There is a little more you can do.
For example, the jump instruction at the first of the BPB can be a short jump (0xEB) or a near jump (0xE9). If a short jump, you can't assume the value of the second byte, the offset byte, other than it will be at least the size of the BPB. You can, however, assume that the third byte will be a NOP (0x90), at least it should be. For a near jump, you can check that the offset (the 16-bit value at the byte after the 0xE9) is less than 0x1FE. If the jump is further than this, it would jump pass the end of the loaded code.
You can check:
1) bytes per sector is a power of two greater than or equal to 128 and less than or equal to 4096.
2) the sectors per cluster is one (1) or a power of two less than or equal to 128.
3) sectors reserved must be at least one (1).
4) number of fats is at least one (1).
5) check the two size fields. They must be equal and non-zero *or* one must be zero and the other non-zero.
6) you can check the media descriptor to be a known valid value.
That is just for FAT 12 and FAT 16 formats. The FAT 32 is a little different. However, you must determine the FAT size as well:
1) If the cluster count is less than 4085, it must be a FAT 12.
2) If the cluster count is at least 4085 and less than 65525, it must be a FAT 16.
3) If the cluster count is 65525 or greater than, it must be a FAT 32.
I admit, I have created FAT 32 volumes with a cluster count less than 65526 just to save image space (keep from requiring a large image file) and most operating systems seem to accept it and use it as is. However, to be FAT Specification compliant, you must follow the three rules above.
Ben
-
http://www.fysnet.net/osdesign_book_series.htm