Boot to Win98SE startup disk (It is the best OS made boot disk ever). Type in debug at the A: prompt.
Enter in the following commands:
Blue: what you type in.
Pink: what is displayed on the screen. (DO NOT TYPE THIS IN!)
Black: this is useful information. (DO NOT TYPE THIS IN!)
=====================================================================
To delete partitions on a hard drive:
--------------------------------------------F 220 L1000 0 (ENTER)
-A CS: 100 (ENTER)
xxxx:0100 MOV AX,301 (ENTER)
xxxx:0103 MOV BX,200 (ENTER)
xxxx:0106 MOV CX,1 (ENTER)
xxxx:0109 MOV DX,80 (ENTER) <---"80" for hd1, "81" for hd2 >
xxxx:010C INT 13 (ENTER)
xxxx:010E INT 20 (ENTER)
xxxx:0110 (ENTER) <-------BLANK LINE "VERY IMPORTANT" >
-G (ENTER)
Program terminated normally- (CTRL)-(ALT)-(DEL) to reboot system
or
The commands used were:
debug
-F 200 L1000 0
-A CS:100
xxxx:0100 MOV AX,301
xxxx:0103 MOV BX,200
xxxx:0106 MOV CX,1
xxxx:0109 MOV DX,80
xxxx:010C INT 13
xxxx:010E INT 20
xxxx:0110
-G
Short answer:
The Debug code has zeroed out your MBR and partition table in LBA 0.
You should be able to rebuild it using TestDisk (freeware):
http://www.cgsecurity.org/wiki/TestDisk
Long answer:
The Debug commands do the following:
1/ (F)ill a block of memory of (L)ength 0x1000 bytes beginning at address 0x200 with a value of 0
2/ (A)ssemble a program beginning at address 0x100
3/ (G)o to address 0x100 and execute the program
Debug's command options can be listed by typing "?" at the prompt.
The program code loads CPU registers AX, BX, CX, and DX, and then executes an INT13 instruction. INT20 returns control to the system.
The following article explains the INT13 services:
http://en.wikipedia.org/wiki/INT_13H
AX is preloaded with a value 0x0301. This means that AH = 0x03 and AL = 0x01.
According to the Function Table, AH = 03h executes a "Write Sectors To Drive" function:
http://en.wikipedia.org/wiki/INT_13H#INT_13h_AH.3D03h:_Write_Sectors_To_Drive
Now ...
BX = 0x0200
CX = 0x0001, CH = 0x00, CL = 0x01
DX = 0x0080, DH = 0x00, DL = 0x80
So the INT13 code writes 1 sector of information to sector 1, track 0, head 0 on the first hard disk (DL = 80h).
http://en.wikipedia.org/wiki/INT_13H#Drive_Table
BX is the "Buffer Address Pointer", so this means that the data from address 0x200 to 0x3FF will be written to LBA 0 of the HDD. Therefore the partition table and MBR code will be replaced with zeros
Enter in the following commands:
Blue: what you type in.
Pink: what is displayed on the screen. (DO NOT TYPE THIS IN!)
Black: this is useful information. (DO NOT TYPE THIS IN!)
=====================================================================
To delete partitions on a hard drive:
--------------------------------------------F 220 L1000 0 (ENTER)
-A CS: 100 (ENTER)
xxxx:0100 MOV AX,301 (ENTER)
xxxx:0103 MOV BX,200 (ENTER)
xxxx:0106 MOV CX,1 (ENTER)
xxxx:0109 MOV DX,80 (ENTER) <---"80" for hd1, "81" for hd2 >
xxxx:010C INT 13 (ENTER)
xxxx:010E INT 20 (ENTER)
xxxx:0110 (ENTER) <-------BLANK LINE "VERY IMPORTANT" >
-G (ENTER)
Program terminated normally- (CTRL)-(ALT)-(DEL) to reboot system
or
The commands used were:
debug
-F 200 L1000 0
-A CS:100
xxxx:0100 MOV AX,301
xxxx:0103 MOV BX,200
xxxx:0106 MOV CX,1
xxxx:0109 MOV DX,80
xxxx:010C INT 13
xxxx:010E INT 20
xxxx:0110
-G
Short answer:
The Debug code has zeroed out your MBR and partition table in LBA 0.
You should be able to rebuild it using TestDisk (freeware):
http://www.cgsecurity.org/wiki/TestDisk
Long answer:
The Debug commands do the following:
1/ (F)ill a block of memory of (L)ength 0x1000 bytes beginning at address 0x200 with a value of 0
2/ (A)ssemble a program beginning at address 0x100
3/ (G)o to address 0x100 and execute the program
Debug's command options can be listed by typing "?" at the prompt.
The program code loads CPU registers AX, BX, CX, and DX, and then executes an INT13 instruction. INT20 returns control to the system.
The following article explains the INT13 services:
http://en.wikipedia.org/wiki/INT_13H
AX is preloaded with a value 0x0301. This means that AH = 0x03 and AL = 0x01.
According to the Function Table, AH = 03h executes a "Write Sectors To Drive" function:
http://en.wikipedia.org/wiki/INT_13H#INT_13h_AH.3D03h:_Write_Sectors_To_Drive
Now ...
BX = 0x0200
CX = 0x0001, CH = 0x00, CL = 0x01
DX = 0x0080, DH = 0x00, DL = 0x80
So the INT13 code writes 1 sector of information to sector 1, track 0, head 0 on the first hard disk (DL = 80h).
http://en.wikipedia.org/wiki/INT_13H#Drive_Table
BX is the "Buffer Address Pointer", so this means that the data from address 0x200 to 0x3FF will be written to LBA 0 of the HDD. Therefore the partition table and MBR code will be replaced with zeros
0 comments:
Post a Comment