Here is a snip of something and I was wondering if somone would take a poke at it. And see if it makes sense.

start:
jmp loc_00000038
db 00h
db 01h
db 0a9h
db 4ah ;'J'
db 54h ;'T'
db 49h ;'I'
db 70h ;'p'
db 0b5h
db 0a8h
db 04h
db 0ffh
db 00h
db 3fh ;'?'
db 00h
db 4ah ;'J'
db 4fh ;'O'
db 53h ;'S'
db 48h ;'H'
db 55h ;'U'
db 41h ;'A'
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 0a9h
db 04h
db 00h
db 00h
db 00h
db 01h
db 00h
db 00h
db 10h
db 00h
db 54h ;'T'
db 02h
db 01h
db 00h
db 00h
db 00h
db 72h ;'r'
db 00h
db 00h
db 00h
db 80h
db 00h
db 00h
db 00h
; XREFS First: 1000:0000 Number : 1
loc_00000038:
cli
cld
mov ax, 7c0h
mov ds, ax
mov es, ax
mov ss, ax
mov sp, 3feh
jmp 07c0:004bh
db 0b8h
db 00h
db 0b8h
db 8eh
db 0c0h
db 0bfh
db 00h
db 00h
db 0b8h
db 41h ;'A'
db 1fh
db 0abh
db 0a1h
db 2ch ;','
db 00h
db 8bh
db 0f0h
db 8ah
db 0eh
db 30h ;'0'
db 00h
db 0bbh
db 00h
db 10h
db 0e8h
db 44h ;'D'
db 00h
db 0fah
db 0fch
db 0b8h
db 00h
db 10h
db 8eh
db 0c0h
db 0bfh
db 04h
db 00h
db 0b9h
db 0fh
db 00h
db 0beh
db 10h
db 00h
db 0ach
db 3ch ;'<'
db 00h
db 74h ;'t'
db 03h
db 0aah
db 0e2h
db 0f8h
db 0b0h
db 00h
db 0aah
db 0b8h
db 00h
db 0b8h
db 8eh
db 0c0h
db 0bfh
db 04h
db 00h
db 0b8h
db 43h ;'C'
db 1fh
db 0abh
db 0eah
db 00h
db 00h
db 00h
db 10h
db 0beh
db 11h
db 01h
db 0ach
db 0ah
db 0c0h
db 74h ;'t'
db 09h
db 0b4h
db 0eh
db 0bbh
db 07h
db 00h
db 0cdh
db 10h
db 0ebh
db 0f2h
db 0fbh
db 33h ;'3'
db 0c0h
db 0cdh
db 16h
db 0cdh
db 19h
db 8eh
db 0c3h
db 88h
db 0eh
db 36h ;'6'
db 00h
db 8bh
db 0c6h
db 33h ;'3'
db 0d2h
db 8bh
db 0eh
db 0eh
db 00h
db 0f7h
db 0f1h
db 0feh
db 0c2h
db 88h
db 16h
db 35h ;'5'
db 00h
db 33h ;'3'
db 0d2h
db 0f7h
db 36h ;'6'
db 0ch
db 00h
db 8ah
db 36h ;'6'
db 34h ;'4'
db 00h
db 86h
db 0d6h
db 8bh
db 0c8h
db 86h
db 0cdh
db 0c0h
db 0e1h
db 06h
db 0ah
db 0eh
db 35h ;'5'
db 00h
db 0a1h
db 0eh
db 00h
db 40h ;'@'
db 2ah ;'*'
db 06h
db 35h ;'5'
db 00h
db 3ah ;':'
db 06h
db 36h ;'6'
db 00h
db 72h ;'r'
db 03h
db 0a0h
db 36h ;'6'
db 00h
db 0a2h
db 37h ;'7'
db 00h
db 0b4h
db 02h
db 33h ;'3'
db 0dbh
db 06h
db 0cdh
db 13h
db 07h
db 32h ;'2'
db 0e4h
db 75h ;'u'
db 9bh
db 0fh
db 0b6h
db 06h
db 37h ;'7'
db 00h
db 03h
db 0f0h
db 0c1h
db 0e0h
db 05h
db 8ch
db 0c3h
db 03h
db 0d8h
db 8eh
db 0c3h
db 0a0h
db 37h ;'7'
db 00h
db 28h ;'('
db 06h
db 36h ;'6'
db 00h
db 75h ;'u'
db 0a0h
db 0c3h
db 46h ;'F'
db 61h ;'a'
db 69h ;'i'
db 6ch ;'l'
db 65h ;'e'
db 64h ;'d'
db 21h ;'!'
db 20h ;' '
db 50h ;'P'
db 72h ;'r'
db 65h ;'e'
db 73h ;'s'
db 73h ;'s'
db 20h ;' '
db 61h ;'a'
db 20h ;' '
db 6bh ;'k'
db 65h ;'e'
db 79h ;'y'
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 13h
db 0a3h
db 36h ;'6'
db 0e8h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 00h
db 55h ;'U'
db 0aah

Assembly if am not mistaken here

_________________
Kuwait Data Recovery - UNIX GTC
The only reason for time is so that everything doesn't happen at once. By: Albert Einstein

@einstein9:

Um, yes, that's why the OP gave the thread title: "I have a question for anyone good with ASM".

