Re: How to backup the MBR?
From: *Vanguard* (no-email_at_reply-to-newsgroup.invalid)
Date: 05/21/04
- Next message: Kelly: "Re: Taskbar"
- Previous message: Kelly: "Re: Send To"
- In reply to: I'm Dan: "Re: How to backup the MBR?"
- Next in thread: Steve N.: "Re: How to backup the MBR?"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 21 May 2004 02:26:40 -0500
I'm Dan said in news:ukZ1QNvPEHA.2128@TK2MSFTNGP11.phx.gbl:
> "*Vanguard*" <no-email@reply-to-newsgroup.invalid> wrote:
>> Their MBRutil lets you save the 512 bytes of the MBR or the
>> "first head (which I think means to save track 0 under the first
>> head since the saved file was 32K big, or 63 sectors and there
>> are 63 sectors per track or head). Why would I want to be
>> saving all of track/head zero?
>
> Sector 0 includes the standard MBR boot code (roughly 440 bytes, give
> or take), the DiskID (4 bytes), and the master partition table (64
> bytes). The danger of backing up the entire 512 bytes of sector 0 is
> that it includes the partition table. If the partition table has
> changed since the backup was made, or if you are trying to restore
> your system onto a new hard disk whose parameters are different from
> the original, this might cause problems. Fixmbr is a convenient way
> to restore the standard MBR boot code, without touching the DiskID or
> partition table. Fdisk /mbr is a convenient way to restore the
> standard code portion and clear the DiskID, without touching the
> partition table.
>
> The rest of track 0 -- sectors 1-63 in a normal system -- are normally
> unused and lie outside the boundaries of any partition. However, if
> you've replaced the standard MBR with a third-party boot manager or
> the special encryption software you were talking about earlier, it is
> possible those utilities may use those unused sectors on track 0 to
> store their own code and/or data. There are also some rogue programs
> that try to hide some of their own data in those sectors, such as we
> saw with Turbotax's "product activation" fiasco a yr and a half ago.
> In such cases you would want to backup all of track 0 (but beware the
> caveat about the partition table) because just backing up the MBR
> would be incomplete. (BTW, Terabyte's mbrwork.exe, which I mentioned
> earlier, calls these sectors the "extended MBR", or EMBR area.)
Of the programs that I've seen use the bootstrap code area in the MBR,
they include: standard bootstrap program (but there seem to be more than
one "standard" program), boot managers, GoBack, drive overlay managers,
security products, anti-piracy software, and there's probably some that
I've forgotten about at the moment. I also found out after posting my
query that some boot managers will also use the remainder of track 0 for
running the rest of their program or to handle more than the 4
partitions allowed in the partition table. I also recall reading about
CDilla hiding in those other unused sectors in track 0.
The problem that I've seen is when a boot sector virus moves the
partition table. Using FIXMBR or FDISK /MBR will replace the bootstrap
code but does nothing to ensure the partition table is where it is
expected to be. The virus moved the partition table and knows where it
moved it to but the standard bootstrap program won't know the partition
table got moved. So you really do need to replace the partition table
along with the bootstrap code. I recall reading about a utility that
would rebuild the partition table in its standard location in the MBR by
hunting down where all the partitions were. MBRwork's readme.txt file
notes its option:
A - If no partitions exist in the MBR and no EMBR exists then this
option will allow you to recover lost FAT, HPFS, NTFS, and Extened
partitions.
That might work. The option:
1 - Backup the first track on a hard drive.
doesn't let me save just sector 0 but instead all of the first track.
But, as you mention, if the partitions have changed since the first
track save then you do not want to restore that save with its now
invalid partition table. So it seems you are forced to use the option:
C - Capture up to 64 disk sectors to a file.
which would supposedly let you save just sector 0, but that would still
include the partition table. So I still have no means of backing up and
restoring *just* the bootstrap code. If I could, then I would the
following options in the order shown:
4 - Reset the MBR are to all zeros.
3 - Reset the EMBR area to all zeros. (optional)
A - If no partitions exist ... recover lost ... partitions.
Restore only the *original* bootstrap code (unfortunately not an
option).
MBRwork does have the option to restore the standard bootstrap code but
that may not be the original bootstap code. So basically, yes, the MBR
backup will include the partition table. Option A won't work if the
partition table does exist (in its standard offset). I really don't
want to get into using a disk editor. So, for now, I'll have my disk
images for disaster recovery and be able to use the MBR backup only if
the partitions haven't change since the MBR backup was created. Or, put
another way, I'll have to remember to make another MBR backup after
every partition change. Doesn't look like I can get exactly what I want
but I can get close enough.
-- ____________________________________________________________ *** Post replies to newsgroup. Share with others. *** Email: domain = ".com" and append "=NEWS=" to Subject. ____________________________________________________________
- Next message: Kelly: "Re: Taskbar"
- Previous message: Kelly: "Re: Send To"
- In reply to: I'm Dan: "Re: How to backup the MBR?"
- Next in thread: Steve N.: "Re: How to backup the MBR?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
