Zrobiti record at the zavantazhuvalny sector mbr. What to choose - GPT or MBR? Explain how the standards are changed. What do the abbreviations mean

MBR and GPT. Basic nutrition.

MBR and GPT are by design.

Windows gives us 2 options: Master Boot Record(MBR) Globally Unique Identifier Partition Table(GPT) – Globally Unique Identifier of the Distribution Table. The rest took off the podrimka, Starting with Vista/Windows Server 2008 . Prote Windows XP 64's bitna tezh supported this format.

MBR- Vaughn Master Boot Record- all the main exciting recording on a hard disk. To be found on the cob of a hard drive, that is, in the first sectors of the hard drive. Yogo zavdannya - choose a partition of the disk, in which the operating system will be taken advantage of (well, the head of the head note for the first and last creations). It is worth trying to help a short code that looks like a BIOS after self-diagnostics vivantage in . Gave the MBR variable code, take the kermo control in your own hands and capture the OS from the specified partition of the hard drive (information about the distribution is also included in the capture record). Before speech, the very same headline exciting recording cannot be created on a disk, which cannot be divided into parts and navpaki, it can be created there, where it is possible to put data on a sprat of disk, and virtual attachments.

If the MBR is corrupted, the operating system will never start. As a matter of fact, not only the MBR record was omitted, but the th sector with the main exciting record - the disc can be played only as a support for cups, or as a support for magnets and to play with children.

MBR and GPT. Why is MBR included?

Through the years of research, MBR does not understand what a large disk space is. For MBR "great" starts from the value of 2.2 terabytes. MBR, I repeat, I don’t read obsyagi and don’t visualize it in my mind. Further, MBR accepts only four primary partitions (primary partition) or three primary partitions plus one expansion. In this way, if more expansion is needed, then it is necessary to create a secondary structure on the disk space. Koristuvachevy PC is out of the house as an extension partition (extended partition) - that is a special type of disk partition, which is an extension of the primary partition. Mistify the head bid record (MBR) with the wild table of partitions, but do not allow the partitioning of the table and allow the mother to have more than four partitions on the disk. On a zhorst disk it is possible, as you have already guessed, a sprat of expanded distributions. And after the creation of an expanded division, it is necessary to create one or a few divisions of logical ones ... Meanwhile, the rules for the distribution of divisions for MBR are folding that exchange. Therefore, in the fight against the MBR and GPT tables to change the head of the exciting entry everywhere in the GPT.

MBR and GPT. What is GPT?

GPT– GUID (Globally Unique Identifier) ​​Partition Table – partition table of a globally (statically) unique identifier. Using technically, GPT has a larger modern addressing system for logical blocks, which allows you not only to raise the bar of 2.2 TB, but also to successfully process disks with a volume of troch more than 9 zettabytes you can forget. In addition, GPT is more important, more importantly, that table of partitions of the disk is written on the cob, and in the end of the disk. As one of them is inspired, the other is inspired by the image and likeness of the whole. Tse takes away the song "life" space from the hard drive, and, also, from us with you, so small volumes of disks as a whole life at once from MBR and GPT. GPT may be more sensitive to use on disks with a volume of 500 GB (shorter and more).
Now the beginnings of innovations have been given, and the number of distributions in Winchester itself is not fenced. 128 versions of Windows operating systems on one computer cannot, obviously, sense, but in some cases, the installation of several operating systems of different generations is completely correct. If I want to talk about different generations, I can only use the remaining versions of Windows, starting from Vista. So, OS up to XP in the 32-bit version inclusive of GPT is not supported. And, of course, do not forget about the problem of the 2 TB threshold, as we are happy to share such information. Axis here and start splitting feeds about converting back to MBR, so I can look at the last three. One thing, I’ll tell you about it - about the hard disk layout table (MBR and GPT) and the installation of the base software security motherboard (BIOS or UEFI) in the process of installing the operating system to stand at an inseparable link.

MBR and GPT. Porivnyannia.

And what is my difference?

If you don’t have multi-tasking, then maybe not. As you can see, modern operating systems of the Windows family miraculously work under the care of both file tables. Just when installing operating systems, or looking at the option of a multi-vantage version (you need MBR) of the computer, you need to remember a few moments:

• GPT - more current
• GPT vimagatime in Windows, so that it was zavantazhuvala only in mode
• MBR affects multiple generations of Windows in BIOS mode (although 64-bit versions may also be captured in UEFI mode)

On this theoretical part about MBR and GPT, I will stop moving to practical power for the installed operating systems and converting disk tables:

How can I know what version of the table I have?

Pereviriti, how easy it is. Press the keys Windows+R, enter the command diskmgmt.msc. At the viknі console, choose levoruch Disk management. Choose whether there are any distributions, click with the right button of the mouse and press power(You can see it directly from the System Explorer with the list of local disks) :

At the vikni z present disks (everything is there) choose hard, what to click, and again click on the new two. Show up in the window of the authorities of a particular disk, de vie you know the tab Tom. We know the button Save:

You can go in from the other side. Windows utility

At the console, we sequentially type commands:

Diskpart list disk

What do you want? Under the GPT identifier, nothing can be given disk I don’t have anything:

Good luck to us

Read: 283

Choosing one of the standards GPT or MBR can be easy for the owner of a new computer with a large hard drive and a modern UEFI interface.

These parameters require the transition to a larger current standard.

So, for the obviousness of a larger-less PC, the choice can be crushed by the mediocrity of a practically old MBR - and it can appear as a single option.

Zmist:

What do the abbreviations mean?

Be a hard disk or something solid-state accumulator in front of the records for recording the operating system, system and other information, the language is divided into divisions.

MBR standard, which is decrypted as "Head's exciting record", is itself old way saving data, GPT (or "GUID distribution table") - new.

Having offended the stink necessary for collecting information about the cob and the end of the skin division, the system recognizes how the system recognizes the separation of sectors and signs, which is part of the disk of the zavantazhuvalnoy chi n.

If you want the MBR to be important, we will forgive you - and it is necessary to update it infrequently.

To minus the standard to lie the impossibility of supporting the great number of divisions is a small nedolіk for HDD size up to 500 GB, but even more serious for terabyte chi navit 4-terabyte models.

If it is necessary to create more than 4 cuts, it is necessary to finish the folding with the EBR technology.

Another problem, due to the zbіlshennyam obsyagіv hard drives, which means that it is impossible to use more than 2.2 TB with distributions.

Advantages and shortcomings of the new standard

Improved GPT standard, which step by step replaces MBR, enters the warehouse of UEFI technology, which, in its own way, replaces the old BIOS interface.

Leather split maє svіy unique identifier- arc long row symbols. The advantage of GPT in the case of the old standard can be called:

• vіdsutnіst obmezhen on obyag rasdіlu. More precisely, the maximum value is all the same іsnuє - ale reach її її not earlier, lower in ten years;
• uncircumscribed quantity of distributions- Up to 264 in total, up to 128 for Windows.

On the disk, which supports the MBR standard, data about the distribution of that promotional distribution in the same area. In times of poor quality, a part of the accumulation of the PC in the case of a corystuvach leads to a low number of problems.

Another feature of GPT is the saving of a cyclic superfluous code, which allows you to control the savings of data.

Poshkodzhennya іnformatsiї to bring to negajnoї sprob vіdnovlennya.

At that hour, when the MBR was found out about the problem, it came out after the system stopped zavantazhuvatisya, and її split up.

Among the minuses of the varto standard is the lack of support for advanced technologies. I want the operating system with an old-fashioned interface to be known, the efficiency of the intervention is minimal. In addition, with the alternative option, it is not possible to assign names to all disks, so it’s the same as splitting them, and updating data is not always more accessible - through the exchange of a large number and rozashuvannya of duplicate tables.

madness

Trying out the settings GPT disk for the help of technologies that only MBRs are promoting, they haven’t done anything- in such a rank, the zahisny variant of the head zavantazhuvalnogo record zapobіgaє vipadkovomu overwriting that rozmіttsi for the old standard.

Windows systems are interested in using GPT disk technology only on attachments that support the UEFI interface - that is, on laptops and PCs with windows from Vista to 10-ї.

As if the firmware of the mother board is to be avenged, they will be read, but it will not be zavantazhennya, better for everything.

Wanting to use the operating systems of the building with GPT-disks as a treasure trove of information.

Next to know: The GPT standard is supported by other operating systems, the Linux code. And on Apple computers, this technology replaced the old APT distribution table.

Comparison of standards

To assess the similarity and authority of the two standards, the possibility of their work, storage and enchanting interface, varto create a small relative table.

According to him, it’s easier to appoint him, what is the standard for distribution of vicorists for your computer.

The problems of robotics with the new standard are the same version

The foundation of two standards can lead to the vindication of the same problems. Especially, as on the computer, the zawantage is blocked in a different way, the cream of the hard drive.

To correct the situation, allow the transition to, which does not allow to practice with the new standard - and if you try, get on the screen for a pardon, which reminds you about the appearance of the GPT distribution style.

It is not so easy to solve the problem - for whom it is necessary to take the greatest exciting disk from Windows OS vikonati takі dії:

• Almost started from disk;
• Dіty until the moment of choice, Who blames the problem;
• Launch console(one hour pressing Shift and F10);
• Start a job with a special utility by entering the diskpart command.

Once the program is running, type “list disk”, which will cause a list of numbered disks to appear on the screen.

Now it's enough to enter command line"clean", having cleaned send in information, then go to the revision of the standards.

In order to convert a GPT disk to an old format, enter the convert mbr command, which allows you to work with the disk and install it on a new platform.

This utility ensures the work of the divisions.

For example, command prompting "create partition primary size=X" I create a partition with a size of X GB, "format fs=ntfs label="System" quick" Will disable formatting in NTFS, and "active" will allow the partition to become active.

Visnovki

Virishyuyuchi, what standard vikoristovuvaty, GPT or MBR, sled vznacheti, what zavantazhuvalnyy іinterfeys vikorivuєєєє, і їmіrіrіr hard drive on pc.

For the obvious BIOS firmware of the robot with GPT, it will be impossible. For more current computer, completions , navpacks, not varto select MBR.

On the basis of new motherboards, released by the rest of the years, the UEFI interface is already installed - also, there are no problems from GPT.

Disk Prote don't get rich- not a lot of buyers choose computers with HDDs larger than 2 TB and, if larger, require 2.2 terabyte distributions.

through ce special support to choose the standard for great koristuvach until now- And the axis for the wine server will be a wonderful option.

Video:

Golovna zavantazhuvalna record

Golovna zavantazhuvalna record(Engl. master boot record, MBR) - code and data, necessary for further capture of the operating system and distribution in the first physical sectors (mostly in the first) on a hard disk or another extension for storing information.

MBR to avenge a small fragment of the code to be copied, a partition table and a special signature.

The MBR function - “jump” at the partition of the hard disk, from which follow the “farther code” (sound - grab the OS). At the "MBR stage" the selection of the disk partition is selected, the OS code is captured at the last stages of the algorithm.

During the process of starting the computer, after completing the Power-on self-test (POST), the Basic Input-Output System (BIOS) captures the “MBR code” into RAM (in the IBM PC, sound from address 0000: 7c00 ) and transfer control to the enchanting code that is in the MBR.

The role of the MBR space in the occupied computer (for x86 architecture)

The x86 computer process has a BIOS upgrade. At this stage, the crime of testing and initialization of the computer, I will also choose to build it, so I will be more interested in it. It can be a floppy disk, a hard disk, fencing resource, vbudovaniya ROM or whether it be some other attachment (the algorithm for choosing an advanced attachment can be different and fall into the BIOS implementation). After the choice of the avant-garde, I will build a keruvannya all away BIOS advances I will transfer all attachments.

If the attachment can only be split one (for example, a floppy disk or a lesser investment), then the choice is unambiguous, and the investment is continued in the next building. However, in order to avenge a sprinkling of splits, skins from some of them can potentially be vanquished (like, for example, in many hard disks), the innocence is to blame: for some of the same splits, the robit is zavantazhennya. To eliminate the ambiguity, the choice of the partition was ordered to blame the BIOS control chain and transfer the choice to the add-on itself. Winykla vikoristati idea for others small program, I wrote it down on my nose, so I would write it down. This is how the concept of MBR was blamed.

In this way, the potentiality of a few exciting divisions, the middle of which is necessary to select a choice is the key moment in the need for the emergence of MBR. For annexes with a single (or unambiguously set) avant-garde division, the MBR concept does not make sense and does not win.

MBR development

Other MBR functions of the main function (selection of the distribution) include also other functions, for example, authorization. Alece is already an extension of that addition to the main function of the MBR task. Such systems did not have a wide width.

Other (non-x86) systems

Due to the fact that in other systems other architectural solutions (starting from the activation of the bay and stopping the OS advances) are stuck, the MBR concept can be fixed before them.

MBR standardization

There is no approved standard for the structure of MBR, however, there are “stored traditions”, which are supported by more MBR from different manufacturers.

Other MBR formats

Entrepreneurs, using standard Windows-advantages, can beat the entire space between MBR and the first division (about 32 kb) for personal purposes. In such cases, under the MBR, the entire exciting code is understood, and for seeing the first 512 bytes, it seems that the stench is spread in the MBS (Master Boot Sector) - the head of the exciting sector.

Algorithm to work with the MBR code from Microsoft

BIOS (up to MBR)

• BIOS
• The BIOS determines what kind of attachment I will add to the robit as far as possible: a floppy disk, a flash drive, a hard disk, etc. tweak BIOS)

• The BIOS reads one sector (512 bytes), which is located at the address: "cylinder 0, head 0, sector 1", and places it in the memory area at the address 0000: 7c00
• BIOS checks if this sector ends with signature 55ААh

• BIOS sends a cure for address 0000:7c00 (for the MBR sector)

MBR

Selecting an advantageous distribution and rechecking the MBR’s strength:

• Copy MBR to yourself from address 0000:7c00 to address 0000:0600
• MBR looks through all the entries about the split and then the first entry about the "active" (== "adventurous") split (then it looks like the split, meaning 80h)
• At the time of success (partition, meaning 80h - known) MBR remembers the number of this partition

• MBR looks through all the records that are left out, and checks if there is only one active partition (which more partitions, marked 80h, are not available on this physical disk)

