Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.setup > #821 > unrolled thread
| Started by | Noob <root@localhost> |
|---|---|
| First post | 2011-07-22 00:45 -0400 |
| Last post | 2011-08-06 10:00 -0700 |
| Articles | 20 on this page of 56 — 19 participants |
Back to article view | Back to comp.os.linux.setup
Help, the dog ate my MBR (Linux/Windows dual boot) Noob <root@localhost> - 2011-07-22 00:45 -0400
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Ian Collins <ian-news@hotmail.com> - 2011-07-22 10:50 +1200
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Noob <root@localhost> - 2011-07-22 01:26 -0400
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Paul <nospam@needed.com> - 2011-07-21 19:38 -0400
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Noob <root@127.0.0.1> - 2011-07-22 16:29 +0200
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Paul <nospam@needed.com> - 2011-07-22 14:28 -0400
Re: Help, the dog ate my MBR (Linux/Windows dual boot) g.fink@gmx.net (Gernot Fink) - 2011-07-22 04:35 +0000
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Mike Easter <MikeE@ster.invalid> - 2011-07-21 19:20 -0700
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Noob <root@127.0.0.1> - 2011-07-22 11:00 +0200
Re: Help, the dog ate my MBR (Linux/Windows dual boot) GangGreene <GangGreene@invalid.com> - 2011-07-22 05:29 -0400
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Noob <root@127.0.0.1> - 2011-07-22 12:01 +0200
Re: Help, the dog ate my MBR (Linux/Windows dual boot) g.fink@gmx.net (Gernot Fink) - 2011-07-22 10:28 +0000
Re: Help, the dog ate my MBR (Linux/Windows dual boot) "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2011-07-21 23:33 -0400
Re: Help, the dog ate my MBR (Linux/Windows dual boot) BGB <cr88192@hotmail.com> - 2011-07-21 21:26 -0700
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Noob <root@127.0.0.1> - 2011-07-22 16:25 +0200
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Bob Willard <BobwBSGS@TrashThis.comcast.net> - 2011-07-22 12:17 -0400
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Noob <root@127.0.0.1> - 2011-07-22 18:35 +0200
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Arno <me@privacy.net> - 2011-07-22 18:41 +0000
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Paul <nospam@needed.com> - 2011-07-22 14:52 -0400
Re: Help, the dog ate my MBR (Linux/Windows dual boot) The Natural Philosopher <tnp@invalid.invalid> - 2011-07-23 02:23 +0100
Re: Help, the dog ate my MBR (Linux/Windows dual boot) scott@slp53.sl.home (Scott Lurndal) - 2011-07-22 19:19 +0000
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Noob <root@127.0.0.1> - 2011-07-23 20:51 +0200
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Noob <root@127.0.0.1> - 2011-07-24 16:54 +0200
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Arno <me@privacy.net> - 2011-07-24 15:29 +0000
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Noob <root@127.0.0.1> - 2011-07-27 11:36 +0200
Re: Help, the dog ate my MBR (Linux/Windows dual boot) The Natural Philosopher <tnp@invalid.invalid> - 2011-07-27 12:13 +0100
Re: Help, the dog ate my MBR (Linux/Windows dual boot) scott@slp53.sl.home (Scott Lurndal) - 2011-07-27 20:48 +0000
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Noob <root@127.0.0.1> - 2011-07-28 10:43 +0200
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Jonathan de Boyne Pollard <J.deBoynePollard-newsgroups@NTLWorld.COM> - 2011-07-29 00:49 +0100
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Ian Collins <ian-news@hotmail.com> - 2011-07-23 09:44 +1200
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Franc Zabkar <fzabkar@iinternode.on.net> - 2011-07-23 10:05 +1000
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Paul <nospam@needed.com> - 2011-07-22 20:58 -0400
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Franc Zabkar <fzabkar@iinternode.on.net> - 2011-07-23 11:31 +1000
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Jonathan de Boyne Pollard <J.deBoynePollard-newsgroups@NTLWorld.COM> - 2011-07-29 01:18 +0100
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Franc Zabkar <fzabkar@iinternode.on.net> - 2011-07-23 19:02 +1000
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Jonathan de Boyne Pollard <J.deBoynePollard-newsgroups@NTLWorld.COM> - 2011-07-29 01:37 +0100
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Franc Zabkar <fzabkar@iinternode.on.net> - 2011-07-23 17:34 +1000
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Noob <root@127.0.0.1> - 2011-07-23 21:25 +0200
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Franc Zabkar <fzabkar@iinternode.on.net> - 2011-07-25 08:15 +1000
Re: Help, the dog ate my MBR (Linux/Windows dual boot) scott@slp53.sl.home (Scott Lurndal) - 2011-07-24 23:08 +0000
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Franc Zabkar <fzabkar@iinternode.on.net> - 2011-07-25 09:46 +1000
Re: Help, the dog ate my MBR (Linux/Windows dual boot) scott@slp53.sl.home (Scott Lurndal) - 2011-07-25 02:19 +0000
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Paul <nospam@needed.com> - 2011-07-24 22:38 -0400
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Franc Zabkar <fzabkar@iinternode.on.net> - 2011-07-25 19:38 +1000
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Franc Zabkar <fzabkar@iinternode.on.net> - 2011-07-25 19:34 +1000
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Michael Press <rubrum@pacbell.net> - 2011-08-03 21:56 -0700
Re: Help, the dog ate my MBR (Linux/Windows dual boot) John Hasler <jhasler@newsguy.com> - 2011-08-04 08:15 -0500
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Jonathan de Boyne Pollard <J.deBoynePollard-newsgroups@NTLWorld.COM> - 2011-07-29 01:10 +0100
Re: Help, the dog ate my MBR (Linux/Windows dual boot) gordonb.22upl@burditt.org (Gordon Burditt) - 2011-07-23 17:15 -0500
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Noob <root@127.0.0.1> - 2011-07-24 16:42 +0200
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Noob <root@127.0.0.1> - 2011-10-27 11:13 +0200
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Arno <me@privacy.net> - 2011-10-27 15:24 +0000
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Noob <root@127.0.0.1> - 2011-10-28 11:06 +0200
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Jonathan de Boyne Pollard <J.deBoynePollard-newsgroups@NTLWorld.COM> - 2011-07-29 00:49 +0100
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Noob <root@127.0.0.1> - 2011-08-01 11:27 +0200
Re: Help, the dog ate my MBR (Linux/Windows dual boot) Nico Kadel-Garcia <nkadel@gmail.com> - 2011-08-06 10:00 -0700
Page 1 of 3 [1] 2 3 Next page →
| From | Noob <root@localhost> |
|---|---|
| Date | 2011-07-22 00:45 -0400 |
| Subject | Help, the dog ate my MBR (Linux/Windows dual boot) |
| Message-ID | <4e28ac1d$0$14975$426a74cc@news.free.fr> |
Hello,
Something trashed my MBR. Now when I boot the PC,
I get the dreaded "NON-SYSTEM DISK. PLEASE INSERT
SYSTEM DISK AND PRESS ENTER" (or something close).
My setup:
PATA 120-GB HDD on IDE0 master
PATA DVD reader on IDE1 master
No IDE slaves. No SATA drives. (SATA disabled in BIOS)
I'd used gparted to create three primary partitions
(all partitions are aligned to 1 MiB, even though
this is not a 4K-sector HDD)
partition 1 : 80.00 GiB (for WinXP)
partition 2 : 33.75 GiB (for Fedora 13)
partition 3 : 765 MiB (for swap)
For my own record, my partitions are encoded
as follows.
http://en.wikipedia.org/wiki/Master_boot_record
http://en.wikipedia.org/wiki/Partition_type
80 20 21 00 07 fe ff ff 00 08 00 00 00 00 00 0a
bootable, NTFS, start = 1 MiB, count = 80 GiB
00 fe ff ff 83 fe ff ff 00 08 00 0a 00 00 38 04
non-bootable, linux, count = 33.75 GiB
00 fe ff ff 82 fe ff ff 00 08 38 0e 00 e8 17 00
non-bootable, swap, count = 765 MiB
I used a Fedora 15 live CD to boot to Linux, and examine
the MBR. I looked for the MBR signature, and noticed
something very odd: the 0xAA55 signature was 14 bytes
"too far", i.e. at offset 0x20c instead of 0x1fe, which
means my broken MBR straddles sectors 0 and 1...
# cat broken_mbr.dump
00000000 00 00 00 00 00 00 41 01 63 74 e6 00 39 00 eb 48 |......A.ct..9..H|
00000010 90 d0 bc 00 7c fb 50 07 50 1f fc be 1b 7c bf 1b |....|.P.P....|..|
00000020 06 50 57 b9 e5 01 f3 a4 cb bd be 07 b1 04 38 6e |.PW...........8n|
00000030 00 7c 09 75 13 83 c5 10 e2 f4 cd 18 8b f5 83 c6 |.|.u............|
00000040 10 49 74 19 38 2c 74 f6 a0 b5 07 b4 03 02 80 00 |.It.8,t.........|
00000050 00 80 00 e8 c4 0a 00 08 fa 90 90 f6 c2 80 75 02 |..............u.|
00000060 b2 80 ea 59 7c 00 00 31 c0 8e d8 8e d0 bc 00 20 |...Y|..1....... |
00000070 fb a0 40 7c 3c ff 74 02 88 c2 52 f6 c2 80 74 54 |..@|<.t...R...tT|
00000080 b4 41 bb aa 55 cd 13 5a 52 72 49 81 fb 55 aa 75 |.A..U..ZRrI..U.u|
00000090 43 a0 41 7c 84 c0 75 05 83 e1 01 74 37 66 8b 4c |C.A|..u....t7f.L|
000000a0 10 be 05 7c c6 44 ff 01 66 8b 1e 44 7c c7 04 10 |...|.D..f..D|...|
000000b0 00 c7 44 02 01 00 66 89 5c 08 c7 44 06 00 70 66 |..D...f.\..D..pf|
000000c0 31 c0 89 44 04 66 89 44 0c b4 42 cd 13 72 05 bb |1..D.f.D..B..r..|
000000d0 00 70 eb 7d b4 08 cd 13 73 0a f6 c2 80 0f 84 f0 |.p.}....s.......|
000000e0 00 e9 8d 00 be 05 7c c6 44 ff 00 66 31 c0 88 f0 |......|.D..f1...|
000000f0 40 66 89 44 04 31 d2 88 ca c1 e2 02 88 e8 88 f4 |@f.D.1..........|
00000100 40 89 44 08 31 c0 88 d0 c0 e8 02 66 89 04 66 a1 |@.D.1......f..f.|
00000110 44 7c 66 31 d2 66 f7 34 88 54 0a 66 31 d2 66 f7 |D|f1.f.4.T.f1.f.|
00000120 74 04 88 54 0b 89 44 0c 3b 44 08 7d 3c 8a 54 0d |t..T..D.;D.}<.T.|
00000130 c0 e2 06 8a 4c 0a fe c1 08 d1 8a 6c 0c 5a 8a 74 |....L......l.Z.t|
00000140 0b bb 00 70 8e c3 31 db b8 01 02 cd 13 72 2a 8c |...p..1......r*.|
00000150 c3 8e 06 48 7c 60 1e b9 00 01 8e db 31 f6 31 ff |...H|`......1.1.|
00000160 fc f3 a5 1f 61 ff 26 42 7c be 7f 7d e8 40 00 eb |....a.&B|..}.@..|
00000170 0e be 84 7d e8 38 00 eb 06 be 8e 7d e8 30 00 be |...}.8.....}.0..|
00000180 93 7d e8 2a 00 eb fe 47 52 55 42 20 00 47 65 6f |.}.*...GRUB .Geo|
00000190 6d 00 48 61 72 64 20 44 69 73 6b 00 52 65 61 64 |m.Hard Disk.Read|
000001a0 00 20 45 72 72 6f 72 00 bb 01 00 b4 0e cd 10 ac |. Error.........|
000001b0 3c 00 75 f4 c3 00 00 00 00 00 00 00 00 00 00 00 |<.u.............|
000001c0 00 00 00 00 00 00 dc 3b dd 3b 00 00 80 20 21 00 |.......;.;... !.|
000001d0 07 fe ff ff 00 08 00 00 00 00 00 0a 00 fe ff ff |................|
000001e0 83 fe ff ff 00 08 00 0a 00 00 38 04 00 fe ff ff |..........8.....|
000001f0 82 fe ff ff 00 08 38 0e 00 e8 17 00 00 00 00 00 |......8.........|
00000200 00 00 00 00 00 00 00 00 00 00 00 00 55 aa 00 00 |............U...|
00000210 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
The partition table (64 bytes) at the end, right
before the last two-byte signature, is valid.
For comparison, I examined /boot/grub/stage1
# cat good_mbr.dump
00000000 eb 48 90 00 00 00 00 00 00 00 00 00 00 00 00 00 |.H..............|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 02 |................|
00000040 ff 00 00 80 01 00 00 00 00 08 fa eb 07 f6 c2 80 |................|
00000050 75 02 b2 80 ea 59 7c 00 00 31 c0 8e d8 8e d0 bc |u....Y|..1......|
00000060 00 20 fb a0 40 7c 3c ff 74 02 88 c2 52 f6 c2 80 |. ..@|<.t...R...|
00000070 74 54 b4 41 bb aa 55 cd 13 5a 52 72 49 81 fb 55 |tT.A..U..ZRrI..U|
00000080 aa 75 43 a0 41 7c 84 c0 75 05 83 e1 01 74 37 66 |.uC.A|..u....t7f|
00000090 8b 4c 10 be 05 7c c6 44 ff 01 66 8b 1e 44 7c c7 |.L...|.D..f..D|.|
000000a0 04 10 00 c7 44 02 01 00 66 89 5c 08 c7 44 06 00 |....D...f.\..D..|
000000b0 70 66 31 c0 89 44 04 66 89 44 0c b4 42 cd 13 72 |pf1..D.f.D..B..r|
000000c0 05 bb 00 70 eb 7d b4 08 cd 13 73 0a f6 c2 80 0f |...p.}....s.....|
000000d0 84 f0 00 e9 8d 00 be 05 7c c6 44 ff 00 66 31 c0 |........|.D..f1.|
000000e0 88 f0 40 66 89 44 04 31 d2 88 ca c1 e2 02 88 e8 |..@f.D.1........|
000000f0 88 f4 40 89 44 08 31 c0 88 d0 c0 e8 02 66 89 04 |..@.D.1......f..|
00000100 66 a1 44 7c 66 31 d2 66 f7 34 88 54 0a 66 31 d2 |f.D|f1.f.4.T.f1.|
00000110 66 f7 74 04 88 54 0b 89 44 0c 3b 44 08 7d 3c 8a |f.t..T..D.;D.}<.|
00000120 54 0d c0 e2 06 8a 4c 0a fe c1 08 d1 8a 6c 0c 5a |T.....L......l.Z|
00000130 8a 74 0b bb 00 70 8e c3 31 db b8 01 02 cd 13 72 |.t...p..1......r|
00000140 2a 8c c3 8e 06 48 7c 60 1e b9 00 01 8e db 31 f6 |*....H|`......1.|
00000150 31 ff fc f3 a5 1f 61 ff 26 42 7c be 7f 7d e8 40 |1.....a.&B|..}.@|
00000160 00 eb 0e be 84 7d e8 38 00 eb 06 be 8e 7d e8 30 |.....}.8.....}.0|
00000170 00 be 93 7d e8 2a 00 eb fe 47 52 55 42 20 00 47 |...}.*...GRUB .G|
00000180 65 6f 6d 00 48 61 72 64 20 44 69 73 6b 00 52 65 |eom.Hard Disk.Re|
00000190 61 64 00 20 45 72 72 6f 72 00 bb 01 00 b4 0e cd |ad. Error.......|
000001a0 10 ac 3c 00 75 f4 c3 00 00 00 00 00 00 00 00 00 |..<.u...........|
000001b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 12 |..............$.|
000001c0 0f 09 00 be bd 7d 31 c0 cd 13 46 8a 0c 80 f9 00 |.....}1...F.....|
000001d0 75 0f be da 7d e8 c9 ff eb 97 46 6c 6f 70 70 79 |u...}.....Floppy|
000001e0 00 bb 00 70 b8 01 02 b5 00 b6 00 cd 13 72 d7 b6 |...p.........r..|
000001f0 01 b5 4f e9 e0 fe 00 00 00 00 00 00 00 00 55 aa |..O...........U.|
And indeed, the "eb 48" is there in my broken MBR,
14 bytes "too far". So it looks like I could just
use a binary editor to remove the first 14 bytes,
then write that back to my HDD's first sector?
Not too sure about that, though.
Does my broken MBR, shifted left by 14 bytes, look
like a valid MBR for grub?
Thoughts? Suggestions? How should I proceed?
