Solved

Modifying io.sys: boot floppy

Posted on 2004-03-21
10
9,301 Views
Last Modified: 2007-12-19
Hi,

I created a custom boot floppy by modifying (+ adding and deleting a few files) the standard Win98 boot disk. It contains a variety of files including msdos.sys, io.sys, command.com, config.sys and autoexec.bat

I modified config.sys, autoexec.bat and help.txt to suit my needs. When I changed my boot sequence to Legacy floppy, the floppy succesfully registered and displayed:


Starting Windows 98....                                  <-- THIS


Windows 98 Startup Disk                                <-- AND THIS
================

1. Use Custom boot disk                                  // MODIFIED
2. View Help file                                             // MODIFIED


As you can see, I managed to modify the lines marked 'MODIFIED' but wasn't able to modify the lines marked 'THIS'

I figured out that these two lines of text are controlled by io.sys by method of elimination. So I opened io.sys in an ASCII text editor (notepad). Half of it was in the form of junk characters so I figured out I couldn't modify it that way. Is there any other way to modify it?

Thanking you for your time,

Ram
0
Comment
Question by:ram_einstein
  • 4
  • 3
  • 2
  • +1
10 Comments
 

Assisted Solution

by:HKCU
HKCU earned 30 total points
ID: 10643294
I was tring/doing the EXACT same thing. Because you mentioned this I looked and found this program that looks for a string in a file like io.sys and replaces that string with whatever you want. I'l give you the url, download that thing it says and from there it's up to you (edit the FBD.BAT file) the program that looks for and changes the string is XCHANGE.EXE. The URL is: http://www.disclosedigital.com/eabd.html

Have fun. I know I will.
0
 
LVL 9

Accepted Solution

by:
gtkfreak earned 50 total points
ID: 10643377
You could open the file in a Hex Editor and modify any strings you want in it. Hex Editors available in DOS are NU (norton utilities). You can also try using debug.
0
 
LVL 10

Assisted Solution

by:pbarrette
pbarrette earned 45 total points
ID: 10644010
Hi ram_einstein,

I now understand exactly what you mean.

Both HKCU and gtfreak are absolutely correct. You can use any hex-based editor to modify the IO.SYS file to replace the strings with your own, custom text.

The thing that you will have to keep in mind is this:
The IO.SYS file is written to a very specific portion of the bootable disk. The BIOS is able to load the OS because it knows exactly where to look for the boot information on the disk. The boot info on the disk tells the computer to look for IO.SYS at that specific section on the disk.

This also means that the file size of IO.SYS is extremely critical.

So, when you replace the strings, you must be absolutely sure that you do not change the location or filesize of IO.SYS in the process.

For instance:
"Starting Windows 98..." is exactly 22 characters long.
You must replace it with a string that is also exactly 22 characters long.

As long as your replaced strings are exactly the same length, you should have no problems.

Hope this helps,
pb
0
 
LVL 9

Expert Comment

by:gtkfreak
ID: 10651186
Thanks pbarrette. Not to mention that the string can be less than 22 characters, but the remaining characters must be spaces 0x20 in HEX.
0
 
LVL 2

Author Comment

by:ram_einstein
ID: 10675939
Hi all,

I am really sorry for not responding earlier but my comp crashed and now I have a bigger problem: Linux. I promise I will get back as soon as I can and analse these answers.

(http://www.experts-exchange.com/Operating_Systems/Linux/Linux_Setup/Q_20931614.html)

Regards,

Ram
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 2

Author Comment

by:ram_einstein
ID: 10697161
Hi HKCU,

I saw the code of fbd.bat:
"uses %1 parameter to enter the drive letter of the floppy drive" (comment)
I don't know what that means. I tried shelling command and typing fbd %1. fbd started succesfully but what is %1? I even tried fbd %a but it kept returning the same error: unable to complete format. I guess I haven't enetered the floppy drive letter in the correct format. How do you enter it?
The rest is a piece of cake. Thanks a lot.
************************************************************
Hi gtkfreak,
I don't know what NU is so I tried using debug and figured out I don't know how to use it. I don't know what comes after debug io.sys. I tried the help but it isn't very helpful either. So i downloaded the hex editor I always use: Hackman. I'll try using it and get back to you.
************************************************************
Hi pbarrette,
If the file is difficult to modify (like critical size etc.) how was it made in the first place? But yes, I will keep what you said in mind.

