RE FORUM

[REVERSE ENGINEERING] => General Discussion => Topic started by: STMR on October 03, 2009, 11:22:46 PM

Title: MBR
Post by: STMR on October 03, 2009, 11:22:46 PM

Zkousel nekdo reverznout MasterBootRecord? Co je na ty adrese na disku vim, ale potrebuju nejaky disassembler ktery to dokaze prelousknout, protoze sem zkousel asi 3 a kazdej prelozil neco jinyho. dik

Title: Re: MBR
Post by: DARKER on October 04, 2009, 09:28:33 AM

IDA by to mala zvladnut, len si musis ripnut spravnu cast, dakedy davno som to pozeral a myslim ze to zacinalo jumpom.
pozri toto:
http://mirror.href.com/thestarman/asm/mbr/Win2kmbr.htm (http://mirror.href.com/thestarman/asm/mbr/Win2kmbr.htm)
http://www.exegesis.uklinux.net/gandalf/encrypt/disk.htm (http://www.exegesis.uklinux.net/gandalf/encrypt/disk.htm)

Title: Re: MBR
Post by: Z!L0G80 on October 06, 2009, 09:53:53 AM

jj ida zvladne vse, to nedavno sem taky analyzoval mebroota (mbr vir)

Title: Re: MBR
Post by: J4nC088 on October 09, 2009, 08:04:52 PM

Quote from: Z!L0G80 on October 06, 2009, 09:53:53 AM

...to nedavno sem taky analyzoval mebroota (mbr vir)

O tom by si sa mohol kludne rozpisat :)

Title: Re: MBR
Post by: STMR on October 10, 2009, 01:42:07 PM

Ok, dostal jsem kod boot sektoru, ale: zkusil jsem ho otevrit v debug.exe, abych nemusel premyslet nad hodnotami registru, a po chvilce se debug kousne. Je to ve chvili kdy se udajne meni CS registr. Co s tim? dik.

btw tady je zdrojak programu pro ziskani MBR

Code: [Select]

http://forum.builder.cz/read.php?28,3133276

Title: Re: MBR
Post by: Z!L0G80 on October 11, 2009, 01:36:59 PM

mbr normalne nezdebugujes ,to musis pod virtualni masinou a remote debugging (napriklad windbg+vmware)

Title: Re: MBR
Post by: eraser on October 27, 2009, 01:56:09 PM

Ja som na disassembling pouzil IDA.

Na debuggovanie je mozne vyuzit combo IDA + Bochs.  ;)

<<< added: 28-okt-2009 >>>
Prikladam este tutorial. Link mi poslal eragon.

Code: [Select]

http://hexblog.com/2009/09/develop_your_master_boot_recor.html