Thursday, December 10, 2015

How to Find Assembly Code for Master Boot Record (MBR)

For IBM-compatible PCs, MBR is the first set of instructions during the boot process. In order to view the assembly code stored in MBR, one can do the following:

First, find out the file system by
$ df -h

This provides the name of the hard disk, either hda1 or sda1. The MBR is located in the very first sector of the hard disk (or solid state drive) so we will remove the number (which indicates the partition) in the following command.
$ sudo dd if=/dev/sda of=MBR.bin bs=512 count=1

This will create a raw file MBR.bin on the current directory which is the exact copy of the MBR of the computer.

Now, to examine this file, we use objdump
$ objdump -D -b binary -m i8086 MBR.bin


If you want intel syntax, add -M intel option
$ objdump -D -b binary -m i8086 -M intel MBR.bin


Note that the last two bytes should be 0x55 and 0xAA, which make up the boot signature that tells BIOS that this disk is bootable.

No comments:

Post a Comment