Source Address: http://www.linuxpk.com/3366/viewspace-482.html
What is MBR?) Y (GE '; M &/0linux; C * Ko WY (BH
Except for those PCs with the option to start from a non-physical C disk, no PC can start from the physical
[Ya? # Any sector other than {0, 0, 1} of the first hard disk of lnh t0 is started, so {0, 0, 1} is called as the main guide for recording the Linux treasure house H & Q8 @ dx7l
Directory: MBR (Main Boot Record ). Modify the MBR virus or program to move the original MBR
. Kr-G
Avqv4x0 after other sectors, this program can no longer be called MBR. At best, it is called "original MBR", and it occupies the Linux treasure house ^ C (K! H6q/ye: O
The new boot program of {0, 0, 1} can be called the current MBR. Modify the parameters in BIOS setup,
: R/_ 1yqfbl. G' K) u! U0 can change the structure of the hard disk Logical Disk, but neither {0, 0, 1} nor {0, 1} can be modified }.
I6pv3 @ 7et2w0
/Vbo8cw A N0 has some troublesome MBR viruses (as mentioned earlier in wwashington ).
Y6g
After yp5z7 ^ n0fdisk/MBR, the computer will not be able to start, because the normal boot and file structure of the computer is the Linux treasure house. rtx4rl z @ t
Virus (in addition to viruses, it also includes some management tools system commander and Norton Linux
Ixur, S/bds
Disklock) encoded/encrypted. decoding to a normal structure requires guidance from the virus program.
-E, etj0u 'j0 Linux inventory 7 V
G'
DL
So:
% UF @ x RC! E 'i8y # l0
7j.]) wi @ 0 (1) removing any virus does not require low-level hard disk formatting. This is a true proposition. J "| K' v * k4j
(2) fdisk/MBR + sys C: You can restore the data, except for any boot disease Linux .~ * B} # [iwh7bo
This is a false proposition. Linux treasure l, T-rFB6BWJaP & CW
'] # Dzdn * z
|) W0 the above conclusions are based on the fact that, under normal circumstances, the PC cannot use {0, 0, 1} of the first physical hard disk to store Linux 1q0z] //: {# nou & t1qw
Start any sector outside. I think what wwashington and I want to express is the same, only the Linux wm7g' ^} ': c {& J
Because some basic events are understood from different perspectives, there are Linux $ I and qfkxki in terms of macro expressions.
Different focuses.
/LP | n1iuj5j $ B0 Linux treasure house 'ovbx; et
So here we also remind you that when you try to use fdisk/MBR + sys C: to clear the virus
6f [K9 | bl0, make sure to back up MBR, that is, {0, 1 }. Kv300 and virus star VRV are the core of Linux Q; uv0ts (h; C "s
Imperfect. kv300 won't be mentioned here. VRV claims to be able to back up MBR, but because of the Linux inventory {/5vj, YH
And the backup is not always normal. According to the technical support of the original VRV, after VRV is used
M; aq4el7jg @ t0 t0 hard disk "is not a minority, and they have no choice but to push their responsibilities to confused users. Here, we also
'2my-mu6yltq0 is not recommended. Linux, h # G3/% AJ @"''
Linux inventory/* iini) K "F
M-MW, O + lucn
A0
; Say "~ & W :~ W0MBR parameters of fdiskLinux inventory 2s8 ^ Z: x
P Ke
Linux treasures 9 | E) F1 ^; BS ^
Description of MBR parameters of fdisk (reprinted)
In; kd9a0u0u (O, K0
[VN
J8z + slz0fdisk is the most commonly used command in hard disk partitioning, but some readers may not know it. The fdisk command is also a library of Linux: cp2drff
Q "| v9o
Linux + iiwy @ v5gn6e * h} t # G
There is an undisclosed parameter/MBR. If you use fdisk /? This parameter is not found, but the Linux inventory 4 ~ Jej: Shk % J; [% I
The Z. CBS/V % Vy & l0 parameter plays an important role. MBR is the abbreviation of Master Boot Record. So Linux: ehfr) cchisx9? A
In Linux! E9h/quo, R: X ['
How does fdisk/MBR work? Let's take a look at it with you.
E 'fsf)] Z, E. jm % z0 first let's take a look at the primary Boot Sector, the first sector of the hard disk's zero-cylinder and zero track, known as the primary Boot Sector
8k6c4?
W
T2w0linux # G & {u ~ Sa +
, (Of course, 512 bytes), the primary Boot Sector is recorded by the primary Boot Record (MBR), the hard disk partition table (DPT, disk
J | 9mk5/; wbz1t + azt0
6? Nv7fnj1a; J./0 Partition Table) is composed of three parts: End mark. The size and offset of each part can be found in the table below. vu5uu! S (gg
Zi/sqe5a: The ji0 Boot Record contains a series of Hard Disk parameters and a boot program, the boot program is mainly used in the Linux house aTV-cu3h/C
Linux treasure D + sg9k0ghx6u % d
Boot the operating system on the partition with the activation mark after the system hardware self-check is complete. It runs to the end of
-@ N? [Zu7f
R0
# SMB/2f
C % nt0jmp command jumps to the boot program of the operating system. Therefore, it is usually caused by some Boot viruses and multiple systems.
7' + ~. V7ow0
)@
| % H # V
I
Z! The starting point of the zt0 boot program. This section also includes the prompt message "invalid partition" when an error occurs.
'! G4gt5 {/{3b0linux treasure house @ t2lsv (i2a & N] J
Table, error loading operating system, missing operating system, and some Linux treasures o2s/o
E8ki * u
Wb6y & OO + H
Retain information. The 64-byte hard disk partition table records the partition size, type, and which is the active partition.
Ghs4l) i9d0
T, PNN) A-_ B! F4a0 and so on (for detailed structure, refer to relevant materials ). The last two symbols of the primary Boot Sector "55aa" are the Linux treasure house of the primary Boot Sector Ru p2yp0] J & O; W
Linux repository @-C/[xni | $ t
The end mark of the partition, and some viruses will modify these two flags. As a result, the Linux treasure house R cannot be found during system boot; @ n. rtonp
F ;~ $ S-VD-iI2? 4Q? Partition Table with zero effect. You can use some tools or write the data of the primary Boot SectorAssembly. Linux inventory o4yu. GQ ^ C
When fdisk/MBR is used, the first 446 bytes (if you use ddlinux + io5ig in Linux |
DS * B0} 'l ~ 0if =/boot. NNNN of =/dev/hda BS = 446 COUNT = 1 command to restore MBR.
A0? Bf0b9 ^ * s
Jad0linux inventory xn0id1z U ^
This number is 446.) reset and re-"Install" the boot program, but it will not damage the hard disk partition table. Security
% E % L: oqsa0linux treasure @ deuv8w} n
Install some security protection software or new operating system boot programs will often be changed, part of the boot sector Linux treasure house! O 'Uyun] e
-M! O) The f2d6bl @ 0 virus may also occupy this site to gain control of the system. In the above case, if
My:]; u6zw0linux 3/s ^} "B {5xx + j m/I
Due to carelessness orOthersCause: the boot disk that is not infected with the virus can be used when the system cannot be started normally.
T] F # E % qn0
B9b + |! H # dy7k5f0 start the system and then use fdisk/MBR. Please note that you must take the right medicine when using the system. The following is a description
X _ v
AE * b2dul0linux treasure house re3ar0_a2 ^ bhq
The following are some examples of my experience: Linux: OQ-Wh v @
1. One of my colleagues once used a software called a super guard, which has the power-on password function. However, the password for Linux [au5z0p # Na}
9z in Linux? 1 ~ FFI-K
The Code was forgotten by him. He started from the floppy disk and deleted the software.
/% Ew. E. ff0
) Dbusp ki0 still requires him to enter the password. According to him, the prompt for entering the password is after the hardware self-check is completed.
A, f4a $ E1? Ih0
/O! B | G + L ~ 0. When windows was just started, I guess the Main Boot Sector was modified. We recommend that you use the Linux bucket D "N & ira1x/wxnp of Windows 98.
T1? A
S: FB/E "G0 boot disk restart and use this command, the boot password is removed. Linux treasure house 2 v/w/mfc ?! Q ~
2. My colleague's computer is infected with virus in the boot zone. After Kingsoft drug overlord detects it, he uses Kingsoft drug overlord as the Linux treasure house.
Cv3t HCQ} 5m3a "ex
* H ~ & L; ["{0 indicates that the virus is detected after the drive is restarted.
Y6je & gt/) vc0linux inventory
E "s ~ 4f & vzpa5fi |
Whether the device is "clean". After I buy the Windows 98 boot disk that is attached to the brand machine and ask him to restart it,
Ukq. p ~ 6l + Qy ~ 0
3 S &? L + u7u + k "I0 with fdisk/MBR, restart the computer again and find the virus has been cleared. 9c-p | b6r, VX & Rn
3. To experience Windows 2000, I changed another small hard drive jumper from my company to slave and connected it to me.
Q * _ {Y] 9c6}) t0
F + X: IEO) on ide1 of the h8sd0 computer, install Windows 2000 to a small hard disk for Windows 98 and
E-xzoo
_ 0linux Treasury U @ M, ^
L4f! F
Windows 2000 Dual Boot, and later the hard disk was taken away. When the system was started again, it was found that it could not be started.
EK-P
C B
V1y # YV. gs0 after I start the boot disk of Windows 98, I still cannot use the fdisk/MBR command.
BP @ & Uz-S
Linux inventory h; GX | *] 1/
My last move, sys C:, started again, succeeded! Linux inventory 4 T % y2a $ A, to: [4D
4. With the popularity of Linux, many friends want to enable dual-boot (or even multiple-boot) on a single computer! T. cm} l & y9k
! P! Cjn7 [E _ [0 install Linux, Lilo may be installed in the Main Boot Sector. If you want to Uninstall Linux
9b @ ^. d1ryu0
/W, GY-y7X ,? {0 partition command to delete Linux partitions; if you want to restore to the original system later, use this command to clear lilo Linux inventory ml
N2 ^ 8ew
+ W + CEB (pks0gwq0 division, usually do not lose the data on the original system.
G: Qu' "PQ % P0 it is important to remind everyone that fdisk generally does not affect the partition structure and data of the hard disk, but some
/Egv {FP * t0
The k5v/d1y0 virus uses the fdisk/MBR principle to modify the normal boot and file structure of the computer.
'#} 8e | YG @ v
Linux inventory
AJD,] l
U ktjx
Forcible use of fdisk/MBR may make the system worse, or even clear all the data on the hard disk from the Linux inventory + v7b [U/L! Q
T
Linux # K {4G {: Y, LBI
. Therefore, we recommend that you do not use this command unless it is affected by viruses or some disk management tools! X $ b8g & UV
. TL &~ & E | 'evv0 can't be started normally before using this command. If you want to test it, you should back up all your
Js5q: O &} QH) [q0linux treasure house % fdamt "wgpa
Data, and use the DEBUG command to save your Master Boot records. Think about why Microsoft does not publish this Command Parameter
? @ Y & X. o5h00i % s ^/F $ g0e0? Because it is a dangerous command!