With the widespread use of computers, the popularization of computer knowledge has become an important part of application and management. In our country, the operating system most commonly used on personal computers is DOS, and the computer viruses now sweeping the world basically infect DOS operating system machines as well. Therefore, having a fairly comprehensive understanding of the operating system and disk usage will improve the level of computer application and management, and at the same time provide powerful tools and means for preventing computer viruses and removing them. This article mainly gives an overview of the DOS operating system boot process, the disk boot sector under the operating system, the file allocation table (FAT), the directory table (FCB), disk formatting, and so on.
I. The operating system boot process
When the machine is powered on, the computer hardware system generates a reset pulse. This reset pulse is sent directly to the pins of the 80X86 chip. After receiving this pulse, the hardware logic of the 80X86 chip sets the CS register to FFFFH and the IP register to 0000H. That is to say, it automatically fetches the first instruction from FFFF:0000H and transfers to the 8KB ROMBIOS program on the system board. This program first runs the power-on self-test module. If the self-test is normal, it then enters the INT19H call to carry out system booting; if there is an error in the self-test, it displays an error message and enters an endless loop.
While carrying out system boot, the boot program also scans external ROM. If it finds the ROM in the hard disk controller (starting address C800:0000H, containing a 2KB hard disk device driver), it reassigns the software interrupts, giving the original INT13H to the hard disk and changing the floppy disk interrupt to INT40H, and then proceeds with operating system booting.
First, the boot program tries to read the boot record in head 0, track 0, sector 1 (BOOT) of floppy drive A: into memory starting at 0000:7C00H. If successful, it executes the boot program on the floppy disk and boots the operating system; if unsuccessful, it reads the hard disk master boot record at head 0, track 0, sector 1 into memory starting at 0000:7C00H, and executes that hard disk master boot program. Its function is to also read the partition boot program of the currently active partition into the above memory area, so as to complete booting of the operating system in that partition.
It is not hard to see from the above that the biggest difference between hard disk and floppy disk system booting is that the hard disk must execute the master boot program in its physical first sector before it can transfer to the partition boot program in the logical first sector of the corresponding partition, which is similar to that of a floppy disk.
II. Disk boot sectors
Disk sector allocation consists of two parts. The first part has only one sector, namely track (cylinder) 0, head 0, sector 1, which is the first sector of the entire disk (physically). This is the disk master boot sector. The second part consists of sectors used by the various operating systems.
(I) The master boot sector of a floppy disk
The contents of the master boot sector are created by FORMAT. The boot record can be divided into four parts:
1, a 3-byte jump instruction (for system disks);
2, 8 bytes containing the manufacturer ID and operating system version number;
3, BIOS parameter block (19 bytes total, also called the BPB parameter table);
4, boot code, containing the actual code of the bootstrap program; the boot code is valid only for operating system disks;
When the disk is used as a system disk, the jump instruction is executed, transferring to the boot code, which runs the bootstrap program and loads DOS into memory.
Below, the BIOS parameter block is mainly introduced. Through this parameter block, the starting sector numbers of the file allocation table, root directory, and data area can be obtained. Starting from the contents of bytes 12 onward in the master boot sector, the meanings are as follows:
Bytes 12-13: describe sector size (bytes);
Byte 14: number of sectors per cluster;
Bytes 15-16: number of reserved sectors;
Byte 17: number of FATs (file allocation tables);
Bytes 18-19: root directory (FCB) size (number of files);
Bytes 20-21: total number of sectors on the disk;
Byte 22: media descriptor (FD for double-sided double-density 360KB floppy disk, F9 for double-sided high-density 1.2MB floppy disk, F8 for hard disk);
Bytes 23-24: number of sectors occupied by each FAT;
Bytes 25-26: number of sectors per track;
Bytes 27-28: number of heads;
Bytes 29-32: number of hidden sectors;
Bytes 33-36: (valid only for hard disks). When the partition total is >FFFFH, the total number of sectors is filled in here, and the value at 20-21 is 0 (at this time the partition capacity is >32M).
Note:
(1) For all values above that occupy 2 bytes, the first byte is the low byte and the second byte is the high byte;
(2) The numbers represented are all hexadecimal numbers (the contents of each byte);
For a floppy disk, the master boot sector is the physical first sector and also logical sector O (the 1st sector), and can be read and written with DEBUG's L and W commands.
(II) Hard disk boot sectors
1, The hard disk master boot sector (hidden sector)
This sector mainly consists of two parts: the master boot program and the partition information table. The layout is as follows:
Address offset hard disk track (cylinder) 0, head 0, sector 1
0000H―――master boot record and some numbers 0
01BEH―――first partition table (16 bytes)
01CEH―――second partition table (16 bytes)
01DEH―――third partition table (16 bytes)
0IEEH―――fourth partition table (16 bytes)
01FEH__55H
01FFH―――AAH
The contents of the hard disk master boot sector are created by FDISK.COM. The entire hard disk space can be divided into at most 4 partitions, which can be shared by 4 operating systems, each operating system occupying one partition. If the entire hard disk is used by only one operating system, then the lengths of the other three partitions, that is, the number of sectors they occupy, are 0. On IBMPC, Great Wall series, and their compatibles, FDISK.COM can be used to specify the size of each partition and the starting and ending cylinder numbers, sector numbers, and so on; the partition information table is used to save this partition information. The partition information table consists of 4 entries, each occupying 16 bytes. The contents of each byte of a partition entry are as follows:
Byte 1: boot flag. If this byte is 0, it means that when the system is powered on or reset and self-tested, the operating system is not booted from this partition. If this byte value is 80H, it means that during a power-on cold boot or warm boot, the operating system is booted from this partition. During system cold and warm boot, the boot process checks this boot flag in all 4 entries of the partition information table. DOS's FDISK.COM command can set this byte value in one partition to 80H and set the corresponding byte values in the remaining partitions to 0.
Byte 2: starting head number of this partition.
Byte 3: starting sector number of this partition. Only the low 6 bits of this byte represent the sector number, while the high 2 bits represent the high 2 bits of the starting cylinder number.
Byte 4: starting cylinder number of this partition.
Byte 5: operating system code of this partition. For DOS versions below 3.0, this byte value is 01; for versions above 3.0, this byte value is 04; for versions above 5.0, it is 06, etc. When this byte value is
02, 03, it indicates the operating system of this partition is XENIX. When this byte value is 63, it indicates the operating system of this partition is NIX. When this byte value is 65, it indicates the
operating system of this partition is NetWare.
Byte 6: ending head number of this partition.
Byte 7: ending sector number of this partition. The high 2 bits represent the high 2 bits of the ending cylinder number.
Byte 8: ending cylinder number of this partition.
Bytes 9-12: number of sectors already used before this partition.
Bytes 13-16: number of sectors used by this partition.
The hard disk master boot program is in the first sector of the hard disk, and is the common part for all operating systems. Its function is to examine the 4 partition boot flags in the partition information table. When the boot flag of a partition is 80H, the master boot program reads the first sector (logical sector 0) of that partition into memory at 0000:7C00H and starts executing from there. The master boot program belongs to the hidden sector, and it can only be read and written by the following two methods:
(1), implemented with interrupt 13H, using the following small program segment:
MOVDX,0080硬盘0磁头;
MOVCX,00010道第1扇区;
MOVBX,0200缓冲区地址200处作为起始;
MOVAX,0X01X=2表示读1个扇区,X=3表示写一个扇区;
INT13H磁盘I/O中断;
Executing this segment allows read and write operations on the hard disk master boot sector.
(2), after the system starts, by modifying the hard disk drive parameter table (BPB) in memory, change the total number of sectors to the original total plus the number of hidden sectors, and change the number of hidden sectors to 0. Then the L and W commands of DEBUG.COM can be used to read and write the master boot sector (in fact, after the above change, the master boot sector has become logical sector 0).
2, Partition boot sector
The DOS partition boot program occupies the 1st sector (logical sector 0) of the partition. Its contents are basically the same as the master boot sector of a floppy disk, except that the specific values in the BPB parameter table are different. The DOS partition boot program is not necessarily in the physical second sector of the hard disk; it depends on the number of hidden sectors. The logical number of this sector is always 0.
The partition boot program is created by FORMAT.
III. Methods for calculating the starting sector numbers of the FAT table, FCB, and data area, and the relationship between cluster numbers and sector numbers
For convenience in the following discussion of the file allocation table (FAT) and directory table (FCB), the relevant conversion relationships involved are listed here first:
The first FAT always starts from logical sector 1;
Starting sector number of the second FAT = 1+FAT length;
Starting sector number of the root directory = 1+2 FAT lengths;
Starting sector number of the data area = 1+2 FAT lengths+root directory length;
S=(C2)*(number of sectors/per cluster)+starting sector number of data area, where: S represents the logical sector number where the data (file) is located, and C represents the cluster number where the data (file) is located. In the above formulas, the starting sector numbers all mean logical sector numbers.
IV. DOS file space allocation
When DOS formats a disk, it allocates disk space as follows:
(1) boot area;
(2) first copy of the file allocation table;
(3) second copy of the file allocation table;
(4) root directory;
(5) data area;
Note: the above allocation refers to the whole disk space for floppy disks, and the DOS partition part for hard disks.
Space for a file (in the data area) is allocated only when needed (not preallocated). One cluster of space is allocated each time (the allocation unit), and a cluster is always one or more consecutive sectors. In file allocation, all clusters of a file are chained together. For multi-head media (disks), clusters are arranged so that head movement is minimized. When moving to the next track, all the space on the current track (cylinder) is allocated first. The process works like this: first use the lowest-numbered sequential sectors, then move to the sectors under the next head, continuing in this way until the sectors under all heads on the track are used up. After that comes head 0 sector 1 of the next track.
Files in the data area need not be written to disk in sequence. Each time one cluster of data space is allocated, allocated clusters are skipped, and the first free cluster found becomes the next cluster to allocate, without considering its physical position on the hard disk. In this way disk space can be used efficiently, because after a file is deleted, the available clusters can again be allocated to new files.
V. File allocation table FAT
DOS uses the file allocation table to convert a file's cluster number into a logical sector number, and then the driver is responsible for finding the logical sector on the disk. There are two FATs. When operations such as copy, delete, create, or modify files are performed (using DOS commands), both FATs are updated at the same time, and corresponding sectors have identical contents. But when the W command of DEBUG.COM is used for sector-level operations, only the specified sector is written, and the corresponding sector in the other FAT is not updated (the same is true when using INT13H function AH=3 to write the disk). The contents of the FAT are the cluster numbers occupied by files and end markers. In DOS versions after 3.0, each FAT entry has two forms, 16-bit and 12-bit. A 12-bit entry can represent at most 4096 clusters, and a 16-bit entry can represent at most 65536 clusters. Under DOS, the number of sectors per cluster is determined by the FDISK.COM and FORMAT.COM commands, and cannot be changed afterward unless these two commands are run again. In DOS versions after 3.0, when using FDISK.COM on a hard disk to create a partition, whether 12-bit or 16-bit FAT entries are used to represent cluster numbers depends on whether the DOS partition is larger than 4096 clusters. If it is larger, each entry in the created FAT is 16 bits; otherwise, it is 12 bits. FAT allocation for files always starts from cluster 2. The meanings of its contents are as follows:
0000H(000H): cluster unused or available;
FFF8FFFFH(FF8FFFH): file end marker;
FFF7H(FF7H): if not part of an allocation chain, indicates a bad cluster;
XXXXH(XXXH): any hexadecimal number other than the above indicates the cluster number of the file's NEXT CLUSTER.
