U盤啟動的原理和程序制作方法

U盤啟動主講人:高琳windows啟動流程BIOSMBRPBRBootMgr如何讓BIOS引導(dǎo)我我需要一個MBR。MasterBootRecord在磁盤的0扇區(qū)位置。包含三個部分:引導(dǎo)代碼(446Byte)DPT，分區(qū)表(4*16Byte)結(jié)束符(2Byte)磁盤上的MBRMBR掌握主導(dǎo)權(quán)，我如何引導(dǎo)操作系統(tǒng)1.引導(dǎo)程序占扇區(qū)前446字節(jié)。計算機在上電完成BIOS自檢后，會將該主引導(dǎo)扇區(qū)加載到內(nèi)存中并執(zhí)行前面446字節(jié)的引導(dǎo)程序，引導(dǎo)程序首先會在分區(qū)表中查找活動分區(qū)，若存在活動分區(qū)，則根據(jù)活動分區(qū)的偏移量找到該活動分區(qū)上的引導(dǎo)扇區(qū)的地址，并將該引導(dǎo)扇區(qū)加載到內(nèi)存中，同時檢查該引導(dǎo)扇區(qū)的有效性，然后根據(jù)該引導(dǎo)扇區(qū)的規(guī)則去引導(dǎo)操作系。2.分區(qū)表占扇區(qū)中間64字節(jié)。分區(qū)表是磁盤管理最重要的部分，通過分區(qū)表信息來定位各個分區(qū)，訪問用戶數(shù)據(jù)。分區(qū)表包含4個分區(qū)項，每一個分區(qū)項通過位置偏移、分區(qū)大小來唯一確定一個主分區(qū)或者擴展分區(qū)。每個分區(qū)項占16字節(jié)，包括引導(dǎo)標(biāo)識、起始和結(jié)束位置的CHS參數(shù)、分區(qū)類型、開始扇區(qū)、分區(qū)大小等。0x00000000:33c0XORAX,AX0x00000002:8ed0MOVSS,AX0x00000004:bc007cMOVSP,0x7c00;當(dāng)前棧區(qū)在0x7c000x00000007:fbSTI0x00000008:50PUSHAX0x00000009:07POPES0x0000000a:50PUSHAX0x0000000b:1fPOPDS0x0000000c:fcCLD0x0000000d:be1b7cMOVSI,0x7c1b0x00000010:bf1b06MOVDI,0x61b0x00000013:50PUSHAX0x00000014:57PUSHDI0x00000015:b9e501MOVCX,0x1e5;區(qū)塊初始化0x00000018:f3a4REPMOVSB;復(fù)制引導(dǎo)扇區(qū)內(nèi)容到DI所在位置0x0000001a:cbRETF;遠(yuǎn)返回指令，相當(dāng)于跳轉(zhuǎn)到0:DI0x0000001b:bdbe07MOVBP,0x7be;棧底7be即指向DPT表0x0000001e:b104MOVCL,0x40x00000020:386e00CMP[BP+0x0],CH;對介質(zhì)類型判斷0x00000023:7c09JL0x2e0x00000025:7513JNZ0x3a0x00000027:83c510ADDBP,0x10;繼續(xù)判斷下一個分區(qū)表0x0000002a:e2f4LOOP0x200x0000002c:cd18INT0x180x0000002e:8bf5MOVSI,BP0x00000030:83c610ADDSI,0x100x00000033:49DECCX0x00000034:7419JZ0x4f0x00000036:382cCMP[SI],CH0x00000038:74f6JZ0x300x0000003a:a0b507MOVAL,[0x7b5]0x0000003d:b407MOVAH,0x70x0000003f:8bf0MOVSI,AX0x00000041:acLODSB0x00000042:3c00CMPAL,0x00x00000044:74fcJZ0x420x00000046:bb0700MOVBX,0x70x00000049:b40eMOVAH,0xe0x0000004b:cd10INT0x100x0000004d:ebf2JMP0x410x0000004f:884e10MOV[BP+0x10],CL0x00000052:e84600CALL0x9b0x00000055:732aJAE0x810x00000057:fe4610INCBYTE[BP+0x10]0x0000005a:807e040bCMPBYTE[BP+0x4],0xb0x0000005e:740bJZ0x6b0x00000060:807e040cCMPBYTE[BP+0x4],0xc0x00000064:7405JZ0x6b0x00000066:a0b607MOVAL,[0x7b6]0x00000069:75d2JNZ0x3d0x0000006b:80460206ADDBYTE[BP+0x2],0x60x0000006f:83460806ADDWORD[BP+0x8],0x60x00000073:83560a00ADCWORD[BP+0xa],0x00x00000077:e82100CALL0x9b0x0000007a:7305JAE0x810x0000007c:a0b607MOVAL,[0x7b6]0x0000007f:ebbcJMP0x3d0x00000081:813efe7d55aaCMPWORD[0x7dfe],0xaa55;檢測signature0x00000087:740bJZ0x940x00000089:807e1000CMPBYTE[BP+0x10],0x00x0000008d:74c8JZ0x57;if(支持API位圖){0x0000008f:a0b707MOVAL,[0x7b7]0x00000092:eba9JMP0x3d0x00000094:8bfcMOVDI,SP0x00000096:1ePUSHDS0x00000097:57PUSHDI0x00000098:8bf5MOVSI,BP0x0000009a:cbRETF0x0000009b:bf0500MOVDI,0x50x0000009e:8a5600MOVDL,[BP+0x0]0x000000a1:b408MOVAH,0x80x000000a3:cd13INT0x130x000000a5:7223JB0xca0x000000a7:8ac1MOVAL,CL0x000000a9:243fANDAL,0x3f0x000000ab:98CBW0x000000ac:8adeMOVBL,DH0x000000ae:8afcMOVBH,AH0x000000b0:43INCBX0x000000b1:f7e3MULBX0x000000b3:8bd1MOVDX,CX0x000000b5:86d6XCHGDH,DL0x000000b7:b106MOVCL,0x60x000000b9:d2eeSHRDH,CL0x000000bb:42INCDX0x000000bc:f7e2MULDX0x000000be:39560aCMP[BP+0xa],DX0x000000c1:7723JA0xe60x000000c3:7205JB0xca0x000000c5:394608CMP[BP+0x8],AX0x000000c8:731cJAE0xe60x000000ca:b80102MOVAX,0x2010x000000cd:bb007cMOVBX,0x7c000x000000d0:8b4e02MOVCX,[BP+0x2]0x000000d3:8b5600MOVDX,[BP+0x0]0x000000d6:cd13INT0x130x000000d8:7351JAE0x12b0x000000da:4fDECDI0x000000db:744eJZ0x12b0x000000dd:32e4XORAH,AH0x000000df:8a5600MOVDL,[BP+0x0]0x000000e2:cd13INT0x130x000000e4:ebe4JMP0xca0x000000e6:8a5600MOVDL,[BP+0x0]0x000000e9:60PUSHA0x000000ea:bbaa55MOVBX,0x55aa0x000000ed:b441MOVAH,0x410x000000ef:cd13INT0x130x000000f1:7236JB0x1290x000000f3:81fb55aaCMPBX,0xaa550x000000f7:7530JNZ0x1290x000000f9:f6c101TESTCL,0x10x000000fc:742bJZ0x1290x000000fe:61POPA0x000000ff:60PUSHA;寄存器保護(hù)0x00000100:6a00PUSH0x0;BlockNum_H40x00000102:6a00PUSH0x00x00000104:ff760aPUSHWORD[BP+0xa]0x00000107:ff7608PUSHWORD[BP+0x8];BlockNum_L40x0000010a:6a00PUSH0x0;BufferAddr_H20x0000010c:68007cPUSHWORD0x7c00;BufferAddr_L20x0000010f:6a01PUSH0x1;BlockCount=10x00000111:6a10PUSH0x10;PacketSize=16PReserved=00x00000113:b442MOVAH,0x42;磁盤地址數(shù)據(jù)包0x00000115:8bf4MOVSI,SP0x00000117:cd13INT0x13;擴展讀0x00000119:61POPA0x0000011a:61POPA0x0000011b:730eJAE0x12b0x0000011d:4fDECDI0x0000011e:740bJZ0x12b0x00000120:32e4XORAH,AH0x00000122:8a5600MOVDL,[BP+0x0]0x00000125:cd13INT0x130x00000127:ebd6JMP0xff0x00000129:61POPA0x0000012a:f9STC0x0000012b:c3RET真正進(jìn)入操作系統(tǒng)的引導(dǎo)活動分區(qū)的第一個扇區(qū)PBR結(jié)構(gòu)PBRPartitionBootRecord,分區(qū)引導(dǎo)記錄。DBR主要由下列幾個部分組成：1．跳轉(zhuǎn)指令，占用3個字節(jié)的跳轉(zhuǎn)指令將跳轉(zhuǎn)至引導(dǎo)代碼。2．廠商標(biāo)識和DOS版本號，該部分總共占用8個字節(jié)。3．BPB（BIOSParameterBlock，BIOS參數(shù)塊）。4．操作系統(tǒng)引導(dǎo)程序。5．結(jié)束標(biāo)志字，結(jié)束標(biāo)志占用2個字節(jié)，其值為AA55FAT16分區(qū)DBR中的信息typedefstructPBR{ UINT16BPB_BytsPerSec;//一個扇區(qū)多少字節(jié) UINT8BPB_SecPerClus;//一個簇多少扇區(qū) UINT16BPB_RsvdSecCnt;//保留扇區(qū)數(shù) UINT8BPB_NumFATs;//FAT表個數(shù) UINT16BPB_RootEntCnt;//根目錄多少項 UINT16BPB_TotSec16; UINT8BPB_Media; UINT16BPB_FATSz16;//一個分區(qū)表多少扇區(qū) UINT16BPB_SecPerTrk; UINT16BPB_NumHeads; UINT32BPB_HiddSec; UINT32BPB_TotSec32; UINT8BS_drvNum; UINT8BS_Reserved1; UINT8BS_BootSig; UINT8BS_VolId[4]; UINT8BS_VolLab[11]; UINT8BS_FileSysType[8];//分區(qū)類型 UINT8BootCode[448];//引導(dǎo)代碼 UINT16Signature;};引導(dǎo)代碼BootCodeBootMgr引導(dǎo)操作系統(tǒng)內(nèi)核啟動BootMgrWinload.exeNtoskrnl.exePBR->bootmgr->boot\BCD(注冊表文件，如果是多系統(tǒng)則會提供引導(dǎo)界面)->winload.exe->ntoskrnl.exe/zh-cn/library/cc771845(v=ws.10).aspx總結(jié)一下要做一個U盤啟動盤，我需要5個東西:1.一個U盤(金士頓)2.一個MBR制作工具(diskgenius)3.一個分區(qū)工具(diskgenius)4.一個PBR制作工具(bootice)5.一個WINPE系統(tǒng)代碼所能做的寫入MBR引導(dǎo)Code，引導(dǎo)方式不同，引導(dǎo)代碼不同，一般都是硬編碼。CONSTbyteMBRCodeHDDPlus[]={ 0xfa,0x31,0xc0,0x8e,0xd8,0x8e,0xc0,0x8e,0xd0,0xbc,0x00,0x7c,0xfb,0xfc,0x89,0xe6, 0xbf,0x00,0x06,0xb9,0x00,0x01,0xf3,0xa5,0xea,0xdc,0x06,0x00,0x00,0x10,0x00,0x01, 0x00,0x00,0x7c,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x80,0x3f,0x00, 0xff,0x00,0x41,0x00,0x1e,0x0e,0x1f,0x3a,0x16,0x10,0x00,0x74,0x06,0x1f,0xea,0x36, 0xe7,0x00,0xf0,0x3d,0xfb,0x54,0x75,0x05,0x8c,0xd8,0xfb,0xeb,0x1d,0x80,0xfc,0x08, 0x75,0x1b,0xe8,0x81,0x00,0x8a,0x36,0x13,0x00,0xfe,0xce,0x8b,0x0e,0x15,0x00,0x86, 0xcd,0xc0,0xe1,0x06,0x0a,0x0e,0x11,0x00,0x31,0xc0,0xf8,0xeb,0x65,0x80,0xfc,0x02, 0x72,0xcb,0x80,0xfc,0x04,0x77,0xc6,0x60,0x80,0xcc,0x40,0x50,0xbe,0x00,0x00,0xc7, 0x04,0x10,0x00,0x30,0xe4,0x89,0x44,0x02,0x89,0x5c,0x04,0x8c,0x44,0x06,0x66,0x31, 0xc0,0x66,0x89,0x44,0x0c,0x88,0xf0,0xf6,0x26,0x11,0x00,0x88,0xcf,0x88,0xeb,0xc0, 0xef,0x06,0x81,0xe1,0x3f,0x00,0x01,0xc8,0x48,0x89,0xc7,0xa1,0x13,0x00,0xf7,0x26, 0x11,0x00,0xf7,0xe3,0x01,0xf8,0x81,0xd2,0x00,0x00,0x89,0x44,0x08,0x89,0x54,0x0a, 0x58,0x30,0xc0,0x8a,0x16,0x10,0x00,0xe8,0x0c,0x00,0x88,0x26,0x03,0x00,0x61,0xa1, 0x02,0x00,0x1f,0xca,0x02,0x00,0x9c,0xff,0x1e,0x22,0x00,0xc3,0x80,0xfa,0x8f,0x7f, 0x04,0x88,0x16,0x2d,0x06,0xbe,0x87,0x07,0xe8,0x8d,0x00,0xbe,0xbe,0x07,0x31,0xc0, 0xb9,0x04,0x00,0xf6,0x04,0x80,0x74,0x03,0x40,0x89,0xf5,0x81,0xc6,0x10,0x00,0xe2, 0xf2,0x48,0x74,0x02,0xcd,0x18,0xbf,0x05,0x00,0xbe,0x1d,0x06,0xc7,0x44,0x02,0x01, 0x00,0x66,0x8b,0x46,0x08,0x66,0x89,0x44,0x08,0xb8,0x00,0x42,0x8a,0x16,0x2d,0x06, 0xcd,0x13,0x73,0x0d,0x4f,0x74,0x49,0x30,0xe4,0x8a,0x16,0x2d,0x06,0xcd,0x13,0xeb, 0xd8,0xa1,0xfe,0x7d,0x3d,0x55,0xaa,0x75,0x37,0xfa,0x66,0xa1,0x4c,0x00,0x66,0xa3, 0x3f,0x06,0xbe,0x13,0x04,0x8b,0x04,0x48,0x89,0x04,0xc1,0xe0,0x06,0x8e,0xc0,0x31, 0xff,0xbe,0x1d,0x06,0xb9,0x60,0x00,0xfc,0xf3,0xa5,0xc7,0x06,0x4c,0x00,0x17,0x00, 0xa3,0x4e,0x00,0xfb,0x8a,0x16,0x2d,0x06,0x89,0xee,0xfa,0xea,0x00,0x7c,0x00,0x00, 0xbe,0xaa,0x07,0xe8,0x02,0x00,0xeb,0xfe,0xac,0x20,0xc0,0x74,0x09,0xb4,0x0e,0xbb, 0x07,0x00,0xcd,0x10,0xeb,0xf2,0xc3,0x53,0x74,0x61,0x72,0x74,0x20,0x62,0x6f,0x6f, 0x74,0x69,0x6e,0x67,0x20,0x66,0x72,0x6f,0x6d,0x20,0x55,0x53,0x42,0x