China DOS Union

Can the original img processed with the old version be directly processed with the new version? Or can it only be processed if the img has not been processed?

You need to redo it with the unprocessed img, or you can replace the already done one with the standard boot sector and then do it again. Just did the program and forgot to consider the uninstall program, I will definitely add it later. I have posted a new one on Wuyou, but there is no uninstall program either.

Is the version of Wuyou different from the version here of yours?

Thanks!The two are actually the same. The original one here just didn't change MAKEIMG.

Progress on August 28
　　When I communicated with the hnlyzhd moderator of Wuyou, he put forward a suggestion: Can we boot the operating system installed in the hidden partition.
　　Now it has been realized. In the 8-second waiting period that appears when the new program starts, if you press the F7 key (I used BOCHS for debugging, which doesn't allow me to use F11, F12), it will boot from the first hidden primary partition, and this disk is assigned as C:.
　　Currently I have only tested DOS7.1, I don't know if WIN98 can be booted. But there is no need to test WIN2K and XP or LINUX, they all do not rely on BIOS to read the disk.
　　The new command line is as follows:
　　MAKEIMG Source image file name
　　　Source image file name　　Used to make a floppy disk image file with the function of displaying and hiding partitions
　　　Destination image file name　　The floppy disk image file with the function of displaying and hiding partitions to be generated, which can be omitted, and the default value is YISIR.IMG
　　Optional parameters:
　　　/f　　　　　　　The generated program directly boots from the floppy disk when the computer starts. (f is a lowercase letter)
　　　/b　　　　　　　The generated program directly activates the hidden partition and boots when the computer starts. (b is a lowercase letter, note that the DOS operating system must be installed in the hidden partition, and this function does not write the MBR)
　　When there are no /f and /b parameters, a prompt will appear and wait for 8 seconds. During this period, press any key to boot from the floppy disk, otherwise boot from the hard disk and do not load the function of displaying and hiding partitions.
　　　/u　　　　　　　Uninstall this program and restore the image file generated by this program. (u is a lowercase letter)

Sincerely hope that friends who have downloaded and tried will reply and discuss the stability of this new function!

I've discovered another powerful DOS file system driver, which implements the issues I raised at the DOS layer.

I've been waiting for a year, it seems there are many capable people. The software manufacturer's website is www.paragon.ag

I got it from the following post, where there's a download
http://bbs.wuyou.com/cgi-bin/topic.cgi?forum=34&topic=10488&show=0
Paragon DOS IFS Driver can handle NTFS/Ext2FS/Ext3FS and read/write hidden FAT/FAT32 all at once, it's only over 300k, much better than NTFS PRO FOR DOS. Also, it supports reading and writing of DOS long filenames and fully supports Chinese names. It's extremely powerful and a must-have.

0100 jmp 013C

013C cli
013D xor ax, ax
013F mov ds, ax
0141 mov es, ax
0143 mov ss, ax
0145 mov ax, 7C00
0148 mov sp, ax
014A sti
014B push ax
014C mov ax, 1301
014F mov bx, 000A
0152 mov cx, 0068 // String length
0155 mov dx, 1500
0158 mov bp, 7D94 // String address is 7D94-7c00+100=294, that is, the end of the text
015B int 10 // Display string and attributes
015D mov ah, 01
015F mov cx, 2000
0162 int 10 // Set cursor shape
0164 mov si, 046C // The BIOS data area 0040:006c stores the count value of the timer
0167 mov edx,
016A mov ecx, edx
016D add edx, 0000009F // Set waiting time


0174 mov ah, 01
0176 int 16 // Judge whether the character exists
0178 je 0183 // Jump if not
017A mov ah, 00
017C int 16 // If there is, read the character, limited to 83 keyboard, ah=10 supports extended keyboard
017E xor dx, dx // If there is a key, then dx=0
0180 jmp 01A0


