Getting Started
Learn the basic principles of exhuming partitions from a disk image.
The exhume_partitions tool helps you identify and list the partitions within a disk image. This is a crucial step in digital forensics when you need to understand the structure of the disk before diving into filesystem analysis. The tool support MBR and GPT parsing allowing.
🛠️ Prerequisites
Installing Rust
The Exhume Toolkit is built with Rust and requires it for development or compilation.
- Linux and MacOs
- Windows
curl --proto '=https' --tlsv1.2 https://sh.rustup.rs -sSf | sh
Visit https://www.rust-lang.org/tools/install to install rustup
You can also use winget to install rustup using the following command in PowerShell:
winget install --id Rustlang.Rustup
important
Be sure to restart your Terminal (and in some cases your system) for the changes to take affect.
Installing
The following will install Exhume partitions globally.
cargo install exhume_partitions@0.3.1
Contributing
Clone the exhume_partitions repository and build it.
git clone https://github.com/forensicxlab/exhume_partitions
cd exhume_partitions
Start enhancing the tool.
🚀 Basic Usage
Usage: exhume_partitions [OPTIONS] --body <body>
Options:
-b, --body <body> The path to the body to exhume.
-f, --format <format> The format of the file, either 'raw', 'ewf', or 'auto'.
-l, --log-level <log_level> Set the log verbosity level [default: info] [possible values: error, warn, info, debug, trace]
--json Display partitions in JSON format
--bootloader Display full MBR and potential EBR with bootstrap code
--output <output> Output file path
-h, --help Print help
-V, --version Print version
📘 Example
exhume_partitions -b disk.E01
This will:
- Open disk.E01 as a EWF format file
- Identify the partitions and display them.
Sample output:
[2025-07-05T09:56:46Z INFO exhume_body] Detected an EWF disk image.
[2025-07-05T09:56:46Z INFO exhume_partitions] Detected an MBR partition scheme.
[2025-07-05T09:56:46Z INFO exhume_partitions] Extended Boot Record (EBR) partition discovered.
[2025-07-05T09:56:46Z WARN exhume_partitions] No GPT signature found
[2025-07-05T09:56:46Z WARN exhume_partitions] No GPT signature found
[2025-07-05T09:56:46Z WARN exhume_partitions] No GPT Found: "No GPT signature found"
+--------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Partition tables entries | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | Bootable | Start address (CHS) | End address (CHS) | Start address (LBA) | Partition type | Type Description | First byte address | Size (in sectors) | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | 128 | (0, 32, 33) | (31, 26, 59) | 0x800 | 0x83 | "Linux/GNU Hurd" | 0x100000 | 0x79800 | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | 0 | (31, 59, 27) | (1023, 254, 63) | 0x7a7fe | 0x05 | "Extended" | 0xf4ffc00 | 0x3e86802 | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | 0 | (0, 0, 0) | (0, 0, 0) | 0x0 | 0x00 | "Unused" | 0x0 | 0x0 | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | 0 | (0, 0, 0) | (0, 0, 0) | 0x0 | 0x00 | "Unused" | 0x0 | 0x0 | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
+--------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
| MBR Signature | 0xaa55 |
+--------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
+--------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Partition tables entries | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | Bootable | Start address (CHS) | End address (CHS) | Start address (LBA) | Partition type | Type Description | First byte address | Size (in sectors) | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | 0 | (31, 59, 29) | (1023, 254, 63) | 0x7a800 | 0x8e | "Linux LVM" | 0xf500000 | 0x3e86800 | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | 0 | (0, 0, 0) | (0, 0, 0) | 0x0 | 0x00 | "Unused" | 0x0 | 0x0 | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | 0 | (0, 0, 0) | (0, 0, 0) | 0x0 | 0x00 | "Unused" | 0x0 | 0x0 | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | 0 | (0, 0, 0) | (0, 0, 0) | 0x0 | 0x00 | "Unused" | 0x0 | 0x0 | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
+--------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
| MBR Signature | 0xaa55 |
+--------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
If you want to investigate the bootstrap code. You can use the --bootloader option. Note that it will also display the bootstrap code of the EBR partitions.
exhume_partitions -b disk.E01 --bootstrap
Sample output:
[2025-07-05T09:56:46Z INFO exhume_body] Detected an EWF disk image.
