On July 25 2024, 11:50, Mateusz Viste wrote via Freedos-user:
On 25/07/2024 10:44, userbeitrag--- via Freedos-user wrote:
Since DOS was vulnerable to boot viruses, it was AFAIK only necessary to
access a (floppy) disk. DOS would always execute the virus if it was in
the boot sector (be it a VBR or MBR). A simple "A:" at the prompt might
have been enough, depending on the DOS version and the TSRs.
There is no VBR on a floppy, because there is no partition table - only
a boot sector.
Well...
https://www.cs.williams.edu/~jannen/teaching/s19/cs333/readings/FAT/Design_of_the_FAT_file_system-Wikipedia.pdf
I cite:
"On non-partitioned devices, such as floppy disks, the Boot Sector (VBR)
is the first sector (logical sector 0 with physical CHS address 0/0/1 or
LBA address 0)."
Yes, this comes from Wikipedia, so it might be wrong.
https://en.wikipedia.org/wiki/Volume_boot_record
I cite:
"A volume boot record (VBR) (also known as a volume boot sector, a
partition boot record or a partition boot sector) is a type of boot
sector introduced by the IBM Personal Computer. It may be found on a
partitioned data storage device, such as a hard disk, or an
unpartitioned device, such as a floppy disk, ..."
The Starman's Realm lists floppy boot sectors under "VBR (Volume Boot
Record) and OS Boot Sectors"...
https://thestarman.pcministry.com/asm/mbr/#Flop
The boot sector of floppy disks and hard disk partitions seems to be an
integral part of the filesystem FAT, as it is also sometimes called the
"FAT header".
See also: https://en.wikipedia.org/wiki/Design_of_the_FAT_file_system
With most Microsoft filesystems, if you compare the VBR on a hard disk
partition to the one on a floppy drive, the only difference mostly
really is the filesystem: FAT12 for floppies, or FAT16/FAT32/NTFS for
hard disk partitions. In any case, the boot sector (or partition sector,
in case of the VBR on a hard disk partition) contains, aside from some
filesystem information, a BIOS Paramenter Block (BPB) and a signature
(the famous 0xAA55). The one exception is the original PC DOS 1.0/1.1
boot sector, which did not yet have a BPB or a signature
(https://thestarman.pcministry.com/DOS/ibm100/Boot.htm)...
The boot sector is loaded by the BIOS at boot time, never
by DOS. Hence no, accessing a boot-sector-infected diskette would not
make the virus activate. One would need to actually boot from this
diskette.
I'm unsure about this...
https://www.kaspersky.co.uk/resource-center/definitions/boot-sector-virus
I cite:
"An infected floppy disk or USB drive connected to a computer will
transfer when the drive's VBR is read, then modify or replace the
existing boot code."
But again, maybe I remember this wrong. Maybe every boot virus needed a
dropper...
Greetings,
A.
_______________________________________________
Freedos-user mailing list
Freedos-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freedos-user
