This document is partially outdated. Please see MEMDISK.
The content of doc/memdisk.txt (6.04-pre1, with minor modifications):
(This documentation is rather crufty at the moment.)
MEMDISK is meant to allow booting legacy operating systems via PXE, and as a workaround for BIOSes where ISOLINUX image support doesn't work.
MEMDISK simulates a disk by claiming a chunk of high memory for the disk and a (very small - 2K typical) chunk of low (DOS) memory for the driver itself, then hooking the INT 13h (disk driver) and INT 15h (memory query) BIOS interrupts.
MEMDISK allows for an OS to detect the MEMDISK instance (see the "Additional technical information" section below).
To use it, type on the SYSLINUX command line:
... where diskimg.img is the disk image you want to boot from.
(Obviously, the memdisk binary as well as your disk image file need to be present in the boot image directory).
... or add to your syslinux.cfg/pxelinux.cfg/isolinux.cfg something like:
label dos kernel memdisk append initrd=dosboot.img
Note the following:
The disk image can be uncompressed or compressed with gzip or zip.
If the disk image is less than 4,194,304 bytes (4096K, 4 MiB) it is assumed to be a floppy image and MEMDISK will try to guess its geometry based on the size of the file. MEMDISK recognizes all the standard floppy sizes as well as common extended formats:
163,840 bytes (160K) c=40 h=1 s=8 5.25" SSSD 184,320 bytes (180K) c=40 h=1 s=9 5.25" SSSD 327,680 bytes (320K) c=40 h=2 s=8 5.25" DSDD 368,640 bytes (360K) c=40 h=2 s=9 5.25" DSDD 655,360 bytes (640K) c=80 h=2 s=8 3.5" DSDD 737,280 bytes (720K) c=80 h=2 s=9 3.5" DSDD 1,222,800 bytes (1200K) c=80 h=2 s=15 5.25" DSHD 1,474,560 bytes (1440K) c=80 h=2 s=18 3.5" DSHD 1,638,400 bytes (1600K) c=80 h=2 s=20 3.5" DSHD (extended) 1,720,320 bytes (1680K) c=80 h=2 s=21 3.5" DSHD (extended) 1,763,328 bytes (1722K) c=82 h=2 s=21 3.5" DSHD (extended) 1,784,832 bytes (1743K) c=83 h=2 s=21 3.5" DSHD (extended) 1,802,240 bytes (1760K) c=80 h=2 s=22 3.5" DSHD (extended) 1,884,160 bytes (1840K) c=80 h=2 s=23 3.5" DSHD (extended) 1,966,080 bytes (1920K) c=80 h=2 s=24 3.5" DSHD (extended) 2,949,120 bytes (2880K) c=80 h=2 s=36 3.5" DSED 3,194,880 bytes (3120K) c=80 h=2 s=39 3.5" DSED (extended) 3,276,800 bytes (3200K) c=80 h=2 s=40 3.5" DSED (extended) 3,604,480 bytes (3520K) c=80 h=2 s=44 3.5" DSED (extended) 3,932,160 bytes (3840K) c=80 h=2 s=48 3.5" DSED (extended)
A small perl script is included in the MEMDISK directory which can determine the geometry that MEMDISK would select for other sizes; in general MEMDISK will correctly detect most physical extended formats used, with 80 cylinders or slightly more.
If the image is 4 MiB or larger, it is assumed to be a hard disk image, and should typically have an MBR and a partition table. It may optionally have a DOSEMU geometry header; in which case the header is used to determine the C/H/S geometry of the disk. Otherwise, the geometry is determined by examining the partition table, so the entire image should be partitioned for proper operation (it may be divided between multiple partitions, however).
You can also specify the geometry manually with the following command line options:
c=# Specify number of cylinders (max 1024[*]) h=# Specify number of heads (max 256[*]) s=# Specify number of sectors (max 63) floppy[=#] The image is a floppy image[**] harddisk[=#] The image is a hard disk image[**] iso The image is an El Torito ISO9660 image (drive 0xE0) # represents a decimal number.
- [*] MS-DOS only allows max 255 heads, and only allows 255 cylinders on floppy disks.
- [**] Normally MEMDISK emulates the first floppy or hard disk. This can be overridden by specifying an index; e.g. floppy=1 will simulate fd1 (B:). This may not work on all operating systems or BIOSes.
The disk is normally writable (although, of course, there is nothing backing it up, so it only lasts until reset). If you want, you can mimic a write-protected disk by specifying the command line option:
ro Disk is readonly
MEMDISK normally uses the BIOS "INT 15h mover" API to access high memory. This is well-behaved with extended memory managers which load later. Unfortunately it appears that the "DOS boot disk" from WinME/XP deliberately crash the system when this API is invoked. The following command-line options tells MEMDISK to enter protected mode directly, whenever possible:
raw Use raw access to protected mode memory. bigraw Use raw access to protected mode memory, and leave the CPU in "big real" mode afterwards. int Use plain INT 15h access to protected memory. This assumes that anything which hooks INT 15h knows what it is doing. safeint Use INT 15h access to protected memory, but invoke INT 15h the way it was *before* MEMDISK was loaded. This is the default since version 3.73.
MEMDISK by default supports EDD/EBIOS on hard disks, but not on floppy disks. This can be controlled with the options:
edd Enable EDD/EBIOS noedd Disable EDD/EBIOS
The following option can be used to pause to view the messages:
pause Wait for a keypress right before booting
The following option can be used to set the real-mode stack size. The default is 512 bytes, but if there is a failure it might be interesting to set it to something larger:
stack=size Set the stack to "size" bytes
Some systems without a floppy drive have been known to have problems with floppy images. To avoid those problems, first of all make sure you don't have a floppy drive configured on the BIOS screen. If there is no option to configure that, or that doesn't work, you can use the option:
nopass Hide all real drives of the same type (floppy or hard disk) nopassany Hide all real drives (floppy and hard disk)
The following standard Linux option will mark memory as reserved. Please note that the Syslinux core already loads MEMDISK and its initrd below this point:
mem=size Mark available memory above this point as Reserved.
If you're using MEMDISK to boot DOS from a CD-ROM (using ISOLINUX), you might find the generic El Torito CD-ROM driver by Gary Tong and Bart Lagerweij useful  . It is now included with the Syslinux distribution, in the dosutil directory. See the file dosutil/eltorito.txt for more information.
Similarly, if you're booting DOS over the network using PXELINUX, you can use the "keeppxe" option and use the generic PXE (UNDI) NDIS network driver, which is part of the PROBOOT.EXE [BootUtil] distribution from Intel:
Starting with version 2.08, MEMDISK now supports an installation check API. This works as follows:
EAX = 454D08xxh ("ME") (08h = parameter query) ECX = 444Dxxxxh ("MD") EDX = 5349xxnnh ("IS") (nn = drive #) EBX = 3F4Bxxxxh ("K?") INT 13h
If drive nn is a MEMDISK, the registers will contain:
EAX = 4D21xxxxh ("!M") ECX = 4D45xxxxh ("EM") EDX = 4944xxxxh ("DI") EBX = 4B53xxxxh ("SK") ES:DI -> MEMDISK info structures
The low parts of EAX/ECX/EDX/EBX have the normal return values for INT 13h, AH=08h, i.e. information of the disk geometry, etc.
See Ralf Brown's interrupt list, http://www.cs.cmu.edu/afs/cs.cmu.edu/user/ralf/pub/WWW/files.html or http://www.ctyme.com/rbrown.htm, for a detailed description.