@DarrenA:
It hasn't been fully disassembled by your tool (IDA or something else?), which is why it doesn't make complete sense on its own at the moment - but that's typical for automated reverse engineering of code, it often needs some manual help / hints. It looks like a boot sector of some kind.

I'm not going to spend time on this, without a better explanation of what your question really is and what you're trying to achieve, otherwise any effort spent could be a waste of time, and I'm too busy for guessing games.

Vulcan

PM sent...

_________________
Kuwait Data Recovery - UNIX GTC
The only reason for time is so that everything doesn't happen at once. By: Albert Einstein

Looks like MBR

_________________
SAN, NAS, RAID, Server, and HDD Data Recovery.

Agreed it is something like that, hence my earlier comment, but it's not a normal MS MBR - I just checked and my lab MS WinXP system MBR does not have the text "Failed! Press any key" in it...

Do you know a different MBR code with that text in it?

Edited to add:

@Einstein9: PM reply sent

thnx Vulcan

got it

_________________
Kuwait Data Recovery - UNIX GTC
The only reason for time is so that everything doesn't happen at once. By: Albert Einstein

You need to identify the code sections.

For example, the following are BIOS interrupt calls:

CD 10
CD 13
CD 16
CD 19

http://en.wikipedia.org/wiki/INT_13H
http://en.wikipedia.org/wiki/INT_10H
http://en.wikipedia.org/wiki/BIOS_interrupt_call

Assuming that it is an MBR, then the bytes that are normally reserved for the partition table are empty.

_________________
A backup a day keeps DR away.

probably a proprietary flavor

_________________
All went well until I plugged the drive in.

Agreed I've got my own suspicions (as I'm sure you have too), but until the OP explains his question, and where that code came from, then it's all a guess what the OP is really asking for our help with...

Well, your correct. it IS a MBR.
And it IS missing the partition Tables.
This OS does not seem to use any.
This is from a "special" OS that I am playing with.
I am just tinkering to see what loades and from where.

Like what address it jumps to to run the next part of the code ect...

I am trying to pull out just the OS part and leave all of the extra stuff behind. But I have to figure out where everyting is. I started with a RAW dump of a Hard drive and am labeling where all of the data is in HEX on the drive, like the mpg files wav files ect.. then hopefully whats left is the OS code.

It would make it a lot easier if you could upload the actual BIN rather than the botched disassembly attempt.

I believe you would also get a better result if you were to begin disassembling at the byte immediately following the "jmp 07c0:004bh" instruction.

_________________
A backup a day keeps DR away.

@DarrenA,

Thanks for that reply, but that's still not enough info to properly "scope" your task, especially since you're hiding the source OS. Knowing that detail may then lead to being able to guess the filesystem type, as well as the amount of OS code, and therefore speed up the process.

Based on what you're saying, you seem to be trying to reverse engineer the filesystem, in order to "pull out the OS part", by starting at the "MBR" (see below) - that is going to be just the start of your work The last time I did that sort of reverse engineering, it took a while, but that was a complex system. At least I was in front of the system, it was great fun, and I was being paid.


FYI that probably means that the code is not an MBR, and that this OS uses a "superfloppy" disk format style.

I would never try to do this type of reversing work via help from a disk recovery web forum (inefficient), with your minimal x86 experience (inefficient), so I'll stop here and, with respect, you might want to reconsider your approach - but I wish you the best of luck!

Vulcan: PM sent.

@ Vulcan " it was great fun, and I was being paid. "

_________________
All went well until I plugged the drive in.

@guru: Yeah, I was lucky - normally I think engineers either have fun, or get paid. Happily that recent reverse engineering project was both

@DarrenA: I'll read your PM & reply shortly.

FYI, I had a quick look through the code over lunch today, as things were going well for my day job this morning (though I'm not committing to doing any more work on this!).

There is one area where it would take longer to understand the fine detail of a specific algorithm - single-stepping the code would be an alternative to reversing a dead listing to do that, but I don't think it's vital to understand the fine detail, as the overall intent is clear.

It's fairly standard bootstrap-type code, with some assumptions (e.g. hard disk only, no concept of partitions (as discussed above)), using normal Int 13h to read disk sectors and all errors are immediately fatal (no retries).

Anyway, as I mentioned earlier, that code you supplied is just the start of your challenge. Next, it wants to load the following 114 sectors (i.e. 57kB) to memory address 1000:0000h and, after loading that code, then jump to that start address.

I wish you the very best of luck and success in your endeavors!

Nice work, Vulcan!

_________________
A backup a day keeps DR away.

Thanks Franc