我在 Macbook Pro 上进行了大量分区/双启动。现在我已经安装了 Mac OS X 和 Ubuntu 12.04,Grub 安装在 Ubuntu 分区上。
我想知道 - 我的 MBR 中的代码(前 446 个字节)是什么?由于 Mac 使用 EFI 和 GUID 分区,因此 MBR 只是保护性/混合 MBR(在我的例子中,它是混合 MBR)。
问:如何识别 MBR 中的程序(基于其十六进制转储)?有某种签名吗?我猜这是grub但我做了一个十六进制转储它与我在中找到的代码不匹配本文详细介绍了 Grub MBR(“第一阶段”)代码。
编辑:我正在运行 rEFInd,一个 EFI 启动管理器程序。它是一个 EFI 应用程序,因此驻留在我的 EFI 系统分区上。该程序是在启动后立即运行的,但我认为它不会在 MBR 的 446 字节中放置任何代码。
EDIT2:我应该补充一点,我也安装了 Windows 进行双启动。
答案1
我想我已经找到了答案:我相信它是 Windows 启动代码。根据 hexdump ( "Invalid partition table.Error loading operating system.Missing operating system."
) 中的可读 ASCII,我能够进行 Google 搜索并找到一个讨论 Windows 引导加载程序的站点。我的十六进制转储与 Windows 7 引导加载程序相匹配,详细信息请参见http://thestarman.pcministry.com/asm/mbr/W7MBR.htm#CODE。这是有道理的,因为我过去在我的计算机上安装过 Windows 7。
答案2
实用性ms-sys
不仅可以识别MBR和PBR引导代码的许多变体,还可以根据需要编写它们。
Usage:
ms-sys [options] [device]
Options:
-1, --fat12 Write a FAT12 floppy boot record to device
-2, --fat32nt5 Write a FAT32 partition NT5.0 boot record to device
-8, --fat32nt6 Write a FAT32 partition NT6.0 boot record to device
-x, --exfatnt6 Write a EXFAT partition NT6.0 boot record to device
-e, --fat32pe Write a FAT32 partition PE boot record to device
-3, --fat32 Write a FAT32 partition DOS boot record to device
-4, --fat32free Write a FAT32 partition FreeDOS boot record to device
-5, --fat16free Write a FAT16 partition FreeDOS boot record to device
-6, --fat16 Write a FAT16 partition DOS boot record to device
-n, --ntfs Write a NTFS partition Windows 7 boot record to device
-o, --fat16ros Write a FAT16 partition ReactOS boot record to device
-c, --fat32ros Write a FAT32 partition ReactOS boot record to device
-q, --fat32kos Write a FAT32 partition KolibriOS boot record to device
-l, --wipelabel Reset partition disk label in boot record
-p, --partition Write partition info (hidden sectors, heads and drive id)
to boot record
-H, --heads <n> Manually set number of heads if partition info is written
-B, --bps <n> Manually set number of bytes per sector (default 512)
-O, --writeoem <s> Write OEM ID string <s> to file system
-S, --writewds <x> Write Windows Disk Signature hexadecimal <x> to MBR
-7, --mbr7 Write a Windows 7 MBR to device
-i, --mbrvista Write a Windows Vista MBR to device
-m, --mbr Write a Windows 2000/XP/2003 MBR to device
-9, --mbr95b Write a Windows 95B/98/98SE/ME MBR to device
-d, --mbrdos Write a DOS/Windows NT MBR to device
-s, --mbrsyslinux Write a Syslinux MBR to device
-t, --mbrgptsyslinux Write a Syslinux GPT MBR to device
-a, --mbrreactos Write a ReactOS MBR to device
-k, --mbrkolibrios Write a KolibriOS MBR to device
-r, --mbrrufus Write a Rufus MBR to device
-g, --mbrgrub4dos Write a Grub4Dos MBR to device
-b, --mbrgrub2 Write a Grub 2 MBR to device
-z, --mbrzero Write an empty (zeroed) MBR to device
-f, --force Force writing of boot record
-h, --help Display this help and exit
-v, --version Show program version
-w, --write Write automatically selected boot record to device
Default Inspect current boot record
Warning: Writing the wrong kind of boot record to a device might
destroy partition information or file system!
检查模式下的使用示例(纯 UEFI 系统上的典型结果):
# ms-sys /dev/sda # MBR of an UEFI-bootable disk
/dev/sda has an x86 boot sector,
it is a zeroed non-bootable master boot record, like the one this
program creates with the switch -z on a hard disk device.
# ms-sys /dev/sda1 # PBR of an UEFI ESP
/dev/sda1 has a FAT32 file system.
/dev/sda1 has an x86 boot sector,
it is an unknown boot record
The OEM ID is mkfs.fat
答案3
了解 MBR 技术的另一种方法是启动信息脚本最初发布于源锻造。
看起来字节0x80
可以0x81
用来识别 MBR 代码:
case ${Bytes80_to_81} in
0069) BST='ISOhybrid (Syslinux 3.72-3.73)';;
010f) BST='HP Recovery';;
019d) BST='BSD4.4: FAT32';;
0211) BST='Dell Utility: FAT16';;
0488) BST="Grub2's core.img";;
以下命令从磁盘读取字节0x80
和:0x81
sudo hexdump -v -s 0x80 -n 2 -e '2/1 "%x" "\n"' /dev/sdXY
# hexdump - ASCII, decimal, hexadecimal, octal dump
# -v => Cause hexdump to display all input data.
# -s offset => Skip offset bytes from the beginning of the input.
# -n length => Interpret only length bytes of input.
# -e format_string => Specify a format string to be used for displaying data:
# 2/1 => number of bytes substited by %x / iteration count for the whole format string.
# "%x" => Will be substituted with bytes, number of bytes is specified by first number, here 2.
# \n => Append line break
# /dev/sdXY => Input file.
来源和案例表德语 ubuntu 用户 wiki。
答案4
您可以将磁盘/分区的前几 KiB 复制到文件中,然后让 strings(1) 或 objdump(1) 释放该文件以找出其中的内容。