Common Partition Tables (MBR)

DOS Partitions

partition table also known as Master Boot Record (MBR).
created by Microsoft.
it’s the most common partition table type.
it’s used in Microsoft DOS, Microsoft Windows, Linux, FreeBSD and OpenBSD.
MBR:
- is located in the first sector (512 bytes).
- boot code – instructions to process the partition table and to find the OS.
- partition table.
- pattern 0xAA55 – to identify the partition table.

Structure of a DOS partition

4 entries – 4 primary partitions is the limit.
each one has:
- begin and end address in CHS (< 8 GB) LBA address for large drives (several TB) amount of sectors in the partition.
- file system type stored in the partition (FAT, NTFS, EXT4, . . . ).
  - Windows depends on this to mount the partition.
  - it can be used to hide partitions from Windows OS.
  - Linux ignores this value and supports a different FS from the one stored in the partition table.
- flags – allows to mark the boot partition (bootable).

Extended DOS Partitions

Extended Partition.

to overcome the 4 primary partition limits.
always the last entry in the MBR.
allows to creation of several logical partitions.
types of extended partitions:
- DOS Extended, Windows 95 Extended, and Linux Extended.
usually, there is only one extended partition.
- but it is possible to create more than one.
- few forensic tools support this.

PreviousTypes of Partition Tables NextBoot Code

Last updated 10 months ago