DOS Partition tables exist in the MBR, the special part of disk which is located in the first sector of disk drive. You can also find DOS Partition tables in the first sector of the each extended partition.
Type values for DOS partitions
| Type | Description |
|---|---|
| 0x00 | Empty |
| 0x01 | FAT12, CHS |
| 0x04 | FAT16, 16 MB – 32 MB, CHS |
| 0x05 | Microsoft Extended, CHS |
| 0x06 | FAT16, 32 MB – 2 GB, CHS |
| 0x07 | NTFS |
| 0x0B | FAT32, CHS |
| 0x0C | FAT32, LBA |
| 0x0E | FAT16, 32 MB – 2 GB, LBA |
| 0x0F | Microsoft Extended, LBA |
| 0x11 | Hidden FAT12, CHS |
| 0x14 | Hidden FAT16, 16 MB – 32 MB, CHS |
| 0x16 | Hidden FAT16, 32 MB – 2 GB, CHS |
| 0x1B | Hidden FAT32, CHS |
| 0x1C | Hidden FAT32, LBA |
| 0x1E | Hidden FAT16, 32 MB – 2 GB, LBA |
| 0x42 | Microsoft MBR. Dynamic disk |
| 0x82 | Solaris x86 |
| 0x82 | Linux swap |
| 0x83 | Linux |
| 0x84 | Hibernation |
| 0x85 | Linux extended |
| 0x86 | NTFS Volume set |
| 0x87 | NTFS Volume set |
| 0xA0 | Hibernation |
| 0xA1 | Hibernation |
| 0xA5 | FreeBSD |
| 0xA6 | OpenBSD |
| 0xA8 | Mac OSX |
| 0xA9 | NetBSD |
| 0xAB | Mac OSX Boot |
| 0xB7 | BSDI |
| 0xB8 | BSDI swap |
| 0xEE | EFI GPT Disk |
| 0xEF | EFI System Partition |
| 0xFB | VMWare File System |
| 0xFC | VMWare swap |
| ….. | To be continued… |
MBR Tags Template for wxHexEditor
wxHexEditor is a famous Linux GUI Hex editor and disk editor. This *.xml file, being imported as tags file in wxHexEditor will find out and paint all DOS partition table data structures and DOS partition entries in different colours. This file contains all the offsets of the data structures, their descriptions, the ones which are essential are marked with (E).
<?xml version="1.0" encoding="UTF-8"?>
<wxHexEditor_XML_TAG>
<filename path="/media/root/USB DISK/mbr+part">
<TAG id="0">
<start_offset>0</start_offset>
<end_offset>445</end_offset>
<tag_text>Boot code</tag_text>
<font_colour>#000000</font_colour>
<note_colour>#7898D0</note_colour>
</TAG>
<TAG id="1">
<start_offset>446</start_offset>
<end_offset>446</end_offset>
<tag_text>Bootable flag</tag_text>
<font_colour>#E9B96E</font_colour>
<note_colour>#CC0000</note_colour>
</TAG>
<TAG id="2">
<start_offset>446</start_offset>
<end_offset>461</end_offset>
<tag_text>Partition table 1 (E)</tag_text>
<font_colour>#E9B96E</font_colour>
<note_colour>#EF2929</note_colour>
</TAG>
<TAG id="3">
<start_offset>447</start_offset>
<end_offset>449</end_offset>
<tag_text>Starting CHS Address (E)</tag_text>
<font_colour>#E9B96E</font_colour>
<note_colour>#F57900</note_colour>
</TAG>
<TAG id="4">
<start_offset>450</start_offset>
<end_offset>450</end_offset>
<tag_text>Partition type</tag_text>
<font_colour>#E9B96E</font_colour>
