Ways to chainload various bootloaders, from GRUB2. GRUB2 => GRUB2 ============== The same way that you chainload GRUB => GRUB2. http://en.gentoo-wiki.com/wiki/Grub2#Chainloading_to_GRUB2 Generic ======= OMG OMG, YES, you CAN make it work, for arbitrary bootloaders: http://www.syslinux.org/wiki/index.php/MEMDISK This is exactly what MEMDISK does. Yay. :) http://www.stoned-vienna.com/ ^^^ good code http://www2.gmer.net/mbr/ ^^^ code! http://www.securelist.com/en/analysis/204792203/Legit_bootkits#7 http://support.emsisoft.com/topic/6843-rollback-rx/ "Rollback Rx hides exactly like a bootkit by redirecting MBR read access to a different sector." More info about INT 13h hooking =============================== http://www.osronline.com/ddkx/w98ddk/storage_5l6g.htm http://www.stoned-vienna.com/downloads/The%20Rise%20of%20MBR%20Rootkits%20&%20Bootkits%20in%20the%20Wild.pdf Examples of Assembly code for MBR's -- in the process of actually using INT 13 ============================================================================== INT 13h AH=02h: Read Sectors From Drive INT 13h AH=42h: Extended Read Sectors From Drive http://www.ata-atapi.com/hiwmbr.html http://www.rayknights.org/pc_boot/int13fun.htm http://thestarman.pcministry.com/asm/mbr/95BMEMBR.htm http://thestarman.narod.ru/asm/mbr/W7MBR.htm#CODE http://mbr.adamsatoms.com/ Open source tools that do some INT 13h magic ============================================ http://www.syslinux.org/wiki/index.php/Comboot/chain.c32#Partition_numbering No INT 13h magic needed ======================= We don't need to do any fancy TSR stuff. All we do is: - muxboot-Booter resides in the first sector ONLY (well, okay, the stage 1.5 resides elsewhere... but the "elsewhere" is not the usual place for GRUB1 or GRUB2... it's nowhere in the first 63 sectors. Instead, we hard-code stage1.5 to be located after that somewhere, in a fixed place that we use for other muxboot data. (perhaps just after the 63rd sector?)) - the rest of the TARGET bootloader that resides outside of a partition (if the target bootloader even needs to do this... ntldr doesn't) will reside in its normal place... in sectors 2 through 63. - the ONLY magic that goes on, is that we load the **sector 1** code for the target bootloader from somewhere else on the disk... because muxboot-Booter occupies sector 1. This really isn't that big of a deal, since during normal boot, BIOS loads sector 1 into memory before handing control over to the target bootloader, so we're just loading into RAM from a different place on disk. How to move core.img elsewhere, when using GRUB2 ================================================ http://www.gnu.org/software/grub/manual/grub.html#Block-list-syntax https://wiki.parabolagnulinux.org/GRUB2#Install_to_Partition_or_Partitionless_Disk google for "chattr i" "grub" "core.img" google for "chattr -i" grub "force" "core.img" http://members.iinet.net/~herman546/p20/GRUB2%20Bash%20Commands.html#Dedicated_GRUB_Partition https://wiki.archlinux.org/index.php/GRUB2#Install_to_Partition_or_Partitionless_Disk http://members.iinet.net/~herman546/p20/GRUB2%20Bash%20Commands.html#GRUB_to_a_Partition