• MBR checks that in this field for all 4 divisions there are no other values, cream "00h" and "80h"

At what point does the MBR re-verification end and preparations begin before the OS is taken over:

• MBR reads the first sector of a logical disk marked as "vanquished" and places the entire sector at address 0000:7c00
• MBR checks if this sector ends with signature 55ААh

• MBR sends a key to the address 0000:7c00

Captured sector of the logical disk (after MBR)

Place the offensive sector according to the type of file system on the logical partition of the disk and remove the code, which determines the importance of that exploitation of the power of the operating system on given type file system

MBR structure

Zavantazhuvach code

After the completion of the POST procedure in RAM at the address 0x0000:0x7c00, the capture code is written, after which control is transferred to it. Startup manager - analyze the partition table of the hard disk, then either transfer the control of the startup code to the active partition, or start up the kernel of the operating system in RAM and transfer control to it.

Table of divisions

The distribution table collects information about the type of distribution and distribution on the hard drive.

Signature

The remaining two bytes of the MBR are called the signature. The value of these bytes can be 55h AAh. If it is not so, the record is considered incorrect.

The structure of the description of the division

Sign of activity of branches

Sign of the activity of the distribution - a sign that means the possibility of capturing the operating system from the distribution. For standard venturers, you can take the following values:

• 80h - divided into active;
• 00h – partition is inactive;
• other meanings are pardoned and ignored.

Cob split / Kіnets split

Coordinates of the cob and the end of the division in CHS-format (cylinder, head, sector). CHS does not allow overriding addressing greater than 7.8 GB of data, and for addressing up to distributions that are beyond 7.8 GB, LBA addressing is overridden.

Partition type code

The code of the file system, which is to be hacked on this distribution.

At the same time, as if the extensions were split, the coordinates of the split cob should be indicated on the EBR.

For whom, I’ll tell you how to write a multi-task manager. Manager multizavantazhennia є code, which is in the zavantazhuvalny sector, and on the choice of koristuvach zavantazhuє whether it be from dekіlkoh operating systems installed on the computer. During the negotiation process, you will get to know the revisions of INT 13h, the table of divisions later. Standard zavantazhuvach, which will be installed by more operating systems behind locks, should be primitive, so that you can take it all seriously, and non-standard zavantazhuvach in the form of independent retailers should sound like something inconsistent and not necessary. Axis and let's write our own! While we are writing it, we know the tao and the zen of assembly language, learning how to tweak programs without a tweaker and get better acquainted with the low hard drive interfaces.

You can change disks through I/O ports, and through the BIOS. Ports can be richer and more cyanotic, the BIOS is programmed more simply, before that there is a large number of different-caliber storage devices, abstracting from the design features of the skin specific model. To that it is possible through it, or rather, through the INT 13h interface.

The function number is entered in the AH register. At the same time, reading is more comfortable for two. Registry AL is determined by the number of sectors that are processed. If we choose to read one sector per operation, then we put it here alone. The DH register stores the head number, and DL the drive number (80h is the first hard drive, 81h - other, etc.). Five young bits to the CL register set the sector number, bits to the CL register that are left out, and the highest bits to the CH register assign the number of the cylinder, which we want to read. The register pair ES:BX indicates the address of the receive buffer. Axis, vlasne, and that's it. If the INT 13h command is passed, which are read, appear in the buffer, and if there is a pardon (for example, the head "stumbles" about the BAD sector), then the BIOS will set the carry flag (carry flag), and we will hesitate or repeat the test, or display a sum of messages on the screen.

The code for the representation assembler program in Listing 5.6.

Listing 5.6. Code, which reads the lucrative sector or expands the table of distributions

MOV SI, 1BEh; Skip to the first section
MOV AX, CS; Nalashtovuemo ES
MOV ES, AX
MOV BX,buf; Buffer misplacement
...
read_all_partitions:
MOV AX, bud; Read 1 sector from disk

MOV DH, ; Head start number
MOV CX, ; Start sector from cylinder INT 13h
JC error; pardon reading
;Obroblyaemo boot-sector cures or expand the distribution table
;===================================================================
;
CMP byte, 80h
JZ LOAD_BOOT; Tse lucrative sector
; We transfer to a new keruvannya
CMP byte, 05h
JZ LOAD_CHS_EXT ; The table of distributions has been expanded
; in CHS format
CMP byte, 0Fh
JZ LOAD_LBA_EXT ; The table of distributions has been expanded
; in LBA format
ADD SI, 10h; Let's move on to the next division
CMP SI, 1EEh
JNA read_all_partitions; Reading all divided one by one
...buf rb 512; Buffer for 512 bytes

Recording a sector in CHS mode is practically the same, only register AH is not 02h, but 03h. With the LBA mode, the expansion is richly folded, ale mi, like a right hacker, yoga obov'yazkovo podzhaemo.

