NTFS分区的引导源码.docx
《NTFS分区的引导源码.docx》由会员分享,可在线阅读,更多相关《NTFS分区的引导源码.docx(8页珍藏版)》请在冰豆网上搜索。
NTFS分区的引导源码
NTFS分区的引导源码
windows2000
操作系统
安全
NTFS文件系统有着非常优秀的特性,其安全性、可靠性都远胜于我们常用的FAT文件系统,但是微软公司出于商业目的没有公布它的规范,使得这种优秀的文件系统只能在WindowsNT架构的操作系统中使用。
不过先辈们唱得好:
“没有枪没有炮,敌人给我们造!
”。
不管微软再怎么保密,它自己总要使用NTFS文件系统。
那我们就通过分析它的代码来研究NTFS文件系统的规范呐。
下面就列出小弟在仔细分析之后制做的Windows2000build2195版格式化的NTFS分区的引导记录的源代码,以此与各位同好共勉。
本代码在MASM6.11下编译通过。
其中与分区结构相关的数据仅适用于在下自己分的分区,各位引用时请自行代入正确的值。
.486
TitleNTFS$BootofWindows2000build2195
CodeSEGMENTBYTEPUBLICUSE16'CODE'
ASSUMECS:
Code,DS:
Code
NTFSPROCFAR
START:
JMPSHORTLoader
DB90H
PartitionIDDB'NTFS'
BytePerSectorDW512
SectorPerClusterDB1
SectorNumWantedDW0
SectorWantedDD0
SupportExtendInt13FlagDB0
StorageMediaDB0F8H
DB0,0
SectorPerTrackDW3FH
HeadsDW0FFH
HiddenSectorDD3FH
CHSMaxSectorNumDD0
CurrentDiskDB81H
DB0,8,0
SectorsInPartitionDD3E81FFH
DD0
MFTPositionDD0C5A70H
DD0
MFTMirrPositionDD1FCD0AH
DD0
ClusterPerFRSDD2
DB08H,0,0,0,0F6H,79H
DB58H,5CH,0BBH,58H,5CH,0F4H
DB0,0,0,0
Loader:
CLI;Disableinterrupts
XORAX,AX
MOVSS,AX
MOVSP,7C00H;Initalizestack
STI;Enableinterrupts
MOVAX,7C0H
MOVDS,AX
CALLGetCHSMaxSectorNum
MOVAX,0D00H
MOVES,AX
XORBX,BX
MOVBYTEPTRDS:
[SectorNumWanted],10H
CALLReadSector
PUSH0D00H
PUSH26AH
RETF
NTFSENDP
;-----------------------------------------------------------------------------
GetCHSMaxSectorNumPROCNEAR
MOVDL,DS:
[CurrentDisk]
MOVAH,8
INT13H
JNCLost
MOVCX,0FFFFH
MOVDH,CL
Lost:
MOVZXEAX,DH
INCAX
MOVZXEDX,CL
ANDDL,3FH
MULDX
XCHGCL,CH
SHRCH,6
INCCX
MOVZXECX,CX
MULECX
MOVDS:
CHSMaxSectorNum,EAX
RET
GetCHSMaxSectorNumENDP
;-----------------------------------------------------------------------------
IsSupportExtendInt13PROCNEAR
MOVAH,41H
MOVBX,55AAH
MOVDL,DS:
CurrentDisk
INT13H;Issupportextendint13h
JCSHORTNotSupport;JumpifcarrySet
CMPBX,0AA55H
JNESHORTNotSupport;Jumpifnotequal
TESTCL,1
JZSHORTNotSupport;Jumpifzero
INCBYTEPTRDS:
SupportExtendInt13Flag
NotSupport:
RET
IsSupportExtendInt13ENDP
;-----------------------------------------------------------------------------
;Function:
readnumberindicatedby[WantedSecotrNum]sectorsat[WantedSector]toES:
BX
ReadSectorPROCNEAR
PUSHAD;Saveallregs
PUSHDS
PUSHES
GetReadParam:
MOVEAX,DS:
[SectorWanted]
ADDEAX,DS:
[HiddenSector]
CMPEAX,DS:
[CHSMaxSectorNum]
JBNEARPTRReadByOldInt13
;SectornumberislessthanCHSMaxSectorNum,useoriginint13h
PUSHDS
;PUSHDWORDPTR0
DB66H,6AH,0
PUSHEAX
PUSHES
PUSHBX
PUSHDWORDPTR10010H
CMPBYTEPTRDS:
SupportExtendInt13Flag,0
JNENEARPTRSupported
CALLIsSupportExtendInt13
CMPBYTEPTRDS:
SupportExtendInt13Flag,0
JENEARPTRFatalFault
Supported:
MOVAH,42H
MOVDL,DS:
[CurrentDisk]
PUSHSS
POPDS
MOVSI,SP
INT13H;readsector
POPEAX
POPBX
POPES
POPEAX
POPEAX
POPDS
JMPSHORTOneSectorRead
ReadByOldInt13:
XOREDX,EDX
MOVZXECX,WORDPTRDS:
