"The Linux Gazette...making Linux just a little more fun!"


(?) The Answer Guy (!)


By James T. Dennis, answerguy@ssc.com
LinuxCare, http://www.linuxcare.com/


(?) Persistent LILO: Won't Start! Won't Go Away!

From Teemu Pentinsaari on Wed, 28 Jul 1999

hi,

I'm having alot of trouble getting LILO off my MBR, it stays like glued and I don't know what to do anymore.

I had fully workin Linux Redhat and everything was going fine, but then I tryed to get lilo off the mbr and the sunshine stopped. My computer hangs up in booting showing only first two letters of lilo, then whatever you do, it hangs up. I have wiped out my hd using Linux-fdisk, dos f-disk, partition magic 3 and NT40 installation partitioning tool, I have convertted my hd to ntfs back to fat and again to ext2 but LILO is still sitting on my MBR. I have spent last 26 hours trying to get it off the MBR from running Linux , I have tryed to use lilo -param -param commands but they wont resolve my poblem.

(!) The easiest way to wipe your MBR and partition table on a Linux box is with a command like:
dd if=/dev/zero of=/dev/hda count=1 bs=512 && sync && echo done.
... if you see it echo "done" then you have successfully wiped the partition table and MBR on your first IDE drive. (Use /dev/sda to blow away your first SCSI drive).
Nota Bene: THIS WILL RENDER YOUR SYSTEM NON-BOOTABLE AND MAKE ALL OF YOUR FILES AND FILESYSTEMS ON THAT DRIVE INACCESSIBLE!
(I hope you knew that).
It would help quite a bit if you told me which -param -param you were using. It would help even more if you issued a command like:
lilo -v -v -v &> /tmp/lilo.out
... and included the lilo.out file in your next message. The -v options will make the /sbin/lilo boot map updater VERY verbose. (My simplest system generated about 70 lines of output from this command).

(?) what can I do ?

Is there a handy way to read MBR in binary ?

(!) dd if=/dev/hda count=1 bs=512 | od -x
... you can pipe the output from this dd command into any number of utilities to render relatively readable encodings of the data. For example you might use:
dd if=/dev/hda count=1 bs=512 | cat -v
... to look for ASCII strings embedded in the mix.

(?) Is there other commands than lilo -param to edit MBR ?

(!) Any good disk/binary editor should do it. There are several hex/binary editors for Linux. One way would be to use dd to capture the data then run emacs on the temporary file. You can use emacs and xemacs to edit in hex using the command: M-x hexl-mode
(Note: if you use viper mode, the vi emulation package that I use, then you'll want to use C-z to suspend your viper keybindings while you use hexl-mode's bindings).
There's also 'beav' (Binary editor and viewer), lde (Linux Disk Editor), bvi (Binary vi) and a number of others for Linux.
None of these has the features that I liked in the old MS-DOS hex editors like Norton's DiskEdit and Paul Mace's MUSE. It would be nice if lde were extended with a set of templates that matched various C struct's (data structure definitions) for things like partition tables, superblocks, inodes, etc, and if you could easily bounce from partition table to superblock to directory and from directory entry, to inode, to corresponding data blocks and extent (indirect) blocks, and through the free list and bad blocks "file") (i.e. add extra navigation commands).
However, I'm certainly not enough of a expert in low-level Linux disk and data structures to write the code for any of that. 'lde' looked like the most promising of these that I've see so far. It supports color ncurses and recognizes some data structures (though it's a bit confusing and could use quite a bit more documentation).

(?) thanks a lot,
Teemu Pentinsaari

(!) In the worst case (assuming you have a full backup) try:
dd if=/dev/zero of=/dev/hda
... to write a stream of ASCII NULs over the whole disk. (This is presuming that you boot from a rescue/destroy floppy, of course).
Fans of the old Norton "DiskWipe" utility could use a simple shell script on their Tom's Root/Boot (http://www.toms.net/rb/) which was just a for loop like:
		for i in 0 1 2 3 4 5 6 7 8 9 ; do
			dd if=/dev/zero of=/dev/hda bs=1024k; sync
			dd if=/dev/urandom of=/dev/hda bs=1024k; sync
			done
		dd if=/dev/zero of=/dev/hda; sync
... which would make about ten passes over the disk with ASCII NULs and random bits. It might take all night, but I don't that even the super spooks with the forensic micro-electron-magnetoscopy (or whatever it's called) would get the goods on you when you were done.
Any way --- lilo's -v (verbose) is one of your friends. 'dd' (the UNIX data dumper) is another. Make their aquaintance and SQUASH THAT BOOT RECORD!


Copyright © 1999, James T. Dennis
Published in The Linux Gazette Issue 44 August 1999
HTML transformation by Heather Stern of Starshine Techinical Services, http://www.starshine.org/


[ Answer Guy Index ] 1 4 7 9
11 12 14 17
18 19 20 21 24 25 26
28 29 30 31 32 33 34
35 36 37 38 39 40 41
42 43 44 45 46 47 48


[ Table Of Contents ] [ Front Page ] [ Previous Section ] [ Next Section ]