U盤啟動主講人:高琳windows啟動流程BIOSMBRPBRBootMgr如何讓BIOS引導我我需要一個MBR。MasterBootRecord在磁盤的0扇區位置。包含三個部分:引導代碼(446Byte)DPT，分區表(4*16Byte)結束符(2Byte)磁盤上的MBRMBR掌握主導權，我如何引導操作系統1.引導程序占扇區前446字節。計算機在上電完成BIOS自檢后，會將該主引導扇區加載到內存中并執行前面446字節的引導程序，引導程序首先會在分區表中查找活動分區，若存在活動分區，則根據活動分區的偏移量找到該活動分區上的引導扇區的地址，并將該引導扇區加載到內存中，同時檢查該引導扇區的有效性，然后根據該引導扇區的規則去引導操作系。2.分區表占扇區中間64字節。分區表是磁盤管理最重要的部分，通過分區表信息來定位各個分區，訪問用戶數據。分區表包含4個分區項，每一個分區項通過位置偏移、分區大小來唯一確定一個主分區或者擴展分區。每個分區項占16字節，包括引導標識、起始和結束位置的CHS參數、分區類型、開始扇區、分區大小等。0x00000000:33c0XORAX,AX0x00000002:8ed0MOVSS,AX0x00000004:bc007cMOVSP,0x7c00;當前棧區在0x7c000x00000007:fbSTI0x00000008:50PUSHAX0x00000009:07POPES0x0000000a:50PUSHAX0x0000000b:1fPOPDS0x0000000c:fcCLD0x0000000d:be1b7cMOVSI,0x7c1b0x00000010:bf1b06MOVDI,0x61b0x00000013:50PUSHAX0x00000014:57PUSHDI0x00000015:b9e501MOVCX,0x1e5;區塊初始化0x00000018:f3a4REPMOVSB;復制引導扇區內容到DI所在位置0x0000001a:cbRETF;遠返回指令，相當于跳轉到0:DI0x0000001b:bdbe07MOVBP,0x7be;棧底7be即指向DPT表0x0000001e:b104MOVCL,0x40x00000020:386e00CMP[BP+0x0],CH;對介質類型判斷0x00000023:7c09JL0x2e0x00000025:7513JNZ0x3a0x00000027:83c510ADDBP,0x10;繼續判斷下一個分區表0x0000002a:e2f4LOOP0x200x0000002c:cd18INT0x180x0000002e:8bf5MOVSI,BP0x00000030:83c610ADDSI,0x100x00000033:49DECCX0x00000034:7419JZ0x4f0x00000036:382cCMP[SI],CH0x00000038:74f6JZ0x300x0000003a:a0b507MOVAL,[0x7b5]0x0000003d:b407MOVAH,0x70x0000003f:8bf0MOVSI,AX0x00000041:acLODSB0x00000042:3c00CMPAL,0x00x00000044:74fcJZ0x420x00000046:bb0700MOVBX,0x70x00000049:b40eMOVAH,0xe0x0000004b:cd10INT0x100x0000004d:ebf2JMP0x410x0000004f:884e10MOV[BP+0x10],CL0x00000052:e84600CALL0x9b0x00000055:732aJAE0x810x00000057:fe4610INCBYTE[BP+0x10]0x0000005a:807e040bCMPBYTE[BP+0x4],0xb0x0000005e:740bJZ0x6b0x00000060:807e040cCMPBYTE[BP+0x4],0xc0x00000064:7405JZ0x6b0x00000066:a0b607MOVAL,[0x7b6]0x00000069:75d2JNZ0x3d0x0000006b:80460206ADDBYTE[BP+0x2],0x60x0000006f:83460806ADDWORD[BP+0x8],0x60x00000073:83560a00ADCWORD[BP+0xa],0x00x00000077:e82100CALL0x9b0x0000007a:7305JAE0x810x0000007c:a0b607MOVAL,[0x7b6]0x0000007f:ebbcJMP0x3d0x00000081:813efe7d55aaCMPWORD[0x7dfe],0xaa55;檢測signature0x00000087:740bJZ0x940x00000089:807e1000CMPBYTE[BP+0x10],0x00x0000008d:74c8JZ0x57;if(支持API位圖){0x0000008f:a0b707MOVAL,[0x7b7]0x00000092:eba9JMP0x3d0x00000094:8bfcMOVDI,SP0x00000096:1ePUSHDS0x00000097:57PUSHDI0x00000098:8bf5MOVSI,BP0x0000009a:cbRETF0x0000009b:bf0500MOVDI,0x50x0000009e:8a5600MOVDL,[BP+0x0]0x000000a1:b408MOVAH,0x80x000000a3:cd13INT0x130x000000a5:7223JB0xca0x000000a7:8ac1MOVAL,CL0x000000a9:243fANDAL,0x3f0x000000ab:98CBW0x000000ac:8adeMOVBL,DH0x000000ae:8afcMOVBH,AH0x000000b0:43INCBX0x000000b1:f7e3MULBX0x000000b3:8bd1MOVDX,CX0x000000b5:86d6XCHGDH,DL0x000000b7:b106MOVCL,0x60x000000b9:d2eeSHRDH,CL0x000000bb:42INCDX0x000000bc:f7e2MULDX0x000000be:39560aCMP[BP+0xa],DX0x000000c1:7723JA0xe60x000000c3:7205JB0xca0x000000c5:394608CMP[BP+0x8],AX0x000000c8:731cJAE0xe60x000000ca:b80102MOVAX,0x2010x000000cd:bb007cMOVBX,0x7c000x000000d0:8b4e02MOVCX,[BP+0x2]0x000000d3:8b5600MOVDX,[BP+0x0]0x000000d6:cd13INT0x130x000000d8:7351JAE0x12b0x000000da:4fDECDI0x000000db:744eJZ0x12b0x000000dd:32e4XORAH,AH0x000000df:8a5600MOVDL,[BP+0x0]0x000000e2:cd13INT0x130x000000e4:ebe4JMP0xca0x000000e6:8a5600MOVDL,[BP+0x0]0x000000e9:60PUSHA0x000000ea:bbaa55MOVBX,0x55aa0x000000ed:b441MOVAH,0x410x000000ef:cd13INT0x130x000000f1:7236JB0x1290x000000f3:81fb55aaCMPBX,0xaa550x000000f7:7530JNZ0x1290x000000f9:f6c101TESTCL,0x10x000000fc:742bJZ0x1290x000000fe:61POPA0x000000ff:60PUSHA;寄存器保護0x00000100:6a00PUSH0x0;BlockNum_H40x00000102:6a00PUSH0x00x00000104:ff760aPUSHWORD[BP+0xa]0x00000107:ff7608PUSHWORD[BP+0x8];BlockNum_L40x0000010a:6a00PUSH0x0;BufferAddr_H20x0000010c:68007cPUSHWORD0x7c00;BufferAddr_L20x0000010f:6a01PUSH0x1;BlockCount=10x00000111:6a10PUSH0x10;PacketSize=16PReserved=00x00000113:b442MOVAH,0x42;磁盤地址數據包0x00000115:8bf4MOVSI,SP0x00000117:cd13INT0x13;擴展讀0x00000119:61POPA0x0000011a:61POPA0x0000011b:730eJAE0x12b0x0000011d:4fDECDI0x0000011e:740bJZ0x12b0x00000120:32e4XORAH,AH0x00000122:8a5600MOVDL,[BP+0x0]0x00000125:cd13INT0x130x00000127:ebd6JMP0xff0x00000129:61POPA0x0000012a:f9STC0x0000012b:c3RET真正進入操作系統的引導活動分區的第一個扇區PBR結構PBRPartitionBootRecord,分區引導記錄。DBR主要由下列幾個部分組成：1．跳轉指令，占用3個字節的跳轉指令將跳轉至引導代碼。2．廠商標識和DOS版本號，該部分總共占用8個字節。3．BPB（BIOSParameterBlock，BIOS參數塊）。4．操作系統引導程序。5．結束標志字，結束標志占用2個字節，其值為AA55FAT16分區DBR中的信息typedefstructPBR{ UINT16BPB_BytsPerSec;//一個扇區多少字節 UINT8BPB_SecPerClus;//一個簇多少扇區 UINT16BPB_RsvdSecCnt;//保留扇區數 UINT8BPB_NumFATs;//FAT表個數 UINT16BPB_RootEntCnt;//根目錄多少項 UINT16BPB_TotSec16; UINT8BPB_Media; UINT16BPB_FATSz16;//一個分區表多少扇區 UINT16BPB_SecPerTrk; UINT16BPB_NumHeads; UINT32BPB_HiddSec; UINT32BPB_TotSec32; UINT8BS_drvNum; UINT8BS_Reserved1; UINT8BS_BootSig; UINT8BS_VolId[4]; UINT8BS_VolLab[11]; UINT8BS_FileSysType[8];//分區類型 UINT8BootCode[448];//引導代碼 UINT16Signature;};引導代碼BootCodeBootMgr引導操作系統內核啟動BootMgrWinload.exeNtoskrnl.exePBR->bootmgr->boot\BCD(注冊表文件，如果是多系統則會提供引導界面)->winload.exe->ntoskrnl.exe/zh-cn/library/cc771845(v=ws.10).aspx總結一下要做一個U盤啟動盤，我需要5個東西:1.