[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] ntldr support

From: Christian Franke
Subject: Re: [PATCH] ntldr support
Date: Mon, 10 Aug 2009 20:57:38 +0200
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20090403 SeaMonkey/1.1.16

Robert Millan wrote:
It probably would make sense that the 'ntldr' command does simple signature checks and fail on unknown files unless '--force' is specified.

You mean checking for the PE signature?  Yes, this would be nice too.

A check of the first byte (jmp, 0xe9) and some file size range check (e.g. 0x30000...0x40000) may be enough for a first ntldr command. May also work for bootmgr.exe.

EXE ("MZ") and PE headers appear at larger offsets:

ntldr from XP SP2: size 251184, EXE header at 0x4d30, PE at 0x4e00
ntldr from XP SP3: size 251712, EXE header at 0x4d40, PE at 0x4e10
bootmgr.exe from Vista: ???

grub4dos checks for ntldr as follows:
- file starts with 0xe9, 0x??, 0x01,
- first sector does not end with bootsector signature 0x55,0xaa,
- file size exceeds 0x30000.

Christian Franke

reply via email to

[Prev in Thread] Current Thread [Next in Thread]