<note_colour>#EDD400</note_colour>
</TAG>
<TAG id="5">
<start_offset>451</start_offset>
<end_offset>453</end_offset>
<tag_text>Ending CHS Address (E)</tag_text>
<font_colour>#E9B96E</font_colour>
<note_colour>#73D216</note_colour>
</TAG>
<TAG id="6">
<start_offset>454</start_offset>
<end_offset>457</end_offset>
<tag_text>Starting LBA Address (E)</tag_text>
<font_colour>#E9B96E</font_colour>
<note_colour>#3465A4</note_colour>
</TAG>
<TAG id="7">
<start_offset>458</start_offset>
<end_offset>461</end_offset>
<tag_text>Size in Sectors (E)</tag_text>
<font_colour>#E9B96E</font_colour>
<note_colour>#AD7FA8</note_colour>
</TAG>
<TAG id="8">
<start_offset>462</start_offset>
<end_offset>477</end_offset>
<tag_text>Partition table 2</tag_text>
<font_colour>#E9B96E</font_colour>
<note_colour>#FCAF3E</note_colour>
</TAG>
<TAG id="9">
<start_offset>478</start_offset>
<end_offset>492</end_offset>
<tag_text>Partition table 3</tag_text>
<font_colour>#000000</font_colour>
<note_colour>#FCE94F</note_colour>
</TAG>
<TAG id="10">
<start_offset>493</start_offset>
<end_offset>509</end_offset>
<tag_text>Partition table 4</tag_text>
<font_colour>#000000</font_colour>
<note_colour>#8AE234</note_colour>
</TAG>
<TAG id="11">
<start_offset>510</start_offset>
<end_offset>511</end_offset>
<tag_text>Signature 0xAA55</tag_text>
<font_colour>#000000</font_colour>
<note_colour>#AD7FA8</note_colour>
</TAG>
</filename>
</wxHexEditor_XML_TAG>Boot code sample
00000000 33 c0 8e d0 bc 00 7c fb 50 07 50 1f fc be 1b 7c |3.....|.P.P....||
00000010 bf 1b 06 50 57 b9 e5 01 f3 a4 cb bd be 07 b1 04 |...PW...........|
00000020 38 6e 00 7c 09 75 13 83 c5 10 e2 f4 cd 18 8b f5 |8n.|.u..........|
00000030 83 c6 10 49 74 19 38 2c 74 f6 a0 b5 07 b4 07 8b |...It.8,t.......|
00000040 f0 ac 3c 00 74 fc bb 07 00 b4 0e cd 10 eb f2 88 |..<.t...........|
00000050 4e 10 e8 46 00 73 2a fe 46 10 80 7e 04 0b 74 0b |N..F.s*.F..~..t.|
00000060 80 7e 04 0c 74 05 a0 b6 07 75 d2 80 46 02 06 83 |.~..t....u..F...|
00000070 46 08 06 83 56 0a 00 e8 21 00 73 05 a0 b6 07 eb |F...V...!.s.....|
00000080 bc 81 3e fe 7d 55 aa 74 0b 80 7e 10 00 74 c8 a0 |..>.}U.t..~..t..|
00000090 b7 07 eb a9 8b fc 1e 57 8b f5 cb bf 05 00 8a 56 |.......W.......V|
000000a0 00 b4 08 cd 13 72 23 8a c1 24 3f 98 8a de 8a fc |.....r#..$?.....|
000000b0 43 f7 e3 8b d1 86 d6 b1 06 d2 ee 42 f7 e2 39 56 |C..........B..9V|
000000c0 0a 77 23 72 05 39 46 08 73 1c b8 01 02 bb 00 7c |.w#r.9F.s......||
000000d0 8b 4e 02 8b 56 00 cd 13 73 51 4f 74 4e 32 e4 8a |.N..V...sQOtN2..|
000000e0 56 00 cd 13 eb e4 8a 56 00 60 bb aa 55 b4 41 cd |V......V.`..U.A.|
000000f0 13 72 36 81 fb 55 aa 75 30 f6 c1 01 74 2b 61 60 |.r6..U.u0...t+a`|
00000100 6a 00 6a 00 ff 76 0a ff 76 08 6a 00 68 00 7c 6a |j.j..v..v.j.h.|j|
