PDA

View Full Version : Floppy boot sector disassembly



RobR
02-25-2002, 06:04 AM
I know this isn't really a C question, but I need to know if there are any freely available utilities to allow me to disassemble a floppy boot sector - I can view it in debug by copying the first sector to memory, and then running unassemble, but I really need some way of printing the unassembled code out. All the disassemblers I can find seem "file" oriented instead of "sector" oriented.

I can see theres a lot of guys here who write their own boot loaders, so I am hoping someone can help.

Cheers,

Rob.

VirtualAce
02-25-2002, 05:50 PM
The boot sector is 510 bytes long, but just read in 512 bytes. The bootsector resides at cylinder 0, head 0, sector 1. To interpret the information you will need to know the FAT12 structure that is used on floppies. Also the bootstrap code lies just beyond the bootsector structure and is approx 446 bytes long. At offset 01EFh lies the boot signature which has to be 0AA55h.

To read in you can first check if your BIOS supports the INT 13 extensions by issuing a call to Check Installation.

AH=41h
BX=55AAh
DL=drive (80h-FFh)

Return:
CF set on error (extensions not supported)
AH=01h (invalid function)
BX=AA55h (if installed)
AH=major version of extensions
01h=1.x
20h=2.0/EDD 1.0
21h=2.1/EDD 1.1
30h=EDD 3.0

AL=internal usage
CX=API subset support bitmap
DH=extension version


Then to read in you would issue Read Extended via int 13h.

For more information on this go to http://home.teleport.com/~brainy/fat16.htm.

That's the link to the 16-bit FAT info, but you can link off of that page to the other pages which discuss this and a disk util which will allow you to do what you want to do.


Make sure you understand this before attempting to code it. You can wipe out your boot sector, bootstrap, partitions, files, FATs, and anything else on the drive using the INT 13 API.

RobR
02-26-2002, 02:42 PM
Thnx for the info. I'll give it a try later & let you know how I get on!

Cheers,

Rob.

VirtualAce
03-05-2002, 04:08 AM
A very simple way to read the bootsector is by using biosdisk, which by the way, uses INT 13h.

The boot sector is 512 bytes long and starts at sector 1.

unsigned char buffer[512];


//Command 2 -> read sectors
//Drive 0 or A:
//Head 0
//Cylinder 0
//Sector 1
//Length of 1 sector
//Read into buffer
int error=biosdisk(2,0,0,1,1,&buffer);

if (error)
{
printf("Error encountered\n");
exit(1);
}

To make sense of this look up the BootSector struct for the MS-DOS operating system. The bootstrap lies int the 449 bytes directly after the struct. The last two bytes of the bootstrap are 55 AA or 0AA55h (remember little endian). If this is not present, the BIOS will not boot the disk. 55AA is the required boot signature which tells the BIOS this disk is bootable.