一个MBR Record的反汇编
标签:
asm
通过MBR记录的反汇编,可以学习和了解机器指令、汇编语言和电脑启动引导的过程。
MBR被加载到内存 0x7c00处的位置,当代码开始执行后,随即把自己复制到0x0600处继续执行。
MBR主要的任务是找到第一个活动分区,从该分区的第一个扇区(sector)加载 VBR(Volume Boot Record),然后转移控制权。
分区表中,活动分区的第一个字节通常是0x80,这实际上是磁盘中断指令中第一块磁盘的表示方法。
mbr.bin: file format binary
Disassembly of section .data:
00007c00 <.data>:
#====== Start of MBR Boot Code ======#
7c00: 33 c0 xor ax,ax
7c02: 8e d0 mov ss,ax
7c04: bc 00 7c mov sp,0x7c00
7c07: 8e c0 mov es,ax
7c09: 8e d8 mov ds,ax
7c0b: be 00 7c mov si,0x7c00
7c0e: bf 00 06 mov di,0x600
7c11: b9 00 02 mov cx,0x200
7c14: fc cld
7c15: f3 a4 rep movs BYTE PTR es:[di],BYTE PTR ds:[si] # copy self to 0x0600
7c17: 50 push ax
7c18: 68 1c 06 push 0x61c
7c1b: cb retf # jump to 0x061c
#------#
061c: fb sti
061d: b9 04 00 mov cx,0x4 # dx = 4;
0620: bd be 07 mov bp,0x7be # first entry
0623: 80 7e 00 00 cmp BYTE PTR [bp+0x0],0x0 # do{
0627: 7c 0b jl 0x634 # if(flag>=0x80) load_vbr()
0629: 0f 85 0e 01 jne 0x73b # else if(flag!=0) "Invalid Partition Table"
062d: 83 c5 10 add bp,0x10 # next entry
0630: e2 f1 loop 0x623 # } while(cx>0)
0632: cd 18 int 0x18 # Fail to Boot
#------ Load VBR ------#
0634: 88 56 00 mov BYTE PTR [bp+0x0],dl
0637: 55 push bp
0638: c6 46 11 05 mov BYTE PTR [bp+0x11],0x5
063c: c6 46 10 00 mov BYTE PTR [bp+0x10],0x0
0640: b4 41 mov ah,0x41
0642: bb aa 55 mov bx,0x55aa
0645: cd 13 int 0x13 # 41H: test disk extention support
0647: 5d pop bp
0648: 72 0f jb 0x659 # Not Present
064a: 81 fb 55 aa cmp bx,0xaa55
064e: 75 09 jne 0x659 # BX != 0xaa55, read error
0650: f7 c1 01 00 test cx,0x1
0654: 74 03 je 0x659 # No Extension support
0656: fe 46 10 inc BYTE PTR [bp+0x10] # +1
0659: 66 60 pusha
065b: 80 7e 10 00 cmp BYTE PTR [bp+0x10],0x0
065f: 74 26 je 0x687 # Jump if No Extension support
0661: 66 68 00 00 00 00 push 0x0 # Has Extension support
0667: 66 ff 76 08 push DWORD PTR [bp+0x8] # LBA
066b: 68 00 00 push 0x0
066e: 68 00 7c push 0x7c00 # offset 0000:7c00
0671: 68 01 00 push 0x1 # number of sector 0x0001
0674: 68 10 00 push 0x10 # DAP = 16 = 10H , 0x1000
0677: b4 42 mov ah,0x42
0679: 8a 56 00 mov dl,BYTE PTR [bp+0x0] # drive = 80
067c: 8b f4 mov si,sp
067e: cd 13 int 0x13 # 42H: Extended read sector
0680: 9f lahf
0681: 83 c4 10 add sp,0x10
0684: 9e sahf
0685: eb 14 jmp 0x69b
# No Extenstion support, AL = 01, 1 sector
0687: b8 01 02 mov ax,0x201 # AL = 01, 1 sector
068a: bb 00 7c mov bx,0x7c00 # BX = 0000:7c00
068d: 8a 56 00 mov dl,BYTE PTR [bp+0x0] # DL = drive # 80
0690: 8a 76 01 mov dh,BYTE PTR [bp+0x1] # DH = head # head
0693: 8a 4e 02 mov cl,BYTE PTR [bp+0x2] # CL = sector # 2bit C + 6bit S
0696: 8a 6e 03 mov ch,BYTE PTR [bp+0x3] # CH = cylinder
0699: cd 13 int 0x13 # 02H: read sector
069b: 66 61 popa
069d: 73 1c jae 0x6bb
069f: fe 4e 11 dec BYTE PTR [bp+0x11]
06a2: 75 0c jne 0x6b0
06a4: 80 7e 00 80 cmp BYTE PTR [bp+0x0],0x80
06a8: 0f 84 8a 00 je 0x736
06ac: b2 80 mov dl,0x80
06ae: eb 84 jmp 0x634
06b0: 55 push bp
06b1: 32 e4 xor ah,ah
06b3: 8a 56 00 mov dl,BYTE PTR [bp+0x0]
06b6: cd 13 int 0x13 # 00H: reset disk drive
06b8: 5d pop bp
06b9: eb 9e jmp 0x659
#------ verify MBR Signature ------#
06bb: 81 3e fe 7d 55 aa cmp WORD PTR ds:0x7dfe,0xaa55
06c1: 75 6e jne 0x731 # Missing operating system
# Keyboard related
06c3: ff 76 00 push WORD PTR [bp+0x0]
06c6: e8 8d 00 call 0x756
06c9: 75 17 jne 0x6e2
06cb: fa cli
06cc: b0 d1 mov al,0xd1
06ce: e6 64 out 0x64,al
06d0: e8 83 00 call 0x756
06d3: b0 df mov al,0xdf
06d5: e6 60 out 0x60,al
06d7: e8 7c 00 call 0x756
06da: b0 ff mov al,0xff
06dc: e6 64 out 0x64,al
06de: e8 75 00 call 0x756
06e1: fb sti
06e2: b8 00 bb mov ax,0xbb00
06e5: cd 1a int 0x1a # 1AH: read clock
06e7: 66 23 c0 and eax,eax
06ea: 75 3b jne 0x727
06ec: 66 81 fb 54 43 50 41 cmp ebx,0x41504354 # Check TCPA ??????
06f3: 75 32 jne 0x727
06f5: 81 f9 02 01 cmp cx,0x102
06f9: 72 2c jb 0x727
06fb: 66 68 07 bb 00 00 push 0xbb07
0701: 66 68 00 02 00 00 push 0x200
0707: 66 68 08 00 00 00 push 0x8
070d: 66 53 push ebx
070f: 66 53 push ebx
0711: 66 55 push ebp
0713: 66 68 00 00 00 00 push 0x0
0719: 66 68 00 7c 00 00 push 0x7c00
071f: 66 61 popa
0721: 68 00 00 push 0x0
0724: 07 pop es
0725: cd 1a int 0x1a # 1AH: read clock
0727: 5a pop dx
0728: 32 f6 xor dh,dh
072a: ea 00 7c 00 00 jmp 0x0:0x7c00 # goto VBR boot code
072f: cd 18 int 0x18
#------ print message entry -----#
0731: a0 b7 07 mov al,ds:0x7b7
0734: eb 08 jmp 0x73e # printf("Missing operating system")
0736: a0 b6 07 mov al,ds:0x7b6
0739: eb 03 jmp 0x73e # print("Error loading operating system")
073b: a0 b5 07 mov al,ds:0x7b5 # print("Invalid partition table");
#------ print message ------#
073e: 32 e4 xor ah,ah
0740: 05 00 07 add ax,0x700
0743: 8b f0 mov si,ax # char *buf = 0x0700 + AL;
# do{
0745: ac lods al,BYTE PTR ds:[si] # char c = *buf; buf++;
0746: 3c 00 cmp al,0x0 # if(c == '\0') break;
0748: 74 09 je 0x753 #
074a: bb 07 00 mov bx,0x7 #
074d: b4 0e mov ah,0xe #
074f: cd 10 int 0x10 # putc(c);
0751: eb f2 jmp 0x745 # }while(1);
0753: f4 hlt # halt
0754: eb fd jmp 0x753 # infinit loop
#------ Test Keyboard ------#
0756: 2b c9 sub cx,cx # CX = 0
0758: e4 64 in al,0x64 # 64H: read keyboard status
075a: eb 00 jmp 0x75c
075c: 24 02 and al,0x2
075e: e0 f8 loopne 0x758
0760: 24 02 and al,0x2
0762: c3 ret
#------ Message List ------#
0763: ...
077b: ...
079a: ...
#------ Message LUT Table -----#
07b5: 00 63 7b 9a
#====== End of MBR Boot Code ======#
#----- Partation Table ------#
07be: 80 20 21 and BYTE PTR [bx+si],0x21
07c1: 00 07 add BYTE PTR [bx],al
07c3: fe (bad)
07c4: ff (bad)
07c5: ff 00 inc WORD PTR [bx+si]
07c7: 08 00 or BYTE PTR [bx+si],al
07c9: 00 00 add BYTE PTR [bx+si],al
07cb: b0 e7 mov al,0xe7
07cd: 0e push cs
...
#====== End of MBR ======#
7fe: 55 push bp
7ff: aa stos BYTE PTR es:[di],al
网络资源
标签:
asm
值得参与的固定收益理财