LVM MBR Disassembled
Loaded at 7C00h, setup stack and copy block from 7C00 to 7E00h. Push 7E20h on the stack and return near which will begin execution at 7E20h. This is the initial code loaded at 07C0:0000 and the disassembled code relocated at 07E0:0000 continues below.
After relocation the entry is at 7E20, I left out the 7E00 to 7E1F code which is not used. I am really only interested in the basic follow and the loaded and follow-on module, so some of the commenting could be better. In general, a Boot Manager partition is looked for and a simple consistency check is done on the MBR.
If you see below a check is made to verify INT 13 Extensions API support (see
CheckINT13Ext). The result is stored at 3000:0000, if supported 58333149h is stored if not 0 is stored. This value is used later.
ReadDrive procedure is used to load the second drive without using the INT 13 Extensions API, but is used later to load the partition boot information using INT 13 Extensions API.
Things for my own note, there are 3 possible error messages while processing the LVM MBR: SYS01462, SYS01463, and SYS01464. Also, the drives look like they must support INT 13 Extensions API which should not be a problem now days.
The partition boot information is loaded at 7C00 and execution is continued.
(7C00h)
_entry proc near
; disable interupts
cli
; setup stack
mov ax, 30h
mov ss, ax
mov sp, 100h ; decimal 256
; enable interupts
sti
; move 7C00 to 7E00 +512
cld
xor ax, ax ; Zero out the Accumulator
mov ds, ax ; Zero-out Data Segment
mov es, ax ; Zero-out Extra Segment
mov si, 7C00h ; Copy from here...
mov di, 7E00h ; copy to here: 0000:7E00
mov cx, 200h ; 200h (512 words) count
rep movsw
; push return addr 7E20 and execute return
push 7E20h
retn
_entry endp
After the code is moved from 0000:7C00 to 0000:7E00 the entry point is 0000:7E20.
(7E20)
_relocentry proc near
mov si, 7EFAh ; si point to SYS01462 message start
mov bx, 7FBEh ; bx set to first partition info location
; *** Check for Boot Manager
; read each MBR record and check if it is type Boot Manager (0x0A).
bootman00:
cmp byte ptr [bx+4], 0Ah ; cmp part type 11 (0Ah) BootManager
jz short checktype ; jump if Boot Manager partition found
add bx, 10h ; setup to read next partition entry
cmp bx, 7FFEh ; check for sig - end of MBR if not get next
jl short bootman00
xor ax, ax ; zero ax
int 13h ; DISK - RESET DISK SYSTEM
; DISK - GET DRIVE PARAMETERS (PC,XT286,CONV,PS,ESDI,SCSI)
; AH = 08h
; DL = drive (bit 7 set for hard disk)
; Return:CF set on error
; AH = status (07h) (see #0211)
; CF clear if successful
; AH = 00h
; AL = 00h on at least some BIOSes
; BL = drive type (AT/PS2 floppies only) (see #0219)
; CH = low eight bits of maximum cylinder number
; CL = maximum sector number (bits 5-0)
; high two bits of maximum cylinder number (bits 7-6)
; DH = maximum head number
; DL = number of drives
; ES:DI -> drive parameter table (floppies only)
; check for drive #2
mov ah, 8
mov dl, 81h ; drive 2
int 13h
jb short checktype ; jump no 2nd drive
; read 2nd drive MBR
mov cx, 7FB4h
mov dl, 81h
call ReadDrive
or ah, ah
jnz short checktype ; jump if read error
cmp word ptr ds:7DFEh, 0AA55h ; check signature
jnz short checktype ; jump not valid MBR signature
mov bx, 7DBEh ; set start 2nd drive MBR info
; Check for Boot Manager on 2nd drive
bootman01:
cmp byte ptr [bx+4], 0Ah
jnz short bootman02
; the following get executed if a 0Ah found on 2nd drive
mov dl, 81h ; second drive 81h in dl
mov cx, bx ; bx - location of 0Ah partition info
jmp short extcheck2
bootman02:
add bx, 10h
cmp bx, 7DFEh
jl short bootman01
; *** Check for bootable partition
; get here if boot manager part found on 1st drive, no second drive, and falls through
; no boot manager found on second drive
checktype:
mov bx, 7FBEh ; load _bootind partition 1
xor cx, cx ; zero cx
; seems to just run through the MBR and ensure it is somewhat correct
checktype1:
cmp byte ptr [bx], 80h ; is it bootable?
jnz short checktype2 ; jump if not bootable
or cx, cx
jnz short DispMsgEntry ; Not zero display SYS01462 error and hang
mov cx, bx
jmp short checktype3
checktype2:
cmp byte ptr [bx], 0 ; is it 0 (not-bootable) - so if not 80h or 0 then unknown _bootind
jnz short DispMsgEntry ; Not zero display SYS01462 error and hang
checktype3:
add bx, 10h ; increment to next partition record
cmp bx, 7FFEh ; at the end of MBR - check signature
jl short checktype1
or cx, cx
jnz short extcheck1
int 18h ; None were bootable, so start ROM-BASIC many
; BIOS simply display "PRESS A KEY TO REBOOT"
; when an Interrupt 18h is executed.
extcheck1:
mov dl, 80h ; first drive
; at this point dl contains drive number 80h or 81h
extcheck2:
pusha ; PUSH AX, CX, DX, BX, SP, BP, SI and DI
call CheckINT13Ext
popa ; POP AX, CX, DX, BX, SP, BP, SI and DI
push dx
push cx
call ReadDrive
jz short vbr00 ; jump no error
mov si, 7F0Fh ; SYS01463 Message
jmp short DispMsgEntry ; Not zero display error and hang
vbr00:
mov si, 7F24h ; SYS01464 Message
cmp ds:SigEnd, 0AA55h ; compare to end block signature
jnz short DispMsgEntry ; Not zero display error and hang
pop si ; seems to hold MBR pointer
pop dx ; boot drive number
jmp far ptr 0000:7C00h ; ** jump 0000:7C00 **
_relocentry endp
; IBM/MS INT 13 Extensions - INSTALLATION CHECK
; AH = 41h
; BX = 55AAh
; DL = drive (80h-FFh)
; Return:CF set on error (extensions not supported)
; AH = 01h (invalid function)
; CF clear if successful
; BX = AA55h if installed
; AH = major version of extensions
; 01h = 1.x
; 20h = 2.0 / EDD-1.0
; 21h = 2.1 / EDD-1.1
; 30h = EDD-3.0
; AL = internal use
; CX = API subset support bitmap (see #0248)
; DH = extension version (v2.0+ ??? -- not present in 1.x)
; Note: The Phoenix Enhanced Disk Drive Specification v1.0 uses version 2.0 of the INT 13 Extensions API
;
; See Also: AH=42h"INT 13 Ext" - AH=48h"INT 13 Ext"
;
; Bitfields for IBM/MS INT 13 Extensions API support bitmap:
;
; Bit(s) Description (Table 0248)
; 0 extended disk access functions (AH=42h-44h,47h,48h) supported
; 1 removable drive controller functions (AH=45h,46h,48h,49h,INT 15/AH=52h)
; supported
; 2 enhanced disk drive (EDD) functions (AH=48h,AH=4Eh) supported.
; Extended drive parameter table is valid (see #0250,#0255)
; 3-15 reserved (0)
;
; NOTE: From : http://lrs.uni-passau.de/support/doc/interrupt-57/RB-0668.HTM
; checks for extended int 13 capability -
; Exit if supported 3000:0000 move 58333149h
; not supported mov 0
; * dl contains drive number on entry
(7EBA)
CheckINT13Ext proc near
mov ah, 41h
mov bx, 55AAh
int 13h
jb short NoINT13Ext ; jump to NoINT13Ext is not supported
cmp bx, 0AA55h ; AA55h if installed INT 13 Extensions API
jnz short NoINT13Ext
cmp ah, 21h ; major version of extensions 21h = 2.1 / EDD-1.1
jb short NoINT13Ext
test cl, 1 ; Test if extended Disk Access functions supported
jz short NoINT13Ext
mov eax, 58333149h
jmp short INT13Continue
NoINT13Ext:
xor ax, ax ; zero ax if ext 13 not supported
INT13Continue:
push 3000h ; store eax at 3000:0000
pop fs
mov fs:0, eax
retn
CheckINT13Ext endp
There are 3 possible error messages while processing the LVM MBR: SYS01462, SYS01463, and SYS01464:
***** DISPLAY MESSAGE LOOP *****
(7EE8)
DispMsgEntry:
xor bx, bx ; zero bx
jmp short DispMsg
DispNext:
int 10h
DispMsg:
mov ah, 0Eh
lodsb ; get char of message
or al, al ; check if end
jnz short DispNext
sti
HangLoop:
jmp short HangLoop
; The following boot message information is from Bob Eager,
; Tavi Systems page http://www.tavi.co.uk/os2pages/boot.html:
; SYS01462
; The partition table on the startup drive is incorrect. Generally, this
; means either that more than one partition is marked active, or one of
; the partitions has a status byte with a value other than 00H or 80H,
; which are the only legal values.
7EF8 db 12h
7EF9 db 0
7EFA _SYS01462 db 'OS/2 !! SYS01462',0Dh,0Ah,0
; SYS01463
; The operating system cannot be loaded from the startup drive. This is
; caused by a disk read error, while reading the boot sector of the
; active partition
7F0D db 12h
7F0E db 0
7F0F _SYS01463 db 'OS/2 !! SYS01463',0Dh,0Ah,0
; SYS01464
; The operating system is missing from the startup drive. A valid boot
; sector for a partition should contain the values 055H and 0AAH in its
; last two bytes, in that order. This is a simple validation check,
; intended to prevent attempts to boot from a corrupt or unformatted
; partition. This message is generated if the validation check for
; these two bytes fails.
7F22 db 12h
7F23 db 0
7F24 _SYS01464 db 'OS/2 !! SYS01464',0Dh,0Ah,0
ReadDrive procedure loads MBR of the second drive and the boot record of the botable partition:
; On entry:
; DL == drive
; CX == location of Track + Sector to read
; location 3000:0000 == 49h ext read supported else old 0 - 1023 read
ReadDrive proc near
mov bx, cx
mov di, 5
; see INT13Ext storage 3000:0000
push 3000h
pop fs
cmp byte ptr fs:0, 49h
jz short ExtRead ; equals 49h if ext supported
; CX contains both the cylinder number (10 bits, possible
; values are 0 to 1023) and the sector number (6 bits, possible values are 1 to 63):
mov cx, [bx+2]
; Head
mov dh, [bx+1]
; (ES):BX = Memory Buffer
mov bx, 7C00h
ReadOld01:
xor ax, ax
int 13h ; Reset DISK
mov ax, 201h ; Function 2 AH == 00000010 / Sectors To Read Count AL == 00000001
int 13h ; INT 13, -- Read Sectors From Drive
jnb short ReadOld02 ; error reading
dec di ; number of retries - default 5
jg short ReadOld01 ; retry read
ReadOld02:
retn
; The following are the "INT 13 Extensions Installation Check" and
; the Extended READ sectors from Hard Drive (Function 42h) routines.
; **** Normal entry if Ext int13 supported after CheckINT13Ext call
ExtRead:
; dl == drive number
push ds
mov eax, [bx+8] ; load number of sectors before partition from MBR
; set fs and ds 0x3000
push fs
pop ds
; DS:SI segment:offset pointer to the DAP, see below
; DAP == 3000:0008
mov si, 8
; DAP : Disk Address Packet (16 bytes)
; offset range size description
; 00h 1 byte size of DAP = 16 = 10h
; 01h 1 byte unused, should be zero
; 02h 1 byte number of sectors to be read, 0..127 (= 7Fh)
; 03h 1 byte unused, should be zero
; 04h..07h 4 bytes segment:offset pointer to the memory buffer to which sectors will be transferred
; 08h..0Fh 8 bytes absolute number of the start of the sectors to be read (1st sector of drive has number 0)
mov ds:4, eax
mov [si+8], eax
xor eax, eax ; zero eax
mov word ptr [si], 10h ; 00h BYTE 10h (size of packet)
mov word ptr [si+2], 1 ; number of blocks to transfer
mov word ptr [si+4], 7C00h ; -> transfer buffer
mov [si+6], ax
mov [si+0Ch], eax
; DAP"
; 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10
; 10 00 01 00 [00 7C 00 00] [00 3F 00 00 00 00 00 00]
ReadJmp04:
sub ax, ax
int 13h ; Reset drive
mov ah, 42h ; function number for extended read
int 13h
jnb short ReadJmp05 ; Error
dec di
ja short ReadJmp04 ; Retry read
ReadJmp05:
pop ds
retn
ReadDrive endp
; The following is an example using my current Virtual PC drive
; src/jfs/utils/libfs/mbr.h -- from openJFS source located on Netlabs.org
;
; struct part {
; UCHAR bootind; /* 0x80 means partition is bootable */
; UCHAR starthead; /* head number of partition start */
; UCHAR startsect; /* sector number */
; UCHAR startcyl; /* cylinder number */
; UCHAR systind; /* partition ID */
; UCHAR endhead; /* head number of partition end */
; UCHAR endsect; /* sector number */
; UCHAR endcyl; /* cylinder number */
; ULONG lsn; /* number of sectors before partition */
; ULONG nsects; /* number of sectors in partition */
; };
;
; struct mbr {
; UCHAR code[0x1be]; /* boot record code and data */
; struct part ptbl[4]; /* the partition table */
; USHORT sig; /* special signature */
; };
7FB8 OptiDiskSig dd 0
7FBC dw 0CC33h
7FBE ; ***** Partition 1 *****
7FBE _bootind db 80h ; bootable
7FBF _starthead db 1
7FC0 _startsect db 1
7FC1 _startcyl db 0
7FC2 _systind db 7
7FC3 _endhead db 3Fh
7FC4 _endsect db 0FFh
7FC5 _endcyl db 0F6h
7FC6 _lsn dd 3Fh
7FCA _nsects dd 3E7201h
7FCE ; ***** Partition 2 *****
7FCE Part2 db 10h dup(0)
7FDE ; ***** Partition 3 *****
7FDE Part3 db 10h dup(0)
7FEE ; ***** Partition 4 *****
7FEE Part4 db 10h dup(0)
7FFE ; ***** Signature *****
7FFE SigEnd dw 0AA55h
