?? the boot sector.html
字號:
<html>
<head>
<title>The Boot Sector</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#000000" text="#ffffff" link="#ffffff" vlink="#ffffff">
<div align="center">
<table width="680" border="0" cellspacing="2" cellpadding="2" align="center">
<tr>
<td width="693">
<pre>
::::::::: :::::::: ::::::::: ::::::::::
:+: :+: :+: :+: :+: :+: :+:
+:+ +:+ +:+ +:+ +:+ +:+
+#++:++#+ +#++:++#++ +#++:++#: :#::+::#
+#+ +#+ +#+ +#+ +#+ +#+
#+# #+# #+# #+# #+# #+# #+#
######### ######## ### ### ###
<a href="http://blacksun.box.sk" target="_blank">http://blacksun.box.sk</a>
<a href="http://awc.rejects.net" target="_blank">http://awc.rejects.net</a>
_____________________________
______________________I <b> Topic:</b> I_____________________
\ I I /
\ HTML by: I <b>The Boot Sector</b> I Written by: /
> I I <
/ <a href="mailto:black_mesa@hacktik.org">Martin L.</a> I_____________________________I <a href="mailto:fu@ckz.org">Ralph</a> \
/___________________________> <_________________________\</pre>
</td>
</tr>
</table>
</div>
<p>Version: 1.0 Date: 7/31/00</p>
<h3>TOC</h3>
<ol>
<li><a href="#1">Introduction</a><ul>
<li><a href="#1a">What you need</a></li></ul></li>
<li><a href="2">Basic hard drive/BIOS shit</a></li>
<li><a href="3">Making a Boot Sector</a></li>
<li><a href="4">Making a program to write a boot sector</a></li>
<li><a href="5">Other</a></li>
</ol>
<a name="1"><h3><u>1. Introduction</u></h3>
<blockquote>
<p>Well usually I give you a specific purpose at this point, but in this case I can't.
I was just in the mood to write something on boot sectors so I did it. And maybe
(hopefully) someone out there can make use of this info. This thing will most likely
became part of a larger tutorial, maybe something on assembly or on OS design.
After having consumed this text file you should know enough to design and create your
own boot sector, maybe for a virus, or an OS, or...?</a>
</blockquote>
<a name="1a"><h3><u>What you need</u></h3>
<blockquote>
<p>Before reading this you should have a basic knowledge of assembly. If you don't, read
my other tutorial, it's called Sk00l m3 ASM!!#@$!@# and is available from awc.rejects.net
We will be using 2 different programs to code this shit: NASM and TASM. NASM is freely
available from <a href="http://www.web-sites.co.uk/nasm/" target="_blank">http://www.web-sites.co.uk/nasm/</a>, but TASM you have to buy. I don't like
piracy, but if you're just gonna use TASM this once, don't bother spending $150 on it.
There are plenty of sites that have a copy.</p>
<p>Why am I using 2 different programs? Well I have always used NASM to make simple
programs as it's good at creating efficient memory copies. I always use TASM to make
programs a bit more complex. In the end however it comes down to the answer "why not??".
However, it shouldn't be hard at all to make the TASM program in NASM (or the other way
around), just change a few things here and there. If enough people come bitch to me, I'll
rewrite all the code for NASM/TASM.</p></blockquote>
<a name="2"><h3><u>2. Basic hard drive/BIOS shit</u></h3>
<blockquote>
<p>As soon as you flip that switch, your CPU starts executing shit located at F000:FFF0.
This area contains the BIOS, Basic Input/Output System. This code is written in assembly
and is stored in chips called EPROMs in your computer. This code will perform something
known as POST, Power On Self Test. This checks for installed devices and checks if they
all work. In particular it checks for the video card and runs the video BIOS usually
located at C000h. Next it checks for other ROMs to see if they have installed BIOSes.
Usually it then finds and executes the hard drive BIOS located at C8000h. Then it starts
something like a "system inventory" where it checks for other installed devices and
tests them. It does some more stuff that's all basicly useless for us right now,
until it finally transfers control over to the operating system. That's the part that
we're interested in. Back in the old days, only one OS was installed on a computer.
If you bought a certain computer, you could only run the OS that was made for it.
Nothing else. Obviosly that wasn't such a good thing as you would have to buy a new
computer if you wanted a different OS, so BIOS makers came up with the Boot Sector.
In case you didn't know yet, a Sector is the smallest area your hard drive can access.
According to the ATA standards each sector is exactly 512 bytes. However ATA standards
only apply to hard drives, things like floopies can use whatever they want.
Knowing this we can move on to the boot sector.</p>
</blockquote>
<h3><u>3. Making a Boot Sector</u></h3>
<blockquote>
<p>After the BIOS has successfully completed the POST it calls interrupt 19h. You can
actually see this by dumping the memory located at F000:FFF0. For example, on my box
I used debug with the following result:<br>
<i>-d f000:fff0</i><br>
F000:FFF0 CD 19 E0 00 F0 31 31 2F-32 36 2F 39 39 00 FC 81 .....11/26/99...</p>
<p>As you should know, CD = INT. INT 19h attempts to read in the Boot Sector of the 1st
floppy disk. If it fails it does the same thing on the 1st hard drive. If that fails
it returns an error message. A valid boot sector must have its last two bytes set to
AA55h. Assuming a valid boot sector is found, the code is loaded into memory at location
0000:7C00 and interrupt 19h jumps there to start executing the code. Since a boot sector
has to fit into one sector (512 bytes) it can't really do much, usually it does a search
for another file on another sector, then executes it. Our boot sector won't do that.
