U盘启动的原理和程序制作方法

1、U盘启动盘启动主讲人: 高琳windows启动流程BIOSMBRPBRBootMgr如何让BIOS引导我我需要一个MBR。Master Boot Record在磁盘的0扇区位置。包含三个部分:1. 引导代码 (446 Byte)2. DPT，分区表(4*16 Byte)3. 结束符 (2 Byte)磁盘上的MBRMBR掌握主导权，我如何引导操作系统1.引导程序占扇区前446字节。计算机在上电完成BIOS自检后，会将该主引导扇区加载到内存中并执行前面446字节的引导程序，引导程序首先会在分区表中查找活动分区，若存在活动分区，则根据活动分区的偏移量找到该活动分区上的引导扇区的地址，并将该引导扇区加

2、载到内存中，同时检查该引导扇区的有效性，然后根据该引导扇区的规则去引导操作系。2.分区表占扇区中间64字节。分区表是磁盘管理最重要的部分，通过分区表信息来定位各个分区，访问用户数据。分区表包含4个分区项，每一个分区项通过位置偏移、分区大小来唯一确定一个主分区或者扩展分区。每个分区项占16字节，包括引导标识、起始和结束位置的CHS参数、分区类型、开始扇区、分区大小等。0 x00000000: 33c0 XOR AX, AX0 x00000002: 8ed0 MOV SS, AX0 x00000004: bc007c MOV SP, 0 x7c00 ; 当前栈区在0 x7c000 x0000000

3、7: fb STI0 x00000008: 50 PUSH AX0 x00000009: 07 POP ES0 x0000000a: 50 PUSH AX0 x0000000b: 1f POP DS0 x0000000c: fc CLD0 x0000000d: be1b7c MOV SI, 0 x7c1b0 x00000010: bf1b06 MOV DI, 0 x61b0 x00000013: 50 PUSH AX0 x00000014: 57 PUSH DI0 x00000015: b9e501 MOV CX, 0 x1e5 ; 区块初始化0 x00000018: f3a4 REP MOV

4、SB ; 复制引导扇区内容到DI所在位置0 x0000001a: cb RETF ; 远返回指令，相当于跳转到0:DI0 x0000001b: bdbe07 MOV BP, 0 x7be ; 栈底 7be 即指向DPT表0 x0000001e: b104 MOV CL, 0 x40 x00000020: 386e00 CMP BP+0 x0, CH ; 对介质类型判断0 x00000023: 7c09 JL 0 x2e0 x00000025: 7513 JNZ 0 x3a0 x00000027: 83c510 ADD BP, 0 x10 ; 继续判断下一个分区表0 x0000002a: e2f

5、4 LOOP 0 x200 x0000002c: cd18 INT 0 x180 x0000002e: 8bf5 MOV SI, BP0 x00000030: 83c610 ADD SI, 0 x100 x00000033: 49 DEC CX0 x00000034: 7419 JZ 0 x4f0 x00000036: 382c CMP SI, CH0 x00000038: 74f6 JZ 0 x300 x0000003a: a0b507 MOV AL, 0 x7b50 x0000003d: b407 MOV AH, 0 x70 x0000003f: 8bf0 MOV SI, AX0 x000

6、00041: ac LODSB0 x00000042: 3c00 CMP AL, 0 x00 x00000044: 74fc JZ 0 x420 x00000046: bb0700 MOV BX, 0 x70 x00000049: b40e MOV AH, 0 xe0 x0000004b: cd10 INT 0 x100 x0000004d: ebf2 JMP 0 x410 x0000004f: 884e10 MOV BP+0 x10, CL0 x00000052: e84600 CALL 0 x9b0 x00000055: 732a JAE 0 x810 x00000057: fe4610

7、INC BYTE BP+0 x100 x0000005a: 807e040b CMP BYTE BP+0 x4, 0 xb0 x0000005e: 740b JZ 0 x6b0 x00000060: 807e040c CMP BYTE BP+0 x4, 0 xc0 x00000064: 7405 JZ 0 x6b0 x00000066: a0b607 MOV AL, 0 x7b60 x00000069: 75d2 JNZ 0 x3d0 x0000006b: 80460206 ADD BYTE BP+0 x2, 0 x60 x0000006f: 83460806 ADD WORD BP+0 x8

8、, 0 x60 x00000073: 83560a00 ADC WORD BP+0 xa, 0 x00 x00000077: e82100 CALL 0 x9b0 x0000007a: 7305 JAE 0 x810 x0000007c: a0b607 MOV AL, 0 x7b60 x0000007f: ebbc JMP 0 x3d0 x00000081: 813efe7d55aa CMP WORD 0 x7dfe, 0 xaa55 ; 检测signature0 x00000087: 740b JZ 0 x940 x00000089: 807e1000 CMP BYTE BP+0 x10,

9、0 x0 0 x0000008d: 74c8 JZ 0 x57 ; if(支持 API位图) 0 x0000008f: a0b707 MOV AL, 0 x7b7 0 x00000092: eba9 JMP 0 x3d0 x00000094: 8bfc MOV DI, SP0 x00000096: 1e PUSH DS0 x00000097: 57 PUSH DI0 x00000098: 8bf5 MOV SI, BP0 x0000009a: cb RETF0 x0000009b: bf0500 MOV DI, 0 x50 x0000009e: 8a5600 MOV DL, BP+0 x00

10、x000000a1: b408 MOV AH, 0 x80 x000000a3: cd13 INT 0 x130 x000000a5: 7223 JB 0 xca0 x000000a7: 8ac1 MOV AL, CL0 x000000a9: 243f AND AL, 0 x3f0 x000000ab: 98 CBW0 x000000ac: 8ade MOV BL, DH0 x000000ae: 8afc MOV BH, AH0 x000000b0: 43 INC BX0 x000000b1: f7e3 MUL BX0 x000000b3: 8bd1 MOV DX, CX0 x000000b5

11、: 86d6 XCHG DH, DL0 x000000b7: b106 MOV CL, 0 x60 x000000b9: d2ee SHR DH, CL0 x000000bb: 42 INC DX0 x000000bc: f7e2 MUL DX0 x000000be: 39560a CMP BP+0 xa, DX0 x000000c1: 7723 JA 0 xe60 x000000c3: 7205 JB 0 xca0 x000000c5: 394608 CMP BP+0 x8, AX0 x000000c8: 731c JAE 0 xe60 x000000ca: b80102 MOV AX, 0

12、 x2010 x000000cd: bb007c MOV BX, 0 x7c000 x000000d0: 8b4e02 MOV CX, BP+0 x20 x000000d3: 8b5600 MOV DX, BP+0 x00 x000000d6: cd13 INT 0 x130 x000000d8: 7351 JAE 0 x12b0 x000000da: 4f DEC DI0 x000000db: 744e JZ 0 x12b0 x000000dd: 32e4 XOR AH, AH0 x000000df: 8a5600 MOV DL, BP+0 x00 x000000e2: cd13 INT 0

13、 x130 x000000e4: ebe4 JMP 0 xca0 x000000e6: 8a5600 MOV DL, BP+0 x00 x000000e9: 60 PUSHA0 x000000ea: bbaa55 MOV BX, 0 x55aa0 x000000ed: b441 MOV AH, 0 x410 x000000ef: cd13 INT 0 x13 0 x000000f1: 7236 JB 0 x1290 x000000f3: 81fb55aa CMP BX, 0 xaa55 0 x000000f7: 7530 JNZ 0 x1290 x000000f9: f6c101 TEST C

14、L, 0 x1 0 x000000fc: 742b JZ 0 x1290 x000000fe: 61 POPA0 x000000ff: 60 PUSHA ; 寄存器保护0 x00000100: 6a00 PUSH 0 x0 ; BlockNum_H40 x00000102: 6a00 PUSH 0 x00 x00000104: ff760a PUSH WORD BP+0 xa0 x00000107: ff7608 PUSH WORD BP+0 x8 ; BlockNum_L40 x0000010a: 6a00 PUSH 0 x0 ; BufferAddr_H20 x0000010c: 6800

15、7c PUSH WORD 0 x7c00 ; BufferAddr_L20 x0000010f: 6a01 PUSH 0 x1 ; BlockCount=10 x00000111: 6a10 PUSH 0 x10 ; PacketSize=16 PReserved=00 x00000113: b442 MOV AH, 0 x42 ; 磁盘地址数据包0 x00000115: 8bf4 MOV SI, SP0 x00000117: cd13 INT 0 x13 ; 扩展读0 x00000119: 61 POPA0 x0000011a: 61 POPA0 x0000011b: 730e JAE 0

