Mailinglist Archive: opensuse (770 mails)

< Previous Next >
Re: [opensuse] Partition Recovery? Is it even missing to begin with or just shifted?

[... still up ...]

@DCR: thought of some important points, see PS!

On Sat, 11 Aug 2012, Carlos E. R. wrote:
On 2012-08-11 05:50, David Haller wrote:
I would erase it, then readd it, using fdisk, starting at 1 and ending at
62. Type I don't
know, fat or ntfs. I think it may be a Windows boot partition.

Naaah. Those are a _LOT_ bigger than 31kB.

Where do you get that 31kb figure from? 63 blocks is a lot more than that.

Sectors, Carlos, sectors! And AFAIK virtually _all_ HDD and SSDs still
work with 512 Byte sectors externally, even if they use 4k sectors
internally. So, sector 0 is the MBR, sector 63 is the start of the
first partition (at least in dcr's traditional case, nowadays, one
tends to format on 1M or at least 4k boundaries, e.g.[0]). That leaves
us sectors 1-62, each 512 B in size "unused", which is how I came up
with the 31kB.

And mind you: if there is space available (as is after the MBR, that
31k, but not, say, on a ext2 /-partition, there's only 1 unused
sector, ext* starts at sector 2 of that partition), GRUB (and lilo) do
install partly into that space. In dcr's case GRUB uses at least the
space up to offset 0x274F, probably up to 0x27CF of the disk for its
"stage1.5". Which translates to GRUB using ~18 sectors of space after
the MBR, or sectors 1-19 inclusive, with the reiserfs "driver" taking
up the last used sectors. See

od -tx1z -Ax dcr-sda-0.img |less

that dcr "mistakenly" sent to the ML instead of in a tarball via PM
just to me ;) I hope the list can handle the traffic impact.

And many other bootmanagers (used to) also use the unused space after
the MBR. And some drainbamaged "dongling" stuff, much fun ensues if
you need more than one of those that try to do that (I never did :).

-dnh, you need more coffee? I'm up 24hrs and drained a number of
beers, and I _still_ can remember and write about stuff like this
somewhat coherently? Gah!! What's that say about me ... *sigh* ;)
Well, that stuff _did_ stick in my memory :) Anyway, you know,
read with a grain of .., ahhm, pounds of salt ... No, I will not
"analyze" dcr's images "today" or give any advice but "wait for me
to have slept"... (which should be some time on Sunday, UTC). Oh,
but I do have something for dcr:

PS@dcr: please run a antivirus check (total<something> online?) on
that dcr-sda-0.img file[1]. There _is_ some code in sector 29
which looks fishy to me at a first glance. And as that partition
is active and ISTR there are some "trojans"/"viruses" about that
"kidnap" your disk by encrypting it, and a normal Winders MBR
would just boot that fishy partition... "You" might've been *very*
lucky to have Grub and not a normal DOS bootcode in your MBR ...

Anyway: *DO NOT* boot from that "bogus" active partition or
Winders until we've found out what's up. Oh, I guess it'd be safe
to set the linux partition as "active" (or at least deactivate the
bogus one) using fdisk (just toggle the "active" flag) or whatever
from a linux system (rescue or whatever). That should help you not
booting accidently from that fishy partition.

*blebb* *burp* *yawn* .oO( need sleep ) *grins inanely*

[0] # fdisk -l /dev/sda
/dev/sda1 2048 109053951 54525952 83 Linux
/dev/sda2 109053952 218105855 54525952 83 Linux

[1] I will too, "tomorrow", once I'm up and awake again.

If you want me, I'll be under my desk in a foetal position, whimpering,
and occasionally gently cursing. -- D. C. Staples
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >