| Legal Information |
|
The Master Boot Record, created when you create the first partition on the hard disk, is probably the most important data structure on the disk. It is the first sector on every disk. The location is always track (cylinder) 0, side (head) 0, and sector 1.
The Master Boot Record contains the Partition Table for the disk and a small amount of executable code. On x86-based computers, the executable code examines the Partition Table, and identifies the system partition.
The Master Boot Record then finds the system partition's starting location on the disk, and loads an copy of its Partition Boot Sector into memory. The Master Boot Record then transfers execution to executable code in the Partition Boot Sector.
There are a number of tools to scan, rewrite, backup and restore the MBR.
It contains the initial loader and information about partition tables on a hard disk. The DOS Boot Record (DBR) is usually located a few sectors (62 sectors after on a hard disk with 63 sectors per track) after MBR.
The DBR contains the initial loader for an operating system and logical drive information. The Floppy Diskette Boot Record (FBR) is used for the same purposes as DBR on a hard drive, but it is located on the first track of a diskette.
Note: Although there is a Master Boot Record on every hard disk, the executable code in the sector is used only if the disk is connected to an x86-based computer and the disk contains the system partition.
The example below shows a hex dump of the sector containing the Master Boot Record. The figure shows the sector in two parts:
Physical Sector:Cyl 0,Side 0,Sector 1
| 00000000:00 33 C0 8E D0 BC 00 7C -8B F4 50 07 50 1F FB FC | .3.....|..P.P.. | ||
| 00000010:BF 00 06 B9 00 01 F2 A5 -EA 1D 06 00 00 BE BE 07 | ................ | ||
| 00000020:B3 04 80 3C 80 74 0E 80 -3C 00 75 1C 83 C6 10 FE | ...<.t..<.u..... | ||
| 00000030:CB 75 EF CD 18 8B 14 8B -4C 02 8B EE 83 C6 10 FE | .u......L....... | ||
| 00000040:CB 74 1A 80 3C 00 74 F4 -BE 8B 06 AC 3C 00 74 0B | .t..<.t.....<.t. | ||
| 00000050:56 BB 07 00 B4 0E CD 10 -5E EB F0 EB FE BF 05 00 | V.......^....... | ||
| 00000060:BB 00 7C B8 01 02 57 CD -13 5F 73 0C 33 C0 CD 13 | ..|...W.._s.3... | ||
| 00000070:4F 75 ED BE A3 06 EB D3 -BE C2 06 BF FE 7D 81 3D | Ou...........}.= | ||
| 00000080:55 AA 75 C7 8B F5 EA 00 -7C 00 00 49 6E 76 61 6C | U.u.....|..Inval | ||
| 00000090:69 64 20 70 61 72 74 69 -74 69 6F 6E 20 74 61 62 | id partition tab | ||
| 000000A0:6C 65 00 45 72 72 6F 72 -20 6C 6F 61 64 69 6E 67 | le.Error loading | ||
| 000000B0:20 6F 70 65 72 61 74 69 -6E 67 20 73 79 73 74 65 | operating syste | ||
| 000000C0:6D 00 4D 69 73 73 69 6E -67 20 6F 70 65 72 61 74 | m.Missing operat | ||
| 000000D0:69 6E 67 20 73 79 73 74 -65 6D 00 00 80 45 14 15 | ing system...E.. | ||
| 000000E0:00 00 00 00 00 00 00 00 -00 00 00 00 00 00 00 00 | ................ | ||
| 000000F0:00 00 00 00 00 00 00 00 -00 00 00 00 00 00 00 00 | ................ | ||
| 00000100:00 00 00 00 00 00 00 00 -00 00 00 00 00 00 00 00 | ................ | ||
| 00000110:00 00 00 00 00 00 00 00 -00 00 00 00 00 00 00 00 | ................ | ||
| 00000120:00 00 00 00 00 00 00 00 -00 00 00 00 00 00 00 00 | ................ | ||
| 00000130:00 00 00 00 00 00 00 00 -00 00 00 00 00 00 00 00 | ................ | ||
| 00000140:00 00 00 00 00 00 00 00 -00 00 00 00 00 00 00 00 | ................ | ||
| 00000150:00 00 00 00 00 00 00 00 -00 00 00 00 00 00 00 00 | ................ | ||
| 00000160:00 00 00 00 00 00 00 00 -00 00 00 00 00 00 00 00 | ................ | ||
| 00000170:00 00 00 00 00 00 00 00 -00 00 00 00 00 00 00 00 | ................ | ||
| 00000180:00 00 00 00 00 00 00 00 -00 00 00 00 00 00 00 00 | ................ | ||
| 00000190:00 00 00 00 00 00 00 00 -00 00 00 00 00 00 00 00 | ................ | ||
| 000001A0:00 00 00 00 00 00 00 00 -00 00 00 00 00 00 00 00 | ................
| 000001B0:00 00 00 00 00 00 00 00 -FD 4E F2 14 00 00 80 01 | .........N...... |
| 000001C0:01 00 06 0F 7F 96 3F 00 -00 00 51 42 06 00 00 00 | .....?...QB.... | ||
| 000001D0:41 97 07 0F FF 2C 90 42 -06 00 A0 3E 06 00 00 00 | A....,.B...>.... | ||
| 000001E0:C1 2D 05 0F FF 92 30 81 -0C 00 A0 91 01 00 00 00 | .-....0......... | ||
| 000001F0:C1 93 01 0F FF A6 D0 12 -0E 00 C0 4E 00 00 55 AA | ...........N..U. |
Viruses Can Infect the Master Boot Record . Many destructive viruses damage the Master Boot Record and make it impossible to start the computer from the hard disk. Because the code in the Master Boot Record executes before any operating system is started, no operating system can detect or recover from corruption of the Master Boot Record.
You can use, for example, the Disk Probe program on Windows NT Workstation Resource Kit CD to display the Master Boot Record, and compare it to the Master Boot Record shown above. There are also utilities on the Microsoft Windows Resource Kits that enable you to save and restore the Master Boot Record.
The type of virus infects Master Boot Record (MBR) or DOS Boot Record (DBR) of a hard drive and Floppy Boot Record (FBR) is often referred to as a BOO Infector. A boot virus can be overwriting and relocating. An overwriting boot virus overwrites MBR, DBR or FBR sector with its code preserving partition table information or logical drive information respectively.
Relocating boot viruses save the original MBR, DBR or FBR somewhere on a hard or floppy drive. Sometimes such action can destroy certain areas of a hard or floppy drive and make a disk unreadable.
All boot viruses are memory-resident. When a computer is started, boot virus code is loaded in memory. A virus traps one of BIOS functions (usually disk interrupt vector Int 13h) and stays resident in memory. A virus then monitors disk access and writes its code to boot sectors of media that is used on an infected computer. For example a boot virus started from a diskette infects a hard drive. Then a virus will infect all diskettes that are inserted in to the infected computer's floppy drive.
Boot viruses are quite rate nowadays, besides most of computer motherboards have protection against boot viruses - access to MBR is denied without user permission.
| Search Knowledge Base | Feedback |