Wednesday, May 26, 2010

Boot Sector virus!!

What is Boot Sector?
The boot sector on a disk is always the first sector (Sector is a size of 512 bytes) on the first track on the first head. When the computer is powered on (or reset), the BIOS starts up and does the POST. It initializes all of it's data, then it looks for a valid boot sector. A valid boot sector (to the BIOS) is one that has 0AA55h at offset 510 in the boot sector. When the BIOS finds the boot sector, it reads that sector (512 bytes) off of the disk and into memory at 0:7C00h. Then it jumps to 0:7C00h and the boot sector code gets control. At this point, all that has been initialized is the BIOS data area (40h:0) and the BIOS interrupts (10h - 1Ah).
The boot sector of a floppy disk is located at cylinder 0, head 0, and sector 1.

What is Boot Sector virus?

Boot sectors are one mechanism by which computer viruses gain control of a system. Boot sector infector viruses replace the bootstrap code in the boot sectors (of floppy disks, hard disks, or both) with viral code. Boot-sector viruses infect computer systems by copying code either to the boot sector on a floppy disk or the partition table on a hard disk. During startup, the virus is loaded into memory. Once in memory, the virus will infect any non-infected disks accessed by the system. Examples of boot- sector viruses are Michelangelo and Stoned.

How can I see Boot sector Code of a Disk?

We can see Unassembled code with the help of Dedug utility from Microsoft.
-L 2000 0 0 1 will load 0 th drive(floppy) started with 0 th sector .with a count of 1 into memory location 2000.
-U 2000 will display assembly code.

Easy step to write Virus / code into Disk?

For easy updating of your Sector code load data into any location as shown above.
after unassembled command you can find that the first is a jump command . don't change that code because after this jump code there will be some information about FAT .if any changes in FAT occurs then drive will not read.You can change code where JUMP command pointed to.

After this ,Insert floppy disk and restart your computer . INT 19 is a BIOS interrupt for Boot strap loader.After inserting above floppy disk you will see that system is contineously blinking and boots only after removing floppy disk.
This is not a virus ..

Warring!!
Don't write code into Hard disk .Try your experiment in Floppy disk.

 

Posted by Sen SD at 10:43 PM

2 comments:

Simon said...

Hello, my name is Simon, I am currently studying in France.
I try to contact you, but can not find email addresses on your website, I would leave this comment. Could you contact me by email?
Simon.valdenaire @ hotmail.fr

Thank you in advance.

Simon

August 29, 2010 at 10:16 AM
Anonymous said...

smokeless cigarettes, smokeless cigarettes, smokeless cigarettes, e cigarette health, e cigarette, ecigs

November 27, 2014 at 12:58 PM

Post a Comment

Subscribe to: Post Comments (Atom)