Join Us!

Notifications
Clear all

MBR and GUID  

  RSS
mhibert
(@mhibert)
New Member

Guys, could you please direct me what books and documentation I could have read to deeply dive in understanding of GUID and MBR?

Thank you!

Quote
Posted : 01/01/2018 9:00 pm
jaclaz
(@jaclaz)
Community Legend

Guys, could you please direct me what books and documentation I could have read to deeply dive in understanding of GUID and MBR?

Thank you!

I guess by GUID you are referring to GPT style partitioning? ?

There is not much "depth".
The MBR is 512 bytes, of which
1) the first 440 bytes are "code"
2) the following 4 bytes are Disk Signature (present in any and all NT based systems), followed by two unused bytes
3) following at offset 446 is the partition table, 4 entries, each 16 bytes containing filesystem "pseudo" ID, CHS and LBA addresses of a partition.
4) last two bytes are "magic bytes" 55AA

The GPT is an evolution of the same approach, the full spec are inside the very large UEFI specifications, basically, it spans over several sectors
1) the first 440 bytes are blank
2) the disk signature and following two unused bytes are kept the same for backwards compatibility
3) the partition table is kept the same, still for backwards compatibility, but it has a single entry, with a "protective" filesystem ID of EE, spanning the whole size of the device minus the first sector
4) the magic bytes are kept the same for backwards comparibility
5) the real fun starts on second sector, where the main GPT header table is, followed in a number of sectors by partition entries, each taking 128 bytes, composed of a GUID, LBA address and a checksum.
6) the whole stuff is replicated (in inverted order) at the end of the device
The layout is very clear in the image here
https://en.wikipedia.org/wiki/GUID_Partition_Table

For some good data about MBR check
https://www.win.tue.nl/~aeb/partitions/
then
http//thestarman.pcministry.com/asm/mbr/index.html
browse around, a number of pages will be useful, particularly
http//thestarman.narod.ru/asm/mbr/GPT.htm

Then, for GPT, check first thing
http//www.rodsbooks.com/gdisk/
again browse around, a number of pages will be useful

Then, go through
https://www.digitalforensics.ch/nikkel09.pdf

Besides reading the above, I would suggest you to experiment with a hex disk editor/viewer and with gdisk on some real device(s).

jaclaz

ReplyQuote
Posted : 02/01/2018 10:51 am
Share: