NTFS分区的引导源码.docx

1、NTFS分区的引导源码NTFS分区的引导源码 windows 2000 操作系统 安全NTFS文件系统有着非常优秀的特性，其安全性、可靠性都远胜于我们常用的FAT文件系统，但是微软公司出于商业目的没有公布它的规范，使得这种优秀的文件系统只能在Windows NT架构的操作系统中使用。不过先辈们唱得好：“没有枪没有炮，敌人给我们造!”。不管微软再怎么保密，它自己总要使用NTFS文件系统。那我们就通过分析它的代码来研究NTFS文件系统的规范呐。下面就列出小弟在仔细分析之后制做的Windows 2000 build 2195版格式化的NTFS分区的引导记录的源代码，以此与各位同好共勉。本代码在MAS

2、M 6.11下编译通过。其中与分区结构相关的数据仅适用于在下自己分的分区，各位引用时请自行代入正确的值。.486Title NTFS $Boot of Windows 2000 build 2195Code SEGMENT BYTE PUBLIC USE16 CODEASSUME CS:Code,DS:CodeNTFS PROC FARSTART: JMP SHORT LoaderDB 90HPartitionID DB NTFS BytePerSector DW 512SectorPerCluster DB 1SectorNumWanted DW 0SectorWanted DD 0Supp

3、ortExtendInt13Flag DB 0StorageMedia DB 0F8HDB 0,0SectorPerTrack DW 3FHHeads DW 0FFHHiddenSector DD 3FHCHSMaxSectorNum DD 0CurrentDisk DB 81HDB 0,8,0SectorsInPartition DD 3E81FFHDD 0MFTPosition DD 0C5A70HDD 0MFTMirrPosition DD 1FCD0AHDD 0ClusterPerFRS DD 2DB 08H,0,0,0,0F6H,79HDB 58H,5CH,0BBH,58H,5CH,

4、0F4HDB 0,0,0,0Loader: CLI ; Disable interruptsXOR AX,AXMOV SS,AXMOV SP,7C00H ; Initalize stackSTI ; Enable interruptsMOV AX,7C0HMOV DS,AXCALL GetCHSMaxSectorNumMOV AX,0D00HMOV ES,AXXOR BX,BXMOV BYTE PTR DS:SectorNumWanted,10HCALL ReadSectorPUSH 0D00HPUSH 26AHRETFNTFS ENDP;-GetCHSMaxSectorNum PROC NE

5、ARMOV DL,DS:CurrentDiskMOV AH,8INT 13HJNC LostMOV CX,0FFFFHMOV DH,CLLost: MOVZX EAX,DHINC AXMOVZX EDX,CLAND DL,3FHMUL DXXCHG CL,CHSHR CH,6INC CXMOVZX ECX,CXMUL ECXMOV DS:CHSMaxSectorNum,EAXRETGetCHSMaxSectorNum ENDP;-IsSupportExtendInt13 PROC NEARMOV AH,41HMOV BX,55AAHMOV DL,DS:CurrentDiskINT 13H ;

6、Is support extend int 13hJC SHORT NotSupport ; Jump if carry SetCMP BX,0AA55HJNE SHORT NotSupport ; Jump if not equalTEST CL,1JZ SHORT NotSupport ; Jump if zeroINC BYTE PTR DS:SupportExtendInt13FlagNotSupport: RETIsSupportExtendInt13 ENDP;-;Function : read number indicated by WantedSecotrNum sectors

7、 at WantedSector to ES:BXReadSector PROC NEARPUSHAD ; Save all regsPUSH DSPUSH ESGetReadParam: MOV EAX,DS:SectorWantedADD EAX,DS:HiddenSectorCMP EAX,DS:CHSMaxSectorNumJB NEAR PTR ReadByOldInt13 ; Sector number is less than CHSMaxSectorNum , use origin int 13hPUSH DS; PUSH DWORD PTR 0DB 66H,6AH,0PUSH

8、 EAXPUSH ESPUSH BXPUSH DWORD PTR 10010HCMP BYTE PTR DS:SupportExtendInt13Flag,0JNE NEAR PTR SupportedCALL IsSupportExtendInt13CMP BYTE PTR DS:SupportExtendInt13Flag,0JE NEAR PTR FatalFaultSupported: MOV AH,42HMOV DL,DS:CurrentDiskPUSH SSPOP DSMOV SI,SPINT 13H ; read sectorPOP EAXPOP BXPOP ESPOP EAXP

9、OP EAXPOP DSJMP SHORT OneSectorReadReadByOldInt13: XOR EDX,EDXMOVZX ECX,WORD PTR DS:SectorPerTrackDIV ECXINC DLMOV CL,DLMOV EDX,EAXSHR EDX,10HDIV WORD PTR DS:HeadsXCHG DL,DHMOV DL,DS:CurrentDiskMOV CH,ALSHL AH,6OR CL,AH ; Build read sector parametersMOV AX,201HINT 13H ; Read sectorOneSectorRead: JC

10、NEAR PTR FatalFault ; Read error,shut downMOV AX,ESADD AX,20HMOV ES,AXINC DWORD PTR DS:SectorWantedDEC WORD PTR DS:SectorNumWantedJNZ GetReadParam ; Fixup parametersPOP ESPOP DSPOPAD ; Restore all regsRETFatalFault: MOV AL,ReadDiskErrorOffsetReadSector ENDP;-DispFatalMsg: CALL PrintStringMOV AL,Shut

11、DownMsgOffsetCALL PrintString ; Display shutdown messageSTI ; Enable interruptsShutDown: JMP SHORT ShutDown ; Crash;-PrintString PROC NEARMOV AH,1MOV SI,AXLoadChar: LODSBCMP AL,0JZ SHORT PrintStringEndMOV AH,0EHMOV BX,7INT 10HJMP SHORT LoadCharPrintStringEnd: RETPrintString ENDP;-ReadDiskError DB 0D

12、H, 0AH, A disk read error occurred, 0MissNTLDRError DB 0DH, 0AH, NTLDR is missing, 0NTLDRCompressed DB 0DH, 0AH, NTLDR is compressed, 0ShutDownMsg DB 0DH, 0AH, Press Ctrl+Alt+Del to restart,0DH,0AH,0DB 13 DUP (0)ReadDiskErrorOffset DB 83H ;OFFSET ReadDiskErrorMissNTLDRErrorMsg DB 0A0H ;OFFSET MissNT

13、LDRErrorNTLDRComperssedOffset DB 0B3H ;OFFSET NTLDRCompressedShutDownMsgOffset DB 0C9H ;OFFSET ShutDownMsgDB 0, 0BootValidFlag DW 0AA55HUnicodeNTLDR DW 5DB N,0,T,0,L,0,D,0,R,0UnicodeDirectory:DW 4DB S,0,I,0,3,0,0,0AttributePoint DD 0E000HMFTPoint DD 3000HMFTNumber DD 0TempRootBuffer DD 0TempDirBuffe

14、r DD 0TempBitmapBuf DD 0RootAttribute DD 0DirEntryList DD 0BitmapAttribute DD 0TempMFT DD 0DD 0TempDataBuf DD 0BitampPoint DD 0ParamTailPoint DD 0BytePerCluster DD 0MFTSize DD 0MFTSizeBySector DD 909012EBHMFTTail DD 0BytePerRecord DD 0DATA_46 DD 0SectorPerRecord DD 0Booting: MOV AX,CSMOV DS,AXSHL AX

15、,4CLIMOV SP,AX ; Initalize stackSTI ; Enable interruptsCALL GetCHSMaxSectorNumMOVZX EAX,WORD PTR BytePerSectorMOVZX EBX,BYTE PTR SectorPerClusterMUL EBXMOV BytePerCluster,EAXMOV ECX,ClusterPerFRSCMP CL,0JG NEAR PTR IsMFTSizeNEG CLMOV EAX,1SHL EAX,CLJMP SHORT LOC_14DB 90HIsMFTSize: MOV EAX,BytePerClu

16、sterMUL ECXLOC_14: MOV MFTSize,EAXMOVZX EBX,WORD PTR BytePerSectorXOR EDX,EDXDIV EBXMOV MFTSizeBySector,EAX ; Count sector number occurpied by MFTCALL FindLastMFTMOV ECX,ParamTailPointMOV TempRootBuffer,ECXADD ECX,MFTSizeMOV TempDirBuffer,ECXADD ECX,MFTSizeMOV TempBitmapBuf,ECXADD ECX,MFTSizeMOV TempMFT,ECXADD ECX,MFTSizeMOV TempDataBuf,ECXMOV EAX,90HMOV ECX,TempRootBufferCALL GetAttributePosOR EAX,EAXJZ FatalFaultMOV RootAttribute,EAXMOV EAX,0A0HMOV ECX,TempDirBufferCALL GetAttributePosMOV DirEnt