Reading a sector is assigned to the 42h function (AH = 42h). In register DL, as before, the number of the drive is entered, and the axis of the register pair DS:SI indicates the address packet (disk address packet), which is the format described in Table 1. 5.4.

Table 5.4. Address packet format, which is used for reading and writing sectors in LBA mode

The code that reads the sector in LBA mode appears to look like the one shown in Listing 5.7.

Listing 5.7. The code that makes reading a sector from a disk in LBA mode

MOV DI, 1BEh; Skip to the first section
MOV AX, CS; Let's go...
MOV buf_seg; ...segment
MOV EAX, ; Misplacement partition shodo
; split the cob
ADD EAX, EDI; EDI is guilty of revenge sector number
; streaming MBR
MOV;
...
read_all_partitions:
MOV AN, 42h; Read sector in LBA mode
MOV DL, 80h; Read from the first disk
MOV SI, dap; Address packet shift INT 13h
JC error; pardon reading
...
dap:
packet_size db 10h; Packet size 10h bytes
reserved db 00h; "Stash" for future expansions
N_SEC dw 01h; Reading one sector
buf_seg dw 00h; This will include a segment of the buffer-primach
buf_off dw buf; Receiver buffer misplacement
X_SEC dd 0; The number of the sector for reading will be entered here.
dd0; Really not vikoristovuєtsya tail
; 64-bit addresses
buf rb 512; Buffer for 512 bytes

The record is written in the same way as the reading, but the register AH is not 42h, but 43h. The AL register sets the mode: if bit 0 is more than 1, the BIOS does not write, but emulates. Bit 2, being recorded, is recorded with reverb. If register AL is equal to 0, the highest promotion record will be counted.

Now, having become accustomed to disk rearrangements, let's move on to discussing other aspects of programming.

The most interesting ones are programmed on FASM. From the look of the assembler, it is zavantazhuvach є zvichaynym dvіykovym file, marginally admissible obsyag to become 1BBh (443) bytes. Not rich? Ale, do not hurry with the whiskers. The leather split is always based on the cob of the cylinder, and tse means that between the end of the MBR and the spat on the cob there are at least n free sectors, de n == sectors per track. May all modern hard drives have 64 sectors per track, which gives us: 443 + 63*512 == 32,699 bytes, or approximately 32 KB. That in tsey obsyag navіt graphical interface you can accommodate with a mouse! We won't be able to protect anyone. Help hackers work in the text mode with the command line.

As it was already said, the BIOS captures the MBR at address 7C00h, which can have the ORG 7C00h directive on the top of the assembler code, and also USE16, even if it captures in 16-bit real mode. Pіznіshe, for bazhannya, vіn can go to the stolen regime, but we'll be sweating. Not available in such a world.

If you have shown the profitable division (and it can be seen after the ensign 80h, which is known by the zero offset in the ear of the division), the adventurer is responsible for the first sector of the division, having placed it in the memory at the address 0000: 7C00h, then exactly. And the axis is already bad! І schob not viklikati collapse of the system, the zavantazhuvach is guilty for a long time to transfer his body to another address, which is called by the MOVSB ​​command. You can copy for any memory address - from 0080:0067h to 9FE00h. Memory, expanded lower than 0080:0067h, don’t cut it better, so here you can find vectors and system BIOS changes, and in A000h and more, the ROM display area is repaired, so the address A000h - 200h (sector size) is marginally available 9FE.

Do not forget that it is not possible to read the DL register in any one time, the numbers of the exciting drive are transferred to the new one. Deyakі zavantazhuvachi vengeance pardon, zavzhd zavantazhuyuchis from the first hard disk, and at that hour, like the BIOS is already more than 10 years old, how they allow you to change the order of the zavantazhennia, and that zavantazhuvalny can be a kind of ghost.

Seemingly true, FASM is the only assembler that can "forward" the JMP 0000:7C00h command to the far-flung loop without interruption. All other assemblers should be twisted like this: PUSH offset_of_target/PUSH segment_of_target/RETF . Here we close the stack with a segment and a shifted target address and a distant RETF that will take us to the needed place. You can also speed up the code that is self-defining by selecting the JMP FAR command "manually", or simply enter the target address in one segment with the output address (for example, 0000:7C00h ? 0000:7E00h). However, it is necessary to move motor and stomlyuyuchi.

Zagalom, the skeleton of our adventurer looks like it is shown in Listing 5.8.

