Master Guide record (MBR) Information Analysis and Acquisition

Some time ago, when installing the black apple, I found a problem. When the computer is started, it will find the activation partition. If it cannot be found, it will not start up.

Could you write a small program to read the MBR information, replace the activation partition with other ones, and make some pranks? So I had this article reading the MBR information, but I didn't write it, so I didn't dare to try it.

Through hands-on learning, we have a better understanding of Hard Disk MBR information.

1. Information and Analysis of my hard drive Master Boot Record

80 01 01 00 07 Fe FF 3f 00 00 00 0d F0 BF 03 (primary partition)
Offset 00h---80 --- activation flag --- indicates bootable
Offset 01h---01 --- indicates the head number starting with the partition is 1.
Offset 02h---01 --- convert to the binary format and the value is 8 bits. The value 0-5 indicates the start sector ID of the partition. Here, the value is 1.
6-7 digits at the offset of 03h---00---02h and all 8 digits at the 03h h, 10 digits in total, forming the starting column number --- here 0
Offset 04h---07 --- indicates the file system type NTFS.
The offset 05h---fe --- is converted to decimal 254, indicating that the end of the partition is 254 head.
Offset 06h---ff --- convert to binary 1111 1111,0-5 digits (3f), 63 in decimal format --- end sector number of the partition is 63.
The offset 07h---ff --- 6-7 digits 10 of 06h are combined into 3ff, that is, 1023 in decimal format --- the ending column number of the partition is 1023.
Offset 08 h, 09 h, 0ah, 0bh---3f 00 00 00 --- start partition 63
The offset 0ch, 0dh, 0eh, 0fh---0d F0 BF 03 --- is the total number of sectors in the partition 3bff00d, and is converted to 62910477 in decimal format.
00 Fe FF 05 Fe FF 4C F0 BF 03 75 E6 82 21 (extended partition)
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 (unavailable)
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 (unavailable)
55 AA (ending position of MBR)
From the above we can see that the MBR partition structure can only recognize up to four main partitions, but why can we divide the MBR into more than four disks on our computer?
This is because generally a computer is a primary partition, an extended partition, and a separate logical partition in the extended partition (the extended partition can have multiple logical partitions)

2. Code for obtaining relevant information (run as administrator in win7)

// Modified based on http://www.cnblogs.com/onepc/archive/2011/12/01/2270468.html. // Thank you! // 2012.10.10 # include <iostream> # include <windows. h> using namespace STD; # pragma pack (1) // byte alignment typedef struct _ partition_entry // Partition Table Structure {uchar active; // status (whether activated) Important uchar starthead; // ushort startseccyli, the start head of the partition, And the start slice are obtained in the 63 phase. If you shift the start slice by 6 digits to the right, the ar partitiontype is used. // The uchar endhead is important for the partition type; // ushort endseccyli, the end head of the partition, and the end slice in the 63 phase. If you shift the end Slice 6 to the right, the end cylinder ulong startlba is obtained; // The starting Logical Address of the slice (relative to the fan area code). Important ulong t Otalsector; // partition size important} partition_entry, * ppartition_entry; // The typedef struct _ mbr_sector {uchar bootcode [440]; // the startup record is 440 byte ulong disksignature; // disk signature ushort nonedisk; // two-byte partition_entry partition [4]; // Partition Table Structure 64 byte ushort signature; // end mark 2 byte 55 AA} mbr_sector, * pmbr_sector; # pragma pack () int main () {tchar szdevicename [64] = {0}; mbr_sector _ readmbr; wsprintf (szdevicename, l "\\\\. \ physi Caldrive0 "); handle hdevice = createfile (szdevicename, generic_read | generic_write, file_0000_read | file_0000_write, null, open_existing, 0, null); If (hdevice = invalid_handle_value) {cout <"An error occurred while enabling the device" <Endl; Return-1 ;}memset (& _ readmbr, 0, sizeof (mbr_sector); DWORD Leng = 512; DWORD count; deviceiocontrol (hdevice, fsctl_lock_volume, null, 0, null, 0, & count, null); uchar SZ [512] = {0}; // readfile (hdevice, SZ, 512, & Leng, null); bool Bcheck = readfile (hdevice, & _ readmbr, 512, & Leng, null); memcpy (SZ, & _ readmbr, 512); For (INT I = 0; I <66; I ++) {printf ("% 02x", SZ [446 + I]); If (I + 1) % 16 = 0) printf ("\ n");} printf ("\ n"); If (bcheck = false & Leng <512) {cout <"An error occurred while reading MBR! "<Endl; deviceiocontrol (hdevice, fsctl_unlock_volume, null, 0, null, 0, & count, null); closehandle (hdevice); Return-1 ;} char * sztemp = new char [64]; for (INT I = 0; I <4; I ++) {If (_ readmbr. partition [I]. partitiontype = 0) {continue;} memset (sztemp, 0, 64); If (_ readmbr. partition [I]. active = 128) {cout <"Activate partition" <Endl;} elsecout <"inactive partition" <Endl; memset (sztemp ); sprintf (sztemp, "activation partition flag: % 02x", _ readmbr. partition [I]. active); cout <sztemp <Endl; memset (sztemp,); sprintf (sztemp, "Start partition head: % d", _ readmbr. partition [I]. starthead); cout <sztemp <Endl; memset (sztemp, 0, 64); int temp = _ readmbr. partition [I]. startseccyli; sprintf (sztemp, "partition start fan ID: % d", temp & 63); // 63 convert to binary 111111, and perform & operation, take only 6 lower-bit cout <sztemp <Endl; memset (sztemp,); sprintf (sztemp, "shard start column number: % d", temp> 6 ); // take the high 10-bit cout <sztemp <Endl; memset (sztemp,); sprintf (sztemp, "partition file type identifier: % 02d", _ readmbr. partition [I]. partitiontype); cout <sztemp <Endl; memset (sztemp,); sprintf (sztemp, "partition end head: % d", _ readmbr. partition [I]. endhead); cout <sztemp <Endl; memset (sztemp, 0, 64); temp = _ readmbr. partition [I]. endseccyli; sprintf (sztemp, "partition end fan ID: % d", temp & 63); cout <sztemp <Endl; memset (sztemp,); sprintf (sztemp, "partition end column No.: % d", temp> 6); cout <sztemp <Endl; memset (sztemp,); sprintf (sztemp, "partition start phase: % d", _ readmbr. partition [I]. startlba); cout <sztemp <Endl; memset (sztemp,); sprintf (sztemp, "Total number of partitions: % d", _ readmbr. partition [I]. totalsector); cout <sztemp <Endl;} deviceiocontrol (hdevice, fsctl_unlock_volume, null, 0, null, 0, & count, null); closehandle (hdevice ); system ("pause"); Return 0 ;}