Now Reading
GRUB Boot Supervisor MBR/Boot Sector

GRUB Boot Supervisor MBR/Boot Sector

2023-08-24 06:40:13

GRUB Boot Supervisor MBR/Boot Sector















The  GRUB
 MBR

(being the GRand Unified
Boot

Loader’s
“stage1”
Sector

)

A Disk
Editor View and Feedback on the Code

(as seen in Reminiscence throughout Execution)

Plus some Lessons for Linux users!


NOTE: Though
the code used on this MBR isn’t any thriller to anybody who has a search
engine
and a little bit of Meeting information (because it is all Open Supply
code), I made a decision that many would nonetheless prefer to see a list and feedback
on the Meeting directions from GRUB‘s MBR (or
stage1” because it’s referred to as) in an effort to assist pc
customers perceive what occurs when their Master Boot Record
is changed by the boot code from GRUB. Additionally notice that this code can
be used as both MBR code in a tough drive’s MBR
sector, or as a Linux set up’s Quantity Boot Sector! GRUB
as an entire (all of its software program working collectively) is definitely
a Boot Supervisor (for my part anyway; some technical causes might exist
for not labeling it as such, but it surely does a lot greater than only a frequent bootloader,
I’ve to surprise if others ever take any time to review what may be executed with
it). It is able to launching a wide range of OS-types from its menu show;
to which some distros reminiscent of Crimson Hat® have added their very own splash
screens
. SuSE® (one other Linux distribution firm) has gone
a step additional, not solely including a splash display screen patch, however some executable code
which provides an animated progress-bar to their splash display screen show.

GRUB usually replaces
the unique MBR code when a Home windows™ consumer tries out Linux for the primary time.
Way back (in relation to how lengthy computer systems have been round) GRUB was solely the default loader for
Crimson Hat and some lesser recognized distros. However quickly many
others, reminiscent of SuSE 9.2 (SuSe has additionally used GRUB for a while now) and
then the Ubuntu (since 2004; Debian-based) distro, additionally defaulted
to utilizing GRUB*.
This web page will present you the place “stage1 will get loaded into
Reminiscence and the way program execution is handed on to the remainder of GRUB’s executable
code situated elsewhere on the disk. You can too discover documented sources by
the authors of GRUB at most Linux archive websites. A very good start line can be:
GRUB Legacy. Many
Linux customers want studying the GRUB Guide in PDF or HTML type somewhat than GRUB’s ‘data’ pages; you
can get all of the documentation here (the only web page HTML Guide is each moveable and searchable throughout
many platforms). In the supply code, the supply
file for GRUB’s Grasp Boot Report (or VBR Boot Sector) code is named:
stage1.S.
You might also discover the file stage1.h
fairly useful; it comprises definitions of assorted bytes utilized in
GRUB’s BPB and knowledge areas (see beneath). NOTE: The fashion or format of the meeting code directions in these
supply information is also known as “AT&T” (somewhat than “Intel”). The “Intel” format
is what most assemblers, reminiscent of Microsoft’s MASM, use; whereas, the GNU Assembler makes use of the “AT&T” format.

_______________________

*
NOTE: S
ome Linux distros use a model of GRUB which has by no means been “patched”
for splash screens; so you will not see any coloration picture logos
behind its menus or assist screens.

And maybe of equal
significance to some:
Plenty of distros appear to have no approach of putting in
GRUB into the MBR with out including a few of its “stage2
code instantly after it (overwriting many sectors of the primary monitor).
Neither the Crimson Hat (since at the least 8.0; when utilizing their
“Anaconda” GUI set up) nor SuSE set up packages
(most likely lengthy earlier than 9.1; which is one model we examined) will
overwrite any sectors within the first monitor by default, besides the MBR sector.
(That is most likely true for different Linux distro set up packages as effectively.)
What actually bothers
us about many explicit set up packages although, is their lack of readability
(or are they merely propagating the identical error over and over?) by the style
wherein the alternatives (for those who even provide you with a selection!) are offered
to their customers. For instance, many distros that use a text-only set up,
and even for some distros with GUI set up packages, when text-only is chosen
(or the consumer is pressured into it, as a result of there’s not sufficient reminiscence to
run the GUI set up), sooner or later within the course of, they ask: “The place
do you wish to set up the boot loader?” and the one choices are sometimes:
1) “Grasp Boot Report (MBR)” or 2) “First sector
of boot partition.” Does it make sense that selecting possibility
#1) means about 8 KiB (16 sectors) of ‘stage2’ code can even be written to
the primary monitor? But selecting possibility #2) might or might not write any of GRUB’s code
to the MBR sector; so, if like me, you wish to make sure a brand new set up can not overwrite any knowledge you might have saved within the first monitor, you are caught with manually having to put in GRUB to the MBR sector after performing the set up!

