bochs跟的东西～

ywledoc

前面的流程MBR检查完0X55AA，把控制权交给。
第一个活动分区的DBR读到内存，把控制权交给DBR～
下面是DBR的内容，就快到ntldr了

1. BOOT_SECTOR:7CE0 sub_7CE0 proc near                      ; CODE XREF: BOOT_SECTOR:7CCBp
   
2. BOOT_SECTOR:7CE0 push    si
   
3. BOOT_SECTOR:7CE1 xor     si, si
   
4. BOOT_SECTOR:7CE3 push    si
   
5. BOOT_SECTOR:7CE4 push    si
   
6. BOOT_SECTOR:7CE5 push    dx
   
7. BOOT_SECTOR:7CE6 push    ax
   
8. BOOT_SECTOR:7CE7 push    es
   
9. BOOT_SECTOR:7CE8 push    bx
   
10. BOOT_SECTOR:7CE9 push    cx
    
11. BOOT_SECTOR:7CEA mov     si, 10h
    
12. BOOT_SECTOR:7CED push    si
    
13. BOOT_SECTOR:7CEE mov     si, sp
    
14. BOOT_SECTOR:7CF0 push    ax
    
15. BOOT_SECTOR:7CF1 push    dx
    
16. BOOT_SECTOR:7CF2 mov     ax, 4200h
    
17. BOOT_SECTOR:7CF5 mov     dl, [bp+24h]                        //读入63扇区开始的内容到内存0x7c00
    
18. BOOT_SECTOR:7CF8 int     13h                            //63扇区是第一个活动分区的DBR
    
19. BOOT_SECTOR:7CFA pop     dx               
    
20. BOOT_SECTOR:7CFB pop     ax
    
21. BOOT_SECTOR:7CFC
    
22. BOOT_SECTOR:7CFC ///loc_7CFC:
    
23. BOOT_SECTOR:7CFC lea     sp, [si+10h]
    
24. BOOT_SECTOR:7CFF jb      short loc_7D0B
    
25. BOOT_SECTOR:7D01
    
26. BOOT_SECTOR:7D01 /////loc_7D01:                               ; CODE XREF: sub_7CE0+28j
    
27. BOOT_SECTOR:7D01 inc     ax
    
28. BOOT_SECTOR:7D02 jnz     short loc_7D05
    
29. BOOT_SECTOR:7D04 inc     dx
    
30. BOOT_SECTOR:7D05
    
31. BOOT_SECTOR:7D05 ///loc_7D05:                               ; CODE XREF: sub_7CE0+22j
    
32. BOOT_SECTOR:7D05 add     bh, 2
    
33. BOOT_SECTOR:7D08 loop    loc_7D01
    
34. BOOT_SECTOR:7D0A clc
    
35. BOOT_SECTOR:7D0B
    
36. BOOT_SECTOR:7D0B /////loc_7D0B:                               ; CODE XREF: sub_7CE0+1Fj
    
37. BOOT_SECTOR:7D0B pop     si
    
38. BOOT_SECTOR:7D0C retn
    
39. 
    
40. 
    
41. (0) [0x00000000000006f8] 0000:06f8 (unk. ctxt): int 0x13                  ; cd13
    
42. <bochs:1032> BOCHS>r
    
43. rax: 0x00000000:00004200 rcx: 0x00000000:00000001
    
44. rdx: 0x00000000:00000080 rbx: 0x00000000:00007c00
    
45. rsp: 0x00000000:00007be6 rbp: 0x00000000:000007be
    
46. rsi: 0x00000000:000e7bea rdi: 0x00000000:0000000a
    
47. r8 : 0x00000000:00000000 r9 : 0x00000000:00000000
    
48. r10: 0x00000000:00000000 r11: 0x00000000:00000000
    
49. r12: 0x00000000:00000000 r13: 0x00000000:00000000
    
50. r14: 0x00000000:00000000 r15: 0x00000000:00000000
    
51. rip: 0x00000000:000006f8
    
52. <bochs:1203> BOCHS>x /16 0x7bea
    
53. [bochs]:
    
54. 0x0000000000007bea <bogus+       0>:        0x10        0x00        0x01        0x00        0x00        0x7c        0x00        0x00
    
55. 0x0000000000007bf2 <bogus+       8>:        0x3f        0x00        0x00        0x00        0x00        0x00        0x00        0x00
    
56. 
    
57. (0) [0x00000000000006fa] 0000:06fa (unk. ctxt): pop dx                    ; 5a
    
58. <bochs:1270> BOCHS>p
    
59. Next at t=17827205
    
60. (0) [0x00000000000006fb] 0000:06fb (unk. ctxt): pop ax                    ; 58
    
61. <bochs:1279> BOCHS>p
    
62. Next at t=17827206
    
63. (0) [0x00000000000006fc] 0000:06fc (unk. ctxt): lea sp, word ptr ds:[si+16] ; 8d6410
    
64. <bochs:1288> BOCHS>p
    
65. Next at t=17827207
    
66. (0) [0x00000000000006ff] 0000:06ff (unk. ctxt): jb .+10 (0x0000070b)      ; 720a
    
67. <bochs:1297> BOCHS>p
    
68. Next at t=17827208
    
69. (0) [0x0000000000000701] 0000:0701 (unk. ctxt): inc ax                    ; 40
    
70. <bochs:1306> BOOT_SECTOR:7C60: Can't find name (hint: use manual arg)
    
71. BOCHS>p
    
72. Next at t=17827209
    
73. (0) [0x0000000000000702] 0000:0702 (unk. ctxt): jnz .+1 (0x00000705)      ; 7501
    
74. <bochs:1387> BOCHS>p
    
75. Next at t=17827210
    
76. (0) [0x0000000000000705] 0000:0705 (unk. ctxt): add bh, 0x02              ; 80c702
    
77. <bochs:1395> BOCHS>p
    
78. Next at t=17827211
    
79. (0) [0x0000000000000708] 0000:0708 (unk. ctxt): loop .-9 (0x00000701)     ; e2f7
    
80. <bochs:1403> BOCHS>p
    
81. Next at t=17827212
    
82. (0) [0x000000000000070a] 0000:070a (unk. ctxt): clc                       ; f8
    
83. <bochs:1411> BOCHS>p
    
84. Next at t=17827213
    
85. (0) [0x000000000000070b] 0000:070b (unk. ctxt): pop si                    ; 5e
    
86. <bochs:1419> BOCHS>p
    
87. Next at t=17827214
    
88. (0) [0x000000000000070c] 0000:070c (unk. ctxt): ret                       ; c3
    
89. <bochs:1427> BOCHS>p
    
90. Next at t=17827215
    
91. (0) [0x00000000000006ce] 0000:06ce (unk. ctxt): pop dx                    ; 5a
    
92. <bochs:1435> BOCHS>p
    
93. Next at t=17827216
    
94. (0) [0x00000000000006cf] 0000:06cf (unk. ctxt): jmp .-43 (0x000006a6)     ; ebd5
    
95. (0) [0x00000000000006a6] 0000:06a6 (unk. ctxt): jb .+41 (0x000006d1)      ; 7229
    
96. (0) [0x00000000000006a8] 0000:06a8 (unk. ctxt): mov si, 0x0746            ; be4607
    
97. (0) [0x00000000000006ab] 0000:06ab (unk. ctxt): cmp word ptr ds:0x7dfe, 0xaa55 ; 813efe7d55aa
    
98. (0) [0x00000000000006b1] 0000:06b1 (unk. ctxt): jz .+90 (0x0000070d)      ; 745a
    
99. (0) [0x000000000000070d] 0000:070d (unk. ctxt): jmp .+116 (0x00000783)    ; eb74
    
100. <bochs:1551> BOCHS>p
     
101. Next at t=17827222
     
102. (0) [0x0000000000000783] 0000:0783 (unk. ctxt): mov di, sp                ; 8bfc
     
103. <bochs:1560> BOCHS>p
     
104. Next at t=17827223
     
105. (0) [0x0000000000000785] 0000:0785 (unk. ctxt): push ds                   ; 1e
     
106. <bochs:1569> BOCHS>p
     
107. Next at t=17827224
     
108. (0) [0x0000000000000786] 0000:0786 (unk. ctxt): push di                   ; 57
     
109. <bochs:1578> BOCHS>p
     
110. Next at t=17827225
     
111. (0) [0x0000000000000787] 0000:0787 (unk. ctxt): mov si, bp                ; 8bf5
     
