[sf-lug] save the mbr!
jim stockford
jim at well.com
Fri Feb 23 20:40:35 PST 2007
<GEEK_ALERT: this will be kind of weird for most people>
<GEEK_QUESTION: at end of this message, need disassembler>
last meeting catherine suggested backing up the
master boot record.
i did it.
Here's the story:
as root in a terminal window using the bash shell:
# dd if=/dev/hda of=./mbr bs=512 count=1
i used the dd command
if is the input source. i think /dev/hda represents the
entire primary master hard drive starting at byte zero
of sector zero of track zero of side zero, in other words
the master boot record area.
of is the output, ./mbr (in the current directory, a file
with a name i made up -- mbr)
bs is the number of bytes to read at a time, 512, which
i know is the number of bytes in the master boot record.
count is the number of blocks to transfer from if to of
Non Geeks might want to stop here--this is how you
get a backup of your system's master boot record,
IF your machine is using IDE hard disks.
the following is idle idiocy i find interesting with a
request at bottom for a "real good" disassembler.
# ls -l mbr
-rw--r--r 1 root root 512 Feb 23 19:44 mbr
the ls command shows ./mbr has 512 bytes in it
# file ./mbr
mbr: x86 boot sector, code offset 0x48
hmmm, i don't know what "code offset" means,
0x48 is hexadecimal for 72 and i'm guessing
this file has machine code that starts on byte
0x48.
# od -h ./mbr > ./mbr.od
od the od -h command reads the .mbr file and
outputs hexadecimal to a new file named ./mbr.od
(which is 1544 bytes)
# strings ./mbr > ./mbr.strings
strings the strings command outputs any ASCII
sequences that are in the ./mbr file to a new file
that I've named ./mbr.strings (which is 48 bytes).
The contents are
LILO
ZREfI
D|f1
GRUB
Geom
Hard Disk
Read
Error
Well, to me that seems like the kind of strings that
ought to be in the master boot record.
# vi ./mbr
well, it looks like martian, all right.
okay, i know i'm a maniac, but hey! the vi editor
can edit anything.
# vi -b ./mbr
this looks a little better, but only a little (the -b
option tells vi it's working with a "binary" file).
# dis
-bash: dis: command not found
damn! the dis command was on ATT sysVreviii
where's a disassembler when you need one? <-- geek question
there are lots, but which is real good? <-- bonus geek question
for me, "real good" is probably "real stupid" in that it will not
fail on any input for any reason, does not expect ELF or other
header data, just takes a byte stream and generates mnemonics
for any machine code it finds; i've got 32-bit iAPX86 stuff.
ever hopefully,
jim
More information about the sf-lug
mailing list