Depending on terminology the first sector of each partition is
sometimes called the ‘boot’ sector. It is also sometimes called
the ‘Bios Parameter Block’. In fact it is both. The first sector
on a drive is referred to as the ‘Master Boot Record’ or ‘MBR’.
The boot process on P.C. compatible computers loads the ‘MBR’
which is drive sector 0 and executes the code starting at byte 0.
That code looks at the partition table which is also in drive
sector 0 for a partition entry that is marked as active, i.e. it
has a hex 80 as it’s first byte.
The boot code (from the MBR) then loads the first sector of the
active partition (on most modern drives this is sector 63) and
turns over control to the code loaded from that sector. The first
two or three bytes loaded from the ‘boot’ sector are a jump command
that cause the program counter to jump over the Bios Parameter Block
and continue execution at that point. The remainder of the boot code
loads whatever other things the particular operating system needs to
get itself going.
For partitions that are ‘extended partitions’ and or partitions that
are not marked active in the partition table there is no requirement
for the boot code to exist in the ‘boot’ sector, however the ‘BPB’ must
exist since it has specific information for the partition.
The first sector of an ‘extended partition’ contain another partition table
which contains the information as to where to find the start of the
extended partition.
I will not go into the gotchas and nuances of walking the partition
structure links but suffice it to say that it is moronic the way it
has been implemented by Microsoft.
So to put the following data structures into context you will find
the following structures in the following places:
struct p_entry -> you’ll find 4 of these in the Master Boot Record
and in the first sector of each extended partition.
struct BootSector -> this is the Bios Parameter Block that is found
in the first sector of the partition (boot sector)
that is pointed to by the partition table entry.
struct Partition -> This is the Master Boot Record, the first 446 bytes
is the boot code that determines which partition is
the active partition in the partition table that is
contained in the p_tbl. The signature member
indicates a valid sector and is hex 55AA, (0x55AA).
Mike
-----Original Message-----
From: David Jones [SMTP:xxxxx@Charismac.com]
Sent: Monday, May 08, 2000 10:39 AM
To: File Systems Developers
Subject: [ntfsd] RE: Checking access to boot sector
Ratmil:
No the first sector of every partition is not the boot sector.
The partition is the complete domain of the file system. So booting
from NTFS, FAT, or any file system plug in could be completely
different. ( Microsoft does not give information out on its NTFS file
system ). Now sector 0 is scared for all Microsoft operating systems.
Not only does it contain the partition information, but also the boot
information for the disk. The structure for partition 0 is as follows:
struct p_entry
{
UCHAR boot_ID;
UCHAR boot_HSC[3]
UCHAR system_ID
UCHAR end_HSC[3];
ULONG sector_offset;
ULONG sector_length;
};
struct BootSector
{
UCHAR entry_point[3];
UCHAR oem[8];
UINT bps;
UCHAR spau;
UINT res_sectors;
UCHAR num_fats;
UINT root_files;
UINT volume_size;
UCHAR media_byte;
UINT spf;
UINT spt;
UINT hpc;
ULONG hidden;
ULONG volume_size;
};
struct Partition
{
UCHAR code[446] //Boot code for device
p_entry p_tbl[MAXPART]; // partition entries
UINT signature;
};
David Jones
CharisMac Engineering
-----Original Message-----
From: Ratmil Torres Vargas [SMTP:xxxxx@ghost.matcom.uh.cu]
Sent: Monday, May 08, 2000 10:15 AM
To: David Jones; Wyler Furgeson
Subject: [ntfsd] RE: Checking access to boot sectorIsn’t there a Boot Sector in in the first sector of every partition
of a
hard drive? And isn’t the first sector on hard drive the partition
table?
I have another question. I have noticed that Partition0 (and only
Partition0) gets called when I access any phisical sector (by
Cylinder,
Side etc), no matter in what partition that sector is. How do I get
information in that call?
THANK YOU.On Fri, 5 May 2000, David Jones wrote:
> Ratmil:
>
> Here is how partitions work in a file system situation. One the
> drive is broken into partitions 0 through x. Now if you attach to
all
> the partitions like you say the following happens. In partition 1
when
> the ByteOffset is 0 then that is not the begining of the physical
disk
> but the begining of partition 1. ( Which if you let the Windisk set
it
> up is usually 32 sectors in. ) Now to control access to the boot
sector
> you MUST ATTACH TO PARTITION 0 of the desired harddrive. Then you
can
> look for access to BYTEOFFSET = 0. The ByteOffset is a large
integer
> and a check to the QUADPART that results in 0 is what your looking
for.
> A good way to test your code is to set up your driver on a test
> hard drive. Then partition that hard drive with windisk (Which will
> affect the boot sector ) and see if your code intercepts the call.
>
>
> I hope this is helpful
>
> David Jones
> CharisMac Engineering
>
>
> > -----Original Message-----
> > From: Ratmil Torres Vargas [SMTP:xxxxx@ghost.matcom.uh.cu]
> > Sent: Friday, May 05, 2000 7:05 AM
> > To: David Jones; Wyler Furgeson
> > Subject: [ntfsd] Checking access to boot sector
> >
> > Hello.
> > I’m writing a driver to control access to boot sector. So I
attach to
> > \HardDiskN\PartitionN. I was told that to know if boot sector
was
> > being
> > accessed to check
> > currentIrpStack->Parameters.Read.ByteOffset
> >
> > ByteOffset is a LARGE_INTEGER that indicates the sector being
> > accessed.
> > So if this number is 0 I got an access to boot sector. But in the
a
> > normal
> > file save (a .txt for example) I get (ByteOffset == 0). As well
> > ByteOffset.LowPart as ByteOffset.LowPart.
> > Am I doing something wrong?
> > Thank you.
> >
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@Charismac.com
> > To unsubscribe send a blank email to
$subst(‘Email.Unsub’)
>
You are currently subscribed to ntfsd as: xxxxx@Charismac.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)
You are currently subscribed to ntfsd as: xxxxx@grystone.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)