Kernel, Modules, Mbr and Stuff:
NOTE: Review the Nerd, Fdisk & Partition pages for more info on the
Master Boot Record.
Microsoft isn’t saying much, but we will. Over the short term, you can expect
quarterly service packs for NT 5.0 and Windows 98. By 1999, we expect Microsoft to
evangelize its "Windows 2000" initiative, which involves developing all consumer
and corporate Windows upgrades on the NT kernel.
A little Master Boot Record Info:
PARTITION SECTOR/RECORD/TABLE BASICS
FDISK creates all partition records (sectors). The primary purpose of a partition record
is to hold a partition table. The rules for how FDISK works are unwritten but so far most
FDISK programs (DOS, OS/2, WinNT, etc) seem to follow the same basic idea. First, all
partition table records (sectors) have the same format. This includes the partition table
record at cylinder 0, head 0, sector 1 -- what is known as the Master Boot Record (MBR).
The last 66 bytes of a partition table record contain a partition table and a 2 byte
signature. The first 446 bytes of these sectors usually contain a program but only the
program in the MBR is ever executed (so extended partition table records could contain
something other than a program in the first 466 bytes). Second, extended partitions are
"nested" inside one another and extended partition table records form a
"linked list".
PARTITION TABLE ENTRY FORMAT.
Each partition table entry is 16 bytes and contains things like the start and end location
of a partition in CHS, the start in LBA, the size in sectors, the partition
"type" and the "active" flag. Warning: older versions of FDISK may
compute incorrect LBA or size values. And note: When your computer boots itself, only the
CHS fields of the partition table entries are used (another reason LBA doesn't solve the
>528MB problem). The CHS fields in the partition tables are in L-CHS format --- CHS
Translation".
There is no central clearing house to assign the codes used in the one byte
"type" field. But codes are assigned (or used) to define most every type of file
system that anyone has ever implemented on the x86 PC: 12-bit FAT, 16-bit FAT, HPFS, NTFS,
etc. Plus, an extended partition also has a unique type code. Note: I know of no complete
list of all the type codes that have been used to date. For more information on this
subject (see the NERD pages).
So what's a kernel, (it's a number of things explained in short) but it's basically the
architecture of Windows or any operating system:
Central System:
The central module of an operating system. It is the part of the operating system that
loads first, and it remains in main memory. Because it stays in memory, it is important
for the kernel to be as small as possible while still providing all the essential services
required by other parts of the operating system and applications. Typically, the kernel is
responsible for memory management, process and task management, and disk management.
Module, explain it:
In software, a module is a part of a program and programs are composed of one or more
independently developed modules that are not combined until the program is linked. A
single module can contain one or several routines.
In hardware, a module is a self-contained component.
A Operating System:
Operating systems provide a software platform on top of which other programs, called
application programs, can run. The application programs must be written to run on top of a
particular operating system. Your choice of operating system, therefore, determines to a
great extent the applications you can run. For PCs, the most popular operating systems are
DOS, OS/2, and Windows, but others are available, such as Xenix.
As a user, you normally interact with the operating system through a set of commands. For
example, the DOS operating system contains commands such as COPY and RENAME for copying
files and changing the names of files, respectively. The commands are accepted and
executed by a part of the operating system called the command processor or command line
interpreter.
Graphical user interfaces allow you to enter commands by pointing and clicking at objects
that appear on the screen.
Memory thing:
Refers to physical memory that is internal to the computer. The word main is used to
distinguish it from external mass storage devices such as disk drives. Another term for
main memory is RAM.
The computer can manipulate only data that is in main memory. Therefore, every program you
execute and every file you access must be copied from a storage device into main memory.
The amount of main memory on a computer is crucial because it determines how many programs
can be executed at one time and how much data can be readily available to a program.
Because computers often have too little main memory to hold all the data they need,
computer engineers invented a technique called swapping, in which portions of data are
copied into main memory as they are needed. Swapping occurs when there is no room in
memory for needed data.
When one portion of data is copied into memory, an equal-sized portion is copied (swapped)
out to make room. Another technique, called virtual memory, enables a computer to access
larger amounts of data than main memory can hold at one time, but it is a relatively slow
process.
Therefore, the more memory a computer has and the more it can avoid swapping, the faster
it will be able to execute large programs.
Now, most PCs come with a minimum of 8 megabytes of main memory. This is adequate for some
applications, but you may need more memory to run sophisticated applications, particularly
those that include graphics. You can usually increase the amount of memory by
inserting extra memory in the form of chips or memory
expansion boards.
Applications thing:
A program or group of programs designed for end users. Software can be divided into two
general classes: systems software and applications software.
Systems software consists of low-level programs that interact with the computer at a very
basic level. This includes operating systems, compilers, and utilities for managing
computer resources.
In contrast, applications software (also called end-user programs) includes database
programs, word processors, and spreadsheets. Figuratively speaking, applications software
sits on top of systems software because it is unable to run without the operating system
and system utilities.
Disk & Data:
A machine that reads data from and writes data onto a disk. A disk drive resembles a
stereo turntable in that it rotates the disk very fast. It has one or more heads that read
and write data.
There are different types of disk drives for different types of disks. For example, a hard
disk drive (HDD) reads and writes hard disks, and a floppy drive (FDD) accesses floppy
disks. A magnetic disk drive reads magnetic disks, and an optical drive reads optical
disks.
Disk drives can be either internal (housed within the computer) or external (housed in a
separate box that connects to the computer).
Master Boot Record Info: Also see FDISK page for the application:
The Short Story (of where it located):
The order of the Partition definition entries in the MBR does not necessarily correspond
to their physical location on the hard disk. The Extended Partition (if it exists) is
always in the fourth and last MBR table entry (of which there is four). When DOS searches
for its Primary DOS Partition, it searches the table entries in the order in which they
appear in the MBR, not the order in which they are arranged on disk. One trick used by
some disk management utilities is to create two alternate versions of the DOS C: drive on
two Primary Partitions of the same hard disk. DOS will accept the one which is defined in
the first MBR table entry. By swapping the two entries, alternate versions of DOS can be
booted. Neither DOS system can access files in the other system partition, because DOS
does not assign any disk letter or provide access to other primary partitions.
PARTITION TABLE ENTRY FORMAT.
FDISK creates all partition records (sectors). The primary purpose of a partition record
is to hold a partition table. The rules for how FDISK works are unwritten but so far most
FDISK programs (DOS, OS/2, WinNT, etc) seem to follow the same basic idea. First, all
partition table records (sectors) have the same format. This includes the partition table
record at cylinder 0, head 0, sector 1 -- what is known as the Master Boot Record (MBR).
The last 66 bytes of a partition table record contain a partition table and a 2 byte
signature. The first 446 bytes of these sectors usually contain a program but only the
program in the MBR is ever executed (so extended partition table records could contain
something other than a program in the first 466 bytes). Second, extended partitions are
"nested" inside one another and extended partition table records form a
"linked list".
This article is a disassembly of a Master Boot Record (MBR). The MBR is the sector at
cylinder 0, head 0, sector 1 of a hard disk. An MBR is created by the FDISK program. The
FDISK program of all operating systems must create a functionally similar MBR. The MBR is
first of what could be many partition sectors, each one containing a four entry partition
table.
At the completion of your system's Power On Self Test (POST), INT 19 is called. Usually
INT 19 tries to read a boot sector from the first floppy drive. If a boot sector is found
on the floppy disk, the that boot sector is read into memory at location 0000:7C00 and INT
19 jumps to memory location 0000:7C00.
However, if no boot sector is found on the first floppy drive, INT 19 tries to read the
MBR from the first hard drive. If an MBR is found it is read into memory at location
0000:7c00 and INT 19 jumps to memory location 0000:7c00. The small program in the MBR will
attempt to locate an active (bootable) partition in its partition table. If such a
partition is found, the boot sector of that partition is read into memory at location
0000:7C00 and the MBR program jumps to memory location 0000:7C00. Each operating system
has its own boot sector format. The small program in the boot sector must locate the first
part of the operating system's kernel loader program (or perhaps the kernel itself or
perhaps a "boot manager program") and read that into memory.
INT 19 is also called when the CTRL-ALT-DEL keys are used. On most systems, CTRL-ALT-DEL
causes an short version of the POST to be executed before INT 19 is called.
The stuff is at:
The MBR program code starts at offset 0000.
The MBR messages start at offset 008b.
The partition table starts at offset 00be.
The signature is at offset 00fe.
Here is a summary of what It does:
If an active partition is found, that partition's boot record is read into 0000:7c00 and
the MBR code jumps to 0000:7c00 with SI pointing to the partition table entry that
describes the partition being booted. The boot record program uses this data to determine
the drive being booted from and the location of the partition on the disk.
If no active partition table enty is found, ROM BASIC is entered via INT 18. All other
errors cause a system hang, see label HANG.
NOTES:
The first byte of an active partition table entry is 80. This byte is loaded into
the DL register before INT 13 is called to read the boot sector. When INT 13 is called, DL
is the BIOS device number. Because of this, the boot sector read by this MBR program can
only be read from BIOS device number 80 (the first hard disk). This is one of the reasons
why it is usually not possible to boot from any other hard disk.
