Hands on the Master Boot Record (MBR) & Images with dd

Clearing out --Danger, Will Robinson!

By Ben Okopni

download master_boot_record.zip (7 Kb)


Experimentation is fun. After all, one of the things that makes Linux so interesting to a number of people is the ability to twiddle settings and see what happens - I'll admit that it's a major factor for me. One of the problems with that, though, is that some types of twiddling can lead to serious problems. A bit like sawing off the branch you're sitting on, in fact...

A number of people write to the Answer Gang with a query that goes something like this:

"Dear TAG: I have a stick of dynamite strapped to the CPU, and I'm not afraid to use it. Now that I have your undivided attention: I ran into a problem while trying to reinstall..."

What it turns out to be - after the police, the fire department, and the burly men in the white coats have come and gone - is that they've run into the classic "fried MBR" problem: install Linux, realize that Windows will screw up the boot record, delete the Linux partition, try to install Windows first... OOPS. The Windows setup runs into a problem and stops.

The reason for all of the above is that they forgot to uninstall LILO, which would have written out the original MBR; as it is, the boot code in the MBR is trying to pass control to the Linux kernel - and that's no longer there.

Nothing helps. The undocumented "fdisk/mbr" option that is supposed to write a clean Master Boot Record seems to have no effect; "fdisk" in interactive mode refuses to delete the "Non-DOS" partition; even the detonator fails to explode. What to do, what to do...

By the way, a factor in the first two problems might be the Windows "lock" command - by default, 'raw writes' to disk are disallowed, and "lock c:" 'locks' the drive to allow writing to it. (For the last problem, stick to the bridge-wire type detonators from Dynamit Nobel, and store them
properly. :)
 

    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
    Note: The following advice will completely wipe your Master Boot Record,
    which contains all your partition information. DO NOT DO THIS unless you
    know that this is exactly the result you want - it will leave your HD in
    an unbootable state, in effect bringing it back to "factory-fresh", i.e.,
    empty of data and requiring partitioning and formatting.
    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
 

Linux-based solution

If you can still somehow fire up Linux - say, via Tom's Root-Boot floppy - you can simply invoke "dd", like so:

dd if=/dev/zero of=/dev/hda bs=512 count=1

Yep, that's it. That MBR is gone. Obviously, you have to be root to do this.
 

DOS-based solution

Boot with a DOS floppy that has "debug" on it; run "debug". At the '-' prompt, "block-fill" a 512-byte chunk of memory with zeroes:

f 9000:0 200 0

Start assembly mode with the 'a' command, and enter the following code:

mov dx,9000
mov es,dx
xor bx,bx
mov cx,0001
mov dx,0080
mov ax,0301
int 13
int 20

Press <Enter> to exit assembly mode, take a deep breath - and press "g" to execute, then "q" to quit "debug". Your HD is now in a virgin state, and ready for partitioning and installation.

Obviously, you have to be root... oh, oops. Anybody that walks up with a DOS floppy can do this to your system in about a minute, including boot time. Let's see; where was that article about securing your box, again?...

References

The "dd" man page.

DOS-based fix: Original idea and code by Mark Minasi, used for clearing infected/damaged MBRs in a course of his that I used to teach; all code/command modifications mine.

 


Copyright 2001, Ben Okopnik.
Copying license http://www.linuxgazette.com/copying.html
Published in Issue 63 of Linux Gazette, Mid-February (EXTRA) 2001

Backing up and restoring

By wilhelm.moser@demos.at

Part of this document is based on informations from rwcooper@mb.sympatico.ca
at http://www.aplawrence.com/Bofcusm/481.html

I have noticed a lot of questions regarding recovering lost / damaged Master Boot Records (MBR) lately. So I thought it was about time to repost this.

You should make a backup copy of your MBR on a bootable floppy disk before installing Linux and then again after installing Linux.
 

DOS

I can suggest two ways that you can back up the Master Boot Record (MBR) on an IDE drive under Windows and DOS.

1. Use the Norton Utilities.

2. Use Debug, as found in DOS, it is also available from the DOS prompt
   in Windows/95 so I assume it is also available in Windows/98.

   Enter the following commands to save the MBR on the C drive, ignore  the text after the '<=' on each line as it is only a              comment:

DEBUG MBR.DAT   Ignore the FILE NOT FOUND message
A   Assemble a program
MOV DX,9000   Use segment 9000
MOV ES,DX   Setup the segment register
XOR BX,BX   Clear BX to zero
MOV CX,0001   Start at track 00 sector 01, the MBR
MOV DX,0080   80=C:, 81=D:, 00=A:, 01=B:
MOV AX,0201   Read 1 sector, 02=read
INT 13   BIOS disk i/o call
INT 20   Return to o/s
    Press the return key to end program entry
G   Execute the program
R CX   Display the value of CX
:200   Change the value of CX to decimal 512, size of MBR
W 9000:00   Write the sector stored at address 9000 to MBR.DAT
Q   exit DEBUG



If you examine the contents of MBR.DAT using a disk file editor the last 2 bytes must be AA55. At this point you should copy the MBR to a bootable floppy along with DEBUG.EXE

This technique may be used to recover the MBR as well, assuming you can boot from another device (say a floppy with DEBUG.EXE on it).

