The Master Boot Record (MBR) is located at the physical beginning of hard drive (Head 0 Cylinder 0 Sector 1), editable using the Hex editor. It consists of a master bootstrap loader code (446 bytes) and four subsequent, identically structure partition records. Finally, the hexadecimal signature 55AA completes a valid MBR.

The format of a partition record is as follows:

1

Address Content

0000H-00D9H Master bootstrap loader

00DAH-01BDH Reserved

01BEH-01CDH Partition 1

01CEH-01DDH Partition 2

01DEH-01EDH Partition 3

01EEH-01FDH Partition 4

01FEH-01FFH 55AAH

Offset Size Description

0 8-bit A value of 80 designates an active partition

1 8-bit Partition start head

2 8-bit Partition start sector (bits 0-5)

3 8-bit Partition start track (total length is 10 bits; bit

9 and bit 8 are located in bit 7 and bit 6 in the

start sector bits).

*If 02H is X and 03H is Y, the total tracks

number= (X>>6)*16^2+Y

4 8-bit Operating system indicator

5 8-bit Partition end head

6 8-bit Partition end sector (bits 0-5)

7 8-bit Partition end track (total length is 10 bits; bit

9 and bit 8 are located in bit 7 and bit 6 in the

start sector bits).

8 32-bit Sectors preceding partition

C 32-bit Length of partition in sectors

Master Boot Record

Operating system indicators: (hexadecimal, incomplete list)

00 Empty partition-table entry01 DOS FAT1204 DOS FAT16 (up to 32 MB)05 DOS 3.3+ extended partition06 DOS 3.31+ FAT16 (over 32 MB)07 OS/2 HPFS, Windows NT NTFS, Advanced Unix08 OS/2 v1.0-1.3, AIX bootable partition, SplitDrive09 AIX data partition0A OS/2 Boot Manager0B Windows 95+ FAT320C Windows 95+ FAT32 (using LBA-mode INT 13 extensions)0E DOS FAT16 (over 32 MB, using INT 13 extensions)0F Extended partition (using INT 13 extensions)17 Hidden NTFS partition1B Hidden Windows 95 FAT32 partition1C Hidden Windows 95 FAT32 partition (using LBA-mode INT 13 extensions)1E Hidden LBA VFAT partition42 Dynamic disk volume50 OnTrack Disk Manager, read-only partition51 OnTrack Disk Manager, read/write partition81 Linux82 Linux Swap partition, Solaris (Unix)83 Linux native file system (ext2fs/xiafs)85 Linux EXT86 FAT16 volume/stripe set (Windows NT)87 HPFS fault-tolerant mirrored partition, NTFS volume/stripe setBE Solaris boot partitionC0 DR-DOS/Novell DOS secured partitionC6 Corrupted FAT16 volume/stripe set (Windows NT)C7 Corrupted NTFS volume/stripe setF2 DOS 3.3+ secondary partition

2

Master Boot Record

For example: There’re 2 Primary NTFS partitions and the second one is active. Also, there are seven Extended partitions and the fifth one is NTFS while the others are FAT32. The MBR of this drive will be shown as:

3

Master Boot Record

4

Analysis of MBR

Master bootstrap loader code 33 C0 8E D0 BC 00 7C FB …

01BEH-01CDH is the partition record of

Partition 1. This is not an active

partition. It starts from Head 1 Cylinder

70 Sector 1. The OS is HPFS,

Windows NT NTFS, Advanced UNIX.

01CEH-01DDH is the partition record of

Partition 2. This is an active partition. It

starts from Head 1 Cylinder 340 Sector

1. The OS is HPFS, Windows NT

NTFS, Advanced UNIX.

01DEH-01EDH is the partition record of

Partition 3. This is not active partition.

The operating system indicator of 0F

indicates that this is an Extended

Partition (using INT 13 extension). The

Extended Partition Record starts from

Head 0 Cylinder 435 Sector 1.

Master Boot Record

The content of the Extended Partition Table at the address of Head 0 Cylinder 435 Sector 1 is shown below, where the structure is the same as Main Partition Table in MBR.

5

The 4th partition record is empty.

55AAH is the ending signature of MBR.

Master Boot Record

There will be another 6 Extended Partition Tables which have the same structures as the one shown above.

6

Analysis of Extended Partition Table

The 1st extended partition

starts from Head 1 Cylinder

435 Sector 1. The OS is

Windows 95+FAT32.

The operating system

indicates a DOC extended

partition. It points to the next

Extended Partition Table

which locates at Head 0

Cylinder 777 Sector 1.

Partition table entry #3 00

Partition table entry #4 00

Master Boot Record