For the record, here are the disassembly for the
broken MBR, and the good MBR (they do seem to differ
in several places, I'm wondering if this is because
I shouldn't be looking at /boot/grub/stage1)
On a normal MBR, the code area ranges from 0 to 0x1b7
Shifted by 14 bytes, I expect range 14 to 0x1c5
http://prefetch.net/blog/index.php/2006/09/09/digging-through-the-mbr/
# cat broken_mbr.asm
0: 00 00 add %al,(%bx,%si)
2: 00 00 add %al,(%bx,%si)
4: 00 00 add %al,(%bx,%si)
6: 41 inc %cx
7: 01 63 74 add %sp,0x74(%bp,%di)
a: e6 00 out %al,$0x0
c: 39 00 cmp %ax,(%bx,%si)
XXX e: eb 48 jmp 0x58
10: 90 nop
11: d0 bc 00 7c sarb 0x7c00(%si)
15: fb sti
16: 50 push %ax
17: 07 pop %es
18: 50 push %ax
19: 1f pop %ds
1a: fc cld
1b: be 1b 7c mov $0x7c1b,%si
1e: bf 1b 06 mov $0x61b,%di
21: 50 push %ax
22: 57 push %di
23: b9 e5 01 mov $0x1e5,%cx
26: f3 a4 rep movsb %ds:(%si),%es:(%di)
28: cb lret
29: bd be 07 mov $0x7be,%bp
2c: b1 04 mov $0x4,%cl
2e: 38 6e 00 cmp %ch,0x0(%bp)
31: 7c 09 jl 0x3c
33: 75 13 jne 0x48
35: 83 c5 10 add $0x10,%bp
38: e2 f4 loop 0x2e
3a: cd 18 int $0x18
3c: 8b f5 mov %bp,%si
3e: 83 c6 10 add $0x10,%si
41: 49 dec %cx
42: 74 19 je 0x5d
44: 38 2c cmp %ch,(%si)
46: 74 f6 je 0x3e
48: a0 b5 07 mov 0x7b5,%al
4b: b4 03 mov $0x3,%ah
4d: 02 80 00 00 add 0x0(%bx,%si),%al
51: 80 00 e8 addb $0xe8,(%bx,%si)
54: c4 0a les (%bp,%si),%cx
56: 00 08 add %cl,(%bx,%si)
58: fa cli
59: 90 nop
5a: 90 nop
5b: f6 c2 80 test $0x80,%dl
5e: 75 02 jne 0x62
60: b2 80 mov $0x80,%dl
62: ea 59 7c 00 00 ljmp $0x0,$0x7c59
67: 31 c0 xor %ax,%ax
69: 8e d8 mov %ax,%ds
6b: 8e d0 mov %ax,%ss
6d: bc 00 20 mov $0x2000,%sp
70: fb sti
71: a0 40 7c mov 0x7c40,%al
74: 3c ff cmp $0xff,%al
76: 74 02 je 0x7a
78: 88 c2 mov %al,%dl
7a: 52 push %dx
7b: f6 c2 80 test $0x80,%dl
7e: 74 54 je 0xd4
80: b4 41 mov $0x41,%ah
82: bb aa 55 mov $0x55aa,%bx
85: cd 13 int $0x13
87: 5a pop %dx
88: 52 push %dx
89: 72 49 jb 0xd4
8b: 81 fb 55 aa cmp $0xaa55,%bx
8f: 75 43 jne 0xd4
91: a0 41 7c mov 0x7c41,%al
94: 84 c0 test %al,%al
96: 75 05 jne 0x9d
98: 83 e1 01 and $0x1,%cx
9b: 74 37 je 0xd4
9d: 66 8b 4c 10 mov 0x10(%si),%ecx
a1: be 05 7c mov $0x7c05,%si
a4: c6 44 ff 01 movb $0x1,-0x1(%si)
a8: 66 8b 1e 44 7c mov 0x7c44,%ebx
ad: c7 04 10 00 movw $0x10,(%si)
b1: c7 44 02 01 00 movw $0x1,0x2(%si)
b6: 66 89 5c 08 mov %ebx,0x8(%si)
ba: c7 44 06 00 70 movw $0x7000,0x6(%si)
bf: 66 31 c0 xor %eax,%eax
c2: 89 44 04 mov %ax,0x4(%si)
c5: 66 89 44 0c mov %eax,0xc(%si)
c9: b4 42 mov $0x42,%ah
cb: cd 13 int $0x13
cd: 72 05 jb 0xd4
cf: bb 00 70 mov $0x7000,%bx
d2: eb 7d jmp 0x151
d4: b4 08 mov $0x8,%ah
d6: cd 13 int $0x13
d8: 73 0a jae 0xe4
da: f6 c2 80 test $0x80,%dl
dd: 0f 84 f0 00 je 0x1d1
e1: e9 8d 00 jmp 0x171
e4: be 05 7c mov $0x7c05,%si
e7: c6 44 ff 00 movb $0x0,-0x1(%si)
eb: 66 31 c0 xor %eax,%eax
ee: 88 f0 mov %dh,%al
f0: 40 inc %ax
f1: 66 89 44 04 mov %eax,0x4(%si)
f5: 31 d2 xor %dx,%dx
f7: 88 ca mov %cl,%dl
f9: c1 e2 02 shl $0x2,%dx
fc: 88 e8 mov %ch,%al
fe: 88 f4 mov %dh,%ah
100: 40 inc %ax
101: 89 44 08 mov %ax,0x8(%si)
104: 31 c0 xor %ax,%ax
106: 88 d0 mov %dl,%al
108: c0 e8 02 shr $0x2,%al
10b: 66 89 04 mov %eax,(%si)
10e: 66 a1 44 7c mov 0x7c44,%eax
112: 66 31 d2 xor %edx,%edx
115: 66 f7 34 divl (%si)
118: 88 54 0a mov %dl,0xa(%si)
11b: 66 31 d2 xor %edx,%edx
11e: 66 f7 74 04 divl 0x4(%si)
122: 88 54 0b mov %dl,0xb(%si)
125: 89 44 0c mov %ax,0xc(%si)
128: 3b 44 08 cmp 0x8(%si),%ax
12b: 7d 3c jge 0x169
12d: 8a 54 0d mov 0xd(%si),%dl
130: c0 e2 06 shl $0x6,%dl
133: 8a 4c 0a mov 0xa(%si),%cl
136: fe c1 inc %cl
138: 08 d1 or %dl,%cl
13a: 8a 6c 0c mov 0xc(%si),%ch
13d: 5a pop %dx
13e: 8a 74 0b mov 0xb(%si),%dh
141: bb 00 70 mov $0x7000,%bx
144: 8e c3 mov %bx,%es
146: 31 db xor %bx,%bx
148: b8 01 02 mov $0x201,%ax
14b: cd 13 int $0x13
14d: 72 2a jb 0x179
14f: 8c c3 mov %es,%bx
151: 8e 06 48 7c mov 0x7c48,%es
155: 60 pusha
156: 1e push %ds
157: b9 00 01 mov $0x100,%cx
15a: 8e db mov %bx,%ds
15c: 31 f6 xor %si,%si
15e: 31 ff xor %di,%di
160: fc cld
161: f3 a5 rep movsw %ds:(%si),%es:(%di)
163: 1f pop %ds
164: 61 popa
165: ff 26 42 7c jmp *0x7c42
169: be 7f 7d mov $0x7d7f,%si
16c: e8 40 00 call 0x1af
16f: eb 0e jmp 0x17f
171: be 84 7d mov $0x7d84,%si
174: e8 38 00 call 0x1af
177: eb 06 jmp 0x17f
179: be 8e 7d mov $0x7d8e,%si
17c: e8 30 00 call 0x1af
17f: be 93 7d mov $0x7d93,%si
182: e8 2a 00 call 0x1af
185: eb fe jmp 0x185
187: 47 inc %di
188: 52 push %dx
189: 55 push %bp
18a: 42 inc %dx
18b: 20 00 and %al,(%bx,%si)
18d: 47 inc %di
18e: 65 6f outsw %gs:(%si),(%dx)
190: 6d insw (%dx),%es:(%di)
191: 00 48 61 add %cl,0x61(%bx,%si)
194: 72 64 jb 0x1fa
196: 20 44 69 and %al,0x69(%si)
199: 73 6b jae 0x206
19b: 00 52 65 add %dl,0x65(%bp,%si)
19e: 61 popa
19f: 64 00 20 add %ah,%fs:(%bx,%si)
1a2: 45 inc %bp
1a3: 72 72 jb 0x217
1a5: 6f outsw %ds:(%si),(%dx)
1a6: 72 00 jb 0x1a8
1a8: bb 01 00 mov $0x1,%bx
1ab: b4 0e mov $0xe,%ah
1ad: cd 10 int $0x10
1af: ac lods %ds:(%si),%al
1b0: 3c 00 cmp $0x0,%al
1b2: 75 f4 jne 0x1a8
1b4: c3 ret
...
!!! DATA (NOT CODE) BELOW THISPOINT (AFAIU) !!!
1c5: 00 dc add %bl,%ah
1c7: 3b dd cmp %bp,%bx
1c9: 3b 00 cmp (%bx,%si),%ax
1cb: 00 80 20 21 add %al,0x2120(%bx,%si)
1cf: 00 07 add %al,(%bx)
1d1: fe (bad)
1d2: ff (bad)
1d3: ff 00 incw (%bx,%si)
1d5: 08 00 or %al,(%bx,%si)
1d7: 00 00 add %al,(%bx,%si)
1d9: 00 00 add %al,(%bx,%si)
1db: 0a 00 or (%bx,%si),%al
1dd: fe (bad)
1de: ff (bad)
1df: ff 83 fe ff incw -0x2(%bp,%di)
1e3: ff 00 incw (%bx,%si)
1e5: 08 00 or %al,(%bx,%si)
1e7: 0a 00 or (%bx,%si),%al
1e9: 00 38 add %bh,(%bx,%si)
1eb: 04 00 add $0x0,%al
1ed: fe (bad)
1ee: ff (bad)
1ef: ff 82 fe ff incw -0x2(%bp,%si)
1f3: ff 00 incw (%bx,%si)
1f5: 08 38 or %bh,(%bx,%si)
1f7: 0e push %cs
1f8: 00 e8 add %ch,%al
1fa: 17 pop %ss
...
20b: 00 55 aa add %dl,-0x56(%di)
# cat good_mbr.asm
0: eb 48 jmp 0x4a
2: 90 nop
...
3b: 00 00 add %al,(%bx,%si)
3d: 00 03 add %al,(%bp,%di)
3f: 02 ff add %bh,%bh
41: 00 00 add %al,(%bx,%si)
43: 80 01 00 addb $0x0,(%bx,%di)
46: 00 00 add %al,(%bx,%si)
48: 00 08 add %cl,(%bx,%si)
4a: fa cli
4b: eb 07 jmp 0x54
4d: f6 c2 80 test $0x80,%dl
50: 75 02 jne 0x54
52: b2 80 mov $0x80,%dl
54: ea 59 7c 00 00 ljmp $0x0,$0x7c59
59: 31 c0 xor %ax,%ax
5b: 8e d8 mov %ax,%ds
5d: 8e d0 mov %ax,%ss
5f: bc 00 20 mov $0x2000,%sp
62: fb sti
63: a0 40 7c mov 0x7c40,%al
66: 3c ff cmp $0xff,%al
68: 74 02 je 0x6c
6a: 88 c2 mov %al,%dl
6c: 52 push %dx
6d: f6 c2 80 test $0x80,%dl
70: 74 54 je 0xc6
72: b4 41 mov $0x41,%ah
74: bb aa 55 mov $0x55aa,%bx
77: cd 13 int $0x13
79: 5a pop %dx
7a: 52 push %dx
7b: 72 49 jb 0xc6
7d: 81 fb 55 aa cmp $0xaa55,%bx
81: 75 43 jne 0xc6
83: a0 41 7c mov 0x7c41,%al
86: 84 c0 test %al,%al
88: 75 05 jne 0x8f
8a: 83 e1 01 and $0x1,%cx
8d: 74 37 je 0xc6
8f: 66 8b 4c 10 mov 0x10(%si),%ecx
93: be 05 7c mov $0x7c05,%si
96: c6 44 ff 01 movb $0x1,-0x1(%si)
9a: 66 8b 1e 44 7c mov 0x7c44,%ebx
9f: c7 04 10 00 movw $0x10,(%si)
a3: c7 44 02 01 00 movw $0x1,0x2(%si)
a8: 66 89 5c 08 mov %ebx,0x8(%si)
ac: c7 44 06 00 70 movw $0x7000,0x6(%si)
b1: 66 31 c0 xor %eax,%eax
b4: 89 44 04 mov %ax,0x4(%si)
b7: 66 89 44 0c mov %eax,0xc(%si)
bb: b4 42 mov $0x42,%ah
bd: cd 13 int $0x13
bf: 72 05 jb 0xc6
c1: bb 00 70 mov $0x7000,%bx
c4: eb 7d jmp 0x143
c6: b4 08 mov $0x8,%ah
c8: cd 13 int $0x13
ca: 73 0a jae 0xd6
cc: f6 c2 80 test $0x80,%dl
cf: 0f 84 f0 00 je 0x1c3
d3: e9 8d 00 jmp 0x163
d6: be 05 7c mov $0x7c05,%si
d9: c6 44 ff 00 movb $0x0,-0x1(%si)
dd: 66 31 c0 xor %eax,%eax
e0: 88 f0 mov %dh,%al
e2: 40 inc %ax
e3: 66 89 44 04 mov %eax,0x4(%si)
e7: 31 d2 xor %dx,%dx
e9: 88 ca mov %cl,%dl
eb: c1 e2 02 shl $0x2,%dx
ee: 88 e8 mov %ch,%al
f0: 88 f4 mov %dh,%ah
f2: 40 inc %ax
f3: 89 44 08 mov %ax,0x8(%si)
f6: 31 c0 xor %ax,%ax
f8: 88 d0 mov %dl,%al
fa: c0 e8 02 shr $0x2,%al
fd: 66 89 04 mov %eax,(%si)
100: 66 a1 44 7c mov 0x7c44,%eax
104: 66 31 d2 xor %edx,%edx
107: 66 f7 34 divl (%si)
10a: 88 54 0a mov %dl,0xa(%si)
10d: 66 31 d2 xor %edx,%edx
110: 66 f7 74 04 divl 0x4(%si)
114: 88 54 0b mov %dl,0xb(%si)
117: 89 44 0c mov %ax,0xc(%si)
11a: 3b 44 08 cmp 0x8(%si),%ax
11d: 7d 3c jge 0x15b
11f: 8a 54 0d mov 0xd(%si),%dl
122: c0 e2 06 shl $0x6,%dl
125: 8a 4c 0a mov 0xa(%si),%cl
128: fe c1 inc %cl
12a: 08 d1 or %dl,%cl
12c: 8a 6c 0c mov 0xc(%si),%ch
12f: 5a pop %dx
130: 8a 74 0b mov 0xb(%si),%dh
133: bb 00 70 mov $0x7000,%bx
136: 8e c3 mov %bx,%es
138: 31 db xor %bx,%bx
13a: b8 01 02 mov $0x201,%ax
13d: cd 13 int $0x13
13f: 72 2a jb 0x16b
141: 8c c3 mov %es,%bx
143: 8e 06 48 7c mov 0x7c48,%es
147: 60 pusha
148: 1e push %ds
149: b9 00 01 mov $0x100,%cx
14c: 8e db mov %bx,%ds
14e: 31 f6 xor %si,%si
150: 31 ff xor %di,%di
152: fc cld
153: f3 a5 rep movsw %ds:(%si),%es:(%di)
155: 1f pop %ds
156: 61 popa
157: ff 26 42 7c jmp *0x7c42
15b: be 7f 7d mov $0x7d7f,%si
15e: e8 40 00 call 0x1a1
161: eb 0e jmp 0x171
163: be 84 7d mov $0x7d84,%si
166: e8 38 00 call 0x1a1
169: eb 06 jmp 0x171
16b: be 8e 7d mov $0x7d8e,%si
16e: e8 30 00 call 0x1a1
171: be 93 7d mov $0x7d93,%si
174: e8 2a 00 call 0x1a1
177: eb fe jmp 0x177
179: 47 inc %di
17a: 52 push %dx
17b: 55 push %bp
17c: 42 inc %dx
17d: 20 00 and %al,(%bx,%si)
17f: 47 inc %di
180: 65 6f outsw %gs:(%si),(%dx)
182: 6d insw (%dx),%es:(%di)
183: 00 48 61 add %cl,0x61(%bx,%si)
186: 72 64 jb 0x1ec
188: 20 44 69 and %al,0x69(%si)
18b: 73 6b jae 0x1f8
18d: 00 52 65 add %dl,0x65(%bp,%si)
190: 61 popa
191: 64 00 20 add %ah,%fs:(%bx,%si)
194: 45 inc %bp
195: 72 72 jb 0x209
197: 6f outsw %ds:(%si),(%dx)
198: 72 00 jb 0x19a
19a: bb 01 00 mov $0x1,%bx
19d: b4 0e mov $0xe,%ah
19f: cd 10 int $0x10
1a1: ac lods %ds:(%si),%al
1a2: 3c 00 cmp $0x0,%al
1a4: 75 f4 jne 0x19a
1a6: c3 ret
...
!!! DATA (NOT CODE) BELOW THIS POINT (AFAIU) !!!
1bb: 00 00 add %al,(%bx,%si)
1bd: 00 24 add %ah,(%si)
1bf: 12 0f adc (%bx),%cl
1c1: 09 00 or %ax,(%bx,%si)
1c3: be bd 7d mov $0x7dbd,%si
1c6: 31 c0 xor %ax,%ax
1c8: cd 13 int $0x13
1ca: 46 inc %si
1cb: 8a 0c mov (%si),%cl
1cd: 80 f9 00 cmp $0x0,%cl
1d0: 75 0f jne 0x1e1
1d2: be da 7d mov $0x7dda,%si
1d5: e8 c9 ff call 0x1a1
1d8: eb 97 jmp 0x171
1da: 46 inc %si
1db: 6c insb (%dx),%es:(%di)
1dc: 6f outsw %ds:(%si),(%dx)
1dd: 70 70 jo 0x24f
1df: 79 00 jns 0x1e1
1e1: bb 00 70 mov $0x7000,%bx
1e4: b8 01 02 mov $0x201,%ax
1e7: b5 00 mov $0x0,%ch
1e9: b6 00 mov $0x0,%dh
1eb: cd 13 int $0x13
1ed: 72 d7 jb 0x1c6
1ef: b6 01 mov $0x1,%dh
1f1: b5 4f mov $0x4f,%ch
1f3: e9 e0 fe jmp 0xd6
...
1fe: 55 push %bp
1ff: aa stos %al,%es:(%di)
Thanks for reading this far!! ;-)
Regards.
[toc] | [next] | [standalone]
| From | Ian Collins <ian-news@hotmail.com> |
|---|---|
| Date | 2011-07-22 10:50 +1200 |
| Message-ID | <98rop8FroiU6@mid.individual.net> |
| In reply to | #821 |
On 07/22/11 04:45 PM, Noob wrote: > Hello, > > Something trashed my MBR. Now when I boot the PC, > I get the dreaded "NON-SYSTEM DISK. PLEASE INSERT > SYSTEM DISK AND PRESS ENTER" (or something close). Boot off a live or repair CD and fix grub. -- Ian Collins
[toc] | [prev] | [next] | [standalone]
| From | Noob <root@localhost> |
|---|---|
| Date | 2011-07-22 01:26 -0400 |
| Message-ID | <4e28b5a4$0$13068$426a74cc@news.free.fr> |
| In reply to | #822 |
Ian Collins wrote: > Noob wrote: > >> Something trashed my MBR. Now when I boot the PC, >> I get the dreaded "NON-SYSTEM DISK. PLEASE INSERT >> SYSTEM DISK AND PRESS ENTER" (or something close). > > Boot off a live or repair CD and fix grub. OK, I have a Fedora 15 live CD (XFCE spin). How do I "fix grub" and how is the tool going to figure out the partition table, considering that the MBR is now corrupt? Regards.
[toc] | [prev] | [next] | [standalone]
| From | Paul <nospam@needed.com> |
|---|---|
| Date | 2011-07-21 19:38 -0400 |
| Message-ID | <j0ad9i$k1m$1@dont-email.me> |
| In reply to | #823 |
Noob wrote:
> Ian Collins wrote:
>
>> Noob wrote:
>>
>>> Something trashed my MBR. Now when I boot the PC,
>>> I get the dreaded "NON-SYSTEM DISK. PLEASE INSERT
>>> SYSTEM DISK AND PRESS ENTER" (or something close).
>>
>> Boot off a live or repair CD and fix grub.
>
> OK, I have a Fedora 15 live CD (XFCE spin).
>
> How do I "fix grub" and how is the tool going to
> figure out the partition table, considering that
> the MBR is now corrupt?
>
> Regards.
If you want to "recompute" the primary partition table,
try "TestDisk". Available for multiple platforms.
http://www.cgsecurity.org/wiki/TestDisk_Step_By_Step
The fun part, is figuring out the interface.
The last time I used it, I was playing with a Win2K
installer CD, and examining the partitioning options
the installer would offer. I quit the installer, but
little did I know, that it had already overwritten
the MBR, according to my planned setup.
Using TestDisk, I was able to put back the primary
partition table of the MBR. So it has the capability
- it took me a while to figure out what to do with it.
It can't "put back" the 446 byte code segment, but
it will solve the primary partition table problem.
Once the primary partition looks good, you can
try the grub portion.
Note that it can find even deleted partitions. When
I ran it, it managed to detect "five" primary partitions.
(One of the partitions was sitting in unallocated space,
and only "looked" like a partition.) It requires your
own memory of how things were set up, to determine what
gets saved and what gets turfed. In my case, the computed
result makes no sense, until you recollect the small 5GB
partition isn't really supposed to be there. So if you
were a maintenance man, with no previous knowledge
of the disk config, TestDisk could present what it found,
and you'd be hard pressed to figure out what to keep.
So, "TestDisk" first, "Grub" second...
Paul
[toc] | [prev] | [next] | [standalone]
| From | Noob <root@127.0.0.1> |
|---|---|
| Date | 2011-07-22 16:29 +0200 |
| Message-ID | <j0c1f6$8gl$1@dont-email.me> |
| In reply to | #824 |
Paul wrote: > Noob wrote: >> Ian Collins wrote: >>> Noob wrote: >>> >>>> Something trashed my MBR. Now when I boot the PC, >>>> I get the dreaded "NON-SYSTEM DISK. PLEASE INSERT >>>> SYSTEM DISK AND PRESS ENTER" (or something close). >>> >>> Boot off a live or repair CD and fix grub. >> >> OK, I have a Fedora 15 live CD (XFCE spin). >> >> How do I "fix grub" and how is the tool going to >> figure out the partition table, considering that >> the MBR is now corrupt? > > If you want to "recompute" the primary partition table, > try "TestDisk". Available for multiple platforms. Thanks Paul, I don't need to recompute the partition table, because I know what it was set to: 80 20 21 00 07 fe ff ff 00 08 00 00 00 00 00 0a 00 fe ff ff 83 fe ff ff 00 08 00 0a 00 00 38 04 00 fe ff ff 82 fe ff ff 00 08 38 0e 00 e8 17 00 Regards.
[toc] | [prev] | [next] | [standalone]
| From | Paul <nospam@needed.com> |
|---|---|
| Date | 2011-07-22 14:28 -0400 |
| Message-ID | <j0cfgr$clo$1@dont-email.me> |
| In reply to | #834 |
Noob wrote:
> Paul wrote:
>> Noob wrote:
>>> Ian Collins wrote:
>>>> Noob wrote:
>>>>
>>>>> Something trashed my MBR. Now when I boot the PC,
>>>>> I get the dreaded "NON-SYSTEM DISK. PLEASE INSERT
>>>>> SYSTEM DISK AND PRESS ENTER" (or something close).
>>>> Boot off a live or repair CD and fix grub.
>>> OK, I have a Fedora 15 live CD (XFCE spin).
>>>
>>> How do I "fix grub" and how is the tool going to
>>> figure out the partition table, considering that
>>> the MBR is now corrupt?
>> If you want to "recompute" the primary partition table,
>> try "TestDisk". Available for multiple platforms.
>
> Thanks Paul, I don't need to recompute the partition table,
> because I know what it was set to:
>
> 80 20 21 00 07 fe ff ff 00 08 00 00 00 00 00 0a
> 00 fe ff ff 83 fe ff ff 00 08 00 0a 00 00 38 04
> 00 fe ff ff 82 fe ff ff 00 08 38 0e 00 e8 17 00
>
> Regards.
If you are omniscient, you can simply use a hex editor,
prepare what you think is a good looking 512 byte MBR
and write it back with "dd".
sudo dd if=I_did_it_my_way.dd of=/dev/hda bs=512 count=1
and so on.
I'm a little worried though, as to what else in the first
63 sectors, got "bumped along" by your 14 byte shift. How
will you determine what else was damaged ?
I would back up the disk first, before going further. Again,
I use "dd" for that, and walk away until it is finished.
Paul
[toc] | [prev] | [next] | [standalone]
| From | g.fink@gmx.net (Gernot Fink) |
|---|---|
| Date | 2011-07-22 04:35 +0000 |
| Message-ID | <98scvlFteqU1@mid.individual.net> |
| In reply to | #823 |
In article <4e28b5a4$0$13068$426a74cc@news.free.fr>, Noob <root@localhost> writes: > How do I "fix grub" and how is the tool going to > figure out the partition table, considering that > the MBR is now corrupt? > You can boot your system using the "super grub disc" and reinstall grub. http://www.sysresccd.org/Sysresccd-Partitioning-EN-Repairing-a-damaged-Grub -- MFG Gernot
[toc] | [prev] | [next] | [standalone]
| From | Mike Easter <MikeE@ster.invalid> |
|---|---|
| Date | 2011-07-21 19:20 -0700 |
| Message-ID | <98s534Fcl5U1@mid.individual.net> |
| In reply to | #821 |
posted to cols only Noob wrote: > Something trashed my MBR. Now when I boot the PC, > I get the dreaded "NON-SYSTEM DISK. PLEASE INSERT > SYSTEM DISK AND PRESS ENTER" (or something close). > partition 1 : 80.00 GiB (for WinXP) > partition 2 : 33.75 GiB (for Fedora 13) > partition 3 : 765 MiB (for swap) Presumably that was originally an XP only disk and then later became a grub boot managed disk. The way I would fix it would be to use a fix MBR utility (temporarily forgetting about grub) and hopefully restore to a 'normal' boot XP only the way it once was. Then I would use a live linux such as the Fedora to fix the grub. If the fix mbr didn't do it, then I would use a sector editor to zero the boot sector and then use a fix mbr and then if/when that worked, a grub restoration. -- Mike Easter
[toc] | [prev] | [next] | [standalone]
| From | Noob <root@127.0.0.1> |
|---|---|
| Date | 2011-07-22 11:00 +0200 |
| Message-ID | <j0be78$i4b$1@dont-email.me> |
| In reply to | #825 |
Mike Easter wrote: > Noob wrote: > >> Something trashed my MBR. Now when I boot the PC, >> I get the dreaded "NON-SYSTEM DISK. PLEASE INSERT >> SYSTEM DISK AND PRESS ENTER" (or something close). > >> partition 1 : 80.00 GiB (for WinXP) >> partition 2 : 33.75 GiB (for Fedora 13) >> partition 3 : 765 MiB (for swap) > > Presumably that was originally an XP only disk and then > later became a grub boot managed disk. Sort of. A year ago, I wiped the drive, created the three (primary) partitions, installed WinXP to the first partition, then Fedora to the second partition. It was Fedora that installed grub. > The way I would fix it would be to use a fix MBR utility (temporarily > forgetting about grub) and hopefully restore to a 'normal' boot XP only > the way it once was. I don't understand how a "fix MBR utility" can create a valid partition table once the MBR is corrupted. Can you explain? Is there a copy of the MBR stored somewhere on the disk? Regards.
[toc] | [prev] | [next] | [standalone]
| From | GangGreene <GangGreene@invalid.com> |
|---|---|
| Date | 2011-07-22 05:29 -0400 |
| Message-ID | <fhsnf8-gvo.ln1@crazy-horse.bildanet.com> |
| In reply to | #829 |
Noob wrote: > Mike Easter wrote: > >> Noob wrote: >> >>> Something trashed my MBR. Now when I boot the PC, >>> I get the dreaded "NON-SYSTEM DISK. PLEASE INSERT >>> SYSTEM DISK AND PRESS ENTER" (or something close). >> >>> partition 1 : 80.00 GiB (for WinXP) >>> partition 2 : 33.75 GiB (for Fedora 13) >>> partition 3 : 765 MiB (for swap) >> >> Presumably that was originally an XP only disk and then >> later became a grub boot managed disk. > > Sort of. A year ago, I wiped the drive, created the > three (primary) partitions, installed WinXP to the > first partition, then Fedora to the second partition. > It was Fedora that installed grub. > >> The way I would fix it would be to use a fix MBR utility (temporarily >> forgetting about grub) and hopefully restore to a 'normal' boot XP only >> the way it once was. > > I don't understand how a "fix MBR utility" can create a valid > partition table once the MBR is corrupted. Can you explain? > Is there a copy of the MBR stored somewhere on the disk? > > Regards. MBR != Partition Table
[toc] | [prev] | [next] | [standalone]
| From | Noob <root@127.0.0.1> |
|---|---|
| Date | 2011-07-22 12:01 +0200 |
| Message-ID | <j0bhq4$5u6$1@dont-email.me> |
| In reply to | #830 |
GangGreene wrote: > Noob wrote: > >> Mike Easter wrote: >> >>> Noob wrote: >>> >>>> Something trashed my MBR. Now when I boot the PC, >>>> I get the dreaded "NON-SYSTEM DISK. PLEASE INSERT >>>> SYSTEM DISK AND PRESS ENTER" (or something close). >>> >>>> partition 1 : 80.00 GiB (for WinXP) >>>> partition 2 : 33.75 GiB (for Fedora 13) >>>> partition 3 : 765 MiB (for swap) >>> >>> Presumably that was originally an XP only disk and then >>> later became a grub boot managed disk. >> >> Sort of. A year ago, I wiped the drive, created the >> three (primary) partitions, installed WinXP to the >> first partition, then Fedora to the second partition. >> It was Fedora that installed grub. >> >>> The way I would fix it would be to use a fix MBR utility (temporarily >>> forgetting about grub) and hopefully restore to a 'normal' boot XP only >>> the way it once was. >> >> I don't understand how a "fix MBR utility" can create a valid >> partition table once the MBR is corrupted. Can you explain? >> Is there a copy of the MBR stored somewhere on the disk? > > MBR != Partition Table Are you nit-picking? The table of primary partitions is stored at the end of the Master Boot Record. cf. http://en.wikipedia.org/wiki/Master_boot_record For example, the partition table in my MBR is: 80 20 21 00 07 fe ff ff 00 08 00 00 00 00 00 0a 00 fe ff ff 83 fe ff ff 00 08 00 0a 00 00 38 04 00 fe ff ff 82 fe ff ff 00 08 38 0e 00 e8 17 00
[toc] | [prev] | [next] | [standalone]
| From | g.fink@gmx.net (Gernot Fink) |
|---|---|
| Date | 2011-07-22 10:28 +0000 |
| Message-ID | <98t1mtFiumU1@mid.individual.net> |
| In reply to | #831 |
In article <j0bhq4$5u6$1@dont-email.me>, Noob <root@127.0.0.1> writes: > > The table of primary partitions is stored at the end of > the Master Boot Record. MBR and partitiontable use the same 512 byte block, but thats all. The MBR is locates in the first 4.. bytes. The Partitiontable for the 4 primary partitions is located thereafter. To restore the partitiontable use testdisk, for the MBR grub-install,lilo, or ms-sys. -- MFG Gernot
[toc] | [prev] | [next] | [standalone]
| From | "David W. Hodgins" <dwhodgins@nomail.afraid.org> |
|---|---|
| Date | 2011-07-21 23:33 -0400 |
| Message-ID | <op.vyz35acva3w0dxdave@hodgins.homeip.net> |
| In reply to | #821 |
On Fri, 22 Jul 2011 00:45:52 -0400, Noob <root@localhost> wrote: > And indeed, the "eb 48" is there in my broken MBR, > 14 bytes "too far". So it looks like I could just > use a binary editor to remove the first 14 bytes, > then write that back to my HDD's first sector? Can't hurt to try. It would be a faster way to recover the mbr's copy of the partition table, before reinstalling grub. If you have anything important on the drive, make a full copy of it first, as whatever caused the mess may be hardware related, and trying to fix it may make things worse, so make a copy while you can (if you can). Then delete the first 14 bytes from a copy of the broken mbr, and copy the first 512 bytes of the resulting file to /dev/sda. Then mount the partitions (probably have to reboot after fixing the mbr, to get the kernel to reread the partition table) and reinstall grub. Regards, Dave Hodgins -- Change nomail.afraid.org to ody.ca to reply by email. (nomail.afraid.org has been set up specifically for use in usenet. Feel free to use it yourself.)
[toc] | [prev] | [next] | [standalone]
| From | BGB <cr88192@hotmail.com> |
|---|---|
| Date | 2011-07-21 21:26 -0700 |
| Message-ID | <j0auda$mi1$1@news.albasani.net> |
| In reply to | #821 |
On 7/21/2011 9:45 PM, Noob wrote: > Hello, > I once had my MBR blow up about like this when I had tried reinstalling WinXP: put in XP CD, boot from CD, by the time it got to the part where it showed partitions, the drive was shown as empty. rebooted, no luck, the MBR was foobared. luckily, I was able to figure things out good enough to get my computer at the time working again (IIRC I used guesstimating, personal memory, and calculations to recreate a working partition table in Linux fdisk). IIRC, it was installing WinXP onto a 1TB SATA drive or similar. later then I devised a strategy of installing initially onto a smaller external drive (80GB IDE), and then imaging the partition back onto the first drive. or such... > Something trashed my MBR. Now when I boot the PC, > I get the dreaded "NON-SYSTEM DISK. PLEASE INSERT > SYSTEM DISK AND PRESS ENTER" (or something close). > > My setup: > > PATA 120-GB HDD on IDE0 master > PATA DVD reader on IDE1 master > No IDE slaves. No SATA drives. (SATA disabled in BIOS) > > I'd used gparted to create three primary partitions > (all partitions are aligned to 1 MiB, even though > this is not a 4K-sector HDD) > partition 1 : 80.00 GiB (for WinXP) > partition 2 : 33.75 GiB (for Fedora 13) > partition 3 : 765 MiB (for swap) > > For my own record, my partitions are encoded > as follows. > > http://en.wikipedia.org/wiki/Master_boot_record > http://en.wikipedia.org/wiki/Partition_type > > 80 20 21 00 07 fe ff ff 00 08 00 00 00 00 00 0a > bootable, NTFS, start = 1 MiB, count = 80 GiB > > 00 fe ff ff 83 fe ff ff 00 08 00 0a 00 00 38 04 > non-bootable, linux, count = 33.75 GiB > > 00 fe ff ff 82 fe ff ff 00 08 38 0e 00 e8 17 00 > non-bootable, swap, count = 765 MiB > > I used a Fedora 15 live CD to boot to Linux, and examine > the MBR. I looked for the MBR signature, and noticed > something very odd: the 0xAA55 signature was 14 bytes > "too far", i.e. at offset 0x20c instead of 0x1fe, which > means my broken MBR straddles sectors 0 and 1... > > # cat broken_mbr.dump > 00000000 00 00 00 00 00 00 41 01 63 74 e6 00 39 00 eb 48 |......A.ct..9..H| > 00000010 90 d0 bc 00 7c fb 50 07 50 1f fc be 1b 7c bf 1b |....|.P.P....|..| > 00000020 06 50 57 b9 e5 01 f3 a4 cb bd be 07 b1 04 38 6e |.PW...........8n| > 00000030 00 7c 09 75 13 83 c5 10 e2 f4 cd 18 8b f5 83 c6 |.|.u............| > 00000040 10 49 74 19 38 2c 74 f6 a0 b5 07 b4 03 02 80 00 |.It.8,t.........| > 00000050 00 80 00 e8 c4 0a 00 08 fa 90 90 f6 c2 80 75 02 |..............u.| > 00000060 b2 80 ea 59 7c 00 00 31 c0 8e d8 8e d0 bc 00 20 |...Y|..1....... | > 00000070 fb a0 40 7c 3c ff 74 02 88 c2 52 f6 c2 80 74 54 |..@|<.t...R...tT| > 00000080 b4 41 bb aa 55 cd 13 5a 52 72 49 81 fb 55 aa 75 |.A..U..ZRrI..U.u| > 00000090 43 a0 41 7c 84 c0 75 05 83 e1 01 74 37 66 8b 4c |C.A|..u....t7f.L| > 000000a0 10 be 05 7c c6 44 ff 01 66 8b 1e 44 7c c7 04 10 |...|.D..f..D|...| > 000000b0 00 c7 44 02 01 00 66 89 5c 08 c7 44 06 00 70 66 |..D...f.\..D..pf| > 000000c0 31 c0 89 44 04 66 89 44 0c b4 42 cd 13 72 05 bb |1..D.f.D..B..r..| > 000000d0 00 70 eb 7d b4 08 cd 13 73 0a f6 c2 80 0f 84 f0 |.p.}....s.......| > 000000e0 00 e9 8d 00 be 05 7c c6 44 ff 00 66 31 c0 88 f0 |......|.D..f1...| > 000000f0 40 66 89 44 04 31 d2 88 ca c1 e2 02 88 e8 88 f4 |@f.D.1..........| > 00000100 40 89 44 08 31 c0 88 d0 c0 e8 02 66 89 04 66 a1 |@.D.1......f..f.| > 00000110 44 7c 66 31 d2 66 f7 34 88 54 0a 66 31 d2 66 f7 |D|f1.f.4.T.f1.f.| > 00000120 74 04 88 54 0b 89 44 0c 3b 44 08 7d 3c 8a 54 0d |t..T..D.;D.}<.T.| > 00000130 c0 e2 06 8a 4c 0a fe c1 08 d1 8a 6c 0c 5a 8a 74 |....L......l.Z.t| > 00000140 0b bb 00 70 8e c3 31 db b8 01 02 cd 13 72 2a 8c |...p..1......r*.| > 00000150 c3 8e 06 48 7c 60 1e b9 00 01 8e db 31 f6 31 ff |...H|`......1.1.| > 00000160 fc f3 a5 1f 61 ff 26 42 7c be 7f 7d e8 40 00 eb |....a.&B|..}.@..| > 00000170 0e be 84 7d e8 38 00 eb 06 be 8e 7d e8 30 00 be |...}.8.....}.0..| > 00000180 93 7d e8 2a 00 eb fe 47 52 55 42 20 00 47 65 6f |.}.*...GRUB .Geo| > 00000190 6d 00 48 61 72 64 20 44 69 73 6b 00 52 65 61 64 |m.Hard Disk.Read| > 000001a0 00 20 45 72 72 6f 72 00 bb 01 00 b4 0e cd 10 ac |. Error.........| > 000001b0 3c 00 75 f4 c3 00 00 00 00 00 00 00 00 00 00 00 |<.u.............| > 000001c0 00 00 00 00 00 00 dc 3b dd 3b 00 00 80 20 21 00 |.......;.;... !.| > 000001d0 07 fe ff ff 00 08 00 00 00 00 00 0a 00 fe ff ff |................| > 000001e0 83 fe ff ff 00 08 00 0a 00 00 38 04 00 fe ff ff |..........8.....| > 000001f0 82 fe ff ff 00 08 38 0e 00 e8 17 00 00 00 00 00 |......8.........| > 00000200 00 00 00 00 00 00 00 00 00 00 00 00 55 aa 00 00 |............U...| > 00000210 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| > > The partition table (64 bytes) at the end, right > before the last two-byte signature, is valid. > > For comparison, I examined /boot/grub/stage1 > > # cat good_mbr.dump > 00000000 eb 48 90 00 00 00 00 00 00 00 00 00 00 00 00 00 |.H..............| > 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| > * > 00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 02 |................| > 00000040 ff 00 00 80 01 00 00 00 00 08 fa eb 07 f6 c2 80 |................| > 00000050 75 02 b2 80 ea 59 7c 00 00 31 c0 8e d8 8e d0 bc |u....Y|..1......| > 00000060 00 20 fb a0 40 7c 3c ff 74 02 88 c2 52 f6 c2 80 |. ..@|<.t...R...| > 00000070 74 54 b4 41 bb aa 55 cd 13 5a 52 72 49 81 fb 55 |tT.A..U..ZRrI..U| > 00000080 aa 75 43 a0 41 7c 84 c0 75 05 83 e1 01 74 37 66 |.uC.A|..u....t7f| > 00000090 8b 4c 10 be 05 7c c6 44 ff 01 66 8b 1e 44 7c c7 |.L...|.D..f..D|.| > 000000a0 04 10 00 c7 44 02 01 00 66 89 5c 08 c7 44 06 00 |....D...f.\..D..| > 000000b0 70 66 31 c0 89 44 04 66 89 44 0c b4 42 cd 13 72 |pf1..D.f.D..B..r| > 000000c0 05 bb 00 70 eb 7d b4 08 cd 13 73 0a f6 c2 80 0f |...p.}....s.....| > 000000d0 84 f0 00 e9 8d 00 be 05 7c c6 44 ff 00 66 31 c0 |........|.D..f1.| > 000000e0 88 f0 40 66 89 44 04 31 d2 88 ca c1 e2 02 88 e8 |..@f.D.1........| > 000000f0 88 f4 40 89 44 08 31 c0 88 d0 c0 e8 02 66 89 04 |..@.D.1......f..| > 00000100 66 a1 44 7c 66 31 d2 66 f7 34 88 54 0a 66 31 d2 |f.D|f1.f.4.T.f1.| > 00000110 66 f7 74 04 88 54 0b 89 44 0c 3b 44 08 7d 3c 8a |f.t..T..D.;D.}<.| > 00000120 54 0d c0 e2 06 8a 4c 0a fe c1 08 d1 8a 6c 0c 5a |T.....L......l.Z| > 00000130 8a 74 0b bb 00 70 8e c3 31 db b8 01 02 cd 13 72 |.t...p..1......r| > 00000140 2a 8c c3 8e 06 48 7c 60 1e b9 00 01 8e db 31 f6 |*....H|`......1.| > 00000150 31 ff fc f3 a5 1f 61 ff 26 42 7c be 7f 7d e8 40 |1.....a.&B|..}.@| > 00000160 00 eb 0e be 84 7d e8 38 00 eb 06 be 8e 7d e8 30 |.....}.8.....}.0| > 00000170 00 be 93 7d e8 2a 00 eb fe 47 52 55 42 20 00 47 |...}.*...GRUB .G| > 00000180 65 6f 6d 00 48 61 72 64 20 44 69 73 6b 00 52 65 |eom.Hard Disk.Re| > 00000190 61 64 00 20 45 72 72 6f 72 00 bb 01 00 b4 0e cd |ad. Error.......| > 000001a0 10 ac 3c 00 75 f4 c3 00 00 00 00 00 00 00 00 00 |..<.u...........| > 000001b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 12 |..............$.| > 000001c0 0f 09 00 be bd 7d 31 c0 cd 13 46 8a 0c 80 f9 00 |.....}1...F.....| > 000001d0 75 0f be da 7d e8 c9 ff eb 97 46 6c 6f 70 70 79 |u...}.....Floppy| > 000001e0 00 bb 00 70 b8 01 02 b5 00 b6 00 cd 13 72 d7 b6 |...p.........r..| > 000001f0 01 b5 4f e9 e0 fe 00 00 00 00 00 00 00 00 55 aa |..O...........U.| > > And indeed, the "eb 48" is there in my broken MBR, > 14 bytes "too far". So it looks like I could just > use a binary editor to remove the first 14 bytes, > then write that back to my HDD's first sector? > > Not too sure about that, though. > > Does my broken MBR, shifted left by 14 bytes, look > like a valid MBR for grub? > > Thoughts? Suggestions? How should I proceed? > > For the record, here are the disassembly for the > broken MBR, and the good MBR (they do seem to differ > in several places, I'm wondering if this is because > I shouldn't be looking at /boot/grub/stage1) > > On a normal MBR, the code area ranges from 0 to 0x1b7 > Shifted by 14 bytes, I expect range 14 to 0x1c5 > > http://prefetch.net/blog/index.php/2006/09/09/digging-through-the-mbr/ > > # cat broken_mbr.asm > 0: 00 00 add %al,(%bx,%si) > 2: 00 00 add %al,(%bx,%si) > 4: 00 00 add %al,(%bx,%si) > 6: 41 inc %cx > 7: 01 63 74 add %sp,0x74(%bp,%di) > a: e6 00 out %al,$0x0 > c: 39 00 cmp %ax,(%bx,%si) > XXX e: eb 48 jmp 0x58 > 10: 90 nop > 11: d0 bc 00 7c sarb 0x7c00(%si) > 15: fb sti > 16: 50 push %ax > 17: 07 pop %es > 18: 50 push %ax > 19: 1f pop %ds > 1a: fc cld > 1b: be 1b 7c mov $0x7c1b,%si > 1e: bf 1b 06 mov $0x61b,%di > 21: 50 push %ax > 22: 57 push %di > 23: b9 e5 01 mov $0x1e5,%cx > 26: f3 a4 rep movsb %ds:(%si),%es:(%di) > 28: cb lret > 29: bd be 07 mov $0x7be,%bp > 2c: b1 04 mov $0x4,%cl > 2e: 38 6e 00 cmp %ch,0x0(%bp) > 31: 7c 09 jl 0x3c > 33: 75 13 jne 0x48 > 35: 83 c5 10 add $0x10,%bp > 38: e2 f4 loop 0x2e > 3a: cd 18 int $0x18 > 3c: 8b f5 mov %bp,%si > 3e: 83 c6 10 add $0x10,%si > 41: 49 dec %cx > 42: 74 19 je 0x5d > 44: 38 2c cmp %ch,(%si) > 46: 74 f6 je 0x3e > 48: a0 b5 07 mov 0x7b5,%al > 4b: b4 03 mov $0x3,%ah > 4d: 02 80 00 00 add 0x0(%bx,%si),%al > 51: 80 00 e8 addb $0xe8,(%bx,%si) > 54: c4 0a les (%bp,%si),%cx > 56: 00 08 add %cl,(%bx,%si) > 58: fa cli > 59: 90 nop > 5a: 90 nop > 5b: f6 c2 80 test $0x80,%dl > 5e: 75 02 jne 0x62 > 60: b2 80 mov $0x80,%dl > 62: ea 59 7c 00 00 ljmp $0x0,$0x7c59 > 67: 31 c0 xor %ax,%ax > 69: 8e d8 mov %ax,%ds > 6b: 8e d0 mov %ax,%ss > 6d: bc 00 20 mov $0x2000,%sp > 70: fb sti > 71: a0 40 7c mov 0x7c40,%al > 74: 3c ff cmp $0xff,%al > 76: 74 02 je 0x7a > 78: 88 c2 mov %al,%dl > 7a: 52 push %dx > 7b: f6 c2 80 test $0x80,%dl > 7e: 74 54 je 0xd4 > 80: b4 41 mov $0x41,%ah > 82: bb aa 55 mov $0x55aa,%bx > 85: cd 13 int $0x13 > 87: 5a pop %dx > 88: 52 push %dx > 89: 72 49 jb 0xd4 > 8b: 81 fb 55 aa cmp $0xaa55,%bx > 8f: 75 43 jne 0xd4 > 91: a0 41 7c mov 0x7c41,%al > 94: 84 c0 test %al,%al > 96: 75 05 jne 0x9d > 98: 83 e1 01 and $0x1,%cx > 9b: 74 37 je 0xd4 > 9d: 66 8b 4c 10 mov 0x10(%si),%ecx > a1: be 05 7c mov $0x7c05,%si > a4: c6 44 ff 01 movb $0x1,-0x1(%si) > a8: 66 8b 1e 44 7c mov 0x7c44,%ebx > ad: c7 04 10 00 movw $0x10,(%si) > b1: c7 44 02 01 00 movw $0x1,0x2(%si) > b6: 66 89 5c 08 mov %ebx,0x8(%si) > ba: c7 44 06 00 70 movw $0x7000,0x6(%si) > bf: 66 31 c0 xor %eax,%eax > c2: 89 44 04 mov %ax,0x4(%si) > c5: 66 89 44 0c mov %eax,0xc(%si) > c9: b4 42 mov $0x42,%ah > cb: cd 13 int $0x13 > cd: 72 05 jb 0xd4 > cf: bb 00 70 mov $0x7000,%bx > d2: eb 7d jmp 0x151 > d4: b4 08 mov $0x8,%ah > d6: cd 13 int $0x13 > d8: 73 0a jae 0xe4 > da: f6 c2 80 test $0x80,%dl > dd: 0f 84 f0 00 je 0x1d1 > e1: e9 8d 00 jmp 0x171 > e4: be 05 7c mov $0x7c05,%si > e7: c6 44 ff 00 movb $0x0,-0x1(%si) > eb: 66 31 c0 xor %eax,%eax > ee: 88 f0 mov %dh,%al > f0: 40 inc %ax > f1: 66 89 44 04 mov %eax,0x4(%si) > f5: 31 d2 xor %dx,%dx > f7: 88 ca mov %cl,%dl > f9: c1 e2 02 shl $0x2,%dx > fc: 88 e8 mov %ch,%al > fe: 88 f4 mov %dh,%ah > 100: 40 inc %ax > 101: 89 44 08 mov %ax,0x8(%si) > 104: 31 c0 xor %ax,%ax > 106: 88 d0 mov %dl,%al > 108: c0 e8 02 shr $0x2,%al > 10b: 66 89 04 mov %eax,(%si) > 10e: 66 a1 44 7c mov 0x7c44,%eax > 112: 66 31 d2 xor %edx,%edx > 115: 66 f7 34 divl (%si) > 118: 88 54 0a mov %dl,0xa(%si) > 11b: 66 31 d2 xor %edx,%edx > 11e: 66 f7 74 04 divl 0x4(%si) > 122: 88 54 0b mov %dl,0xb(%si) > 125: 89 44 0c mov %ax,0xc(%si) > 128: 3b 44 08 cmp 0x8(%si),%ax > 12b: 7d 3c jge 0x169 > 12d: 8a 54 0d mov 0xd(%si),%dl > 130: c0 e2 06 shl $0x6,%dl > 133: 8a 4c 0a mov 0xa(%si),%cl > 136: fe c1 inc %cl > 138: 08 d1 or %dl,%cl > 13a: 8a 6c 0c mov 0xc(%si),%ch > 13d: 5a pop %dx > 13e: 8a 74 0b mov 0xb(%si),%dh > 141: bb 00 70 mov $0x7000,%bx > 144: 8e c3 mov %bx,%es > 146: 31 db xor %bx,%bx > 148: b8 01 02 mov $0x201,%ax > 14b: cd 13 int $0x13 > 14d: 72 2a jb 0x179 > 14f: 8c c3 mov %es,%bx > 151: 8e 06 48 7c mov 0x7c48,%es > 155: 60 pusha > 156: 1e push %ds > 157: b9 00 01 mov $0x100,%cx > 15a: 8e db mov %bx,%ds > 15c: 31 f6 xor %si,%si > 15e: 31 ff xor %di,%di > 160: fc cld > 161: f3 a5 rep movsw %ds:(%si),%es:(%di) > 163: 1f pop %ds > 164: 61 popa > 165: ff 26 42 7c jmp *0x7c42 > 169: be 7f 7d mov $0x7d7f,%si > 16c: e8 40 00 call 0x1af > 16f: eb 0e jmp 0x17f > 171: be 84 7d mov $0x7d84,%si > 174: e8 38 00 call 0x1af > 177: eb 06 jmp 0x17f > 179: be 8e 7d mov $0x7d8e,%si > 17c: e8 30 00 call 0x1af > 17f: be 93 7d mov $0x7d93,%si > 182: e8 2a 00 call 0x1af > 185: eb fe jmp 0x185 > 187: 47 inc %di > 188: 52 push %dx > 189: 55 push %bp > 18a: 42 inc %dx > 18b: 20 00 and %al,(%bx,%si) > 18d: 47 inc %di > 18e: 65 6f outsw %gs:(%si),(%dx) > 190: 6d insw (%dx),%es:(%di) > 191: 00 48 61 add %cl,0x61(%bx,%si) > 194: 72 64 jb 0x1fa > 196: 20 44 69 and %al,0x69(%si) > 199: 73 6b jae 0x206 > 19b: 00 52 65 add %dl,0x65(%bp,%si) > 19e: 61 popa > 19f: 64 00 20 add %ah,%fs:(%bx,%si) > 1a2: 45 inc %bp > 1a3: 72 72 jb 0x217 > 1a5: 6f outsw %ds:(%si),(%dx) > 1a6: 72 00 jb 0x1a8 > 1a8: bb 01 00 mov $0x1,%bx > 1ab: b4 0e mov $0xe,%ah > 1ad: cd 10 int $0x10 > 1af: ac lods %ds:(%si),%al > 1b0: 3c 00 cmp $0x0,%al > 1b2: 75 f4 jne 0x1a8 > 1b4: c3 ret > ... > !!! DATA (NOT CODE) BELOW THISPOINT (AFAIU) !!! > 1c5: 00 dc add %bl,%ah > 1c7: 3b dd cmp %bp,%bx > 1c9: 3b 00 cmp (%bx,%si),%ax > 1cb: 00 80 20 21 add %al,0x2120(%bx,%si) > 1cf: 00 07 add %al,(%bx) > 1d1: fe (bad) > 1d2: ff (bad) > 1d3: ff 00 incw (%bx,%si) > 1d5: 08 00 or %al,(%bx,%si) > 1d7: 00 00 add %al,(%bx,%si) > 1d9: 00 00 add %al,(%bx,%si) > 1db: 0a 00 or (%bx,%si),%al > 1dd: fe (bad) > 1de: ff (bad) > 1df: ff 83 fe ff incw -0x2(%bp,%di) > 1e3: ff 00 incw (%bx,%si) > 1e5: 08 00 or %al,(%bx,%si) > 1e7: 0a 00 or (%bx,%si),%al > 1e9: 00 38 add %bh,(%bx,%si) > 1eb: 04 00 add $0x0,%al > 1ed: fe (bad) > 1ee: ff (bad) > 1ef: ff 82 fe ff incw -0x2(%bp,%si) > 1f3: ff 00 incw (%bx,%si) > 1f5: 08 38 or %bh,(%bx,%si) > 1f7: 0e push %cs > 1f8: 00 e8 add %ch,%al > 1fa: 17 pop %ss > ... > 20b: 00 55 aa add %dl,-0x56(%di) > > > # cat good_mbr.asm > 0: eb 48 jmp 0x4a > 2: 90 nop > ... > 3b: 00 00 add %al,(%bx,%si) > 3d: 00 03 add %al,(%bp,%di) > 3f: 02 ff add %bh,%bh > 41: 00 00 add %al,(%bx,%si) > 43: 80 01 00 addb $0x0,(%bx,%di) > 46: 00 00 add %al,(%bx,%si) > 48: 00 08 add %cl,(%bx,%si) > 4a: fa cli > 4b: eb 07 jmp 0x54 > 4d: f6 c2 80 test $0x80,%dl > 50: 75 02 jne 0x54 > 52: b2 80 mov $0x80,%dl > 54: ea 59 7c 00 00 ljmp $0x0,$0x7c59 > 59: 31 c0 xor %ax,%ax > 5b: 8e d8 mov %ax,%ds > 5d: 8e d0 mov %ax,%ss > 5f: bc 00 20 mov $0x2000,%sp > 62: fb sti > 63: a0 40 7c mov 0x7c40,%al > 66: 3c ff cmp $0xff,%al > 68: 74 02 je 0x6c > 6a: 88 c2 mov %al,%dl > 6c: 52 push %dx > 6d: f6 c2 80 test $0x80,%dl > 70: 74 54 je 0xc6 > 72: b4 41 mov $0x41,%ah > 74: bb aa 55 mov $0x55aa,%bx > 77: cd 13 int $0x13 > 79: 5a pop %dx > 7a: 52 push %dx > 7b: 72 49 jb 0xc6 > 7d: 81 fb 55 aa cmp $0xaa55,%bx > 81: 75 43 jne 0xc6 > 83: a0 41 7c mov 0x7c41,%al > 86: 84 c0 test %al,%al > 88: 75 05 jne 0x8f > 8a: 83 e1 01 and $0x1,%cx > 8d: 74 37 je 0xc6 > 8f: 66 8b 4c 10 mov 0x10(%si),%ecx > 93: be 05 7c mov $0x7c05,%si > 96: c6 44 ff 01 movb $0x1,-0x1(%si) > 9a: 66 8b 1e 44 7c mov 0x7c44,%ebx > 9f: c7 04 10 00 movw $0x10,(%si) > a3: c7 44 02 01 00 movw $0x1,0x2(%si) > a8: 66 89 5c 08 mov %ebx,0x8(%si) > ac: c7 44 06 00 70 movw $0x7000,0x6(%si) > b1: 66 31 c0 xor %eax,%eax > b4: 89 44 04 mov %ax,0x4(%si) > b7: 66 89 44 0c mov %eax,0xc(%si) > bb: b4 42 mov $0x42,%ah > bd: cd 13 int $0x13 > bf: 72 05 jb 0xc6 > c1: bb 00 70 mov $0x7000,%bx > c4: eb 7d jmp 0x143 > c6: b4 08 mov $0x8,%ah > c8: cd 13 int $0x13 > ca: 73 0a jae 0xd6 > cc: f6 c2 80 test $0x80,%dl > cf: 0f 84 f0 00 je 0x1c3 > d3: e9 8d 00 jmp 0x163 > d6: be 05 7c mov $0x7c05,%si > d9: c6 44 ff 00 movb $0x0,-0x1(%si) > dd: 66 31 c0 xor %eax,%eax > e0: 88 f0 mov %dh,%al > e2: 40 inc %ax > e3: 66 89 44 04 mov %eax,0x4(%si) > e7: 31 d2 xor %dx,%dx > e9: 88 ca mov %cl,%dl > eb: c1 e2 02 shl $0x2,%dx > ee: 88 e8 mov %ch,%al > f0: 88 f4 mov %dh,%ah > f2: 40 inc %ax > f3: 89 44 08 mov %ax,0x8(%si) > f6: 31 c0 xor %ax,%ax > f8: 88 d0 mov %dl,%al > fa: c0 e8 02 shr $0x2,%al > fd: 66 89 04 mov %eax,(%si) > 100: 66 a1 44 7c mov 0x7c44,%eax > 104: 66 31 d2 xor %edx,%edx > 107: 66 f7 34 divl (%si) > 10a: 88 54 0a mov %dl,0xa(%si) > 10d: 66 31 d2 xor %edx,%edx > 110: 66 f7 74 04 divl 0x4(%si) > 114: 88 54 0b mov %dl,0xb(%si) > 117: 89 44 0c mov %ax,0xc(%si) > 11a: 3b 44 08 cmp 0x8(%si),%ax > 11d: 7d 3c jge 0x15b > 11f: 8a 54 0d mov 0xd(%si),%dl > 122: c0 e2 06 shl $0x6,%dl > 125: 8a 4c 0a mov 0xa(%si),%cl > 128: fe c1 inc %cl > 12a: 08 d1 or %dl,%cl > 12c: 8a 6c 0c mov 0xc(%si),%ch > 12f: 5a pop %dx > 130: 8a 74 0b mov 0xb(%si),%dh > 133: bb 00 70 mov $0x7000,%bx > 136: 8e c3 mov %bx,%es > 138: 31 db xor %bx,%bx > 13a: b8 01 02 mov $0x201,%ax > 13d: cd 13 int $0x13 > 13f: 72 2a jb 0x16b > 141: 8c c3 mov %es,%bx > 143: 8e 06 48 7c mov 0x7c48,%es > 147: 60 pusha > 148: 1e push %ds > 149: b9 00 01 mov $0x100,%cx > 14c: 8e db mov %bx,%ds > 14e: 31 f6 xor %si,%si > 150: 31 ff xor %di,%di > 152: fc cld > 153: f3 a5 rep movsw %ds:(%si),%es:(%di) > 155: 1f pop %ds > 156: 61 popa > 157: ff 26 42 7c jmp *0x7c42 > 15b: be 7f 7d mov $0x7d7f,%si > 15e: e8 40 00 call 0x1a1 > 161: eb 0e jmp 0x171 > 163: be 84 7d mov $0x7d84,%si > 166: e8 38 00 call 0x1a1 > 169: eb 06 jmp 0x171 > 16b: be 8e 7d mov $0x7d8e,%si > 16e: e8 30 00 call 0x1a1 > 171: be 93 7d mov $0x7d93,%si > 174: e8 2a 00 call 0x1a1 > 177: eb fe jmp 0x177 > 179: 47 inc %di > 17a: 52 push %dx > 17b: 55 push %bp > 17c: 42 inc %dx > 17d: 20 00 and %al,(%bx,%si) > 17f: 47 inc %di > 180: 65 6f outsw %gs:(%si),(%dx) > 182: 6d insw (%dx),%es:(%di) > 183: 00 48 61 add %cl,0x61(%bx,%si) > 186: 72 64 jb 0x1ec > 188: 20 44 69 and %al,0x69(%si) > 18b: 73 6b jae 0x1f8 > 18d: 00 52 65 add %dl,0x65(%bp,%si) > 190: 61 popa > 191: 64 00 20 add %ah,%fs:(%bx,%si) > 194: 45 inc %bp > 195: 72 72 jb 0x209 > 197: 6f outsw %ds:(%si),(%dx) > 198: 72 00 jb 0x19a > 19a: bb 01 00 mov $0x1,%bx > 19d: b4 0e mov $0xe,%ah > 19f: cd 10 int $0x10 > 1a1: ac lods %ds:(%si),%al > 1a2: 3c 00 cmp $0x0,%al > 1a4: 75 f4 jne 0x19a > 1a6: c3 ret > ... > !!! DATA (NOT CODE) BELOW THIS POINT (AFAIU) !!! > 1bb: 00 00 add %al,(%bx,%si) > 1bd: 00 24 add %ah,(%si) > 1bf: 12 0f adc (%bx),%cl > 1c1: 09 00 or %ax,(%bx,%si) > 1c3: be bd 7d mov $0x7dbd,%si > 1c6: 31 c0 xor %ax,%ax > 1c8: cd 13 int $0x13 > 1ca: 46 inc %si > 1cb: 8a 0c mov (%si),%cl > 1cd: 80 f9 00 cmp $0x0,%cl > 1d0: 75 0f jne 0x1e1 > 1d2: be da 7d mov $0x7dda,%si > 1d5: e8 c9 ff call 0x1a1 > 1d8: eb 97 jmp 0x171 > 1da: 46 inc %si > 1db: 6c insb (%dx),%es:(%di) > 1dc: 6f outsw %ds:(%si),(%dx) > 1dd: 70 70 jo 0x24f > 1df: 79 00 jns 0x1e1 > 1e1: bb 00 70 mov $0x7000,%bx > 1e4: b8 01 02 mov $0x201,%ax > 1e7: b5 00 mov $0x0,%ch > 1e9: b6 00 mov $0x0,%dh > 1eb: cd 13 int $0x13 > 1ed: 72 d7 jb 0x1c6 > 1ef: b6 01 mov $0x1,%dh > 1f1: b5 4f mov $0x4f,%ch > 1f3: e9 e0 fe jmp 0xd6 > ... > 1fe: 55 push %bp > 1ff: aa stos %al,%es:(%di) > > Thanks for reading this far!! ;-) > > Regards.
