1、-1/23-U盘启动盘启动主讲人主讲人:高琳高琳-2/23-windows启动流程启动流程BIOSMBRPBRBootMgr-3/23-如何让如何让BIOS引导我引导我我需要一个我需要一个MBR。Master Boot Record在磁盘的在磁盘的0扇区位置。扇区位置。包含三个部分包含三个部分:1.引导代码引导代码 (446 Byte)2.DPT,分区表,分区表(4*16 Byte)3.结束符结束符(2 Byte)-4/23-磁盘上的磁盘上的MBR-5/23-MBR掌握主导权,我如何引导操作系统掌握主导权,我如何引导操作系统1.引导程序占扇区前引导程序占扇区前446字节。计算机在上电完成字节。
2、计算机在上电完成BIOS自检后,会将该主引自检后,会将该主引导扇区加载到内存中并执行前面导扇区加载到内存中并执行前面446字节的引导程序,引导程序首先会在分字节的引导程序,引导程序首先会在分区表中查找活动分区,若存在活动分区,则根据活动分区的偏移量找到该活区表中查找活动分区,若存在活动分区,则根据活动分区的偏移量找到该活动分区上的引导扇区的地址,并将该引导扇区加载到内存中,同时检查该引动分区上的引导扇区的地址,并将该引导扇区加载到内存中,同时检查该引导扇区的有效性,然后根据该引导扇区的规则去引导操作系。导扇区的有效性,然后根据该引导扇区的规则去引导操作系。2.分区表占扇区中间分区表占扇区中间6
3、4字节。分区表是磁盘管理最重要的部分,通过分区表字节。分区表是磁盘管理最重要的部分,通过分区表信息来定位各个分区,访问用户数据。分区表包含信息来定位各个分区,访问用户数据。分区表包含4个分区项,每一个分区个分区项,每一个分区项通过位置偏移、分区大小来唯一确定一个主分区或者扩展分区。每个分区项通过位置偏移、分区大小来唯一确定一个主分区或者扩展分区。每个分区项占项占16字节,包括引导标识、起始和结束位置的字节,包括引导标识、起始和结束位置的CHS参数、分区类型、开始参数、分区类型、开始扇区、分区大小等。扇区、分区大小等。-6/23-0 x00000000:33c0 XOR AX,AX0 x0000
4、0002:8ed0 MOV SS,AX0 x00000004:bc007c MOV SP,0 x7c00 ;当前栈区在当前栈区在0 x7c000 x00000007:fb STI0 x00000008:50 PUSH AX0 x00000009:07 POP ES0 x0000000a:50 PUSH AX0 x0000000b:1f POP DS0 x0000000c:fc CLD0 x0000000d:be1b7c MOV SI,0 x7c1b0 x00000010:bf1b06 MOV DI,0 x61b0 x00000013:50 PUSH AX0 x00000014:57 PUSH
5、DI0 x00000015:b9e501 MOV CX,0 x1e5 ;区块初始化区块初始化0 x00000018:f3a4 REP MOVSB ;复制引导扇区内容到复制引导扇区内容到DI所在位置所在位置0 x0000001a:cb RETF ;远返回指令,相当于跳转到远返回指令,相当于跳转到0:DI0 x0000001b:bdbe07 MOV BP,0 x7be ;栈底栈底 7be 即指向即指向DPT表表0 x0000001e:b104 MOV CL,0 x40 x00000020:386e00 CMP BP+0 x0,CH ;对介质类型判断对介质类型判断0 x00000023:7c09 J
6、L 0 x2e0 x00000025:7513 JNZ 0 x3a0 x00000027:83c510 ADD BP,0 x10 ;继续判断下一个分区表继续判断下一个分区表0 x0000002a:e2f4 LOOP 0 x200 x0000002c:cd18 INT 0 x180 x0000002e:8bf5 MOV SI,BP0 x00000030:83c610 ADD SI,0 x100 x00000033:49 DEC CX0 x00000034:7419 JZ 0 x4f0 x00000036:382c CMP SI,CH0 x00000038:74f6 JZ 0 x300 x0000
7、003a:a0b507 MOV AL,0 x7b50 x0000003d:b407 MOV AH,0 x70 x0000003f:8bf0 MOV SI,AX0 x00000041:ac LODSB0 x00000042:3c00 CMP AL,0 x00 x00000044:74fc JZ 0 x420 x00000046:bb0700 MOV BX,0 x70 x00000049:b40e MOV AH,0 xe0 x0000004b:cd10 INT 0 x100 x0000004d:ebf2 JMP 0 x410 x0000004f:884e10 MOV BP+0 x10,CL0 x0
