A
Comparison of the
Windows™ Vista, 7 and 8
VBR (or Boot Sector) Code
Web Presentation and Text are Copyright©2015 by Daniel B. Sedory
NOT to be reproduced in any form without Permission of the Author !
This page compares and clearly shows where the VBR (Boot Sector) Code
for the Windows™ Vista, 7 and 8 operating systems differ; look for the underlined bytes (which point out the bytes that differ)
with either a WHITE background (for differences between Windows Vista and 7/8) or a Light Red background (for differences between
Windows 7 and Windows 8). But most of the code and Error Messages are the same, for each
of the three different Boot Sectors; and very apparent when viewed as assembly listings.
You may wish to jump directly to the Assembly Listings further below, as those show a better
agreement than the machine code, since a number of differences are only due to necessary changes in the same jump (and other) assembly instructions due to
simply being at different locations in the source code.
W i n d o w s V i s t a W i n d o w s 7 W i n d o w s 8
Offsets ============================= ===================== =====================
0 1 2 3 4 5 6 7 8 9 A B C D E F 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 1 2 3 4 5 6 7 8 9 A B C D E F
0000 EB 52 90 EB 52 90 EB 52 90
0054 FA 33 C0 8E D0 BC 00 7C FB 68 C0 07 FA 33 C0 8E D0 BC 00 7C FB 68 C0 07 FA 33 C0 8E D0 BC 00 7C FB 68 C0 07
0060 1F 1E 68 66 00 CB 88 16 0E 00 66 81 3E 03 00 4E 1F 1E 68 66 00 CB 88 16 0E 00 66 81 3E 03 00 4E 1F 1E 68 66 00 CB 88 16 0E 00 66 81 3E 03 00 4E
0070 54 46 53 75 15 B4 41 BB AA 55 CD 13 72 0C 81 FB 54 46 53 75 15 B4 41 BB AA 55 CD 13 72 0C 81 FB 54 46 53 75 15 B4 41 BB AA 55 CD 13 72 0C 81 FB
0080 55 AA 75 06 F7 C1 01 00 75 03 E9 D2 00 1E 83 EC 55 AA 75 06 F7 C1 01 00 75 03 E9 DD 00 1E 83 EC 55 AA 75 06 F7 C1 01 00 75 03 E9 DD 00 1E 83 EC
0090 18 68 1A 00 B4 48 8A 16 0E 00 8B F4 16 1F CD 13 18 68 1A 00 B4 48 8A 16 0E 00 8B F4 16 1F CD 13 18 68 1A 00 B4 48 8A 16 0E 00 8B F4 16 1F CD 13
00A0 9F 83 C4 18 9E 58 1F 72 E1 3B 06 0B 00 75 DB A3 9F 83 C4 18 9E 58 1F 72 E1 3B 06 0B 00 75 DB A3 9F 83 C4 18 9E 58 1F 72 E1 3B 06 0B 00 75 DB A3
00B0 0F 00 C1 2E 0F 00 04 1E 5A 33 DB B9 00 20 2B C8 0F 00 C1 2E 0F 00 04 1E 5A 33 DB B9 00 20 2B C8 0F 00 C1 2E 0F 00 04 1E 5A 33 DB B9 00 20 2B C8
00C0 66 FF 06 11 00 03 16 0F 00 8E C2 FF 06 16 00 E8 66 FF 06 11 00 03 16 0F 00 8E C2 FF 06 16 00 E8 66 FF 06 11 00 03 16 0F 00 8E C2 FF 06 16 00 E8
00D0 40 00 2B C8 77 EF B8 00 BB CD 1A 66 23 C0 75 2D 4B 00 2B C8 77 EF B8 00 BB CD 1A 66 23 C0 75 2D 4B 00 2B C8 77 EF B8 00 BB CD 1A 66 23 C0 75 2D
00E0 66 81 FB 54 43 50 41 75 24 81 F9 02 01 72 1E 16 66 81 FB 54 43 50 41 75 24 81 F9 02 01 72 1E 16 66 81 FB 54 43 50 41 75 24 81 F9 02 01 72 1E 16
00F0 68 07 BB 16 68 70 0E 16 68 09 00 66 53 66 53 66 68 07 BB 16 68 70 0E 16 68 09 00 66 53 66 53 66 68 07 BB 16 68 52 11 16 68 09 00 66 53 66 53 66
0100 55 16 16 16 68 B8 01 66 61 0E 07 CD 1A 55 16 16 16 68 B8 01 66 61 0E 07 CD 1A 55 16 16 16 68 B8 01 66 61 0E 07 CD 1A
Offsets [The following 11 bytes were new in Windows 7:] [And remained (with changes) in Win 8:]
010D 33 C0 BF 33 C0 BF
0110 28 10 B9 D8 0F FC F3 AA 0A 13 B9 F6 0C FC F3 AA
Offsets Offsets Offsets
010D E9 6A 01 0118 E9 5F 01 0118 E9 FE 01
011B: 011B:
0110 90 90 66 60 1E 06 66 A1 11 00 66 03 06 1C 00 1E 90 90 66 60 1E 06 66 A1 11 00 66 03 06 1C 00 1E 90 90 66 60 1E 06 66 A1 11 00 66 03 06 1C 00 1E
012B: 012B:
0120 66 68 00 00 00 00 66 50 06 53 68 01 00 68 10 00 66 68 00 00 00 00 66 50 06 53 68 01 00 68 10 00 66 68 00 00 00 00 66 50 06 53 68 01 00 68 10 00
013B: 013B:
0130 B4 42 8A 16 0E 00 16 1F 8B F4 CD 13 66 59 5B 5A B4 42 8A 16 0E 00 16 1F 8B F4 CD 13 66 59 5B 5A B4 42 8A 16 0E 00 16 1F 8B F4 CD 13 66 59 5B 5A
014B: 043B:
0140 66 59 66 59 1F 0F 82 16 00 66 FF 06 11 00 03 16 66 59 66 59 1F 0F 82 16 00 66 FF 06 11 00 03 16 66 59 66 59 1F 0F 82 16 00 66 FF 06 11 00 03 16
015B: 015B:
0150 0F 00 8E C2 FF 0E 16 00 75 BC 07 1F 66 61 C3 0F 00 8E C2 FF 0E 16 00 75 BC 07 1F 66 61 C3 0F 00 8E C2 FF 0E 16 00 75 BC 07 1F 66 61 C3
016A: 016A:
015F A0 F8 01 E8 08 00 A0 F8 01 E8 09 00 A1 F6 01 E8 09 00
0170: 0170:
0165 A0 FB 01 E8 02 00 A0 FB 01 E8 03 00 A1 FA 01 E8 03 00
0176 F4 [This was new in Win 7.] 0176 F4 [And remained in Win 8.]
016B EB FE B4 01 0177 EB FD B4 01 0177 EB FD [Removed B4 01]
-----
016F 8B 017B 8B 0179 8B
017C: 017A:
0170 F0 AC 3C 00 74 09 B4 0E BB 07 00 CD 10 EB F2 C3 F0 AC 3C 00 74 09 B4 0E BB 07 00 CD 10 EB F2 C3 F0 AC 3C 00 74 09 B4 0E BB 07 00 CD 10 EB F2 C3
018C: 018A:
0180 0D 0A 41 20 64 69 73 6B 20 72 65 61 64 20 65 72 0D 0A 41 20 64 69 73 6B 20 72 65 61 64 20 65 72 0D 0A 41 20 64 69 73 6B 20 72 65 61 64 20 65 72
. . A d i s k r e a d e r 019C: 019A:
0190 72 6F 72 20 6F 63 63 75 72 72 65 64 00 0D 0A 42 72 6F 72 20 6F 63 63 75 72 72 65 64 00 0D 0A 42 72 6F 72 20 6F 63 63 75 72 72 65 64 00 0D 0A 42
r o r o c c u r r e d . . . B 01AC: 01AA:
01A0 4F 4F 54 4D 47 52 20 69 73 20 4F 4F 54 4D 47 52 20 69 73 20 4F 4F 54 4D 47 52 20 69 73 20
O O T M G R i s 01B6: [ Win 8 VBR ...
01AA 6D 69 73 73 69 6E 67 00 0D 0A 42 4F 4F 54 4D 47 6D 69 73 73 69 6E 67 00 0D 0A 42 4F 4F 54 4D 47 ... does not contain "BOOTMGR is missing"! But
m i s s i n g . . . B O O T M G 01C6: new message was added to BOOTMGR Loader code.]
01BA 52 20 69 73 20 52 20 69 73 20
R i s 01CB: 01B4:
01BF 63 6F 6D 70 72 65 73 73 65 64 00 0D 0A 50 72 65 63 6F 6D 70 72 65 73 73 65 64 00 0D 0A 50 72 65 63 6F 6D 70 72 65 73 73 65 64 00 0D 0A 50 72 65
c o m p r e s s e d . . . P r e 01DB: 01C4:
01CF 73 73 20 43 74 72 6C 2B 41 6C 74 2B 44 65 6C 20 73 73 20 43 74 72 6C 2B 41 6C 74 2B 44 65 6C 20 73 73 20 43 74 72 6C 2B 41 6C 74 2B 44 65 6C 20
s s C t r l + A l t + D e l 01EB: 01D4:
01DF 74 6F 20 72 65 73 74 61 72 74 0D 0A 00 74 6F 20 72 65 73 74 61 72 74 0D 0A 00 74 6F 20 72 65 73 74 61 72 74 0D 0A 00
t o r e s t a r t . . . 01E1:
00 00 00 00 00 00 00 00 00 00 00
01EC 00 00 00 00 00 00 00 00
01F0 00 00 00 00 00 00 00 00 00 00 00 00
01F6 00 00 01F6 8A 01
01F8 80 9D B2 CA 01F8 8C A9 BE D6 01F8 A7 01 BF 01
01FC 00 00 55 AA 01FC 00 00 55 AA 01FC 00 00 55 AA
|
Assembly Code Listings
These are Listings of the disassembled machine code (with only a few comments) for Vista, 7
and 8 after their VBRs are loaded into Memory at 0000:7C00 by the MBR code. All the instructions below are referenced to a CS (Code Segment)
of 0000. We decided to keep this as single listing (with notes where some of the Jump locations changed for Win 7 and 8) at the beginning, until the
code diverges to the point of requiring different columns for each installed version:
7C00 EB52 JMP 7C54 ; Jump over BPB (BIOS Parameter Block) to code at 0x7C54.
7C02 90 NOP
7C54 FA CLI ; Disable maskable Interrupts.
7C55 33C0 XOR AX,AX ; Zero out both the Accumulator
7C57 8ED0 MOV SS,AX ; and Stack Segment Registers.
7C59 BC007C MOV SP,7C00 ; Set Stack Pointer to 0000:7C00
7C5C FB STI ; Enable Interrupts again.
; NOTE: This section merely changes the Segment reference to locations in memory. It switches the Segment from 0000 to 07C0 when RETF is executed
; at 0000:7C65. The next instruction, at 07C0:0066, is the same location as linear address 0x7C66 (or, 0000:7C66).
7C5D 68C007 * PUSH 07C0 ; New segment ref. to be used for
7C60 1F POP DS ; both Data (DS = Data Segment)
7C61 1E PUSH DS ; . . .
7C62 686600 * PUSH 0066 ; and Code segments . . .
7C65 CB RETF ; after this RETF instruction.
So, all Code (CS) and Data (DS) Segments in the instructions which follow are in reference to
Segment 07C0. This means the next instruction is, technically: 07C0:0066 (only the "Offsets" are shown below). Note,
however, in debuggers, such as BOCHS, which use only Linear Memory addressing, these will still be displayed 0x7C66 and following.
0066 88160E00 MOV [000E],DL ; DL = Drive # (often 80h).
006A 66813E0300+ * CMP DWORD PTR [0003],5346544E ;/ -> "NTFS"
4E544653
;| Check to see if this is an NTFS Boot Record, and if not display...
0073 7515 JNZ 008A ;\ -> Disk read error routine
; NOTE: These Windows OSs (Vista, 7 or 8) must be run on a computer with INT 13 Extensions!
0075 B441 MOV AH,41 ;/ Function 41h (with BX=55AAh):
0077 BBAA55 MOV BX,55AA ;| Checks for INT 13 Extentions
007A CD13 INT 13 ;| in BIOS. If CF flag cleared
;| and [BX] changes to AA55h, they are installed; Major version is in
;| AH: 01h=1.x; 20h=2.0/EDD-1.0; 21h=2.1/EDD-1.1; 30h=EDD-3.0.
;| CX = API subset support bitmap. If bit 0 is set (CX is 'odd' number),
;| extended disk access functions (AH=42h-44h,47h,48h) are supported.
;\ So, only if no extended support is available, will it fail.
007C 720C JB 008A ; If CF flag not cleared, then
; declare 'Disk error' -> error routine.
007E 81FB55AA CMP BX,AA55 ; Was [BX] changed to AA55h ?
0082 7506 JNZ 008A ; If not, 'Disk error' -> error routine.
0084 F7C10100 TEST CX,0001 ; If bit 0 of CX isn't zero ...
0088 7503 JNZ 008D ; ... we Jump to 07C0:008D.
008A E9[D2]00 JMP 015F or 016A ; If zero, FAR JUMP -> 'error routine'.
or E9[DD]00 For Vista, this jumps to 015F. For Win 7 and 8 it jumps to: 016A
008D 1E PUSH DS ;
008E 83EC18 SUB SP,+18 ; Make room on the Stack
0091 681A00 * PUSH 001A ;
0094 B448 MOV AH,48 ; Function 48h of INT 13.
0096 8A160E00 MOV DL,[000E] ; Put Drive Number in DL.
009A 8BF4 MOV SI,SP ;
009C 16 PUSH SS ;/ These two lines change
009D 1F POP DS ;\ DS back to zero.
009E CD13 INT 13 ; Do it!
00A0 9F LAHF ; Load Status flags into AH
00A1 83C418 ADD SP,+18
00A4 9E SAHF ; Save AH into flags register
00A5 58 POP AX ;
00A6 1F POP DS ;
00A7 72E1 JB 008A ; If below, 'Disk error' -> error routine.
00A9 3B060B00 CMP AX,[000B] ; [0B] -> 200h = 512
00AD 75DB JNZ 008A ; If not zero, 'Disk error' -> error routine.
00AF A30F00 MOV [000F],AX ;
00B2 C12E0F0004 * SHR WORD PTR [000F],04 ;
00B7 1E PUSH DS ; Save current DS on Stack.
00B8 5A POP DX ; Change DS back to 7c0.
00B9 33DB XOR BX,BX ; zero-out BX register.
00BB B90020 MOV CX,2000 ; 2000h = 8192 = 16 sectors.
00BE 2BC8 SUB CX,AX ; AX=200; CX - (1 sector)=CX.
00C0 66FF061100 * INC DWORD PTR [0011]
00C5 03160F00 ADD DX,[000F]
00C9 8EC2 MOV ES,DX
00CB FF061600 INC WORD PTR [0016]
00CF E8[40]00 CALL 0112 or 011D
or E8[4B]00 For Vista, this calls suroutine at 0112. For Win 7 and 8 its located at 011D.
00D2 2BC8 SUB CX,AX
00D4 77EF JA 00C5
; =================================================================
; This code (from 00D6 through 010B) is related to discovering if
; TPM version 1.2 interface support is operational on the system.
;
; Comments below checked with the document, "TCG PC Client Specific
; Implementation Specification For Conventional BIOS" (Version 1.20
; FINAL/Revision 1.00/July 13, 2005/For TPM Family 1.2; Level 2), §
; 12.5, pages 85 ff. 
TCG and "TCG BIOS DOS Test Tool" (MSDN).
00D6 B800BB MOV AX,BB00 ; With AH = BBh and AL = 00h
00D9 CD1A INT 1A ; Int 1A -> TCG_StatusCheck
00DB 6623C0 * AND EAX,EAX ;/ If EAX does not equal zero,
00DE 752D JNZ 010D ;\ then no BIOS support for TCG.
00E0 6681FB+ * CMP EBX,41504354 ; EBX must also return ..
54435041 ; the numerical equivalent
; of the ASCII character string "TCPA" ("54 43 50 41") as a further
; check. (Note: Since hex numbers are stored in reverse order on PC
; media or in Memory, a TPM BIOS would put 41504354h in EBX.)
00E7 7524 JNZ 010D ; If not, exit TCG code.
00E9 81F90201 CMP CX,0102 ; Version 1.2 or higher ?
00ED 721E JB 010D ; If not, exit TCG code.
; If TPM 1.2 found, perform a: "TCG_CompactHashLogExtendEvent".
; 06FD 666807BB0000 * PUSH 0000BB07 ; Setup for INT 1Ah AH = BB,
; AL = 07h command (p.94 f).
00EF 16 PUSH SS
00F0 6807BB * PUSH BB07
00F3 16 PUSH SS
00F4 68700E * PUSH 0E70 ; Under Windows 8, this changed to pushing 1152h [685211].
; We still need to determine why this change occurred.
00F7 16 PUSH SS
00F8 680900 * PUSH 0009
00FB 6653 * PUSH EBX
00FD 6653 * PUSH EBX
00FF 6655 * PUSH EBP
0101 16 PUSH SS
0102 16 PUSH SS
0103 16 PUSH SS
0104 68B801 PUSH 01B8
0107 6661 POPAD
0109 0E PUSH CS
010A 07 POP ES
010B CD1A INT 1A (BIOS Clock)
; On return, "(EAX) = Return Code as defined in Section 12.3" and
; "(EDX) = Event number of the event that was logged".
; =================================================================
Note: This is where the code for Win 7 and 8 diverge from that of Vista; Win 7 and 8
have 11 new bytes of code (from offsets 10D through 117) that: For Windows 7, copy 4,056 zero-bytes into 0xAA28h through 0xB9FFh, or for Windows 8/8.1, copy 3,318 zero-bytes into 0xAD0Ah through 0xB9FFh. So we've split the code here into two columns:
[For Win 7: 4,136 + 4,056 = 8,192 = 16 sectors, and for Win 8: 4,874 + 3,318 = 8,192 = 16 sectors.]
Windows Vista |
Windows 7 and Windows 8 / 8.1 |
010D E96A01 JMP 027A ; Beginning of BOOTMGR
; "bootstrap" code in Boot
; Record's second sector.
0110 90 NOP
0111 90 NOP |
010D 33C0 XOR AX,AX
010F BF2810 MOV DI,1028 ; (Windows 8 has: DI,130A)
0112 B9D80F MOV CX,0FD8 ; (Windows 8 has: CX,0CF6)
0115 FC CLD
0116 F3AA REP STOSB
; For Windows 7:
0118 E95F01 JMP 027A ; Entry point into BOOTMGR
; Loader code in Windows 7 Boot
; Record Area's 2nd sector.
; For Windows 8:
0118 E9FE01 JMP 0319 ; Entry point into BOOTMGR
; Loader code in Windows 8 Boot
; Record Area's 2nd sector.
011B 90 NOP
011C 90 NOP |
With the instructions for this Subroutine from Win Vista and Win 7/8
side by side, it's quite easy to see they are identical except for where they are located in Memory: |
; =============================================================
; SUBROUTINE - INT 13 Function 42h Extended DISK READ
; =============================================================
0112 6660 * PUSHAD ; "Push All Double"
; - all 32-bit GP Regs
; are pushed onto stack!
0114 1E PUSH DS ;
0115 06 PUSH ES ;
0116 66A11100 MOV EAX,[0011]
011A 6603061C00 ADD EAX,[001C] ;
011F 1E PUSH DS ;
0120 666800000000 * PUSH 00000000 ;
0126 6650 * PUSH EAX ;
0128 06 PUSH ES ;
0129 53 PUSH BX ;
012A 680100 * PUSH 0001 ;
012D 681000 * PUSH 0010 ;
0130 B442 MOV AH,42 ; Function 42h (INT13)
0132 8A160E00 MOV DL,[000E] ;
0136 16 PUSH SS ;
0137 1F POP DS ;
0138 8BF4 MOV SI,SP ;
013A CD13 INT 13
013C 6659 * POP ECX
013E 5B POP BX
013F 5A POP DX
0140 6659 * POP ECX
0142 6659 * POP ECX
0144 1F POP DS
0145 0F821600 * JB 015F
0149 66FF061100 * INC DWORD PTR [0011]
014E 03160F00 ADD DX,[000F]
0152 8EC2 MOV ES,DX
0154 FF0E1600 DEC WORD PTR [0016]
0158 75BC JNZ 0116
015A 07 POP ES
015B 1F POP DS
015C 6661 * POPAD
015E C3 RET |
; =============================================================
; SUBROUTINE - INT 13 Function 42h Extended DISK READ
; =============================================================
011D 6660 * PUSHAD ; "Push All Double"
; - all 32-bit GP Regs
; are pushed onto stack!
011F 1E PUSH DS ;
0120 06 PUSH ES ;
0121 66A11100 MOV EAX,[0011] ;
0125 6603061C00 ADD EAX,[001C] ;
012A 1E PUSH DS ;
012B 666800000000 * PUSH 00000000 ;
0131 6650 * PUSH EAX ;
0133 06 PUSH ES ;
0134 53 PUSH BX ;
0135 680100 * PUSH 0001 ;
0138 681000 * PUSH 0010 ;
013B B442 MOV AH,42 ; Function 42h (INT13)
013D 8A160E00 MOV DL,[000E] ;
0141 16 PUSH SS ;
0142 1F POP DS ;
0143 8BF4 MOV SI,SP ;
0145 CD13 INT 13
0147 6659 * POP ECX
0149 5B POP BX
014A 5A POP DX
014B 6659 * POP ECX
014D 6659 * POP ECX
014F 1F POP DS
0150 0F821600 * JB 016A
0154 66FF061100 * INC DWORD PTR [0011]
0159 03160F00 ADD DX,[000F]
015D 8EC2 MOV ES,DX
015F FF0E1600 DEC WORD PTR [0016]
0163 75BC JNZ 0121
0165 07 POP ES
0166 1F POP DS
0167 6661 * POPAD
0169 C3 RET |
In this section, we see that Vista and Windows 7 are almost identical; the
exceptions being only in the offsets and the addition of the HLT (Halt) instruction under Windows 7. (Windows 8 will be compared to Windows 7
further below, since it uses a somewhat different way of handling the error message offsets and removes an instruction): |
Windows Vista |
Windows 7 |
; When last character of an Error Message has been displayed
; the instruction at offset 016B locks computer's execution
; into an endless loop! Must reboot machine.
015F A0F801 MOV AL,[01F8] ; [1F8] = 80 + 100 -> 180 h
0162 E80800 CALL 016D ; "A disk read error occurred"
0165 A0FB01 MOV AL,[01FB] ; [1FB] = CA + 100 -> 1CA h
0168 E80200 CALL 016D ; "Press Ctrl+Alt+Del to
; restart"
016B EBFE JMP 016B
; INT 10, Function 0Eh (Teletype Output) is used to
; display each character of the error messages.
016D B401 MOV AH,01 ; Adds 100h to offsets.
016F 8BF0 MOV SI,AX ; Offset -> Source Index Reg.
0171 AC LODSB ; Load char into AL from [SI].
0172 3C00 CMP AL,00 ;/ Reached end of message
0174 7409 JZ 017F ;\ marker?(00) If so, RET
0176 B40E MOV AH,0E ;/ Otherwise output to:
0178 BB0700 MOV BX,0007 ;|(Display page 0, normal
;| white on black chars.)
017B CD10 INT 10 ;| ... display one character,
017D EBF2 JMP 0171 ;\ go back for another...
017F C3 RET |
; When last character of an Error Message has been displayed
; HLT instruction at 0176 should stop code execution. But if
; not, JMP at 0177 would lock execution in an endless loop!
016A A0F801 MOV AL,[01F8] ; [1F8] = 8C + 100 -> 18C h
016D E80900 CALL 0179 ; "A disk read error occurred"
0170 A0FB01 MOV AL,[01FB] ; [1FB] = D6 + 100 -> 1D6 h
0173 E80300 CALL 0179 ; "Press Ctrl+Alt+Del to
; restart"
0176 F4 HLT ; HLT: Not in Vista VBR code!
0177 EBFE JMP 0176
; INT 10, Function 0Eh (Teletype Output) is used to
; display each character of the error messages.
0179 B401 MOV AH,01 ; Adds 100h to offsets.
017B 8BF0 MOV SI,AX ; Offset -> Source Index Reg.
017D AC LODSB ; Load char into AL from [SI].
017E 3C00 CMP AL,00 ;/ Reached end of message
0180 7409 JZ 018B ;\ marker?(00) If so, RET.
0182 B40E MOV AH,0E ;/ Otherwise output to:
0184 BB0700 MOV BX,0007 ;| (Display page 0, normal
;| white on black chars.)
0187 CD10 INT 10 ;| ... display one character,
0189 EBF2 JMP 017D ;\ go back for another...
018B C3 RET |
The following is the same section as above, with the lines from Windows 7
being repeated on the left side, so we can see the changes made in the Windows 8 / 8.1 code; which uses a somewhat different way of handling the error
message offsets and discarding a now useless instruction: |
Windows 7 |
Windows 8 / 8.1 |
; When last character of an Error Message has been displayed
; HLT instruction at 0176 should stop code execution. But if
; not, JMP at 0177 would lock execution in an endless loop!
016A A0F801 MOV AL,[01F8] ; [1F8] = 8C + 100 -> 18C h
016D E80900 CALL 0179 ; "A disk read error occurred"
0170 A0FB01 MOV AL,[01FB] ; [1FB] = D6 + 100 -> 1D6 h
0173 E80300 CALL 0179 ; "Press Ctrl+Alt+Del to
; restart"
0176 F4 HLT
0177 EBFE JMP 0176
; INT 10, Function 0Eh (Teletype Output) is used to
; display each character of the error messages.
0179 B401 MOV AH,01 ; Adds 100h to offsets.
017B 8BF0 MOV SI,AX ; Offset -> Source Index Reg.
017D AC LODSB ; Load char into AL from [SI].
017E 3C00 CMP AL,00 ;/ Reached end of message
0180 7409 JZ 018B ;\ marker?(00) If so, RET.
0182 B40E MOV AH,0E ;/ Otherwise output to:
0184 BB0700 MOV BX,0007 ;| (Display page 0, normal
;| white on black chars.)
0187 CD10 INT 10 ;| ... display one character,
0189 EBF2 JMP 017D ;\ go back for another...
018B C3 RET |
; When last character of an Error Message has been displayed
; HLT instruction at 0176 should stop code execution. But if
; not, JMP at 0177 would lock execution in an endless loop!
016A A1F601 MOV AX,[01F6] ; Word in [1F6-1F7] = 018A h
016D E80900 CALL 0179 ; "A disk read error occurred"
0170 A1FA01 MOV AX,[01FA] ; Word in [1FA-1FB] = 01BF h
0173 E80300 CALL 0179 ; "Press Ctrl+Alt+Del to
; restart"
0176 F4 HLT
0177 EBFE JMP 0176
; INT 10, Function 0Eh (Teletype Output) is used to
; display each character of the error messages.
;[ 0179 B401 MOV AH,01 ; This is no longer necessary! ]
0179 8BF0 MOV SI,AX ; Offset -> Source Index Reg.
017B AC LODSB ; Load char into AL from [SI].
017C 3C00 CMP AL,00 ;/ Reached end of message
017E 7409 JZ 0189 ;\ marker?(00) If so, RET.
0180 B40E MOV AH,0E ;/ Otherwise output to:
0182 BB0700 MOV BX,0007 ;| (Display page 0, normal
;| white on black chars.)
0185 CD10 INT 10 ;| ... display one character,
0187 EBF2 JMP 017B ;\ go back for another...
0189 C3 RET |
The following shows the different locations in Memory of the Error
Messages and Offsets for Windows Vista, 7 and 8:
W i n d o w s V i s t a W i n d o w s 7
=============================== =======================
0 1 2 3 4 5 6 7 8 9 A B C D E F 0 1 2 3 4 5 6 7 8 9 A B C D E F
7D80 0D 0A 41 20 64 69 73 6B 20 72 65 61 64 20 65 72 ..A disk read er 7D80 0D 0A 41 20 ..A
7D90 72 6F 72 20 6F 63 63 75 72 72 65 64 00 0D 0A 42 ror occurred...B 7D90 64 69 73 6B 20 72 65 61 64 20 65 72 72 6F 72 20 disk read error
7DA0 4F 4F 54 4D 47 52 20 69 73 20 6D 69 73 73 69 6E OOTMGR is missin 7DA0 6F 63 63 75 72 72 65 64 00 0D 0A 42 4F 4F 54 4D occurred...BOOTM
7DB0 67 00 0D 0A 42 4F 4F 54 4D 47 52 20 69 73 20 63 g...BOOTMGR is c 7DB0 47 52 20 69 73 20 6D 69 73 73 69 6E 67 00 0D 0A GR is missing...
7DC0 6F 6D 70 72 65 73 73 65 64 00 0D 0A 50 72 65 73 ompressed...Pres 7DC0 42 4F 4F 54 4D 47 52 20 69 73 20 63 6F 6D 70 72 BOOTMGR is compr
7DD0 73 20 43 74 72 6C 2B 41 6C 74 2B 44 65 6C 20 74 s Ctrl+Alt+Del t 7DD0 65 73 73 65 64 00 0D 0A 50 72 65 73 73 20 43 74 essed...Press Ct
7DE0 6F 20 72 65 73 74 61 72 74 0D 0A 00 00 00 00 00 o restart....... 7DE0 72 6C 2B 41 6C 74 2B 44 65 6C 20 74 6F 20 72 65 rl+Alt+Del to re
7DF0 00 00 00 00 00 00 00 00 80 9D B2 CA 00 00 55 AA ..............U. 7DF0 73 74 61 72 74 0D 0A 00 8C A9 BE D6 00 00 55 AA start.........U.
W i n d o w s 8
=======================
0 1 2 3 4 5 6 7 8 9 A B C D E F
7D80 0D 0A 41 20 64 69 ..A di
7D90 73 6B 20 72 65 61 64 20 65 72 72 6F 72 20 6F 63 sk read error oc
7DA0 63 75 72 72 65 64 00 0D 0A 42 4F 4F 54 4D 47 52 curred...BOOTMGR
7DB0 20 69 73 20 63 6F 6D 70 72 65 73 73 65 64 00 0D is compressed..
7DC0 0A 50 72 65 73 73 20 43 74 72 6C 2B 41 6C 74 2B .Press Ctrl+Alt+
7DD0 44 65 6C 20 74 6F 20 72 65 73 74 61 72 74 0D 0A Del to restart..
7DE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
7DF0 00 00 00 00 00 00 8A 01 A7 01 BF 01 00 00 55 AA ..............U.
|
First Published: 24 June 2015. (24.06.2015).
Updated: 25 JUN 2015 (25.06.2015).
Last Update: 25 June 2015. (25.06.2015)
You can write to me using this: online reply form.(It opens in
a new window.)
The Starman's FREE TOOLS Page 
MBR and Boot Records Index
The Starman's Realm Index Page