Do the first 512 bytes get executed whenever I insert the flash drive into any computer? If yes (which should be the case), then I suppose if I 开发者_开发百科extract and disassemble the MBR and put in a reference that points to a memory location of a stored executable (on the flash drive), even that executable will be executed whenever its plugged in a computer..?
How could I do that? I mean, only by doing a simple call <address>
won't do it.. I also wanna know more about MBRs of flash drives since they are different from those MBRs which bootstrap an Operating System. Googling for it doesn't show up anything useful at all..So I thought of asking the community, if anybody has done something like this before.
- No
- There's an "autorun" feature in some Operating Systems, which is deprecated.
Flash drives are based on layers of legacy technology, to avoid the need for drivers.
At the lowest level, there are USB packets (see the Mass Storage Device spec, as per Pascal Cuoq)
Each of the USB transactions is a SCSI command/response pair.
The OS treats the flash drive as a SCSI disk (you'll see /dev/sdX in Linux, for example).
Since the flash drive appears to be a normal SCSI disk, it usually has a MBR/partition table. However, most operating systems support a "superfloppy" mode, in which case the disk starts with the FAT bootsector. Some smaller flash drives, or those formatted with legacy utilities, might be in that configuration.
You can example the flash drive MBR on windows with the DSKPROBE utility from Microsoft (Use the PhysicalDrive option), or with 'dd.exe' using .\PhysicalDriveX (where X is a number ..typically 2, based on how many hard drives you have)
On properly configured computers, there is no way to execute code when a device is plugged in.
Even when 'autorun' capability was default-on, you needed to use a device which appeared to be a CDROM.
(The SCSI command-set allows a device to say whether it's a CD or HD, and the flash-drive firmware can easily lie)
精彩评论