VisualC ++ information security programming (3) inline assembly for backup and recovery in the master boot Area

The first sector of the hard disk is retained as the primary Boot Sector, which is located in the zero track, zero cylinder, and one sector of the entire hard disk, including the Hard Disk Master Boot Record MBR (Main Boot Record) and Partition Table DPT (Disk Partition Table ). The primary Boot Record is used to check whether the partition table is correct and determine which partition is the boot partition, and start the program (that is, the operating system boot sector) of the partition at the end of the program) transfer to memory for execution. As for the partition table, many people know that the start mark is 80 h or H, and the end mark is 55aah, Which is 64 bytes in total and is located at the end of the local slice.

 

= Hard Disk Master Boot Record (MBR) + Hard Disk Partition Table (DPT)

Fdisk is used for hard disk partitioning. It belongs to the entire hard disk instead of an independent DOS partition. It is a necessary condition for proper boot and use of the hard disk.

Physical location: 0 cylindrical 0 head 1 Sector (cylinder 0, head 0, Sector 1)

System sectors: 0c-0h-2s, 0c-0h-63s, 62 sectors in total

Size: 512 bytes

Among them: MBR 446 bytes (BD), DPT 64 bytes (01be--01fd), ending mark 2 bytes (55 aa)

Function: MBR directs the system to DBR by checking the DPT partition information.

Details: (debug-A: mov ax, 0201 mov BX, 0200 mov CX, 0001 mov dx, 0080 INT 13)

000h--08ah MBR Startup Program (search for boot partition)

08bh--0d9h MBR startup string

0dah--1bch ("0 ")

1beh--1fdh Hard Disk Partition Table

1feh--1ffh end sign (55aa)

 

 

 

C ++ inline assembly

Insert _ ASM {} in the C ++ code.

The backup in the master boot area is as follows:

Data Segment D2 dB 'a: \ Boot. dat ', 00 hdata endscode segment assume Cs: code, DS: data, ES: datastart: mov ax, data mov ds, ax mov es, ax movah, 09 h movdx, offset D1 int21h; display string D1 movax, 0201 H movbx, 0700 H movcx, 0001 H movdx, 0080 H int13h; read MBR zone to memory movcx, 0020 H movdx, offset D2 movah, 3ch int21h; Create File A: \ Boot. dat moval, 01 H movdx, offset D2 movah, 3DH int21h; open the file a: \ Boot. dat (used for writing) movbx, ax movdx, 0700 H movcx, 0200 H movah, 40 h int21h; write the MBR in the memory into the file mov ah, 4ch int 21 h; exit program code ends end start

 

The recovery from the Master Boot area is as follows:

Data Segment D2 DB "!!! Warning !!! ", 0dh, 0ah DB" this program is only used to back up the mbr1.exe program in the master boot Zone A: \ Boot. the DAT file (the file must be "DB" in the root directory of disk A) is restored to the Master Boot area of the local hard disk. Otherwise, the hard disk partition will be lost and you will not be warned. The consequences are at your own risk! "DB" are you sure you want to execute it? (Y/n) ", 0dh, 0ah," {1} quot; D3 DB "A: \ Boot. dat file not found! ", 0dh, 0ah," {1} quot; D4 DB "A: \ Boot. dat ", 00 h Data endscode segment assume Cs: code, DS: data, ES: datastart: mov ax, data mov ds, ax mov es, ax movah, 09 h movdx, offset D1 int21h; display string D1 movah, 00 h int16h; wait for the user to press any key to continue movah, 07 h moval, 00 h movbh, 0a4h movcx, 0000 h movdx, 184fh int10h; set the display mode (background green, foreground red) movah, 09 h movdx, offset D2 int21h; display string D2 (because this program has a certain risk, so the warning must be conspicuous) read_keyboard: movah, 00 h int16h oral, 20 h cmpal, 79 H jzwrite; if it is Y/y, it will jump to the cmpal, 6eh jzexit In the MBR area; if it is n/n, jump to the exit location jmpread_keyboard; if it is another key, re-read the key Exit: movah, 07 h moval, 00 h movbh, 07 h movcx, 0000 h movdx, 184fh int10h; clear screen movah, 4ch int21h; exit program write: movah, 3DH movdx, offset D4; moval, 00 h int21h; open a: \ Boot. dat jberror pushax movah, 3fh movdx, 7000 H movcx, 0200 H popbx int21h; convert a: \ Boot. dat reads movah, 03 h moval, 01 H movbx, 7000 H movcx, 0001 H movdx, 0080 H int13h; writes jmpexit to the hard disk MBR; jumps to the exit program with error: movah, 09 h movdx, offset D3; error message int21h movah, 4ch int21h; exit program code endsend start