[toc] | [prev] | [next] | [standalone]
| From | Noob <root@127.0.0.1> |
|---|---|
| Date | 2011-07-22 16:25 +0200 |
| Message-ID | <j0c18i$6v4$1@dont-email.me> |
| In reply to | #821 |
[ Please note that I've added comp.sys.ibm.pc.hardware.storage to the list of newsgroups ] Noob wrote: > Something trashed my MBR. Now when I boot the PC, > I get the dreaded "NON-SYSTEM DISK. PLEASE INSERT > SYSTEM DISK AND PRESS ENTER" (or something close). By MBR, I meant the first sector of my hard disk drive, i.e. the boot-strapping code, and the table of primary partitions. > My setup: > PATA 120-GB HDD on IDE0 master > PATA DVD reader on IDE1 master > No IDE slaves. No SATA drives. (SATA disabled in BIOS) > > I had used gparted to create three primary partitions > (all partitions are aligned to 1 MiB, even though > this is not a 4K-sector HDD) > partition 1 : 80.00 GiB (for WinXP) > partition 2 : 33.75 GiB (for Fedora 13) > partition 3 : 765 MiB (for swap) Short version of the rest of original message : the first sector had been shifted by 14 bytes. Weird, right? And the plot thickens. Later that same night, I copied the MBR a second time in the live CD environment; and this second time, the first 14 bytes of the MBR were ZERO, i.e. they had changed !! Even stranger, the next morning, I booted the PC, and the 14-byte offset had disappeared. I'm starting to think that this might be a hardware problem, as both Linux AND the BIOS seem to have had troubles getting the MBR consistently. Something else I haven't mentioned: when Windows resumes from hibernation, the whole system sometime reboots (this started about 2/3 weeks ago), around the same time I changed the RAM from 2x512 to 2x1024. I tested the RAM, no errors after one hour of checking. The S.M.A.R.T. counters for the HDD claim the drive is "healthy". However, considering that the drive is inserting random garbage around requested data, I'm wondering if this could be the drive's controller failing? Would this show up in a S.M.A.R.T. diagnostic? Or am I on the wrong track, and do you see something else that might be responsible? Regards. [ Below is the rest of my original message, which I left in because of the belated cross-post to csiphs ] > For my own record, my partitions are encoded as follows. > > http://en.wikipedia.org/wiki/Master_boot_record > http://en.wikipedia.org/wiki/Partition_type > > 80 20 21 00 07 fe ff ff 00 08 00 00 00 00 00 0a > bootable, NTFS, start = 1 MiB, count = 80 GiB > > 00 fe ff ff 83 fe ff ff 00 08 00 0a 00 00 38 04 > non-bootable, linux, count = 33.75 GiB > > 00 fe ff ff 82 fe ff ff 00 08 38 0e 00 e8 17 00 > non-bootable, swap, count = 765 MiB > > I used a Fedora 15 live CD to boot to Linux, and examine > the MBR. I looked for the MBR signature, and noticed > something very odd: the 0xAA55 signature was 14 bytes > "too far", i.e. at offset 0x20c instead of 0x1fe, which > means my broken MBR straddles sectors 0 and 1... > > # cat broken_mbr.dump > 00000000 00 00 00 00 00 00 41 01 63 74 e6 00 39 00 eb 48 |......A.ct..9..H| > 00000010 90 d0 bc 00 7c fb 50 07 50 1f fc be 1b 7c bf 1b |....|.P.P....|..| > 00000020 06 50 57 b9 e5 01 f3 a4 cb bd be 07 b1 04 38 6e |.PW...........8n| > 00000030 00 7c 09 75 13 83 c5 10 e2 f4 cd 18 8b f5 83 c6 |.|.u............| > 00000040 10 49 74 19 38 2c 74 f6 a0 b5 07 b4 03 02 80 00 |.It.8,t.........| > 00000050 00 80 00 e8 c4 0a 00 08 fa 90 90 f6 c2 80 75 02 |..............u.| > 00000060 b2 80 ea 59 7c 00 00 31 c0 8e d8 8e d0 bc 00 20 |...Y|..1....... | > 00000070 fb a0 40 7c 3c ff 74 02 88 c2 52 f6 c2 80 74 54 |..@|<.t...R...tT| > 00000080 b4 41 bb aa 55 cd 13 5a 52 72 49 81 fb 55 aa 75 |.A..U..ZRrI..U.u| > 00000090 43 a0 41 7c 84 c0 75 05 83 e1 01 74 37 66 8b 4c |C.A|..u....t7f.L| > 000000a0 10 be 05 7c c6 44 ff 01 66 8b 1e 44 7c c7 04 10 |...|.D..f..D|...| > 000000b0 00 c7 44 02 01 00 66 89 5c 08 c7 44 06 00 70 66 |..D...f.\..D..pf| > 000000c0 31 c0 89 44 04 66 89 44 0c b4 42 cd 13 72 05 bb |1..D.f.D..B..r..| > 000000d0 00 70 eb 7d b4 08 cd 13 73 0a f6 c2 80 0f 84 f0 |.p.}....s.......| > 000000e0 00 e9 8d 00 be 05 7c c6 44 ff 00 66 31 c0 88 f0 |......|.D..f1...| > 000000f0 40 66 89 44 04 31 d2 88 ca c1 e2 02 88 e8 88 f4 |@f.D.1..........| > 00000100 40 89 44 08 31 c0 88 d0 c0 e8 02 66 89 04 66 a1 |@.D.1......f..f.| > 00000110 44 7c 66 31 d2 66 f7 34 88 54 0a 66 31 d2 66 f7 |D|f1.f.4.T.f1.f.| > 00000120 74 04 88 54 0b 89 44 0c 3b 44 08 7d 3c 8a 54 0d |t..T..D.;D.}<.T.| > 00000130 c0 e2 06 8a 4c 0a fe c1 08 d1 8a 6c 0c 5a 8a 74 |....L......l.Z.t| > 00000140 0b bb 00 70 8e c3 31 db b8 01 02 cd 13 72 2a 8c |...p..1......r*.| > 00000150 c3 8e 06 48 7c 60 1e b9 00 01 8e db 31 f6 31 ff |...H|`......1.1.| > 00000160 fc f3 a5 1f 61 ff 26 42 7c be 7f 7d e8 40 00 eb |....a.&B|..}.@..| > 00000170 0e be 84 7d e8 38 00 eb 06 be 8e 7d e8 30 00 be |...}.8.....}.0..| > 00000180 93 7d e8 2a 00 eb fe 47 52 55 42 20 00 47 65 6f |.}.*...GRUB .Geo| > 00000190 6d 00 48 61 72 64 20 44 69 73 6b 00 52 65 61 64 |m.Hard Disk.Read| > 000001a0 00 20 45 72 72 6f 72 00 bb 01 00 b4 0e cd 10 ac |. Error.........| > 000001b0 3c 00 75 f4 c3 00 00 00 00 00 00 00 00 00 00 00 |<.u.............| > 000001c0 00 00 00 00 00 00 dc 3b dd 3b 00 00 80 20 21 00 |.......;.;... !.| > 000001d0 07 fe ff ff 00 08 00 00 00 00 00 0a 00 fe ff ff |................| > 000001e0 83 fe ff ff 00 08 00 0a 00 00 38 04 00 fe ff ff |..........8.....| > 000001f0 82 fe ff ff 00 08 38 0e 00 e8 17 00 00 00 00 00 |......8.........| > 00000200 00 00 00 00 00 00 00 00 00 00 00 00 55 aa 00 00 |............U...| > 00000210 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| > > The partition table (64 bytes) at the end, right > before the last two-byte signature, is valid. > > For comparison, I examined /boot/grub/stage1 > > # cat good_mbr.dump > 00000000 eb 48 90 00 00 00 00 00 00 00 00 00 00 00 00 00 |.H..............| > 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| > * > 00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 02 |................| > 00000040 ff 00 00 80 01 00 00 00 00 08 fa eb 07 f6 c2 80 |................| > 00000050 75 02 b2 80 ea 59 7c 00 00 31 c0 8e d8 8e d0 bc |u....Y|..1......| > 00000060 00 20 fb a0 40 7c 3c ff 74 02 88 c2 52 f6 c2 80 |. ..@|<.t...R...| > 00000070 74 54 b4 41 bb aa 55 cd 13 5a 52 72 49 81 fb 55 |tT.A..U..ZRrI..U| > 00000080 aa 75 43 a0 41 7c 84 c0 75 05 83 e1 01 74 37 66 |.uC.A|..u....t7f| > 00000090 8b 4c 10 be 05 7c c6 44 ff 01 66 8b 1e 44 7c c7 |.L...|.D..f..D|.| > 000000a0 04 10 00 c7 44 02 01 00 66 89 5c 08 c7 44 06 00 |....D...f.\..D..| > 000000b0 70 66 31 c0 89 44 04 66 89 44 0c b4 42 cd 13 72 |pf1..D.f.D..B..r| > 000000c0 05 bb 00 70 eb 7d b4 08 cd 13 73 0a f6 c2 80 0f |...p.}....s.....| > 000000d0 84 f0 00 e9 8d 00 be 05 7c c6 44 ff 00 66 31 c0 |........|.D..f1.| > 000000e0 88 f0 40 66 89 44 04 31 d2 88 ca c1 e2 02 88 e8 |..@f.D.1........| > 000000f0 88 f4 40 89 44 08 31 c0 88 d0 c0 e8 02 66 89 04 |..@.D.1......f..| > 00000100 66 a1 44 7c 66 31 d2 66 f7 34 88 54 0a 66 31 d2 |f.D|f1.f.4.T.f1.| > 00000110 66 f7 74 04 88 54 0b 89 44 0c 3b 44 08 7d 3c 8a |f.t..T..D.;D.}<.| > 00000120 54 0d c0 e2 06 8a 4c 0a fe c1 08 d1 8a 6c 0c 5a |T.....L......l.Z| > 00000130 8a 74 0b bb 00 70 8e c3 31 db b8 01 02 cd 13 72 |.t...p..1......r| > 00000140 2a 8c c3 8e 06 48 7c 60 1e b9 00 01 8e db 31 f6 |*....H|`......1.| > 00000150 31 ff fc f3 a5 1f 61 ff 26 42 7c be 7f 7d e8 40 |1.....a.&B|..}.@| > 00000160 00 eb 0e be 84 7d e8 38 00 eb 06 be 8e 7d e8 30 |.....}.8.....}.0| > 00000170 00 be 93 7d e8 2a 00 eb fe 47 52 55 42 20 00 47 |...}.*...GRUB .G| > 00000180 65 6f 6d 00 48 61 72 64 20 44 69 73 6b 00 52 65 |eom.Hard Disk.Re| > 00000190 61 64 00 20 45 72 72 6f 72 00 bb 01 00 b4 0e cd |ad. Error.......| > 000001a0 10 ac 3c 00 75 f4 c3 00 00 00 00 00 00 00 00 00 |..<.u...........| > 000001b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 12 |..............$.| > 000001c0 0f 09 00 be bd 7d 31 c0 cd 13 46 8a 0c 80 f9 00 |.....}1...F.....| > 000001d0 75 0f be da 7d e8 c9 ff eb 97 46 6c 6f 70 70 79 |u...}.....Floppy| > 000001e0 00 bb 00 70 b8 01 02 b5 00 b6 00 cd 13 72 d7 b6 |...p.........r..| > 000001f0 01 b5 4f e9 e0 fe 00 00 00 00 00 00 00 00 55 aa |..O...........U.| > > And indeed, the "eb 48" is there in my broken MBR, > 14 bytes "too far". So it looks like I could just > use a binary editor to remove the first 14 bytes, > then write that back to my HDD's first sector? > > Not too sure about that, though. > > Does my broken MBR, shifted left by 14 bytes, look > like a valid MBR for grub? > > Thoughts? Suggestions? How should I proceed? > > For the record, here are the disassembly for the > broken MBR, and the good MBR (they do seem to differ > in several places, I'm wondering if this is because > I shouldn't be looking at /boot/grub/stage1) > > On a normal MBR, the code area ranges from 0 to 0x1b7 > Shifted by 14 bytes, I expect range 14 to 0x1c5 > > http://prefetch.net/blog/index.php/2006/09/09/digging-through-the-mbr/ > > # cat broken_mbr.asm > 0: 00 00 add %al,(%bx,%si) > 2: 00 00 add %al,(%bx,%si) > 4: 00 00 add %al,(%bx,%si) > 6: 41 inc %cx > 7: 01 63 74 add %sp,0x74(%bp,%di) > a: e6 00 out %al,$0x0 > c: 39 00 cmp %ax,(%bx,%si) > XXX e: eb 48 jmp 0x58 > 10: 90 nop > 11: d0 bc 00 7c sarb 0x7c00(%si) > 15: fb sti > 16: 50 push %ax > 17: 07 pop %es > 18: 50 push %ax > 19: 1f pop %ds > 1a: fc cld > 1b: be 1b 7c mov $0x7c1b,%si > 1e: bf 1b 06 mov $0x61b,%di > 21: 50 push %ax > 22: 57 push %di > 23: b9 e5 01 mov $0x1e5,%cx > 26: f3 a4 rep movsb %ds:(%si),%es:(%di) > 28: cb lret > 29: bd be 07 mov $0x7be,%bp > 2c: b1 04 mov $0x4,%cl > 2e: 38 6e 00 cmp %ch,0x0(%bp) > 31: 7c 09 jl 0x3c > 33: 75 13 jne 0x48 > 35: 83 c5 10 add $0x10,%bp > 38: e2 f4 loop 0x2e > 3a: cd 18 int $0x18 > 3c: 8b f5 mov %bp,%si > 3e: 83 c6 10 add $0x10,%si > 41: 49 dec %cx > 42: 74 19 je 0x5d > 44: 38 2c cmp %ch,(%si) > 46: 74 f6 je 0x3e > 48: a0 b5 07 mov 0x7b5,%al > 4b: b4 03 mov $0x3,%ah > 4d: 02 80 00 00 add 0x0(%bx,%si),%al > 51: 80 00 e8 addb $0xe8,(%bx,%si) > 54: c4 0a les (%bp,%si),%cx > 56: 00 08 add %cl,(%bx,%si) > 58: fa cli > 59: 90 nop > 5a: 90 nop > 5b: f6 c2 80 test $0x80,%dl > 5e: 75 02 jne 0x62 > 60: b2 80 mov $0x80,%dl > 62: ea 59 7c 00 00 ljmp $0x0,$0x7c59 > 67: 31 c0 xor %ax,%ax > 69: 8e d8 mov %ax,%ds > 6b: 8e d0 mov %ax,%ss > 6d: bc 00 20 mov $0x2000,%sp > 70: fb sti > 71: a0 40 7c mov 0x7c40,%al > 74: 3c ff cmp $0xff,%al > 76: 74 02 je 0x7a > 78: 88 c2 mov %al,%dl > 7a: 52 push %dx > 7b: f6 c2 80 test $0x80,%dl > 7e: 74 54 je 0xd4 > 80: b4 41 mov $0x41,%ah > 82: bb aa 55 mov $0x55aa,%bx > 85: cd 13 int $0x13 > 87: 5a pop %dx > 88: 52 push %dx > 89: 72 49 jb 0xd4 > 8b: 81 fb 55 aa cmp $0xaa55,%bx > 8f: 75 43 jne 0xd4 > 91: a0 41 7c mov 0x7c41,%al > 94: 84 c0 test %al,%al > 96: 75 05 jne 0x9d > 98: 83 e1 01 and $0x1,%cx > 9b: 74 37 je 0xd4 > 9d: 66 8b 4c 10 mov 0x10(%si),%ecx > a1: be 05 7c mov $0x7c05,%si > a4: c6 44 ff 01 movb $0x1,-0x1(%si) > a8: 66 8b 1e 44 7c mov 0x7c44,%ebx > ad: c7 04 10 00 movw $0x10,(%si) > b1: c7 44 02 01 00 movw $0x1,0x2(%si) > b6: 66 89 5c 08 mov %ebx,0x8(%si) > ba: c7 44 06 00 70 movw $0x7000,0x6(%si) > bf: 66 31 c0 xor %eax,%eax > c2: 89 44 04 mov %ax,0x4(%si) > c5: 66 89 44 0c mov %eax,0xc(%si) > c9: b4 42 mov $0x42,%ah > cb: cd 13 int $0x13 > cd: 72 05 jb 0xd4 > cf: bb 00 70 mov $0x7000,%bx > d2: eb 7d jmp 0x151 > d4: b4 08 mov $0x8,%ah > d6: cd 13 int $0x13 > d8: 73 0a jae 0xe4 > da: f6 c2 80 test $0x80,%dl > dd: 0f 84 f0 00 je 0x1d1 > e1: e9 8d 00 jmp 0x171 > e4: be 05 7c mov $0x7c05,%si > e7: c6 44 ff 00 movb $0x0,-0x1(%si) > eb: 66 31 c0 xor %eax,%eax > ee: 88 f0 mov %dh,%al > f0: 40 inc %ax > f1: 66 89 44 04 mov %eax,0x4(%si) > f5: 31 d2 xor %dx,%dx > f7: 88 ca mov %cl,%dl > f9: c1 e2 02 shl $0x2,%dx > fc: 88 e8 mov %ch,%al > fe: 88 f4 mov %dh,%ah > 100: 40 inc %ax > 101: 89 44 08 mov %ax,0x8(%si) > 104: 31 c0 xor %ax,%ax > 106: 88 d0 mov %dl,%al > 108: c0 e8 02 shr $0x2,%al > 10b: 66 89 04 mov %eax,(%si) > 10e: 66 a1 44 7c mov 0x7c44,%eax > 112: 66 31 d2 xor %edx,%edx > 115: 66 f7 34 divl (%si) > 118: 88 54 0a mov %dl,0xa(%si) > 11b: 66 31 d2 xor %edx,%edx > 11e: 66 f7 74 04 divl 0x4(%si) > 122: 88 54 0b mov %dl,0xb(%si) > 125: 89 44 0c mov %ax,0xc(%si) > 128: 3b 44 08 cmp 0x8(%si),%ax > 12b: 7d 3c jge 0x169 > 12d: 8a 54 0d mov 0xd(%si),%dl > 130: c0 e2 06 shl $0x6,%dl > 133: 8a 4c 0a mov 0xa(%si),%cl > 136: fe c1 inc %cl > 138: 08 d1 or %dl,%cl > 13a: 8a 6c 0c mov 0xc(%si),%ch > 13d: 5a pop %dx > 13e: 8a 74 0b mov 0xb(%si),%dh > 141: bb 00 70 mov $0x7000,%bx > 144: 8e c3 mov %bx,%es > 146: 31 db xor %bx,%bx > 148: b8 01 02 mov $0x201,%ax > 14b: cd 13 int $0x13 > 14d: 72 2a jb 0x179 > 14f: 8c c3 mov %es,%bx > 151: 8e 06 48 7c mov 0x7c48,%es > 155: 60 pusha > 156: 1e push %ds > 157: b9 00 01 mov $0x100,%cx > 15a: 8e db mov %bx,%ds > 15c: 31 f6 xor %si,%si > 15e: 31 ff xor %di,%di > 160: fc cld > 161: f3 a5 rep movsw %ds:(%si),%es:(%di) > 163: 1f pop %ds > 164: 61 popa > 165: ff 26 42 7c jmp *0x7c42 > 169: be 7f 7d mov $0x7d7f,%si > 16c: e8 40 00 call 0x1af > 16f: eb 0e jmp 0x17f > 171: be 84 7d mov $0x7d84,%si > 174: e8 38 00 call 0x1af > 177: eb 06 jmp 0x17f > 179: be 8e 7d mov $0x7d8e,%si > 17c: e8 30 00 call 0x1af > 17f: be 93 7d mov $0x7d93,%si > 182: e8 2a 00 call 0x1af > 185: eb fe jmp 0x185 > 187: 47 inc %di > 188: 52 push %dx > 189: 55 push %bp > 18a: 42 inc %dx > 18b: 20 00 and %al,(%bx,%si) > 18d: 47 inc %di > 18e: 65 6f outsw %gs:(%si),(%dx) > 190: 6d insw (%dx),%es:(%di) > 191: 00 48 61 add %cl,0x61(%bx,%si) > 194: 72 64 jb 0x1fa > 196: 20 44 69 and %al,0x69(%si) > 199: 73 6b jae 0x206 > 19b: 00 52 65 add %dl,0x65(%bp,%si) > 19e: 61 popa > 19f: 64 00 20 add %ah,%fs:(%bx,%si) > 1a2: 45 inc %bp > 1a3: 72 72 jb 0x217 > 1a5: 6f outsw %ds:(%si),(%dx) > 1a6: 72 00 jb 0x1a8 > 1a8: bb 01 00 mov $0x1,%bx > 1ab: b4 0e mov $0xe,%ah > 1ad: cd 10 int $0x10 > 1af: ac lods %ds:(%si),%al > 1b0: 3c 00 cmp $0x0,%al > 1b2: 75 f4 jne 0x1a8 > 1b4: c3 ret > ... > !!! DATA (NOT CODE) BELOW THISPOINT (AFAIU) !!! > 1c5: 00 dc add %bl,%ah > 1c7: 3b dd cmp %bp,%bx > 1c9: 3b 00 cmp (%bx,%si),%ax > 1cb: 00 80 20 21 add %al,0x2120(%bx,%si) > 1cf: 00 07 add %al,(%bx) > 1d1: fe (bad) > 1d2: ff (bad) > 1d3: ff 00 incw (%bx,%si) > 1d5: 08 00 or %al,(%bx,%si) > 1d7: 00 00 add %al,(%bx,%si) > 1d9: 00 00 add %al,(%bx,%si) > 1db: 0a 00 or (%bx,%si),%al > 1dd: fe (bad) > 1de: ff (bad) > 1df: ff 83 fe ff incw -0x2(%bp,%di) > 1e3: ff 00 incw (%bx,%si) > 1e5: 08 00 or %al,(%bx,%si) > 1e7: 0a 00 or (%bx,%si),%al > 1e9: 00 38 add %bh,(%bx,%si) > 1eb: 04 00 add $0x0,%al > 1ed: fe (bad) > 1ee: ff (bad) > 1ef: ff 82 fe ff incw -0x2(%bp,%si) > 1f3: ff 00 incw (%bx,%si) > 1f5: 08 38 or %bh,(%bx,%si) > 1f7: 0e push %cs > 1f8: 00 e8 add %ch,%al > 1fa: 17 pop %ss > ... > 20b: 00 55 aa add %dl,-0x56(%di) > > > # cat good_mbr.asm > 0: eb 48 jmp 0x4a > 2: 90 nop > ... > 3b: 00 00 add %al,(%bx,%si) > 3d: 00 03 add %al,(%bp,%di) > 3f: 02 ff add %bh,%bh > 41: 00 00 add %al,(%bx,%si) > 43: 80 01 00 addb $0x0,(%bx,%di) > 46: 00 00 add %al,(%bx,%si) > 48: 00 08 add %cl,(%bx,%si) > 4a: fa cli > 4b: eb 07 jmp 0x54 > 4d: f6 c2 80 test $0x80,%dl > 50: 75 02 jne 0x54 > 52: b2 80 mov $0x80,%dl > 54: ea 59 7c 00 00 ljmp $0x0,$0x7c59 > 59: 31 c0 xor %ax,%ax > 5b: 8e d8 mov %ax,%ds > 5d: 8e d0 mov %ax,%ss > 5f: bc 00 20 mov $0x2000,%sp > 62: fb sti > 63: a0 40 7c mov 0x7c40,%al > 66: 3c ff cmp $0xff,%al > 68: 74 02 je 0x6c > 6a: 88 c2 mov %al,%dl > 6c: 52 push %dx > 6d: f6 c2 80 test $0x80,%dl > 70: 74 54 je 0xc6 > 72: b4 41 mov $0x41,%ah > 74: bb aa 55 mov $0x55aa,%bx > 77: cd 13 int $0x13 > 79: 5a pop %dx > 7a: 52 push %dx > 7b: 72 49 jb 0xc6 > 7d: 81 fb 55 aa cmp $0xaa55,%bx > 81: 75 43 jne 0xc6 > 83: a0 41 7c mov 0x7c41,%al > 86: 84 c0 test %al,%al > 88: 75 05 jne 0x8f > 8a: 83 e1 01 and $0x1,%cx > 8d: 74 37 je 0xc6 > 8f: 66 8b 4c 10 mov 0x10(%si),%ecx > 93: be 05 7c mov $0x7c05,%si > 96: c6 44 ff 01 movb $0x1,-0x1(%si) > 9a: 66 8b 1e 44 7c mov 0x7c44,%ebx > 9f: c7 04 10 00 movw $0x10,(%si) > a3: c7 44 02 01 00 movw $0x1,0x2(%si) > a8: 66 89 5c 08 mov %ebx,0x8(%si) > ac: c7 44 06 00 70 movw $0x7000,0x6(%si) > b1: 66 31 c0 xor %eax,%eax > b4: 89 44 04 mov %ax,0x4(%si) > b7: 66 89 44 0c mov %eax,0xc(%si) > bb: b4 42 mov $0x42,%ah > bd: cd 13 int $0x13 > bf: 72 05 jb 0xc6 > c1: bb 00 70 mov $0x7000,%bx > c4: eb 7d jmp 0x143 > c6: b4 08 mov $0x8,%ah > c8: cd 13 int $0x13 > ca: 73 0a jae 0xd6 > cc: f6 c2 80 test $0x80,%dl > cf: 0f 84 f0 00 je 0x1c3 > d3: e9 8d 00 jmp 0x163 > d6: be 05 7c mov $0x7c05,%si > d9: c6 44 ff 00 movb $0x0,-0x1(%si) > dd: 66 31 c0 xor %eax,%eax > e0: 88 f0 mov %dh,%al > e2: 40 inc %ax > e3: 66 89 44 04 mov %eax,0x4(%si) > e7: 31 d2 xor %dx,%dx > e9: 88 ca mov %cl,%dl > eb: c1 e2 02 shl $0x2,%dx > ee: 88 e8 mov %ch,%al > f0: 88 f4 mov %dh,%ah > f2: 40 inc %ax > f3: 89 44 08 mov %ax,0x8(%si) > f6: 31 c0 xor %ax,%ax > f8: 88 d0 mov %dl,%al > fa: c0 e8 02 shr $0x2,%al > fd: 66 89 04 mov %eax,(%si) > 100: 66 a1 44 7c mov 0x7c44,%eax > 104: 66 31 d2 xor %edx,%edx > 107: 66 f7 34 divl (%si) > 10a: 88 54 0a mov %dl,0xa(%si) > 10d: 66 31 d2 xor %edx,%edx > 110: 66 f7 74 04 divl 0x4(%si) > 114: 88 54 0b mov %dl,0xb(%si) > 117: 89 44 0c mov %ax,0xc(%si) > 11a: 3b 44 08 cmp 0x8(%si),%ax > 11d: 7d 3c jge 0x15b > 11f: 8a 54 0d mov 0xd(%si),%dl > 122: c0 e2 06 shl $0x6,%dl > 125: 8a 4c 0a mov 0xa(%si),%cl > 128: fe c1 inc %cl > 12a: 08 d1 or %dl,%cl > 12c: 8a 6c 0c mov 0xc(%si),%ch > 12f: 5a pop %dx > 130: 8a 74 0b mov 0xb(%si),%dh > 133: bb 00 70 mov $0x7000,%bx > 136: 8e c3 mov %bx,%es > 138: 31 db xor %bx,%bx > 13a: b8 01 02 mov $0x201,%ax > 13d: cd 13 int $0x13 > 13f: 72 2a jb 0x16b > 141: 8c c3 mov %es,%bx > 143: 8e 06 48 7c mov 0x7c48,%es > 147: 60 pusha > 148: 1e push %ds > 149: b9 00 01 mov $0x100,%cx > 14c: 8e db mov %bx,%ds > 14e: 31 f6 xor %si,%si > 150: 31 ff xor %di,%di > 152: fc cld > 153: f3 a5 rep movsw %ds:(%si),%es:(%di) > 155: 1f pop %ds > 156: 61 popa > 157: ff 26 42 7c jmp *0x7c42 > 15b: be 7f 7d mov $0x7d7f,%si > 15e: e8 40 00 call 0x1a1 > 161: eb 0e jmp 0x171 > 163: be 84 7d mov $0x7d84,%si > 166: e8 38 00 call 0x1a1 > 169: eb 06 jmp 0x171 > 16b: be 8e 7d mov $0x7d8e,%si > 16e: e8 30 00 call 0x1a1 > 171: be 93 7d mov $0x7d93,%si > 174: e8 2a 00 call 0x1a1 > 177: eb fe jmp 0x177 > 179: 47 inc %di > 17a: 52 push %dx > 17b: 55 push %bp > 17c: 42 inc %dx > 17d: 20 00 and %al,(%bx,%si) > 17f: 47 inc %di > 180: 65 6f outsw %gs:(%si),(%dx) > 182: 6d insw (%dx),%es:(%di) > 183: 00 48 61 add %cl,0x61(%bx,%si) > 186: 72 64 jb 0x1ec > 188: 20 44 69 and %al,0x69(%si) > 18b: 73 6b jae 0x1f8 > 18d: 00 52 65 add %dl,0x65(%bp,%si) > 190: 61 popa > 191: 64 00 20 add %ah,%fs:(%bx,%si) > 194: 45 inc %bp > 195: 72 72 jb 0x209 > 197: 6f outsw %ds:(%si),(%dx) > 198: 72 00 jb 0x19a > 19a: bb 01 00 mov $0x1,%bx > 19d: b4 0e mov $0xe,%ah > 19f: cd 10 int $0x10 > 1a1: ac lods %ds:(%si),%al > 1a2: 3c 00 cmp $0x0,%al > 1a4: 75 f4 jne 0x19a > 1a6: c3 ret > ... > !!! DATA (NOT CODE) BELOW THIS POINT (AFAIU) !!! > 1bb: 00 00 add %al,(%bx,%si) > 1bd: 00 24 add %ah,(%si) > 1bf: 12 0f adc (%bx),%cl > 1c1: 09 00 or %ax,(%bx,%si) > 1c3: be bd 7d mov $0x7dbd,%si > 1c6: 31 c0 xor %ax,%ax > 1c8: cd 13 int $0x13 > 1ca: 46 inc %si > 1cb: 8a 0c mov (%si),%cl > 1cd: 80 f9 00 cmp $0x0,%cl > 1d0: 75 0f jne 0x1e1 > 1d2: be da 7d mov $0x7dda,%si > 1d5: e8 c9 ff call 0x1a1 > 1d8: eb 97 jmp 0x171 > 1da: 46 inc %si > 1db: 6c insb (%dx),%es:(%di) > 1dc: 6f outsw %ds:(%si),(%dx) > 1dd: 70 70 jo 0x24f > 1df: 79 00 jns 0x1e1 > 1e1: bb 00 70 mov $0x7000,%bx > 1e4: b8 01 02 mov $0x201,%ax > 1e7: b5 00 mov $0x0,%ch > 1e9: b6 00 mov $0x0,%dh > 1eb: cd 13 int $0x13 > 1ed: 72 d7 jb 0x1c6 > 1ef: b6 01 mov $0x1,%dh > 1f1: b5 4f mov $0x4f,%ch > 1f3: e9 e0 fe jmp 0xd6 > ... > 1fe: 55 push %bp > 1ff: aa stos %al,%es:(%di) > > Thanks for reading this far!! ;-) > > Regards.
[toc] | [prev] | [next] | [standalone]
| From | Bob Willard <BobwBSGS@TrashThis.comcast.net> |
|---|---|
| Date | 2011-07-22 12:17 -0400 |
| Message-ID | <j0c7r2$lqn$1@dont-email.me> |
| In reply to | #833 |
On 7/22/2011 10:25 AM, Noob wrote: > [ Please note that I've added comp.sys.ibm.pc.hardware.storage > to the list of newsgroups ] > > Noob wrote: > >> Something trashed my MBR. Now when I boot the PC, >> I get the dreaded "NON-SYSTEM DISK. PLEASE INSERT >> SYSTEM DISK AND PRESS ENTER" (or something close). > > By MBR, I meant the first sector of my hard disk drive, > i.e. the boot-strapping code, and the table of primary > partitions. > >> My setup: >> PATA 120-GB HDD on IDE0 master >> PATA DVD reader on IDE1 master >> No IDE slaves. No SATA drives. (SATA disabled in BIOS) >> >> I had used gparted to create three primary partitions >> (all partitions are aligned to 1 MiB, even though >> this is not a 4K-sector HDD) >> partition 1 : 80.00 GiB (for WinXP) >> partition 2 : 33.75 GiB (for Fedora 13) >> partition 3 : 765 MiB (for swap) > > Short version of the rest of original message : the first sector > had been shifted by 14 bytes. Weird, right? > > And the plot thickens. Later that same night, I copied the > MBR a second time in the live CD environment; and this second > time, the first 14 bytes of the MBR were ZERO, i.e. > they had changed !! > > Even stranger, the next morning, I booted the PC, > and the 14-byte offset had disappeared. > > I'm starting to think that this might be a hardware problem, > as both Linux AND the BIOS seem to have had troubles getting > the MBR consistently. Something else I haven't mentioned: > when Windows resumes from hibernation, the whole system > sometime reboots (this started about 2/3 weeks ago), around > the same time I changed the RAM from 2x512 to 2x1024. > > I tested the RAM, no errors after one hour of checking. > The S.M.A.R.T. counters for the HDD claim the drive is > "healthy". > > However, considering that the drive is inserting random > garbage around requested data, I'm wondering if this could > be the drive's controller failing? Would this show up in > a S.M.A.R.T. diagnostic? > > Or am I on the wrong track, and do you see something else > that might be responsible? > > Regards. I don't see any strong evidence that points at the HD or its controller. When things get flaky and you know for sure that you don't have any malware doing mal to your ware, my first guess is over-temps and my second guess is the PS. Over-temp can be caused by the build-up of dust and dirt: dirty air filters and dirty heatsinks are common causes; check for loose cables while you are doing your housecleaning. PSs do deteriorate over time, and your PS may have been somewhat undersized or cheap from day one, or you have cause a marginal overload by adding stuff. My third guess would be flaky RAM. A one hour test is unimpressive; I suggest running the current version of Memtest86+ overnight. Guess #4: the MoBo. Lots of MBs have caps that get leaky over time. You can visually examine the MB for caps that are swollen and, if you have the skills, replace them (or replace the MB). It is hot here, so I have to turn off my crystal ball now. Good luck. -- Cheers, Bob
[toc] | [prev] | [next] | [standalone]
| From | Noob <root@127.0.0.1> |
|---|---|
| Date | 2011-07-22 18:35 +0200 |
| Message-ID | <j0c8rf$sm2$1@dont-email.me> |
| In reply to | #837 |
Bob Willard wrote: > On 7/22/2011 10:25 AM, Noob wrote: >> [ Please note that I've added comp.sys.ibm.pc.hardware.storage >> to the list of newsgroups ] >> >> Noob wrote: >> >>> Something trashed my MBR. Now when I boot the PC, >>> I get the dreaded "NON-SYSTEM DISK. PLEASE INSERT >>> SYSTEM DISK AND PRESS ENTER" (or something close). >> >> By MBR, I meant the first sector of my hard disk drive, >> i.e. the boot-strapping code, and the table of primary >> partitions. >> >>> My setup: >>> PATA 120-GB HDD on IDE0 master >>> PATA DVD reader on IDE1 master >>> No IDE slaves. No SATA drives. (SATA disabled in BIOS) >>> >>> I had used gparted to create three primary partitions >>> (all partitions are aligned to 1 MiB, even though >>> this is not a 4K-sector HDD) >>> partition 1 : 80.00 GiB (for WinXP) >>> partition 2 : 33.75 GiB (for Fedora 13) >>> partition 3 : 765 MiB (for swap) >> >> Short version of the rest of original message : the first sector >> had been shifted by 14 bytes. Weird, right? >> >> And the plot thickens. Later that same night, I copied the >> MBR a second time in the live CD environment; and this second >> time, the first 14 bytes of the MBR were ZERO, i.e. >> they had changed !! >> >> Even stranger, the next morning, I booted the PC, >> and the 14-byte offset had disappeared. >> >> I'm starting to think that this might be a hardware problem, >> as both Linux AND the BIOS seem to have had troubles getting >> the MBR consistently. Something else I haven't mentioned: >> when Windows resumes from hibernation, the whole system >> sometime reboots (this started about 2/3 weeks ago), around >> the same time I changed the RAM from 2x512 to 2x1024. >> >> I tested the RAM, no errors after one hour of checking. >> The S.M.A.R.T. counters for the HDD claim the drive is >> "healthy". >> >> However, considering that the drive is inserting random >> garbage around requested data, I'm wondering if this could >> be the drive's controller failing? Would this show up in >> a S.M.A.R.T. diagnostic? >> >> Or am I on the wrong track, and do you see something else >> that might be responsible? >> >> Regards. > > I don't see any strong evidence that points at the HD or its controller. > When things get flaky and you know for sure that you don't have any > malware doing mal to your ware, my first guess is over-temps and my > second guess is the PS. Over-temp can be caused by the build-up of dust > and dirt: dirty air filters and dirty heat sinks are common causes; > check for loose cables while you are doing your housecleaning. My PC case has a dust filter to prevent (most of the) dust from entering the case. I clean the filter every month, and the case 2-3 times a year, including fans and heat sinks. Last time was two months ago. I really don't think the problem is over-heating, as the case is clean, and the problem manifests right after a cold boot. Temperature is 12-15C at night, around 18-20C at noon. > PSs do deteriorate over time, and your PS may have been somewhat > undersized or cheap from day one, or you have cause a marginal overload > by adding stuff. My power supply is CORSAIR CX 450W (which received great reviews). It's now 2 years old. It is definitely not under-sized as I've measured power draw at boot under 60W. > My third guess would be flaky RAM. A one hour test is unimpressive; I > suggest running the current version of Memtest86+ overnight. Will do. The RAM is brand new, so it is a natural suspect. > Guess #4: the MoBo. Lots of MBs have caps that get leaky over time. > You can visually examine the MB for caps that are swollen and, if you > have the skills, replace them (or replace the MB). Will examine. MoBo is ASUS A8N-E from AUG 2005. > It is hot here, so I have to turn off my crystal ball now. Good luck. Regards.
[toc] | [prev] | [next] | [standalone]
| From | Arno <me@privacy.net> |
|---|---|
| Date | 2011-07-22 18:41 +0000 |
| Message-ID | <98tuhvF8k5U1@mid.individual.net> |
| In reply to | #833 |
In comp.sys.ibm.pc.hardware.storage Noob <root@127.0.0.1> wrote: > [ Please note that I've added comp.sys.ibm.pc.hardware.storage > to the list of newsgroups ] > Noob wrote: >> Something trashed my MBR. Now when I boot the PC, >> I get the dreaded "NON-SYSTEM DISK. PLEASE INSERT >> SYSTEM DISK AND PRESS ENTER" (or something close). > By MBR, I meant the first sector of my hard disk drive, > i.e. the boot-strapping code, and the table of primary > partitions. >> My setup: >> PATA 120-GB HDD on IDE0 master >> PATA DVD reader on IDE1 master >> No IDE slaves. No SATA drives. (SATA disabled in BIOS) >> >> I had used gparted to create three primary partitions >> (all partitions are aligned to 1 MiB, even though >> this is not a 4K-sector HDD) >> partition 1 : 80.00 GiB (for WinXP) >> partition 2 : 33.75 GiB (for Fedora 13) >> partition 3 : 765 MiB (for swap) > Short version of the rest of original message : the first sector > had been shifted by 14 bytes. Weird, right? Very much so, indeed. A 14 byte offset seems next to impossible. > And the plot thickens. Later that same night, I copied the > MBR a second time in the live CD environment; and this second > time, the first 14 bytes of the MBR were ZERO, i.e. > they had changed !! > Even stranger, the next morning, I booted the PC, > and the 14-byte offset had disappeared. > I'm starting to think that this might be a hardware problem, > as both Linux AND the BIOS seem to have had troubles getting > the MBR consistently. Something else I haven't mentioned: > when Windows resumes from hibernation, the whole system > sometime reboots (this started about 2/3 weeks ago), around > the same time I changed the RAM from 2x512 to 2x1024. This is typical for bad RAM. Unfortunately bad RAM can be hard to detect. I once had to run memtest86+ for 3 days to identify a bad module. Put in the old modules and try to recreate the problem. > I tested the RAM, no errors after one hour of checking. > The S.M.A.R.T. counters for the HDD claim the drive is > "healthy". > However, considering that the drive is inserting random > garbage around requested data, I'm wondering if this could > be the drive's controller failing? Would this show up in > a S.M.A.R.T. diagnostic? No. SMART is just done on the disk itself. You may find interface errors in the error log, but only if there are chacksums on the data/commands. With PATA there are no checksums on the commands and on the data only with ATA-66 and above. > Or am I on the wrong track, and do you see something else > that might be responsible? Well, it could be a very obscure hardware problem. But are you sure you are using your tools right? I had things like this happen to me, only to realize later that the problem was before the keyboard. That said, PATA is subject to both data and command corruption with bad cables or not fully plugged connectors. Even >= ATA-66 only has checksums on the data, not the commands. If you have non-spec cables (>45cm, rounded), the next test would be to replace them with spec cables and try again. Also, bad RAM can have arbitrary effects. From nothing at all to very strange things as abserverd by you. Arno > [ Below is the rest of my original message, which I left in > because of the belated cross-post to csiphs ] >> For my own record, my partitions are encoded as follows. >> >> http://en.wikipedia.org/wiki/Master_boot_record >> http://en.wikipedia.org/wiki/Partition_type >> >> 80 20 21 00 07 fe ff ff 00 08 00 00 00 00 00 0a >> bootable, NTFS, start = 1 MiB, count = 80 GiB >> >> 00 fe ff ff 83 fe ff ff 00 08 00 0a 00 00 38 04 >> non-bootable, linux, count = 33.75 GiB >> >> 00 fe ff ff 82 fe ff ff 00 08 38 0e 00 e8 17 00 >> non-bootable, swap, count = 765 MiB >> >> I used a Fedora 15 live CD to boot to Linux, and examine >> the MBR. I looked for the MBR signature, and noticed >> something very odd: the 0xAA55 signature was 14 bytes >> "too far", i.e. at offset 0x20c instead of 0x1fe, which >> means my broken MBR straddles sectors 0 and 1... >> >> # cat broken_mbr.dump >> 00000000 00 00 00 00 00 00 41 01 63 74 e6 00 39 00 eb 48 |......A.ct..9..H| >> 00000010 90 d0 bc 00 7c fb 50 07 50 1f fc be 1b 7c bf 1b |....|.P.P....|..| >> 00000020 06 50 57 b9 e5 01 f3 a4 cb bd be 07 b1 04 38 6e |.PW...........8n| >> 00000030 00 7c 09 75 13 83 c5 10 e2 f4 cd 18 8b f5 83 c6 |.|.u............| >> 00000040 10 49 74 19 38 2c 74 f6 a0 b5 07 b4 03 02 80 00 |.It.8,t.........| >> 00000050 00 80 00 e8 c4 0a 00 08 fa 90 90 f6 c2 80 75 02 |..............u.| >> 00000060 b2 80 ea 59 7c 00 00 31 c0 8e d8 8e d0 bc 00 20 |...Y|..1....... | >> 00000070 fb a0 40 7c 3c ff 74 02 88 c2 52 f6 c2 80 74 54 |..@|<.t...R...tT| >> 00000080 b4 41 bb aa 55 cd 13 5a 52 72 49 81 fb 55 aa 75 |.A..U..ZRrI..U.u| >> 00000090 43 a0 41 7c 84 c0 75 05 83 e1 01 74 37 66 8b 4c |C.A|..u....t7f.L| >> 000000a0 10 be 05 7c c6 44 ff 01 66 8b 1e 44 7c c7 04 10 |...|.D..f..D|...| >> 000000b0 00 c7 44 02 01 00 66 89 5c 08 c7 44 06 00 70 66 |..D...f.\..D..pf| >> 000000c0 31 c0 89 44 04 66 89 44 0c b4 42 cd 13 72 05 bb |1..D.f.D..B..r..| >> 000000d0 00 70 eb 7d b4 08 cd 13 73 0a f6 c2 80 0f 84 f0 |.p.}....s.......| >> 000000e0 00 e9 8d 00 be 05 7c c6 44 ff 00 66 31 c0 88 f0 |......|.D..f1...| >> 000000f0 40 66 89 44 04 31 d2 88 ca c1 e2 02 88 e8 88 f4 |@f.D.1..........| >> 00000100 40 89 44 08 31 c0 88 d0 c0 e8 02 66 89 04 66 a1 |@.D.1......f..f.| >> 00000110 44 7c 66 31 d2 66 f7 34 88 54 0a 66 31 d2 66 f7 |D|f1.f.4.T.f1.f.| >> 00000120 74 04 88 54 0b 89 44 0c 3b 44 08 7d 3c 8a 54 0d |t..T..D.;D.}<.T.| >> 00000130 c0 e2 06 8a 4c 0a fe c1 08 d1 8a 6c 0c 5a 8a 74 |....L......l.Z.t| >> 00000140 0b bb 00 70 8e c3 31 db b8 01 02 cd 13 72 2a 8c |...p..1......r*.| >> 00000150 c3 8e 06 48 7c 60 1e b9 00 01 8e db 31 f6 31 ff |...H|`......1.1.| >> 00000160 fc f3 a5 1f 61 ff 26 42 7c be 7f 7d e8 40 00 eb |....a.&B|..}.@..| >> 00000170 0e be 84 7d e8 38 00 eb 06 be 8e 7d e8 30 00 be |...}.8.....}.0..| >> 00000180 93 7d e8 2a 00 eb fe 47 52 55 42 20 00 47 65 6f |.}.*...GRUB .Geo| >> 00000190 6d 00 48 61 72 64 20 44 69 73 6b 00 52 65 61 64 |m.Hard Disk.Read| >> 000001a0 00 20 45 72 72 6f 72 00 bb 01 00 b4 0e cd 10 ac |. Error.........| >> 000001b0 3c 00 75 f4 c3 00 00 00 00 00 00 00 00 00 00 00 |<.u.............| >> 000001c0 00 00 00 00 00 00 dc 3b dd 3b 00 00 80 20 21 00 |.......;.;... !.| >> 000001d0 07 fe ff ff 00 08 00 00 00 00 00 0a 00 fe ff ff |................| >> 000001e0 83 fe ff ff 00 08 00 0a 00 00 38 04 00 fe ff ff |..........8.....| >> 000001f0 82 fe ff ff 00 08 38 0e 00 e8 17 00 00 00 00 00 |......8.........| >> 00000200 00 00 00 00 00 00 00 00 00 00 00 00 55 aa 00 00 |............U...| >> 00000210 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| >> >> The partition table (64 bytes) at the end, right >> before the last two-byte signature, is valid. >> >> For comparison, I examined /boot/grub/stage1 >> >> # cat good_mbr.dump >> 00000000 eb 48 90 00 00 00 00 00 00 00 00 00 00 00 00 00 |.H..............| >> 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| >> * >> 00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 02 |................| >> 00000040 ff 00 00 80 01 00 00 00 00 08 fa eb 07 f6 c2 80 |................| >> 00000050 75 02 b2 80 ea 59 7c 00 00 31 c0 8e d8 8e d0 bc |u....Y|..1......| >> 00000060 00 20 fb a0 40 7c 3c ff 74 02 88 c2 52 f6 c2 80 |. ..@|<.t...R...| >> 00000070 74 54 b4 41 bb aa 55 cd 13 5a 52 72 49 81 fb 55 |tT.A..U..ZRrI..U| >> 00000080 aa 75 43 a0 41 7c 84 c0 75 05 83 e1 01 74 37 66 |.uC.A|..u....t7f| >> 00000090 8b 4c 10 be 05 7c c6 44 ff 01 66 8b 1e 44 7c c7 |.L...|.D..f..D|.| >> 000000a0 04 10 00 c7 44 02 01 00 66 89 5c 08 c7 44 06 00 |....D...f.\..D..| >> 000000b0 70 66 31 c0 89 44 04 66 89 44 0c b4 42 cd 13 72 |pf1..D.f.D..B..r| >> 000000c0 05 bb 00 70 eb 7d b4 08 cd 13 73 0a f6 c2 80 0f |...p.}....s.....| >> 000000d0 84 f0 00 e9 8d 00 be 05 7c c6 44 ff 00 66 31 c0 |........|.D..f1.| >> 000000e0 88 f0 40 66 89 44 04 31 d2 88 ca c1 e2 02 88 e8 |..@f.D.1........| >> 000000f0 88 f4 40 89 44 08 31 c0 88 d0 c0 e8 02 66 89 04 |..@.D.1......f..| >> 00000100 66 a1 44 7c 66 31 d2 66 f7 34 88 54 0a 66 31 d2 |f.D|f1.f.4.T.f1.| >> 00000110 66 f7 74 04 88 54 0b 89 44 0c 3b 44 08 7d 3c 8a |f.t..T..D.;D.}<.| >> 00000120 54 0d c0 e2 06 8a 4c 0a fe c1 08 d1 8a 6c 0c 5a |T.....L......l.Z| >> 00000130 8a 74 0b bb 00 70 8e c3 31 db b8 01 02 cd 13 72 |.t...p..1......r| >> 00000140 2a 8c c3 8e 06 48 7c 60 1e b9 00 01 8e db 31 f6 |*....H|`......1.| >> 00000150 31 ff fc f3 a5 1f 61 ff 26 42 7c be 7f 7d e8 40 |1.....a.&B|..}.@| >> 00000160 00 eb 0e be 84 7d e8 38 00 eb 06 be 8e 7d e8 30 |.....}.8.....}.0| >> 00000170 00 be 93 7d e8 2a 00 eb fe 47 52 55 42 20 00 47 |...}.*...GRUB .G| >> 00000180 65 6f 6d 00 48 61 72 64 20 44 69 73 6b 00 52 65 |eom.Hard Disk.Re| >> 00000190 61 64 00 20 45 72 72 6f 72 00 bb 01 00 b4 0e cd |ad. Error.......| >> 000001a0 10 ac 3c 00 75 f4 c3 00 00 00 00 00 00 00 00 00 |..<.u...........| >> 000001b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 12 |..............$.| >> 000001c0 0f 09 00 be bd 7d 31 c0 cd 13 46 8a 0c 80 f9 00 |.....}1...F.....| >> 000001d0 75 0f be da 7d e8 c9 ff eb 97 46 6c 6f 70 70 79 |u...}.....Floppy| >> 000001e0 00 bb 00 70 b8 01 02 b5 00 b6 00 cd 13 72 d7 b6 |...p.........r..| >> 000001f0 01 b5 4f e9 e0 fe 00 00 00 00 00 00 00 00 55 aa |..O...........U.| >> >> And indeed, the "eb 48" is there in my broken MBR, >> 14 bytes "too far". So it looks like I could just >> use a binary editor to remove the first 14 bytes, >> then write that back to my HDD's first sector? >> >> Not too sure about that, though. >> >> Does my broken MBR, shifted left by 14 bytes, look >> like a valid MBR for grub? >> >> Thoughts? Suggestions? How should I proceed? >> >> For the record, here are the disassembly for the >> broken MBR, and the good MBR (they do seem to differ >> in several places, I'm wondering if this is because >> I shouldn't be looking at /boot/grub/stage1) >> >> On a normal MBR, the code area ranges from 0 to 0x1b7 >> Shifted by 14 bytes, I expect range 14 to 0x1c5 >> >> http://prefetch.net/blog/index.php/2006/09/09/digging-through-the-mbr/ >> >> # cat broken_mbr.asm >> 0: 00 00 add %al,(%bx,%si) >> 2: 00 00 add %al,(%bx,%si) >> 4: 00 00 add %al,(%bx,%si) >> 6: 41 inc %cx >> 7: 01 63 74 add %sp,0x74(%bp,%di) >> a: e6 00 out %al,$0x0 >> c: 39 00 cmp %ax,(%bx,%si) >> XXX e: eb 48 jmp 0x58 >> 10: 90 nop >> 11: d0 bc 00 7c sarb 0x7c00(%si) >> 15: fb sti >> 16: 50 push %ax >> 17: 07 pop %es >> 18: 50 push %ax >> 19: 1f pop %ds >> 1a: fc cld >> 1b: be 1b 7c mov $0x7c1b,%si >> 1e: bf 1b 06 mov $0x61b,%di >> 21: 50 push %ax >> 22: 57 push %di >> 23: b9 e5 01 mov $0x1e5,%cx >> 26: f3 a4 rep movsb %ds:(%si),%es:(%di) >> 28: cb lret >> 29: bd be 07 mov $0x7be,%bp >> 2c: b1 04 mov $0x4,%cl >> 2e: 38 6e 00 cmp %ch,0x0(%bp) >> 31: 7c 09 jl 0x3c >> 33: 75 13 jne 0x48 >> 35: 83 c5 10 add $0x10,%bp >> 38: e2 f4 loop 0x2e >> 3a: cd 18 int $0x18 >> 3c: 8b f5 mov %bp,%si >> 3e: 83 c6 10 add $0x10,%si >> 41: 49 dec %cx >> 42: 74 19 je 0x5d >> 44: 38 2c cmp %ch,(%si) >> 46: 74 f6 je 0x3e >> 48: a0 b5 07 mov 0x7b5,%al >> 4b: b4 03 mov $0x3,%ah >> 4d: 02 80 00 00 add 0x0(%bx,%si),%al >> 51: 80 00 e8 addb $0xe8,(%bx,%si) >> 54: c4 0a les (%bp,%si),%cx >> 56: 00 08 add %cl,(%bx,%si) >> 58: fa cli >> 59: 90 nop >> 5a: 90 nop >> 5b: f6 c2 80 test $0x80,%dl >> 5e: 75 02 jne 0x62 >> 60: b2 80 mov $0x80,%dl >> 62: ea 59 7c 00 00 ljmp $0x0,$0x7c59 >> 67: 31 c0 xor %ax,%ax >> 69: 8e d8 mov %ax,%ds >> 6b: 8e d0 mov %ax,%ss >> 6d: bc 00 20 mov $0x2000,%sp >> 70: fb sti >> 71: a0 40 7c mov 0x7c40,%al >> 74: 3c ff cmp $0xff,%al >> 76: 74 02 je 0x7a >> 78: 88 c2 mov %al,%dl >> 7a: 52 push %dx >> 7b: f6 c2 80 test $0x80,%dl >> 7e: 74 54 je 0xd4 >> 80: b4 41 mov $0x41,%ah >> 82: bb aa 55 mov $0x55aa,%bx >> 85: cd 13 int $0x13 >> 87: 5a pop %dx >> 88: 52 push %dx >> 89: 72 49 jb 0xd4 >> 8b: 81 fb 55 aa cmp $0xaa55,%bx >> 8f: 75 43 jne 0xd4 >> 91: a0 41 7c mov 0x7c41,%al >> 94: 84 c0 test %al,%al >> 96: 75 05 jne 0x9d >> 98: 83 e1 01 and $0x1,%cx >> 9b: 74 37 je 0xd4 >> 9d: 66 8b 4c 10 mov 0x10(%si),%ecx >> a1: be 05 7c mov $0x7c05,%si >> a4: c6 44 ff 01 movb $0x1,-0x1(%si) >> a8: 66 8b 1e 44 7c mov 0x7c44,%ebx >> ad: c7 04 10 00 movw $0x10,(%si) >> b1: c7 44 02 01 00 movw $0x1,0x2(%si) >> b6: 66 89 5c 08 mov %ebx,0x8(%si) >> ba: c7 44 06 00 70 movw $0x7000,0x6(%si) >> bf: 66 31 c0 xor %eax,%eax >> c2: 89 44 04 mov %ax,0x4(%si) >> c5: 66 89 44 0c mov %eax,0xc(%si) >> c9: b4 42 mov $0x42,%ah >> cb: cd 13 int $0x13 >> cd: 72 05 jb 0xd4 >> cf: bb 00 70 mov $0x7000,%bx >> d2: eb 7d jmp 0x151 >> d4: b4 08 mov $0x8,%ah >> d6: cd 13 int $0x13 >> d8: 73 0a jae 0xe4 >> da: f6 c2 80 test $0x80,%dl >> dd: 0f 84 f0 00 je 0x1d1 >> e1: e9 8d 00 jmp 0x171 >> e4: be 05 7c mov $0x7c05,%si >> e7: c6 44 ff 00 movb $0x0,-0x1(%si) >> eb: 66 31 c0 xor %eax,%eax >> ee: 88 f0 mov %dh,%al >> f0: 40 inc %ax >> f1: 66 89 44 04 mov %eax,0x4(%si) >> f5: 31 d2 xor %dx,%dx >> f7: 88 ca mov %cl,%dl >> f9: c1 e2 02 shl $0x2,%dx >> fc: 88 e8 mov %ch,%al >> fe: 88 f4 mov %dh,%ah >> 100: 40 inc %ax >> 101: 89 44 08 mov %ax,0x8(%si) >> 104: 31 c0 xor %ax,%ax >> 106: 88 d0 mov %dl,%al >> 108: c0 e8 02 shr $0x2,%al >> 10b: 66 89 04 mov %eax,(%si) >> 10e: 66 a1 44 7c mov 0x7c44,%eax >> 112: 66 31 d2 xor %edx,%edx >> 115: 66 f7 34 divl (%si) >> 118: 88 54 0a mov %dl,0xa(%si) >> 11b: 66 31 d2 xor %edx,%edx >> 11e: 66 f7 74 04 divl 0x4(%si) >> 122: 88 54 0b mov %dl,0xb(%si) >> 125: 89 44 0c mov %ax,0xc(%si) >> 128: 3b 44 08 cmp 0x8(%si),%ax >> 12b: 7d 3c jge 0x169 >> 12d: 8a 54 0d mov 0xd(%si),%dl >> 130: c0 e2 06 shl $0x6,%dl >> 133: 8a 4c 0a mov 0xa(%si),%cl >> 136: fe c1 inc %cl >> 138: 08 d1 or %dl,%cl >> 13a: 8a 6c 0c mov 0xc(%si),%ch >> 13d: 5a pop %dx >> 13e: 8a 74 0b mov 0xb(%si),%dh >> 141: bb 00 70 mov $0x7000,%bx >> 144: 8e c3 mov %bx,%es >> 146: 31 db xor %bx,%bx >> 148: b8 01 02 mov $0x201,%ax >> 14b: cd 13 int $0x13 >> 14d: 72 2a jb 0x179 >> 14f: 8c c3 mov %es,%bx >> 151: 8e 06 48 7c mov 0x7c48,%es >> 155: 60 pusha >> 156: 1e push %ds >> 157: b9 00 01 mov $0x100,%cx >> 15a: 8e db mov %bx,%ds >> 15c: 31 f6 xor %si,%si >> 15e: 31 ff xor %di,%di >> 160: fc cld >> 161: f3 a5 rep movsw %ds:(%si),%es:(%di) >> 163: 1f pop %ds >> 164: 61 popa >> 165: ff 26 42 7c jmp *0x7c42 >> 169: be 7f 7d mov $0x7d7f,%si >> 16c: e8 40 00 call 0x1af >> 16f: eb 0e jmp 0x17f >> 171: be 84 7d mov $0x7d84,%si >> 174: e8 38 00 call 0x1af >> 177: eb 06 jmp 0x17f >> 179: be 8e 7d mov $0x7d8e,%si >> 17c: e8 30 00 call 0x1af >> 17f: be 93 7d mov $0x7d93,%si >> 182: e8 2a 00 call 0x1af >> 185: eb fe jmp 0x185 >> 187: 47 inc %di >> 188: 52 push %dx >> 189: 55 push %bp >> 18a: 42 inc %dx >> 18b: 20 00 and %al,(%bx,%si) >> 18d: 47 inc %di >> 18e: 65 6f outsw %gs:(%si),(%dx) >> 190: 6d insw (%dx),%es:(%di) >> 191: 00 48 61 add %cl,0x61(%bx,%si) >> 194: 72 64 jb 0x1fa >> 196: 20 44 69 and %al,0x69(%si) >> 199: 73 6b jae 0x206 >> 19b: 00 52 65 add %dl,0x65(%bp,%si) >> 19e: 61 popa >> 19f: 64 00 20 add %ah,%fs:(%bx,%si) >> 1a2: 45 inc %bp >> 1a3: 72 72 jb 0x217 >> 1a5: 6f outsw %ds:(%si),(%dx) >> 1a6: 72 00 jb 0x1a8 >> 1a8: bb 01 00 mov $0x1,%bx >> 1ab: b4 0e mov $0xe,%ah >> 1ad: cd 10 int $0x10 >> 1af: ac lods %ds:(%si),%al >> 1b0: 3c 00 cmp $0x0,%al >> 1b2: 75 f4 jne 0x1a8 >> 1b4: c3 ret >> ... >> !!! DATA (NOT CODE) BELOW THISPOINT (AFAIU) !!! >> 1c5: 00 dc add %bl,%ah >> 1c7: 3b dd cmp %bp,%bx >> 1c9: 3b 00 cmp (%bx,%si),%ax >> 1cb: 00 80 20 21 add %al,0x2120(%bx,%si) >> 1cf: 00 07 add %al,(%bx) >> 1d1: fe (bad) >> 1d2: ff (bad) >> 1d3: ff 00 incw (%bx,%si) >> 1d5: 08 00 or %al,(%bx,%si) >> 1d7: 00 00 add %al,(%bx,%si) >> 1d9: 00 00 add %al,(%bx,%si) >> 1db: 0a 00 or (%bx,%si),%al >> 1dd: fe (bad) >> 1de: ff (bad) >> 1df: ff 83 fe ff incw -0x2(%bp,%di) >> 1e3: ff 00 incw (%bx,%si) >> 1e5: 08 00 or %al,(%bx,%si) >> 1e7: 0a 00 or (%bx,%si),%al >> 1e9: 00 38 add %bh,(%bx,%si) >> 1eb: 04 00 add $0x0,%al >> 1ed: fe (bad) >> 1ee: ff (bad) >> 1ef: ff 82 fe ff incw -0x2(%bp,%si) >> 1f3: ff 00 incw (%bx,%si) >> 1f5: 08 38 or %bh,(%bx,%si) >> 1f7: 0e push %cs >> 1f8: 00 e8 add %ch,%al >> 1fa: 17 pop %ss >> ... >> 20b: 00 55 aa add %dl,-0x56(%di) >> >> >> # cat good_mbr.asm >> 0: eb 48 jmp 0x4a >> 2: 90 nop >> ... >> 3b: 00 00 add %al,(%bx,%si) >> 3d: 00 03 add %al,(%bp,%di) >> 3f: 02 ff add %bh,%bh >> 41: 00 00 add %al,(%bx,%si) >> 43: 80 01 00 addb $0x0,(%bx,%di) >> 46: 00 00 add %al,(%bx,%si) >> 48: 00 08 add %cl,(%bx,%si) >> 4a: fa cli >> 4b: eb 07 jmp 0x54 >> 4d: f6 c2 80 test $0x80,%dl >> 50: 75 02 jne 0x54 >> 52: b2 80 mov $0x80,%dl >> 54: ea 59 7c 00 00 ljmp $0x0,$0x7c59 >> 59: 31 c0 xor %ax,%ax >> 5b: 8e d8 mov %ax,%ds >> 5d: 8e d0 mov %ax,%ss >> 5f: bc 00 20 mov $0x2000,%sp >> 62: fb sti >> 63: a0 40 7c mov 0x7c40,%al >> 66: 3c ff cmp $0xff,%al >> 68: 74 02 je 0x6c >> 6a: 88 c2 mov %al,%dl >> 6c: 52 push %dx >> 6d: f6 c2 80 test $0x80,%dl >> 70: 74 54 je 0xc6 >> 72: b4 41 mov $0x41,%ah >> 74: bb aa 55 mov $0x55aa,%bx >> 77: cd 13 int $0x13 >> 79: 5a pop %dx >> 7a: 52 push %dx >> 7b: 72 49 jb 0xc6 >> 7d: 81 fb 55 aa cmp $0xaa55,%bx >> 81: 75 43 jne 0xc6 >> 83: a0 41 7c mov 0x7c41,%al >> 86: 84 c0 test %al,%al >> 88: 75 05 jne 0x8f >> 8a: 83 e1 01 and $0x1,%cx >> 8d: 74 37 je 0xc6 >> 8f: 66 8b 4c 10 mov 0x10(%si),%ecx >> 93: be 05 7c mov $0x7c05,%si >> 96: c6 44 ff 01 movb $0x1,-0x1(%si) >> 9a: 66 8b 1e 44 7c mov 0x7c44,%ebx >> 9f: c7 04 10 00 movw $0x10,(%si) >> a3: c7 44 02 01 00 movw $0x1,0x2(%si) >> a8: 66 89 5c 08 mov %ebx,0x8(%si) >> ac: c7 44 06 00 70 movw $0x7000,0x6(%si) >> b1: 66 31 c0 xor %eax,%eax >> b4: 89 44 04 mov %ax,0x4(%si) >> b7: 66 89 44 0c mov %eax,0xc(%si) >> bb: b4 42 mov $0x42,%ah >> bd: cd 13 int $0x13 >> bf: 72 05 jb 0xc6 >> c1: bb 00 70 mov $0x7000,%bx >> c4: eb 7d jmp 0x143 >> c6: b4 08 mov $0x8,%ah >> c8: cd 13 int $0x13 >> ca: 73 0a jae 0xd6 >> cc: f6 c2 80 test $0x80,%dl >> cf: 0f 84 f0 00 je 0x1c3 >> d3: e9 8d 00 jmp 0x163 >> d6: be 05 7c mov $0x7c05,%si >> d9: c6 44 ff 00 movb $0x0,-0x1(%si) >> dd: 66 31 c0 xor %eax,%eax >> e0: 88 f0 mov %dh,%al >> e2: 40 inc %ax >> e3: 66 89 44 04 mov %eax,0x4(%si) >> e7: 31 d2 xor %dx,%dx >> e9: 88 ca mov %cl,%dl >> eb: c1 e2 02 shl $0x2,%dx >> ee: 88 e8 mov %ch,%al >> f0: 88 f4 mov %dh,%ah >> f2: 40 inc %ax >> f3: 89 44 08 mov %ax,0x8(%si) >> f6: 31 c0 xor %ax,%ax >> f8: 88 d0 mov %dl,%al >> fa: c0 e8 02 shr $0x2,%al >> fd: 66 89 04 mov %eax,(%si) >> 100: 66 a1 44 7c mov 0x7c44,%eax >> 104: 66 31 d2 xor %edx,%edx >> 107: 66 f7 34 divl (%si) >> 10a: 88 54 0a mov %dl,0xa(%si) >> 10d: 66 31 d2 xor %edx,%edx >> 110: 66 f7 74 04 divl 0x4(%si) >> 114: 88 54 0b mov %dl,0xb(%si) >> 117: 89 44 0c mov %ax,0xc(%si) >> 11a: 3b 44 08 cmp 0x8(%si),%ax >> 11d: 7d 3c jge 0x15b >> 11f: 8a 54 0d mov 0xd(%si),%dl >> 122: c0 e2 06 shl $0x6,%dl >> 125: 8a 4c 0a mov 0xa(%si),%cl >> 128: fe c1 inc %cl >> 12a: 08 d1 or %dl,%cl >> 12c: 8a 6c 0c mov 0xc(%si),%ch >> 12f: 5a pop %dx >> 130: 8a 74 0b mov 0xb(%si),%dh >> 133: bb 00 70 mov $0x7000,%bx >> 136: 8e c3 mov %bx,%es >> 138: 31 db xor %bx,%bx >> 13a: b8 01 02 mov $0x201,%ax >> 13d: cd 13 int $0x13 >> 13f: 72 2a jb 0x16b >> 141: 8c c3 mov %es,%bx >> 143: 8e 06 48 7c mov 0x7c48,%es >> 147: 60 pusha >> 148: 1e push %ds >> 149: b9 00 01 mov $0x100,%cx >> 14c: 8e db mov %bx,%ds >> 14e: 31 f6 xor %si,%si >> 150: 31 ff xor %di,%di >> 152: fc cld >> 153: f3 a5 rep movsw %ds:(%si),%es:(%di) >> 155: 1f pop %ds >> 156: 61 popa >> 157: ff 26 42 7c jmp *0x7c42 >> 15b: be 7f 7d mov $0x7d7f,%si >> 15e: e8 40 00 call 0x1a1 >> 161: eb 0e jmp 0x171 >> 163: be 84 7d mov $0x7d84,%si >> 166: e8 38 00 call 0x1a1 >> 169: eb 06 jmp 0x171 >> 16b: be 8e 7d mov $0x7d8e,%si >> 16e: e8 30 00 call 0x1a1 >> 171: be 93 7d mov $0x7d93,%si >> 174: e8 2a 00 call 0x1a1 >> 177: eb fe jmp 0x177 >> 179: 47 inc %di >> 17a: 52 push %dx >> 17b: 55 push %bp >> 17c: 42 inc %dx >> 17d: 20 00 and %al,(%bx,%si) >> 17f: 47 inc %di >> 180: 65 6f outsw %gs:(%si),(%dx) >> 182: 6d insw (%dx),%es:(%di) >> 183: 00 48 61 add %cl,0x61(%bx,%si) >> 186: 72 64 jb 0x1ec >> 188: 20 44 69 and %al,0x69(%si) >> 18b: 73 6b jae 0x1f8 >> 18d: 00 52 65 add %dl,0x65(%bp,%si) >> 190: 61 popa >> 191: 64 00 20 add %ah,%fs:(%bx,%si) >> 194: 45 inc %bp >> 195: 72 72 jb 0x209 >> 197: 6f outsw %ds:(%si),(%dx) >> 198: 72 00 jb 0x19a >> 19a: bb 01 00 mov $0x1,%bx >> 19d: b4 0e mov $0xe,%ah >> 19f: cd 10 int $0x10 >> 1a1: ac lods %ds:(%si),%al >> 1a2: 3c 00 cmp $0x0,%al >> 1a4: 75 f4 jne 0x19a >> 1a6: c3 ret >> ... >> !!! DATA (NOT CODE) BELOW THIS POINT (AFAIU) !!! >> 1bb: 00 00 add %al,(%bx,%si) >> 1bd: 00 24 add %ah,(%si) >> 1bf: 12 0f adc (%bx),%cl >> 1c1: 09 00 or %ax,(%bx,%si) >> 1c3: be bd 7d mov $0x7dbd,%si >> 1c6: 31 c0 xor %ax,%ax >> 1c8: cd 13 int $0x13 >> 1ca: 46 inc %si >> 1cb: 8a 0c mov (%si),%cl >> 1cd: 80 f9 00 cmp $0x0,%cl >> 1d0: 75 0f jne 0x1e1 >> 1d2: be da 7d mov $0x7dda,%si >> 1d5: e8 c9 ff call 0x1a1 >> 1d8: eb 97 jmp 0x171 >> 1da: 46 inc %si >> 1db: 6c insb (%dx),%es:(%di) >> 1dc: 6f outsw %ds:(%si),(%dx) >> 1dd: 70 70 jo 0x24f >> 1df: 79 00 jns 0x1e1 >> 1e1: bb 00 70 mov $0x7000,%bx >> 1e4: b8 01 02 mov $0x201,%ax >> 1e7: b5 00 mov $0x0,%ch >> 1e9: b6 00 mov $0x0,%dh >> 1eb: cd 13 int $0x13 >> 1ed: 72 d7 jb 0x1c6 >> 1ef: b6 01 mov $0x1,%dh >> 1f1: b5 4f mov $0x4f,%ch >> 1f3: e9 e0 fe jmp 0xd6 >> ... >> 1fe: 55 push %bp >> 1ff: aa stos %al,%es:(%di) >> >> Thanks for reading this far!! ;-) >> >> Regards. -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
[toc] | [prev] | [next] | [standalone]
| From | Paul <nospam@needed.com> |
|---|---|
| Date | 2011-07-22 14:52 -0400 |
| Message-ID | <j0cgu1$ncu$1@dont-email.me> |
| In reply to | #833 |
Noob wrote:
> [ Please note that I've added comp.sys.ibm.pc.hardware.storage
> to the list of newsgroups ]
>
> Short version of the rest of original message : the first sector
> had been shifted by 14 bytes. Weird, right?
>
> And the plot thickens. Later that same night, I copied the
> MBR a second time in the live CD environment; and this second
> time, the first 14 bytes of the MBR were ZERO, i.e.
> they had changed !!
>
> Even stranger, the next morning, I booted the PC,
> and the 14-byte offset had disappeared.
>
> I'm starting to think that this might be a hardware problem,
> as both Linux AND the BIOS seem to have had troubles getting
> the MBR consistently. Something else I haven't mentioned:
> when Windows resumes from hibernation, the whole system
> sometime reboots (this started about 2/3 weeks ago), around
> the same time I changed the RAM from 2x512 to 2x1024.
>
> I tested the RAM, no errors after one hour of checking.
> The S.M.A.R.T. counters for the HDD claim the drive is
> "healthy".
>
> However, considering that the drive is inserting random
> garbage around requested data, I'm wondering if this could
> be the drive's controller failing? Would this show up in
> a S.M.A.R.T. diagnostic?
>
> Or am I on the wrong track, and do you see something else
> that might be responsible?
>
> Regards.
>
Why would hardware have such a failure mode ? Doesn't it
seem strange to you ?
This looks "programmatic".
It's unfortunate, that you can't effectively checksum the
BIOS contents. Portions of the BIOS are read only, but the
DMI and ESCD storage areas of the flash chip are not. If you
flash update the BIOS chip, boot your favorite OS just the
once, go back and make an archival copy of the BIOS chip,
the contents won't match. If you carefully examine sections
of the BIOS chip, you'll find most of the chip does not
vary, but sections set aside for hardware inventory information
storage, are changed. That's what I discovered while experimenting.
So generating a checksum or signature for the entire 512KB
chip, doesn't work as an effective mechanism for detecting
tampering or "bit rot".
Would a BIOS problem, carry over into an OS session ? I would
hope not. The BIOS uses an Extended INT 0x13 routine, for
accessing the disk during boot. At some point, the OS will
switch to using its own driver. Between the two of them,
how would you conclude which one is making the mess ?
Your RAM test idea was a good one. But again, what are the
odds a corruption would cause this particular problem ? It
would be much more likely, that any software running on the
corrupt RAM, would just crash, as do something "semi-sane".
*******
There are some games you can play with the two RAM sticks -
If you have a dual channel motherboard, with four slots, and
you own two sticks of RAM, you can make
1) Dual channel config, one stick per channel, for performance.
2) When strangeness is present in the system, switch over to using
a single stick.
3) Remove the stick and try your test cases again with the other
stick. The purpose of this, is to see if a "low memory location"
on one of the sticks, is causing the problem. *No* memory test
program, can test BIOS reserved memory locations. And the memory
test done by the BIOS itself, is pathetic (it missed a dead chip
on one of my motherboards). The solution to that, is clever
placement of the sticks.
4) Now, you can also use single channel mode to advantage.
Place both sticks on the same channel. One slot will then provide
the "low memory", the other stick the "high memory", as single
channel mode does no interleaving of memory locations.
5) Using the config in (4), swap the sticks with each other. Now
the stick that was providing the "high" locations, becomes the
"low" stick.
Using a few ideas like that, you can eventually get full test
coverage of both sticks. It takes two sticks minimum to get
that kind of coverage. (Memtest86+ will completely test the
"high" stick, when in two stick, single channel mode.)
This idea came to mind, when I had a RAM failure on my three slot
dual channel Nforce2 motherboard. The bad stick, when in
interleaved (dual channel, performance mode), prevented the
PC from starting. Once I started trying single channel
configurations, and swapped the sticks, then I could at least
run memtest86+ and have it tell me an entire memory chip
on one DIMM, was completely dead (Crucial Ballistix RAM).
*******
The disk controller, likes to deal in 512 byte (or recently 4KB)
chunks. Getting the hardware to offset things by 14, doesn't
really fit into the normal orientation of the operations.
If you run the disk manufacturer diagnostic, it will include
a test to check the cache RAM on the disk itself. You might
not get good test coverage otherwise (hard to say whether
SMART covers this in any depth on its own).
One problem with the manufacturer provided, downloadable
diagnostics, is they don't run on all hardware. I think
they don't run on my current PC for example. Which means,
I'll have to scramble to find a working test setup. It'll
mean moving the disks to another machine, for me.
Paul
[toc] | [prev] | [next] | [standalone]
| From | The Natural Philosopher <tnp@invalid.invalid> |
|---|---|
| Date | 2011-07-23 02:23 +0100 |
| Message-ID | <j0d7rb$cot$1@news.albasani.net> |
| In reply to | #842 |
Paul wrote: > Noob wrote: >> [ Please note that I've added comp.sys.ibm.pc.hardware.storage >> to the list of newsgroups ] >> >> Short version of the rest of original message : the first sector >> had been shifted by 14 bytes. Weird, right? >> >> And the plot thickens. Later that same night, I copied the >> MBR a second time in the live CD environment; and this second >> time, the first 14 bytes of the MBR were ZERO, i.e. >> they had changed !! >> >> Even stranger, the next morning, I booted the PC, >> and the 14-byte offset had disappeared. >> >> I'm starting to think that this might be a hardware problem, >> as both Linux AND the BIOS seem to have had troubles getting >> the MBR consistently. Something else I haven't mentioned: >> when Windows resumes from hibernation, the whole system >> sometime reboots (this started about 2/3 weeks ago), around >> the same time I changed the RAM from 2x512 to 2x1024. >> >> I tested the RAM, no errors after one hour of checking. >> The S.M.A.R.T. counters for the HDD claim the drive is >> "healthy". >> >> However, considering that the drive is inserting random >> garbage around requested data, I'm wondering if this could >> be the drive's controller failing? Would this show up in >> a S.M.A.R.T. diagnostic? >> >> Or am I on the wrong track, and do you see something else >> that might be responsible? >> >> Regards. >> > > Why would hardware have such a failure mode ? Doesn't it > seem strange to you ? Nope. Couple of corrupted bits on an address can easily shift everything 14 bytes.. It is in fact FD in hex ..so a bus collisions that sets the whole lot to FF except the second to last bit..when it should be all 0's...
[toc] | [prev] | [next] | [standalone]
Page 1 of 3 [1] 2 3 Next page →
Back to top | Article view | comp.os.linux.setup
csiph-web