[2025-07-05T09:56:46Z INFO exhume_partitions] Detected an MBR partition scheme.
[2025-07-05T09:56:46Z INFO exhume_partitions] Extended Boot Record (EBR) partition discovered.
[2025-07-05T09:56:46Z WARN exhume_partitions] No GPT signature found
[2025-07-05T09:56:46Z WARN exhume_partitions] No GPT signature found
[2025-07-05T09:56:46Z WARN exhume_partitions] No GPT Found: "No GPT signature found"
+--------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Partition tables entries | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | Bootable | Start address (CHS) | End address (CHS) | Start address (LBA) | Partition type | Type Description | First byte address | Size (in sectors) | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | 128 | (0, 32, 33) | (31, 26, 59) | 0x800 | 0x83 | "Linux/GNU Hurd" | 0x100000 | 0x79800 | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | 0 | (31, 59, 27) | (1023, 254, 63) | 0x7a7fe | 0x05 | "Extended" | 0xf4ffc00 | 0x3e86802 | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | 0 | (0, 0, 0) | (0, 0, 0) | 0x0 | 0x00 | "Unused" | 0x0 | 0x0 | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | 0 | (0, 0, 0) | (0, 0, 0) | 0x0 | 0x00 | "Unused" | 0x0 | 0x0 | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
+--------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
| MBR Signature | 0xaa55 |
+--------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
+--------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Partition tables entries | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | Bootable | Start address (CHS) | End address (CHS) | Start address (LBA) | Partition type | Type Description | First byte address | Size (in sectors) | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | 0 | (31, 59, 29) | (1023, 254, 63) | 0x7a800 | 0x8e | "Linux LVM" | 0xf500000 | 0x3e86800 | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | 0 | (0, 0, 0) | (0, 0, 0) | 0x0 | 0x00 | "Unused" | 0x0 | 0x0 | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | 0 | (0, 0, 0) | (0, 0, 0) | 0x0 | 0x00 | "Unused" | 0x0 | 0x0 | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | 0 | (0, 0, 0) | (0, 0, 0) | 0x0 | 0x00 | "Unused" | 0x0 | 0x0 | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
+--------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
| MBR Signature | 0xaa55 |
+--------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
➜ disk_image_acquired exhume_partitions --body Webserver.E01 --bootloader
[2025-07-05T09:58:47Z INFO exhume_body] Detected an EWF disk image.
[2025-07-05T09:58:47Z INFO exhume_partitions] Detected an MBR partition scheme.
[2025-07-05T09:58:47Z INFO exhume_partitions] Extended Boot Record (EBR) partition discovered.
[2025-07-05T09:58:47Z WARN exhume_partitions] No GPT signature found
[2025-07-05T09:58:47Z WARN exhume_partitions] No GPT signature found
[2025-07-05T09:58:47Z WARN exhume_partitions] No GPT Found: "No GPT signature found"
+--------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Bootloader | 0x1000: jmp 0x1065 |
| | 0x1002: nop |
| | 0x1003: adc byte ptr [bp - 0x4330], cl |
| | 0x1007: add byte ptr [bx + si + 0xb8], dh |
| | 0x100b: add byte ptr [bp - 0x7128], cl |
| | 0x100f: sar bl, 0xbe |
| | 0x1012: add byte ptr [si - 0x41], bh |
| | 0x1015: add byte ptr [0xb9], al |
| | 0x1019: add dh, bl |
| | 0x101b: movsb byte ptr es:[di], byte ptr [si] |
| | 0x101c: ljmp 0:0x621 |
| | 0x1021: mov si, 0x7be |
| | 0x1024: cmp byte ptr [si], al |
| | 0x1026: jne 0x1033 |
| | 0x1028: add si, 0x10 |
| | 0x102b: cmp si, 0x7fe |
| | 0x102f: jne 0x1024 |
| | 0x1031: jmp 0x1049 |
| | 0x1033: mov ah, 2 |
| | 0x1035: mov al, 1 |
| | 0x1037: mov bx, 0x7c00 |
| | 0x103a: mov dl, 0x80 |
| | 0x103c: mov dh, byte ptr [si + 1] |
| | 0x103f: mov cx, word ptr [si + 2] |
| | 0x1042: int 0x13 |
| | 0x1044: ljmp 0:0x7c00 |
| | 0x1049: jmp 0x1049 |
| | 0x104b: add byte ptr [bx + si], al |
| | 0x104d: add byte ptr [bx + si], al |
| | 0x104f: add byte ptr [bx + si], al |
| | 0x1051: add byte ptr [bx + si], al |
| | 0x1053: add byte ptr [bx + si], al |
| | 0x1055: add byte ptr [bx + si], al |
| | 0x1057: add byte ptr [bx + si], al |
| | 0x1059: add byte ptr [bx + si], al |
| | 0x105b: add byte ptr [bx + di], 0 |
| | 0x105e: add byte ptr [bx + si], al |
| | 0x1060: add byte ptr [bx + si], al |
| | 0x1062: add byte ptr [bx + si], al |
+--------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Partition tables entries | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | Bootable | Start address (CHS) | End address (CHS) | Start address (LBA) | Partition type | Type Description | First byte address | Size (in sectors) | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | 128 | (0, 32, 33) | (31, 26, 59) | 0x800 | 0x83 | "Linux/GNU Hurd" | 0x100000 | 0x79800 | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | 0 | (31, 59, 27) | (1023, 254, 63) | 0x7a7fe | 0x05 | "Extended" | 0xf4ffc00 | 0x3e86802 | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | 0 | (0, 0, 0) | (0, 0, 0) | 0x0 | 0x00 | "Unused" | 0x0 | 0x0 | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | 0 | (0, 0, 0) | (0, 0, 0) | 0x0 | 0x00 | "Unused" | 0x0 | 0x0 | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
+--------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
| MBR Signature | 0xaa55 |
+--------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
+--------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Bootloader | 0x1000: add byte ptr [bx + si], al |
| | 0x1002: add byte ptr [bx + si], al |
| | 0x1004: add byte ptr [bx + si], al |
| | 0x1006: add byte ptr [bx + si], al |
| | 0x1008: add byte ptr [bx + si], al |
| | 0x100a: add byte ptr [bx + si], al |
| | 0x100c: add byte ptr [bx + si], al |
| | 0x100e: add byte ptr [bx + si], al |
| | 0x1010: add byte ptr [bx + si], al |
| | 0x1012: add byte ptr [bx + si], al |
| | 0x1014: add byte ptr [bx + si], al |
| | 0x1016: add byte ptr [bx + si], al |
| | 0x1018: add byte ptr [bx + si], al |
| | 0x101a: add byte ptr [bx + si], al |
| | 0x101c: add byte ptr [bx + si], al |
| | 0x101e: add byte ptr [bx + si], al |
| | 0x1020: add byte ptr [bx + si], al |
| | 0x1022: add byte ptr [bx + si], al |
| | 0x1024: add byte ptr [bx + si], al |
| | 0x1026: add byte ptr [bx + si], al |
| | 0x1028: add byte ptr [bx + si], al |
| | 0x102a: add byte ptr [bx + si], al |
| | 0x102c: add byte ptr [bx + si], al |
| | 0x102e: add byte ptr [bx + si], al |
| | 0x1030: add byte ptr [bx + si], al |
| | 0x1032: add byte ptr [bx + si], al |
| | 0x1034: add byte ptr [bx + si], al |
| | 0x1036: add byte ptr [bx + si], al |
| | 0x1038: add byte ptr [bx + si], al |
| | 0x103a: add byte ptr [bx + si], al |
| | 0x103c: add byte ptr [bx + si], al |
| | 0x103e: add byte ptr [bx + si], al |
| | 0x1040: add byte ptr [bx + si], al |
| | 0x1042: add byte ptr [bx + si], al |
| | 0x1044: add byte ptr [bx + si], al |
| | 0x1046: add byte ptr [bx + si], al |
| | 0x1048: add byte ptr [bx + si], al |
| | 0x104a: add byte ptr [bx + si], al |
| | 0x104c: add byte ptr [bx + si], al |
| | 0x104e: add byte ptr [bx + si], al |
| | 0x1050: add byte ptr [bx + si], al |
| | 0x1052: add byte ptr [bx + si], al |
| | 0x1054: add byte ptr [bx + si], al |
| | 0x1056: add byte ptr [bx + si], al |
| | 0x1058: add byte ptr [bx + si], al |
| | 0x105a: add byte ptr [bx + si], al |
| | 0x105c: add byte ptr [bx + si], al |
| | 0x105e: add byte ptr [bx + si], al |
| | 0x1060: add byte ptr [bx + si], al |
| | 0x1062: add byte ptr [bx + si], al |
| | 0x1064: add byte ptr [bx + si], al |
| | 0x1066: add byte ptr [bx + si], al |
| | 0x1068: add byte ptr [bx + si], al |
| | 0x106a: add byte ptr [bx + si], al |
| | 0x106c: add byte ptr [bx + si], al |
| | 0x106e: add byte ptr [bx + si], al |
| | 0x1070: add byte ptr [bx + si], al |
| | 0x1072: add byte ptr [bx + si], al |
| | 0x1074: add byte ptr [bx + si], al |
| | 0x1076: add byte ptr [bx + si], al |
| | 0x1078: add byte ptr [bx + si], al |
| | 0x107a: add byte ptr [bx + si], al |
| | 0x107c: add byte ptr [bx + si], al |
| | 0x107e: add byte ptr [bx + si], al |
| | 0x1080: add byte ptr [bx + si], al |
| | 0x1082: add byte ptr [bx + si], al |
| | 0x1084: add byte ptr [bx + si], al |
| | 0x1086: add byte ptr [bx + si], al |
| | 0x1088: add byte ptr [bx + si], al |
| | 0x108a: add byte ptr [bx + si], al |
| | 0x108c: add byte ptr [bx + si], al |
| | 0x108e: add byte ptr [bx + si], al |
| | 0x1090: add byte ptr [bx + si], al |
| | 0x1092: add byte ptr [bx + si], al |
| | 0x1094: add byte ptr [bx + si], al |
| | 0x1096: add byte ptr [bx + si], al |
| | 0x1098: add byte ptr [bx + si], al |
| | 0x109a: add byte ptr [bx + si], al |
| | 0x109c: add byte ptr [bx + si], al |
| | 0x109e: add byte ptr [bx + si], al |
| | 0x10a0: add byte ptr [bx + si], al |
| | 0x10a2: add byte ptr [bx + si], al |
| | 0x10a4: add byte ptr [bx + si], al |
| | 0x10a6: add byte ptr [bx + si], al |
| | 0x10a8: add byte ptr [bx + si], al |
| | 0x10aa: add byte ptr [bx + si], al |
| | 0x10ac: add byte ptr [bx + si], al |
| | 0x10ae: add byte ptr [bx + si], al |
| | 0x10b0: add byte ptr [bx + si], al |
| | 0x10b2: add byte ptr [bx + si], al |
| | 0x10b4: add byte ptr [bx + si], al |
| | 0x10b6: add byte ptr [bx + si], al |