The MBR program uses the CHS based INT 13H AH=02H call to read the boot sector of the
active partition. The location of the active partition's boot sector is in the partition
table entry in CHS format. If the drive is >528MB, this CHS must be a translated CHS
(or L-CHS, see my BIOS TYPES document). No addresses in LBA form are used (another reason
why LBA doesn't solve the >528MB problem).
Here is the entire MBR record (hex dump and ascii).
OFFSET 0 1 2 3 4 5 6 7 8 9 A B C D E F *0123456789ABCDEF*
000000 fa33c08e d0bc007c 8bf45007 501ffbfc *.3.....|..P.P...*
000010 bf0006b9 0001f2a5 ea1d0600 00bebe07 *................*
000020 b304803c 80740e80 3c00751c 83c610fe *...<.t..<.u.....*
000030 cb75efcd 188b148b 4c028bee 83c610fe *.u......L.......*
000040 cb741a80 3c0074f4 be8b06ac 3c00740b *.t..<.t.....<.t.*
000050 56bb0700 b40ecd10 5eebf0eb febf0500 *V.......^.......*
000060 bb007cb8 010257cd 135f730c 33c0cd13 *..|...W.._s.3...*
000070 4f75edbe a306ebd3 bec206bf fe7d813d *Ou...........}.=*
000080 55aa75c7 8bf5ea00 7c000049 6e76616c *U.u.....|..Inval*
000090 69642070 61727469 74696f6e 20746162 *id partition tab*
0000a0 6c650045 72726f72 206c6f61 64696e67 *le.Error loading*
0000b0 206f7065 72617469 6e672073 79737465 * operating syste*
0000c0 6d004d69 7373696e 67206f70 65726174 *m.Missing operat*
0000d0 696e6720 73797374 656d0000 00000000 *ing system......*
0000e0 00000000 00000000 00000000 00000000 *................*
0000f0 TO 0001af SAME AS ABOVE
0001b0 00000000 00000000 00000000 00008001 *................*
0001c0 0100060d fef83e00 00000678 0d000000 *......>....x....*
0001d0 00000000 00000000 00000000 00000000 *................*
0001e0 00000000 00000000 00000000 00000000 *................*
0001f0 00000000 00000000 00000000 000055aa *..............U.*
Here is the disassembly of the MBR...
This sector is initially loaded into memory at 0000:7c00 but it immediately relocates
itself to 0000:0600.
BEGIN: NOW AT 0000:7C00, RELOCATE
0000:7C00 FA CLI disable int's
0000:7C01 33C0 XOR AX,AX set stack seg to 0000
0000:7C03 8ED0 MOV SS,AX
0000:7C05 BC007C MOV SP,7C00 set stack ptr to 7c00
0000:7C08 8BF4 MOV SI,SP SI now 7c00
0000:7C0A 50 PUSH AX
0000:7C0B 07 POP ES ES now 0000:7c00
0000:7C0C 50 PUSH AX
0000:7C0D 1F POP DS DS now 0000:7c00
0000:7C0E FB STI allow int's
0000:7C0F FC CLD clear direction
0000:7C10 BF0006 MOV DI,0600 DI now 0600
0000:7C13 B90001 MOV CX,0100 move 256 words (512 bytes)
0000:7C16 F2 REPNZ move MBR from 0000:7c00
0000:7C17 A5 MOVSW to 0000:0600
0000:7C18 EA1D060000 JMP 0000:061D jmp to NEW_LOCATION
NEW_LOCATION: NOW AT 0000:0600
0000:061D BEBE07 MOV SI,07BE point to first table entry
0000:0620 B304 MOV BL,04 there are 4 table entries
SEARCH_LOOP1: SEARCH FOR AN ACTIVE ENTRY
0000:0622 803C80 CMP BYTE PTR [SI],80 is this the active entry?
0000:0625 740E JZ FOUND_ACTIVE yes
0000:0627 803C00 CMP BYTE PTR [SI],00 is this an inactive entry?
0000:062A 751C JNZ NOT_ACTIVE no
0000:062C 83C610 ADD SI,+10 incr table ptr by 16
0000:062F FECB DEC BL decr count
0000:0631 75EF JNZ SEARCH_LOOP1 jmp if not end of table
0000:0633 CD18 INT 18 GO TO ROM BASIC
FOUND_ACTIVE: FOUND THE ACTIVE ENTRY
0000:0635 8B14 MOV DX,[SI] set DH/DL for INT 13 call
0000:0637 8B4C02 MOV CX,[SI+02] set CH/CL for INT 13 call
0000:063A 8BEE MOV BP,SI save table ptr
SEARCH_LOOP2: MAKE SURE ONLY ONE ACTIVE ENTRY
0000:063C 83C610 ADD SI,+10 incr table ptr by 16
0000:063F FECB DEC BL decr count
0000:0641 741A JZ READ_BOOT jmp if end of table
0000:0643 803C00 CMP BYTE PTR [SI],00 is this an inactive entry?
