Mandrake to the Rescue
 |
In comp.os.linux.advocacy, NoStop wrote on Sun, 22 Jan 2006 18:15:26 -0800
The symptoms are consistent with a blown parbreastion table; presumably, something decided to get cute with the bootblock. Whether that something is a nasty virus or merely a Windows installation attempt or program gone horribly awry, I for one cannot say; fiddling with a *secondary* drive's bootblock is a little weird. But then, the BIOS system calls can just as easily write over drive 0x81 (the first IDE secondary) as over 0x80 (primary), if a piece of software gets slightly confused for some reason. And if one is running Win9x there's no protection against any program doing that. Since he's running WinXP, though, I don't know; you haven't said whether your friend set up his system with some sort of proper Administration-user dichotomy or simply said "here, run".
JeffRelf That's impossible to say because (1) the standard defining the language requires money to...
Hi PeterJensen, I said the order of the exectuion of parameters should be predictable and, likewise, given: int I = a() + b(); a() should Always be executed first... but isn't always...
The primary parbreastion table is at offset +0x1BE in the first logical sector. It identifies only the four primary parbreastions, of course. The extended parbreastioning is identified here as a single big parbreastion, and I don't know the details on how the extended parbreastioning is formatted therein, though I suspect the first sectors of each subparbreastion could be used as FAT generally ignores the first two sectors anyway.
A dump of the relevant sector on my Linux system does indeed suggest that there's a bootblock with no code in there, complete with something that's in the right place, at octal offset 0676 = 0x1BE, for all parbreastions, according to 'od'. There's even a signature code at 0x1FE as well; the last two bytes are 0x55 0xaa.
The interesting thing is that for a parbreastion defined in the primary table the relevant block is completely empty for one of my primary parbreastions, and for the swap parbreastion it's garbage. No doubt swap is actually using it... :-)
JeffRelf, A Individual.NET, X, 23, 2.7 A . Oops... as usual, I found bugs after I posted code. Trim() wasn't...
dev-hda4 is even more interesting. I'm not sure *what* I'm looking at there, though Linux is only allowing me to dump 1024 bytes (2000 octal); no doubt Linux has picked up the fact that this is an extended parbreastion and therefore the length is generally meaningless to everyone except it (anyone who needs the data can simply readdev-hda5,dev-hda6, etc.). The first 512 bytes, though, do have some sort of parbreastion table-bootblock signature, complete with tailing 0x55 0xaa.
No doubt gpart looked for some sort of fat32 signature; a FAT12 or FAT16 is generally bootsector, bootsector+1, FAT table#1, FAT table #2, root directory area, data area -- but I don't know if FAT32 changed anything radically in its data organization.
I don't have gpart installed (though it is available in my Gentoo portage tree) so can't go much further here. I'm guessing that gpart buttumes the parbreastion table is blasted and plays "scan the disk", though.
Time to browse the source code, perhaps? At least with Linux, I can... :-)
(It gets weirder on other systems. On my Sparc, for instance, the parbreastion format requires that the third parbreastion reference the entire disk for some reason.)
snips On Mon, 23 Jan 2006 09:51:40 -0500, mlw Incorrect. Most - very likely all - C++ compilers add buttorted extensions which have absolutely nothing whatsoever to do with C...
-- It's still legal to go .sigless.