| | 0x10b8: add byte ptr [bx + si], al |
| | 0x10ba: add byte ptr [bx + si], al |
| | 0x10bc: add byte ptr [bx + si], al |
| | 0x10be: add byte ptr [bx + si], al |
| | 0x10c0: add byte ptr [bx + si], al |
| | 0x10c2: add byte ptr [bx + si], al |
| | 0x10c4: add byte ptr [bx + si], al |
| | 0x10c6: add byte ptr [bx + si], al |
| | 0x10c8: add byte ptr [bx + si], al |
| | 0x10ca: add byte ptr [bx + si], al |
| | 0x10cc: add byte ptr [bx + si], al |
| | 0x10ce: add byte ptr [bx + si], al |
| | 0x10d0: add byte ptr [bx + si], al |
| | 0x10d2: add byte ptr [bx + si], al |
| | 0x10d4: add byte ptr [bx + si], al |
| | 0x10d6: add byte ptr [bx + si], al |
| | 0x10d8: add byte ptr [bx + si], al |
| | 0x10da: add byte ptr [bx + si], al |
| | 0x10dc: add byte ptr [bx + si], al |
| | 0x10de: add byte ptr [bx + si], al |
| | 0x10e0: add byte ptr [bx + si], al |
| | 0x10e2: add byte ptr [bx + si], al |
| | 0x10e4: add byte ptr [bx + si], al |
| | 0x10e6: add byte ptr [bx + si], al |
| | 0x10e8: add byte ptr [bx + si], al |
| | 0x10ea: add byte ptr [bx + si], al |
| | 0x10ec: add byte ptr [bx + si], al |
| | 0x10ee: add byte ptr [bx + si], al |
| | 0x10f0: add byte ptr [bx + si], al |
| | 0x10f2: add byte ptr [bx + si], al |
| | 0x10f4: add byte ptr [bx + si], al |
| | 0x10f6: add byte ptr [bx + si], al |
| | 0x10f8: add byte ptr [bx + si], al |
| | 0x10fa: add byte ptr [bx + si], al |
| | 0x10fc: add byte ptr [bx + si], al |
| | 0x10fe: add byte ptr [bx + si], al |
| | 0x1100: add byte ptr [bx + si], al |
| | 0x1102: add byte ptr [bx + si], al |
| | 0x1104: add byte ptr [bx + si], al |
| | 0x1106: add byte ptr [bx + si], al |
| | 0x1108: add byte ptr [bx + si], al |
| | 0x110a: add byte ptr [bx + si], al |
| | 0x110c: add byte ptr [bx + si], al |
| | 0x110e: add byte ptr [bx + si], al |
| | 0x1110: add byte ptr [bx + si], al |
| | 0x1112: add byte ptr [bx + si], al |
| | 0x1114: add byte ptr [bx + si], al |
| | 0x1116: add byte ptr [bx + si], al |
| | 0x1118: add byte ptr [bx + si], al |
| | 0x111a: add byte ptr [bx + si], al |
| | 0x111c: add byte ptr [bx + si], al |
| | 0x111e: add byte ptr [bx + si], al |
| | 0x1120: add byte ptr [bx + si], al |
| | 0x1122: add byte ptr [bx + si], al |
| | 0x1124: add byte ptr [bx + si], al |
| | 0x1126: add byte ptr [bx + si], al |
| | 0x1128: add byte ptr [bx + si], al |
| | 0x112a: add byte ptr [bx + si], al |
| | 0x112c: add byte ptr [bx + si], al |
| | 0x112e: add byte ptr [bx + si], al |
| | 0x1130: add byte ptr [bx + si], al |
| | 0x1132: add byte ptr [bx + si], al |
| | 0x1134: add byte ptr [bx + si], al |
| | 0x1136: add byte ptr [bx + si], al |
| | 0x1138: add byte ptr [bx + si], al |
| | 0x113a: add byte ptr [bx + si], al |
| | 0x113c: add byte ptr [bx + si], al |
| | 0x113e: add byte ptr [bx + si], al |
| | 0x1140: add byte ptr [bx + si], al |
| | 0x1142: add byte ptr [bx + si], al |
| | 0x1144: add byte ptr [bx + si], al |
| | 0x1146: add byte ptr [bx + si], al |
| | 0x1148: add byte ptr [bx + si], al |
| | 0x114a: add byte ptr [bx + si], al |
| | 0x114c: add byte ptr [bx + si], al |
| | 0x114e: add byte ptr [bx + si], al |
| | 0x1150: add byte ptr [bx + si], al |
| | 0x1152: add byte ptr [bx + si], al |
| | 0x1154: add byte ptr [bx + si], al |