112. <bochs:1587> BOCHS>p
     
113. Next at t=17827226
     
114. (0) [0x0000000000000789] 0000:0789 (unk. ctxt): retf                      ; cb
     
115. <bochs:1596> BOCHS>p
     
116. Next at t=17827227
     
117. (0) [0x0000000000007c00] 0000:7c00 (unk. ctxt): jmp .+88 (0x00007c5a)     ; eb58
     
118. <bochs:1605> BOCHS>p
     
119. Next at t=17827228
     
120. (0) [0x0000000000007c5a] 0000:7c5a (unk. ctxt): xor cx, cx                ; 33c9
     
121. <bochs:1631>
     
122. 
     
123. 
     
124. BOOT_SECTOR:7C5A xor     cx, cx
     
125. BOOT_SECTOR:7C5C mov     ss, cx
     
126. BOOT_SECTOR:7C5E mov     sp, 7BF4h
     
127. BOOT_SECTOR:7C61 mov     es, cx
     
128. BOOT_SECTOR:7C63 mov     ds, cx
     
129. BOOT_SECTOR:7C65 mov     bp, 7C00h
     
130. BOOT_SECTOR:7C68 mov     [bp+2], cl
     
131. BOOT_SECTOR:7C6B mov     dl, [bp+40h]
     
132. BOOT_SECTOR:7C6E mov     ah, 8
     
133. BOOT_SECTOR:7C70
     
134. BOOT_SECTOR:7C70 ////loc_7C70:                               ; DISK - DISK - GET CURRENT DRIVE PARAMETERS (XT,AT,XT286,CONV,PS)
     
135. BOOT_SECTOR:7C70 int     13h
     
136. BOOT_SECTOR:7C72 jnb     short loc_7C79
     
137. BOOT_SECTOR:7C74 mov     cx, 0FFFFh
     
138. BOOT_SECTOR:7C77 mov     dh, cl
     
139. BOOT_SECTOR:7C79
     
140. BOOT_SECTOR:7C79 //////loc_7C79:                               ; CODE XREF: BOOT_SECTOR:7C72j
     
141. BOOT_SECTOR:7C79 movzx   eax, dh
     
142. BOOT_SECTOR:7C7D inc     ax
     
143. BOOT_SECTOR:7C7E movzx   edx, cl
     
144. BOOT_SECTOR:7C82 and     dl, 3Fh
     
145. BOOT_SECTOR:7C85 mul     dx
     
146. BOOT_SECTOR:7C87 xchg    cl, ch
     
147. BOOT_SECTOR:7C89 shr     ch, 6
     
148. BOOT_SECTOR:7C8C inc     cx
     
149. BOOT_SECTOR:7C8D movzx   ecx, cx
     
150. BOOT_SECTOR:7C91 mul     ecx                             ; CODE XREF: BOOT_SECTOR:7CB6j
     
151. BOOT_SECTOR:7C91                                         ; BOOT_SECTOR:7CD8j
     
152. BOOT_SECTOR:7C94 mov     [bp-8], eax
     
153. BOOT_SECTOR:7C98 cmp     word ptr [bp+16h], 0
     
154. BOOT_SECTOR:7C9C jnz     short loc_7CD6
     
155. BOOT_SECTOR:7C9E cmp     word ptr [bp+2Ah], 0
     
156. BOOT_SECTOR:7CA2 ja      short loc_7CD6
     
157. BOOT_SECTOR:7CA4 mov     eax, [bp+1Ch]
     
158. BOOT_SECTOR:7CA8 add     eax, 0Ch
     
159. BOOT_SECTOR:7CAC mov     bx, 8000h
     
160. BOOT_SECTOR:7CAF mov     cx, 1
     
161. BOOT_SECTOR:7CB2 call    sub_7CE0
     
162. 
     
163. 
     
164. //进sub_7CE0里去了
     
165. sub_7CE0 proc near
     
166. BOOT_SECTOR:7CE0 pushad
     
167. BOOT_SECTOR:7CE2 cmp     eax, [bp-8]                //eax == ?;bp == 0x7c00
     
168. BOOT_SECTOR:7CE6 jb      loc_7D34
     
169. 
     
170. 
     
