The windows 2000/xp bootstrap loader program

ROM is basically read-only memory and hence it cannot be affected by the computer virus. The problem is that changing the bootstrap code basically requires changes in the ROM hardware chips. Because of this reason, most system nowadays has the tiny bootstrap loader program in the boot whose only job is to bring the full bootstrap program from the disk. Through this now we are able to change the full bootstrap program easily and the new version can be easily written onto the disk.

The full bootstrap program is stored in the boot blocks at a fixed location on the disk. A disk that has a boot partition is called a boot disk. The code in the boot ROM basically instructs the read controller to read the boot blocks into the memory and then starts the execution of code. The full bootstrap program is more complex than the bootstrap loader in the boot ROM, It is basically able to load the complete OS from a non-fixed location on disk to start the operating system running.

Even though the complete bootstrap program is very small. Skip to content. Change Language. Definition A component of file or directory entries that determines how an operating system handles the file. In teh FAT file system, the attributes are read-only, archive, system, hidden, volume label, and directory. Term internal command. Definition A command program that DOS stores within the operating system code that remains in memory. Term logical drive. Definition A portion of a physical hard drive that is treated as a separate drive with a drive letter assigned to it.

Term parse. Definition Use in the context of an operating system's treatement of a command entered at the command line. To divide the command into its components. DOS command interpreter divides an entry based on special delimiter characters, such as the space character. Term partition. Definition n An area of a physical hard disk that defines space that will be used for logical drives.

Term primary partition. Definition A partition type that can only have one logical drive, which is assigned to the entire space defined by teh partition. Term root directory. Definition In a FAT file system, a directory with special characters: It is at the top level of the directory hierarchy, and it the only directory created automatically when a logical drive is formatted.

Term single tasking. Definition The ability of an operating system to run just one task at a time. Term startup disk. Term syntax. Definition A set of rules for correctly entering a specific command at the command line. The rules include the placement of the command name and the parameters that can be used to modify the behavior of the command. Term terminate and stay resident TSR.

Definition The characteristic of some small DOS programs that stay loaded in memory when inactive, but can be quickly activated when needed. Term utility. Definition A program that allows a user to perform useful tasks, such as computer management or diagnostics.

It is distinguished from an application program, which is usually used for office productivity, or other non-computer management tasks. Term warm boot. Definition An internal command for creating a new directory. Definition an internal command to move between directories. Definition Lists the contents of a directory internal command.

Definition Changes the directory internal command. Definition Clears the display screen internal command. Definition copies a file internal command. Definition renames a file or directory internal command. Definition Makes a directory internal command. Curiously, there is only one instance of [] in this code, so it may possibly be used later by the ntldr program. From the instruction at offset D2BC below, we know the bytes at offsets 00 56 through 00 59 of this Data Area "EB 12 90 90 " are never executed, since these same bytes after being loaded into Memory are overwritten by that instruction to store some data from EAX after a division operation!

Furthermore, after examining many other NTFS partitions, we have always found the same exact bytes in this "Data Area" location on every disk. Our Conclusion: This area is never changed on any hard drive, but it is used to store data after being copied into Memory. So, for whatever reason, we can't help but assume some programmer chose these bytes for that purpose, even though they appear to no longer be used unless someone can find a Boot Sector that still has the location 0xD coded into it?

But to give you an idea of how tedious this work would be to complete, here are all the rest of the uncommented lines of code which still require hundreds or more man hours to analyze from the NTLDR section we began above:. This page is still under construction.