bochs跟的东西~
本帖最后由 ywledoc 于 2011-4-16 19:02 编辑前面的流程MBR检查完0X55AA,把控制权交给。
第一个活动分区的DBR读到内存,把控制权交给DBR~
下面是DBR的内容,就快到ntldr了BOOT_SECTOR:7CE0 sub_7CE0 proc near ; CODE XREF: BOOT_SECTOR:7CCBp
BOOT_SECTOR:7CE0 push si
BOOT_SECTOR:7CE1 xor si, si
BOOT_SECTOR:7CE3 push si
BOOT_SECTOR:7CE4 push si
BOOT_SECTOR:7CE5 push dx
BOOT_SECTOR:7CE6 push ax
BOOT_SECTOR:7CE7 push es
BOOT_SECTOR:7CE8 push bx
BOOT_SECTOR:7CE9 push cx
BOOT_SECTOR:7CEA mov si, 10h
BOOT_SECTOR:7CED push si
BOOT_SECTOR:7CEE mov si, sp
BOOT_SECTOR:7CF0 push ax
BOOT_SECTOR:7CF1 push dx
BOOT_SECTOR:7CF2 mov ax, 4200h
BOOT_SECTOR:7CF5 mov dl, //读入63扇区开始的内容到内存0x7c00
BOOT_SECTOR:7CF8 int 13h //63扇区是第一个活动分区的DBR
BOOT_SECTOR:7CFA pop dx
BOOT_SECTOR:7CFB pop ax
BOOT_SECTOR:7CFC
BOOT_SECTOR:7CFC ///loc_7CFC:
BOOT_SECTOR:7CFC lea sp,
BOOT_SECTOR:7CFF jb short loc_7D0B
BOOT_SECTOR:7D01
BOOT_SECTOR:7D01 /////loc_7D01: ; CODE XREF: sub_7CE0+28j
BOOT_SECTOR:7D01 inc ax
BOOT_SECTOR:7D02 jnz short loc_7D05
BOOT_SECTOR:7D04 inc dx
BOOT_SECTOR:7D05
BOOT_SECTOR:7D05 ///loc_7D05: ; CODE XREF: sub_7CE0+22j
BOOT_SECTOR:7D05 add bh, 2
BOOT_SECTOR:7D08 loop loc_7D01
BOOT_SECTOR:7D0A clc
BOOT_SECTOR:7D0B
BOOT_SECTOR:7D0B /////loc_7D0B: ; CODE XREF: sub_7CE0+1Fj
BOOT_SECTOR:7D0B pop si
BOOT_SECTOR:7D0C retn
(0) 0000:06f8 (unk. ctxt): int 0x13 ; cd13
<bochs:1032> BOCHS>r
rax: 0x00000000:00004200 rcx: 0x00000000:00000001
rdx: 0x00000000:00000080 rbx: 0x00000000:00007c00
rsp: 0x00000000:00007be6 rbp: 0x00000000:000007be
rsi: 0x00000000:000e7bea rdi: 0x00000000:0000000a
r8 : 0x00000000:00000000 r9 : 0x00000000:00000000
r10: 0x00000000:00000000 r11: 0x00000000:00000000
r12: 0x00000000:00000000 r13: 0x00000000:00000000
r14: 0x00000000:00000000 r15: 0x00000000:00000000
rip: 0x00000000:000006f8
<bochs:1203> BOCHS>x /16 0x7bea
:
0x0000000000007bea <bogus+ 0>: 0x10 0x00 0x01 0x00 0x00 0x7c 0x00 0x00
0x0000000000007bf2 <bogus+ 8>: 0x3f 0x00 0x00 0x00 0x00 0x00 0x00 0x00
(0) 0000:06fa (unk. ctxt): pop dx ; 5a
<bochs:1270> BOCHS>p
Next at t=17827205
(0) 0000:06fb (unk. ctxt): pop ax ; 58
<bochs:1279> BOCHS>p
Next at t=17827206
(0) 0000:06fc (unk. ctxt): lea sp, word ptr ds: ; 8d6410
<bochs:1288> BOCHS>p
Next at t=17827207
(0) 0000:06ff (unk. ctxt): jb .+10 (0x0000070b) ; 720a
<bochs:1297> BOCHS>p
Next at t=17827208
(0) 0000:0701 (unk. ctxt): inc ax ; 40
<bochs:1306> BOOT_SECTOR:7C60: Can't find name (hint: use manual arg)
BOCHS>p
Next at t=17827209
(0) 0000:0702 (unk. ctxt): jnz .+1 (0x00000705) ; 7501
<bochs:1387> BOCHS>p
Next at t=17827210
(0) 0000:0705 (unk. ctxt): add bh, 0x02 ; 80c702
<bochs:1395> BOCHS>p
Next at t=17827211
(0) 0000:0708 (unk. ctxt): loop .-9 (0x00000701) ; e2f7
<bochs:1403> BOCHS>p
Next at t=17827212
(0) 0000:070a (unk. ctxt): clc ; f8
<bochs:1411> BOCHS>p
Next at t=17827213
(0) 0000:070b (unk. ctxt): pop si ; 5e
<bochs:1419> BOCHS>p
Next at t=17827214
(0) 0000:070c (unk. ctxt): ret ; c3
<bochs:1427> BOCHS>p
Next at t=17827215
(0) 0000:06ce (unk. ctxt): pop dx ; 5a
<bochs:1435> BOCHS>p
Next at t=17827216
(0) 0000:06cf (unk. ctxt): jmp .-43 (0x000006a6) ; ebd5
(0) 0000:06a6 (unk. ctxt): jb .+41 (0x000006d1) ; 7229
(0) 0000:06a8 (unk. ctxt): mov si, 0x0746 ; be4607
(0) 0000:06ab (unk. ctxt): cmp word ptr ds:0x7dfe, 0xaa55 ; 813efe7d55aa
(0) 0000:06b1 (unk. ctxt): jz .+90 (0x0000070d) ; 745a
(0) 0000:070d (unk. ctxt): jmp .+116 (0x00000783) ; eb74
<bochs:1551> BOCHS>p
Next at t=17827222
(0) 0000:0783 (unk. ctxt): mov di, sp ; 8bfc
<bochs:1560> BOCHS>p
Next at t=17827223
(0) 0000:0785 (unk. ctxt): push ds ; 1e
<bochs:1569> BOCHS>p
Next at t=17827224
(0) 0000:0786 (unk. ctxt): push di ; 57
<bochs:1578> BOCHS>p
Next at t=17827225
(0) 0000:0787 (unk. ctxt): mov si, bp ; 8bf5
<bochs:1587> BOCHS>p
Next at t=17827226
(0) 0000:0789 (unk. ctxt): retf ; cb
<bochs:1596> BOCHS>p
Next at t=17827227
(0) 0000:7c00 (unk. ctxt): jmp .+88 (0x00007c5a) ; eb58
<bochs:1605> BOCHS>p
Next at t=17827228
(0) 0000:7c5a (unk. ctxt): xor cx, cx ; 33c9
<bochs:1631>
BOOT_SECTOR:7C5A xor cx, cx
BOOT_SECTOR:7C5C mov ss, cx
BOOT_SECTOR:7C5E mov sp, 7BF4h
BOOT_SECTOR:7C61 mov es, cx
BOOT_SECTOR:7C63 mov ds, cx
BOOT_SECTOR:7C65 mov bp, 7C00h
BOOT_SECTOR:7C68 mov , cl
BOOT_SECTOR:7C6B mov dl,
BOOT_SECTOR:7C6E mov ah, 8
BOOT_SECTOR:7C70
BOOT_SECTOR:7C70 ////loc_7C70: ; DISK - DISK - GET CURRENT DRIVE PARAMETERS (XT,AT,XT286,CONV,PS)
BOOT_SECTOR:7C70 int 13h
BOOT_SECTOR:7C72 jnb short loc_7C79
BOOT_SECTOR:7C74 mov cx, 0FFFFh
BOOT_SECTOR:7C77 mov dh, cl
BOOT_SECTOR:7C79
BOOT_SECTOR:7C79 //////loc_7C79: ; CODE XREF: BOOT_SECTOR:7C72j
BOOT_SECTOR:7C79 movzx eax, dh
BOOT_SECTOR:7C7D inc ax
BOOT_SECTOR:7C7E movzx edx, cl
BOOT_SECTOR:7C82 and dl, 3Fh
BOOT_SECTOR:7C85 mul dx
BOOT_SECTOR:7C87 xchg cl, ch
BOOT_SECTOR:7C89 shr ch, 6
BOOT_SECTOR:7C8C inc cx
BOOT_SECTOR:7C8D movzx ecx, cx
