SAFEFORMAT

=======================================================================

The following new source files have been added to the format
directory.

      SAFE.ASM    - Additional program source code
      SAFE.INC    - Extrn definitions to be included in other modules
      SAFEDEF.INC - Structure and equates used in SAFE.ASM
      NEWFMT.DOC  - This information and specification file


All changes to the existing format program have been incorporated
within conditionals. The defined value SAFE will determine whether
the new safe format is built. The build the safe format add the
command line switch for the assembler "-DSAFE=1". To disable
creation of the safe format and build the normal format program
change the switch to -DSAFE=0.

=======================================================================

The design specification for the MS-DOS 4.x safe format and unformat
utility is based on the these underlying assumptions.


FORMAT assumptions:

  1.  The utility is version dependent and will alway fail to run
      under versions of DOS (as reported by DOS function 30h)
      other the version it was designed for.

  2.  The utility will only attempt to preserve and restore existing
      DOS 4.x compatible parititions.

  3.  The utililty will incorporate general safty features but will
      rely on the integrety of the underlying operating system for
      detecting error conditions while accessing the hard disk.

  4.  There will be no attempt to allow restoration of a partition
      which was recognized as being damaged before the format
      operation had begun.

  5.  If for any reason the restoration files cannot be created
      the user will notified and allowed to decide if the format
      should continue without the restoration ability. There is
      one exception to this assumption and that is the case where
      a partition is detected to be unformated as described later.

  6.  The default operation during format will be to create the
      restoration file. A command line switch will allow the user
      to disable the feature.

  7.  All disk access will be done via DOS file handles and interrupts
      25h and 26h to allow DOS to detect and return any error
      conditions.

  8.  Only the first copy of the FAT will be saved. If any sectors
      in the first copy of the FAT cannot be successfully read
      using int 25h, an attempt will be made to read the corresponding
      sectors from the second copy of the FAT. Only if the
      corresponding sectors in both copies of the FAT cannot be read
      will it be assumed the the FAT is bad and a restoration file
      cannot be created.

  9.  The restoration file must contain all information neccessary
      to allow the restoration program to restore the original
      partition immediately after a format. If the original partition
      was a boot partition it must be restored so that it will boot
      the original operating system which was present before the
      format operation.

  10. The system files will consist of the either of the following
      2 groups of files plus COMMAND.COM.
      (IO.SYS and MSDOS.SYS) or (IBMBIO.SYS and IBMDOS.SYS)

  11. It will be assumed that a partition has never been formatted
      if the boot record is not valid using the conditions that the
      last 2 bytes of a boot sector contain a boot signature and
      the first byte is near or short jump opcode. When a partition
      has never been formatted a restoration file will not be
      created. There will be no need to alert the user to this action
      and formating will proceed as it does with the existing DOS 4.x
      utility.

  12. The restoration file will be created in the root directory
      before formating begins and this directory entry will be
      restored to the root directory as the 4th entry in the new
      root directory with an E5h placed in the first byte of the
      first 3 directory entries to allow room for operating system
      files. The restoration file will use the name "UNFORMAT.DAT"
      and will be created with HIDDEN, SYSTEM and READONLY
      attributes set.

  13. Any previous restoration file will be deleted at the time
      a new restoration file is created.

      WARNING: This will mean that if a user reformats a hard
      disk immediately after a previous format, the original
      contents of the hard disk will be lost.

  14. The restoration file will be designed so that it can allow
      restoration of the hard disk reguardless of the condition of
      boot sector, FAT or root directory after completion of the
      format operation. This feature is only for possible future
      enhancements and in this implementation there will be no
      attempt to restore a hard disk if the restoration file
      cannot be successfully read from the disk using the normal
      DOS file and sector read and write operations.

  15. The FAT which is written to the restoration file will also
      contain the FAT allocation chain for the restoration file.

  16. The DOS control C check will be disabled while the system areas
      of the disk are being written to help minimize the chance of
      losing the restoration file's directory entry and FAT chain.

      NOTE:
      The user will still be allowed to CTRL C out of the format at
      any time previous to this without damaging the integrity of
      the existing partition other than the deletion of any
      previously existing restoration file. 

  17. There will be 2 checksums in the restoration file header. One
      will be a checksum of the sector containing the file header
      and the other will be a checksum of the entire restoration
      file. The file header checksum will be used to confirm the
      file header is the valid starting sector of a restoration
      file and the file checksum will be used to insure the
      integrety of entire restoration file before a restoration
      is done.

  18. The information contained in the restoration file is intended
      to only allow the restoration of a hard disk partition if the
      UNFORMAT utility is used before any new files are written to
      the partition after a format operation. If any new files are
      written the partition is formatted it will void the integrety
      of the original FAT and the partition will be corrupt.

  19. The FORMAT utility must allow restoration of the original
      partition even in the event that the /S option is used to
      install a new operating system on the partition. This will
      be accomplished by assuring that the new OS does not
      overwrite any existing allocated areas other than the first
      2 clusters of the disk which have been saved in the restoration
      file.

  20. The fatal disk error handler will be changed so that IGNORE is
      not an option for handling of fatal disk errors. Only RETRY,
      FAIL and ABORT will be valid options.