171. BOOT_SECTOR:7D34 //////loc_7D34:                               ; CODE XREF: sub_7CE0+6j
     
172. BOOT_SECTOR:7D34 xor     edx, edx
     
173. BOOT_SECTOR:7D37 movzx   ecx, word ptr [bp+18h]
     
174. BOOT_SECTOR:7D3C div     ecx
     
175. BOOT_SECTOR:7D3F inc     dl
     
176. BOOT_SECTOR:7D41 mov     cl, dl
     
177. BOOT_SECTOR:7D43 mov     edx, eax
     
178. BOOT_SECTOR:7D46 shr     edx, 10h
     
179. BOOT_SECTOR:7D4A div     word ptr [bp+1Ah]
     
180. BOOT_SECTOR:7D4D xchg    dl, dh
     
181. BOOT_SECTOR:7D4F mov     dl, [bp+40h]
     
182. BOOT_SECTOR:7D52 mov     ch, al
     
183. BOOT_SECTOR:7D54 shl     ah, 6
     
184. BOOT_SECTOR:7D57 or      cl, ah
     
185. BOOT_SECTOR:7D59 mov     ax, 201h
     
186. BOOT_SECTOR:7D5C int     13h                             ; DISK - READ SECTORS INTO MEMORY
     
187. BOOT_SECTOR:7D5C                                         ; AL = number of sectors to read, CH = track, CL = sector
     
188. BOOT_SECTOR:7D5C                                         ; DH = head, DL = drive, ES:BX -> buffer to fill
     
189. BOOT_SECTOR:7D5C                                         ; Return: CF set on error, AH = status, AL = number of sectors read
     
190. BOOT_SECTOR:7D5E
     
191. BOOT_SECTOR:7D5E loc_7D5E:                               ; CODE XREF: sub_7CE0+52j
     
192. BOOT_SECTOR:7D5E popad
     
193. BOOT_SECTOR:7D60 jb      loc_7CB8
     
194. BOOT_SECTOR:7D64 add     bx, 200h
     
195. BOOT_SECTOR:7D68 inc     eax
     
196. BOOT_SECTOR:7D6A dec     cx
     
197. BOOT_SECTOR:7D6B jnz     sub_7CE0
     
198. BOOT_SECTOR:7D6F retn
     
199. 
     
200. //回主体继续～
     
201. jmp     near ptr 8000h
     
202. 
     
203. //0x8000h处代码
     
204. movzx   eax, byte ptr [bp+10h]
     
205. debug001:7A05 mov     ecx, [bp+24h]
     
206. debug001:7A09 mul     ecx
     
207. debug001:7A0C add     eax, [bp+1Ch]
     
208. debug001:7A10 movzx   edx, word ptr [bp+0Eh]
     
209. debug001:7A15 add     eax, edx
     
210. debug001:7A18 mov     [bp-4], eax
     
211. debug001:7A1C mov     dword ptr [bp-0Ch], 0FFFFFFFFh
     
212. debug001:7A24 mov     eax, [bp+2Ch]
     
213. debug001:7A28 cmp     eax, 2
     
214. debug001:7A2C jb      76D6h
     
215. debug001:7A30 cmp     eax, 0FFFFFF8h
     
216. debug001:7A36 jnb     76D6h
     
217. debug001:7A3A /////////////////////////loc_803A:
     
218. debug001:7A3A push    eax
     
219. debug001:7A3C sub     eax, 2
     
220. debug001:7A40 movzx   ebx, byte ptr [bp+0Dh]
     
221. debug001:7A45 mov     si, bx
     
222. debug001:7A47 mul     ebx
     
223. debug001:7A4A add     eax, [bp-4]
     
224. debug001:7A4E
     
225. debug001:7A4E ////loc_804E:                               ; CODE XREF: debug001:7A72j
     
226. debug001:7A4E mov     bx, 8200h
     
227. debug001:7A51 mov     di, bx
     
228. debug001:7A53 mov     cx, 1
     
229. debug001:7A56 call    76E0h
     
230. 
     
231. //然后晕了～
     

复制代码

一个小时，流程复杂+头疼～晕了晕了～

马大哈

.................顶顶....

ywledoc

回复 马大哈 的帖子

{:3_58:} 不好跟～

马大哈

;P折腾吧....支持折腾...