8、0000052:e84600 CALL 0 x9b0 x00000055:732a JAE 0 x810 x00000057:fe4610 INC BYTE BP+0 x100 x0000005a:807e040b CMP BYTE BP+0 x4,0 xb0 x0000005e:740b JZ 0 x6b0 x00000060:807e040c CMP BYTE BP+0 x4,0 xc0 x00000064:7405 JZ 0 x6b0 x00000066:a0b607 MOV AL,0 x7b60 x00000069:75d2 JNZ 0 x3d0 x0000006b:80460206
9、ADD BYTE BP+0 x2,0 x60 x0000006f:83460806 ADD WORD BP+0 x8,0 x60 x00000073:83560a00 ADC WORD BP+0 xa,0 x00 x00000077:e82100 CALL 0 x9b0 x0000007a:7305 JAE 0 x810 x0000007c:a0b607 MOV AL,0 x7b60 x0000007f:ebbc JMP 0 x3d0 x00000081:813efe7d55aa CMP WORD 0 x7dfe,0 xaa55 ;检测检测signature0 x00000087:740b J
10、Z 0 x940 x00000089:807e1000 CMP BYTE BP+0 x10,0 x0 0 x0000008d:74c8 JZ 0 x57 ;if(支持支持 API位图位图)0 x0000008f:a0b707 MOV AL,0 x7b7 0 x00000092:eba9 JMP 0 x3d0 x00000094:8bfc MOV DI,SP0 x00000096:1e PUSH DS0 x00000097:57 PUSH DI0 x00000098:8bf5 MOV SI,BP0 x0000009a:cb RETF0 x0000009b:bf0500 MOV DI,0 x50
11、x0000009e:8a5600 MOV DL,BP+0 x00 x000000a1:b408 MOV AH,0 x80 x000000a3:cd13 INT 0 x130 x000000a5:7223 JB 0 xca0 x000000a7:8ac1 MOV AL,CL0 x000000a9:243f AND AL,0 x3f0 x000000ab:98 CBW0 x000000ac:8ade MOV BL,DH0 x000000ae:8afc MOV BH,AH0 x000000b0:43 INC BX0 x000000b1:f7e3 MUL BX0 x000000b3:8bd1 MOV
12、DX,CX0 x000000b5:86d6 XCHG DH,DL0 x000000b7:b106 MOV CL,0 x60 x000000b9:d2ee SHR DH,CL0 x000000bb:42 INC DX0 x000000bc:f7e2 MUL DX0 x000000be:39560a CMP BP+0 xa,DX0 x000000c1:7723 JA 0 xe60 x000000c3:7205 JB 0 xca0 x000000c5:394608 CMP BP+0 x8,AX0 x000000c8:731c JAE 0 xe60 x000000ca:b80102 MOV AX,0
13、x2010 x000000cd:bb007c MOV BX,0 x7c000 x000000d0:8b4e02 MOV CX,BP+0 x20 x000000d3:8b5600 MOV DX,BP+0 x00 x000000d6:cd13 INT 0 x130 x000000d8:7351 JAE 0 x12b0 x000000da:4f DEC DI0 x000000db:744e JZ 0 x12b0 x000000dd:32e4 XOR AH,AH0 x000000df:8a5600 MOV DL,BP+0 x00 x000000e2:cd13 INT 0 x130 x000000e4:
14、ebe4 JMP 0 xca0 x000000e6:8a5600 MOV DL,BP+0 x00 x000000e9:60 PUSHA0 x000000ea:bbaa55 MOV BX,0 x55aa0 x000000ed:b441 MOV AH,0 x410 x000000ef:cd13 INT 0 x13 0 x000000f1:7236 JB 0 x1290 x000000f3:81fb55aa CMP BX,0 xaa55 0 x000000f7:7530 JNZ 0 x1290 x000000f9:f6c101 TEST CL,0 x1 0 x000000fc:742b JZ 0 x
15、1290 x000000fe:61 POPA0 x000000ff:60 PUSHA ;寄存器保护寄存器保护0 x00000100:6a00 PUSH 0 x0 ;BlockNum_H40 x00000102:6a00 PUSH 0 x00 x00000104:ff760a PUSH WORD BP+0 xa0 x00000107:ff7608 PUSH WORD BP+0 x8 ;BlockNum_L40 x0000010a:6a00 PUSH 0 x0 ;BufferAddr_H20 x0000010c:68007c PUSH WORD 0 x7c00 ;BufferAddr_L20 x0
16、000010f:6a01 PUSH 0 x1 ;BlockCount=10 x00000111:6a10 PUSH 0 x10 ;PacketSize=16 PReserved=00 x00000113:b442 MOV AH,0 x42 ;磁盘地址数据包磁盘地址数据包0 x00000115:8bf4 MOV SI,SP0 x00000117:cd13 INT 0 x13 ;扩展读扩展读0 x00000119:61 POPA0 x0000011a:61 POPA0 x0000011b:730e JAE 0 x12b0 x0000011d:4f DEC DI0 x0000011e:740b JZ
17、 0 x12b0 x00000120:32e4 XOR AH,AH0 x00000122:8a5600 MOV DL,BP+0 x00 x00000125:cd13 INT 0 x130 x00000127:ebd6 JMP 0 xff0 x00000129:61 POPA0 x0000012a:f9 STC0 x0000012b:c3 RET-7/23-真正进入操作系统的引导真正进入操作系统的引导活动分区的第一个扇区活动分区的第一个扇区 PBR结构结构-8/23-PBRPartition Boot Record,分区引导记录。分区引导记录。DBR主要由下列几个部分组成:主要由下列几个部分组成
18、:1跳转指令,占用跳转指令,占用3个字节的跳转指令将跳转至引导代码。个字节的跳转指令将跳转至引导代码。2厂商标识和厂商标识和DOS版本号,该部分总共占用版本号,该部分总共占用8个字节。个字节。3BPB(BIOS Parameter Block,BIOS 参数块)。参数块)。4操作系统引导程序。操作系统引导程序。5结束标志字,结束标志占用结束标志字,结束标志占用2个字节,其值为个字节,其值为AA55-9/23-FAT16分区分区DBR中的信息中的信息typedef struct PBRUINT16 BPB_BytsPerSec;/一个扇区多少字节一个扇区多少字节UINT8 BPB_SecPerC
19、lus;/一个簇多少扇区一个簇多少扇区UINT16 BPB_RsvdSecCnt;/保留扇区数保留扇区数UINT8 BPB_NumFATs;/FAT表个数表个数UINT16 BPB_RootEntCnt;/根目录多少项根目录多少项UINT16 BPB_TotSec16;UINT8 BPB_Media;UINT16 BPB_FATSz16;/一个分区表多少扇区一个分区表多少扇区UINT16 BPB_SecPerTrk;UINT16 BPB_NumHeads;UINT32 BPB_HiddSec;UINT32 BPB_TotSec32;UINT8 BS_drvNum;UINT8 BS_Reserv
20、ed1;UINT8 BS_BootSig;UINT8 BS_VolId4;UINT8 BS_VolLab11;UINT8 BS_FileSysType8;/分区类型分区类型UINT8 BootCode448;/引导代码引导代码UINT16 Signature;-10/23-引导代码引导代码BootCode-11/23-BootMgr引导操作系统内核启动引导操作系统内核启动BootMgrWinload.exeNtoskrnl.exe-12/23-PBR-bootmgr-bootBCD(注册表文件,如果是多系统则会提供引导界面注册表文件,如果是多系统则会提供引导界面)-winload.exe-nt
21、oskrnl.exehttps:/ byte MBRCodeHDDPlus=0 xfa,0 x31,0 xc0,0 x8e,0 xd8,0 x8e,0 xc0,0 x8e,0 xd0,0 xbc,0 x00,0 x7c,0 xfb,0 xfc,0 x89,0 xe6,0 xbf,0 x00,0 x06,0 xb9,0 x00,0 x01,0 xf3,0 xa5,0 xea,0 xdc,0 x06,0 x00,0 x00,0 x10,0 x00,0 x01,0 x00,0 x00,0 x7c,0 x00,0 x00,0 x00,0 x00,0 x00,0 x00,0 x00,0 x00,0 x0
22、0,0 x00,0 x80,0 x3f,0 x00,0 xff,0 x00,0 x41,0 x00,0 x1e,0 x0e,0 x1f,0 x3a,0 x16,0 x10,0 x00,0 x74,0 x06,0 x1f,0 xea,0 x36,0 xe7,0 x00,0 xf0,0 x3d,0 xfb,0 x54,0 x75,0 x05,0 x8c,0 xd8,0 xfb,0 xeb,0 x1d,0 x80,0 xfc,0 x08,0 x75,0 x1b,0 xe8,0 x81,0 x00,0 x8a,0 x36,0 x13,0 x00,0 xfe,0 xce,0 x8b,0 x0e,0 x1
23、5,0 x00,0 x86,0 xcd,0 xc0,0 xe1,0 x06,0 x0a,0 x0e,0 x11,0 x00,0 x31,0 xc0,0 xf8,0 xeb,0 x65,0 x80,0 xfc,0 x02,0 x72,0 xcb,0 x80,0 xfc,0 x04,0 x77,0 xc6,0 x60,0 x80,0 xcc,0 x40,0 x50,0 xbe,0 x00,0 x00,0 xc7,0 x04,0 x10,0 x00,0 x30,0 xe4,0 x89,0 x44,0 x02,0 x89,0 x5c,0 x04,0 x8c,0 x44,0 x06,0 x66,0 x3
24、1,0 xc0,0 x66,0 x89,0 x44,0 x0c,0 x88,0 xf0,0 xf6,0 x26,0 x11,0 x00,0 x88,0 xcf,0 x88,0 xeb,0 xc0,0 xef,0 x06,0 x81,0 xe1,0 x3f,0 x00,0 x01,0 xc8,0 x48,0 x89,0 xc7,0 xa1,0 x13,0 x00,0 xf7,0 x26,0 x11,0 x00,0 xf7,0 xe3,0 x01,0 xf8,0 x81,0 xd2,0 x00,0 x00,0 x89,0 x44,0 x08,0 x89,0 x54,0 x0a,0 x58,0 x3
25、0,0 xc0,0 x8a,0 x16,0 x10,0 x00,0 xe8,0 x0c,0 x00,0 x88,0 x26,0 x03,0 x00,0 x61,0 xa1,0 x02,0 x00,0 x1f,0 xca,0 x02,0 x00,0 x9c,0 xff,0 x1e,0 x22,0 x00,0 xc3,0 x80,0 xfa,0 x8f,0 x7f,0 x04,0 x88,0 x16,0 x2d,0 x06,0 xbe,0 x87,0 x07,0 xe8,0 x8d,0 x00,0 xbe,0 xbe,0 x07,0 x31,0 xc0,0 xb9,0 x04,0 x00,0 xf
26、6,0 x04,0 x80,0 x74,0 x03,0 x40,0 x89,0 xf5,0 x81,0 xc6,0 x10,0 x00,0 xe2,0 xf2,0 x48,0 x74,0 x02,0 xcd,0 x18,0 xbf,0 x05,0 x00,0 xbe,0 x1d,0 x06,0 xc7,0 x44,0 x02,0 x01,0 x00,0 x66,0 x8b,0 x46,0 x08,0 x66,0 x89,0 x44,0 x08,0 xb8,0 x00,0 x42,0 x8a,0 x16,0 x2d,0 x06,0 xcd,0 x13,0 x73,0 x0d,0 x4f,0 x7
