Home made MBR doesn't load windows

[Dren]

I wrote an MBR bootloader with nasm that support multi boot, it loads correctly linux (syslinux), reactos, kolibrios, etc
But when I select windows (I tried only with windows 7 for now), Windows Boot Manager shows an error message saying like this photo:

I found this topic where another user found the same problem (last 4 posts) http://forum.osdev.org/viewtopic.php?t=28147 but no solution were found..
Just before jumping to vbr code loaded at 0x7c00 i set DL to 0x80 and SI to the start of partition table it is booting, are there other registers to set to boot correctly windows 7 vbr?
Anyone can help me?

[madanra]

Could you post your code?

[Combuster]

Did you include the corresponding segment register?

[Dren]

Could you post your code?

Here is my code, i wrote assembly x86 only from 1 month, so i'am sorry if the code is not perfect or if i do some stupid operation

Code: Select all

[BITS 16]
[ORG 0x600]

;XOR AX,AX
;MOV DS,AX

; ----- copy mbr -----

XOR AX,AX
MOV DS,AX
MOV SS,AX
MOV ES,AX
MOV SP,0x7C00			;indirizzo sorgente copia
MOV SI,SP
MOV DI,0x600			;indirizzo destinazione copia
MOV CX,0x100			;numero di volte da ripetere movsw
CLD
REP					;ripete l'istruzione successiva
MOVSW					;sposta 2 byte alla volta da 0x7C00 a 0x600
PUSH AX
PUSH 0x61B				;mette nello stack l'indirizzo della prossima
RETF					;istruzione nella nuova area di memoria
; ----- copy mbr end -----

; --- main ---

MOV SI, WelcomeS		;titolo mbr
CALL PrintS

Control:				;ciclo di controllo
MOV SI, [Padd]
CMP BYTE [SI],0x80		;controlla se il primo byte della tabella delle part e' 0x80
JE ShowBP				;se vero salta a ShowBP

Control2:
CMP BYTE [Pnum],0x4	;controlla se Pnum e' 0x4
JE Control3				;se vero salta a ContS2
INC BYTE [Pnum] 		;incrementa Pnum
ADD WORD [Padd], 0x10	;aggiunge 16 a Padd
ADD WORD [VBRadd], 0x200
JMP Control				;riavvia il ciclo di controllo

Control3:
CMP BYTE [CountP],0x00
JNE SelectP
INT 0x18

ShowBP: 				;stampa il numero corrispondente alla partizione avviabile
INC BYTE [CountP]
MOV AL,[Pnum]			;mette il contenuto di Pnum in AL
ADD BYTE AL,0x30
CALL PrintCh			;stampa il carattere a video
MOV AL,0x20				;stampa spazio
CALL PrintCh
;----
MOV BP,[Padd]
PUSH 0x00000000
PUSH DWORD [BP+0x08]
PUSH 0x0000
PUSH WORD [VBRadd]
PUSH 0x0001
PUSH 0x0010
MOV AH,0x42
MOV DL,[BP+0x00]
MOV SI,SP
INT 0x13
;----
;****
XOR DL,DL
MOV BP,[VBRadd]
ADD BP,0x3
ShowBP2:
MOV AL,[BP]
CALL PrintCh
INC BP
INC DL
CMP DL,0x08
JNE ShowBP2
MOV AL,0xD	
CALL PrintCh
MOV AL,0xA	
CALL PrintCh
;****
JMP Control2			;prosegue la funzione principale di controllo

SelectP:				;input partizione da avviare
MOV SI, InstrS			;stampa Select volume
CALL PrintS
SelectP2:				;controlla il tasto premuto
XOR AH,AH				;azzera AH (per int 16h)
INT 0x16				;attende input da tastiera
MOV AH,AL				;copia l'ascii in AH
SUB AH,0x30			;sottrae dall'ascii 0x30 per trasformarlo in numero
CMP AH, 0x4			;controlla se e' maggiore di 4
JG SelectP2
CMP AH, 0x1			;controlla se e' minore di 1
JL SelectP2
MOV WORD SI,0x7BE
;****
DEC AH
;MOV [Pnum],AH
MOV DL, AH
IMUL CX, DX, 0x10
ADD SI,CX
;****
CMP BYTE [SI],0x80		;controlla che sia avviabile
JNE SelectP2			;se no torna all'input
MOV WORD [Padd],SI ;---- win?----
CALL PrintCh			;se si stampa il numero premuto
JMP LoadVBS			;e passa al bootstrap

LoadVBS:				;load volume boot sector selected
MOV SI, LoadS
CALL PrintS
IMUL CX, DX, 0x200
MOV SP,0x800
ADD SP,CX 				;indirizzo sorgente copia
MOV SI,SP
MOV DI,0x7C00			;indirizzo destinazione copia
MOV CX,0x100			;numero di volte da ripetere movsw
CLD
REP					;ripete l'istruzione successiva
MOVSW					;sposta 2 byte alla volta da 0x7C00 a 0x600
XOR AX,AX
MOV CX,AX
MOV DX,AX
MOV DL,0x80
PUSH AX
PUSH 0x7C00 			;mette nello stack l'indirizzo della prossima
RETF					;istruzione nella nuova area di memoria

; --- main --- end

;--- stampa una stringa a video
PrintS:
nxtCh:			;ciclo caratteri
MOV AL, [SI]	;sposta il contenuto dell'indirizzo di si in al
OR AL, AL		;conrolla se al e' azzerato
JZ exitF		;se vero (zero) esce
CALL PrintCh	;altrimenti richiama la stampa a video del carattere
INC SI			;incrementa il puntatore ai caratteri della stringa
JMP nxtCh		;riavvia il ciclo di stampa
exitF:
RET

;--- stampa un carattere a video ---
PrintCh:
MOV AH, 0x0E	;imposta i parametri per la stampa a video
XOR BH, BH
MOV BL, 0x07
INT 0x10		;stampa a video il contenuto di al
RET

CountP DB 0x00
Pnum DB 0x1
Padd DW 0x7BE	;org 600 --> 7BE, org 7C00 --> 7DBE
VBRadd DW 0x800
WelcomeS DB 'OrangeSec MBR',13,10,0
InstrS DB 13,10,'Select volume: ',0
LoadS DB 13,10,'Loading...',0

Did you include the corresponding segment register?

Do you mean the start of the partition table it is booting?

Just tried with windows xp and it boots correctly, I think there are problem only with windows vista and 7

[Brendan]

Hi,

When the MBR passes control to the partition's boot loader, DS:SI is supposed to point to (a copy of) the partition's entry in the partition table; so that the boot loader knows which partition it's supposed to use.

The code you posted doesn't do that; so Windows doesn't know which partition it's supposed to be booting.


Cheers,

Brendan

[Dren]

So for example if i copy the mbr to 0000:0600 in ram, and the windows partition is the first in partition table, the address id DS:SI should be 0000:07BE? (600h + 1BEh)

Thank you!!

(edit)

I modified LoadVBS routine so:

Code: Select all

LoadVBS:				;load volume boot sector selected
MOV SI, LoadS
CALL PrintS
IMUL CX, DX, 0x200
MOV SP,0x800
ADD SP,CX 			;calcolo indirizzo sorgente copia
MOV SI,SP 			;indirizzo sorgente copia
MOV DI,0x7C00			;indirizzo destinazione copia
MOV CX,0x100			;numero di volte da ripetere movsw
CLD
REP					;ripete l'istruzione successiva
MOVSW					;sposta 2 byte alla volta da 0x7C00 a 0x600
XOR AX,AX
MOV DS,AX
MOV DX,AX
MOV DL,0x80
MOV SI, [Padd]
;MOV SI,0x7BE
PUSH AX
PUSH 0x7C00 			;mette nello stack l'indirizzo della prossima
RETF					;istruzione nella nuova area di memoria

But nothing change
I also tried to set 0x7BE in SI and the black windows screen still appears..

[Antti]

Code: Select all

PUSH AX                 ; 1 byte
PUSH 0x7C00             ; 3 bytes
RETF                    ; 1 byte

As a general note, I think this is not a good practice. I would simply use:

Code: Select all

JMP 0x0000:0x7C00       ; 5 bytes

[Brendan]

Hi,

So for example if i copy the mbr to 0000:0600 in ram, and the windows partition is the first in partition table, the address id DS:SI should be 0000:07BE? (600h + 1BEh)

That sounds right to me.

But nothing change
I also tried to set 0x7BE in SI and the black windows screen still appears..

Maybe you set the stack to 0x0000:0x0800 and called a BIOS function (or an IRQ occurred, or the boot loader used a BIOS function) so the stack grew down and wiped out the data that was at 0x0000:0x07BE.


Cheers,

Brendan

[Dren]

So where do I have to set the stack to? (Example?)

Is it correct the way I set DS:SI?

[Roman]

So where do I have to set the stack to? (Example?)

Here you can get information about usable memory for stack. Also, don't forget, that the stack grows downwards.

[Dren]

Just tried setting SP to 0x5000 (far from 0x600) and 0x600 (decreasing shouldn't overwrite 0x7BE)
In both case windows doesn't boot

[Brendan]

Hi,

Just tried setting SP to 0x5000 (far from 0x600) and 0x600 (decreasing shouldn't overwrite 0x7BE)
In both case windows doesn't boot

Try something simpler, like MS-DOS (or FreeDOS). It's at least potentially possible than Microsoft have done something stupid (again).


Cheers,

Brendan

[Marionumber1]

Hi,

When the MBR passes control to the partition's boot loader, DS:SI is supposed to point to (a copy of) the partition's entry in the partition table; so that the boot loader knows which partition it's supposed to use.

The code you posted doesn't do that; so Windows doesn't know which partition it's supposed to be booting.


Cheers,

Brendan

According to http://en.m.wikipedia.org/wiki/Master_boot_record, the Windows MBR passes this information in DS:BP, not DS:SI.

[Dren]

Try something simpler, like MS-DOS (or FreeDOS). It's at least potentially possible than Microsoft have done something stupid (again).

Windows XP boots correctly, i think this is only a problem of vista, 7 and probably 8

According to http://en.m.wikipedia.org/wiki/Master_boot_record, the Windows MBR passes this information in DS:BP, not DS:SI.

Just tried to set the start of booting partition table (0x7BE) in BP and SI, nothing change

[Brendan]

Hi,

It's at least potentially possible than Microsoft have done something stupid (again).

According to http://en.m.wikipedia.org/wiki/Master_boot_record, the Windows MBR passes this information in DS:BP, not DS:SI.

You're right. I took a look at the Windows 7 MBR and it doesn't use DS:SI (but does use DS:BP, possibly by accident, but possibly because incompetence takes practice ).

There's also a pile of TPM stuff in there, because it's nice when changing the computer's MBR causes everything encrypted by one of the installed OSs to become unusable(!).


Cheers,

Brendan