#!perl -w # (C) 2003-2007 Willem Jan Hengeveld # Web: http://www.xs4all.nl/~itsme/ # http://wiki.xda-developers.com/ # # $Id: $ # # this script analyzes a dos bootsector use strict; use IO::File; # ntfs: # 0x0000-0x0200 bootsector # 0x0200-0x2000 NTLDR # # disk offset mft1_cluster * sectorspertrack * bytespersector # -> MFT1 # # special files: # $MFT # $MFTMirr # $LogFile # $Bitmap # $BadClus # $UpCase # $Extend # $Quota # $ObjId # $Reparse # my $fn= shift or die "need filename\n"; my $fh= IO::File->new($fn, "r") or die "$fn: $!\n"; binmode $fh; my $ofs= @ARGV ? eval(shift) : 0; $fh->seek($ofs, 0); my $data; $fh->read($data, 512); $fh->close(); my $boot= parsebootsec($data); printbootsec($boot); sub parsebootsec { my ($data)= @_; my %boot; my ($bpb, $extbpb); ( $boot{jump}, # a3 00 $boot{oemid}, # A8 03 $boot{BytesPerSector}, # v 0b $boot{SectorsPerCluster}, # C 0d $boot{ReservedSectors}, # v 0e $boot{Unused10}, # a5 10 $boot{MediaDescriptor}, # C 15 $boot{Unused16}, # v 16 $boot{SectorsPerTrack}, # v 18 $boot{NumberOfHeads}, # v 1a $boot{HiddenSectors}, # V 1c $boot{Unused20}, # a8 20 $boot{TotalSectors}, # VV 28 $boot{TotalSectorsHi}, $boot{Mft1_Cluster}, # VV 30 $boot{Mft1_ClusterHi}, $boot{Mft2_Cluster}, # VV 38 $boot{Mft2_ClusterHi}, $boot{ClustersperFileRecordSegment}, # V 40 $boot{ClustersperIndexBlock}, # V 44 $boot{VolumeSerialNumber}, # VV 48 $boot{VolumeSerialNumberHi}, $boot{Checksum}, # V 50 $boot{code}, # a426 54 $boot{eos} # v )= unpack("a3a8vCva5CvvvVa8VVVVVVVVVVVa426v", $data); return \%boot; } sub printbootsec { my ($boot)= @_; my %isstr= (jump=>1, oemid=>3, Unused10=>1, Unused20=>1, code=>2); print map { sprintf("%-40s %08lx\n", $_, $boot->{$_}); } grep { !$isstr{$_} } sort keys %$boot; print map { sprintf("%-40s %s\n", $_, $boot->{$_}); } grep { exists $isstr{$_} && $isstr{$_}==3 } sort keys %$boot; print map { sprintf("%-40s %s\n", $_, unpack("H*", $boot->{$_})); } grep { exists $isstr{$_} && $isstr{$_}==1 } sort keys %$boot; }