27、4,0 x49,0 x30,0 xe4,0 x8a,0 x16,0 x2d,0 x06,0 xcd,0 x13,0 xeb,0 xd8,0 xa1,0 xfe,0 x7d,0 x3d,0 x55,0 xaa,0 x75,0 x37,0 xfa,0 x66,0 xa1,0 x4c,0 x00,0 x66,0 xa3,0 x3f,0 x06,0 xbe,0 x13,0 x04,0 x8b,0 x04,0 x48,0 x89,0 x04,0 xc1,0 xe0,0 x06,0 x8e,0 xc0,0 x31,0 xff,0 xbe,0 x1d,0 x06,0 xb9,0 x60,0 x00,0 xf
28、c,0 xf3,0 xa5,0 xc7,0 x06,0 x4c,0 x00,0 x17,0 x00,0 xa3,0 x4e,0 x00,0 xfb,0 x8a,0 x16,0 x2d,0 x06,0 x89,0 xee,0 xfa,0 xea,0 x00,0 x7c,0 x00,0 x00,0 xbe,0 xaa,0 x07,0 xe8,0 x02,0 x00,0 xeb,0 xfe,0 xac,0 x20,0 xc0,0 x74,0 x09,0 xb4,0 x0e,0 xbb,0 x07,0 x00,0 xcd,0 x10,0 xeb,0 xf2,0 xc3,0 x53,0 x74,0 x6
29、1,0 x72,0 x74,0 x20,0 x62,0 x6f,0 x6f,0 x74,0 x69,0 x6e,0 x67,0 x20,0 x66,0 x72,0 x6f,0 x6d,0 x20,0 x55,0 x53,0 x42,0 x20,0 x64,0 x65,0 x76,0 x69,0 x63,0 x65,0 x2e,0 x2e,0 x2e,0 x0d,0 x0a,0 x00,0 x42,0 x6f,0 x6f,0 x74,0 x20,0 x66,0 x61,0 x69,0 x6c,0 x65,0 x64,0 x00,0 x00,0 x00;-15/23-打开驱动器写入打开驱动器写入M
30、BRCString drive;drive.Format(_T(.PhysicalDrive%d),diskNum);HANDLE hDisk=CreateFile(drive,GENERIC_READ|GENERIC_WRITE,FILE_SHARE_READ|FILE_SHARE_WRITE,NULL,OPEN_EXISTING,NULL,NULL);DWORD dwBytesRead=0;byte buffer0 x200=0;BOOL ret=ReadFile(hDisk,buffer,0 x200,&dwBytesRead,NULL);MASTER_BOOT_RECORD*pBoot
31、Record=(MASTER_BOOT_RECORD*)buffer;pBootRecord-PartitionRecord0.OSType=12;if(BootType=_T(HDD+)memcpy(pBootRecord-BootCode,MBRCodeHDDPlus,440);SetFilePointer(hDisk,0,0,FILE_BEGIN);DWORD dwBytesWrite=0;WriteFile(hDisk,buffer,0 x200,&dwBytesWrite,NULL);CloseHandle(hDisk);-16/23-PBR引导代码引导代码DWORD dwOffse
32、t=SECTORSIZE*(pBootRecord-PartitionRecord0.StartingLBA);SetFilePointer(hDisk,dwOffset,0,FILE_BEGIN);DWORD dwRead=0;BYTE lpBPBBuf0 x200=0;ReadFile(hDisk,lpBPBBuf,SECTORSIZE,&dwRead,NULL);if(FormatType=_T(FAT16)PBR_FAT16*pPBR=(PBR_FAT16*)lpBPBBuf;int len=sizeof(PBRBootCode_FAT16);memcpy(pPBR-BootCode,PBRBootCode_FAT16,len);SetFilePointer(hDisk,dwOffset,0,FILE_BEGIN);DWORD dwBytesWrite=0;WriteFile(hDisk,lpBPBBuf,0 x200,&dwBytesWrite,NULL);-17/23-把把WinPE复制进去一切复制进去一切OK-18/23-
浙ICP备2021020529号-1 | 浙B2-20240490 