00000110 01 6a 10 b4 42 8b f4 cd 13 61 61 73 0e 4f 74 0b |.j..B....aas.Ot.|
00000120 32 e4 8a 56 00 cd 13 eb d6 61 f9 c3 49 6e 76 61 |2..V.....a..Inva|
00000130 6c 69 64 20 70 61 72 74 69 74 69 6f 6e 20 74 61 |lid partition ta|
00000140 62 6c 65 00 45 72 72 6f 72 20 6c 6f 61 64 69 6e |ble.Error loadin|
00000150 67 20 6f 70 65 72 61 74 69 6e 67 20 73 79 73 74 |g operating syst|
00000160 65 6d 00 4d 69 73 73 69 6e 67 20 6f 70 65 72 61 |em.Missing opera|
00000170 74 69 6e 67 20 73 79 73 74 65 6d 00 00 00 00 00 |ting system.....|
00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000001b0 00 00 00 00 00 2c 44 63 96 18 ec 79 00 00 |.....,Dc...y..|
Disassembly of boot code
Disassemble boot code sample using radare2:
~$ r2 -a x86 -b 16 -qc pd BootCode.bin
0000:0000 33c0 xor ax, ax
0000:0002 8ed0 mov ss, ax
0000:0004 bc007c mov sp, 0x7c00
0000:0007 fb sti
0000:0008 50 push ax
0000:0009 07 pop es
0000:000a 50 push ax
0000:000b 1f pop ds
0000:000c fc cld
0000:000d be1b7c mov si, 0x7c1b
0000:0010 bf1b06 mov di, 0x61b ; 1563
0000:0013 50 push ax
0000:0014 57 push di
0000:0015 b9e501 mov cx, 0x1e5 ; 485
0000:0018 f3a4 rep movsb byte es:[di], byte ptr [si]
0000:001a cb retf
0000:001b bdbe07 mov bp, 0x7be ; 1982
0000:001e b104 mov cl, 4
0000:0020 386e00 cmp byte [bp], ch
0000:0023 7c09 jl 0x2e
0000:0025 7513 jne 0x3a
0000:0027 83c510 add bp, 0x10
0000:002a e2f4 loop 0x20
0000:002c cd18 int 0x18
0000:002e 8bf5 mov si, bp
0000:0030 83c610 add si, 0x10
0000:0033 49 dec cx
0000:0034 7419 je 0x4f
0000:0036 382c cmp byte [si], ch
0000:0038 74f6 je 0x30
0000:003a a0b507 mov al, byte [0x7b5] ;[0x7b5:1]=255;1973
0000:003d b407 mov ah, 7
0000:003f 8bf0 mov si, ax
0000:0041 ac lodsb al, byte [si]
0000:0042 3c00 cmp al, 0
0000:0044 74fc je 0x42
0000:0046 bb0700 mov bx, 7
0000:0049 b40e mov ah, 0xe
0000:004b cd10 int 0x10
0000:004d ebf2 jmp 0x41
0000:004f 884e10 mov byte [bp + 0x10], cl
0000:0052 e84600 call 0x9b
0000:0055 732a jae 0x81
0000:0057 fe4610 inc byte [bp + 0x10]
0000:005a 807e040b cmp byte [bp + 4], 0xb
0000:005e 740b je 0x6b
0000:0060 807e040c cmp byte [bp + 4], 0xc
0000:0064 7405 je 0x6b
0000:0066 a0b607 mov al, byte [0x7b6] ;[0x7b6:1]=255;1974
0000:0069 75d2 jne 0x3d
0000:006b 80460206 add byte [bp + 2], 6
0000:006f 83460806 add word [bp + 8], 6
0000:0073 83560a00 adc word [bp + 0xa], 0
0000:0077 e82100 call 0x9b
0000:007a 7305 jae 0x81
0000:007c a0b607 mov al, byte [0x7b6] ;[0x7b6:1]=255;1974
0000:007f ebbc jmp 0x3d
0000:0081 813efe7d55aa cmp word [0x7dfe], 0xaa55
0000:0087 740b je 0x94
0000:0089 807e1000 cmp byte [bp + 0x10], 0
0000:008d 74c8 je 0x57
0000:008f a0b707 mov al, byte [0x7b7] ;[0x7b7:1]=255;1975
0000:0092 eba9 jmp 0x3d
0000:0094 8bfc mov di, sp
About IT blog 