[sf-lug] save the mbr!
jim at well.com
Sun Feb 25 10:26:20 PST 2007
Thanks Jason and Adrien and Catherine.
"More info on this disassembler - called Biew
(for "binary view") - is at
JS: I guess I'm gonna download this and try it out
JS: I re-perused the gdb man page--sure enough
it's designed as a filter. i piped my file in
# cat mbr | gdb
(gdb) Hangup detected on fd 0
error detected on stdin
the man page doesn't mention "machine" or "object"
code or "disassembling" or other such.
I read the file in as an argument on the command line
File format not recognized.
per guesswork i made a copy and removed the first
0x48 bytes, read it in again, same results.
this thread could end up generating a discussion
JS: (omigod!) looking things up on Red Hat's site is
often painful, at least has been for me. This will be
plan X or Y, i think, to be used after exhausting other
On Feb 24, 2007, at 7:46 PM, Adrien Lamothe wrote:
> It's too bad Red Hat didn't do anything with Code Fusion, which they
> got when they acquired Cygnus Solutions. Code Fusion had a special
> version of gdb, integrated into the Code Fusion GUI. Code Fusion was
> the closest thing to Borland style tools. If you hunt around the Red
> Hat site, you may be able to still find the source code for Code
> Fusion, I believe they had it there at some point.
> Jason Turner <jturner at nonzerosums.org> wrote:
>> Well, let me say ahead of time... no bonus points for me. But I only
>> chime in here because, selfishly, I'm curious if anyone out there
>> recommend a particularly good interface(gui) to gdb. Which is my first
>> answer to your question about a disassembler. Now, I'm primarily an
>> emacs+gdb guy when playing with code on Linux. But I have to admit
>> never been as effective with that tool when debugging source(much less
>> object) code than when I used Symantec or Borland tools on Windoze.
>> So, I know gdb inside emacs is not an option for you, VI guy. Have you
>> tried to dump the code into gdb on the command line and seen anything
>> helpful? I just dunno ahead of time if that would pass all your
>> stipulations. But it's cheap to try, no?
>> jim stockford wrote:
>> > last meeting catherine suggested backing up the
>> > master boot record.
>> > i did it.
>> > Here's the story:
>> > as root in a terminal window using the bash shell:
>> > # dd if=/dev/hda of=./mbr bs=512 count=1
>> > i used the dd command
>> > if is the input source. i think /dev/hda represents the
>> > entire primary master hard drive starting at byte zero
>> > of sector zero of track zero of side zero, in other words
>> > the master boot record area.
>> > of is the output, ./mbr (in the current directory, a file
>> > with a name i made up -- mbr)
>> > bs is the number of bytes to read at a time, 512, which
>> > i know is the number of bytes in the master boot record.
>> > count is the number of blocks to transfer from if to of
>> > Non Geeks might want to stop here--this is how you
>> > get a backup of your system's master boot record,
>> > IF your machine is using IDE hard disks.
>> > the following is idle idiocy i find interesting with a
>> > request at bottom for a "real good" disassembler.
>> > # ls -l mbr
>> > -rw--r--r 1 root root 512 Feb 23 19:44 mbr
>> > the ls command shows ./mbr has 512 bytes in it
>> > # file ./mbr
>> > mbr: x86 boot sector, code offset 0x48
>> > hmmm, i don't know what "code offset" means,
>> > 0x48 is hexadecimal for 72 and i'm guessing
>> > this file has machine code that starts on byte
>> > 0x48.
>> > # od -h ./mbr > ./mbr.od
>> > od the od -h command reads the .mbr file and
>> > outputs hexadecimal to a new file named ./mbr.od
>> > (which is 1544 bytes)
>> > # strings ./mbr > ./mbr.strings
>> > strings the strings command outputs any ASCII
>> > sequences that are in the ./mbr file to a new file
>> > that I've named ./mbr.strings (which is 48 bytes).
>> > The contents are
>> > LILO
>> > ZREfI
>> > D|f1
>> > GRUB
>> > Geom
>> > Hard Disk
>> > Read
>> > Error
>> > Well, to me that seems like the kind of strings that
>> > ought to be in the master boot record.
>> > # vi ./mbr
>> > well, it looks like martian, all right.
>> > okay, i know i'm a maniac, but hey! the vi editor
>> > can edit anything.
>> > # vi -b ./mbr
>> > this looks a little better, but only a little (the -b
>> > option tells vi it's working with a "binary" file).
>> > # dis
>> > -bash: dis: command not found
>> > damn! the dis command was on ATT sysVreviii
>> > where's a disassembler when you need one? <-- geek question
>> > there are lots, but which is real good? <-- bonus geek question
>> > for me, "real good" is probably "real stupid" in that it will not
>> > fail on any input for any reason, does not expect ELF or other
>> > header data, just takes a byte stream and generates mnemonics
>> > for any machine code it finds; i've got 32-bit iAPX86 stuff.
>> > ever hopefully,
>> > jim
>> > _______________________________________________
>> > sf-lug mailing list
>> > sf-lug at linuxmafia.com
>> > http://linuxmafia.com/mailman/listinfo/sf-lug
>> sf-lug mailing list
>> sf-lug at linuxmafia.com
> TV dinner still cooling?
> Check out "Tonight's Picks" on Yahoo!
> sf-lug mailing list
> sf-lug at linuxmafia.com
More information about the sf-lug