0183 cmp ecx,
0186 jnb 0195
0188 test cl, 01
018B je 0195
018D mov ax, 0E3E
0190 mov bx, 0004
0193 int 10 // Display character 0x3E ">"


0195 mov ecx,
0198 cmp edx, ecx // Whether the timer has expired
019B jnb 0174
019D mov dx, FFFF // If there is no key within the specified time, then dx=0xFFFF


01A0 mov ah, 01
01A2 mov cx, 0D0E
01A5 int 10
01A7 mov bx, 0413
01AA mov ax,
01AC dec ax // Directly reduce the value at 0040:0013, reducing the capacity of available memory
01AD cmp dx, FFFF
01B1 je 01B5
01B3 mov , ax // Save the basic memory capacity


01B5 shl ax, 06
01B8 mov es, ax // Calculate the high segment address after subtracting 1K
01BA pop si // si=7C00, ds:si (0000:7C00)
01BB push es
01BC xor di, di // Destination address es:di (es:0000)
01BE cld
01BF mov cx, 0100 // 0x100 words, that is, this program 512 bytes moved
01C2 repnz
01C3 movsw // Character move
01C4 mov si, 004C // Take the offset position of INT 13H in the interrupt vector table
01C7 mov di, 0109 // That is, the following 0209, change jmp 0000:0000 to jmp the real INT13 address
01CA mov eax,
01CD mov es:, eax // Save the original offset position of INT 13H


01D1 cmp dx, FFFF
01D5 je 01E3 // Jump if booting from hard disk, that is, do not take over INT 13
01D7 push es
01D8 pop ax
01D9 shl eax, 10
01DD mov ax, 011B
01E0 mov , eax // Change the offset position of INT 13H to 021B below


01E3 push ds
01E4 pop es
01E5 mov bx, 00EA
01E8 push bx
01E9 retf // ip=00EA, cs=es, actually execute 01EA below


01EA cmp dx, FFFF
01EE je 01F9
01F0 mov cx, 4F12
01F3 mov dx, 0100 // Boot from floppy disk, 0 side 79 track 18 sector
01F6 jmp 01FF


01F9 mov cx, 0001 // Boot from hard disk, 0 side 0 track 1 sector
01FC mov dx, 0080


01FF mov ax, 0201
0202 mov bx, 7C00 // Read 1 sector to 7C00
0205 pushf
0206 push ds // ds=0000
0207 push bx // bx=7C00, jump to 0000:7C00 after INT 13 returns


0208 jmp 0000:0000 // Modified at 01CD to become INT 13

020D－021A 11 01 14 04 16 06 17 07 1B 0B 1C 0C 1E 0E // Partition type table

021B cmp ah, 02 // Old read sector function
021E jne 0231
0220 cmp dx, 0080
0224 jne 0231
0226 cmp cx, 0001
022A je 024F // Read hard disk BOOT sector
022C cmp ah, 42 // Extended read function, ××× It seems impossible to reach here ×××
022F je 0234


0231 jmp 0208


0234 push eax
0236 xor eax, eax
0239 cmp , eax
023D jne 024A
023F cmp , eax
0243 jne 024A
0245 pop eax
0247 jmp 024F


024A pop eax
024C jmp 0231


024F pushf
0250 push cs
0251 call 0208
0254 jb 0293
0256 push es
0257 push ds
0258 push ax
0259 push bx
025A push cx
025B push cs
025C pop ds
025D cmp ah, 42 // Extended read function
0260 jne 026B
0262 mov bx,
0265 mov es,
0268 jmp 026B


026B add bx, 01C2
026F mov cx, 0004 // 4 primary partitions
0272 mov si, 010D // Partition type table address 020D－021A


0275 cld
0276 lodsw // ds:si to ax, ds=cs code segment address
0277 cmp si, 011B
027B jnb 0288 // Until the type table comparison is completed
027D cmp es:, al // Compare whether it is a hidden partition
0280 jne 0275
0282 mov es:, ah // Change hidden partition to non-hidden
0285 jmp 0275


0288 add bx, 0010 // Each partition table 0x10 bytes
028C loop 0272 // Check each partition table one by one
028E pop cx
028F pop bx
0290 pop ax
0291 pop ds
0292 pop es


0293 iret

Yisir Restore Tool Loader, yisir.9126.com
Press any key to load RESTORE DISK or BOOT from HARDDISK...
0x00 0x00 0x55 0xAA

[ Last edited by crshen on 2005-8-31 at 08:04 ]

Suggest that the moderator directly post the source code with annotations in the future, so that everyone can improve it. Reading assembly code is already very tiring, and I don't have such good patience, and I believe others are not easy either.

In addition

0208 jmp 0000:0000 //After modification at 01CD, it becomes INT 13

020D－021A 11 01 14 04 16 06 17 07 1B 0B 1C 0C 1E 0E //Partition type table

021B cmp ah, 02 //Old read sector function
021E jne 0231
0220 cmp dx, 0080
0224 jne 0231
0226 cmp cx, 0001
022A je 024F //Read hard disk BOOT sector
022C cmp ah, 42 //Extended read function, ×××It seems impossible to reach here×××
022F je 0234

0231 jmp 0208
Please the poster take a look. From the 021B place, it is judged whether ah is the 02 function. If not, execute int 13. If yes, execute downward, but ah can't become 42h, then there is a problem at the 022C place?
－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－

020D－021A 11 01 14 04 16 06 17 07 1B 0B 1C 0C 1E 0E is the partition type table

026F mov cx, 0004 //4 primary partitions
0272 mov si, 010D //Partition type table address 020D－021A

0275 cld
0276 lodsw //ds:si to ax, ds=cs code segment address
0277 cmp si, 011B
027B jnb 0288 //Until the type table comparison is completed
027D cmp es:, al //Compare whether it is a hidden partition
0280 jne 0275
0282 mov es:, ah //Change the hidden partition to non-hidden
0285 jmp 0275

0288 add bx, 0010 //Each partition table is 0x10 bytes
028C loop 0272 //Check each partition table one by one
From the 026F place, check the partition table type. Personally, I think it is only necessary to check the last partition. Few people hide the middle partitions.
From the partition table type, the difference between hidden and non-hidden is bit4. All types can be merged into one, that is:
if (al and 0xF0)=0x10 then 分区类型=(al and 0x0F)

[ Last edited by crshen on 2005-8-31 at 08:23 ]

【Latest Update on September 1st】
Thanks to crshen for pointing out the BUG. It seems that when DOS starts, the extended INT13 function is basically not used to read the MBR, so those dead codes are basically not run, and it seems okay from the surface of operation, but the BUG still exists. Now it has been fully corrected.
The problem of not being able to boot from the subsequent hidden partition on August 28th has been solved, and now the operating system in the hidden primary partition can be started normally. Actually, it's a problem with the program itself. Although the program reports the hidden partition as a normal partition to other programs after booting, when it hands over control back to the MBR after completion, it forgets to change it. As a result, the MBR still loads the original boot program of the active partition, but when that operating system starts, the active partition read is that already displayed hidden partition. So when both systems are DOS or Win98, since the boot files are the same, it is normal. When the two systems are different, there is an anomaly.
In the 8-second wait when the new program starts, if the F7 key (or the customized key) is pressed, it will start from the first hidden primary partition, and this disk is assigned as C:. Currently, I have only tested DOS7.1 (Win98 boot disk), and I think it should also be able to boot WIN98. After WinXP starts, it will change the hidden partition to non-hidden. After restarting with the hard disk, it is still visible. Definitely, WinXP has updated the MBR at some time. Linux has not been tested.
A new function key ESC is added: it can not load this program and start normally from the hard disk.
A new function key F5 is added: it can not load this program and start normally from the floppy disk, for when the actual partition needs to be viewed correctly.
The command-line option of MAKEIMG.EXE can now ignore case.
Although the program has been changed a lot and many prompt messages have been cut, the program is almost full of 512 bytes, leaving only 1 byte of space. If more functions are to be added, another sector will have to be opened.

