Why searching for FA33 C08E D0BC 007C FB8C to locate the boot image?
Sure this has nothing to do with Solaris, but I think it's very good to know.
A good answer was given by an Oracle engineer, which I'll call Mr. K2. :-)
I'll try to mostly transcribe it below:
The knowledge to extract the boot image from a ISO file is:
- An ISO image starts at sector number 0, address 0.
The sectors are fixed-size and equal to 0x800 (2048) bytes.
- The Boot Record Volume is at sector number 0x11.
So, its address is 0x11 * 0x800 = 0x8800.
- The sector number of the Boot Catalog.
It's 4-bytes (little-endian) at offset 0x47 within the Boot Record Volume.
So, its address is 0x8800 + 0x47 = 0x8847.
Assume that 0x224 is the value stored.
Then the Boot Catalog's address is 0x224 * 0x800 = 0x112000.
- Within the Boot Catalog, the initial/default entry is at offset 0x20.
So, its address is 0x112000 + 0x20 = 0x112020.
Within the initial/default entry :
- The boot media type at offset 0x1.
In this example, is the value stored at 0x112021, which is 0x00.
The interpretation is:
00 - no emulation
01 - 1.2M floppy
02 - 1.4M floppy
03 - 2.8M floppy
04 - hard disk
- The 2-bytes (little-endian) of the boot image in 512-bytes is at offset 0x6.
In this example, is the value stored at 0x112026, which is 0x0004.
So it's a 2KB boot image.
- The 4-bytes (little-endian) starting sector of the boot image is at offset 0x8.
In this example, is the value stored at 0x112028, which is 0x00000225.
So, it's at address 0x225 * 0x800 = 0x112800.
Details should be at The "El Torito" Bootable CD-ROM Format Specification, Version 1.0.
