Author Topic: MBR (Read 954 times)

STMR · « **on:** October 03, 2009, 11:22:46 PM »

Zkousel nekdo reverznout MasterBootRecord? Co je na ty adrese na disku vim, ale potrebuju nejaky disassembler ktery to dokaze prelousknout, protoze sem zkousel asi 3 a kazdej prelozil neco jinyho. dik

DARKER · « **Reply #1 on:** October 04, 2009, 09:28:33 AM »

IDA by to mala zvladnut, len si musis ripnut spravnu cast, dakedy davno som to pozeral a myslim ze to zacinalo jumpom.
pozri toto:
http://mirror.href.com/thestarman/asm/mbr/Win2kmbr.htm
http://www.exegesis.uklinux.net/gandalf/encrypt/disk.htm

Z!L0G80 · « **Reply #2 on:** October 06, 2009, 09:53:53 AM »

jj ida zvladne vse, to nedavno sem taky analyzoval mebroota (mbr vir)

J4nC088 · « **Reply #3 on:** October 09, 2009, 08:04:52 PM »

Quote from: Z!L0G80 on October 06, 2009, 09:53:53 AM

...to nedavno sem taky analyzoval mebroota (mbr vir)

O tom by si sa mohol kludne rozpisat

STMR · « **Reply #4 on:** October 10, 2009, 01:42:07 PM »

Ok, dostal jsem kod boot sektoru, ale: zkusil jsem ho otevrit v debug.exe, abych nemusel premyslet nad hodnotami registru, a po chvilce se debug kousne. Je to ve chvili kdy se udajne meni CS registr. Co s tim? dik.

btw tady je zdrojak programu pro ziskani MBR

Code: [Select]

http://forum.builder.cz/read.php?28,3133276

Z!L0G80 · « **Reply #5 on:** October 11, 2009, 01:36:59 PM »

mbr normalne nezdebugujes ,to musis pod virtualni masinou a remote debugging (napriklad windbg+vmware)

eraser · « **Reply #6 on:** October 27, 2009, 01:56:09 PM »

Ja som na disassembling pouzil IDA.

Na debuggovanie je mozne vyuzit combo IDA + Bochs.

<<< added: 28-okt-2009 >>>
Prikladam este tutorial. Link mi poslal eragon.

Code: [Select]

http://hexblog.com/2009/09/develop_your_master_boot_recor.html

RE FORUM

News:

Author Topic: MBR (Read 954 times)

STMR

MBR

DARKER

Re: MBR

Z!L0G80

Re: MBR

J4nC088

Re: MBR

STMR

Re: MBR

Z!L0G80

Re: MBR

eraser

Re: MBR