Regards,

Ram
0
 
LVL 2

Author Comment

by:ram_einstein
ID: 10697376
:(

How do I use a hexeditor to modify the strings in io.sys? Hex displays the file in hex characters, binary in binary and so on. ASCII displays the junk characters an ASCII text editor like notepad would display. What do I edit in the hex mode?

Ram
0
 
LVL 10

Assisted Solution

by:pbarrette
pbarrette earned 45 total points
ID: 10697657
Hi R_E,

The %1 is a DOS command line variable. It is used inside the batchfile to refer to the first command-line parameter given.

For instance:
C:\FBD>fbd.bat a:

The batchfile then uses the "%1" internally to refer to the first thing typed after "fbd.bat", which, in this case is "a:".
So you just need to type in the drive letter of the floppy drive. Most likely "a:".

Also, the FBD.BAT file and associated programs change more than just the IO.SYS string displays. It was designed as a forensics boot disk which means that it likely prevents all write access to the HD. This is usually done in computer forensics to provide proof that the authorities did not modify any data on the system and therefore did not plant any evidence illegally.

If you wish to be able to write to the HD, then running FBD.BAT is probably not the best solution. HKCU was suggesting that you use the XCHANGE.EXE utility that they are using to find and replace the text in your IO.SYS file, but any hex editor will also work.

-----------------------------
NU is the old Norton Utilities for DOS which includes a nice, nifty hex-editor, but any hex-editor will work. Hackman is fine.

Debug is really a pain to use. Hackman is probably better suited for this task if you don't have a firm grasp of debug.
-----------------------------

The file was copied to the boot-sector of the floppy disk using "SYS.COM" or by another, similar method. This means that you generally cannot edit a copy of IO.SYS on your HD, then copy it to the floppy. Usually the floppy will no longer be bootable since it may reside in a non-bootsector location on the floppy. So, you must edit the IO.SYS file that is on the bootable floppy already.

Also, you cannot change the length of the file as was discussed above. Replace X number of characters with X number of characters, not with Y number of characters.

-------------------------------
You should have a split-view which displays the hex codes on the left and the corresponding ASCII characters on the right. 1 hex pair (2 characters) on the left correspond to 1 ASCII character on the right.

Find the text that you want to change in the right panel. Then change that text in the right panel. You must overwrite the existing characters and not insert new characters. Your new text cannot be longer than the old text. If your new text is shorter than the old text, you must blank out the remaining old text with space characters (the space bar, ASCII hex code 20).

Most hex editors display changed data in a different color. If this is the case, then only the text you wish to change should be in a different color. If everything after the text you changed is also in a different color, then you have changed the length of the file and should quit without saving and try again.
--------------------------------

Hope this helps,
pb
0
 
LVL 2

Author Comment

by:ram_einstein
ID: 10702084
HKCU's answer is a roundabout method: besides if what pb says is true, I can't write to the HDD. I prefer the hexeditor method suggested by gtkfreak. Thanks for that last comment pb: I failed to notice the right panel earlier! Mot to mention the critical size, advice on how to replace letters etc.

Thanks a lot for all your comments,

Ram
0
 
LVL 10

Expert Comment

by:pbarrette
ID: 10706655
Hi R_E,

Glad to help,

pb
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

The following is a collection of cases for strange behaviour when using advanced techniques in DOS batch files. You should have some basic experience in batch "programming", as I'm assuming some knowledge and not further explain the basics. For some…
Using dates in 'DOS' batch files has always been tricky as it has no built in ways of extracting date information.  There are many tricks using string manipulation to pull out parts of the %date% variable or output of the date /t command but these r…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now