Though this can be the
default habits of GRUB, a distribution’s set up programmer(s) ought to
be capable to (and a variety of main Linux distros have executed so) give you a selection
that is smart!  
So,
bear in mind that simply because a distro makes use of GRUB, they actually don’t all observe
the identical set up strategies! To most individuals, this would possibly not make any distinction
in any respect, however we contemplate it disturbing that some common new Linux distros
don’t level out what their set up packages will actually do (i.e., write
at the least 16 sectors to the primary monitor) somewhat than merely stating GRUB
shall be written to the MBR sector. As with all OS installs, it is as much as
the consumer to guard his present knowledge.
[
So: Back-up the whole first track, if you are trying out any new
Linux distros and you have some other boot manager or other kind of data saved there.
]







Notice: There are various completely different variations of GRUB being
utilized in the actual world. The one we’re analyzing right here comprises the stage1
code
for each variations 0.92 and 0.93 (12/08/2002);
nonetheless present in most Linux installations. Additionally variations 0.94 (some: 1/25/2004
others: 5/13/2004;
for instance, as utilized in SuSE Linux 9.1 and seen within the Khexedit pics beneath
) and
0.95 (6/13/2004); you may additionally discover 0.97 and preliminary work on GRUB2 at this FTP website as effectively.
Just a few extra strains had been added for 0.97 (5/7/2005)
as mentioned beneath.

The
MBR code for all of those variations is mainly the identical as earlier than (
solely
one new instruction was added

for 0.95 and some extra for 0.97), however the offsets for the “GRUB
” and error message strings have all modified because of that! One also needs to
notice that Linux corporations reminiscent of SuSE®, RedHat®, and so forth. might make adjustments
of their very own (SuSE® made
a slight change in its 0.94 GRUB MBR code; see code feedback below

and OpenSuse might have
others). The newest GNU GRUB model, 0.97, can be mentioned beneath;
the place solely 9 bytes have been added in the identical space.

 

Just like the Quantity boot data of DOS/Home windows, the primary
three bytes of GRUB’s MBR code are referred to as the Leap Instruction, regardless that solely
the primary two bytes
type the precise JMP (soar) to the remainder of the
executable code; the third byte (90h) is only a NOP instruction
(‘No OPeration’; though it does nothing, it is usually used to align different bytes and
enable for adjustments within the code that will not alter the dimensions of the file). So the execution jumps over
the 59 bytes highlighted in pink which can be utilized as a BIOS
Parameter Block
(the information is explained here),
in addition to the following 12 bytes highlighted in yellow which include knowledge
about GRUB
(see below), to proceed at offset 4Ah.

NOTE: When GRUB is used as an MBR sector, which is how we’re analyzing it right here,
not one of the bytes saved on the media within the BPB space are literally utilized by the code; so we have crammed it with zero bytes.


Absolute sector 0 (cylinder 0, head 0, sector 1)
       0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F
0000  EB 48 90 00 00 00 00 00 00 00 00 00 00 00 00 00  .H..............
0010  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0020  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0030  00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 02  ................
0040  80 00 00 80 DF 0A 93 01 00 08 FA EA 50 7C 00 00  ............P|..
0050  31 C0 8E D8 8E D0 BC 00 20 FB A0 40 7C 3C FF 74  1....... ..@|<.t
0060  02 88 C2 52 BE 76 7D E8 34 01 F6 C2 80 74 54 B4  ...R.v}.4....tT.
0070  41 BB AA 55 CD 13 5A 52 72 49 81 FB 55 AA 75 43  A..U..ZRrI..U.uC
0080  A0 41 7C 84 C0 75 05 83 E1 01 74 37 66 8B 4C 10  .A|..u....t7f.L.
0090  BE 05 7C C6 44 FF 01 66 8B 1E 44 7C C7 04 10 00  ..|.D..f..D|....
00A0  C7 44 02 01 00 66 89 5C 08 C7 44 06 00 70 66 31  .D...f...D..pf1
00B0  C0 89 44 04 66 89 44 0C B4 42 CD 13 72 05 BB 00  ..D.f.D..B..r...
00C0  70 EB 7D B4 08 CD 13 73 0A F6 C2 80 0F 84 F3 00  p.}....s........
00D0  E9 8D 00 BE 05 7C C6 44 FF 00 66 31 C0 88 F0 40  .....|.D..f1...@
00E0  66 89 44 04 31 D2 88 CA C1 E2 02 88 E8 88 F4 40  f.D.1..........@
00F0  89 44 08 31 C0 88 D0 C0 E8 02 66 89 04 66 A1 44  .D.1......f..f.D
0100  7C 66 31 D2 66 F7 34 88 54 0A 66 31 D2 66 F7 74  |f1.f.4.T.f1.f.t
0110  04 88 54 0B 89 44 0C 3B 44 08 7D 3C 8A 54 0D C0  ..T..D.;D.}<.T..
0120  E2 06 8A 4C 0A FE C1 08 D1 8A 6C 0C 5A 8A 74 0B  ...L......l.Z.t.
0130  BB 00 70 8E C3 31 DB B8 01 02 CD 13 72 2A 8C C3  ..p..1......r*..
0140  8E 06 48 7C 60 1E B9 00 01 8E DB 31 F6 31 FF FC  ..H|`......1.1..
0150  F3 A5 1F 61 FF 26 42 7C BE 7C 7D E8 40 00 EB 0E  ...a.&B|.|}.@...
0160  BE 81 7D E8 38 00 EB 06 BE 8B 7D E8 30 00 BE 90  ..}.8.....}.0...
0170  7D E8 2A 00 EB FE 47 52 55 42 20 00 47 65 6F 6D  }.*...GRUB .Geom
0180  00 48 61 72 64 20 44 69 73 6B 00 52 65 61 64 00  .Exhausting Disk.Learn.
0190  20 45 72 72 6F 72 00 BB 01 00 B4 0E CD 10 AC 3C   Error.........<
01A0  00 75 F4 C3 00 00 00 00 00 00 00 00 00 00 00 00  .u..............
01B0  00 00 00 00 00 00 00 00 A8 E1 A8 E1 00 00 80 01   ................
01C0  01 00 07 FE FF 6D 3F 00 00 00 AF 39 D7 00 00 00  .....m?....9....
01D0  C1 6E 0C FE FF FF EE 39 D7 00 BD 86 BB 00 00 FE  .n.....9........
01E0  FF FF 83 FE FF FF AB C0 92 01 CD 2F 03 00 00 FE  .........../....
01F0  FF FF 0F FE FF FF 78 F0 95 01 83 AF CC 00 55 AA  ......x.......U.
       0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F


GRUB MBR instance
utilizing model 0.92/0.93 code.


At offset 176h
(for 0.92/0.93) we discover the Zero-terminated string “GRUB
“. Underneath variations 0.94/0.95, it is going to start at offset 179h, however within the SuSE 9.1 MBR (utilizing ver. 0.94) an additional
instruction was added which shifted the “GRUB ” string offset to 17Bh.
[Note: If you have an earlier version of GRUB (before 0.92), you may find this string in yet another location.]

The “GRUB ” string is adopted by a bunch of very transient Error
Messages
; every phrase within the Error Message part is zero-terminated as
effectively. The bolded code inserted after the Error Message
part is a subroutine used to show each the phrase “GRUB
” and any Error Messages on the display screen; it is referred to as by the principle physique of
code as wanted.

Though GRUB
is a Boot Supervisor, its stage1 code follows the construction of all
MBRs by inserting the normal four-entry Partition
Desk
in its agreed upon location (offsets 01BEh by way of 01FDh)
which is adopted by the usual Phrase-sized signature ID of AA55h (keep in mind hex Phrases for Intel x86 CPUs are saved
in reminiscence with the Lowest-byte first and the Highest-byte final; that is why you
see: “55 AA” on the disk).

