Inside the Dell Utility Partition
An Exploration by Dan Goodell
In its sealed state, the Utility partition is marked as the 'active' partition in the
partition table. Thus, the first time the computer boots from the hard disk it will
boot the Utility partition, not the Windows partition.
(Note to self: it doesn't seem to matter whether the partition-type byte is 06h, 0Eh or DEh.)
At boot time, config.sys automatically launches
seal.exe. Since this is launched directly from config.sys, no autoexec.bat file is needed.
Support files for seal.exe include seal.ini and a small
collection of files in the c:\dell directory, including the following graphic bitmap
images. Seal.exe first displays this graphic about
the Dell EULA, then displays this graphic for desktops
or this graphic for laptops. Superimposed over the
white area in the middle will be the Dell Service Tag and Express Service Code.
(Note to reader: USA versions are shown here.)
Believe it or not, the characters for the Service Tag and Express Service Code are
cut-and-pasted from this font graphic.
(Shades of the rub-on transfer letters we used as kids!)
The Service Tag is not read from the hardware itself, but from the seal.ini file, so is
only as reliable as that text file. The Express Service Code is not read from anywhere,
it is calculated from the Service Tag. If the Service Tag in seal.ini is
changed a different Express Service Code would be generated.
(Note to self: the delldiag.exe utility doesn't appear to use
seal.ini and queries the hardware to get the real Service Tag.)
Next, the batch file copyup.bat is run,
which replaces config.sys and autoexec.bat (if it exists) by copying them from
(think: "Utility Partition").
The computer is now "unsealed", and on subsequent boots of the Utility partition
these replacement files will run delldiag.exe instead of seal.exe.
Note this means seal.exe is run only once, and thereafter booting the partition
will always run delldiag.exe.
Seal.exe modifies the partition table, setting the partition-type byte to DEh
(if it wasn't already) and changing the active boot flag to the next partition
(which is assumed to be the main OS partition), and then the computer proceeds
to boot the main partition.
(Note to self: Experimental results seem to suggest
seal.exe fiddles with the MBR boot code while it's doing all this; specifically,
I noticed 33h at offset 01h in the MBR sector changed to 80h, but afterward it
was changed back to 33h. Also, does seal.exe require DE to be first partition
on disk, or listed first in partition table?)
For the record, the file config.bts
(think: "Break The Seal")
is a duplicate of the sealed version of config.sys. The sealed state can be restored
by copying config.bts to config.sys and resetting the Utility partition as active.
(Note to reader: understand this doesn't return the Windows partition
back to its original state, though.)
If your computer is equipped with a Dell PC-Restore
partition, that feature expects to find the config.bts file in the Utility partition.
Otherwise, it cannot return the computer to a sealed state following a restore of the