0000:0646 74F4 JZ SEARCH_LOOP2 yes
NOT_ACTIVE: MORE THAN ONE ACTIVE ENTRY FOUND
0000:0648 BE8B06 MOV SI,068B display "Invld prttn tbl"
DISPLAY_MSG: DISPLAY MESSAGE LOOP
0000:064B AC LODSB get char of message
0000:064C 3C00 CMP AL,00 end of message
0000:064E 740B JZ HANG yes
0000:0650 56 PUSH SI save SI
0000:0651 BB0700 MOV BX,0007 screen attributes
0000:0654 B40E MOV AH,0E output 1 char of message
0000:0656 CD10 INT 10 to the display
0000:0658 5E POP SI restore SI
0000:0659 EBF0 JMP DISPLAY_MSG do it again
HANG: HANG THE SYSTEM LOOP
0000:065B EBFE JMP HANG sit and stay!
READ_BOOT: READ ACTIVE PARITION BOOT RECORD
0000:065D BF0500 MOV DI,0005 INT 13 retry count
INT13RTRY: INT 13 RETRY LOOP
0000:0660 BB007C MOV BX,7C00
0000:0663 B80102 MOV AX,0201 read 1 sector
0000:0666 57 PUSH DI save DI
0000:0667 CD13 INT 13 read sector into 0000:7c00
0000:0669 5F POP DI restore DI
0000:066A 730C JNB INT13OK jmp if no INT 13
0000:066C 33C0 XOR AX,AX call INT 13 and
0000:066E CD13 INT 13 do disk reset
0000:0670 4F DEC DI decr DI
0000:0671 75ED JNZ INT13RTRY if not zero, try again
0000:0673 BEA306 MOV SI,06A3 display "Errr ldng systm"
0000:0676 EBD3 JMP DISPLAY_MSG jmp to display loop
INT13OK: INT 13 ERROR
0000:0678 BEC206 MOV SI,06C2 "missing op sys"
0000:067B BFFE7D MOV DI,7DFE point to signature
0000:067E 813D55AA CMP WORD PTR [DI],AA55 is signature correct?
0000:0682 75C7 JNZ DISPLAY_MSG no
0000:0684 8BF5 MOV SI,BP set SI
0000:0686 EA007C0000 JMP 0000:7C00 JUMP TO THE BOOT SECTOR
WITH SI POINTING TO
PART TABLE ENTRY
Messages here.
0000:0680 ........ ........ ......49 6e76616c * Inval*
0000:0690 69642070 61727469 74696f6e 20746162 *id partition tab*
0000:06a0 6c650045 72726f72 206c6f61 64696e67 *le.Error loading*
0000:06b0 206f7065 72617469 6e672073 79737465 * operating syste*
0000:06c0 6d004d69 7373696e 67206f70 65726174 *m.Missing operat*
0000:06d0 696e6720 73797374 656d00.. ........ *ing system. *
Data not used.
0000:06d0 ........ ........ ......00 00000000 * .....*
0000:06e0 00000000 00000000 00000000 00000000 *................*
0000:06f0 00000000 00000000 00000000 00000000 *................*
0000:0700 00000000 00000000 00000000 00000000 *................*
0000:0710 00000000 00000000 00000000 00000000 *................*
0000:0720 00000000 00000000 00000000 00000000 *................*
0000:0730 00000000 00000000 00000000 00000000 *................*
0000:0740 00000000 00000000 00000000 00000000 *................*
0000:0750 00000000 00000000 00000000 00000000 *................*
0000:0760 00000000 00000000 00000000 00000000 *................*
0000:0770 00000000 00000000 00000000 00000000 *................*
0000:0780 00000000 00000000 00000000 00000000 *................*
0000:0790 00000000 00000000 00000000 00000000 *................*
0000:07a0 00000000 00000000 00000000 00000000 *................*
0000:07b0 00000000 00000000 00000000 0000.... *............ *
The partition table starts at 0000:07be. Each partition table entry is 16 bytes. This
table defines a single primary partition which is also an active (bootable) partition.
0000:07b0 ........ ........ ........ ....8001 * ....*
0000:07c0 0100060d fef83e00 00000678 0d000000 *......>....x....*
0000:07d0 00000000 00000000 00000000 00000000 *................*
0000:07e0 00000000 00000000 00000000 00000000 *................*
0000:07f0 00000000 00000000 00000000 0000.... *............ *
The last two bytes contain a 55AAH signature.
0000:07f0 ........ ........ ........ ....55aa *..............U.*.