Lastly, GRUB makes
certain to not use any of the bytes between offsets 1B8h and 1BBh
as a result of they’re utilized by Microsoft® Home windows™ NT/2000/XP/2003
because the NT Drive Serial Quantity; which in our instance
above is the four-byte WORD E1A8E1A8h.





[For more comments on the
code below, read the stage1.S source file for your version of the GRUB
distribution. It’s associated file, stage1.h, contains a number of definitions
used by the Assembly code in stage1.S; such as:
“/* The signature for bootloader.
*/ : #define STAGE1_SIGNATURE 0xaa55]

In contrast to many bootloaders,
since GRUB can perform as both a Grasp Boot Report (when put in within the
first sector of a PC’s /dev/hda gadget; that’s, its Main,
Grasp
laborious disk) or as a Linux set up’s Quantity boot document, it
by no means bothers to relocate its code, since there shall be no different VBR code that
must be instantly loaded at Phase:Offset 0000:7C00. Solely after GRUB is
totally operational (i.e., working elsewhere in reminiscence), would it not presumably must carry out a
chainload of some OS’s boot document that may require use of this space of reminiscence.

GRUB  stage1
MBR Code:



 
7C00 EB48          JMP     7C4A          ; Leap (quick) over BPB knowledge
7C02 90            NOP                   ;  space to fundamental physique of code.


Though GRUB’s BPB (BIOS Parameter
Block
) may include knowledge helpful to many OS utilities, it is solely used this manner when GRUB is put in to a floppy diskette; wherein case it makes use of the usual FAT VBR
format (as
explained
here
):

        0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F
7C00            00 00 00 00 00 00 00 00 00 00 00 00 00      .............
7C10   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
7C20   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
7C30   00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 02   ................
7C40   80 00 00 80 DF 0A 93 01 00 08                     ..........


   Stage1 Model Data: [7C3E] -> COMPAT_VERSION_MAJOR (03h),
                               [7C3F] -> COMPAT_VERSION_MINOR (02h).

   BYTES within the GRUB knowledge space that are referenced within the code beneath:
  
   [7C05] -> "Disk Handle Packet" for LBA mode (see 7C90 and 7CD3).
             NOTE: These values might not correspond to any bytes that
                   occur to be saved on the media right here, however somewhat
                   are overwritten in reminiscence with values created by
                   execution of the code. Subsequently, you'll be able to safely
                   zero-out (or fill with every other byte) the entire
                   BIOS Parameter Block space as we did above!

   [7C40] -> 80 ("Boot Drive") NOTE: For these of you with multi-OS
             booting programs, if your Linux set up with GRUB's
    See:     remaining software program (stage2, menu file, and so forth.) is situated
    7C5A     someplace aside from on the Main Grasp drive, this
             worth shall be 81, 82, and so forth. relying upon which drive
             that Linux OS's /boot/grub listing is situated. Within the
             stage1.S file, it is referred to as the GRUB_INVALID_DRIVE byte
             and commented as: "the disk to load stage2 from." (The
             phrase INVALID has one thing to do with the code logic.)
 
   [7C41] -> 00 ("Pressure LBA mode byte"; at 7C80)
   [7C42] -> 00 80 (8000h) Reminiscence location the place GRUB shops the
                           subsequent stage of the code to execute. See
                           7D54 beneath ("stage2_address").

   [7C44] -> Notice: A vital location for anybody utilizing GRUB!
             This (4-byte) Quad-Phrase comprises the location of GRUB's
             stage2 file in sectors! It is referred to as "stage2_sector" in
             the stage1.S code. If GRUB is put in within the MBR by a
             distro that all the time features a numbmer of sectors from
             stage2 instantly following the GRUB MBR, you will notice
             the bytes 01 00 00 00 on this location; in any other case, it
             will level to stage2 within the "/boot/grub" listing.
    Instance:
             DF 0A 93 01 (1930ADFh) [ "stage2 Sector" -> 26,413,791 ]
            [So, for this GRUB install, its stage2 file is located at
             Absolute Sector 26413791. This value will of course vary
             depending upon the physical location of the stage2 file!]

