Robert Millan wrote:
It probably would make sense that the 'ntldr' command does simple
signature checks and fail on unknown files unless '--force' is specified.
You mean checking for the PE signature? Yes, this would be nice too.
A check of the first byte (jmp, 0xe9) and some file size range check
(e.g. 0x30000...0x40000) may be enough for a first ntldr command. May
also work for bootmgr.exe.
EXE ("MZ") and PE headers appear at larger offsets:
ntldr from XP SP2: size 251184, EXE header at 0x4d30, PE at 0x4e00
ntldr from XP SP3: size 251712, EXE header at 0x4d40, PE at 0x4e10
bootmgr.exe from Vista: ???
grub4dos checks for ntldr as follows:
- file starts with 0xe9, 0x??, 0x01,
- first sector does not end with bootsector signature 0x55,0xaa,
- file size exceeds 0x30000.
--
Regards
Christian Franke
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel