Search

The mysteries arround "0x7C00" in x86 architecture bios bootloader

Do you know "0x7C00", a magic number, in x86 assembler programming ?
"0x7C00" is the memory address which BIOS loads MBR(Master Boot Record, a first sector in hdd/fdd) into. OS or bootloader developer must assume that their assembler codes are loaded and start from 0x7C00.

But...1st, you may wonder.

"I read all of Intel x86(32bit) programmers manual, but did not found the magic number 0x7C00."

Yes.0x7C00 is NOT related to x86 CPU. It's natural that you couldn't find out it in cpu specifications from intel. Then, you wonder, "Who decided it ?"

2nd, you may wonder:

"0x7C00 is 32KiB - 1024B at decimal number. What's this number means ?"

Anyone decided it. But, why he/she decided such a halfway address?

Hum...There're TWO questions(mysteries) arround the magic number "0x7C00".

1. Who decided "0x7C00" ?
2. What "0x7C00 = 32KiB - 1024B" means ?

Okay, let's dive into the secret of BIOS for "IBM PC 5150", ancestor of modern x86(32bit) PCs, with me...!!

Glamenv-Septzen

Web Programming Tips and HowTos by msakamoto-sf(Masahiko Sakamoto).

contact:
sakamoto-gsyc-3s@glamenv-septzen.net

Japanese-Blog:
https://www.glamenv-septzen.net/

"Gray Hat Python" is awesome book. This tells us how Python script language helps, extends, and automates reverse engineering and debugging works.
Python and reverse engineering tools presented in this book are almost opensource project (except IDA Pro), so you can begin your Gray-Hat-Python exercize without any moneys, dollers, yens.

But sadly, there's some errors in example script and unexpected runtime-errors. Some of them are purely mistaken, some of them are caused by tools/libs version ups (we can't stop these version ups, because it's open-source.).
So I left my reading memos, covering these errors and avoiding affections from version-ups per every chapters.

And 1st, I reccomend you to read update informations from official "Gray Hat Python" book site:

• Gray Hat Python:
  • http://nostarch.com/ghpython.htm

I bought this book at 2010.06.27. If you buy newer version than me, some problems/errors in this article may have been fixed.

And my environment:

OS : Windows XP SP3 Japanese
CPU : Intel PentiumM (cenntrino) 1.2GHz
RAM : 1GB
Python : Python 2.5 (MSI installer), C:\Python25\python.exe
(Python 2.5.2 (r252:60911, Feb 21 2008, 13:11:45) [MSC v.1310 32 bit (Intel)] on win32)

Compiler : Microsoft Visual C++ 2008 Express Edition SP1
> cl 
Microsoft(R) 32-bit C/C++ Optimizing Compiler Version 15.00.30729.01 for 80x86
Copyright (C) Microsoft Corporation.  All rights reserved.
> link
Microsoft (R) Incremental Linker Version 9.00.30729.01
Copyright (C) Microsoft Corporation.  All rights reserved.

Today I tried to compile & install excellent libpcap python extension "pcapy" on my Windows XP note pc.

• Pcapy .:: CORE SECURITY TECHNOLOGIES ::.
  • http://oss.coresecurity.com/projects/pcapy.html

Pcapy official page serves exe installer for Python 2.5, WinPcap 4.0.x.
I'm using Python 2.5, but unfortunately, WinPcap-4.1.2 was installed on my note pc.

Hmm... it's time to download pcapy source code, compile, build, and install it.

My NotePC Environments:

OS : Windows XP SP3 Japanese
CPU : Intel PentiumM (Centrino) 1.2GHz
RAM : 1GB
Python : Python 2.5 (installed from MSI installer)
    Install Directory : C:\Python25

Requirements for this article, compiling pcapy:

Microsoft Visual Studio, C++
MyVersion : Visual C++ 2008 Express Edition SP1

Yesterday I tried installing pydbg and pydasm on my notepc.
pydasm is popular, famous library to disassemble machine codes (opcodes).
pydbg is also popular, famous library to build lightweight, extensible debugger for Windows platform.
Actually, pydbg is included in PaiMei, windows platform debugger framework.

The journey was hard, full of struggle and traps with python distutils.
I left these notes, memos, and traps for future person (including myself) who want installing these excellent reverse engineering tools written in python and c.

My notepc environments are:

CPU : Intel Pentium M (Centrino) 1.2GHz
RAM : 1GB
OS : Windows XP Professional SP3 (Japanese)
Python: Python 2.5 (install from MSI installer)
        Install Dir : C:\Python25
Visual Studio : Visual C++ 2008 Express Edision (SP1)
Subversion: TortoiseSVN 1.6.x

We require Subversion to obtain PaiMei later.

"Echo" Server/Client Example using Apache MINA:

• http://coderepos.org/share/browser/lang/java/echo_samples/act8

FEATURE:

• "act8" send/receive 1MB(larger size enable) payload repeatedly.

MAIN PURPOSE:

Check memory usage, heap overflow, and out-of-memory behaviours when building Apache MINA applications sending/receiving large size data.

EXAMPLE (EXTREM TRANSMISSION SITUATION):

Server-side GC log sample (10 client connection, 1MB packet, 100ms interval):
;

Blue-line : usage heap.
Gray-vertical-line: gc time.

Server-side java parameter:

-server -Xms200m -Xmx200m -Xloggc:gc.log

No overflow, no out-of-memory. But Full-GCs invoked about every 10 seconds:
;

Black-vertical-line: Full-GC

EXAMPLE 2 (NORMAL SITUATION):

But above case, all traffic packet per second are:

1MB x 10 (1000/100ms) x 10 client= 100MB/sec = 800Mbps(bits/sec)

This is extremely over traffic situation when using 100Mbps ethernet card.

Let's assume we are using 100Mbps ethernet card at next example, and avoid over traffic.
New client-side parameters are :

262,144 bytes, 200ms interval, 10 client
->
262,144 x 5 (1000/200ms) x 10 client = 13,107,200 Bytes/sec = 100M bits/sec
(Actually, TCP/IP header sizes should be added, but ignored for convenience.)
(Server-side parameter doesn't change)

;

Stable heap usage, gc invocation, NO Full-GC.

Testing Environment:

Windows XP SP3
Pentium4 2.8GHz (HT)
2GB RAM
Java 1.6.12
Apache MINA 1.1.7

I converted HTML to PDFs for some Matt Pietrek's MSJ articles:

• Jan 1997, A Crash Course on the Depths of Win32(TM) Structured Exception Handling
  • http://www.microsoft.com/msj/0197/exception/exception.aspx
• July 1997, Under The Hood (inside .obj file format and linkers)
  • http://www.microsoft.com/msj/0797/hood0797.aspx
• April 1998, Under The Hood (.lib file format)
  • http://www.microsoft.com/msj/0498/hood0498.aspx

MSJ Web Site HTML is not friendly for paper-print usage. Its font size and line width are small, some figures and source code are linked to another popup window, and TABLE tagged legacy HTML layout makes difficult for readers to customize CSS.
So I tried to copy texts to OpenOffice Writer with related figures and source codes, re-format for paper-print friendly.

I don't publish these PDFs in public area because copyrights are reserved by Microsoft.
If you want these PDFs, please contact to sakamoto-gsyc-3s@glamenv-septzen.net .