Boot sector
A boot sector is the
).Usually, the very first sector of the hard disk is the boot sector, regardless of sector size (512 or 4096 bytes) and partitioning flavor (MBR or GPT).
The purpose of defining one particular sector as the boot sector is inter-operability between firmware and various operating systems.
The purpose of chain loading first a firmware (e.g., the BIOS), then some code contained in the boot sector, and then, for example, an operating system, is maximal flexibility.
The IBM PC and compatible computers
On an
Unified Extensible Firmware Interface (UEFI)
The
Damage to the boot sector
In case a boot sector receives physical damage, the hard disk will no longer be bootable, unless used with a custom BIOS that defines a non-damaged sector as the boot sector. However, since the very first sector additionally contains data regarding the partitioning of the hard disk, the hard disk will become entirely unusable except when used in conjunction with custom software.
Partition tables
A disk can be partitioned into multiple partitions and, on conventional systems, it is expected to be. There are two definitions on how to store the information regarding the partitioning:
- A partitioned. The MBR sector may contain code to locate the active partition and invoke its volume boot record.
- A volume boot record (VBR) is the first sector of a data storage device that has not been partitioned, or the first sector of an individual partition on a data storage device that has been partitioned. It may contain code to load an operating system (or other standalone program) installed on that device or within that partition.
The presence of an IBM PC compatible boot loader for x86-CPUs in the boot sector is by convention indicated by a two-byte hexadecimal sequence 0x55 0xAA (called the boot sector signature) at the end of the boot sector (offsets 0x1FE and 0x1FF). This signature indicates the presence of at least a dummy boot loader which is safe to be executed, even if it may not be able actually to load an operating system. It does not indicate a particular (or even the presence of) file system or operating system, although some old versions of DOS 3 relied on it in their process to detect FAT-formatted media (newer versions do not). Boot code for other platforms or CPUs should not use this signature, since this may lead to a crash when the BIOS passes execution to the boot sector assuming that it contains valid executable code. Nevertheless, some media for other platforms erroneously contain the signature, anyway, rendering this check not 100% reliable in practice.
The signature is checked for by most system BIOSes since (at least) the
Systems not following the above described design are:
- CD-ROMs usually have their own structure of boot sectors; for El Torito specifications.
- C128 or C64 software on Commodore DOS disks where data on Track 1, Sector 0 began with a magic number corresponding to string "CBM".[2]
- IBM mainframe computers place a small amount of boot code in the first and second track of the first cylinder of the disk, and the root directory, called the Volume Table of Contents, is also located at the fixed location of the third track of the first cylinder of the disk.
- Other (non IBM-compatible) PC systems may have different boot sector formats on their disk devices.
Operation
On IBM PC compatible machines, the BIOS is ignorant of the distinction between VBRs and MBRs, and of partitioning. The firmware simply loads and runs the first sector of the storage device.[3] If the device is a floppy or USB flash drive, that will be a VBR. If the device is a hard disk, that will be an MBR. It is the code in the MBR which generally understands disk partitioning, and in turn, is responsible for loading and running the VBR of whichever primary partition is set to boot (the active partition). The VBR then loads a second-stage bootloader from another location on the disk.
Furthermore, whatever is stored in the first sector of a floppy diskette, USB device, hard disk or any other bootable storage device, is not required to immediately load any bootstrap code for an OS, if ever. The BIOS merely passes control to whatever exists there, as long as the sector meets the very simple qualification of having the boot record signature of 0x55, 0xAA in its last two bytes. This is why it is easy to replace the usual bootstrap code found in an MBR with more complex loaders, even large multi-functional boot managers (programs stored elsewhere on the device which can run without an operating system), allowing users a number of choices in what occurs next. With this kind of freedom, abuse often occurs in the form of boot sector viruses.
Boot-sector viruses
Since code in the boot sector is executed automatically, boot sectors have historically been a common attack vector for computer viruses.
To combat this behavior, the
As an example, the malware
See also
- Master boot record (MBR)
- Volume boot record (VBR)
Notes
- . This reduces the risk to accidentally format wrong volumes.
References
- ^ "UEFI - OSDev Wiki". wiki.osdev.org. Retrieved 2020-09-26.
- ISBN 0-553-34292-4.
- ^ Smith, Roderick W. (2010-04-14). "Migrate to GRUB 2". Ibm.com. Retrieved 2013-03-05.
- ^ "Intel Desktop Boards BIOS Settings Dictionary" (PDF). Intel. Retrieved 2013-09-01.
- ^ "New Ransomware Variant "Nyetya" Compromises Systems Worldwide". blog.talosintelligence.com. 27 June 2017. Retrieved 2018-05-28.
- ^ "In an era of global malware attacks, what happens if there's no kill switch?". CIO Dive. Retrieved 2018-05-28.
- ^ "CIA Developed Windows Malware That Alters Boot Sector to Load More Malware". Information Security Newspaper. 2017-09-01. Retrieved 2018-05-28.
External links
- Mary Landesman. "Boot sector viruses". Archived from the original on 2011-07-07. Retrieved 2006-08-18.
- Microsoft. "How to Protect Boot Sector from Viruses in Windows". KnowledgeBase.
- Denny Lin (15 June 1994). "Inexpensive boot sector virus detection and prevention techniques". Retrieved 13 August 2015.
- Kaspersky Lab. "Boot sector viruses". Virus Encyclopedia / Malware Descriptions / Classic Viruses. Archived from the original on 2007-08-22. Retrieved 2006-06-05.
- Arman Catacutan. "Glossary of Virus Terms". Boot Viruses. Archived from the original on 2006-12-11. Retrieved 2006-11-07.
- Greg O'Keefe. "Sample to build a boot program on x86 real mode".
- Susam Pal. "Writing boot sector code using GNU Assembler".
- Pierre Ancelot. "Bootsector assembly code with detailed explanation". Archived from the original on 2013-01-29.