wok view BootProg/stuff/bootex.asm @ rev 25463

Up expat (2.4.9) fixes CVE-2022-40674
author Pascal Bellard <pascal.bellard@slitaz.org>
date Thu Sep 29 20:05:23 2022 +0000 (19 months ago)
parents 7dd01dedad38
children 4c101652eb90
line source
1 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
2 ;; ;;
3 ;; "BootProg" Loader v 1.5 by Alexey Frunze (c) 2000-2015 ;;
4 ;; 2-clause BSD license. ;;
5 ;; ;;
6 ;; ;;
7 ;; How to Compile: ;;
8 ;; ~~~~~~~~~~~~~~~ ;;
9 ;; nasm bootex.asm -f bin -o bootex.bin ;;
10 ;; ;;
11 ;; ;;
12 ;; Features: ;;
13 ;; ~~~~~~~~~ ;;
14 ;; - exFAT supported using BIOS int 13h function 42h. ;;
15 ;; ;;
16 ;; - Loads a 16-bit executable file in the MS-DOS .COM or .EXE format ;;
17 ;; from the root directory of a disk and transfers control to it ;;
18 ;; (the "ProgramName" variable holds the name of the file to be loaded) ;;
19 ;; Its maximum size can be up to 637KB without Extended BIOS Data area. ;;
20 ;; ;;
21 ;; - Prints an error if the file isn't found or couldn't be read ;;
22 ;; ("File not found" or "Read error") ;;
23 ;; and waits for a key to be pressed, then executes the Int 19h ;;
24 ;; instruction and lets the BIOS continue bootstrap. ;;
25 ;; ;;
26 ;; ;;
27 ;; Known Bugs: ;;
28 ;; ~~~~~~~~~~~ ;;
29 ;; - All bugs are fixed as far as I know. The boot sector has been tested ;;
30 ;; on a 128MB qemu image. ;;
31 ;; ;;
32 ;; ;;
33 ;; Memory Layout: ;;
34 ;; ~~~~~~~~~~~~~~ ;;
35 ;; The diagram below shows the typical memory layout. The actual location ;;
36 ;; of the boot sector and its stack may be lower than A0000H if the BIOS ;;
37 ;; reserves memory for its Extended BIOS Data Area just below A0000H and ;;
38 ;; reports less than 640 KB of RAM via its Int 12H function. ;;
39 ;; ;;
40 ;; physical address ;;
41 ;; +------------------------+ 00000H ;;
42 ;; | Interrupt Vector Table | ;;
43 ;; +------------------------+ 00400H ;;
44 ;; | BIOS Data Area | ;;
45 ;; +------------------------+ 00500H ;;
46 ;; | PrtScr Status / Unused | ;;
47 ;; +------------------------+ 00600H ;;
48 ;; | Loaded Image | ;;
49 ;; +------------------------+ nnnnnH ;;
50 ;; | Available Memory | ;;
51 ;; +------------------------+ A0000H - 1KB ;;
52 ;; | Boot Sector | ;;
53 ;; +------------------------+ A0000H - 0.5KB ;;
54 ;; | 0.5KB Boot Stack | ;;
55 ;; +------------------------+ A0000H ;;
56 ;; | Video RAM | ;;
57 ;; ;;
58 ;; ;;
59 ;; Boot Image Startup (register values): ;;
60 ;; ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ;;
61 ;; ax = 0ffffh (both FCB in the PSP don't have a valid drive identifier), ;;
62 ;; bx = 0, dl = BIOS boot drive number (e.g. 0, 80H) ;;
63 ;; cs:ip = program entry point ;;
64 ;; ss:sp = program stack (don't confuse with boot sector's stack) ;;
65 ;; COM program defaults: cs = ds = es = ss = 50h, sp = 0, ip = 100h ;;
66 ;; EXE program defaults: ds = es = EXE data - 10h (fake MS-DOS psp), ;;
67 ;; cs:ip and ss:sp depends on EXE header ;;
68 ;; Magic numbers: ;;
69 ;; si = 16381 (prime number 2**14-3) ;;
70 ;; di = 32749 (prime number 2**15-19) ;;
71 ;; bp = 65521 (prime number 2**16-15) ;;
72 ;; The magic numbers let the program know whether it has been loaded by ;;
73 ;; this boot sector or by MS-DOS, which may be handy for universal, bare- ;;
74 ;; metal and MS-DOS programs. ;;
75 ;; The command line contains no arguments. ;;
76 ;; ;;
77 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
78
79 %define bx(label) bx+label-boot
80 %define si(label) si+label-boot
81 NullEntryCheck equ 1 ; +3 bytes
82 ReadRetry equ 1 ; +8 bytes
83 SectorOf512Bytes equ 1 ; -13 bytes
84
85 [BITS 16]
86 [CPU 386]
87
88 ImageLoadSeg equ 60h
89 StackSize equ 512
90
91 [SECTION .text]
92 [ORG 0]
93
94 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
95 ;; Boot sector starts here ;;
96 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
97
98 boot:
99 DriveNumber:
100 jmp short start ; Windows checks for this jump
101 nop
102 bsOemName times 8 db " " ; 0x03 "EXFAT "
103 times 53 db 0 ; 0x0B
104
105 ;;;;;;;;;;;;;;;;;;;;;
106 ;; BPB starts here ;;
107 ;;;;;;;;;;;;;;;;;;;;;
108
109 bpbSectorStart DQ 0 ; 0x40 partition first sector
110 bpbSectorCount DQ 0 ; 0x48 partition sectors count
111 bpbFatSectorStart DD 0 ; 0x50 FAT first sector
112 bpbFatSectorCount DD 0 ; 0x54 FAT sectors count
113 bpbClusterSectorStart DD 0 ; 0x58 first cluster sector
114 bpbClusterCount DD 0 ; 0x5C total clusters count
115 bpbRootDirCluster DD 0 ; 0x60 first cluster of the root dir
116 bpbVolumeSerial DD 0 ; 0x64 volume serial number
117 bpbFSVersionMinor DB 0 ; 0x68
118 bpbFSVersionMajor DB 0 ; 0x69
119 bpbVolumeStateFlags DW 0 ; 0x6A
120 bpbSectorSizeBits DB 0 ; 0x6C sector size as (1 << n)
121 bpbSectorPerClusterBits DB 0 ; 0x6D sector per cluster as (1 << n)
122 bpbNumberOfFATs DB 0 ; 0x6E always 1
123 bpbDriveNumber DB 0 ; 0x6F alaways 0x80
124 bpbAllocatedPercent DB 0 ; 0x70 percentage of allocated space
125
126 ;;;;;;;;;;;;;;;;;;;
127 ;; BPB ends here ;;
128 ;;;;;;;;;;;;;;;;;;;
129
130 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
131 ;; Boot sector code starts here ;;
132 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
133
134 start:
135 cld
136
137 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;
138 ;; How much RAM is there? ;;
139 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;
140
141 int 12h ; get conventional memory size (in KBs)
142 mov cx, 106h
143 dec ax ; reserve 1K bytes for the code and the stack
144 shl ax, cl ; and convert it to 16-byte paragraphs
145
146 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
147 ;; Reserve memory for the boot sector and its stack ;;
148 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
149
150 mov es, ax ; cs:0 = ds:0 = ss:0 -> top - 512 - StackSize
151 mov ss, ax
152 mov sp, 512+StackSize ; bytes 0-511 are reserved for the boot code
153
154 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
155 ;; Copy ourselves to top of memory ;;
156 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
157
158 mov si, 7C00h
159 xor di, di
160 mov ds, di
161 push es
162 mov [si(DriveNumber)], dx ; store BIOS boot drive number
163 rep movsw ; move 512 bytes (+ 12)
164
165 ;;;;;;;;;;;;;;;;;;;;;;
166 ;; Jump to the copy ;;
167 ;;;;;;;;;;;;;;;;;;;;;;
168
169 push word main
170 retf
171
172 main:
173 push cs
174 pop ds
175
176 xor ebx, ebx
177
178 mov esi, [bx(bpbRootDirCluster)] ; esi=cluster # of root dir
179
180 push byte ImageLoadSeg
181 pop es ; cx = 0
182
183 RootDirReadContinue:
184 call ReadCluster ; read one sector of root dir
185
186 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
187 ;; Look for the COM/EXE file to load and run ;;
188 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
189
190 ; es:di -> root entries array
191
192 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
193 ;; Looks for the file/dir ProgramName ;;
194 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
195 ;; Input: ES:DI -> root directory array ;;
196 ;; Output: ESI = cluster number ;;
197 ;; dword [bx+FileSize] file size ;;
198 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
199
200 CurNameSize equ 3 ; 1 byte
201 StartCluster equ 14h ; 4 bytes
202 FileSize equ 18h ; 8 bytes
203
204 FindNameCycle:
205 pusha
206
207 %if NullEntryCheck != 0
208 xor ax, ax
209 or al, [es:di]
210 je FindNameFailed
211 %else
212 movzx ax, byte [es:di]
213 %endif
214
215 cmp al, 0c0h ; EXFAT_ENTRY_FILE_INFO ?
216 jne NotFileInfo
217
218 mov bl, 31
219 CopyInfo:
220 mov al, [es:di+bx]
221 mov [bx], al
222 dec bx
223 jnz CopyInfo ; keep BIOS boot drive number
224
225 NotFileInfo:
226 mov al, 0c1h ; EXFAT_ENTRY_FILE_NAME ?
227 mov cx, NameLength+1
228 mov si, ProgramName ; ds:si -> program name
229 CheckName:
230 scasw ; compare UTF-16
231 lodsb ; with ASCII
232 loope CheckName
233 je FindNameFound ; cx = 0
234 popa ; restore ax, cx, si, di
235
236 add di, byte 32
237 cmp di, bp
238 jne FindNameCycle ; next root entry
239 loop RootDirReadContinue ; continue to the next root dir sector
240 cmp esi, byte -10 ; carry=0 if last cluster, and carry=1 otherwise
241 jc RootDirReadContinue ; continue to the next root dir cluster
242 FindNameFailed: ; end of root directory (dir end reached)
243 mov dl, [bx(DriveNumber)] ; restore BIOS boot drive number
244 call Error
245 db "File not found."
246 FindNameFound:
247 mov esi, [bx+StartCluster]
248
249 ;;;;;;;;;;;;;;;;;;;;;;;;;;
250 ;; Load the entire file ;;
251 ;;;;;;;;;;;;;;;;;;;;;;;;;;
252
253 push es
254 %if SectorOf512Bytes == 0
255 xor bp, bp
256 FileReadContinue:
257 shr bp, 4 ; bytes to paragraphs
258 mov di, es
259 add di, bp ; adjust segment for next sector
260 mov es, di ; es:0 updated
261 %else
262 FileReadContinue:
263 %endif
264 call ReadCluster ; read one more sector of the boot file
265 dec cx
266 sub [bx+FileSize], ebp ; max FileSize is < 640KB : check low 32 bits only
267 %if SectorOf512Bytes != 0
268 mov bp, es
269 lea bp, [bp+32]
270 mov es, bp ; es:0 updated
271 %endif
272 ja FileReadContinue
273 mov dx, [bx(DriveNumber)] ; restore BIOS boot drive number
274 xchg ax, di
275 pop bp
276
277 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
278 ;; Type detection, .COM or .EXE? ;;
279 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
280
281 mov ds, bp ; bp=ds=seg the file is loaded to
282
283 add bp, [bx+08h] ; bp = image base
284 mov di, [bx+18h] ; di = reloc table pointer
285
286 cmp word [bx], 5A4Dh ; "MZ" signature?
287 je RelocateEXE ; yes, it's an EXE program
288
289 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
290 ;; Setup and run a .COM program ;;
291 ;; Set CS=DS=ES=SS SP=0 IP=100h ;;
292 ;; AX=0ffffh BX=0 DX=drive and ;;
293 ;; cmdline=void ;;
294 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
295
296 mov di, 100h ; ip
297 mov bp, ImageLoadSeg-10h ; "org 100h" stuff :)
298 mov ss, bp
299 xor sp, sp
300 push bp ; cs, ds and es
301 jmp short Run
302
303 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
304 ;; Relocate, setup and run a .EXE program ;;
305 ;; Set CS:IP, SS:SP, DS, ES and AX according ;;
306 ;; to wiki.osdev.org/MZ#Initial_Program_State ;;
307 ;; AX=0ffffh BX=0 DX=drive cmdline=void ;;
308 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
309
310 ReloCycle:
311 add [di+2], bp ; item seg (abs)
312 les si, [di] ; si = item ofs, es = item seg
313 add [es:si], bp ; fixup
314 scasw ; di += 2
315 scasw ; point to next entry
316
317 RelocateEXE:
318 dec word [bx+06h] ; reloc items, 32768 max (128KB table)
319 jns ReloCycle
320
321 les si, [bx+0Eh]
322 add si, bp
323 mov ss, si ; ss for EXE
324 mov sp, es ; sp for EXE
325
326 lea si, [bp-10h] ; ds and es both point to the segment
327 push si ; containing the PSP structure
328
329 add bp, [bx+16h] ; cs for EXE
330 mov di, [bx+14h] ; ip for EXE
331 Run:
332 pop ds
333 push bp
334 push di
335 push ds
336 pop es
337 mov [80h], ax ; clear cmdline
338 dec ax ; both FCB in the PSP don't have a valid drive identifier
339
340 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
341 ;; Set the magic numbers so the program knows that it ;;
342 ;; has been loaded by this bootsector and not by MS-DOS ;;
343 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
344 mov si, 16381 ; prime number 2**14-3
345 mov di, 32749 ; prime number 2**15-19
346 mov bp, 65521 ; prime number 2**16-15
347
348 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
349 ;; All done, transfer control to the program now ;;
350 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
351 retf
352
353 ;;;;;;;;;;;;;;;;;;;;;;;;;;
354 ;; Error Messaging Code ;;
355 ;;;;;;;;;;;;;;;;;;;;;;;;;;
356
357 Error:
358 pop si
359
360 PutStr:
361 mov ah, 0Eh
362 mov bl, 7
363 lodsb
364 int 10h
365 cmp al, "."
366 jne PutStr
367
368 cbw
369 int 16h ; wait for a key...
370 int 19h ; bootstrap
371
372 Stop:
373 hlt
374 jmp short Stop
375
376 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
377 ;; Reads a exFAT cluster ;;
378 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
379 ;; Input: EDX:EAX = LBA ;;
380 ;; EBX = 0 ;;
381 ;; CX = sector cnt ;;
382 ;; ESI = cluster no ;;
383 ;; ES:0 -> buffer adrs ;;
384 ;; Output: EBX = 0 ;;
385 ;; CX = next cnt ;;
386 ;; EBP = bytes/sector;;
387 ;; ES:0 -> next adrs ;;
388 ;; C=0 for last sector ;;
389 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
390
391 ReadCluster:
392 add eax, byte 1
393
394 inc cx ; jcxnz
395 loop ReadSectorC
396
397 mul ebx ; edx:eax = 0
398 %if SectorOf512Bytes != 0
399 mov al, 128
400 %else
401 mov cl, -2
402 add cl, [bx(bpbSectorSizeBits)]
403 bts ax, cx ; eax=# of exFAT entries per sector
404 %endif
405 lea edi, [esi-2] ; edi=cluster #-2
406 xchg eax, esi
407 div esi ; eax=FAT sector #, edx=entry # in sector
408
409 imul si, dx, byte 4 ; si=entry # offset in sector
410
411 cdq
412 add eax, [bx(bpbFatSectorStart)] ; sector # relative to exFAT
413 call ReadSectorFAT ; read 1 exFAT sector, keep edx=0, set C
414
415 mov esi, [es:si] ; esi=next cluster #
416
417 mov dl, [bx(bpbSectorPerClusterBits)]
418 xor ecx, ecx
419 bts ecx, edx ; 10000h max (32MB cluster)
420 xchg eax, edi ; get cluster #-2
421 mul ecx
422
423 add eax, [bx(bpbClusterSectorStart)]
424 ReadSectorC:
425 mov di, bx
426 ReadSectorFAT:
427 adc edx, ebx
428
429 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
430 ;; Reads a sector using BIOS Int 13h ;;
431 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
432 ;; Input: EDX:EAX = LBA ;;
433 ;; BX = 0 ;;
434 ;; CX = sector count ;;
435 ;; ES:0 -> buffer address ;;
436 ;; Output: BX = 0 ;;
437 ;; CX = next count ;;
438 ;; EBP = bytes/sector ;;
439 ;; ES:0 -> next address ;;
440 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
441
442 %if SectorOf512Bytes != 0
443 lea ebp, [bx+512]
444 %else
445 lea ebp, [bx+1]
446 %endif
447
448 pushad
449
450 add eax, [bx(bpbSectorStart)]
451 adc edx, [bx(bpbSectorStart)+4]
452
453 push edx
454 push eax
455 push es
456 push bx
457 %if SectorOf512Bytes != 0
458 push byte 1 ; sector count word = 1
459 %else
460 push bp ; sector count word = 1
461 %endif
462 push byte 16 ; packet size byte = 16, reserved byte = 0
463 ReadSectorRetry:
464 mov si, sp
465 mov ah, 42h ; ah = 42h = extended read function no.
466 mov dl, [bx(DriveNumber)] ; restore BIOS boot drive number
467 int 13h ; extended read sectors (DL, DS:SI)
468
469 jnc ReadSuccess
470
471 %if ReadRetry != 0
472 xor ax, ax
473 int 13h ; reset drive (DL)
474 dec bp
475 %if SectorOf512Bytes != 0
476 jne ReadSectorRetry ; up to 511 tries
477 %else
478 jpe ReadSectorRetry ; up to 3 tries
479 %endif
480 %endif
481
482 call Error
483 db "Read error."
484
485 ReadSuccess:
486 %if SectorOf512Bytes == 0
487 mov cl, [bx(bpbSectorSizeBits)]
488 shl word [si+16+8], cl ; (e)bp si+16: EDI ESI EBP ESP EBX EDX ECX EAX
489 %endif
490 popa ; sp += 16
491 popad ; real registers
492 ret
493
494 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
495 ;; Fill free space with zeroes ;;
496 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
497
498 times (512-13-($-$$)) db 0
499
500 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
501 ;; Name of the file to load and run ;;
502 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
503
504 NameLength equ 11
505 ProgramName times NameLength db 0 ; name and extension
506
507 ;;;;;;;;;;;;;;;;;;;;;;;;;;
508 ;; End of the sector ID ;;
509 ;;;;;;;;;;;;;;;;;;;;;;;;;;
510
511 dw 0AA55h ; BIOS checks for this ID