一個U盤(金士頓)2.一個MBR制作工具(diskgenius)3.一個分區工具(diskgenius)4.一個PBR制作工具(bootice)5.一個WINPE系統代碼所能做的寫入MBR引導Code，引導方式不同，引導代碼不同，一般都是硬編碼。CONSTbyteMBRCodeHDDPlus[]={ 0xfa,0x31,0xc0,0x8e,0xd8,0x8e,0xc0,0x8e,0xd0,0xbc,0x00,0x7c,0xfb,0xfc,0x89,0xe6, 0xbf,0x00,0x06,0xb9,0x00,0x01,0xf3,0xa5,0xea,0xdc,0x06,0x00,0x00,0x10,0x00,0x01, 0x00,0x00,0x7c,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x80,0x3f,0x00, 0xff,0x00,0x41,0x00,0x1e,0x0e,0x1f,0x3a,0x16,0x10,0x00,0x74,0x06,0x1f,0xea,0x36, 0xe7,0x00,0xf0,0x3d,0xfb,0x54,0x75,0x05,0x8c,0xd8,0xfb,0xeb,0x1d,0x80,0xfc,0x08, 0x75,0x1b,0xe8,0x81,0x00,0x8a,0x36,0x13,0x00,0xfe,0xce,0x8b,0x0e,0x15,0x00,0x86, 0xcd,0xc0,0xe1,0x06,0x0a,0x0e,0x11,0x00,0x31,0xc0,0xf8,0xeb,0x65,0x80,0xfc,0x02, 0x72,0xcb,0x80,0xfc,0x04,0x77,0xc6,0x60,0x80,0xcc,0x40,0x50,0xbe,0x00,0x00,0xc7, 0x04,0x10,0x00,0x30,0xe4,0x89,0x44,0x02,0x89,0x5c,0x04,0x8c,0x44,0x06,0x66,0x31, 0xc0,0x66,0x89,0x44,0x0c,0x88,0xf0,0xf6,0x26,0x11,0x00,0x88,0xcf,0x88,0xeb,0xc0, 0xef,0x06,0x81,0xe1,0x3f,0x00,0x01,0xc8,0x48,0x89,0xc7,0xa1,0x13,0x00,0xf7,0x26, 0x11,0x00,0xf7,0xe3,0x01,0xf8,0x81,0xd2,0x00,0x00,0x89,0x44,0x08,0x89,0x54,0x0a, 0x58,0x30,0xc0,0x8a,0x16,0x10,0x00,0xe8,0x0c,0x00,0x88,0x26,0x03,0x00,0x61,0xa1, 0x02,0x00,0x1f,0xca,0x02,0x00,0x9c,0xff,0x1e,0x22,0x00,0xc3,0x80,0xfa,0x8f,0x7f, 0x04,0x88,0x16,0x2d,0x06,0xbe,0x87,0x07,0xe8,0x8d,0x00,0xbe,0xbe,0x07,0x31,0xc0, 0xb9,0x04,0x00,0xf6,0x04,0x80,0x74,0x03,0x40,0x89,0xf5,0x81,0xc6,0x10,0x00,0xe2, 0xf2,0x48,0x74,0x02,0xcd,0x18,0xbf,0x05,0x00,0xbe,0x1d,0x06,0xc7,0x44,0x02,0x01, 0x00,0x66,0x8b,0x46,0x08,0x66,0x89,0x44,0x08,0xb8,0x00,0x42,0x8a,0x16,0x2d,0x06, 0xcd,0x13,0x73,0x0d,0x4f,0x74,0x49,0x30,0xe4,0x8a,0x16,0x2d,0x06,0xcd,0x13,0xeb, 0xd8,0xa1,0xfe,0x7d,0x3d,0x55,0xaa,0x75,0x37,0xfa,0x66,0xa1,0x4c,0x00,0x66,0xa3, 0x3f,0x06,0xbe,0x13,0x04,0x8b,0x04,0x48,0x89,0x04,0xc1,0xe0,0x06,0x8e,0xc0,0x31, 0xff,0xbe,0x1d,0x06,0xb9,0x60,0x00,0xfc,0xf3,0xa5,0xc7,0x06,0x4c,0x00,0x17,0x00, 0xa3,0x4e,0x00,0xfb,0x8a,0x16,0x2d,0x06,0x89,0xee,0xfa,0xea,0x00,0x7c,0x00,0x00, 0xbe,0xaa,0x07,0xe8,0x02,0x00,0xeb,0xfe,0xac,0x20,0xc0,0x74,0x09,0xb4,0x0e,0xbb, 0x07,0x00,0xcd,0x10,0xeb,0xf2,0xc3,0x53,0x74,0x61,0x72,0x74,0x20,0x62,0x6f,0x6f, 0x74,0x69,0x6e,0x67,0x20,0x66,0x72,0x6f,0x6d,0x20,0x55,0x53,0x42,0x