Flash Extractor
© Soft-Center
About     Shop     Downloads     Manual     Library     Forum     Services     Contacts
Flash Extractor \ Old forum \ Manual \ Example_4 - Assembling \
Example_4 - Assembling   Search  Register  Log in
This topic is locked: you cannot edit posts or make replies.
Author Message
Сергей



Joined: 26 Aug 2005
Posts: 7876
Location: Soft-Center
PostPosted: Thu Oct 23, 2008 16:51    Post subject: Example_4 - Assembling
Reply with quote
Open assemblers

Double click on final dump



Assemblers will apear



You can go back by pressing alt + F4
Сергей



Joined: 26 Aug 2005
Posts: 7876
Location: Soft-Center
PostPosted: Thu Oct 23, 2008 16:55    Post subject:
Reply with quote
Block Size

Dump_Search \ Listing with Block_Size 0x10800



Dump_Search \ Listing with Block_Size 0x42000

Сергей



Joined: 26 Aug 2005
Posts: 7876
Location: Soft-Center
PostPosted: Thu Oct 23, 2008 16:57    Post subject:
Reply with quote
Virtual_Translator

Block_0 starts from partition table
Search string 000055aa/h/528/508



There is difficult place.
MBR, Boot , FAT1, FAT2 all together situated at Block_0.
But root directory lie in the next block.
Сергей



Joined: 26 Aug 2005
Posts: 7876
Location: Soft-Center
PostPosted: Thu Oct 23, 2008 17:00    Post subject:
Reply with quote
Search for Root folder

Root folder don't have unique header.
To find it we will go up be directory tree from first meeted dir, until we find root.

Tree usualy grow upward, and have root at bottom
But in windows explorer "go up" mean go to Root :)))

Take any dir
Search string [.][.][пробел][пробел][пробел][пробел]



Take his header:
2E202020202020202020201000723B893A373A3700003C893A37542800000000

Bolded:

10 - file attributes, value "10" – directory mark

5428 – two bytes, first cluster of dir

00000000 – four bytes, size, always zero for dir

We will search for this values.
Other can be any.
Search string:

3f3f3f3f3f3f3f3f3f3f3f103f3f3f3f3f3f3f3f3f3f3f3f3f3f542800000000/h/16/0

where:
3f - any number
/h - search for hex
/16/0 - align on 16 bytes

First we found our dir 0x1baec00.
After it we found Root:



Start of block 0xd1de100 / 0x42000 * 0x42000 = 0xd1dc000
Сергей



Joined: 26 Aug 2005
Posts: 7876
Location: Soft-Center
PostPosted: Thu Oct 23, 2008 17:07    Post subject:
Reply with quote
Assembler choice

Build VT, same as at example_1:

Block Size: 0x42000
Sector: 512/16

Blocks:
0 / 0xc642000 / PT, Boot, FAT tables
1 / 0xd1dc000 / Root
0x5c / 0x1f74000
0xa2 / 0x1B96000
0xe7 / 0x7026000

Save image. Log:
Code:
  Image 0x00000000 (0000)  Dump 0x0c642000 (0301)  ff ff 10 01 ff ff 2b 58 94 05 4e 09 6f 95 83 ad
  Image 0x00040000 (0001)  Dump 0x0d1dc000 (032e)  ff ff 10 02 ff ff f8 64 c9 00 c7 1b d7 e5 37 f5
  Image 0x01700000 (005c)  Dump 0x01f74000 (007a)  ff ff 10 b9 ff ff 8f b0 bb 40 62 28 b4 0c e9 47
  Image 0x02880000 (00a2)  Dump 0x01b96000 (006b)  ff ff 11 44 ff ff 01 e5 0a 81 dc 1b 1d dc 15 e1
  Image 0x039c0000 (00e7)  Dump 0x07026000 (01b3)  ff ff 11 cf ff ff d7 9b 29 2c 1f b3 15 91 1a b4


Look for similar log at SA base
Сергей



Joined: 26 Aug 2005
Posts: 7876
Location: Soft-Center
PostPosted: Thu Oct 23, 2008 17:08    Post subject:
Reply with quote
Block_Number / 1001
Block_Size 0x42000
Marker 514/515
Display posts from previous:   
This topic is locked: you cannot edit posts or make replies. All times are GMT + 4 Hours
Page 1 of 1

 

Last added
Monolith Micro SD_76   98 3c 99 a3   1x4 AU6989NHL-2   98 d7 98 b2   1x1 SM3281L-AB   45 3c 98 b3   1x1   v5 Monolith USB 68   ec 1e 98 bf   1x1 SM3265P-AC   45 3e 98 03   1x1 SM3281N-AB   45 48 9a b3   2x2 Monolith Micro SD_75   32 2c c3 08   1x1 Monolith Micro SD_74   45 3e 98 b3   1x4   Ref AU6989SNHL-2   45 de 98 92   1x1 SM3261L-AB   45 de 98 92   1x1
News
01.02.2024 Save FE key
23.09.2022 The End
11.11.2021 Legs for NR
16.08.2021 Sector Number Slow
15.07.2021 New drivers
© Soft-Center ltd.