Master Boot Record

I read an interesting article entitled “Writing Boot Sector Code” by Susam Pal. He has a whole set of articles that describe what happens when a computer boots up. The article I read concentrated on how to write boot sector software which automatically gets executed when a PC boots up. This can allow you to take over a computer from the start.

Susam said that PCs start executing code at location 0xFFFF0 at start up. This is a memory location in the BIOS ROM. The boot sector is the first sector of data storage. The first byte of this sector is actually executable code. Deeper into the sector is information on the disk itself, such as the partition information. Susam recommended you first verify your code before putting it into the boot sector. You can do this safely by running an emulator such as DOSEMU or DOSBox.

I found this topic so interesting that I did some more research on the boot sector and how a PC starts up. I consulted sources such as Wikipedia, About.com, Microsoft, PC Guide, and Ars Technica. Here I will share some of my findings. This is a ripe topic for much further research. The great thing is that you only need a PC to start tinkering with it.

The boot sector is for booting programs. Usually you will boot an operating system. The BIOS first selects a device (such as a hard disk) for booting. It then copies the first sector on the disk to memory location 0x7C00. Viruses sometimes replace this code with malware for evil purposes.

All disks are divided into sectors. The very first one is the boot sector. The first section contains the Master Boot Record (MBR). The MBR has information about the partitions on the disk. The MBR has code which loads file “io.sys” for MS DOS. Windows XP has a built in recovery console. One utility in the recovery console is Fixboot, which can correct partition problems on the boot sector.

Know that we are talking about machines with the 80x86 architecture here. PCs first conduct a power on self test (POST). Then they figure out which device to boot from. Sector one is loaded from disk to memory. The PC then begins executing instructions at that location. Normally the first 3 bytes of the boot sector do a jump to another memory location. That is because the next 8 bytes are data and not code in the boot sector.

The Master Boot Record used to be a target of malicious code in the old days. Antivirus software now detects and prevents this. Windows Vista has built-in safeguards to prevent malware from messing with the MBR. However some companies that track viruses say that MBR attacks are on the rise.