16、x12b0 x0000011d: 4f DEC DI0 x0000011e: 740b JZ 0 x12b0 x00000120: 32e4 XOR AH, AH0 x00000122: 8a5600 MOV DL, BP+0 x00 x00000125: cd13 INT 0 x130 x00000127: ebd6 JMP 0 xff0 x00000129: 61 POPA0 x0000012a: f9 STC0 x0000012b: c3 RET真正进入操作系统的引导活动分区的第一个扇区 PBR结构PBRPartition Boot Record,分区引导记录。DBR主要由下列几个部分组

17、成：1跳转指令，占用3个字节的跳转指令将跳转至引导代码。2厂商标识和DOS版本号，该部分总共占用8个字节。3BPB（BIOS Parameter Block， BIOS 参数块）。4操作系统引导程序。5结束标志字，结束标志占用2个字节，其值为AA55FAT16分区DBR中的信息typedef struct PBRUINT16 BPB_BytsPerSec; /一个扇区多少字节UINT8 BPB_SecPerClus; /一个簇多少扇区UINT16 BPB_RsvdSecCnt; /保留扇区数UINT8 BPB_NumFATs; /FAT表个数UINT16 BPB_RootEntCnt; /根目

18、录多少项UINT16 BPB_TotSec16;UINT8 BPB_Media;UINT16 BPB_FATSz16; /一个分区表多少扇区UINT16 BPB_SecPerTrk;UINT16 BPB_NumHeads;UINT32 BPB_HiddSec;UINT32 BPB_TotSec32;UINT8 BS_drvNum;UINT8 BS_Reserved1;UINT8 BS_BootSig;UINT8 BS_VolId4;UINT8 BS_VolLab11;UINT8 BS_FileSysType8;/分区类型UINT8 BootCode448; /引导代码UINT16 Signat

19、ure;引导代码BootCodeBootMgr引导操作系统内核启动BootMgrWinload.exeNtoskrnl.exe PBR - bootmgr -bootBCD(注册表文件，如果是多系统则会提供引导界面)-winload.exe-ntoskrnl.exehttps:/ 要做一个U盘启动盘，我需要5个东西: 1. 一个U盘 (金士顿) 2.一个MBR制作工具 (diskgenius) 3.一个分区工具 (diskgenius) 4.一个PBR制作工具(bootice) 5.一个WINPE系统代码所能做的写入MBR引导Code，引导方式不同，引导代码不同，一般都是硬编码。CONST b

20、yte MBRCodeHDDPlus=0 xfa,0 x31,0 xc0,0 x8e,0 xd8,0 x8e,0 xc0,0 x8e,0 xd0,0 xbc,0 x00,0 x7c,0 xfb,0 xfc,0 x89,0 xe6,0 xbf,0 x00,0 x06,0 xb9,0 x00,0 x01,0 xf3,0 xa5,0 xea,0 xdc,0 x06,0 x00,0 x00,0 x10,0 x00,0 x01,0 x00,0 x00,0 x7c,0 x00,0 x00,0 x00,0 x00,0 x00,0 x00,0 x00,0 x00,0 x00,0 x00,0 x80,0 x3f

21、,0 x00,0 xff,0 x00,0 x41,0 x00,0 x1e,0 x0e,0 x1f,0 x3a,0 x16,0 x10,0 x00,0 x74,0 x06,0 x1f,0 xea,0 x36,0 xe7,0 x00,0 xf0,0 x3d,0 xfb,0 x54,0 x75,0 x05,0 x8c,0 xd8,0 xfb,0 xeb,0 x1d,0 x80,0 xfc,0 x08,0 x75,0 x1b,0 xe8,0 x81,0 x00,0 x8a,0 x36,0 x13,0 x00,0 xfe,0 xce,0 x8b,0 x0e,0 x15,0 x00,0 x86,0 xcd

22、,0 xc0,0 xe1,0 x06,0 x0a,0 x0e,0 x11,0 x00,0 x31,0 xc0,0 xf8,0 xeb,0 x65,0 x80,0 xfc,0 x02,0 x72,0 xcb,0 x80,0 xfc,0 x04,0 x77,0 xc6,0 x60,0 x80,0 xcc,0 x40,0 x50,0 xbe,0 x00,0 x00,0 xc7,0 x04,0 x10,0 x00,0 x30,0 xe4,0 x89,0 x44,0 x02,0 x89,0 x5c,0 x04,0 x8c,0 x44,0 x06,0 x66,0 x31,0 xc0,0 x66,0 x89

23、,0 x44,0 x0c,0 x88,0 xf0,0 xf6,0 x26,0 x11,0 x00,0 x88,0 xcf,0 x88,0 xeb,0 xc0,0 xef,0 x06,0 x81,0 xe1,0 x3f,0 x00,0 x01,0 xc8,0 x48,0 x89,0 xc7,0 xa1,0 x13,0 x00,0 xf7,0 x26,0 x11,0 x00,0 xf7,0 xe3,0 x01,0 xf8,0 x81,0 xd2,0 x00,0 x00,0 x89,0 x44,0 x08,0 x89,0 x54,0 x0a,0 x58,0 x30,0 xc0,0 x8a,0 x16

24、,0 x10,0 x00,0 xe8,0 x0c,0 x00,0 x88,0 x26,0 x03,0 x00,0 x61,0 xa1,0 x02,0 x00,0 x1f,0 xca,0 x02,0 x00,0 x9c,0 xff,0 x1e,0 x22,0 x00,0 xc3,0 x80,0 xfa,0 x8f,0 x7f,0 x04,0 x88,0 x16,0 x2d,0 x06,0 xbe,0 x87,0 x07,0 xe8,0 x8d,0 x00,0 xbe,0 xbe,0 x07,0 x31,0 xc0,0 xb9,0 x04,0 x00,0 xf6,0 x04,0 x80,0 x74

25、,0 x03,0 x40,0 x89,0 xf5,0 x81,0 xc6,0 x10,0 x00,0 xe2,0 xf2,0 x48,0 x74,0 x02,0 xcd,0 x18,0 xbf,0 x05,0 x00,0 xbe,0 x1d,0 x06,0 xc7,0 x44,0 x02,0 x01,0 x00,0 x66,0 x8b,0 x46,0 x08,0 x66,0 x89,0 x44,0 x08,0 xb8,0 x00,0 x42,0 x8a,0 x16,0 x2d,0 x06,0 xcd,0 x13,0 x73,0 x0d,0 x4f,0 x74,0 x49,0 x30,0 xe4

26、,0 x8a,0 x16,0 x2d,0 x06,0 xcd,0 x13,0 xeb,0 xd8,0 xa1,0 xfe,0 x7d,0 x3d,0 x55,0 xaa,0 x75,0 x37,0 xfa,0 x66,0 xa1,0 x4c,0 x00,0 x66,0 xa3,0 x3f,0 x06,0 xbe,0 x13,0 x04,0 x8b,0 x04,0 x48,0 x89,0 x04,0 xc1,0 xe0,0 x06,0 x8e,0 xc0,0 x31,0 xff,0 xbe,0 x1d,0 x06,0 xb9,0 x60,0 x00,0 xfc,0 xf3,0 xa5,0 xc7

27、,0 x06,0 x4c,0 x00,0 x17,0 x00,0 xa3,0 x4e,0 x00,0 xfb,0 x8a,0 x16,0 x2d,0 x06,0 x89,0 xee,0 xfa,0 xea,0 x00,0 x7c,0 x00,0 x00,0 xbe,0 xaa,0 x07,0 xe8,0 x02,0 x00,0 xeb,0 xfe,0 xac,0 x20,0 xc0,0 x74,0 x09,0 xb4,0 x0e,0 xbb,0 x07,0 x00,0 xcd,0 x10,0 xeb,0 xf2,0 xc3,0 x53,0 x74,0 x61,0 x72,0 x74,0 x20

28、,0 x62,0 x6f,0 x6f,0 x74,0 x69,0 x6e,0 x67,0 x20,0 x66,0 x72,0 x6f,0 x6d,0 x20,0 x55,0 x53,0 x42,0 x20,0 x64,0 x65,0 x76,0 x69,0 x63,0 x65,0 x2e,0 x2e,0 x2e,0 x0d,0 x0a,0 x00,0 x42,0 x6f,0 x6f,0 x74,0 x20,0 x66,0 x61,0 x69,0 x6c,0 x65,0 x64,0 x00,0 x00,0 x00;打开驱动器写入MBRCString drive;drive.Format(_T(.PhysicalDrive%d),diskNum);HANDLE hDisk = CreateFile(drive,GENERIC_READ|GENERIC_WRITE,FILE_SHARE_READ|FILE_SHARE_WRITE,NUL