 382c CMP [Si], CH
0639 74f6 JZ only_one_active_partiton_search_loop
Invalid_partition_table:
063b be1007 mov Si, 0710; Si points to the error message to be displayed
Hang_machine_loop:
063e 4E dec Si
Display_error_message_loop:
063f AC lodsb
0640 3c00 CMP Al, 00
0642 74fa JZ hang_machine_loop
When the end of the string is reached, an endless loop is entered to stop running.
0644 bb0700 mov BX, 0007
0647 b40e mov ah, 0e
0649 CD10 int 10; error message displayed
Display_error_message_loop_alias:
064b ebf2 JMP display_error_message_loop
Good_partition_table:
064d 894625 mov [bp + 25], ax
; Tmpvar = reset at BP + 25 as a temporary variable
0650 96 xchg Si, ax; SI = 0
0651 8a4604 mov Al, [bp + 04]
; Read partition type into Al
0654 b406 mov ah, 06
0656 3c0e CMP Al, 0e; Type Win95: DOS 16-bit fat, LBA-mapped
0658 7411 JZ type_win95_dos_16bit_fat_lba
065a b40b mov ah, 0b
065c 3c0c CMP Al, 0C; Type Win95 osr2 32-bit fat, LBA-mapped
065e 7405 JZ type_win95_osr2_32bit_fat_lba
0660 3ac4 CMP Al, Ah; Type Win95 osr2 32-bit fat
0662 752b jnz type_default
0664 40 Inc ax; AX = 0b0c
Type_win95_osr2_32bit_fat_lba:
0665 c6462506 mov byte PTR [bp + 25], 06
; Tmpvar = 06
0669 7524 jnz type_default
; There is a problem here. Should this transfer be true?
Type_win95_dos_16bit_fat_lba:
066b bbaa55 mov BX, 55aa
066e 50 PUSH AX
066f b441 mov ah, 41
0671 CD13 INT 13; INT 13 H extended feature detection, IBM/ms int 13 extensions-Installation check
0673 58 pop ax
0674 7216 JB int13h_extension_unsupported
; Cf = 1-the INT 13 H Extension function is not supported
0676 81fb55aa cmp bx, aa55; BX is not aa55-INT 13 H extension not supported
067a 7510 jnz int13h_extension_unsupported
067c f6c101 test Cl, 01; CL is not 1-the INT 13 H Extension function is not supported
067f 740b JZ int13h_extension_unsupported
0681 8ae0 mov ah, Al; Ah = 0e
0683 885624 mov [bp + 24], DL
; Tmpvar = DL, pilot partition flag
0686 c706a450eb1e mov word PTR [06a1], 1eeb
; Change the command at 06a1 to push ds; JMP new_location_1
Int13h_extension_unsupported:
068c 886604 mov [bp + 04], ah
If yes, set the partition type to 0e (type: Win95: DOS 16-bit fat, LBA-mapped)
Otherwise, the value is 06 (type dos 3.31 + 16-bit fat over 32 m)
Type_default:
068f bf0a00 mov Di, 000a
Read_sector_loop:
0692 b80102 mov ax, 0201
0695 8bdc mov BX, SP; BX is set to 7c00
0697 33c9 xor cx, CX; Cx = 0
0699 83ff05 CMP Di, + 05
069c 7f03 JG new_location_0
069e 8b4e25 mov CX, [bp + 25]
New_location_0:
06a1 034e02 add CX, [bp + 02]
06a4 CD13 INT 13; read the starting sector of the active partition to 0000: 7c00
New_location_1:
06a6 7229 JB read_sector_error
; Cf = 1-Error
06a8 be5907 mov Si, 0759
06ab 813efe7d55aa CMP word PTR [7dfe], aa55
; Is the slice end flag correct?
06b1 745a JZ read_sector_succeeded
; Correct
06b3 83ef05 sub Di, + 05; DI = DI-5
06b6 7fda JG read_sector_loop
06b8 85f6 test si, si
06ba 7583 jnz display_error_message_loop:
; Error message displayed: the operating system is missing
06bc be2e07 mov Si, 072e
06bf eb8a JMP display_error_message_loop_alias
; Error message: An error occurred while loading the operating system.
070d eb74 JMP continue_koad_ OS
0783 8bfc mov Di, SP
; DI = 7c00
0785 1E PUSH DS
0786 57 push di
0787 8bf5 mov Si, BP
0789 CB retf; go to run the statement at 0000: 7c00, that is, the operating system boot program