windows 修改Windows MBR
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/39503/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Modifying the MBR of Windows
提问by Terry
I need to modify the MBR of Windows, and I would really like to do this from Windows.
我需要修改 Windows 的 MBR,我真的很想在 Windows 上做这个。
Here are my questions. I know that I can get a handle on a physical device with a call to CreateFile. Will the MBR always be on \\.\PHYSICALDRIVE0? Also, I'm still learning the Windows API to read directly from the disk. Is readabsolutesectors and writeabsolutesectdors the two functions I'm going to need to use to read/write to the disk sectors which contain the MBR?
这是我的问题。我知道我可以通过调用 CreateFile 来处理物理设备。MBR 会一直在 \\.\PHYSICALDRIVE0 上吗?此外,我仍在学习直接从磁盘读取的 Windows API。readabsolutesectors 和 writeabsolutesectdors 是我将需要用来读/写包含 MBR 的磁盘扇区的两个函数吗?
Edit from from what I've learned on my own. The MBR will not always be on \\.\PHYSICALDRIVE0. Also, you can write to the bootsector (at least as Administrator on XP) by call CreateFile with the device name of the drive that contains the MBR. Also, you can write to this drive by simply calling WriteFile and passing the handle of the device created by calling CreateFile.
根据我自己学到的内容进行编辑。MBR 不会总是在 \\.\PHYSICALDRIVE0 上。此外,您可以通过使用包含 MBR 的驱动器的设备名称调用 CreateFile 来写入引导扇区(至少作为 XP 上的管理员)。此外,您可以通过简单地调用 WriteFile 并传递通过调用 CreateFile 创建的设备的句柄来写入该驱动器。
Edit to address Joel Coehoorn. I need to edit the MBR because I'm working on a project that needs to modify hardware registers after POST in BIOS, but before Windows will be allowed to boot. Our plan is to make these changes by modifying the bootloader to execute our code before Windows boots up.
编辑以解决乔尔·科霍恩 (Joel Coehoorn)。我需要编辑 MBR,因为我正在处理一个需要在 BIOS POST 后修改硬件寄存器的项目,但在允许 Windows 启动之前。我们的计划是通过修改引导加载程序以在 Windows 启动之前执行我们的代码来进行这些更改。
Edit for Cd-MaN. Thanks for the info. There isn't anything in your answer, though, that I didn't know and your answer doesn't address my question. The registry in particular absolutely will not do what we need for multiple reasons. The big reason being that Windows is the highest layer among multiple software layers that will be running with our product. These changes need to occur even before the lower levels run, and so the registry won't work.
编辑 Cd-MaN。谢谢(你的)信息。但是,您的回答中没有任何我不知道的内容,您的回答也没有解决我的问题。由于多种原因,特别是注册表绝对不会做我们需要的事情。一个重要的原因是 Windows 是将与我们的产品一起运行的多个软件层中的最高层。这些更改甚至需要在较低级别运行之前发生,因此注册表将不起作用。
P.S. for Cd-MaN. As I understand it, the information you give isn't quite correct. For Vista, I think you can write to a volume if the sectors being written to are boot sectors. See http://support.microsoft.com/kb/942448
用于 Cd-MaN 的 PS。据我了解,您提供的信息并不完全正确。对于 Vista,如果写入的扇区是引导扇区,我认为您可以写入卷。请参阅http://support.microsoft.com/kb/942448
回答by Adam Davis
Once the OS is started the MBR is typically protected for virus reasons - this is one of the oldest virus tricks in the books - goes back to passing viruses from floppy to floppy.
一旦操作系统启动,MBR 通常会因病毒原因受到保护——这是书中最古老的病毒技巧之一——回到将病毒从软盘传递到软盘。
Even if it wasn't restricted, you have to write low level code - it isn't part of the file system, but exists on a specific location on the hard drive.
即使不受限制,您也必须编写低级代码——它不是文件系统的一部分,而是存在于硬盘驱动器的特定位置。
Due to that, you pretty much are restricted to writing low level (most programs implement this in assembly) or C code targeting 16 bit DOS.
因此,您几乎只能编写低级(大多数程序在汇编中实现)或针对 16 位 DOS 的 C 代码。
Most of these programs use the BIOS interface(13h, I believe) to access the sectors of the disk directly. You can access these in C using some inline assembly, or compiler provided interfaces. You will generally not get access to BIOS without the cooperation of the OS, though, so your program, again, will be restricted to DOS. If you can access these you're almost home free - the nice thing about BIOS is you don't have to worry about what type of HD is in the system - even RAID cards often insert themselves into the BIOS routines so they can be accessed without knowing where in memory the ATA or SATA controller is, and executing commands on that low level.
大多数这些程序使用BIOS 接口(我相信是 13h)来直接访问磁盘的扇区。您可以使用一些内联汇编或编译器提供的接口在 C 中访问这些。但是,如果没有操作系统的合作,您通常无法访问 BIOS,因此您的程序将再次被限制在 DOS 中。如果您可以访问这些,您几乎可以在家中自由 - BIOS 的好处是您不必担心系统中的 HD 类型 - 即使是 RAID 卡也经常将自己插入 BIOS 例程中,以便可以访问它们不知道 ATA 或 SATA 控制器在内存中的位置,并在该低级别执行命令。
If you absolutely must access it within an OS, though, you pretty much have to write a device driver to access the BIOS or the memory space where the HD controllers exist. I wouldn't recommend it, though, as this is very tricky to deal with - modern computers put the HD controllers in different spots in memory, with different IRQs, and each chipset has become a little more esoteric because they can provide a minimum interface to bios for bootup, and then a specific driver for Windows. They skip all the other interface niceties that would be considered compatible with other controllers because it's more expensive to be compatible.
但是,如果您绝对必须在操作系统中访问它,那么您几乎必须编写一个设备驱动程序来访问 BIOS 或 HD 控制器所在的内存空间。不过,我不推荐它,因为这很难处理 - 现代计算机将 HD 控制器放在内存中的不同位置,具有不同的 IRQ,并且每个芯片组都变得更加深奥,因为它们可以提供最少的接口到 bios 进行启动,然后是 Windows 的特定驱动程序。他们跳过了所有其他被认为与其他控制器兼容的接口细节,因为兼容的成本更高。
You may find that at the driver level inside windows you'll have methods for accessing the drive sectors directly (or pseudo directly), but again, they are likely very well protected due to the aforementioned virus issues.
您可能会发现,在 Windows 内的驱动程序级别,您将拥有直接(或伪直接)访问驱动器扇区的方法,但同样,由于上述病毒问题,它们可能受到很好的保护。
Good luck!
祝你好运!
回答by Grey Panther
Modifying the bootloader is bad, bad idea. Here are just a few of the possible gotcha's:
修改引导加载程序是不好的,坏主意。这里只是一些可能的陷阱:
- it will potentially kill full disk encryption products (Truecrypt, PGP, Vista's BitLocker, etc)
- it will potentially trip up AV products (scaring users)
- it will potentially kill complicated booting scenarios (chained boot loaders, etc)
- it will kill off the chain of trust when using the TPM module (because it checks the MBR for change before executing it)
- direct disk access is not allowed starting from Vista (only using drivers)
- 它可能会杀死全盘加密产品(Truecrypt、PGP、Vista 的 BitLocker 等)
- 它可能会绊倒 AV 产品(吓唬用户)
- 它可能会杀死复杂的引导场景(链式引导加载程序等)
- 它会在使用 TPM 模块时终止信任链(因为它会在执行之前检查 MBR 的更改)
- 从 Vista 开始不允许直接访问磁盘(仅使用驱动程序)
Alternatives (like modifying the hardware register during the Windows bootup via a driver which is set to load at boot time or after Windows has booted) should really be considered. If the modification is as simple as writing to a port, ie:
确实应该考虑替代方案(例如在 Windows 启动期间通过设置为在启动时或 Windows 启动后加载的驱动程序来修改硬件寄存器)。如果修改像写入端口一样简单,即:
OUT AX, BL
then drivers exists for all versions of Window which can do this (reading/writing a value from/to a certain port) which can be called from user mode.
那么所有版本的Window都有驱动程序可以做到这一点(从/向某个端口读取/写入值),可以从用户模式调用。
回答by Jonas Gulle
Maybe a PXE boot scenario could help you? Simply boot on your crafted PXE image which modify the hardware registers you need to modify, and then return the control to the Master Boot Record or to the active partition's boot record.
也许 PXE 引导方案可以帮助您?只需在您精心制作的 PXE 映像上启动,它会修改您需要修改的硬件寄存器,然后将控制权返回到主引导记录或活动分区的引导记录。
This way you don't have to modify the boot records.
这样您就不必修改引导记录。