BOOT_SECTOR:7C91 mul ecx ; CODE XREF: BOOT_SECTOR:7CB6j
BOOT_SECTOR:7C91 ; BOOT_SECTOR:7CD8j
BOOT_SECTOR:7C94 mov , eax
BOOT_SECTOR:7C98 cmp word ptr , 0
BOOT_SECTOR:7C9C jnz short loc_7CD6
BOOT_SECTOR:7C9E cmp word ptr , 0
BOOT_SECTOR:7CA2 ja short loc_7CD6
BOOT_SECTOR:7CA4 mov eax,
BOOT_SECTOR:7CA8 add eax, 0Ch
BOOT_SECTOR:7CAC mov bx, 8000h
BOOT_SECTOR:7CAF mov cx, 1
BOOT_SECTOR:7CB2 call sub_7CE0
//进sub_7CE0里去了
sub_7CE0 proc near
BOOT_SECTOR:7CE0 pushad
BOOT_SECTOR:7CE2 cmp eax, //eax == ?;bp == 0x7c00
BOOT_SECTOR:7CE6 jb loc_7D34
BOOT_SECTOR:7D34 //////loc_7D34: ; CODE XREF: sub_7CE0+6j
BOOT_SECTOR:7D34 xor edx, edx
BOOT_SECTOR:7D37 movzx ecx, word ptr
BOOT_SECTOR:7D3C div ecx
BOOT_SECTOR:7D3F inc dl
BOOT_SECTOR:7D41 mov cl, dl
BOOT_SECTOR:7D43 mov edx, eax
BOOT_SECTOR:7D46 shr edx, 10h
BOOT_SECTOR:7D4A div word ptr
BOOT_SECTOR:7D4D xchg dl, dh
BOOT_SECTOR:7D4F mov dl,
BOOT_SECTOR:7D52 mov ch, al
BOOT_SECTOR:7D54 shl ah, 6
BOOT_SECTOR:7D57 or cl, ah
BOOT_SECTOR:7D59 mov ax, 201h
BOOT_SECTOR:7D5C int 13h ; DISK - READ SECTORS INTO MEMORY
BOOT_SECTOR:7D5C ; AL = number of sectors to read, CH = track, CL = sector
BOOT_SECTOR:7D5C ; DH = head, DL = drive, ES:BX -> buffer to fill
BOOT_SECTOR:7D5C ; Return: CF set on error, AH = status, AL = number of sectors read
BOOT_SECTOR:7D5E
BOOT_SECTOR:7D5E loc_7D5E: ; CODE XREF: sub_7CE0+52j
BOOT_SECTOR:7D5E popad
BOOT_SECTOR:7D60 jb loc_7CB8
BOOT_SECTOR:7D64 add bx, 200h
BOOT_SECTOR:7D68 inc eax
BOOT_SECTOR:7D6A dec cx
BOOT_SECTOR:7D6B jnz sub_7CE0
BOOT_SECTOR:7D6F retn
//回主体继续~
jmp near ptr 8000h
//0x8000h处代码
movzx eax, byte ptr
debug001:7A05 mov ecx,
debug001:7A09 mul ecx
debug001:7A0C add eax,
debug001:7A10 movzx edx, word ptr
debug001:7A15 add eax, edx
debug001:7A18 mov , eax
debug001:7A1C mov dword ptr , 0FFFFFFFFh
debug001:7A24 mov eax,
debug001:7A28 cmp eax, 2
debug001:7A2C jb 76D6h
debug001:7A30 cmp eax, 0FFFFFF8h
debug001:7A36 jnb 76D6h
debug001:7A3A /////////////////////////loc_803A:
debug001:7A3A push eax
debug001:7A3C sub eax, 2
debug001:7A40 movzx ebx, byte ptr
debug001:7A45 mov si, bx
debug001:7A47 mul ebx
debug001:7A4A add eax,
debug001:7A4E
debug001:7A4E ////loc_804E: ; CODE XREF: debug001:7A72j
debug001:7A4E mov bx, 8200h
debug001:7A51 mov di, bx
debug001:7A53 mov cx, 1
debug001:7A56 call 76E0h
//然后晕了~
一个小时,流程复杂+头疼~晕了晕了~ {:1_118:}.................顶顶.... 回复 马大哈 的帖子
{:3_58:} 不好跟~ ;P折腾吧....支持折腾...
页:
[1]