MS-DOS Disk Structure Analysis
Using DOS DEBUG

by Alan Pinck


The information which we have been considering can be applied to specific disk structures. This helps to provide an understanding of how the Operating System can perform the required "logical" to "physical" I/O translation. It also can provide the basis for low-level disk maintenance and recovery (although that is beyond the scope of the material presented here).

Loading Physical Sectors into Memory using DEBUG

 -memory_address   drive#   drive_sector#   number_of_sectors_to_load

Loading and Examining a Sample Boot Sector

C:\> DEBUG
-L 0000 2 0 1
-D 0000 001F
1026:0000  EB 3C 90 4D 53 44 4F 53-35 2E 30 00 02 04 01 00   .<.MSDOS5.0.....
1026:0010  02 00 02 00 00 F8 F8 00-11 00 10 00 11 00 00 00   ................
From previously provided information on decoding the BOOT block we get these numbers:
Boot:  one sector (always!) sector 0
FAT (2 copies):  2xF8h=1F0h;  sectors 1 - 1F0h
Directory:  20h sectors;  sectors 1F1h - 210h
File Allocation Space: 4 sectors per allocated cluster sectors 211h +

For this specific disk, we can load and examine the (beginning of) the directory space given the previously derived information:

-L 0000 2 1F1 1
-D 0000 00FF
1026:0000  49 4F 20 20 20 20 20 20-53 59 53 07 00 00 00 00   IO      SYS.....
1026:0010  00 00 00 00 00 00 00 28-89 16 02 00 96 82 00 00   .......(........
1026:0020  4D 53 44 4F 53 20 20 20-53 59 53 07 00 00 00 00   MSDOS   SYS.....
1026:0030  00 00 00 00 00 00 00 28-89 16 13 00 12 92 00 00   .......(........
1026:0040  43 4F 4D 4D 41 4E 44 20-43 4F 4D 20 00 00 00 00   COMMAND COM ....
1026:0050  00 00 00 00 00 00 00 28-89 16 40 00 E5 BA 00 00   .......(..@.....
1026:0060  43 4F 4E 46 49 47 20 20-53 59 53 20 00 00 00 00   CONFIG  SYS ....
1026:0070  00 00 00 00 00 00 F9 96-CD 22 18 0A 2A 01 00 00   ........."..*...
1026:0080  41 55 54 4F 45 58 45 43-4F 4C 44 20 00 00 00 00   AUTOEXECOLD ....
1026:0090  00 00 00 00 00 00 2E 77-66 1D 83 A1 45 01 00 00   .......wf...E...
1026:00A0  44 4F 53 20 20 20 20 20-20 20 20 10 00 00 00 00   DOS        .....
1026:00B0  00 00 00 00 00 00 1A 40-99 19 53 00 00 00 00 00   .......@..S.....
1026:00C0  4D 53 2D 44 4F 53 5F 35-20 20 20 28 00 00 00 00   MS-DOS_5   (....
1026:00D0  00 00 00 00 00 00 56 41-99 19 00 00 00 00 00 00   ......VA........
1026:00E0  57 49 4E 41 32 30 20 20-33 38 36 20 00 00 00 00   WINA20  386 ....
1026:00F0  00 00 00 00 00 00 00 28-89 16 83 04 85 24 00 00   .......(.....$..

Within a directory entry, we use these offsets:

Directory entry example 1:

1026:0020  4D 53 44 4F 53 20 20 20-53 59 53 07 00 00 00 00   MSDOS   SYS.....
1026:0030  00 00 00 00 00 00 00 28-89 16 13 00 12 92 00 00   .......(........

Directory entry example 2:

1026:0080  41 55 54 4F 45 58 45 43-4F 4C 44 20 00 00 00 00   AUTOEXECOLD ....
1026:0090  00 00 00 00 00 00 2E 77-66 1D 83 A1 45 01 00 00   .......wf...E...
Note that since AUTOEXEC.OLD is not a hidden file, the size can be verified using a standard DIR command:
        C:\>DIR AUTOEXEC.OLD

         Volume in drive C is MS-DOS_5
         Volume Serial Number is 1999-4156
         Directory of C:\

        AUTOEXEC OLD       325 11-06-94   2:57p
                1 file(s)        325 bytes
                             6340608 bytes free
Furthermore, given previous information from the boot sector:
File allocation space starts at sector 211h and there are 4 sectors per allocation unit;
Plus the knowledge that the first cluster number for the file allocation space is cluster number 2;
We can duplicate the activity of the Operating System in locating this file.
Based on its starting cluster number of A183h, it should begin in memory at
sector: 211h + (A183h - 2)*4
= 28815h
Loading this sector into memory and examining it gives:
-L 0000 2 28815 1
-D 0000
1026:0000  40 45 43 48 4F 20 4F 46-46 0D 0A 53 45 54 20 43   @ECHO OFF..SET C
1026:0010  4F 4D 53 50 45 43 3D 43-3A 5C 44 4F 53 5C 43 4F   OMSPEC=C:\DOS\CO
1026:0020  4D 4D 41 4E 44 2E 43 4F-4D 0D 0A 50 52 4F 4D 50   MMAND.COM..PROMP
1026:0030  54 20 24 70 24 67 0D 0A-50 41 54 48 20 43 3A 5C   T $p$g..PATH C:\
1026:0040  57 49 4E 44 4F 57 53 2E-33 30 30 3B 43 3A 5C 42   WINDOWS.300;C:\B
1026:0050  41 54 3B 43 3A 5C 44 4F-53 3B 63 3A 5C 75 74 69   AT;C:\DOS;c:\uti
1026:0060  6C 3B 63 3A 5C 3B 43 3A-5C 6D 61 73 6D 0D 0A 53   l;c:\;C:\masm..S
1026:0070  45 54 20 54 45 4D 50 3D-43 3A 5C 0D 0A 54 4F 47   ET TEMP=C:\..TOG
As it happens, this is a pure ASCII text file, so we can verify this by using the MS-DOS TYPE command:
        C:\>TYPE AUTOEXEC.OLD
        @ECHO OFF
        SET COMSPEC=C:\DOS\COMMAND.COM
        PROMPT $p$g
        PATH C:\WINDOWS.300;C:\BAT;C:\DOS;c:\util;c:\;C:\masm
        SET TEMP=C:\
        ...etc...

Directory entry example 3:

1026:00A0  44 4F 53 20 20 20 20 20-20 20 20 10 00 00 00 00   DOS        .....
1026:00B0  00 00 00 00 00 00 1A 40-99 19 53 00 00 00 00 00   .......@..S.....

Again we can duplicate the activity of the Operating System in locating this directory.
Based on its starting cluster number of 0053h, it should begin in memory at
sector: 211h + (0053h - 2)*4
= 355h
Loading this sector into memory and examining it gives:

-L 0000 2 355 1
-D 0000 00FF
1026:0000  2E 20 20 20 20 20 20 20-20 20 20 10 00 00 00 00   .          .....
1026:0010  00 00 00 00 00 00 1A 40-99 19 53 00 00 00 00 00   .......@..S.....
1026:0020  2E 2E 20 20 20 20 20 20-20 20 20 10 00 00 00 00   ..         .....
1026:0030  00 00 00 00 00 00 1A 40-99 19 00 00 00 00 00 00   .......@........
1026:0040  43 4F 55 4E 54 52 59 20-53 59 53 20 00 00 00 00   COUNTRY SYS ....
1026:0050  00 00 00 00 00 00 00 28-89 16 2B 00 AD 42 00 00   .......(..+..B..
1026:0060  45 47 41 20 20 20 20 20-53 59 53 20 00 00 00 00   EGA     SYS ....
1026:0070  00 00 00 00 00 00 00 28-89 16 34 00 15 13 00 00   .......(..4.....
1026:0080  46 4F 52 4D 41 54 20 20-43 4F 4D 20 00 00 00 00   FORMAT  COM ....
1026:0090  00 00 00 00 00 00 00 28-89 16 37 00 8F 80 00 00   .......(..7.....
1026:00A0  4B 45 59 42 20 20 20 20-43 4F 4D 20 00 00 00 00   KEYB    COM ....
1026:00B0  00 00 00 00 00 00 00 28-89 16 5E 00 8A 3A 00 00   .......(..^..:..
1026:00C0  4B 45 59 42 4F 41 52 44-53 59 53 20 00 00 00 00   KEYBOARDSYS ....
1026:00D0  00 00 00 00 00 00 00 28-89 16 66 00 89 87 00 00   .......(..f.....
1026:00E0  4E 4C 53 46 55 4E 43 20-45 58 45 20 00 00 00 00   NLSFUNC EXE ....
1026:00F0  00 00 00 00 00 00 00 28-89 16 77 00 8C 1B 00 00   .......(..w.....

Directory entry example 4:

1026:00C0  4D 53 2D 44 4F 53 5F 35-20 20 20 28 00 00 00 00   MS-DOS_5   (....
1026:00D0  00 00 00 00 00 00 56 41-99 19 00 00 00 00 00 00   ......VA........

Edited by Ian Allen from an original by Alan T. Pinck