    [7C48] -> 00 08 (800h) ["stage2_segment" at 7D40; do not confuse
                           it with the "stage2_address" 8000 at 7D54.]

One other instance: A /boot partition had so many system errors we determined to save lots of the information and reformat it. When
re-writing the saved information again to the partition, as anticipated, the stage2 file ended up in a distinct location. So, we
used a disk editor with a search perform (HxD underneath Home windows)
to search out the string “Loading stage2”, then transformed its Absolute Sector worth of 26,472,763 to:
193F13Bh and eventually modified the bytes within the GRUB MBR to: 3B F1 93 01.


NOTE: For anybody who might have to do that some day, we bumped into
yet one more drawback: The stage2 file itself additionally comprises a hard-coded worth (two really) pointing to different components of the GRUB code!
See: First sector of stage2 (values in purple) beginning at offset 1F0.
Although I used to be profitable in enhancing them (I famous the distinction
between the 2 values and our previous stage2 “base location” then made
adjustments within the new stage2 values accordingly), we nonetheless don’t
know for certain what they’re really used for. It was sufficient to maintain
GRUB from working appropriately till we made the adjustments although! So,
our new values in stage2 grew to become: 55 F1 93 01 (offsets 1F0-1F3) and:
3C F1 93 01 (at offsets 1F8-1FB).




7C4A FA            CLI

; Within the 0.94 and 0.95 code, an OR  DL,80 instruction is inserted right here
; when GRUB is put in in an MBR as a "workaround for buggy BIOSes.."
; which do not move the boot drive byte appropriately. If GRUB is put in
; because the Linux Boot Sector, a worth of 00 is used as an alternative of 80, which
; successfully makes it a NOP.  This code (80 CA 80) causes all offsets
; after it to shift by 3 bytes, so all relative jumps beneath can be
; completely different for these variations; regardless that its the identical code!
;
; For the GNU GRUB 0.97 code, its programmers substituted the next
; as their "workaround for buggy BIOSes.." utilizing the take a look at  dl,0x80
; instruction, and so forth. (as proven right here):
; 7C4B  90          nop               ; These 'nops' are prob. for
; 7C4C 90 nop ; anticipated future adjustments! ; 7C4D F6C280 take a look at dl,0x80 ; Verify if DL is masked appropriately. ; 7C50 7502 jnz 0x7c54 ; If not, then assume it is a ; 7C52 B280 mov dl,0x80 ; bogus worth and set DL to 80. ; Thus, all of the directions beneath this line can be shifted by 9 bytes ; for model 0.97 (7C4Bh + 9 = 7C54h). 7C4B EA507C0000 JMP 0000:7C50 ; Lengthy Leap to the following instruction ; as a result of some bogus BIOSes soar to ; 07C0:0000 as an alternative of 0000:7C00. 7C50 31C0 XOR AX,AX 7C52 8ED8 MOV DS,AX 7C54 8ED0 MOV SS,AX 7C56 BC0020 MOV SP,2000 7C59 FB STI
7C5A A0407C MOV AL,[7C40] ; <<<<<<<< Boot Drive 7C5D 3CFF CMP AL,FF 7C5F 7402 JZ 7C63 7C61 88C2 MOV DL,AL 7C63 52 PUSH DX 7C64 BE767D MOV SI,7D76 ; --> "GRUB " 7C67 E83401 CALL 7D9E ; Show GRUB ID on display screen. 7C6A F6C280 TEST DL,80 7C6D 7454 JZ 7CC3 7C6F B441 MOV AH,41 ; Perform 41h of INT13 7C71 BBAA55 MOV BX,55AA 7C74 CD13 INT 13 ; Check for INT13 Extensions 7C76 5A POP DX 7C77 52 PUSH DX 7C78 7249 JC 7CC3 ; If CF = 1, one thing flawed ; with take a look at, so use CHS Mode. 7C7A 81FB55AA CMP BX,AA55 7C7E 7543 JNE 7CC3 ; If ZF = 0, INT13 Extensions ; failed, so use CHS Mode. 7C80 A0417C MOV AL,[7C41] ; <<<< Pressure LBA mode byte 7C83 84C0 TEST AL,AL ; At this level, SuSE Linux 9.1 added a JS (Jmp if SF = 1) to leap to ; the code at 7CC3. Why? Neither 0.94 nor 0.95 have this! There are ; already 3 jumps above (7C6D, 7C78, 7C7E) and a couple of beneath (7C8A, 7CBC) ; to this identical location. Is there an issue with "TEST AL,AL" right here? ; And though we checked out what was alleged to be the official supply ; code for each SuSE 9.1 and SuSE 9.2's (for grub-0.94 and -0.95), we ; couldn't discover this instruction listed in both; so no assist there! ; Considered one of our readers believes this was a 'function' added by SuSE 9.1 ; to pressure CHS mode! If bit 7 is about, execution will soar to 7CC3 no ; matter whether or not LBA mode is supported or not! (Does anybody have any ; SuSE supply code that features this instruction? Feedback?) 7C85 7505 JNZ 7C8C 7C87 83E101 AND CX,+01 7C8A 7437 JZ 7CC3 ; LBA mode begins right here: ; ==================== 7C8C 668B4C10 * MOV ECX,[SI+10] 7C90 BE057C MOV SI,7C05 ; <<<<<< Setup "Disk Packet" for Prolonged Learn. 7C93 C644FF01 MOV BYTE PTR [SI-01],01 7C97 668B1E447C * MOV EBX,[7C44] ; <<<<<<< Location of Stage2 code from the start of the partition (the offset is in variety of sectors). 7C9C C7041000 MOV WORD PTR [SI],0010 7CA0 C744020100 MOV WORD PTR [SI+02],0001 7CA5 66895C08 * MOV [SI+08],EBX 7CA9 C744060070 MOV WORD PTR [SI+06],7000 7CAE 6631C0 * XOR EAX,EAX 7CB1 894404 MOV [SI+04],AX 7CB4 6689440C * MOV [SI+0C],EAX 7CB8 B442 MOV AH,42 ; Perform 42h of INT13 7CBA CD13 INT 13 ; Prolonged Learn (utilizing ; Disk Handle Packet). 7CBC 7205 JC 7CC3 ; If LBA not supported, ; go to CHS mode solely. 7CBE BB0070 MOV BX,7000 7CC1 EB7D JMP 7D40 ; CHS mode begins right here: ; ==================== 7CC3 B408 MOV AH,08 ; Perform 08 of INT13 7CC5 CD13 INT 13 ; Get Drive Parameters 7CC7 730A JNB 7CD3 7CC9 F6C280 TEST DL,80 ; Assessments if HDD exists. 7CCC 0F84F300 * JZ 7DC3 ; Subsequently, this soar is ; by no means taken until grub was put in on and working from a floppy ; disk. And solely then will you discover extra executable code at 7DC3. ; Within the supply code file (stage1.S), you may discover this quick remark ; in regards to the further code: "Kinda sneaky, huh?" 7CD0 E98D00 JMP 7D60 ; There was an HDD Error! 7CD3 BE057C MOV SI,7C05 <<<<<< "Disk Packet" 7CD6 C644FF00 MOV BYTE PTR [SI-01],00 7CDA 6631C0 * XOR EAX,EAX ; Save variety of heads: 7CDD 88F0 MOV AL,DH 7CDF 40 INC AX 7CE0 66894404 * MOV [SI+04],EAX 7CE4 31D2 XOR DX,DX 7CE6 88CA MOV DL,CL 7CE8 C1E202 * SHL DX,02 7CEB 88E8 MOV AL,CH 7CED 88F4 MOV AH,DH ; Save variety of cylinders: 7CEF 40 INC AX 7CF0 894408 MOV [SI+08],AX 7CF3 31C0 XOR AX,AX 7CF5 88D0 MOV AL,DL 7CF7 C0E802 * SHR AL,02 ; Save variety of sectors: 7CFA 668904 * MOV [SI],EAX 7CFD 66A1447C * MOV EAX,[7C44] <<<<<< Location of Stage2 code from the start of the partition (the offset is in variety of sectors). 7D01 6631D2 * XOR EDX,EDX 7D04 66F734 * DIV WORD PTR [SI] ; Double phrase right here. 7D07 88540A MOV [SI+0A],DL 7D0A 6631D2 * XOR EDX,EDX 7D0D 66F77404 * DIV WORD PTR [SI+04] ; Double phrase right here. 7D11 88540B MOV [SI+0B],DL 7D14 89440C MOV [SI+0C],AX 7D17 3B4408 CMP AX,[SI+08] 7D1A 7D3C JGE 7D58 ; There was a Geometry Error! 7D1C 8A540D MOV DL,[SI+0D] 7D1F C0E206 * SHL DL,06 7D22 8A4C0A MOV CL,[SI+0A] 7D25 FEC1 INC CL 7D27 08D1 OR CL,DL 7D29 8A6C0C MOV CH,[SI+0C] 7D2C 5A POP DX 7D2D 8A740B MOV DH,[SI+0B] 7D30 BB0070 MOV BX,7000 7D33 8EC3 MOV ES,BX 7D35 31DB XOR BX,BX 7D37 B80102 MOV AX,0201 ; Perform 02 of INT13 7D3A CD13 INT 13 ; Learn 1 sector into Reminiscence 7D3C 722A JB 7D68 ; There was a Learn Error! 7D3E 8CC3 MOV BX,ES 7D40 8E06487C MOV ES,[7C48] ; <<<<<<<< WORD [0800 hex] ; Notice: 800:0000 = 0000:8000 7D44 60 * PUSHA 7D45 1E PUSH DS 7D46 B90001 MOV CX,0100 7D49 8EDB MOV DS,BX 7D4B 31F6 XOR SI,SI 7D4D 31FF XOR DI,DI 7D4F FC CLD 7D50 F3A5 REP MOVSW 7D52 1F POP DS 7D53 61 * POPA ; That is the place we soar to the following stage of the code which GRUB loaded ; from the HDD into Reminiscence places 0000:8000 hex and following: 7D54 FF26427C JMP [7C42] ; WORD <<< 8000 hex. ; "stage2_address".


Part
for Displaying Error Messages



7D58 BE7C7D        MOV     SI,7D7C         ; --> "Geom Error"
7D5B E84000        CALL    7D9E            ; Show it on display screen.
7D5E EB0E          JMP     7D6E            ; End it and 'lock-up'

7D60 BE817D        MOV     SI,7D81         ; --> "Exhausting Disk Error"
7D63 E83800        CALL    7D9E            ; Show it on display screen.
7D66 EB06          JMP     7D6E            ; End it and 'lock-up'

7D68 BE8B7D        MOV     SI,7D8B         ; --> "Learn Error"
7D6B E83000        CALL    7D9E            ; Show it on display screen.
7D6E BE907D        MOV     SI,7D90         ; (For displaying " Error")
7D71 E82A00        CALL    7D9E            ; End it and 'lock-up'
7D74 EBFE          JMP     7D74            ; Locks-up execution in an
                                           ; infinite loop!  You should
                                           ;   reboot your pc!



Location of the
GRUB  ID String

and
Error Messages in Reminiscence

(for variations 0.92/0.93)



                         6  7  8  9  A  B  C  D  E  F
7D76                    47 52 55 42 20 00 47 65 6F 6D         GRUB .Geom
7D80  00 48 61 72 64 20 44 69 73 6B 00 52 65 61 64 00   .Exhausting Disk.Learn.
7D90  20 45 72 72 6F 72 00                               Error.
       0  1  2  3  4  5  6

For variations 0.94/0.95,
these characters start at 7D7B as an alternative;

for model 0.97, they start at 7D7F.


Show Characters  Subroutine



7D97 BB0100        MOV     BX,0001
7D9A B40E          MOV     AH,0E         ; Perform 0Eh of INT 10h
7D9C CD10          INT     10            ; Show the character

7D9E AC            LODSB
7D9F 3C00          CMP     AL,00
7DA1 75F4          JNZ     7D97          ; Loop till discovering a zero byte.
7DA3 C3            RET




  Location
 of  Pattern

Partition Desk in Reminiscence



                                                  E  F
7DBE                                             80 01   ................
7DC0   01 00 07 FE FF 6D 3F 00 00 00 AF 39 D7 00 00 00   .....m?....9....
7DD0   C1 6E 0C FE FF FF EE 39 D7 00 BD 86 BB 00 00 FE   .n.....9........
7DE0   FF FF 83 FE FF FF AB C0 92 01 CD 2F 03 00 00 FE   .........../....
7DF0   FF FF 0F FE FF FF 78 F0 95 01 83 AF CC 00 55 AA   ......x.......U.
        0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F





Attention-grabbing Instructions for Linux Customers

Associated to their MBR Sector and GRUB

A number of the following
Console instructions require you to be root with a view to use them, so until
you are already logged in as ‘root’ you may want to make use of the Console command: su.