The first cluster number of a file is stored in the file directory entry, and its value range is 0002FFEFH(002FEFH).
Note: the four-digit hexadecimal numbers correspond to FATs with 16-bit entries, and the three-digit hexadecimal numbers correspond to FATs with 12-bit entries (same below); generally speaking, FFF0FFF6H(FF0FF6H) is used to indicate reserved clusters.
From the directory entry, the starting cluster number of the file can be found, and from this all the other cluster numbers used by the file can be found as follows:
1, multiply the file's starting cluster number in the directory entry by 2 (or 1.5);
2, the integer part of the product is the offset relative to the FAT, indicating the entry mapped to the cluster just used. This entry contains the next cluster number of the file.
3, for a FAT with 12-bit entries, if the last cluster number used is even, keep the low 12 bits; otherwise keep the high 12 bits.
4, if the resulting value is FFF8FFFFH(FF8FFFH), then there are no more clusters in the file; otherwise it contains the next cluster number.
Note: in the above algorithm, attention should be paid to conversion between hexadecimal and decimal. In 1, multiplying by 2 applies to a FAT with 16-bit entries, while multiplying by 1.5 applies to a FAT with 12-bit entries.
VI. File directory table (FCB)
FORMAT.COM creates the root directory for all disks. Its position (logical sector number) and maximum number of entries can be calculated from the BIOS parameter block. Directories other than the root directory are actually files, and there is no limit on the number of entries they contain. Subdirectories can be read as files, using an extended FCB with the proper attribute byte. In the file directory table, one sector contains only 16 file (directory) entries.
1, The fields of each file (directory) entry indicate the following states: bytes 0-7 are the filename. A first byte of 00H means never used, E5H means used and deleted, 2EH means it is a directory entry, and any other value indicates the first character of the filename.
Bytes 8-10 are the file extension.
Byte 11 is the file attribute. 01 means read-only file; 02 means hidden file; 04 means system file; 08 means the directory entry contains the first 11 bytes of the disk name, and apart from that there is no other useful information, and it exists only in the root directory (that is, it represents the disk volume label); 10 means the entry defines a subdirectory; 20 means the archive bit, which is set once the file is written or closed; 30 means archive plus subdirectory; 32 means archive plus subdirectory plus hidden, etc. (the numbers 01, 02...30, 32 here are hexadecimal).
Bytes 12-21 are reserved. Bytes 22-23 record the file creation or last modification time (bit map as follows):
(HH)(MM)(XX)
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Here:
HH: binary count for hours (023), occupying 5 bits;
MM: binary count for minutes (059), occupying 6 bits;
XX: binary count in 2-second increments, occupying 5 bits;
Bytes 24-25 represent the file's last modification date, arranged by bits as follows:
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1
Y Y Y Y Y Y Y M M M M D D D D D
Here:
Bits 9-15 are YY (year), values 0119(19802099);
Bits 5-8 are MM (month). Values 112;
Bits 0-4 are DD (day), values 131;
Bytes 26-27 are the starting cluster number of the file (directory entry).
Bytes 28-31 represent the file size in bytes. The first word contains the low-order part of the size, and the first byte of both words stores the low-order significant byte of the numeric value.
2, How to find a subdirectory and the file directory table under it
(1) find the starting cluster number of the subdirectory in the root directory;
(2) use the conversion formula between cluster number and sector number to find the logical sector number;
(3) starting from that sector, you can look up the directory entries of the files under that subdirectory;
If you still want to find subdirectories under that subdirectory, continue using the above method in sequence.
Note: the method for finding the storage sectors of a file's data is similar, but do not carry out step 3. Instead, from the starting cluster number, use the FAT to find all the cluster numbers, and then in sequence find their storage logical sectors.
VII. Disk formatting
Disk formatting is divided into low-level formatting (initialization) and high-level formatting (FORMAT).
(I) Low-level formatting of disks
Low-level formatting of disks means physically formatting the disk. In general, it is done only when one of the following situations occurs.
1, when track 0 of the disk has suffered physical damage (because head reset was not performed before moving the machine, or power was cut while the hard disk head was reading or writing, causing the head to scratch the disk, etc.);
2, the user replaces the hard disk drive with a new one;
3, an attempt is made to install several different operating systems on the hard disk. For example: the hard disk originally has the multi-user operating system XENIX and the single-user operating system DOS, and now another multi-user operating system is to be installed;
4, an error appears on the hard disk that cannot be recovered under the operating system.
Disk initialization can be carried out by the following three methods:
1, with the help of the ROMBIOS program (for hard disks)
The hard disk ROMBIOS program on the controller board provides a hard disk initialization program. After the system starts, ROMBIOS provides a convenient means for adapter boards with onboard ROM programs to enter the system. It can be done in the following two ways:
(1) At the DEBUG prompt, use the D command to display the contents between addresses C800:0000000FH and confirm that it is ROM:
C800:000055AAXX......where XX indicates the ROM length;
Then use the U command to disassemble the object code between 0003000F (generally there are 23 JMP instructions there), find the starting offset XXXX of the storage unit containing the JMP instruction that jumps to the low-level formatting routine in the ROM, and execute the command G. On different hard disk machines, the starting offset XXXX used by the G command may differ slightly, but generally speaking, the starting offset of the unit containing the second JMP instruction is XXXX. (Such as the PC/XT and Donghai 0520.)
(2) Use the following program segment:
MOVAX,07XXAH=07表示驱动器格式化(初始化),用XX扇区内容替代所有扇区;
MOVDX,0080硬盘0磁头;
MOVCX,00010道1扇区开始;
INT13H
INT3H
Note: the above 2 methods have been implemented on the PC/XT and its compatibles Great Wall 0520 and Donghai 0520;
2, run the LOWFORM.EXE low-level formatting program on the system disk (if present), or utility software with low-level formatting capability;
3, run the supplied diagnostic program (works for both hard and floppy disks);
(II) High-level formatting of disks (FORMAT)
When formatting a floppy disk with FORMAT, the master boot sector is created; except for the first 3 bytes of the FAT being FD, FF, FF (double-sided double-density 360KB), all other bytes are set to 0. For the directory table FCB, in versions above 3.0 all bytes are set to 0; in versions below 3.0, the first byte is set to 0 and the other bytes are set to F6. All bytes in the data area are set to F6.
When formatting a hard disk with FORMAT, the following work is done:
1, according to the information recorded on the hard disk by the DOS partition creation command FDISK.COM, only the data area belonging to the DOS partition is checked. If damaged sectors are found, FFF7H(FF7H) is written into the corresponding chain (cluster number) in the FAT, and all other data is left untouched;
2, initialize the DOS file allocation table and file root directory area, set the FAT contents to 0, and set the first byte of the FCB table directory entries to 0. Initialize the disk structure parameter table.
3, create the DOS partition boot program and record it in the first sector of the partition (logical sector 0);
If the machine needs to be booted from the hard disk (with the /S parameter), then the three files IBMBIO.COM, IBMDOS.COM (for Great Wall series machines, GWBIO.COM and GWDOS.COM; MSDOS uses IO.SYS and MSDOS.SYS), and COMMAND.COM must also be created.
(III) Formatting disk tracks
Formatting a track is performed by function 5 of interrupt 13 provided by ROMBIOS. Its calling format is as follows:
Entry:AH=5DH=磁头号DL=盘号CH=磁道号
ES:BX缓冲区必须指向所需地址区段集合,每个区段包含四个字节(C、H、R、N),其中:C=磁道号,H=磁头号,R=扇区号,N=每扇区字节数,以03分 别表示每扇区128、256、512、1024字节。
According to the above entry parameters, calling interrupt 13 can format a certain track of the disk.
For example: tracks 40 and 41 of a 360KB floppy disk can be formatted, increasing capacity by 18KB, which can be done with the following program:
ES:0100MOVAX,0501AH=5,表示对磁道进行格式化;
ES:0103MOVBX,02X0X=0,3,6,9使得ES:BX
指向对应头、道的内存缓冲区扇区数据识别的地址;
ES:0106MOVDX,0X0XDH=00、01表示0磁头、1磁头,DL=00、01表示A盘、B盘;
ES:0109MOVCX,2X01X=8表示40道,X=9表示41道
ES:010CINT13H 扇区识别数据如下:
C H R
ES:0200 28 00 01 02 28 00 02 02 28 00 03 02 28 00 04 02
ES:0210 28 00 05 02 28 00 06 02 28 00 07 02 28 00 08 02
ES:0220 28 00 09 02 00 00 00 00 00 00 00 00 00 00 00 00
ES:0230 28 01 01 02 28 01 02 02 28 01 03 02 28 01 04 02
ES:0240 28 01 05 02 28 01 06 02 28 01 07 02 28 01 08 02
ES:0250 28 01 09 02 00 00 00 00 00 00 00 00 00 00 00 00
ES:0260 29 00 01 02 29 00 02 02 29 00 03 02 29 00 04 02
ES:0270 29 00 05 02 29 00 06 02 29 00 07 02 29 00 08 02
ES:0280 29 00 09 02 00 00 00 00 00 00 00 00 00 00 00 00
ES:0290 29 01 01 02 29 01 02 02 29 01 03 02 29 01 04 02
ES:02A0 29 01 05 02 29 01 06 02 29 01 07 02 29 01 08 02
ES:0280 29 01 09 02 00 00 00 00 00 00 00 00 00 00 00 00
At this time the contents of the drive electrical parameter table are:
0000:0522DF02250209......(the address here may differ on different machines)
For the above, take BX=0200, DX=0001, CX=2801, then track 40 of drive B head 0 (side 0) is formatted (9 sectors/per track). By successively changing the values of BX, DX, and CX, and executing the program segment between 0100010E, formatting of tracks 40 and 41 is completed. Then modify the total sector count in the floppy disk BPB parameter, changing 02D0H to 02F4H, and the capacity of the floppy disk becomes 387072 bytes (378KB, 18KB more than before), and DOS (version 3.0 and above) can manage tracks 40 and 41 normally.
From the above analysis it can be seen that we can not only increase the capacity of the floppy disk, but also write some important information into sectors in tracks 40 and 41 (with DEBUG's W command), then change the total sector count in the BPB parameter table back to 02DOH, thereby achieving a special encryption effect and preventing others from reading, writing, and copying it. At this time, executing FORMAT in a 360KB drive will not damage the contents of tracks 40 and 41 either. At the same time, by making slight changes to the above program, the drive electrical parameter table (formatting parameters), and sector ID data, it is also possible to format special tracks with more than or fewer than 9 sectors per track (most game disks are made using this mechanism). If N=00 is taken in the electrical parameter table and the number of sectors is 20H, with other parameters also slightly changed, and the sector ID data correspondingly changed to identify sector 20H and N=00, then a certain track can be formatted with 128 bytes per sector and 32 sectors. Such a track also prevents normal DOS reading, writing, and copying. Saving some important information in the sectors of that track (requiring separately written read/write programs) can likewise achieve a special encryption effect.
This article has made a brief analysis of disk usage from such aspects as the operating system boot process, boot sectors, DOS file space allocation, the meaning of file and directory allocation tables and methods for calculating starting sectors, and disk formatting. It is hoped that through the introduction in this article, computer enthusiasts in general can gain a deeper understanding of disk usage.
I. The operating system boot process
When the machine is powered on, the computer hardware system generates a reset pulse. This reset pulse is sent directly to the pins of the 80X86 chip. After receiving this pulse, the hardware logic of the 80X86 chip sets the CS register to FFFFH and the IP register to 0000H. That is to say, it automatically fetches the first instruction from FFFF:0000H and transfers to the 8KB ROMBIOS program on the system board. This program first runs the power-on self-test module. If the self-test is normal, it then enters the INT19H call to carry out system booting; if there is an error in the self-test, it displays an error message and enters an endless loop.
While carrying out system boot, the boot program also scans external ROM. If it finds the ROM in the hard disk controller (starting address C800:0000H, containing a 2KB hard disk device driver), it reassigns the software interrupts, giving the original INT13H to the hard disk and changing the floppy disk interrupt to INT40H, and then proceeds with operating system booting.
First, the boot program tries to read the boot record in head 0, track 0, sector 1 (BOOT) of floppy drive A: into memory starting at 0000:7C00H. If successful, it executes the boot program on the floppy disk and boots the operating system; if unsuccessful, it reads the hard disk master boot record at head 0, track 0, sector 1 into memory starting at 0000:7C00H, and executes that hard disk master boot program. Its function is to also read the partition boot program of the currently active partition into the above memory area, so as to complete booting of the operating system in that partition.
It is not hard to see from the above that the biggest difference between hard disk and floppy disk system booting is that the hard disk must execute the master boot program in its physical first sector before it can transfer to the partition boot program in the logical first sector of the corresponding partition, which is similar to that of a floppy disk.
II. Disk boot sectors
Disk sector allocation consists of two parts. The first part has only one sector, namely track (cylinder) 0, head 0, sector 1, which is the first sector of the entire disk (physically). This is the disk master boot sector. The second part consists of sectors used by the various operating systems.
(I) The master boot sector of a floppy disk
The contents of the master boot sector are created by FORMAT. The boot record can be divided into four parts:
1, a 3-byte jump instruction (for system disks);
2, 8 bytes containing the manufacturer ID and operating system version number;
3, BIOS parameter block (19 bytes total, also called the BPB parameter table);
4, boot code, containing the actual code of the bootstrap program; the boot code is valid only for operating system disks;
When the disk is used as a system disk, the jump instruction is executed, transferring to the boot code, which runs the bootstrap program and loads DOS into memory.
Below, the BIOS parameter block is mainly introduced. Through this parameter block, the starting sector numbers of the file allocation table, root directory, and data area can be obtained. Starting from the contents of bytes 12 onward in the master boot sector, the meanings are as follows:
Bytes 12-13: describe sector size (bytes);
Byte 14: number of sectors per cluster;
Bytes 15-16: number of reserved sectors;
Byte 17: number of FATs (file allocation tables);
Bytes 18-19: root directory (FCB) size (number of files);
Bytes 20-21: total number of sectors on the disk;
Byte 22: media descriptor (FD for double-sided double-density 360KB floppy disk, F9 for double-sided high-density 1.2MB floppy disk, F8 for hard disk);
Bytes 23-24: number of sectors occupied by each FAT;
Bytes 25-26: number of sectors per track;
Bytes 27-28: number of heads;
Bytes 29-32: number of hidden sectors;
Bytes 33-36: (valid only for hard disks). When the partition total is >FFFFH, the total number of sectors is filled in here, and the value at 20-21 is 0 (at this time the partition capacity is >32M).
Note:
(1) For all values above that occupy 2 bytes, the first byte is the low byte and the second byte is the high byte;
(2) The numbers represented are all hexadecimal numbers (the contents of each byte);
For a floppy disk, the master boot sector is the physical first sector and also logical sector O (the 1st sector), and can be read and written with DEBUG's L and W commands.
(II) Hard disk boot sectors
1, The hard disk master boot sector (hidden sector)
This sector mainly consists of two parts: the master boot program and the partition information table. The layout is as follows:
Address offset hard disk track (cylinder) 0, head 0, sector 1
0000H―――master boot record and some numbers 0
01BEH―――first partition table (16 bytes)
01CEH―――second partition table (16 bytes)
01DEH―――third partition table (16 bytes)
0IEEH―――fourth partition table (16 bytes)
01FEH__55H
01FFH―――AAH
The contents of the hard disk master boot sector are created by FDISK.COM. The entire hard disk space can be divided into at most 4 partitions, which can be shared by 4 operating systems, each operating system occupying one partition. If the entire hard disk is used by only one operating system, then the lengths of the other three partitions, that is, the number of sectors they occupy, are 0. On IBMPC, Great Wall series, and their compatibles, FDISK.COM can be used to specify the size of each partition and the starting and ending cylinder numbers, sector numbers, and so on; the partition information table is used to save this partition information. The partition information table consists of 4 entries, each occupying 16 bytes. The contents of each byte of a partition entry are as follows:
Byte 1: boot flag. If this byte is 0, it means that when the system is powered on or reset and self-tested, the operating system is not booted from this partition. If this byte value is 80H, it means that during a power-on cold boot or warm boot, the operating system is booted from this partition. During system cold and warm boot, the boot process checks this boot flag in all 4 entries of the partition information table. DOS's FDISK.COM command can set this byte value in one partition to 80H and set the corresponding byte values in the remaining partitions to 0.
Byte 2: starting head number of this partition.
Byte 3: starting sector number of this partition. Only the low 6 bits of this byte represent the sector number, while the high 2 bits represent the high 2 bits of the starting cylinder number.
Byte 4: starting cylinder number of this partition.
Byte 5: operating system code of this partition. For DOS versions below 3.0, this byte value is 01; for versions above 3.0, this byte value is 04; for versions above 5.0, it is 06, etc. When this byte value is
02, 03, it indicates the operating system of this partition is XENIX. When this byte value is 63, it indicates the operating system of this partition is NIX. When this byte value is 65, it indicates the
operating system of this partition is NetWare.
Byte 6: ending head number of this partition.
Byte 7: ending sector number of this partition. The high 2 bits represent the high 2 bits of the ending cylinder number.
Byte 8: ending cylinder number of this partition.
Bytes 9-12: number of sectors already used before this partition.
Bytes 13-16: number of sectors used by this partition.
The hard disk master boot program is in the first sector of the hard disk, and is the common part for all operating systems. Its function is to examine the 4 partition boot flags in the partition information table. When the boot flag of a partition is 80H, the master boot program reads the first sector (logical sector 0) of that partition into memory at 0000:7C00H and starts executing from there. The master boot program belongs to the hidden sector, and it can only be read and written by the following two methods:
(1), implemented with interrupt 13H, using the following small program segment:
MOVDX,0080硬盘0磁头;
MOVCX,00010道第1扇区;
MOVBX,0200缓冲区地址200处作为起始;
MOVAX,0X01X=2表示读1个扇区,X=3表示写一个扇区;
INT13H磁盘I/O中断;
Executing this segment allows read and write operations on the hard disk master boot sector.
(2), after the system starts, by modifying the hard disk drive parameter table (BPB) in memory, change the total number of sectors to the original total plus the number of hidden sectors, and change the number of hidden sectors to 0. Then the L and W commands of DEBUG.COM can be used to read and write the master boot sector (in fact, after the above change, the master boot sector has become logical sector 0).
2, Partition boot sector
The DOS partition boot program occupies the 1st sector (logical sector 0) of the partition. Its contents are basically the same as the master boot sector of a floppy disk, except that the specific values in the BPB parameter table are different. The DOS partition boot program is not necessarily in the physical second sector of the hard disk; it depends on the number of hidden sectors. The logical number of this sector is always 0.
The partition boot program is created by FORMAT.
III. Methods for calculating the starting sector numbers of the FAT table, FCB, and data area, and the relationship between cluster numbers and sector numbers
For convenience in the following discussion of the file allocation table (FAT) and directory table (FCB), the relevant conversion relationships involved are listed here first:
The first FAT always starts from logical sector 1;
Starting sector number of the second FAT = 1+FAT length;
Starting sector number of the root directory = 1+2 FAT lengths;
Starting sector number of the data area = 1+2 FAT lengths+root directory length;
S=(C2)*(number of sectors/per cluster)+starting sector number of data area, where: S represents the logical sector number where the data (file) is located, and C represents the cluster number where the data (file) is located. In the above formulas, the starting sector numbers all mean logical sector numbers.
IV. DOS file space allocation
When DOS formats a disk, it allocates disk space as follows:
(1) boot area;
(2) first copy of the file allocation table;
(3) second copy of the file allocation table;
(4) root directory;
(5) data area;
Note: the above allocation refers to the whole disk space for floppy disks, and the DOS partition part for hard disks.
Space for a file (in the data area) is allocated only when needed (not preallocated). One cluster of space is allocated each time (the allocation unit), and a cluster is always one or more consecutive sectors. In file allocation, all clusters of a file are chained together. For multi-head media (disks), clusters are arranged so that head movement is minimized. When moving to the next track, all the space on the current track (cylinder) is allocated first. The process works like this: first use the lowest-numbered sequential sectors, then move to the sectors under the next head, continuing in this way until the sectors under all heads on the track are used up. After that comes head 0 sector 1 of the next track.
Files in the data area need not be written to disk in sequence. Each time one cluster of data space is allocated, allocated clusters are skipped, and the first free cluster found becomes the next cluster to allocate, without considering its physical position on the hard disk. In this way disk space can be used efficiently, because after a file is deleted, the available clusters can again be allocated to new files.
V. File allocation table FAT
DOS uses the file allocation table to convert a file's cluster number into a logical sector number, and then the driver is responsible for finding the logical sector on the disk. There are two FATs. When operations such as copy, delete, create, or modify files are performed (using DOS commands), both FATs are updated at the same time, and corresponding sectors have identical contents. But when the W command of DEBUG.COM is used for sector-level operations, only the specified sector is written, and the corresponding sector in the other FAT is not updated (the same is true when using INT13H function AH=3 to write the disk). The contents of the FAT are the cluster numbers occupied by files and end markers. In DOS versions after 3.0, each FAT entry has two forms, 16-bit and 12-bit. A 12-bit entry can represent at most 4096 clusters, and a 16-bit entry can represent at most 65536 clusters. Under DOS, the number of sectors per cluster is determined by the FDISK.COM and FORMAT.COM commands, and cannot be changed afterward unless these two commands are run again. In DOS versions after 3.0, when using FDISK.COM on a hard disk to create a partition, whether 12-bit or 16-bit FAT entries are used to represent cluster numbers depends on whether the DOS partition is larger than 4096 clusters. If it is larger, each entry in the created FAT is 16 bits; otherwise, it is 12 bits. FAT allocation for files always starts from cluster 2. The meanings of its contents are as follows:
0000H(000H): cluster unused or available;
FFF8FFFFH(FF8FFFH): file end marker;
FFF7H(FF7H): if not part of an allocation chain, indicates a bad cluster;
XXXXH(XXXH): any hexadecimal number other than the above indicates the cluster number of the file's NEXT CLUSTER.
The first cluster number of a file is stored in the file directory entry, and its value range is 0002FFEFH(002FEFH).
Note: the four-digit hexadecimal numbers correspond to FATs with 16-bit entries, and the three-digit hexadecimal numbers correspond to FATs with 12-bit entries (same below); generally speaking, FFF0FFF6H(FF0FF6H) is used to indicate reserved clusters.
From the directory entry, the starting cluster number of the file can be found, and from this all the other cluster numbers used by the file can be found as follows:
1, multiply the file's starting cluster number in the directory entry by 2 (or 1.5);
2, the integer part of the product is the offset relative to the FAT, indicating the entry mapped to the cluster just used. This entry contains the next cluster number of the file.
3, for a FAT with 12-bit entries, if the last cluster number used is even, keep the low 12 bits; otherwise keep the high 12 bits.
4, if the resulting value is FFF8FFFFH(FF8FFFH), then there are no more clusters in the file; otherwise it contains the next cluster number.
Note: in the above algorithm, attention should be paid to conversion between hexadecimal and decimal. In 1, multiplying by 2 applies to a FAT with 16-bit entries, while multiplying by 1.5 applies to a FAT with 12-bit entries.
VI. File directory table (FCB)
FORMAT.COM creates the root directory for all disks. Its position (logical sector number) and maximum number of entries can be calculated from the BIOS parameter block. Directories other than the root directory are actually files, and there is no limit on the number of entries they contain. Subdirectories can be read as files, using an extended FCB with the proper attribute byte. In the file directory table, one sector contains only 16 file (directory) entries.
1, The fields of each file (directory) entry indicate the following states: bytes 0-7 are the filename. A first byte of 00H means never used, E5H means used and deleted, 2EH means it is a directory entry, and any other value indicates the first character of the filename.
Bytes 8-10 are the file extension.
Byte 11 is the file attribute. 01 means read-only file; 02 means hidden file; 04 means system file; 08 means the directory entry contains the first 11 bytes of the disk name, and apart from that there is no other useful information, and it exists only in the root directory (that is, it represents the disk volume label); 10 means the entry defines a subdirectory; 20 means the archive bit, which is set once the file is written or closed; 30 means archive plus subdirectory; 32 means archive plus subdirectory plus hidden, etc. (the numbers 01, 02...30, 32 here are hexadecimal).
Bytes 12-21 are reserved. Bytes 22-23 record the file creation or last modification time (bit map as follows):
(HH)(MM)(XX)
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Here:
HH: binary count for hours (023), occupying 5 bits;
MM: binary count for minutes (059), occupying 6 bits;
XX: binary count in 2-second increments, occupying 5 bits;
Bytes 24-25 represent the file's last modification date, arranged by bits as follows:
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1
Y Y Y Y Y Y Y M M M M D D D D D
Here:
Bits 9-15 are YY (year), values 0119(19802099);
Bits 5-8 are MM (month). Values 112;
Bits 0-4 are DD (day), values 131;
Bytes 26-27 are the starting cluster number of the file (directory entry).
Bytes 28-31 represent the file size in bytes. The first word contains the low-order part of the size, and the first byte of both words stores the low-order significant byte of the numeric value.
2, How to find a subdirectory and the file directory table under it
(1) find the starting cluster number of the subdirectory in the root directory;
(2) use the conversion formula between cluster number and sector number to find the logical sector number;
(3) starting from that sector, you can look up the directory entries of the files under that subdirectory;
If you still want to find subdirectories under that subdirectory, continue using the above method in sequence.
Note: the method for finding the storage sectors of a file's data is similar, but do not carry out step 3. Instead, from the starting cluster number, use the FAT to find all the cluster numbers, and then in sequence find their storage logical sectors.
VII. Disk formatting
Disk formatting is divided into low-level formatting (initialization) and high-level formatting (FORMAT).
(I) Low-level formatting of disks
Low-level formatting of disks means physically formatting the disk. In general, it is done only when one of the following situations occurs.
1, when track 0 of the disk has suffered physical damage (because head reset was not performed before moving the machine, or power was cut while the hard disk head was reading or writing, causing the head to scratch the disk, etc.);
2, the user replaces the hard disk drive with a new one;
3, an attempt is made to install several different operating systems on the hard disk. For example: the hard disk originally has the multi-user operating system XENIX and the single-user operating system DOS, and now another multi-user operating system is to be installed;
4, an error appears on the hard disk that cannot be recovered under the operating system.
Disk initialization can be carried out by the following three methods:
1, with the help of the ROMBIOS program (for hard disks)
The hard disk ROMBIOS program on the controller board provides a hard disk initialization program. After the system starts, ROMBIOS provides a convenient means for adapter boards with onboard ROM programs to enter the system. It can be done in the following two ways:
(1) At the DEBUG prompt, use the D command to display the contents between addresses C800:0000000FH and confirm that it is ROM:
C800:000055AAXX......where XX indicates the ROM length;
Then use the U command to disassemble the object code between 0003000F (generally there are 23 JMP instructions there), find the starting offset XXXX of the storage unit containing the JMP instruction that jumps to the low-level formatting routine in the ROM, and execute the command G. On different hard disk machines, the starting offset XXXX used by the G command may differ slightly, but generally speaking, the starting offset of the unit containing the second JMP instruction is XXXX. (Such as the PC/XT and Donghai 0520.)