The new command line is as follows:
MAKEIMG source image file name
source image file name　　The floppy disk image file used to make the visible and hidden partition function
destination image file name　　The resulting floppy disk image file with the visible and hidden partition function to be generated, which can be omitted, and the default value is YISIR.IMG
Optional parameters:
/f　　　　　　　The generated program directly boots from the floppy disk when the computer starts.
/b　　　　　　　The generated program directly activates the hidden partition and starts when the computer starts. (Note that an operating system must have been installed in the hidden partition, and this function does not write the MBR either)
When there are no /f and /b parameters, a prompt will appear and wait for 8 seconds. During this period, press any key to boot from the floppy disk, otherwise boot from the hard disk and not load the visible and hidden partition function.
/k:n　　　　　　n=1-4, 6-12. Set the key used to directly activate the hidden partition and start, which can be F1-F4, F6-F12
/u　　　　　　　Uninstall this program, restore the image file generated by this program, and save the result as an image file.

Thanks to the attention of all friends, for the convenience of friends who are interested in improving, the source program is open. First, the source program of the boot sector module (HFBOOT.ASM) is made public.

Before writing this program, I saw a lot of introductions about "one-key recovery", and most of these tools are based on IBM technology. There are many articles on the Internet about the "F11" key recovery of IBM, but most of them are about how to repair IBM. I think it is inappropriate to write the program in the MBR, and it is easy to be damaged. Although IBM has not pursued everyone's responsibility for pirate use, this is not a long-term solution. So I decided to write a program with similar functions for everyone to test and use. When I was writing the program, I thought about the principle of IBM's "F11" key recovery, but I did not disassemble and read IBM's code, so it was completely written by myself without those troubles. But because it was written by only one person, it may not have been fully tested like IBM. Although there is no code for writing to the hard disk in the program (you can refer to the source code), there is still a risk in using this program. I hope that friends will test it fully (virtual machine, idle hard disk...) before using it formally!

As the old saying goes, I retain the ownership of the original program. You can read and modify the parts you think can be improved freely, but please keep the original author's information when republishing, and I hope you can open the source file and tell me (turboy@163.com), maintaining the consistent style of this tool.

Here is the syntax-highlighted source program on my website: http://yisir.softhome.cn/yiarticle/act.php?obj=article&id=136

The following is the source program of the boot sector module (HFBOOT.ASM):

; ==========================================================================

; This is a program used to boot the startup floppy disk of my system backup/restore CD. It will be placed in the first sector of the floppy disk. When this program boots the system, a prompt will appear. The user can choose to press any key to boot the tool floppy disk, or boot the operating system on the hard disk after waiting for 8 seconds. After choosing to boot DOS from the tool floppy disk, the hidden FAT32 primary partition (0B/0C) in the MBR will be assigned a drive letter and become visible, so that conventional tools can be used for backup - backup in the hidden partition, see who can delete it!

; Final version: 2005/9/5

; ==========================================================================

; Programming records:

; The version on June 29 only processed the traditional INT13 function 2, so it worked normally when debugging in a virtual machine with a small hard disk (1B-FAT32), but it failed when it came to a partition (1C-FAT32LBA, 1E-FAT16LBA) that uses LBA mode to read. But now there are no hard disks below 8GB, and reading is almost all in LBA mode.

;

; July 23:

;     Added the takeover of the extended INT3 read (function 42), and realized the reading of the hidden LBA partition. Since there are almost no FAT16 partitions on hard disks now, only FAT32 is processed.

;     Due to the addition of new code, my original prompt information had to be cut down a bit.

;

; August 22:

;     Added a partition flag code list (FlagTable), and judged and processed one by one.

; In FlagTable DW xxyy, xx in each word represents the original partition flag code, and yy represents the hidden partition flag code

; For example, 0414h means that the original partition is 04h (FAT12), and the hidden partition flag code is 14h

; Now, it can be expanded infinitely.

;

; August 28:

;     Experimentally added the function of booting from the hidden partition.

; 1. After booting, use your own INT13 to change the original partition activation flag to 00, and change the activation flag of the original hidden partition that can be changed to a normal partition to 80.

; 2. Before installation, judge the key, use DX register as a flag, no key DX=0XFFFF, press F7 when DX=1, CH=1 in INT13, press other keys when DX=0, CH=0 in INT13.

; 3. In INT13, use CH as the judgment flag for whether to activate the hidden partition, and when it is 1, boot from the hidden partition.

; 3. Since the BOCHS virtual machine uses the F11 and F12 keys, the F7 key is set to boot from the hidden partition.

;

; August 31:

;     crshen found several BUGs, which are solved one by one. The function of booting from the hidden partition.

; 1. Cannot read F11 because the 0 function of INT10H does not support the extended keyboard, now changed to the 10H function. But in QEMU, the 10 function cannot read F11, and VPC can, maybe because the BIOS of the two is different or QEMU intercepts F11/F12.

; 2. Before installation, judge the key. If you press the ESC key, directly enter the hard disk boot.

; 3. There is a wrong judgment jump, which causes the INT13H 42H function processing to be invalid. I was careless. When adding the processing 42H function code, I forgot to change the previous code.

; 4. Cannot boot from the hidden partition after 8G is because there is a serious error in my INT13 process. This error was introduced due to wrong information in the reference materials. In the INT13H extended function, DS:SI points to DAP, not DSI as said in that material. This is really...

;     In most programs such as MS-FDISK, FREE-FDISK, AEFDISK, PQMAGIC, Acronis Disk Editor, the hidden partition will be displayed as a normal partition, but GDISK can see that this partition is a hidden partition, and GDISK must have a unique access method to the hard disk beyond the BIOS interrupt.



; September 1:

;  At present, at 0:47 on September 2, I have eliminated all possible BUGs I can think of, and the length of the program is close to the limit of 512 bytes.

; 1. I found that there was a dead code in the original program. After calling the original INT13 interrupt, AH has been used as the return value, but it is still using AH to judge the extended INT13, so the code for processing the extended INT13 function will not run. Changed to push AX to save, but the code is more chaotic, so I rewrote the previous code.

; 2. After tracking and thinking for two days, I found that the reason why I couldn't boot the OS on the hidden partition on the P4 in the computer room was actually a trick I used to play before. It's really clever but backfires!

; 3. Changed the initial judgment method. In DX, DH=0 installs INT13, DH=FFH does not install; DL=0 loads the floppy disk boot record to start, DL=80H loads the hard disk MBR to start

; 4. Newly added a function ESC key: you can not load this program, and start from the hard disk normally, for general situations.

; 5. Newly added a function F5 key: you can not load this program, and start from the floppy disk normally, for general situations.

; ==========================================================================



;GoodFlag1 equ 0bh

;HideFlag1 equ 1bh

;GoodFlag2 equ 0ch

;HideFlag2 equ 1ch

;GoodFlag3 equ 0eh

;HideFlag3 equ 1eh



ORIGIN EQU 7C00H; Origin of bootstrap LOADER

BIO_MEMEQU 0413H; BIOS Memory size =640(KB)

BIO_CLKEQU 046CH; BIOS Clock (1/18.2 seconds)

DSK_PARMSEQU 1EH*4;POINTER TO DRIVE PARAMETERS

KEY_BOOTHIDDENEQU 41H;Scancode: F7=41H, F11=85H, F12=86H

KEY_BOOTFLOPPYEQU 3FH;Scancode: F5=3FH

KEY_ESCAPEEQU 01H;Scancode: ESC=01H

BOOTHIDDENFLAGEQU 80h



ORG0000h

START:

; WARNING -- Don change this to a short jmp

jmp short main; Jump to start of code

nop

; ==========================================================================

; Start of BPB area of the boot record

OemName         DB "MSDOS"

OsVersion DB "5.0"; DOS version number

BPB:

BytesPerSector DW 512; Size of a physical sector

SecsPerClust DB 1; Sectors per allocation unit

ReservedSecs DW 1; Number of reserved sectors

NumFatsDB 2; Number of fats

NumDirEntries DW 00E0h; Number of direc entries

TotalSectors DW 0B40H; Number of sectors - number of hidden

; sectors (0 when 32 bit sector number)

MediaByte DB 0F0H; MediaByte byte

NumFatSecs DW 9; Number of fat sectors

SecPerTrack DW 18; Sectors per track

NumHeads DW 2; Number of drive heads

HiddenSecs DD 0; Number of hidden sectors

BigTotalSecs DD 0; 32 bit version of number of sectors

BootDrv DB 0h

CurrentHead DB 0h; Current Head

ExtBootSig DB 41

SerialNum DD 20050628h

VolumeLabel DB "YISIR_LOADER"

FatId DB "FAT12"



; =========================================================================

; First thing is to reset the stack to a better and more known

; place. The ROM may change, but wed like to get the stack

; in the correct place.

main:

cli;Stop interrupts till stack ok

xor AX,AX

mov ds,ax

mov es,ax

mov SS,AX;Work in stack just below this routine

mov ax,ORIGIN

mov sp,ax

sti

PUSH AX

        ;Show message

        mov ax,1301h

        mov bx,000ah

        mov cx,MyMsgLen

        mov dx,1500h

        mov bp,MyMsg+ORIGIN

        int 10h

        ;Hide the cursor

        mov ah,1

        mov cx,2000h

        int 10h

        ;Wait 10 seconds

        mov si, BIO_CLK

        mov edx, dword 

        mov ecx, edx

        add edx, 159;18.2*10 seconds

ReadKB:

;Change 5 bytes with install option

;Case Option:/f   Boot from floppy disk directly, do not waiting 8 seconds

;31H D2Hxor dx,dx

;E9H xxH 00Hjmp BiosMemory

;

;Case Option:/b   Boot from HIDDEN parition derectly (activate it and load it)

;31H D2Hxor dx,dx

;E9H xxH 00Hjmp Key_F7

;

;Case Default:       Show message and wait 8 second

        mov ah, 11h;Get keyboard status

        int 16h

        jz NoKeyPress

        mov ah,10h;Read a key (In old code, AH=0, can not read F11/F12...)

        int 16h

        xor dx,dx

cmp ah, KEY_ESCAPE

jz DX_HD;Press ESC to BOOT from Harddisk

cmp ah, KEY_BOOTFLOPPY

jnz RKB_1

mov dh, 0ffh;dh=0 Install INT13, else do not Install. Now DX=FF00H

jmp BiosMemory

RKB_1:

cmp ah, KEY_BOOTHIDDEN

jnz BiosMemory

Key_F7:

;If press Hot key, Boot From Hidden Partition. Now DX=0001H

;modify CH=80h in Int13 procedure

mov byte, BOOTHIDDENFLAG

        jmp DX_HD

NoKeyPress:

        cmp ecx, dword 

        jae L_0

        test cl,1

        jz  L_0

        mov ax,0e3eh; write ">" to show progressing

        mov bx,0004h

        int 10h

L_0:

        mov ecx, dword 

        cmp edx,ecx

        jae ReadKB

mov dh,0ffh;Do not install INT13. Now DX=FF00

DX_HD:

mov dl,080h;Boot from HD. 

;DH=0 Install INT13, DH=FFH do not Install

;DL=0 Boot Floppy, DL=80H Boot HD

;Now:

;  ESC DX=FF80, F5 DX=FF00H, F7 DX=0080H, ANYKEY DX=0000H, TIMEOUT DX=FF80H

BiosMemory:

        ;Show the cursor

        mov ah,1

        mov cx,0d0eh

        int 10h

;BIOS MEMORY - 2KB

mov bx,BIO_MEM;bx=280H (KB)

mov ax,word 

dec ax

cmp dh,0

jnz L_1

mov word ,ax;If DH=FF, Do not install

L_1:

;Move to High Memory. ex. 9fc0:0000

shl ax,6;ax=9fc0h SEG of top memory

mov es,ax;es=9fc0h

pop si;si=7c00h

push es;ready to RETF

xor di,di;di=0

cld

mov cx,100h

repnz movsw;move code to 9fc0:0000



cmp dh,0

jnz L_2;If DH=0ffh, Do not install

;modify Int13

mov si,4ch;Int13 13h*4

mov di,OLDINT13

;Save Old

mov eax,

mov ,eax

;cmp dh,0

;jnz L_2;If DH=0ffh, Do not install

push es

pop ax

shl eax,16

mov ax, MyInt13

mov ,eax

L_2:;Jump to high address, 9fc0:00xx

push ds

pop es

mov bx,word Entre2

push bx;push 9fc0:Entre2

retf;跳到高端执行

Entre2:

        cmp dl,0;If DX <> 0, Load HD-MBR

        jnz L_3

ReadFD:;Read old boot sector from Floppy H1 T79 S18

        mov cx,4f12h

        mov dx,0100h

        jmp RunInt13

L_3:;Read from Harddisk H0 T0 S1 MBR

        mov cx,1

        mov dx,80h

RunInt13:

        mov ax,0201h

        mov bx,ORIGIN

        push ds

        push bx

int 13h

retf

; 2005-9-1

; 这里是原来用的花哨技巧代码，就是它们导致使用F7启动不了隐藏分区。因为这里读到的是原始的MBR

;        pushf        ;int 13h

;        push ds

;        push bx

; ------------------------------------------



;Jump to Old INT 13H

JmpFarInt13:

         DB 0eah ;JMP far OLDINT13

OLDINT13 DW 0,0

;End of Install-code



;Partition Flag Table  normal and hidden

FlagTable:

         dw 0111h, 0414h, 0616h, 0717h, 0b1bh, 0c1ch, 0e1eh

FlagTableEnd:



;My INT13h code

MyInt13:

cmp ah,2        ;Is Read?

jz Func2

cmp ah,42h      ;Is ExtRead?

jz Func42

JmpOldInt13:

jmp JmpFarInt13

Func2:

CMP DX,0080H;Is Harddisk and Head 0?

jnz JmpOldInt13

cmp cx,0001H;Is Track 0 Sector 1?

jnz JmpOldInt13

pushf;Simulate INT operator

push cs

CALL JmpFarInt13;Call old INT13

jc exit;Flase then Exit

push bx

push es

jmp EditFlag

Func42:

cmp dl,80h;Is Harddisk

jnz JmpOldInt13

push eax

xor eax,eax

cmp dword ,eax;Is Sector 0, Low 32bit

jnz ExitFunc42

cmp dword ,eax;Is Sector 0, Hight 32bit

jnz ExitFunc42

pop eax

pushf;Simulate INT operator

push cs

CALL JmpFarInt13;Call old INT13

jc exit;If flase then Exit

push bx

push es

mov bx, ; Fix BX,ES like Int13h Func02

mov es, 

jmp EditFlag

ExitFunc42:

pop eax

jmp JmpOldInt13

EditFlag:

push ax

push cx

push si; DS:SI -> DAP

push ds

push cs

pop ds

add bx, 01c2h; ES:BX -> Partition Flag

BootHiddenCode:

mov cx, 4; CL=4, CH will can be change by Makeimg.c with 1 to Modify the ActiveFlag

cmp1:

        mov si, FlagTable

cmp ch, BOOTHIDDENFLAG;If CH=BOOTHIDDENFLAG, Boot from hidden Partition

jnz nextFlag

mov byte , 0;Clear Active Flag for boot from hidden partition

nextFlag:

        cld

        lodsw

        cmp si, FlagTableEnd

        jae nextPart

        cmp byte , al

        jnz nextFlag

        mov byte , ah

cmp ch,BOOTHIDDENFLAG;If CH=BOOTHIDDENFLAG, Boot from hidden Partition

jnz JmpNextFlag

mov byte , 80h

xor ch, ch;Set CH=0h, Don't modify the next.

JmpNextFlag:

        jmp nextFlag

nextPart:

add bx,10h

dec cl

ja cmp1

pop ds

pop si

pop cx

pop ax

pop es

pop bx

exit:

iret

; End of INT13H code



MyMsg    db "PartUnhide Loader, yisir.9126.com, 2005-9-5",13,10

;         db "Press any key to load RESTORE FLOPPY DISK...",13,10

MyMsgLen equ $-MyMsg



times 510 -($-$$) db 0

BOOTFLAG db 55h,0aah

【Latest Version】
　　HFBOOT.ASM is still from September 1st, and MAKEIMG.EXE was compiled after adding options on September 5th.
MAKEIMG.EXE can handle non-1.44M floppy disk images.
　　New command line is as follows:
　　MAKEIMG Source image file name
　　　Source image file name　　Floppy disk image file used to make the visible and hidden partition function
　　　Destination image file name　Floppy disk image file with visible and hidden partition function to be generated, can be omitted, default value is YISIR.IMG
　　Optional parameters:
　　　/f　　　　　　　The generated program directly boots from the floppy disk when the computer starts.
　　　/b　　　　　　　The generated program directly activates the hidden partition and boots when the computer starts. (Note that an operating system must be installed in the hidden partition, and this function does not write the MBR)
　　When there are no /f and /b parameters, a prompt will appear and wait for 8 seconds. During this period, press any key to boot from the floppy disk, otherwise boot from the hard disk and not load the visible and hidden partition function.
　　　/k:n　　　　　　n=1-4, 6-12. Set the key used when directly activating the hidden partition and booting, which can be F1-F4, F6-F12
/p:n n=0 - 255, Customize the characters that make up the progress bar, the default is 62 which is ">", like 219 (solid square), 220, 223 also look good
/r:n n=1 - 24, Customize the starting line of the prompt information on the screen, the default is line 21, that is, display the prompt on line 21 and the progress bar on line 22.
　　　/u　　　　　　　Uninstall this program, restore the image file generated by this program, and save the result as an image file.

Friends who have downloaded and used this software are welcome to post replies or leave messages on my small site to talk about your opinions.

[ Last edited by TurboY on 2005-9-6 at 20:15 ]

The graphical interface version has been upgraded to version 1.1, and it can be used for non-1.44M images.

[ Last edited by crshen on 2005-9-10 at 20:17 ]

Let's take another look. Going to sleep!
No opinions for the moment. Looking for problems and finding new functions that are needed!
Haha!～

The MBR posted by crshen, but which operating system is it for?

I remember that after several MBRs I've seen initialize the registers, they all immediately read the boot code at 7C00 to another place in memory and place the stack starting at 7C00.

I'm not quite clear on why this is done, and the ASM posted by crshen doesn't have these steps.
Which expert can explain it?

[ Last edited by fdsiuha on 2005-9-10 at 00:12 ]

I saw it. A weak question: Why is there eax in the code? Is it 8086? I used 16-bit assembly, and when I study by myself, Kaspersky thinks it's a virus. IBM's F11 seems to use int 13h to rewrite the MBR instead of resident. Because indeed many virus practices are resident, and the code segment that rewrites int 13h is a signature, probably using eax so that it's not reported as a virus