[sf-lug] save the mbr!
Jason Turner
jturner at nonzerosums.org
Sat Feb 24 19:05:21 PST 2007
Ahh, someone is just getting real curious... :-D
Well, let me say ahead of time... no bonus points for me. But I only
chime in here because, selfishly, I'm curious if anyone out there would
recommend a particularly good interface(gui) to gdb. Which is my first
answer to your question about a disassembler. Now, I'm primarily an
emacs+gdb guy when playing with code on Linux. But I have to admit I've
never been as effective with that tool when debugging source(much less
object) code than when I used Symantec or Borland tools on Windoze.
So, I know gdb inside emacs is not an option for you, VI guy. Have you
tried to dump the code into gdb on the command line and seen anything
helpful? I just dunno ahead of time if that would pass all your
stipulations. But it's cheap to try, no?
--
jt
jim stockford wrote:
> <GEEK_ALERT: this will be kind of weird for most people>
> <GEEK_QUESTION: at end of this message, need disassembler>
>
> last meeting catherine suggested backing up the
> master boot record.
> i did it.
>
> Here's the story:
> as root in a terminal window using the bash shell:
>
> # dd if=/dev/hda of=./mbr bs=512 count=1
> i used the dd command
> if is the input source. i think /dev/hda represents the
> entire primary master hard drive starting at byte zero
> of sector zero of track zero of side zero, in other words
> the master boot record area.
> of is the output, ./mbr (in the current directory, a file
> with a name i made up -- mbr)
> bs is the number of bytes to read at a time, 512, which
> i know is the number of bytes in the master boot record.
> count is the number of blocks to transfer from if to of
>
> Non Geeks might want to stop here--this is how you
> get a backup of your system's master boot record,
> IF your machine is using IDE hard disks.
>
>
> the following is idle idiocy i find interesting with a
> request at bottom for a "real good" disassembler.
>
> # ls -l mbr
> -rw--r--r 1 root root 512 Feb 23 19:44 mbr
> the ls command shows ./mbr has 512 bytes in it
>
> # file ./mbr
> mbr: x86 boot sector, code offset 0x48
> hmmm, i don't know what "code offset" means,
> 0x48 is hexadecimal for 72 and i'm guessing
> this file has machine code that starts on byte
> 0x48.
>
> # od -h ./mbr > ./mbr.od
> od the od -h command reads the .mbr file and
> outputs hexadecimal to a new file named ./mbr.od
> (which is 1544 bytes)
>
> # strings ./mbr > ./mbr.strings
> strings the strings command outputs any ASCII
> sequences that are in the ./mbr file to a new file
> that I've named ./mbr.strings (which is 48 bytes).
> The contents are
> LILO
> ZREfI
> D|f1
> GRUB
> Geom
> Hard Disk
> Read
> Error
> Well, to me that seems like the kind of strings that
> ought to be in the master boot record.
>
> # vi ./mbr
> well, it looks like martian, all right.
> okay, i know i'm a maniac, but hey! the vi editor
> can edit anything.
>
> # vi -b ./mbr
> this looks a little better, but only a little (the -b
> option tells vi it's working with a "binary" file).
>
> # dis
> -bash: dis: command not found
> damn! the dis command was on ATT sysVreviii
> where's a disassembler when you need one? <-- geek question
> there are lots, but which is real good? <-- bonus geek question
> for me, "real good" is probably "real stupid" in that it will not
> fail on any input for any reason, does not expect ELF or other
> header data, just takes a byte stream and generates mnemonics
> for any machine code it finds; i've got 32-bit iAPX86 stuff.
>
> ever hopefully,
> jim
>
>
> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug
>
More information about the sf-lug
mailing list