[SectorPerTrack]
DIVECX
INCDL
MOVCL,DL
MOVEDX,EAX
SHREDX,10H
DIVWORDPTRDS:
[Heads]
XCHGDL,DH
MOVDL,DS:
[CurrentDisk]
MOVCH,AL
SHLAH,6
ORCL,AH;Buildreadsectorparameters
MOVAX,201H
INT13H;Readsector
OneSectorRead:
JCNEARPTRFatalFault;Readerror,shutdown
MOVAX,ES
ADDAX,20H
MOVES,AX
INCDWORDPTRDS:
[SectorWanted]
DECWORDPTRDS:
[SectorNumWanted]
JNZGetReadParam;Fixupparameters
POPES
POPDS
POPAD;Restoreallregs
RET
FatalFault:
:
MOVAL,ReadDiskErrorOffset
ReadSectorENDP
;-----------------------------------------------------------------------------
DispFatalMsg:
:
CALLPrintString
MOVAL,ShutDownMsgOffset
CALLPrintString;Displayshutdownmessage
STI;Enableinterrupts
ShutDown:
JMPSHORTShutDown;Crash
;-----------------------------------------------------------------------------
PrintStringPROCNEAR
MOVAH,1
MOVSI,AX
LoadChar:
LODSB
CMPAL,0
JZSHORTPrintStringEnd
MOVAH,0EH
MOVBX,7
INT10H
JMPSHORTLoadChar
PrintStringEnd:
RET
PrintStringENDP
;-----------------------------------------------------------------------------
ReadDiskErrorDB0DH,0AH,'Adiskreaderroroccurred',0
MissNTLDRErrorDB0DH,0AH,'NTLDRismissing',0
NTLDRCompressedDB0DH,0AH,'NTLDRiscompressed',0
ShutDownMsgDB0DH,0AH,'PressCtrl+Alt+Deltorestart',0DH,0AH,0
DB13DUP(0)
ReadDiskErrorOffsetDB83H;OFFSETReadDiskError
MissNTLDRErrorMsgDB0A0H;OFFSETMissNTLDRError
NTLDRComperssedOffsetDB0B3H;OFFSETNTLDRCompressed
ShutDownMsgOffsetDB0C9H;OFFSETShutDownMsg
DB0,0
BootValidFlagDW0AA55H
UnicodeNTLDRDW5
DB"N",0,"T",0,"L",0,"D",0,"R",0
UnicodeDirectory:
DW4
DB"S",0,"I",0,"3",0,"0",0
AttributePointDD0E000H
MFTPointDD3000H
MFTNumberDD0
TempRootBufferDD0
TempDirBufferDD0
TempBitmapBufDD0
RootAttributeDD0
DirEntryListDD0
BitmapAttributeDD0
TempMFTDD0
DD0
TempDataBufDD0
BitampPointDD0
ParamTailPointDD0
BytePerClusterDD0
MFTSizeDD0
MFTSizeBySectorDD909012EBH
MFTTailDD0
BytePerRecordDD0
DATA_46DD0
SectorPerRecordDD0
Booting:
MOVAX,CS
MOVDS,AX
SHLAX,4
CLI
MOVSP,AX;Initalizestack
STI;Enableinterrupts
CALLGetCHSMaxSectorNum
MOVZXEAX,WORDPTR[BytePerSector]
MOVZXEBX,BYTEPTR[SectorPerCluster]
MULEBX
MOV[BytePerCluster],EAX
MOVECX,[ClusterPerFRS]
CMPCL,0
JGNEARPTRIsMFTSize
NEGCL
MOVEAX,1
SHLEAX,CL
JMPSHORTLOC_14
DB90H
IsMFTSize:
MOVEAX,BytePerCluster
MULECX
LOC_14:
MOV[MFTSize],EAX
MOVZXEBX,WORDPTR[BytePerSector]
XOREDX,EDX
DIVEBX
MOV[MFTSizeBySector],EAX;CountsectornumberoccurpiedbyMFT
CALLFindLastMFT
MOVECX,[ParamTailPoint]
MOV[TempRootBuffer],ECX
ADDECX,[MFTSize]
MOV[TempDirBuffer],ECX
ADDECX,[MFTSize]
MOV[TempBitmapBuf],ECX
ADDECX,[MFTSize]
MOV[TempMFT],ECX
ADDECX,[MFTSize]
MOV[TempDataBuf],ECX
MOVEAX,90H
MOVECX,[TempRootBuffer]
CALLGetAttributePos
OREAX,EAX
JZFatalFault
MOV[RootAttribute],EAX
MOVEAX,0A0H
MOVECX,[TempDirBuffer]
CALLGetAttributePos
MOV[DirEnt
升级会员 