I. MBR Structure Analysis
First, we will introduce the basic knowledge of MBR and then dry the image analysis. MBR is divided into three major blocks:
1. Load the boot program (446 K)
2. Partition Table (64 k)
3. Marker (2 k)
Load the boot program:The content is different from the name of a machine, that is, it stores the boot program. Currently, the main Boot programs are LILO (LInux LOader) and gnu grub (GRand uniied Boot loader ).
Partition Table:It records the information of four 16 K primary partitions, which will be described in detail below.
Indicates the lowest bit:Indicates that the MBR ends, usually 0xaa55. If not, it indicates that the previous content is illegal.
Then run the following command to check the MBR content:
# Dd if =/dev/sdk B bs = 512 count = 1 | hexdump-C
VcHLttTTpsO/uPbH + kernel/kernel + t9bH + kernel + veHK + kernel + Cgo8cD7TydPat9bH + kernel + ckernel vcd4kpha + yc/ encrypt/decrypt + M6qwP3X06GjsqLH0s6qw7 + encrypt/Co7o8L3A + trim = "1" width = "700" cellpadding = "1" cellspacing = "1">8001010007FeFfFf3f00000006734106Status
F1F2F3Parttype
L1L2L3Lba1Lba2Lba3Lba4S1S2S3S4
Although it looks like a lot, there are actually only a few types:
Status: whether the disk can be started is 0x80; otherwise, it is 0x00.
F3 + f2 + f1: Start position of the partition
L3 + l2 + l1: end position of the partition
S4 + s3 + s2 + s1: partition size
Parttype: partition type. You can view the corresponding list in fdisk, as shown in. The first partition here is the 07 type, that is, HPFS/NTFS windows file system. The second partition is Linux.
Ii. fdisk Verification
The first primary partition is used as an example to verify some fields. It is the result of fdisk/dev/sdb.
Boot: the first byte 0x80 indicates that the first partition is a Boot partition.
Id: The value corresponding to the parttype field is 0x07.
System: Obtain the HPFS/NTFS file System from the fdisk table by id.
Blocks:Here is s4s3s2s1 = 0x06417306. We also use echo "ibase = 16; 06417306/2" "bc to get 52476291k, which just verifies the above value.
Start: Here f3f2f1 = 0x000101, we use echo "ibase = 16; 000101/2" | bc to get 128 k. Why is it kb instead of 1 in fdisk? It is mainly caused by two problems. The first one is the end of fdisk and the value in start refers to the cylindrical disk. Therefore, it is not a simple kB or MB, because the size of each cylinder varies according to the disk model. The second reason is that it may be caused by the stripe of the disk. (RAID card configuration --StripeSize in eachDisk".) The default value of stripe is 128 kb. It may be because of the preset reason that it does not start from the cylindrical 0, but from 1.
(Note: hard disk capacity = Number of cylinders (number of tracks on each disk, usually 1024 in total) × number of magnetic heads (number of disks) × number of sectors (indicating that each track has several sectors, usually the total number is 64) × sector (basic unit of storage, generally 512B/4KB ))
Iii. bash Implementation of fdisk
Some days before the internship, I found a more elegant bash code. Checks the startup partition, partition type, size, and other information of the MBR. This information is obtained from the partition table we described above. Here we take out the Code, although it is not practical (after all, there is already fdisk ). But if you want to learn it together, please correct it.
Effect: