Sponsoring website: Emergency Boot Kit




MSWIN4.1 (Windows 98)
Floppy Disk Boot Record


( Note: This Boot Record is the same exact code for:
Windows™ 98, Windows™ 98 SE, Windows™ ME
and even the Windows™ XP Startup Diskettes! )

Web Presentation and Text are Copyright © 2001-2005 by Daniel B. Sedory
(NOT to be reproduced in any form without Permission of the Author !)


      First, we'll look at a disk editor view of this Boot Record as its stored on a 1440 KiB Floppy Disk (often incorrectly called a 1.44mb floppy). Unlike hard disks, which always have an MBR sector with a Partition Table, the first sector of a diskette (Absolute Sector 0 or CHS 0,0,1) most often contains the Boot Record for a file system; though it's not absolutely necessary. Such a diskette can be used to boot up a PC, if the system files for that Boot Record have been correctly stored on it. Thus, floppy diskettes may be thought of as a single hard disk volume when they contain a file system.
   
  Since these are floppy (not hard) disks, you may read about Tracks (instead of Cylinders) and Sides (instead of Heads) in discussions about them. These terms seem to make more sense, since you can hold the removable media in your hands and observe that its jacket (for 5.25 inch diskettes) or hard plastic shell (for 3.5-inch diskettes) contains a circular disc having two sides without ever having to think about the heads or mechanical parts inside the floppy drive.

(See Examination of the Code below, to learn where the BIOS places the Boot Record in Memory just before it is executed.)

                                                BPB  
Absolute Sector 0 (Track 0, Side 0, Sector 1)    |      OEM System Name
        0  1  2  3  4  5  6  7  8  9  A  B  C  D |E  F         |
0000:  EB 3C 90 4D 53 57 49 4E 34 2E 31 00 02 01 01 00  .<.MSWIN4.1.....
0010:  02 E0 00 40 0B F0 09 00 12 00 02 00 00 00 00 00  ...@............
0020:  00 00 00 00 00 00 29 21 6C 15 27 42 4F 4F 54 44  ......)!l.'BOOTD
0030:  49 53 4B 20 20 20 46 41 54 31 32 20 20 20 33 C9  ISK   FAT12   3.
0040:  8E D1 BC FC 7B 16 07 BD 78 00 C5 76 00 1E 56 16  ....{...x..v..V.
0050:  55 BF 22 05 89 7E 00 89 4E 02 B1 0B FC F3 A4 06  U."..~..N.......
0060:  1F BD 00 7C C6 45 FE 0F 38 4E 24 7D 20 8B C1 99  ...|.E..8N$} ...
0070:  E8 7E 01 83 EB 3A 66 A1 1C 7C 66 3B 07 8A 57 FC  .~...:f..|f;..W.
0080:  75 06 80 CA 02 88 56 02 80 C3 10 73 ED 33 C9 FE  u.....V....s.3..
0090:  06 D8 7D 8A 46 10 98 F7 66 16 03 46 1C 13 56 1E  ..}.F...f..F..V.
00A0:  03 46 0E 13 D1 8B 76 11 60 89 46 FC 89 56 FE B8  .F....v.`.F..V..
00B0:  20 00 F7 E6 8B 5E 0B 03 C3 48 F7 F3 01 46 FC 11   ....^...H...F..
00C0:  4E FE 61 BF 00 07 E8 28 01 72 3E 38 2D 74 17 60  N.a....(.r>8-t.`
00D0:  B1 0B BE D8 7D F3 A6 61 74 3D 4E 74 09 83 C7 20  ....}..at=Nt...
00E0:  3B FB 72 E7 EB DD FE 0E D8 7D 7B A7 BE 7F 7D AC  ;.r......}{...}.
00F0:  98 03 F0 AC 98 40 74 0C 48 74 13 B4 0E BB 07 00  .....@t.Ht......
0100:  CD 10 EB EF BE 82 7D EB E6 BE 80 7D EB E1 CD 16  ......}....}....
0110:  5E 1F 66 8F 04 CD 19 BE 81 7D 8B 7D 1A 8D 45 FE  ^.f......}.}..E.
0120:  8A 4E 0D F7 E1 03 46 FC 13 56 FE B1 04 E8 C2 00  .N....F..V......
0130:  72 D7 EA 00 02 70 00 52 50 06 53 6A 01 6A 10 91  r....p.RP.Sj.j..
0140:  8B 46 18 A2 26 05 96 92 33 D2 F7 F6 91 F7 F6 42  .F..&...3......B
0150:  87 CA F7 76 1A 8A F2 8A E8 C0 CC 02 0A CC B8 01  ...v............
0160:  02 80 7E 02 0E 75 04 B4 42 8B F4 8A 56 24 CD 13  ..~..u..B...V$..
0170:  61 61 72 0A 40 75 01 42 03 5E 0B 49 75 77 C3 03  aar.@u.B.^.Iuw..
0180:  18 01 27 0D 0A 49 6E 76 61 6C 69 64 20 73 79 73  ..'..Invalid sys
0190:  74 65 6D 20 64 69 73 6B FF 0D 0A 44 69 73 6B 20  tem disk...Disk 
01A0:  49 2F 4F 20 65 72 72 6F 72 FF 0D 0A 52 65 70 6C  I/O error...Repl
01B0:  61 63 65 20 74 68 65 20 64 69 73 6B 2C 20 61 6E  ace the disk, an
01C0:  64 20 74 68 65 6E 20 70 72 65 73 73 20 61 6E 79  d then press any
01D0:  20 6B 65 79 0D 0A 00 00 49 4F 20 20 20 20 20 20   key....IO      
01E0:  53 59 53 4D 53 44 4F 53 20 20 20 53 59 53 7F 01  SYSMSDOS   SYS..
01F0:  00 41 BB 00 07 60 66 6A 00 E9 3B FF 00 00 55 AA  .A...`fj..;...U.
        0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F
  000h through 1FFh = 200h bytes; the standard 512 bytes per sector.

The BIOS Parameter Block

Beginning at offset 0Bh, the BPB data on this diskette is interpreted as follows:

        0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F
  00:                                   00 02 01 01 00
  10:  02 E0 00 40 0B F0 09 00 12 00 02 00 00 00 00 00
  20:  00 00 00 00 00 00 29 21 6C 15 27 42 4F 4F 54 44  ......)!l.'BOOTD
  30:  49 53 4B 20 20 20 46 41 54 31 32 20 20 20        ISK   FAT12   


  Hex  As seen
OFFSET on Disk HEX value       Meaning / Description
------ ------- ---------  ------------------------------------------------
 0B-0C  00 02     0200h =  512 Bytes per Sector,
   0D      01       01h =    1 Sector per Cluster,
 0E-0F  01 00     0001h =    1 Reserved sector (starting at Sector 0),
   10      02       02h =    2 FATs on the diskette,
 11-12  E0 00     00E0h =  224 possible Root Directory entries,
 13-14  40 0B     0B40h = 2880 Total Sectors on the diskette,
                               ( 2880 x 512 = 1,474,560 bytes total ),

   15      F0        =>   Media Descriptor Byte: F0 essentially means 'Not
                          identifiable' (this byte is more for telling the
                          OS whether or not the media is a hard disk or a
                          floppy disk rather than its exact size).  An F8
                          byte means a 'Fixed Disk' (hard drive); only a
                          few other bytes have ever been used here.*

 16-17  09 00     0009h =    9 Sectors per FAT,
 18-19  12 00     0012h =   18 Sectors per Track,
 1A-1B  02 00     0002h =    2 Sides (or Heads).

   26      29        =>   Extended BPB Signature Byte (if present, then
                          the following strings will also have meaning):  
 27-2A    xx xx xx xx   = Volume Serial Number. In the example above, the
                          S/N displays as: 2715-6C21 (a 4-byte Hex Word).
 2B-35    (11 bytes)    = Volume Label.
 36-3B                  = File System ID (see discussion below).
 ______________
 * FF=DS,8 SPT; FE=SS,8 SPT; FD=DS, 9 SPT (the 360kb diskette);
   FC=SS,9 SPT; F9 = DS,9 SPT (a 720kb) or DS,15 SPT.  Apparently the fact
   that F9 could mean either of these, signaled the end of its usefulness!

Using the data in the BPB, we can determine our diskette has: A capacity of 1440 KiB (1,474,560 bytes), two sides and 18 Sectors per Track; that should mean we're looking at a standard 3.5-inch 'DSHD' Double-Sided High Density diskette. [The actual space available for user data depends upon the file system though; so, under FAT12, you'd have to subtract the area used for the boot record (1 sector), both FATs (9 sectors each = 18) and the Directory (14 sectors), which leaves us with 2,847 sectors (2,880 - 33) or 1,457,664 bytes; 1423.5 KiB.]

The bytes from offsets 1Ch through 1Fh are a Double-Word containing the 'Number of Hidden Sectors.' Practically every floppy diskette you'll ever see will only have zeros here; as will the next four bytes (offsets 20h through 23h), another Double-Word, used in DOS versions 3 (and above) for disk partitions having more than 65,535 sectors! And if that's the case, then the bytes at offsets 13h-14h must be zero.

Beginning with DOS version 4.0, if the byte at offset 26h is a 29h, then the next four bytes (offsets 27h through 2Ah) will contain a Serial Number based on the date and time the diskette was formatted; if necessary, these bytes (along with the OEM ID and Volume Label) can be changed by a disk editor. If the 29 Extended BPB Signature Byte is present, then the bytes at offsets 2Bh through 35h may contain an 11-byte Volume Label and the bytes at offsets 36h through 3Dh should contain the File System ID of: "FAT12   "; including three trailing space bytes (20h).

If you require more information on the BPB, see the TABLE on this page:
The MSWIN4.1 Hard Disk Boot Record.


Examination of the Code

This Listing is still missing a lot of necessary comments!

If you see an asterisk ( * ) on the line, this indicates the instruction requires a CPU higher than an Intel 8088/8086 (and also that MS-DEBUG cannot decode the meaning of this instruction). The first sector of the floppy disk is copied into Memory at location 0000:7C00 by a 'bootstrap' routine in the computer's BIOS chip.



7C00 EB3C          JMP     7C3E          ; Jump over the BPB.
7C02 90            NOP                   ; Do nothing, however, this
                                         ;  location is used at 7C85
                                         ;  and 7D61 for temp. data. 
=========================================================================
               OEM string and BIOS Parameter Block Data
       0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F
7C00        90 4D 53 57 49 4E 34 2E 31 00 02 01 01 00     MSWIN4.1.....
7C10  02 E0 00 40 0B F0 09 00 12 00 02 00 00 00 00 00  ...@............
7C20  00 00 00 00 00 00 29 21 6C 15 27 42 4F 4F 54 44  ......)!l.'BOOTD
7C30  49 53 4B 20 20 20 46 41 54 31 32 20 20 20        ISK   FAT12   
       0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F
=========================================================================

; Both the Stack and Extra Segments are set to zero and the Stack Pointer
; is set to allow room for temporary data in memory locations 0:7BFC and
; following (7BFC-7BFF; plus 7C00 through 7C0A if necessary).

7C3E 33C9          XOR     CX,CX       ; Zero-out Count Register and set
7C40 8ED1          MOV     SS,CX       ; Stack Segment register to zero.
7C42 BCFC7B        MOV     SP,7BFC     ; Stack Pointer is now: 0000:7BFC
7C45 16            PUSH    SS          ;|
7C46 07            POP     ES          ;| Make sure Extra Segment = zero.

; The next group of instructions 1) Load a far pointer (four bytes) from
; the contents of SS:[BP+00] through SS:[BP+03]; which is the Interrupt
; Vector for INT 1E, into DS:SI. Then all the registers involved in this
; LDS instruction have their contents pushed onto the Stack:

7C47 BD7800        MOV     BP,0078     ; 0078h --> BP
7C4A C57600        LDS     SI,[BP+00]  ; LDS SI,dword ptr [bp]
7C4D 1E            PUSH    DS
7C4E 56            PUSH    SI
7C4F 16            PUSH    SS
7C50 55            PUSH    BP

; The following code copies data from the Diskette Drive Parameters table
; which a far pointer (Segment:Offset) in the Interrupt Vector Table (IVT)
; at 0:0078 and following points to; for later use.
 
7C51 BF2205        MOV     DI,0522
7C54 897E00        MOV     [BP+00],DI        ; 0522h -> 
7C57 894E02        MOV     [BP+02],CX        ; MOV word ptr [bp+02],cx
7C5A B10B          MOV     CL,0B
7C5C FC            CLD
7C5D F3            REPZ
7C5E A4            MOVSB                     ; repe movsb es:[di],ds:[si]
7C5F 06            PUSH    ES
7C60 1F            POP     DS
7C61 BD007C        MOV     BP,7C00
7C64 C645FE0F      MOV     BYTE PTR [DI-02],0F
7C68 384E24        CMP     [BP+24],CL        ; [7C24]
7C6B 7D20          JGE     7C8D              ; or: JNL   7C8D
7C6D 8BC1          MOV     AX,CX
7C6F 99            CWD                       ; Convert Word to DoubleWord
7C70 E87E01        CALL    7DF1

7C73 83EB3A        SUB     BX,+3A
7C76 66A11C7C *    mov     eax,[7C1C]
7C7A 663B07   *    cmp     eax,dword ptr [bx]
7C7D 8A57FC        MOV     DL,[BX-04]
7C80 7506          JNZ     7C88
7C82 80CA02        OR      DL,02
7C85 885602        MOV     [BP+02],DL
7C88 80C310        ADD     BL,10
7C8B 73ED          JNB     7C7A
7C8D 33C9          XOR     CX,CX
7C8F FE06D87D      INC     BYTE PTR [7DD8]   ; Points to IO.SYS 
            ; Note: This changes the name from IO.SYS to JO.SYS 

7C93 8A4610        MOV     AL,[BP+10]        ; [7C10]=02 here.
7C96 98            CBW                       ; Convert Byte to Word
7C97 F76616        MUL     WORD PTR [BP+16]  ; W[7C16]=0009 here, so
                                             ; AX becomes 12h (or 18).
7C9A 03461C        ADD     AX,[BP+1C]        ; [7C1C]
7C9D 13561E        ADC     DX,[BP+1E]        ; [7C1E]
7CA0 03460E        ADD     AX,[BP+0E]        ; W[7C0E]=0001 here, so
                                             ; AX becomes 13h (or 19).
; We now have the number of Sector per FAT (0009) times 2 = 18 plus the
; 1 sector reserved for the Boot Record itself = 19 in the AX register.

7CA3 13D1          ADC     DX,CX
7CA5 8B7611        MOV     SI,[BP+11]        ; W[7C11]=00E0h= possible #
                                             ; of Root Directory entries.
7CA8 60      *     pusha                     ; Push Registers on Stack
7CA9 8946FC        MOV     [BP-04],AX        ; Temporarily store values
7CAC 8956FE        MOV     [BP-02],DX        ;   of AX and DX here.
7CAF B82000        MOV     AX,0020           ; Size of Directory Entries.

; At this point, AX is 20h (or 32), which is the size of each (file) entry
; in the Root Directory; of which there can be a total of 224 (0Eh in SI).

7CB2 F7E6          MUL     SI

; After multiplying, AX contains 1C00h (7,168) as the number of bytes in
; the maximum possible number of Root Directory entries. At 7CBA, we divide
; by the Bytes per Sector value (0200h) to arrive at the number of sectors
; being used by the Root Directory of this file system: 0Eh (or 14). And
; finally, the instruction at 7CBC, gives us a total of 21h (or 33) sectors
; (in [BP-04]=[7BFC]) for all the sectors used by the file system.

7CB4 8B5E0B        MOV     BX,[BP+0B]        ; W[7C0B]=0200h (or 512).
7CB7 03C3          ADD     AX,BX             ; AX -> 1C00h + 0200h = 1E00h.
7CB9 48            DEC     AX                ; AX = 1DFFh.
7CBA F7F3          DIV     BX                ; AX -> 1DFFh/0200h = 000Eh.
7CBC 0146FC        ADD     [BP-04],AX        ; W[7BFC] -> 0Eh + 13h = 21h.
7CBF 114EFE        ADC     [BP-02],CX
7CC2 61      *     popa                      ; Pop Registers from Stack
7CC3 BF0007        MOV     DI,0700
7CC6 E82801        CALL    7DF1

7CC9 723E          JB      7D09              ; -> "Disk I/O error"
7CCB 382D          CMP     [DI],CH
7CCD 7417          JZ      7CE6
7CCF 60      *     pusha                     ; Push Registers on Stack
7CD0 B10B          MOV     CL,0B
7CD2 BED87D        MOV     SI,7DD8           ; Points to JO.SYS 
7CD5 F3            REPZ
7CD6 A6            CMPSB                     ; repe cmpsb es:[di],ds:[si]
7CD7 61      *     popa                      ; Pop Registers from Stack
7CD8 743D          JZ      7D17
7CDA 4E            DEC     SI
7CDB 7409          JZ      7CE6
7CDD 83C720        ADD     DI,+20
7CE0 3BFB          CMP     DI,BX
7CE2 72E7          JB      7CCB
7CE4 EBDD          JMP     7CC3

7CE6 FE0ED87D      DEC     BYTE PTR [7DD8]   ; Becomes  IO.SYS  again.
7CEA 7BA7          JPO     7C93              ;  jnp      7C93

; If execution ends up here,  IO.SYS  could not be found on the diskette!  

7CEC BE7F7D        MOV     SI,7D7F           ; [7D7F]=03

; If the following code is entered from above, then SI becomes 7D80
; after LODSB at 7CEF and AL=03, so SI + AX = 7D83 and DS:SI points to
; -> 0Dh, 0Ah, "Invalid system disk", FFh at 7CF3 for display routine.

7CEF AC            LODSB                     ; lodsb al, ds:[si]
7CF0 98            CBW                       ; Convert byte to Word.
7CF1 03F0          ADD     SI,AX             ; 
7CF3 AC            LODSB                     ; lodsb al, ds:[si]
7CF4 98            CBW                       ; Convert byte to Word.
7CF5 40            INC     AX                ; INC FFh -> 00h
7CF6 740C          JZ      7D04
7CF8 48            DEC     AX
7CF9 7413          JZ      7D0E
7CFB B40E          MOV     AH,0E             ; Video Function 0Eh
7CFD BB0700        MOV     BX,0007           ;   Page 0, Normal White on
7D00 CD10          INT     10                ;   Black 'Tele-type Output'
                                             ;   AL = character to write.
7D02 EBEF          JMP     7CF3              ; Display another character.

; When the code jumps to 7CEF from 7D07 below, SI will become 7D83 after
; the first LODSB and AL=27h, so SI + AX = 7DAA and DS:SI will point to
; -> 0Dh, 0Ah, "Replace the disk, and then press any key", 0Dh, 0Ah, 00h.
; After that, the routine will fall through to 7D0E and wait to reboot!

7D04 BE827D        MOV     SI,7D82           ; [7D82] = 27h (or 39).
7D07 EBE6          JMP     7CEF

; When the code jumps to 7CEF from 7D0C below, SI will become 7D81 after
; the first LODSB and AL=18h, then SI + AX = 7D99 and DS:SI will point to
; -> 0Dh, 0Ah, "Disk I/O error", FFh.

7D09 BE807D        MOV     SI,7D80           ; [7D80]=18h (or 24).
7D0C EBE1          JMP     7CEF

7D0E CD16          INT     16        ; Get a Keystroke from Keyboard:
                                     ; Waits for user to press a key in
                                     ; order to try booting from another
                                     ; floppy disk (or hard drive).
7D10 5E            POP     SI
7D11 1F            POP     DS
7D12 668F04 *      pop     dword ptr [si]
7D15 CD19          INT     19                ; Start over again with
                                             ; System BOOTSTRAP LOADER.

7D17 BE817D        MOV     SI,7D81           ; [7D81] = 01
7D1A 8B7D1A        MOV     DI,[DI+1A]
7D1D 8D45FE        LEA     AX,[DI-02]
7D20 8A4E0D        MOV     CL,[BP+0D]
7D23 F7E1          MUL     CX
7D25 0346FC        ADD     AX,[BP-04]
7D28 1356FE        ADC     DX,[BP-02]
7D2B B104          MOV     CL,04
7D2D E8C200        CALL    7DF2

7D30 72D7          JB      7D09                 ; -> "Disk I/O error"
7D32 EA00027000    JMP     FAR PTR 0070:0200	; or 0900h.


SUBROUTINES

7D37 52            PUSH    DX
7D38 50            PUSH    AX
7D39 06            PUSH    ES
7D3A 53            PUSH    BX
7D3B 6A01    *     push    0001
7D3D 6A10    *     push    0010
7D3F 91            XCHG    CX,AX
7D40 8B4618        MOV     AX,[BP+18]       ; [7C18] = 18 Sectors/Track
7D43 A22605        MOV     [0526],AL
7D46 96            XCHG    SI,AX
7D47 92            XCHG    DX,AX
7D48 33D2          XOR     DX,DX
7D4A F7F6          DIV     SI
7D4C 91            XCHG    CX,AX
7D4D F7F6          DIV     SI
7D4F 42            INC     DX
7D50 87CA          XCHG    CX,DX
7D52 F7761A        DIV     WORD PTR [BP+1A] ; [7C1A] = 0002 Sides.
7D55 8AF2          MOV     DH,DL
7D57 8AE8          MOV     CH,AL
7D59 C0CC02  *     ror     ah,02
7D5C 0ACC          OR      CL,AH
7D5E B80102        MOV     AX,0201        ; Function 0201h is the INT 13
                                          ; READ 01 sector from drive DL.

7D61 807E020E      CMP     BYTE PTR [BP+02],0E
7D65 7504          JNZ     7D6B
7D67 B442          MOV     AH,42            ; Function 42h is an Extended
                                            ; INT 13 READ from Disk drive
7D69 8BF4          MOV     SI,SP
7D6B 8A5624        MOV     DL,[BP+24]       ; [7C24] = 0 --> A:\ drive.
7D6E CD13          INT     13

7D70 61     *      popa                      ; Pop Registers from Stack
7D71 61     *      popa                      ; Pop Registers from Stack
7D72 720A          JB      7D7E
7D74 40            INC     AX
7D75 7501          JNZ     7D78
7D77 42            INC     DX
7D78 035E0B        ADD     BX,[BP+0B]       ; [7C0B]= 512 Bytes/Sector.
7D7B 49            DEC     CX
7D7C 7577          JNZ     7DF5
7D7E C3            RET

7DF1 41            INC     CX
7DF2 BB0007        MOV     BX,0700
7DF5 60     *      pusha                     ; Push Registers on Stack
7DF6 666A00 *      push    0000
7DF9 E93BFF        JMP     7D37


Location of Data Registers, Error
Messages and Filenames in Memory

       0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F
7D7F                                               03                  .
7D80  18 01 27 0D 0A 49 6E 76 61 6C 69 64 20 73 79 73   ..'..Invalid sys
7D90  74 65 6D 20 64 69 73 6B FF 0D 0A 44 69 73 6B 20   tem disk...Disk 
7DA0  49 2F 4F 20 65 72 72 6F 72 FF 0D 0A 52 65 70 6C   I/O error...Repl
7DB0  61 63 65 20 74 68 65 20 64 69 73 6B 2C 20 61 6E   ace the disk, an
7DC0  64 20 74 68 65 6E 20 70 72 65 73 73 20 61 6E 79   d then press any
7DD0  20 6B 65 79 0D 0A 00 00 49 4F 20 20 20 20 20 20    key....IO      
7DE0  53 59 53 4D 53 44 4F 53 20 20 20 53 59 53 7F 01   SYSMSDOS   SYS..
7DF0  00                                                .               
       0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F

 

Revised: 29 April 2003.
Last Update: 27 April 2005 (27.04.2005);
Updated: 5 April 2009 (05.04.2009).


You can write to me using this: online reply form. (It opens in a new window.)

MBR and Boot Records Index

The Starman's Realm Index Page