Introduction about MBR (Master Boot Record)

MBR is a small program which runs whenever a computer boots up. MBR is stored in the first sector of the boot disk. This very important sector contains a number of things that the Operating System and the computer BIOS need to start the system. If the contents of this sector are lost or damaged you can not access the data on the hard disk. Please note that each hard disk has a MBR, so if you have 2 or more hard disks in your computer, each has its own MBR. If multiple disks are configured as an array there is usually 1 MBR that services the entire array, placed on the 1st disk in the array . It should be clear that the MBR is one of the most important  sectors on your hard disk. The following explanation is mainly about using the MBR with Windows or DOS based operating systems. The MBR is somewhat different when used with Unix based systems.

The smallest addressable space on a hard disk is 512 bytes at a time. A hard disk sector is 512 bytes long, so 1 sector is the smallest addressable space on a hard disk. The MBR is 1 sector, so the MBR is 512 bytes long. These 512 bytes are divided into several parts that each have their own function in getting the computer to start. The 4 main parts of the MBR are (in the order as they appear in the MBR):

          1. the bootcode

          2. the volume byte

          3. the partition table 

          4. the signature bytes

The bootcode: this part of the MBR gets read by the computer BIOS when the computer is started. When the computer finishes its own startup procedures (getting the disks spinning, doing some checks) and gets ready to start the operating system, the bootcode in the MBR is read first. This allows the computer to interpret the rest of the MBR.

The volume bytes: these are 4 bytes that are located after the bootcode and just before the partition table. Windows 2000 and Windows XP use these 4 bytes to identify the mountable volumes on the hard disk. If these bytes are changed or erased from the MBR, Windows 2000/XP will go through a simple hardware detection round that will re-identify all the volumes on the disk. This is done during the next Windows startup after changing the volume bytes. Drive letters assigned to volumes might change after this. This goes for simple volumes, I have at this point no information on the effect of removing the volume bytes when using dynamic volumes.

The partition table: this is a sequence of 64 bytes (4 x 16) that identify the first 4 (or less) primary partitions on a hard disk. There is space for identifying 4 partitions. Each partition-identification is made up of 16 bytes that describe a number of things about the partition, such as: where it starts, what type it is, how big it is, is it an active partition or not, etc. One of these 4 partition descriptions can be used to describe an extended partition, which itself can then contain logical drives. The logical drives are not described in the MBR.
An active partition is the partition from which the Operating System is started. This must be a primary partition, and there can only be 1 primary partition active at any time.
If there are for instance only 2 partitions on a hard disk, the first 32 bytes of the partition table (2 x 16) would contain the descriptions of those partitions. The other 32 bytes would contain all zeros. So deleting a partition consists of putting zeros in the chosen partition description.

The signature bytes: these are 2 bytes that are used to signify an important sector. They can be found trailing the MBR, but there are other sectors that contain these bytes as well. If they are not trailing the MBR the computer will not be able to read the MBR (because it will not be recognized as an important sector).