| | 0x1156: add byte ptr [bx + si], al |
| | 0x1158: add byte ptr [bx + si], al |
| | 0x115a: add byte ptr [bx + si], al |
| | 0x115c: add byte ptr [bx + si], al |
| | 0x115e: add byte ptr [bx + si], al |
| | 0x1160: add byte ptr [bx + si], al |
| | 0x1162: add byte ptr [bx + si], al |
| | 0x1164: add byte ptr [bx + si], al |
| | 0x1166: add byte ptr [bx + si], al |
| | 0x1168: add byte ptr [bx + si], al |
| | 0x116a: add byte ptr [bx + si], al |
| | 0x116c: add byte ptr [bx + si], al |
| | 0x116e: add byte ptr [bx + si], al |
| | 0x1170: add byte ptr [bx + si], al |
| | 0x1172: add byte ptr [bx + si], al |
| | 0x1174: add byte ptr [bx + si], al |
| | 0x1176: add byte ptr [bx + si], al |
| | 0x1178: add byte ptr [bx + si], al |
| | 0x117a: add byte ptr [bx + si], al |
| | 0x117c: add byte ptr [bx + si], al |
| | 0x117e: add byte ptr [bx + si], al |
| | 0x1180: add byte ptr [bx + si], al |
| | 0x1182: add byte ptr [bx + si], al |
| | 0x1184: add byte ptr [bx + si], al |
| | 0x1186: add byte ptr [bx + si], al |
| | 0x1188: add byte ptr [bx + si], al |
| | 0x118a: add byte ptr [bx + si], al |
| | 0x118c: add byte ptr [bx + si], al |
| | 0x118e: add byte ptr [bx + si], al |
| | 0x1190: add byte ptr [bx + si], al |
| | 0x1192: add byte ptr [bx + si], al |
| | 0x1194: add byte ptr [bx + si], al |
| | 0x1196: add byte ptr [bx + si], al |
| | 0x1198: add byte ptr [bx + si], al |
| | 0x119a: add byte ptr [bx + si], al |
| | 0x119c: add byte ptr [bx + si], al |
| | 0x119e: add byte ptr [bx + si], al |
| | 0x11a0: add byte ptr [bx + si], al |
| | 0x11a2: add byte ptr [bx + si], al |
| | 0x11a4: add byte ptr [bx + si], al |
| | 0x11a6: add byte ptr [bx + si], al |
| | 0x11a8: add byte ptr [bx + si], al |
| | 0x11aa: add byte ptr [bx + si], al |
| | 0x11ac: add byte ptr [bx + si], al |
| | 0x11ae: add byte ptr [bx + si], al |
| | 0x11b0: add byte ptr [bx + si], al |
| | 0x11b2: add byte ptr [bx + si], al |
| | 0x11b4: add byte ptr [bx + si], al |
| | 0x11b6: add byte ptr [bx + si], al |
| | 0x11b8: add byte ptr [bx + si], al |
| | 0x11ba: add byte ptr [bx + si], al |
| | 0x11bc: add byte ptr [bx + si], al |
+--------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Partition tables entries | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | Bootable | Start address (CHS) | End address (CHS) | Start address (LBA) | Partition type | Type Description | First byte address | Size (in sectors) | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | 0 | (31, 59, 29) | (1023, 254, 63) | 0x7a800 | 0x8e | "Linux LVM" | 0xf500000 | 0x3e86800 | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | 0 | (0, 0, 0) | (0, 0, 0) | 0x0 | 0x00 | "Unused" | 0x0 | 0x0 | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | 0 | (0, 0, 0) | (0, 0, 0) | 0x0 | 0x00 | "Unused" | 0x0 | 0x0 | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
| | | 0 | (0, 0, 0) | (0, 0, 0) | 0x0 | 0x00 | "Unused" | 0x0 | 0x0 | |
| | +----------+---------------------+-------------------+---------------------+----------------+------------------+--------------------+-------------------+ |
+--------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
| MBR Signature | 0xaa55 |
+--------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+