Listing 5.8. The skeleton of the simplest fascinator of spellings on FASM

use16
ORG 7C00h
CLD; Copy to the right
; (have a bіk zbіlshennya address)
MOV SI,7C00h; Copy stars
MOV DI,7E00h; Where to copy
MOV CX,200h; Dovzhina sector
REP MOVSB; Copy
; // We choose to divide, whichever one wants to take advantage of,
; // read yogo for the riddle at address 0000:7C00h
; // (div. listings 5.7 and 5.6)
JMP 0000:7C00h; Transferring management to the lucrative sector

Under the old MS-DOS, it was easy to write your own zavantazhuvach from the MBR. For which it is enough to switch the reset INT 13h, function 03h (sector write). However, under Windows NT, this approach does not work, and you have to resort to the services of the CreateFile function. To change the name of the file to be displayed, specify the name of the attachment, for example, .PHYSICALDRIVE0 (the first physical disk), it is possible to read and write the sector with the ReadFile and WriteFile commands, obviously. In this case, the dwCreationDisposition ensign is responsible for setting the OPEN_EXISTING value, and the dwShareMode ensign to the FILE_SHARE_WRITE value. You will still need the rights of the system administrator, otherwise you will not see anything.

The end of the CreateFile shortcut looks like Listing 5.9.

Listing 5.9. Vіdkrittya without intermediary access to hard drive under Windows NT

XOR EAX, EAX
PUSH EAX; hTemplateFile
PUSH dword FILE_ATTRIBUTE_NORMAL; dwFlagsAndAtributes
PUSH dword OPEN_EXISTING; dwCreationDisposition
PUSH EAX; lpSecurityAttributes
PUSH dword FILE_SHARE_WRITE; dwShareMode
PUSH dword (GENERIC_WRITE OR GENERIC_READ) ; dwDesiredAccess
PUSH DEVICE_NAME; Im'll build
CALL CreateFile; Vіdkrivаєmo pristriy
INC EAX
TEST EAX, EAX
JZ error
DEC EAX
...
DEVICE_NAME db ".PHYSICALDRIVE0",0
BUF RB 512; Buffer

Opening the physical disk and having changed for the success of the operation, we are to read the original MBR-sector from the buffer, overwrite the first 1BBh bytes, at the same time do not read the partition table and the signature 55h AAh . Now it is necessary to write updates to the MBR code on the site and close the add-on handle. After the re-advancement, all the changes will come to chivalry.

It’s true, it’s entirely possible that you made changes and don’t think about gaining decency. Zavantazhuvach zhorstoko avenge for the least pardon of the project. So, if you don't want to waste your time, it's better to practice on VMWare or maybe some other PC emulator.

Under Windows 9 x As you understand, the CreateFile trick doesn't work. But there you can speed up the simulation from DMPI or go back to the ASPI driver. Offending methods were reportedly described in my book "Technique for the protection of CDs in the form of copying". However, if you want to talk about CDs and not HDDs, most disks are programmed in the same way.

First of all, write a vlasny zavantazhuvach, it is recommended that you try out non-standard zavantazhuvach. All suggestions below are under the license of GPL or BSD, so without borders.

Ge2000.asm is a real commentary of the Stealth-virus, which controls the system zavantazhuvach to its own power. Although it is a virus, but it is not safe, and it may be vikoristany at primary goals.

Mbr.asm - borderline simple, but fully functional zavantazhuvach іz pіdtrimkou rasdіlіv over 8 GB.

Bootasm - multi-target manager with briefing comments, switch to stealth mode, you can take advantage of a floppy disk, CD, zip disk, hard drive, etc. Let's try to distribute over 8 GB, showing the indicator of interest and to make a lot of other brown speeches, so as not to make a victim.

It is very important to change the code of the zavantazhuvacha. Zavantazhuvach otrimu zavodnya back to the launch of the operating system, if the same tax is still not practicable. Dekіlka rokіv that tse represented a great problem, and when developing "tricks" zavantazhuvachіv it was possible either to integrate a mini-adjuster into them, or to shukati pardons by hand, spinning the listings with the olive in the hand. With the advent of the emulator, everything has changed. Just run an emulator like BOCHS (Fig. 5.5), and you can run the vanity just like any other program!

Rice. 5.5. Starry look BOCHS emulator in the process of improving the lucrative sector

Programming zavantazhuvachіv - one of the quiet poor areas, in which assembler programming is rightly primed. Movies of high equanimity for which need to abstract from the possession. Moreover, the stench is not enough gnuchki. Axis why hackers love to mess around with zavantazhuvachami so much, adding a lot of new possibilities here, including auto-entry from CD-ROM or SCSI disks, antiviruses, password protection from data encryption. Here it’s true to turn around, and why show all your abilities. As a supplementary reading, I recommended you a sprat like a tsikavih dzherel. Stink Axis:

? MBR and OS Boot Records- Masa cicago material by MBR (on English): http://thestarman.narod.ru/asm/mbr/MBR_in_detail.htm;

? BOCHS- Vіdminnyy emulator with vbudovanim nalagodzhuvachem, scho significantly easing the process of "start-up" zavantazhuvalnyh sectors. Bezkoshtovny, rozpovsyudzhuetsya with external texts: http://bochs.sourceforge.net;