(2) Use the following program segment:
MOVAX,07XXAH=07表示驱动器格式化(初始化),用XX扇区内容替代所有扇区;
MOVDX,0080硬盘0磁头;
MOVCX,00010道1扇区开始;
INT13H
INT3H
Note: the above 2 methods have been implemented on the PC/XT and its compatibles Great Wall 0520 and Donghai 0520;
2, run the LOWFORM.EXE low-level formatting program on the system disk (if present), or utility software with low-level formatting capability;
3, run the supplied diagnostic program (works for both hard and floppy disks);
(II) High-level formatting of disks (FORMAT)
When formatting a floppy disk with FORMAT, the master boot sector is created; except for the first 3 bytes of the FAT being FD, FF, FF (double-sided double-density 360KB), all other bytes are set to 0. For the directory table FCB, in versions above 3.0 all bytes are set to 0; in versions below 3.0, the first byte is set to 0 and the other bytes are set to F6. All bytes in the data area are set to F6.
When formatting a hard disk with FORMAT, the following work is done:
1, according to the information recorded on the hard disk by the DOS partition creation command FDISK.COM, only the data area belonging to the DOS partition is checked. If damaged sectors are found, FFF7H(FF7H) is written into the corresponding chain (cluster number) in the FAT, and all other data is left untouched;
2, initialize the DOS file allocation table and file root directory area, set the FAT contents to 0, and set the first byte of the FCB table directory entries to 0. Initialize the disk structure parameter table.
3, create the DOS partition boot program and record it in the first sector of the partition (logical sector 0);
If the machine needs to be booted from the hard disk (with the /S parameter), then the three files IBMBIO.COM, IBMDOS.COM (for Great Wall series machines, GWBIO.COM and GWDOS.COM; MSDOS uses IO.SYS and MSDOS.SYS), and COMMAND.COM must also be created.
(III) Formatting disk tracks
Formatting a track is performed by function 5 of interrupt 13 provided by ROMBIOS. Its calling format is as follows:
Entry:AH=5DH=磁头号DL=盘号CH=磁道号
ES:BX缓冲区必须指向所需地址区段集合,每个区段包含四个字节(C、H、R、N),其中:C=磁道号,H=磁头号,R=扇区号,N=每扇区字节数,以03分 别表示每扇区128、256、512、1024字节。
According to the above entry parameters, calling interrupt 13 can format a certain track of the disk.
For example: tracks 40 and 41 of a 360KB floppy disk can be formatted, increasing capacity by 18KB, which can be done with the following program:
ES:0100MOVAX,0501AH=5,表示对磁道进行格式化;
ES:0103MOVBX,02X0X=0,3,6,9使得ES:BX
指向对应头、道的内存缓冲区扇区数据识别的地址;
ES:0106MOVDX,0X0XDH=00、01表示0磁头、1磁头,DL=00、01表示A盘、B盘;
ES:0109MOVCX,2X01X=8表示40道,X=9表示41道
ES:010CINT13H 扇区识别数据如下:
C H R
ES:0200 28 00 01 02 28 00 02 02 28 00 03 02 28 00 04 02
ES:0210 28 00 05 02 28 00 06 02 28 00 07 02 28 00 08 02
ES:0220 28 00 09 02 00 00 00 00 00 00 00 00 00 00 00 00
ES:0230 28 01 01 02 28 01 02 02 28 01 03 02 28 01 04 02
ES:0240 28 01 05 02 28 01 06 02 28 01 07 02 28 01 08 02
ES:0250 28 01 09 02 00 00 00 00 00 00 00 00 00 00 00 00
ES:0260 29 00 01 02 29 00 02 02 29 00 03 02 29 00 04 02
ES:0270 29 00 05 02 29 00 06 02 29 00 07 02 29 00 08 02
ES:0280 29 00 09 02 00 00 00 00 00 00 00 00 00 00 00 00
ES:0290 29 01 01 02 29 01 02 02 29 01 03 02 29 01 04 02
ES:02A0 29 01 05 02 29 01 06 02 29 01 07 02 29 01 08 02
ES:0280 29 01 09 02 00 00 00 00 00 00 00 00 00 00 00 00
At this time the contents of the drive electrical parameter table are:
0000:0522DF02250209......(the address here may differ on different machines)
For the above, take BX=0200, DX=0001, CX=2801, then track 40 of drive B head 0 (side 0) is formatted (9 sectors/per track). By successively changing the values of BX, DX, and CX, and executing the program segment between 0100010E, formatting of tracks 40 and 41 is completed. Then modify the total sector count in the floppy disk BPB parameter, changing 02D0H to 02F4H, and the capacity of the floppy disk becomes 387072 bytes (378KB, 18KB more than before), and DOS (version 3.0 and above) can manage tracks 40 and 41 normally.
From the above analysis it can be seen that we can not only increase the capacity of the floppy disk, but also write some important information into sectors in tracks 40 and 41 (with DEBUG's W command), then change the total sector count in the BPB parameter table back to 02DOH, thereby achieving a special encryption effect and preventing others from reading, writing, and copying it. At this time, executing FORMAT in a 360KB drive will not damage the contents of tracks 40 and 41 either. At the same time, by making slight changes to the above program, the drive electrical parameter table (formatting parameters), and sector ID data, it is also possible to format special tracks with more than or fewer than 9 sectors per track (most game disks are made using this mechanism). If N=00 is taken in the electrical parameter table and the number of sectors is 20H, with other parameters also slightly changed, and the sector ID data correspondingly changed to identify sector 20H and N=00, then a certain track can be formatted with 128 bytes per sector and 32 sectors. Such a track also prevents normal DOS reading, writing, and copying. Saving some important information in the sectors of that track (requiring separately written read/write programs) can likewise achieve a special encryption effect.
This article has made a brief analysis of disk usage from such aspects as the operating system boot process, boot sectors, DOS file space allocation, the meaning of file and directory allocation tables and methods for calculating starting sectors, and disk formatting. It is hoped that through the introduction in this article, computer enthusiasts in general can gain a deeper understanding of disk usage.
http://dos.e-stone.cn/dosbbs
uploadImages/200311161145850422.swf
uploadImages/200311161145850422.swf