The MEMDISK info structure currently contains:
[ES:DI] word Total size of structure (currently 30 bytes) [ES:DI+2] byte MEMDISK minor version [ES:DI+3] byte MEMDISK major version [ES:DI+4] dword Pointer to MEMDISK data in high memory [ES:DI+8] dword Size of MEMDISK data in sectors [ES:DI+12] 16:16 Far pointer to command line [ES:DI+16] 16:16 Old INT 13h pointer [ES:DI+20] 16:16 Old INT 15h pointer [ES:DI+24] word Amount of DOS memory before MEMDISK loaded [ES:DI+26] byte Boot loader ID [ES:DI+27] byte Sector size as a power of 2 (If zero, assume 512-byte sectors) [ES:DI+28] word If nonzero, offset (vs ES) to installed DPT This pointer+16 contains the original INT 1Eh
Sizes of this structure:
3.71+ 30 bytes Added DPT pointer 3.00-3.70 27 bytes Added boot loader ID pre-3.00 26 bytes
In addition, the following fields are available at [ES:0]:
[ES:0] word Offset of INT 13h routine (segment == ES) [ES:2] word Offset of INT 15h routine (segment == ES)
The program mdiskchk.c in the
dosutil directory is an example of how
this API can be used.
The following code can be used to "disable" MEMDISK. Note that it does not free the handler in DOS memory, and that running this from DOS will probably crash your machine (DOS doesn't like drives suddenly disappearing from underneath). This is also not necessarily the best method for this.
mov eax, 454D0800h mov ecx, 444D0000h mov edx, 53490000h mov dl,drive_number mov ebx, 3F4B0000h int 13h shr eax, 16 cmp ax, 4D21h jne not_memdisk shr ecx, 16 cmp cx, 4D45h jne not_memdisk shr edx, 16 cmp dx, 4944h jne not_memdisk shr ebx, 16 cmp bx, 4B53h jne not_memdisk cli mov bx,[es:0] ; INT 13h handler offset mov eax,[es:di+16] ; Old INT 13h handler mov byte [es:bx], 0EAh ; FAR JMP mov [es:bx+1], eax mov bx,[es:2] ; INT 15h handler offset mov eax,[es:di+20] ; Old INT 15h handler mov byte [es:bx], 0EAh ; FAR JMP mov [es:bx+1], eax sti
MEMDISK supports the Win9x "safe hook" structure for OS detection (see "Safe Master Boot Record INT 13h Hook Routines", available at  as of December 7th, 2009). An OS driver can take a look at the INTerrupt table and try to walk along the chain of those hooks that implement the "safe hook" structure. For each hook discovered, a vendor can be identified and the OS driver can take appropriate action. The OS driver can mark the "flags" field of the "safe hook" to indicate that the driver has reviewed it already. This prevents accidental re-detection, for example.
MEMDISK adds one additional extension field to the "safe hook" structure, a pointer to a special MEMDISK structure called the "mBFT." The mBFT is the "MEMDISK Boot Firmware Table" (akin to the iSCSI iBFT and the AoE aBFT). An OS driver looking at MEMDISK's "safe hook" should know that this field will be present based on the fact that MEMDISK is the vendor identifier.
The mBFT is little more than an ACPI table to prefix MEMDISK's traditional MEMDISK info structure (the "MDI"). The ACPI table's details are:
OEM ID. . . .: MEMDSK OEM Table ID : Syslinux
There is a 1-byte checksum field which covers the length of the mBFT all the way through to the end of the MEMDISK info structure.
There is also a physical pointer to the "safe hook" structure associated with the MEMDISK instance. An OS driver might use the following logic:
- 1. Walk INT 13h "safe hook" chain as far as possible, marking hooks as having been reviewed. For MEMDISK hooks, the driver then follows the pointer to the mBFT and gathers the RAM disk details from the included MDI.
- 2. The OS driver scans low memory for valid mBFTs. MEMDISK instances that have been "disconnected" from the INT 13h "safe hook" chain can be thus discovered. Looking at their associated "safe hook" structure will reveal if they were indeed reviewed by the previous stage.