This command will copy the primary drive’s MBR sector into a brand new 512-byte file
referred to as MBRhda.bin (in the identical listing
you run the command from):

See Also

#
dd if=/dev/hda of=MBRhda.bin bs=512 rely=1

If the primary drive
is SCSI somewhat than IDE/ATA, change any prevalence of ‘hda’ with ‘sda’ within the
command. [Placing this file on a couple diskettes and
learning how to use a linux rescue system, such as good ‘ole “tomsrtbt
or the SuSE 9.1 install CD’s “rescue” boot, makes it just as easy
to restore the MBR sector with the command: #
dd if=
MBRhda.bin
of=/dev/hda bs=512 count=1
].

If GRUB
is in your MBR, then MBRhda.bin will
be a duplicate of GRUB’s stage1 code together with that drive’s Partition
Desk
. As a fast examine, you might use the command:
#
cat MBRhda.bin |grep “GRUB”
to
see if the phrase “GRUB” exists anyplace within the file. If linux outputs:
Binary file (normal enter)
matches
” on the following line, then likelihood is it is GRUB’s stage1.
To know for certain, you’d need to examine the code in opposition to a recognized supply.
You possibly can view the file much like the Disk Editor View of GRUB above, by working
the command:

#
hexdump -Cv MBRhda.bin |much less

which permits you
to scroll up or down whereas viewing it; simply press the “q” key to stop.
The letter “v” in “-Cv
means “present each byte” within the file.

To seek out out the place
GRUB’s stage2 code is situated, you want to write down the 4-byte (Quad)
Phrase situated at offsets 0044h-0047h within the file, or open
MBRhda.bin
in
that good GUI Hex Editor, KHexEdit from KDE (which can do the
vital decimal conversion for you too):



Notice: highlighted background
colours
added.

If we did not have
KHexEdit, we would use a calculator program to transform the Quad Hex phrase 01934335h
to 26428213 decimal. NOTE that your individual GRUB MBR
can have a distinct quantity right here! As soon as once more, that is the Absolute
Sector location the place GRUB’s stage2 code begins. Should you ever transfer a Linux
partition with the /boot/grub
listing, reminiscent of resizing it or simply changing the information within the grub
listing, GRUB can not perform appropriately till you alter these 4 bytes
to level to the brand new location of its stage2 code! (That is the principle purpose all Linux installs ought to ask you to create a boot diskette with GRUB on it, so you’ll be able to run the GRUB set up program from the diskette to appropriate these hard-coded values if necessar; in any other case, you’d need to manually carry out the calculations and edit your MBR sector as we’re doing right here.) To verify that you have
the proper quantity, substitute your individual sector quantity for the
skip” worth on this command:

#
dd if=/dev/hda of=stage2-1s.bin bs=512 skip=26428213
rely=1

Because of this
‘dd’ will skip 26,428,213 512-byte
sectors
(bs=512) from the start
of the laborious drive, earlier than it copies the following sector into the brand new file “stage2-1s.bin”
(simply the primary sector [count=1];
the entire stage2 file on our system would require 259 sectors).
Should you consider that you have copied the proper sector by yourself HDD, then take
a take a look at it with this acquainted command:

#
hexdump -C stage2-1s.bin |much less

You possibly can view our
instance hexdump display screen
output here.


Updates: 26 September 2008 (26.09.2008); 17 October 2009 (17.10.2009).

Final Replace: 28 January 2018 (28.01.2018).


You possibly can write to me utilizing this: online
reply form
.
(It opens in a brand new window.)

MBR
and Boot Records Index

The Starman’s Realm Index Page

 

 


Source Link

What's Your Reaction?
Excited
0
Happy
0
In Love
0
Not Sure
0
Silly
0
View Comments (0)

Leave a Reply

Your email address will not be published.

2022 Blinking Robots.
WordPress by Doejo

Scroll To Top