i try to identify gujin boot loader files (especially in a form suited for
the file command).
Common for all version seems to be at offset 0 the assembler instruction
JuMP (E9 yy zz or EB yy NOP=0x90) (yy=0x3c,0x6f zz=0x0e) followed by 0x47
"Gujin1" or 0x43 "CD", which lead to test expression:
Another common token sequence i found at offset 384 with a range of 7
comma_msg,checksum_msg, which lead to a search string ",\ \0:\ ch",
because the content of checksum_msg differs from version to version
So if that string is followed by "ecksum\0\ ERROR!\0" it is version <1.1
and followed by "ksum\0\ ERROR!\0" it is version >1.0.
Then i try to find a way to get the version of the files. All seems to
contains strings like "v0.7 (C) Etienne LORRAIN 2003" or "Gujin v2.8.6 (C)
Etienne LORRAIN 2012" .
The string part starting with copy-right sign is coded in boot.c after
runloader2_endmsg label as assembler instruction instead as .ascii like in
runloader2_msg. So i had difficulties to find that entry.
I do not know if it a bug or feature.
Unfortunately that string occurs at different offsets. Especially for big
USB stick images the string is found near the end. So is a pointer
somewhere at the beginning stored with the address of the segment or
similar for all versions.
Another approach to detect the version was the ".version" variable behind
.magic=16980327 in structure gujin_param, but this seems to apply only for
I also try to find a way to identify the type of loader. a good locations
seem to be 0x036. For master boot records it contains "MBR " and of
course "FAT12 " for 12-bit DOS boot sectors and "FAT16 " for 16-bit
Unfortunately also .PCI and .SYS files contains the signature "FAT12".
As far as i known this 8 byte variable field_FAT16.FileSysName
contains ASCII characters not used for any calculation.
So it would be nice if the installer write something like "PIC-CODE" for
.PCI files and "BOOT-XYZ" for .SYS files in that field
Could somebody verify my thoughts or give me more information concerning
Jörg Jenderek email: joerg.jen.der.ek (at) gmx.net
Germany PGP: B9FE A356 283E 0048 6389 18BF AFF2 B1C9 421A D4D6
Get latest updates about Open Source Projects, Conferences and News.