Enter the following commands to restore the MBR on the C drive, ignore the text after the '<=' on each line as it is only a comment:

DEBUG MBR.DAT   The file containing the desired MBR,
if you get a FILE NOT FOUND message type Q immediately! If you continue you will write garbage over the MBR.
L 9000:00 Load the MBR into memory at this address
A Assemble a program
MOV DX,9000 The segment address containing the MBR
MOV ES,DX Setup the segment address
XOR BX,BX
MOV CX,0001 Track 00, sector 01
MOV DX,0080 80=C:
MOV AX,0301 Write one sector, 03=write
 INT 13
INT 20
Press the enter key to stop program entry
G Execute the program
Q Exit DEBUG


The MBR should now be restored to the C drive, making it bootable. For more information on this technique for saving and restoring an MBR  refer you the book 'The Complete PC Upgrade and Maintenance Guide' by Mark Minasi, published by Sybex.

 

Linux

Once you have Linux running you can save the boot record with the command:

  dd if=/dev/hda of=/boot/boot.MBR bs=512 count=1

It can then be restored with:

  dd if=/boot/boot.MBR of=/dev/hda bs=512 count=1

or if you do not want/need to overwrite the partition table with:

  dd if=/boot/boot.MBR of=/dev/hda bs=446 count=1

as the partition table is kept in the last 66 bytes of the MBR.

DISCLAIMER:
Although I have double checked the above, I cannot be held responsible for any errors. I suggest you try it on a bootable floppy  disk before using it on a hard drive. If it does not work on a floppy disk let me know.

BTW: I find it easier to boot Linux from a floppy disk or CD-ROM than to recover an MBR from DOS. The Slackware 3.5 (or greater) CD-ROM makes a good rescue disk if you have a bios that supports bootable CDs.

 

Shell script to ease the i/o of the MBR

#!/bin/sh

case $1 in
    --read)
        dd if=/dev/hda of=hda.mbr bs=512 count=1
        ;;
    --write)
        dd if=hda.mbr of=/dev/hda bs=512 count=1
        ;;
    *)
        echo "usage: MasterBootRecord.sh [ --read | -write ]"
        ;;
esac
exit 0

(Please do not copy and paste this text - it might fail - just type in the few lines..)

 

Images with dd

from http://www.unixboard.de/vb3/archive/index.php/t-4320.html

Ich hab das folgendermassen gemacht (nochmals mit allen Schritten wenn mich jemand nachahmen moechte ;))

1. Ich habe WinXP installiert und defrag laufen lassen

2. Mit Knoppix gebootet und NTFS Disk verkleinert (2 Partitionen gemacht) mit qtparted (ist dabei).

3. 2te Partition (hda2) mit ext2 formatiert (Nicht fat32 nehmen! Unterstuetzt nur 2gb Files und das WinXP-Image wird bei ner unoptimierten Rohinstallation ~3gb), ebenfalls mit qtparted.

4. WindowsXP Partition (hda1) gemountet und mit "df -k" gebrauchter Festplattenplatz festgestellt.

5. Partition wieder ungemountet und mit:
dd if=/dev/hda1 of=/mnt/hda2/winxp.img bs=1024 count=<festgestellte kb's mittels df -k>
Das Image erstellt (~20-30min's bei mir). Ohne count Parameter haette er wahrscheinlich die gesamte Partition (mit dem ganzen freien Space) zu nem (in meinem Falle) 35gb Image gemacht.

6. Windows gebootet und gecheckt ob alles noch i.O. ist.

7. Wieder Knoppix gebootet und testweise das Image auf die Parition gespitzt:
umount /mnt/hda1
dd if=/mnt/hda2/winxp.img of=/dev/hda1

8. Rebooten, anschliessend checkt Windows noch das Filesystem (k.A. von Windows, Kollege meinte Win hat das Pagefile neu gebaut) und checken ob alles laeuft.

Bei mir hats so funktioniert! Ich muss mal schauen ob ich auch wirklich noch alle Daten habe, das Image ist uebrigens ein bisschen groesser als mit "count" angegeben.

Noch etwas: Bei mir war die aktuelle Installation natuerlich gleichgross wie das Image da ich nichts dazuinstalliert habe (Zeitdruck). Beim wirklichen manuellen "rebuild" sollte man die Partition zuerst mit NTFS formatieren (nicht nur nullen wegen den Superblock-Backups) und anschliessend das Image draufspielen.

 

 

[ top ]