? http://www.koders.com(Fig. 5.6) - a search engine, targeting search codes with external codes, keyword MBR sees the greatness of the number of zavantazhuvachiv for any relish;

Rice. 5.6. Search for external MBR texts on the Koders website

? Ralph Brown Interrupt List(Figure 5.7) - celebrity Interrupt List by Ralf Brown, which describes all interruptions, including undocumented ones (in English language): http://www.pobox.com/~ralf;

Rice. 5.7. Revisiting Ralph Brown's legendary "Cheer List"

OpenBIOS is a project of the "Open BIOS" that can be found in the texts. Helps to understand the non-obvious moments of processing the system zavantazhuvacha: http://www.openbios.info/docs/index.html.

15.5. Reinvention head exciting record ( MBR)

The disk sector in which the yogo table of partition is saved, otherwise head exciting entry ( MBR - Master Boot record ) , є the most important zone of accumulation. This sector has 512 bytes of inventory space logical divisions (no more than chotiroh) , as well as instructions for starting the operating system. Yakscho MBR to appear poshkodzhenoy, the system cannot recognize a hard disk, it doesn’t seem to be about those who want to get involved in something new. It’s a pity (with the possibility of access to all data that is stored on a hard drive) . However, there are some programs that allow you to reconstruct an important area of ​​the disk in some cases. A package is visible to them Norton Utilities for Windows, MIRROR software ( DOS 5.0) and UNFORMAT ( DOS 6.2 x ) for disks with file systems FAT 16, as well as the program FDISK - Remaining records of the poshkodzhennogo head zavantazhuvalnogo record.

15.5.1. ProgramsMIRRORіUNFORMAT

It’s easier to insure against unacceptable heritage, then pay them less - tsya great truth valid for the renewal of data. What operating system is installed in the system DOS version 5.0 or worse, then to save a backup copy and a further update of the head exciting recording, you can use two programs: MIRROR. EXE and UNFORMAT. COM . While the hard drive is not in order, enter the next command: MIRROR/PARTN

MIRROR program entered the warehouse DOS 5.0, and the upcoming versions of the OS, for some unreasonable reasons, were moved. However, you can check out old distributions or search the archives on the Internet.

After starting the program MIRROR feeds the name of the disk drive. Insert an advanced floppy disk into drive A: or B: and let the program create a copy of the hard disk partition table on this diskette. Roblyachy such operation regularly (Let's say, once in a pivroku) , Keep a backup diskette in stock for troubleshooting problems with a hard disk. Yakscho yoga MBR to appear poshkogenoy, then zavantage the computer h guessed floppy disk (On it, the cream of the table of breakdowns, the copying file is to blame UNFORMAT . COM ) and enter the command

UNFORMAT/PARTN Program UNFORMAT ask for the name of the backup file MBR (sound vin is called RARTNSAV . FIL ) . Enter letter designation accumulating (A: or B:), where there is a floppy disk with a cim file, and the robot program is continued. Since you have no doubts about the reliability of saving data about the disk bit, confirm your mistake, and then reset the computer from the hard disk. As for the new bulo, it was less than the head zavantazhuvalny record, the computer is guilty of pratsyuvati normally.

There is no need to regularly copy the main exciting entry. It changes less when reformatting a disk, it is enough to create a backup copy once without a second after the procedure.

15.5.1.1. Wikoristanya programs FDISKw key /MBR

Vee, mabut, read that chuli, scho program FDISK it is not possible to win for recognizing data, but it is not possible to make such changes to the structure of the disk, since any information that was saved on the new one becomes inaccessible. Tse truth - but not the whole. This program has an undocumented function that allows you to add an interesting code to the cob MBR , without chipping the table itself. If the main exciting record cannot be reconstructed by other means, then you can speed up the team FDISK/MBR and try to find out if you want to b її part. Started with key / MBR, FDIS program Until pratsyuє automatically. The menu will not be displayed on the screen - the program simply renew the code on the cob MBR and turn the management of the operating system DOS . Career potential insecurity programs FDISK , vikoristovuvaty tsyu undocumented mozhlivist is possible only as the remaining zasіb vіdnovlennya main zavantazhuvalnogo record. As a result, the team won FDISK/MBR your data, for an idea, are not guilty of ruining, but to everyone! Therefore, first go to the extreme, create a backup copy of the maximum possible amount of data from the hard drive.

