[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] ntldr support
|
From: |
Christian Franke |
|
Subject: |
Re: [PATCH] ntldr support |
|
Date: |
Mon, 10 Aug 2009 20:57:38 +0200 |
|
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.21) Gecko/20090403 SeaMonkey/1.1.16 |
Robert Millan wrote:
It probably would make sense that the 'ntldr' command does simple
signature checks and fail on unknown files unless '--force' is specified.
You mean checking for the PE signature? Yes, this would be nice too.
A check of the first byte (jmp, 0xe9) and some file size range check
(e.g. 0x30000...0x40000) may be enough for a first ntldr command. May
also work for bootmgr.exe.
EXE ("MZ") and PE headers appear at larger offsets:
ntldr from XP SP2: size 251184, EXE header at 0x4d30, PE at 0x4e00
ntldr from XP SP3: size 251712, EXE header at 0x4d40, PE at 0x4e10
bootmgr.exe from Vista: ???
grub4dos checks for ntldr as follows:
- file starts with 0xe9, 0x??, 0x01,
- first sector does not end with bootsector signature 0x55,0xaa,
- file size exceeds 0x30000.
--
Regards
Christian Franke
- Re: [PATCH] ntldr support, (continued)
- Re: [PATCH] ntldr support, Christian Franke, 2009/08/05
- Re: [PATCH] ntldr support, Robert Millan, 2009/08/07
- Re: [PATCH] ntldr support, Michal Suchanek, 2009/08/07
- Re: [PATCH] ntldr support, Robert Millan, 2009/08/07
- Re: [PATCH] ntldr support, Michal Suchanek, 2009/08/07
- Re: [PATCH] ntldr support, Christian Franke, 2009/08/08
- Re: [PATCH] ntldr support, Yves Blusseau, 2009/08/08
- Re: [PATCH] ntldr support, Vladimir 'phcoder' Serbinenko, 2009/08/08
- Re: [PATCH] ntldr support, Christian Franke, 2009/08/08
- Re: [PATCH] ntldr support, Robert Millan, 2009/08/10
- Re: [PATCH] ntldr support,
Christian Franke <=
- Re: [PATCH] ntldr support, Vladimir 'phcoder' Serbinenko, 2009/08/10
- Re: [PATCH] ntldr support, Christian Franke, 2009/08/10