Back
to The Starman's Realm MBR pages
NOTE:
This page is still under construction . . . .
You can contact me here if you have any specific questions
about this page.
IntroductionThis page examines the second and following sectors of the NTFS Boot Record Code for Windows™ 2000 (NT5.0) and Windows™ XP (NT5.1). One Microsoft® web page refers to these sectors as the “bootstrap code” for an NTFS partition (see reference here). We're calling these sectors the NTLDR Section of the NTFS Boot Record. This section is actually the bulk of the whole Boot Record, and is what makes NTFS volumes so flexible as far as booting options are concerned. Our main objective here is to identify the purpose of the bytes in the Data Area (or as many as we can at least); not to cover every instruction in these six sectors of code. NOTE: So far, it appears that all NTFS Boot Records begin with identical bytes in the "NTLDR Data Area" as we're calling it (see below for more info). After the MBR loads the NTFS “boot sector” into Memory at location 0000:7C00, it eventually loads another copy of itself directly from the hard drive into Memory location 0D00:0000 (or 0000:D000) and continues loading all of the other 15 sectors of the Boot Record immediately after that. So our examination of the code below will be done as if it were already located in Memory at 0D20:0000 (or 0000:D200) and following since that's where the code is actually located when it's executed. Take this link, to see:
|
The “Data
Area” (at the beginning of the
NTFS Partition's “Bootstrap Code”)
"Hex Dump" of the Data Area:
Absolute Sector 64 (Cylinder 0, Head 1, Sector 2)
0 1 2 3 4 5 6 7 8 9 A B C D E F
0000: 05 00 4E 00 54 00 4C 00 44 00 52 00 04 00 24 00 ..N.T.L.D.R...$.
0010: 49 00 33 00 30 00 00 E0 00 00 00 30 00 00 00 00 I.3.0......0....
0020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0050: 00 00 00 00 00 00 EB 12 90 90 00 00 00 00 00 00 ................
0060: 00 00 00 00 00 00 00 00 00 00 ..........
|
|
From the instruction at offset D2BC below, it appears that the bytes at offsets 0056 through 0059 of this Data Area ("EB 12 90 90") are never executed, since they are being used by that instruction to store data! Furthermore, upon examining quite a few other NTFS partitions, I found exactly the same bytes in all of their "Data Areas" on the hard drives. The conclusion is that this area is never changed on a hard drive, but only used to store data after first loading it into Memory. |
An Examination of the CodeHere's a disassembled copy of the code (; with comments) after being loaded into memory by the NTFS Boot Record's first sector at 0D00:0200 (or 0000:D200), but execution is transferred immediately to location 0000:D26A (or simply D26A as we'll refer to it below — without the 0000: segment prefix):
D26A 8CC8 MOV AX,CS ; AX = CS (Code Segment) = 0D00.
D26C 8ED8 MOV DS,AX ; Make DS (Data Segment) = CS.
; (Once again, 0D00:026A = 0000:D26A)
D26E C1E004 SHL AX,04 ; That's 4 bits, so 0D00 -> D000.
D271 FA CLI ; Disable maskable Interrupts.
D272 8BE0 MOV SP,AX ; Stack Pointer = 0000:D000 since the
; Stack Segment (SS) is still 0000.
D274 FB STI ; Enable Interrupts again.
D275 E803FE CALL D07B ; Now we see why the Boot Sector re-
; loaded itself into Memory: So part
; of its code could be used again by
; the "Bootstrap code"! So calculate
; Total Sectors in partition again!
; (Of course, if there are more than
; 00FB0400h sectors, it will fail.
; Review notes in this subroutine!)
D278 660FB7060B MOVZX EAX,WORD [000B] ; Sector Size in (hex) bytes
00 ; from the BPB.
D27E 660FB61E0D MOVZX EBX,BYTE [000D] ; Sectors per Cluster from BPB.
00
D284 66F7E3 MUL EBX ; EAX = Cluster Size (in bytes)
D287 66A34E02 MOV [024E],EAX ; --> [D24E]
D28B 668B0E4000 MOV ECX,[0040] ; [Clusters per File Record Segment]
D290 80F900 CMP CL,00 ; Normally this is F6h (or 246).
D293 0F8F0E00 JG D2A5 ; No error so go to -> D2A5.
D297 F6D9 NEG CL ; Error! So negate it and ???
D299 66B8010000 MOV EAX,00000001 ;
00
D29F 66D3E0 SHL EAX,CL
D2A2 EB08 JMP D2AC
D2A4 90 NOP
D2A5 66A14E02 MOV EAX,[024E] ;| Multiply by Clusters in bytes
D2A9 66F7E1 MUL ECX ;| EAX now equals File Record
; size in bytes!
D2AC 66A35202 MOV [0252],EAX ; Store it in [D252].
D2B0 660FB71E0B MOVZX EBX,WORD [000B] ; Sector size in bytes...
00
D2B6 6633D2 XOR EDX,EDX
D2B9 66F7F3 DIV EBX
D2BC 66A35602 MOV [0256],EAX
D2C0 E80D04 CALL D6D0
D2C3 668B0E4A02 MOV ECX,[024A]
D2C8 66890E2202 MOV [0222],ECX
D2CD 66030E5202 ADD ECX,[0252]
D2D2 66890E2602 MOV [0226],ECX
D2D7 66030E5202 ADD ECX,[0252]
D2DC 66890E2A02 MOV [022A],ECX
D2E1 66030E5202 ADD ECX,[0252]
D2E6 66890E3A02 MOV [023A],ECX
D2EB 66030E5202 ADD ECX,[0252]
Sorry,
but this page is still under construction ...
D161 A0F801 MOV AL,[01F8] ; Contains 83h (for all Languages)
; -> "A disk read error occurred"
D164 E80900 CALL D170 ; DISPLAY MESSAGE
D167 A0FB01 MOV AL,[01FB] ; Contains C9h (for English).
; -> "Press Ctrl+Alt+Del to restart"
D16A E80300 CALL D170 ; DISPLAY MESSAGE
D16D FB STI
D16E EBFE JMP D16E ; Endless Loop -> Lock-up System,
; so a reboot is necessary!
|
Just to give you an idea of how very tedious this work would be to complete, here are some more uncommented lines of code (which without analyzing, we can't even say for sure if they're actually true!) from the NTLDR section we began above:
D32E 66A33602 MOV [0236],EAX D332 66A12E02 MOV EAX,[022E] D336 660BC0 OR EAX,EAX D339 0F8424FE JZ D161 D33D 6780780800 CMP BYTE PTR [EAX+08],00 D342 0F851BFE JNZ D161 D346 67668D5010 LEA EDX,[EAX+10] D34B 67034204 ADD AX,[EDX+04] D34F 67660FB6480C MOVZX ECX,BYTE PTR [EAX+0C] D355 66890E6202 MOV [0262],ECX D35A 67668B4808 MOV ECX,[EAX+08] D35F 66890E5E02 MOV [025E],ECX D364 66A15E02 MOV EAX,[025E] D368 660FB70E0B00 MOVZX ECX,WORD PTR [000B] D36E 6633D2 XOR EDX,EDX D371 66F7F1 DIV ECX D374 66A36602 MOV [0266],EAX D378 66A14202 MOV EAX,[0242] D37C 6603065E02 ADD EAX,[025E] D381 66A34602 MOV [0246],EAX D385 66833E320200 CMP DWORD PTR [0232],+00 D38B 0F841900 JZ D3A8 D38F 66833E360200 CMP DWORD PTR [0236],+00 D395 0F84C8FD JZ D161 D399 668B1E3602 MOV EBX,[0236] D39E 1E PUSH DS D39F 07 POP ES D3A0 668B3E4602 MOV EDI,[0246] D3A5 E89201 CALL D53A D3A8 660FB70E0002 MOVZX ECX,WORD PTR [0200] D3AE 66B802020000 MOV EAX,00000202 D3B4 E89607 CALL DB4D D3B7 660BC0 OR EAX,EAX D3BA 0F840A09 JZ DCC8 D3BE 67668B00 MOV EAX,[EAX] D3C2 1E PUSH DS D3C3 07 POP ES D3C4 668B3E3A02 MOV EDI,[023A] D3C9 E8CE05 CALL D99A D3CC 66A13A02 MOV EAX,[023A] D3D0 66BB80000000 MOV EBX,00000080 D3D6 66B900000000 MOV ECX,00000000 D3DC 66BA00000000 MOV EDX,00000000 D3E2 E8AC00 CALL D491 D3E5 660BC0 OR EAX,EAX D3E8 0F853E00 JNZ D42A D3EC 66B980000000 MOV ECX,00000080 D3F2 66A13A02 MOV EAX,[023A] D3F6 E85908 CALL DC52 D3F9 660BC0 OR EAX,EAX D3FC 0F84C808 JZ DCC8 D400 1E PUSH DS D401 07 POP ES D402 668B3E3A02 MOV EDI,[023A] D407 E89005 CALL D99A D40A 66A13A02 MOV EAX,[023A] D40E 66BB80000000 MOV EBX,00000080 D414 66B900000000 MOV ECX,00000000 D41A 66BA00000000 MOV EDX,00000000 D420 E86E00 CALL D491 D423 660BC0 OR EAX,EAX D426 0F849E08 JZ DCC8 D42A 67660FB7580C MOVZX EBX,WORD PTR [EAX+0C] D430 6681E3FF0000+ AND EBX,000000FF D437 0F859308 JNZ DCCE D43B 668BD8 MOV EBX,EAX D43E 680020 PUSH 2000 D441 07 POP ES D442 662BFF SUB EDI,EDI D445 E8F200 CALL D53A D448 8A162400 MOV DL,[0024] D44C B8E803 MOV AX,03E8 D44F 8EC0 MOV ES,AX D451 8D360B00 LEA SI,[000B] D455 2BC0 SUB AX,AX D457 680020 PUSH 2000 D45A 50 PUSH AX D45B CB RETF ; ---------------------------------------------------------- D45C 06 PUSH ES D45D 1E PUSH DS D45E 6660 PUSHAD D460 668BDA MOV EBX,EDX D463 660FB60E0D00 MOVZX ECX,BYTE PTR [000D] D469 66F7E1 MUL ECX D46C 66A31000 MOV [0010],EAX D470 668BC3 MOV EAX,EBX D473 66F7E1 MUL ECX D476 A30E00 MOV [000E],AX D479 8BDF MOV BX,DI D47B 83E30F AND BX,000F D47E 8CC0 MOV AX,ES D480 66C1EF04 SHR EDI,04 D484 03C7 ADD AX,DI D486 50 PUSH AX D487 07 POP ES D488 E83CFC CALL D0C7 D48B 6661 POPAD D48D 90 NOP D48E 1F POP DS D48F 07 POP ES D490 C3 RET ; ----------------------------------------------------- D491 67034014 ADD AX,[EAX+14] D495 67668338FF CMP DWORD PTR [EAX],-01 D49A 0F844C00 JZ D4EA D49E 67663918 CMP [EAX],EBX D4A2 0F853300 JNZ D4D9 D4A6 660BC9 OR ECX,ECX D4A9 0F850A00 JNZ D4B7 D4AD 6780780900 CMP BYTE PTR [EAX+09],00 D4B2 0F852300 JNZ D4D9 D4B6 C3 RET ; -------------------------------------------------------- D4B7 673A4809 CMP CL,[EAX+09] D4BB 0F851A00 JNZ D4D9 D4BF 668BF0 MOV ESI,EAX D4C2 6703700A ADD SI,[EAX+0A] D4C6 E85906 CALL DB22 D4C9 6651 PUSH ECX D4CB 1E PUSH DS D4CC 07 POP ES D4CD 668BFA MOV EDI,EDX D4D0 F3 REPZ D4D1 A7 CMPSW D4D2 6659 POP ECX D4D4 0F850100 JNZ D4D9 D4D8 C3 RET ; --------------------------------------------------------- D4D9 676683780400 CMP DWORD PTR [EAX+04],+00 D4DF 0F840700 JZ D4EA D4E3 6766034004 ADD EAX,[EAX+04] D4E8 EBAB JMP D495 D4EA 662BC0 SUB EAX,EAX D4ED C3 RET ; ---------------------------------------------------------- D4EE 668BF3 MOV ESI,EBX D4F1 E82E06 CALL DB22 D4F4 67660300 ADD EAX,[EAX] D4F8 67F7400C0200 TEST WORD PTR [EAX+0C],0002 D4FE 0F853400 JNZ D536 D502 67668D5010 LEA EDX,[EAX+10] D507 673A4A40 CMP CL,[EDX+40] D50B 0F851800 JNZ D527 D50F 67668D7242 LEA ESI,[EDX+42] D514 E80B06 CALL DB22 D517 6651 PUSH ECX D519 1E PUSH DS D51A 07 POP ES D51B 668BFB MOV EDI,EBX D51E F3 REPZ D51F A7 CMPSW D520 6659 POP ECX D522 0F850100 JNZ D527 D526 C3 RET ; ----------------------------------------------------------- D527 6783780800 CMP WORD PTR [EAX+08],+00 D52C 0F840600 JZ D536 D530 67034008 ADD AX,[EAX+08] D534 EBC2 JMP D4F8 D536 6633C0 XOR EAX,EAX D539 C3 RET ; ----------------------------------------------------------- D53A 67807B0800 CMP BYTE PTR [EBX+08],00 D53F 0F851C00 JNZ D55F D543 06 PUSH ES D544 1E PUSH DS D545 6660 PUSHAD D547 67668D5310 LEA EDX,[EBX+10] D54C 67668B0A MOV ECX,[EDX] D550 668BF3 MOV ESI,EBX D553 67037204 ADD SI,[EDX+04] D557 F3 REPZ D558 A4 MOVSB D559 6661 POPAD D55B 90 NOP D55C 1F POP DS D55D 07 POP ES D55E C3 RET ; ----------------------------------------------------------- D55F 67668D5310 LEA EDX,[EBX+10] D564 67668B4A08 MOV ECX,[EDX+08] D569 6641 INC ECX D56B 662BC0 SUB EAX,EAX D56E E80100 CALL D572 D571 C3 RET ; ----------------------------------------------------------- D572 06 PUSH ES D573 1E PUSH DS D574 6660 PUSHAD D576 67807B0801 CMP BYTE PTR [EBX+08],01 D57B 0F840300 JZ D582 D57F E9DFFB JMP D161 D582 6683F900 CMP ECX,+00 D586 0F850600 JNZ D590 D58A 6661 POPAD D58C 90 NOP D58D 1F POP DS D58E 07 POP ES D58F C3 RET ; ---------------------------------------------------------- D590 6653 PUSH EBX D592 6650 PUSH EAX D594 6651 PUSH ECX D596 6657 PUSH EDI D598 06 PUSH ES D599 E87304 CALL DA0F D59C 668BD1 MOV EDX,ECX D59F 07 POP ES D5A0 665F POP EDI D5A2 6659 POP ECX D5A4 663BCA CMP ECX,EDX D5A7 0F8D0300 JNL D5AE D5AB 668BD1 MOV EDX,ECX D5AE E8ABFE CALL D45C D5B1 662BCA SUB ECX,EDX D5B4 668BDA MOV EBX,EDX D5B7 668BC2 MOV EAX,EDX D5BA 660FB6160D00 MOVZX EDX,BYTE PTR [000D] D5C0 66F7E2 MUL EDX D5C3 660FB7160B00 MOVZX EDX,WORD PTR [000B] D5C9 66F7E2 MUL EDX D5CC 6603F8 ADD EDI,EAX D5CF 6658 POP EAX D5D1 6603C3 ADD EAX,EBX D5D4 665B POP EBX D5D6 EBAA JMP D582 D5D8 06 PUSH ES D5D9 1E PUSH DS D5DA 6660 PUSHAD D5DC 67807B0801 CMP BYTE PTR [EBX+08],01 D5E1 0F840300 JZ D5E8 D5E5 E979FB JMP D161 D5E8 6683F900 CMP ECX,+00 D5EC 0F850600 JNZ D5F6 D5F0 6661 POPAD D5F2 90 NOP D5F3 1F POP DS D5F4 07 POP ES D5F5 C3 RET ; ----------------------------------------------------------- D5F6 6653 PUSH EBX D5F8 6650 PUSH EAX D5FA 6651 PUSH ECX D5FC 6657 PUSH EDI D5FE 06 PUSH ES D5FF 6651 PUSH ECX D601 6633D2 XOR EDX,EDX D604 660FB60E0D00 MOVZX ECX,BYTE PTR [000D] D60A 66F7F1 DIV ECX D60D 6652 PUSH EDX D60F E8FD03 CALL DA0F D612 660FB61E0D00 MOVZX EBX,BYTE PTR [000D] D618 66F7E3 MUL EBX D61B 665A POP EDX D61D 6603C2 ADD EAX,EDX D620 6650 PUSH EAX D622 660FB6060D00 MOVZX EAX,BYTE PTR [000D] D628 66F7E1 MUL ECX D62B 668BD0 MOV EDX,EAX D62E 6658 POP EAX D630 6659 POP ECX D632 07 POP ES D633 665F POP EDI D635 6659 POP ECX D637 663BCA CMP ECX,EDX D63A 0F8D0300 JNL D641 D63E 668BD1 MOV EDX,ECX D641 66A31000 MOV [0010],EAX D645 89160E00 MOV [000E],DX D649 06 PUSH ES D64A 1E PUSH DS D64B 6660 PUSHAD D64D 8BDF MOV BX,DI D64F 83E30F AND BX,000F D652 8CC0 MOV AX,ES D654 66C1EF04 SHR EDI,04 D658 03C7 ADD AX,DI D65A 50 PUSH AX D65B 07 POP ES D65C E868FA CALL D0C7 D65F 6661 POPAD D661 90 NOP D662 1F POP DS D663 07 POP ES D664 662BCA SUB ECX,EDX D667 668BDA MOV EBX,EDX D66A 668BC2 MOV EAX,EDX D66D 660FB7160B00 MOVZX EDX,WORD PTR [000B] D673 66F7E2 MUL EDX D676 6603F8 ADD EDI,EAX D679 6658 POP EAX D67B 6603C3 ADD EAX,EBX D67E 665B POP EBX D680 E965FF JMP D5E8 D683 06 PUSH ES D684 1E PUSH DS D685 6660 PUSHAD D687 26 ES: D688 67660FB75F04 MOVZX EBX,WORD PTR [EDI+04] D68E 26 ES: D68F 67660FB74F06 MOVZX ECX,WORD PTR [EDI+06] D695 660BC9 OR ECX,ECX D698 0F84C5FA JZ D161 D69C 6603DF ADD EBX,EDI D69F 6683C302 ADD EBX,+02 D6A3 6681C7FE0100+ ADD EDI,000001FE D6AA 6649 DEC ECX D6AC 660BC9 OR ECX,ECX D6AF 0F841700 JZ D6CA D6B3 26 ES: D6B4 678B03 MOV AX,[EBX] D6B7 26 ES: D6B8 678907 MOV [EDI],AX D6BB 6683C302 ADD EBX,+02 D6BF 6681C7000200+ ADD EDI,00000200 D6C6 6649 DEC ECX D6C8 EBE2 JMP D6AC D6CA 6661 POPAD D6CC 90 NOP D6CD 1F POP DS D6CE 07 POP ES D6CF C3 RET ------------------------------------------------------------- D6D0 06 PUSH ES D6D1 1E PUSH DS D6D2 6660 PUSHAD D6D4 66B801000000 MOV EAX,00000001 D6DA 66A31E02 MOV [021E],EAX D6DE 66A11A02 MOV EAX,[021A] D6E2 6603065202 ADD EAX,[0252] D6E7 66A35A02 MOV [025A],EAX D6EB 6603065202 ADD EAX,[0252] D6F0 66A34A02 MOV [024A],EAX D6F4 66A13000 MOV EAX,[0030] D6F8 660FB61E0D00 MOVZX EBX,BYTE PTR [000D] D6FE 66F7E3 MUL EBX D701 668B1E4A02 MOV EBX,[024A] D706 668907 MOV [BX],EAX D709 66A31000 MOV [0010],EAX D70D 83C304 ADD BX,+04 D710 66A15602 MOV EAX,[0256] D714 668907 MOV [BX],EAX D717 A30E00 MOV [000E],AX D71A 83C304 ADD BX,+04 D71D 66891E4A02 MOV [024A],EBX D722 668B1E1A02 MOV EBX,[021A] D727 1E PUSH DS D728 07 POP ES D729 E89BF9 CALL D0C7 D72C 668BFB MOV EDI,EBX D72F E851FF CALL D683 D732 66A11A02 MOV EAX,[021A] D736 66BB20000000 MOV EBX,00000020 D73C 66B900000000 MOV ECX,00000000 D742 66BA00000000 MOV EDX,00000000 D748 E846FD CALL D491 D74B 660BC0 OR EAX,EAX D74E 0F841601 JZ D868 D752 668BD8 MOV EBX,EAX D755 1E PUSH DS D756 07 POP ES D757 668B3E1602 MOV EDI,[0216] D75C E8DBFD CALL D53A D75F 668B1E1602 MOV EBX,[0216] D764 66813F800000+ CMP DWORD PTR [BX],00000080 D76B 0F84EB00 JZ D85A D76F 035F04 ADD BX,[BX+04] D772 EBF0 JMP D764 D774 6653 PUSH EBX D776 668B4710 MOV EAX,[BX+10] D77A 66F7265602 MUL DWORD PTR [0256] D77F 6650 PUSH EAX D781 6633D2 XOR EDX,EDX D784 660FB61E0D00 MOVZX EBX,BYTE PTR [000D] D78A 66F7F3 DIV EBX D78D 6652 PUSH EDX D78F E8DC00 CALL D86E D792 660BC0 OR EAX,EAX D795 0F84C8F9 JZ D161 D799 668B0E5602 MOV ECX,[0256] D79E 660FB61E0D00 MOVZX EBX,BYTE PTR [000D] D7A4 66F7E3 MUL EBX D7A7 665A POP EDX D7A9 6603C2 ADD EAX,EDX D7AC 668B1E4A02 MOV EBX,[024A] D7B1 668907 MOV [BX],EAX D7B4 83C304 ADD BX,+04 D7B7 660FB6060D00 MOVZX EAX,BYTE PTR [000D] D7BD 662BC2 SUB EAX,EDX D7C0 663BC1 CMP EAX,ECX D7C3 0F860300 JBE D7CA D7C7 668BC1 MOV EAX,ECX D7CA 668907 MOV [BX],EAX D7CD 662BC8 SUB ECX,EAX D7D0 665A POP EDX D7D2 0F847500 JZ D84B D7D6 6603C2 ADD EAX,EDX D7D9 6650 PUSH EAX D7DB 6633D2 XOR EDX,EDX D7DE 660FB61E0D00 MOVZX EBX,BYTE PTR [000D] TOOK A BREAK HERE JUST TO JUMP AHEAD AND SEE WHAT HAPPENED AT DB22... CURIOUSLY ENOUGH, THE CODE STILL APPEARS TO BE IN ALIGNMENT... SINCE WE END WITH A "RET" FUNCTION JUST BEFORE THAT OFFSET: DB18 EBEB JMP DB05 DB1A 668BCA MOV ECX,EDX DB1D 665A POP EDX DB1F 665B POP EBX DB21 C3 RET ; -------------------------------------------------------------------- DB22 660BC9 OR ECX,ECX DB25 0F850100 JNZ DB2A DB29 C3 RET DB2A 6651 PUSH ECX DB2C 6656 PUSH ESI DB2E 67833E61 CMP WORD PTR [ESI],+61 DB32 0F8C0C00 JL DB42 DB36 67833E7A CMP WORD PTR [ESI],+7A DB3A 0F8F0400 JG DB42 DB3E 67832E20 SUB WORD PTR [ESI],+20 DB42 6683C602 ADD ESI,+02 DB46 E2E6 LOOP DB2E DB48 665E POP ESI DB4A 6659 POP ECX DB4C C3 RET ; -------------------------------------------------------------------- DB4D 6650 PUSH EAX DB4F 6651 PUSH ECX DB51 668BD0 MOV EDX,EAX DB54 66A12E02 MOV EAX,[022E] DB58 67668D5810 LEA EBX,[EAX+10] DB5D 67034304 ADD AX,[EBX+04] DB61 67668D4010 LEA EAX,[EAX+10] DB66 668BDA MOV EBX,EDX DB69 E882F9 CALL D4EE DB6C 660BC0 OR EAX,EAX DB6F 0F840500 JZ DB78 DB73 6659 POP ECX DB75 6659 POP ECX DB77 C3 RET ETC. ETC. ETC. THE CODE APPEARS TO END WITH THESE LAST SET OF LINES: |
Had enough of this yet?!
This page is still under construction . . . .
Last Updated: July 26, 2007.