U盘启动的原理和程序制作方法.pptx

U盘启动,主讲人: 高琳,windows启动流程,如何让BIOS引导我,我需要一个MBR。 Master Boot Record在磁盘的0扇区位置。 包含三个部分: 引导代码 (446 Byte) DPT，分区表(4*16 Byte) 结束符 (2 Byte),磁盘上的MBR,MBR掌握主导权，我如何引导操作系统,1.引导程序占扇区前446字节。计算机在上电完成BIOS自检后，会将该主引导扇区加载到内存中并执行前面446字节的引导程序，引导程序首先会在分区表中查找活动分区，若存在活动分区，则根据活动分区的偏移量找到该活动分区上的引导扇区的地址，并将该引导扇区加载到内存中，同时检查该引导扇区的有效性，然后根据该引导扇区的规则去引导操作系。 2.分区表占扇区中间64字节。分区表是磁盘管理最重要的部分，通过分区表信息来定位各个分区，访问用户数据。分区表包含4个分区项，每一个分区项通过位置偏移、分区大小来唯一确定一个主分区或者扩展分区。每个分区项占16字节，包括引导标识、起始和结束位置的CHS参数、分区类型、开始扇区、分区大小等。,0x00000000: 33c0 XOR AX, AX 0x00000002: 8ed0 MOV SS, AX 0x00000004: bc007c MOV SP, 0x7c00 ; 当前栈区在0x7c00 0x00000007: fb STI 0x00000008: 50 PUSH AX 0x00000009: 07 POP ES 0x0000000a: 50 PUSH AX 0x0000000b: 1f POP DS 0x0000000c: fc CLD 0x0000000d: be1b7c MOV SI, 0x7c1b 0x00000010: bf1b06 MOV DI, 0x61b 0x00000013: 50 PUSH AX 0x00000014: 57 PUSH DI 0x00000015: b9e501 MOV CX, 0x1e5 ; 区块初始化 0x00000018: f3a4 REP MOVSB ; 复制引导扇区内容到DI所在位置 0x0000001a: cb RETF ; 远返回指令，相当于跳转到0:DI 0x0000001b: bdbe07 MOV BP, 0x7be ; 栈底 7be 即指向DPT表 0x0000001e: b104 MOV CL, 0x4 0x00000020: 386e00 CMP BP+0x0, CH ; 对介质类型判断 0x00000023: 7c09 JL 0x2e 0x00000025: 7513 JNZ 0x3a 0x00000027: 83c510 ADD BP, 0x10 ; 继续判断下一个分区表 0x0000002a: e2f4 LOOP 0x20 0x0000002c: cd18 INT 0x18 0x0000002e: 8bf5 MOV SI, BP 0x00000030: 83c610 ADD SI, 0x10 0x00000033: 49 DEC CX 0x00000034: 7419 JZ 0x4f 0x00000036: 382c CMP SI, CH 0x00000038: 74f6 JZ 0x30 0x0000003a: a0b507 MOV AL, 0x7b5 0x0000003d: b407 MOV AH, 0x7 0x0000003f: 8bf0 MOV SI, AX 0x00000041: ac LODSB 0x00000042: 3c00 CMP AL, 0x0 0x00000044: 74fc JZ 0x42 0x00000046: bb0700 MOV BX, 0x7 0x00000049: b40e MOV AH, 0xe 0x0000004b: cd10 INT 0x10 0x0000004d: ebf2 JMP 0x41 0x0000004f: 884e10 MOV BP+0x10, CL 0x00000052: e84600 CALL 0x9b 0x00000055: 732a JAE 0x81 0x00000057: fe4610 INC BYTE BP+0x10 0x0000005a: 807e040b CMP BYTE BP+0x4, 0xb 0x0000005e: 740b JZ 0x6b 0x00000060: 807e040c CMP BYTE BP+0x4, 0xc 0x00000064: 7405 JZ 0x6b 0x00000066: a0b607 MOV AL, 0x7b6 0x00000069: 75d2 JNZ 0x3d 0x0000006b: 80460206 ADD BYTE BP+0x2, 0x6 0x0000006f: 83460806 ADD WORD BP+0x8, 0x6 0x00000073: 83560a00 ADC WORD BP+0xa, 0x0 0x00000077: e82100 CALL 0x9b 0x0000007a: 7305 JAE 0x81 0x0000007c: a0b607 MOV AL, 0x7b6 0x0000007f: ebbc JMP 0x3d 0x00000081: 813efe7d55aa CMP WORD 0x7dfe, 0xaa55 ; 检测signature 0x00000087: 740b JZ 0x94 0x00000089: 807e1000 CMP BYTE BP+0x10, 0x0 0x0000008d: 74c8 JZ 0x57 ; if(支持 API位图) 0x0000008f: a0b707 MOV AL, 0x7b7 0x00000092: eba9 JMP 0x3d 0x00000094: 8bfc MOV DI, SP 0x00000096: 1e PUSH DS 0x00000097: 57 PUSH DI 0x00000098: 8bf5 MOV SI, BP 0x0000009a: cb RETF 0x0000009b: bf0500 MOV DI, 0x5 0x0000009e: 8a5600 MOV DL, BP+0x0 0x000000a1: b408 MOV AH, 0x8 0x000000a3: cd13 INT 0x13 0x000000a5: 7223 JB 0xca 0x000000a7: 8ac1 MOV AL, CL 0x000000a9: 243f AND AL, 0x3f 0x000000ab: 98 CBW 0x000000ac: 8ade MOV BL, DH 0x000000ae: 8afc MOV BH, AH 0x000000b0: 43 INC BX 0x000000b1: f7e3 MUL BX 0x000000b3: 8bd1 MOV DX, CX 0x000000b5: 86d6 XCHG DH, DL 0x000000b7: b106 MOV CL, 0x6 0x000000b9: d2ee SHR DH, CL 0x000000bb: 42 INC DX 0x000000bc: f7e2 MUL DX 0x000000be: 39560a CMP BP+0xa, DX 0x000000c1: 7723 JA 0xe6 0x000000c3: 7205 JB 0xca 0x000000c5: 394608 CMP BP+0x8, AX 0x000000c8: 731c JAE 0xe6 0x000000ca: b80102 MOV AX, 0x201 0x000000cd: bb007c MOV BX, 0x7c00 0x000000d0: 8b4e02 MOV CX, BP+0x2 0x000000d3: 8b5600 MOV DX, BP+0x0 0x000000d6: cd13 INT 0x13 0x000000d8: 7351 JAE 0x12b 0x000000da: 4f DEC DI 0x000000db: 744e JZ 0x12b 0x000000dd: 32e4 XOR AH, AH 0x000000df: 8a5600 MOV DL, BP+0x0 0x000000e2: cd13 INT 0x13 0x000000e4: ebe4 JMP 0xca 0x000000e6: 8a5600 MOV DL, BP+0x0 0x000000e9: 60 PUSHA 0x000000ea: bbaa55 MOV BX, 0x55aa 0x000000ed: b441 MOV AH, 0x41 0x000000ef: cd13 INT 0x13 0x000000f1: 7236 JB 0x129 0x000000f3: 81fb55aa CMP BX, 0xaa55 0x000000f7: 7530 JNZ 0x129 0x000000f9: f6c101 TEST CL, 0x1 0x000000fc: 742b JZ 0x129 0x000000fe: 61 POPA 0x000000ff: 60 PUSHA ; 寄存器保护 0x00000100: 6a00 PUSH 0x0 ; BlockNum_H4 0x00000102: 6a00 PUSH 0x0 0x00000104: ff760a PUSH WORD BP+0xa 0x00000107: ff7608 PUSH WORD BP+0x8 ; BlockNum_L4 0x0000010a: 6a00 PUSH 0x0 ; BufferAddr_H2 0x0000010c: 68007c PUSH WORD 0x7c00 ; BufferAddr_L2 0x0000010f: 6a01 PUSH 0x1 ; BlockCount=1 0x00000111: 6a10 PUSH 0x10 ; PacketSize=16 PReserved=0 0x00000113: b442 MOV AH, 0x42 ; 磁盘地址数据包 0x00000115: 8bf4 MOV SI, SP 0x00000117: cd13 INT 0x13 ; 扩展读 0x00000119: 61 POPA 0x0000011a: 61 POPA 0x0000011b: 730e JAE 0x12b 0x0000011d: 4f DEC DI 0x0000011e: 740b JZ 0x12b 0x00000120: 32e4 XOR AH, AH 0x00000122: 8a5600 MOV DL, BP+0x0 0x00000125: cd13 INT 0x13 0x00000127: ebd6 JMP 0xff 0x00000129: 61 POPA 0x0000012a: f9 STC 0x0000012b: c3 RET,真正进入操作系统的引导,活动分区的第一个扇区 PBR结构,PBR,Partition Boot Record,分区引导记录。,DBR主要由下列几个部分组成： 1跳转指令，占用3个字节的跳转指令将跳转至引导代码。 2厂商标识和DOS版本号，该部分总共占用8个字节。 3BPB（BIOS Parameter Block， BIOS 参数块）。 4操作系统引导程序。 5结束标志字，结束标志占用2个字节，其值为AA55,FAT16分区DBR中的信息,typedef struct PBR UINT16 BPB_BytsPerSec; /一个扇区多少字节 UINT8 BPB_SecPerClus; /一个簇多少扇区 UINT16 BPB_RsvdSecCnt; /保留扇区数 UINT8 BPB_NumFATs; /FAT表个数 UINT16 BPB_RootEntCnt; /根目录多少项 UINT16 BPB_TotSec16; UINT8 BPB_Media; UINT16 BPB_FATSz16; /一个分区表多少扇区 UINT16 BPB_SecPerTrk; UINT16 BPB_NumHeads; UINT32 BPB_HiddSec; UINT32 BPB_TotSec32; UINT8 BS_drvNum; UINT8 BS_Reserved1; UINT8 BS_BootSig; UINT8 BS_VolId4; UINT8 BS_VolLab11; UINT8 BS_FileSysType8;/分区类型 UINT8 BootCode448; /引导代码 UINT16 Signature; ;,引导代码BootCode,BootMgr引导操作系统内核启动,PBR - bootmgr -bootBCD(注册表文件，如果是多系统则会提供引导界面)-winload.exe-ntoskrnl.exe,/zh-cn/library/cc771845(v=ws.10).aspx,总结一下,要做一个U盘启动盘，我需要5个东西: 1. 一个U盘 (金士顿) 2.一个MBR制作工具 (diskgenius) 3.一个分区工具 (diskgenius) 4.一个PBR制作工具(bootice) 5.一个WINPE系统,代码所能做的,写入MBR引导Code，引导方式不同，引导代码不同，一般都是硬编码。 CONST byte MBRCodeHDDPlus= 0xfa,0x31,0xc0,0x8e,0xd8,0x8e,0xc0,0x8e,0xd0,0xbc,0x00,0x7c,0xfb,0xfc,0x89,0xe6, 0xbf,0x00,0x06,0xb9,0x00,0x01,0xf3,0xa5,0xea,0xdc,0x06,0x00,0x00,0x10,0x00,0x01, 0x00,0x00,0x7c,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x80,0x3f,0x00, 0xff,0x00,0x41,0x00,0x1e,0x0e,0x1f,0x3a,0x16,0x10,0x00,0x74,0x06,0x1f,0xea,0x36, 0xe7,0x00,0xf0,0x3d,0xfb,0x54,0x75,0x05,0x8c,0xd8,0xfb,0xeb,0x1d,0x80,0xfc,0x08, 0x75,0x1b,0xe8,0x81,0x00,0x8a,0x36,0x13,0x00,0xfe,0xce,0x8b,0x0e,0x15,0x00,0x86, 0xcd,0xc0,0xe1,0x06,0x0a,0x0e,0x11,0x00,0x31,0xc0,0xf8,0xeb,0x65,0x80,0xfc,0x02, 0x72,0xcb,0x80,0xfc,0x04,0x77,0xc6,0x60,0x80,0xcc,0x40,0x50,0xbe,0x00,0x00,0xc7, 0x04,0x10,0x00,0x30,0xe4,0x89,0x44,0x02,0x89,0x5c,0x04,0x8c,0x44,0x06,0x66,0x31, 0xc0,0x66,0x89,0x44,0x0c,0x88,0xf0,0xf6,0x26,0x11,0x00,0x88,0xcf,0x88,0xeb,0xc0, 0xef,0x06,0x81,0xe1,0x3f,0x00,0x01,0xc8,0x48,0x89,0xc7,0xa1,0x13,0x00,0xf7,0x26, 0x11,0x00,0xf7,0xe3,0x01,0xf8,0x81,0xd2,0x00,0x00,0x89,0x44,0x08,0x89,0x54,0x0a, 0x58,0x30,0xc0,0x8a,0x16,0x10,0x00,0xe8,0x0c,0x00,0x88,0x26,0x03,0x00,0x61,0xa1, 0x02,0x00,0x1f,0xca,0x02,0x00,0x9c,0xff,0x1e,0x22,0x00,0xc3,0x80,0xfa,0x8f,0x7f, 0x04,0x88,0x16,0x2d,0x06,0xbe,0x87,0x07,0xe8,0x8d,0x00,0xbe,0xbe,0x07,0x31,0xc0, 0xb9,0x04,0x00,0xf6,0x04,0x80,0x74,0x03,0x40,0x89,0xf5,0x81,0xc6,0x10,0x00,0xe2, 0xf2,0x48,0x74,0x02,0xcd,0x18,0xbf,0x05,0x00,0xbe,0x1d,0x06,0xc7,0x44,0x02,0x01, 0x00,0x66,0x8b,0x46,0x08,0x66,0x89,0x44,0x08,0xb8,0x00,0x42,0x8a,0x16,0x2d,0x06, 0xcd,0x13,0x73,0x0d,0x4f,0x74,0x49,0x30,0xe4,0x8a,0x16,0x2d,0x06,0xcd,0x13,0xeb, 0xd8,0xa1,0xfe,0x7d,0x3d,0x55,0xaa,0x75,0x37,0xfa,0x66,0xa1,0x4c,0x00,0x66,0xa3, 0x3f,0x06,0xbe,0x13,0x04,0x8b,0x04,0x48,0x89,0x04,0xc1,0xe0,0x06,0x8e,0xc0,0x31, 0xff,0xbe,0x1d,0x06,0xb9,0x60,0x00,0xfc,0xf3,0xa5,0xc7,0x06,0x4c,0x00,0x17,0x00, 0xa3,0x4e,0x00,0xfb,0x8a,0x16,0x2d,0x06,0x89,0xee,0xfa,0xea,0x00,0x7c,0x00,0x00, 0xbe,0xaa,0x07,0xe8,0x02,