For now it is enough that it displays a message and reboots when you press a key. Since
DOS is not loaded yet, we have to use BIOS interupts to do all this. First we display a
messages using interupt 10h. Next we wait for the user to press a key using interrupt
16h, and finally we make a FAR jump to FFFF:0000 which we restart the computer. So lets
code this bitch:</p>
<p>First we use the code</p>
<table>
<tr>
<td> </td>
<td>MOV AX,0x0003</td>
</tr>
<tr>
<td> </td>
<td>INT 0x10</td>
</tr>
<tr>
<td colspan="2">to get into video mode. The registers have to be set up like this:</td>
</tr>
<tr>
<td>AH</td><td>Function number (00h, video)</td>
</tr>
<tr>
<td>AL</td><td>Video Mode (03, 80x25x16)</td>
</tr>
<tr>
<td colspan="2">Next we print the message using:</td>
</tr>
<tr>
<td> </td><td>MOV AX,0x1301</td>
</tr>
<tr>
<td> </td><td>MOV BX,0x0007</td>
</tr>
<tr>
<td> </td><td>MOV CX,0x23</td>
</tr>
<tr>
<td> </td><td>MOV BP,MSG</td>
</tr>
<tr>
<td> </td><td>ADD BP,0x7C00</td>
</tr>
<tr>
<td> </td><td>INT 0x10</td>
</tr>
<tr>
<td>AH</td><td>Function number (13h: print string)</td>
</tr>
<tr>
<td>AL</td><td>Write Mode (01h: string is characters only, attribute in BL, cursor moved)</td>
</tr>
<tr>
<td>BH</td><td>Video Page number (00h)</td>
</tr>
<tr>
<td>BL</td><td>Attributes of characters (07h)</td>
</tr>
<tr>
<td>CX</td><td>Length of string, excluding any attributes (23h = 35 characters)</td>
</tr>
<tr>
<td>BP</td>
<td>ES:BP must point to the string, since a boot sector starts at 07C00, we add that
to BP after we loaded it. You could also set the entry point of the program to
07C00, or change the data segment register to point to 07C00, but since it's just
one instruction, this is fine for now.</td>
</tr>
<tr>
<td colspan="2">Now we wait for the key to be pressed:</td>
</tr>
<tr>
<td> </td><td>MOV AH,0x00</td>
</tr>
<tr>
<td> </td><td>INT 0x16</td>
</tr>
</table>
<p><b>Registers:</b><br>
AH - 00, Read keyboard buffer, wait till full if not already.<br>
The buffer will be empty since the computer didn't get time to put anything into it yet.
Finally we reboot the computer by simply jumping to 0000:FFFF:</p>
<blockquote>
<p>DB 0xEA<br>
DW 0x0000<br>
DW 0xFFFF</p>
</blockquote>
<p>This looks a bit wierd but it's actualy quite simple. When declaring "variables" in
assembly, the assembler simply puts the value into a memory location. Usually you
use interrupts or something to point to them in order to use and manipulate them, but we
could also put code there. This is what we're doing here. If you get a Hex to Mnemonix
chart you will notice that EA is a Far Jump. So we put that into memory, followed by
the location to jump to.</p>
<p>Next we fill the the remaining memory with NULL:<br>
<blockquote>
TIMES 510-($-$$) DB 0</p>
</blockquote>
<p>This could also be done in TASM with something like TIMES 510 DUP (0).
Finally we have to add those two bytes to the end so that the BIOS will know that this is
a valid boot sector. This is done with the simple statement:<br>
<blockquote>
SIGNATURE DW 0xAA55</p>
</blockquote>
<p>Here is the full code to everything we just discussed:</p>
<table>
<tr>
<td colspan="2"><b>START:</b></td>
</tr>
<tr>
<td width="25"> </td>
<td>MOV AX,0x0003</td>
</tr>
<tr>
<td> </td><td>INT 0x10</td>
</tr>
<tr>
<td colspan="2"><b>PRINT_STRING:</b></td>
</tr>
<tr>
<td> </td><td>MOV AX,0x1301</td>
</tr>
<tr>
<td> </td><td>MOV BX,0x0007</td>
</tr>
<tr>
<td> </td><td>MOV CX,0x23</td>
</tr>
<tr>
<td> </td><td>MOV BP,MSG</td>
</tr>
<tr>
<td> </td><td>ADD BP,0x7C00</td>
</tr>
<tr>
<td> </td><td>INT 0x10</td>
</tr>
<tr>
<td colspan="2"><b>WAIT_FOR_KEY_PRESS:</b></td>
</tr>
<tr>
<td> </td><td>MOV AH,0x00</td>
</tr>
<tr>
<td> </td><td>INT 0x16</td>
</tr>
<tr>
<td colspan="2"><b>REBOOT:</b></td>
</tr>
<tr>
<td> </td><td>DB 0xEA</td>
</tr>
<tr>
<td> </td><td>DW 0x0000</td>
</tr>
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -