IMG booting if modified with a jmp instruction
-
- Posts: 28
- Joined: 27. Sep 2023, 20:57
IMG booting if modified with a jmp instruction
Dear all,
I have an x86 IMG file booting only if modified by adding a jmp instruction at the beginning, although having a x86 jmp instruction at the beginning seems not to be a requirement according to MBR specs...
Any idea on why this happens?
I have an x86 IMG file booting only if modified by adding a jmp instruction at the beginning, although having a x86 jmp instruction at the beginning seems not to be a requirement according to MBR specs...
Any idea on why this happens?
-
- Site Moderator
- Posts: 20945
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: IMG booting if modified with a jmp instruction
Is this question related to this one: viewtopic.php?p=541553#p541553
-
- Posts: 28
- Joined: 27. Sep 2023, 20:57
Re: IMG booting if modified with a jmp instruction
Nope, it is another issue (and related to another img)...
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: IMG booting if modified with a jmp instruction
How are we supposed to diagnose this? Telepathy?
Can't comment without seeing a hex dump of the first sector.
Can't comment without seeing a hex dump of the first sector.
-
- Posts: 28
- Joined: 27. Sep 2023, 20:57
Re: IMG booting if modified with a jmp instruction
You're right, sorry.
Here attached are therefore the original file "tetros.txt" that does not boot, and the edited "tetros_edited.txt" which does boot, where a jmp instruction (jmp 0x02 in x86 Intel assembly = 0xEB00 in x86 binary) has been added at the very beginning, as first instruction of the MBR.
I used each of these as a floppy image, like booting my VM from a floppy added as VM device (indeed, both files are just the size of MBR...).
My VirtualBox version is 7.0.6 r155176 (Qt5.15.2)
N.B.: They have been here renamed as .txt in order to be able to attach them to this post. Please rename them as .img.
Here attached are therefore the original file "tetros.txt" that does not boot, and the edited "tetros_edited.txt" which does boot, where a jmp instruction (jmp 0x02 in x86 Intel assembly = 0xEB00 in x86 binary) has been added at the very beginning, as first instruction of the MBR.
I used each of these as a floppy image, like booting my VM from a floppy added as VM device (indeed, both files are just the size of MBR...).
My VirtualBox version is 7.0.6 r155176 (Qt5.15.2)
N.B.: They have been here renamed as .txt in order to be able to attach them to this post. Please rename them as .img.
- Attachments
-
- tetros_edited.txt
- Edited file, it does boot !
- (512 Bytes) Downloaded 11 times
-
- tetros.txt
- Original file, but it does NOT boot !
- (512 Bytes) Downloaded 16 times
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: IMG booting if modified with a jmp instruction
Anyway, the assertion that the VirtualBox MBR BIOS requires a jump instruction at offset 0 is definitely false. None of my MBR sectors has that. It only thing the BIOS requires is that it is valid executable code, because that's how a MBR BIOS boot works: nothing fancy, just load sector 0 into a buffer and jump to it.
And incidentally, neither of the attached files contains an MBR. They both appear to contain boot sector code. This would be the first sector of a bootable partition, or the first sector on a floppy drive. I didn't think ISO's had this sector, but I could be wrong.
And incidentally, neither of the attached files contains an MBR. They both appear to contain boot sector code. This would be the first sector of a bootable partition, or the first sector on a floppy drive. I didn't think ISO's had this sector, but I could be wrong.
-
- Volunteer
- Posts: 5678
- Joined: 14. Feb 2019, 03:06
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Linux, Windows 10, ...
- Location: Germany
Re: IMG booting if modified with a jmp instruction
No, but I'll have a look ...
PS: It's a complete Tetris clone that fits into 446 bytes and can therefore be used as an MBR or as a boot sector. Google "TetrOS" if you're interested.
-
- Posts: 28
- Joined: 27. Sep 2023, 20:57
Re: IMG booting if modified with a jmp instruction
Yes, that's why I tested it
And you know, issues usually emerge when dealing with small things...
And you know, issues usually emerge when dealing with small things...
-
- Posts: 28
- Joined: 27. Sep 2023, 20:57
Re: IMG booting if modified with a jmp instruction
Sure, that's true and known in theory.mpack wrote: ↑28. Sep 2023, 17:20 Anyway, the assertion that the VirtualBox MBR BIOS requires a jump instruction at offset 0 is definitely false. None of my MBR sectors has that. It only thing the BIOS requires is that it is valid executable code, because that's how a MBR BIOS boot works: nothing fancy, just load sector 0 into a buffer and jump to it.
And incidentally, neither of the attached files contains an MBR. They both appear to contain boot sector code. This would be the first sector of a bootable partition, or the first sector on a floppy drive. I didn't think ISO's had this sector, but I could be wrong.
The question on why the exhibited behavior does not fulfill the expectations (and, secondarily, why it works instead with such a (casual) modification...) remains anyway open
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: IMG booting if modified with a jmp instruction
I don't believe there is any mystery there. Any valid executable code at offset 0 will work. I assume the failure indicates that it isn't valid code - I don't have the means to easily disassemble raw Intel binary tho. It's not a direction I commonly need to go in.davide8226 wrote: ↑28. Sep 2023, 17:28 The question on why ... it works instead with such a (casual) modification...) remains anyway open
-
- Posts: 28
- Joined: 27. Sep 2023, 20:57
Re: IMG booting if modified with a jmp instruction
...but the x86 opcode in the edited MBR has just been shifted by 2 bytes, thus getting at byte 2 of the edited MBR instead of its original position at byte 0 in the original file.mpack wrote: ↑28. Sep 2023, 17:31I don't believe there is any mystery there. Any valid executable code at offset 0 will work. I assume the failure indicates that it isn't valid code - I don't have the means to easily disassemble raw Intel binary tho. It's not a direction I commonly need to go in.davide8226 wrote: ↑28. Sep 2023, 17:28 The question on why ... it works instead with such a (casual) modification...) remains anyway open
So it cannot be an invalid x86 opcode issue...
Last edited by davide8226 on 28. Sep 2023, 18:10, edited 1 time in total.
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: IMG booting if modified with a jmp instruction
VirtualBox has no mechanism to affect the contents of the MBR in any way, so I'm not sure what you are saying. If the code is offset by 2 bytes then the tool (or person) which wrote the code to sector 0 is buggy.
And in any case, the VirtualBox BIOS seems to have no problem with any of the many guest OS's it successfully boots.
And in any case, the VirtualBox BIOS seems to have no problem with any of the many guest OS's it successfully boots.
-
- Volunteer
- Posts: 5678
- Joined: 14. Feb 2019, 03:06
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Linux, Windows 10, ...
- Location: Germany
Re: IMG booting if modified with a jmp instruction
I can confirm that the issue is also reproducible with VirtualBox 6.1.46. VirtualBox successfully loads the boot sector from a virtual floppy disk image or the MBR from a virtual hard disk image, and in both cases "for some reason" decides that "VMMDev: Guest Log: BIOS: Boot from [...] failed".
I think there will be some checks taking place before control is given from the VirtualBox BIOS to the loaded code ...
I think there will be some checks taking place before control is given from the VirtualBox BIOS to the loaded code ...
-
- Volunteer
- Posts: 5678
- Joined: 14. Feb 2019, 03:06
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Linux, Windows 10, ...
- Location: Germany
Re: IMG booting if modified with a jmp instruction
Inserting the two bytes also shifted the artificial partition table entry (for the MBR case). To see if the jump or the shift plays a role: What happens if you insert "0x90 0x90" instead of "0xEB 0x00"?
Interestingly enough, the result of this test would have mislead me.
I'll explain this later ...
Interestingly enough, the result of this test would have mislead me.
I'll explain this later ...
Last edited by fth0 on 28. Sep 2023, 18:48, edited 1 time in total.
-
- Posts: 28
- Joined: 27. Sep 2023, 20:57
Re: IMG booting if modified with a jmp instruction
Nice idea, thank you. Indeed, I have just tried and it works with 0x9090 as well (instead of 0xEB00).
So it seems like misplaced partition table issue?
But as opcodes are sequentially executed, the first opcodes should not be executed anyway, with issues eventually showing up at a (even short in time but) later stage?
As I was reading your reply I remembered that I already gave it a try before today by not shifting the partition table of two bytes, as I aware - like you highlighted - that the insertion of two bytes at the beginning for the jmp instruction would have shifted the partition table as well.
And, well... it correctly booted that way, too!
So it seems not a misplaced partition table issue, thus...
Last edited by davide8226 on 28. Sep 2023, 19:51, edited 9 times in total.