Check out the latest version of the software FDISK as to your operating system. For example, as an OS is installed in the computer Windows 98, then run the file on the icon FDISK. EXE , entries on the start disk Windows 98

15.5.2. ProgramRESCUEPROFESSIONAL

Well, work in quiet situations, if you need to have enough information, which are saved on a hard disk, but if you talk about it, you won’t receive a confirmation, otherwise the screen will display notifications on the kshtalttrack 0 bad, disk unusable (zero track is broken, it is impossible to beat the disk) ! Rescue Professional by AllMicro є autonomous (self-employed) by way of recognition of data, moreover, the software part is divided in such a way that it interacts directly with the hardware of the computer and allows you to change both files and directories. On the basis of the earlier descriptions of the procedures for the renewal of data, in the event of vikonann, shy to try this world, Rescue Professional do not correct the broken tables of the split, or zavantazhuvalny records DOS . The only meta system of the program is to ensure the management of accumulative (like, obviously, in reference) that vodnoviti as much as possible kіlkіst filіv іz quiet, їy їy vdasya viyaviti on disk.

15.5.3. Data recovery after the disk reformatting

At the process of high-level formatting, as if it were looking for help programs FORMAT , overwrites the occupied sector and the root directory of the disk. In addition, when formatting, the overhead of recording and reading data in all clusters is checked, and the information about the error in the middle of the placement of data is entered into FAT . For an idea, formatting by a ruinous process, tobto. The data is written to the disc after it becomes inaccessible. Prote, they themselves stink nowhere. Tse means that after the vipadkovy formatting of the partition of the disk, data, which were saved for something else, you can still vryatuvat. In the operating system Windows there are no good tools for redoing data on a re-formatted disk, but there are other programs that allow you to save copies of data from the system areas of disks and for the need to rip them for redistribution of zipped partitions. How do you practice at the middle DOS 6.2x , then you can speed up for which program UNFORMAT (reserved from the package PC Tools firms Central point ) . For example, to update the front panel of the C drive: enter the commandunformat w: Give up one important furnishing: the program UNFORMAT need to run immediately after formatting, while the file allocation table is still empty. Tse є necessary mind successful vikonannya programs UNFORMAT . The appearance of new files on the disk may destroy the work and prevent it from accepting previous data.

15.5.3.1. ProgramEasyRecovery

As soon as a hard disk goes out of tune, it sounds like it’s correcting a specialized machine. There, to build up such a camp, so that it would be possible to gain tribute from it. If the hardware part of the accumulator is in order, then you can speed up the program EasyRecovery by Ontrack for the sake of data, do not try to find out in any other way. This program is recognized for updating information by the authors themselves and allows you to reconstruct the file structures of disks (Including 8.4 GB in distributions) . EasyRecovery does not try to correct the error on the disk and nothing is written to the new one. The file allocation table is updated in the computer's memory, after which the data is transferred to another storage device (for example, to another hard drive) . At whom you can see the main possibilities of the program EasyRecovery and make some practical recommendations about how to stop.

Most of the process of renewing data is carried out without your participation. You need to select files, but if you don't know how to stink - lie not in front of you. Tim is not less, he has a sprinkling of rules, with the help of others, you can achieve the best results.

· The pledge of successful renewal of data is regular backup copies your work data. If you happen to reinstall the operating system and all programs, then for the presence of such a copy you can quickly restore the situation and continue the work. If you don’t have such a copy, and you can’t restore the data on the disk, then all the work you have done will be lost.

· First of all, throw in the data, turn it over, which is correctly inserted in BIOS accumulator parameters Change the parameters in the geometrical model of a hard disk. (or yoga part) become unavailable. For some types of "renewal of data" it may be less before setting the parameters BIOS.

· Don't be fooled by the programs of danish renewal. For example, do not start varto CHKDSK in front of the curated programs EasyRecovery . More efforts to reinstate these data may misinterpret the results of such work. simple programs, yak CHKDSK ..

· Be sure to prepare a reserve accumulator, for which the renewed data will be recorded (another storage device on a hard disk, rimmed disk, storage type jazz or Zip ) . On the new May, buti is enough free space for placement of updated files (with different drives type jazz or Zip stock up on a sufficient amount of replacement noses) .

· See sufficient commitment operational memory for team-hour savings (there the stench will be rebuked until the moment they are transferred to the backup accumulator) . Like operational memory, there is a part of the hard disk space (file download) , then switch over to the fact that there is enough free space on the new one - and by no means place the download file on the new one (Tobto not so arrogant) disk.

· Programs for the renewal of denighs can pracsyuvati dosit dovgo. Be prepared for the fact that part of your working hour you happen to donate (it is unlikely that you will be able to improve on the computer, while you still have the files updated) .

· Before that, how to hurry up with the program of remembrance of dans, change your mind, what is there file system I divided a hard disk for you ( FAT 16, FAT 32 or NTFS ) that building was to complete the volume of the vіdpovіdny rozmіru. If the program is not suitable for one of the parameters, the test of some choice can leave enough hope for the renewal of data - as a result of the work of such a program, the stink will be residual. Reconsider that the data update program has been updated to the rest of the version (or accept pardons in the corrected office) .

· To get rid of unacceptable data, connect a computer - accept data for an hour - to the point of security. leg food.