Linux系统的机器上查看MBR数据
1. 概述
在 GPT分区表 一文中,介绍了MBR GPT等相关概念及相关数据结构;另外给出了在 Windows上面读取磁盘分区表 的示例,本文继续介绍Linux机器上面的MBR示例。
2. 读取MBR的内容
采用如下的命令(来源参见本文最后给出的链接):root@myhost /home/test # dd if=/dev/sda ibs=512 count=1 | hexdump -C 记录了1+0 的读入 记录了1+0 的写出 512字节(512 B)已复制,6.9911e-05 秒,7.3 MB/秒 00000000 eb 63 90 10 8e d0 bc 00 b0 b8 00 00 8e d8 8e c0 |.c..............| 00000010 fb be 00 7c bf 00 06 b9 00 02 f3 a4 ea 21 06 00 |...|.........!..| 00000020 00 be be 07 38 04 75 0b 83 c6 10 81 fe fe 07 75 |....8.u........u| 00000030 f3 eb 16 b4 02 b0 01 bb 00 7c b2 80 8a 74 01 8b |.........|...t..| 00000040 4c 02 cd 13 ea 00 7c 00 00 eb fe 00 00 00 00 00 |L.....|.........| 00000050 00 00 00 00 00 00 00 00 00 00 00 80 01 00 00 00 |................| 00000060 00 00 00 00 ff fa 90 90 f6 c2 80 74 05 f6 c2 70 |...........t...p| 00000070 74 02 b2 80 ea 79 7c 00 00 31 c0 8e d8 8e d0 bc |t....y|..1......| 00000080 00 20 fb a0 64 7c 3c ff 74 02 88 c2 52 be 80 7d |. ..d|<.t...R..}| 00000090 e8 17 01 be 05 7c b4 41 bb aa 55 cd 13 5a 52 72 |.....|.A..U..ZRr| 000000a0 3d 81 fb 55 aa 75 37 83 e1 01 74 32 31 c0 89 44 |=..U.u7...t21..D| 000000b0 04 40 88 44 ff 89 44 02 c7 04 10 00 66 8b 1e 5c |.@.D..D.....f..\| 000000c0 7c 66 89 5c 08 66 8b 1e 60 7c 66 89 5c 0c c7 44 ||f.\.f..`|f.\..D| 000000d0 06 00 70 b4 42 cd 13 72 05 bb 00 70 eb 76 b4 08 |..p.B..r...p.v..| 000000e0 cd 13 73 0d f6 c2 80 0f 84 d8 00 be 8b 7d e9 82 |..s..........}..| 000000f0 00 66 0f b6 c6 88 64 ff 40 66 89 44 04 0f b6 d1 |.f....d.@f.D....| 00000100 c1 e2 02 88 e8 88 f4 40 89 44 08 0f b6 c2 c0 e8 |.......@.D......| 00000110 02 66 89 04 66 a1 60 7c 66 09 c0 75 4e 66 a1 5c |.f..f.`|f..uNf.\| 00000120 7c 66 31 d2 66 f7 34 88 d1 31 d2 66 f7 74 04 3b ||f1.f.4..1.f.t.;| 00000130 44 08 7d 37 fe c1 88 c5 30 c0 c1 e8 02 08 c1 88 |D.}7....0.......| 00000140 d0 5a 88 c6 bb 00 70 8e c3 31 db b8 01 02 cd 13 |.Z....p..1......| 00000150 72 1e 8c c3 60 1e b9 00 01 8e db 31 f6 bf 00 80 |r...`......1....| 00000160 8e c6 fc f3 a5 1f 61 ff 26 5a 7c be 86 7d eb 03 |......a.&Z|..}..| 00000170 be 95 7d e8 34 00 be 9a 7d e8 2e 00 cd 18 eb fe |..}.4...}.......| 00000180 47 52 55 42 20 00 47 65 6f 6d 00 48 61 72 64 20 |GRUB .Geom.Hard | 00000190 44 69 73 6b 00 52 65 61 64 00 20 45 72 72 6f 72 |Disk.Read. Error| 000001a0 0d 0a 00 bb 01 00 b4 0e cd 10 ac 3c 00 75 f4 c3 |...........<.u..| 000001b0 00 00 00 00 00 00 00 00 c2 9f 09 00 00 00 80 01 |................| 000001c0 02 00 83 fe ff ff 40 00 00 00 ba 1d d2 05 00 fe |......@.........| 000001d0 ff ff 82 fe ff ff 00 1e d2 05 94 35 77 00 00 fe |...........5w...| 000001e0 ff ff 0f fe ff ff 00 58 49 06 00 08 ef 33 00 00 |.......XI....3..| 000001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa |..............U.| 00000200 root@myhost /home/test #
3. 分区表的数据分析
3.1 分区表1
对应的16个字节的内容:80 01 02 00 83 fe ff ff 40 00 00 00 ba 1d d2 05
第一个80表示是活动分区(bootable partition);
OSType是0x83,即Linux分区;
起始LBA:0x40
该分区大小:0x05d21dba = 46.6 GB. 对应如下数据:
root@myhost /home/test # df -hl 文件系统 容量 已用 可用 已用% 挂载点 rootfs 46G 26G 19G 58% / dev 942M 0 942M 0% /dev run 946M 1.9M 944M 1% /run /dev/sda1 46G 26G 19G 58% /
3.2 分区表2
00 fe ff ff 82 fe ff ff 00 1e d2 05 94 35 77 00
非活动分区,OSType为0x82,即Linux Swap分区。
起始LBA:0x05d21e00
该分区大小:0x00773594 = 3.7 GB
3.3 分区表3
00 fe ff ff 0f fe ff ff 00 58 49 06 00 08 ef 33
非活动分区;
OSType是0x0f,即扩展分区。
起始LBA:0x06495800
该分区大小:0x33ef0800 = 415.5 GB
3.4 分区表4
全0,表示未使用该partition record。00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
4. 使用fdisk工具查看分区表
上面是通过第一个扇区即MBR的分析结果,接下来再直接用分区工具查看。如下:root@myhost /home/test # fdisk -l /dev/sda Disk /dev/sda: 500.1 GB, 500107862016 bytes, 976773168 sectors Units = 扇区 of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk identifier: 0x00099fc2 设备 Boot Start End Blocks Id System /dev/sda1 * 64 97656313 48828125 83 Linux /dev/sda2 97656320 105468819 3906250 82 Linux swap / Solaris /dev/sda3 105469952 976773119 435651584 f W95 Ext‘d (LBA) /dev/sda5 105472000 976773119 435650560 83 Linux
5. 分区表&文件系统挂载
根据以上分析,发现该机器定义了2个主分区,一个扩展分区。而扩展分区中定义了一个逻辑分区,即/dev/sda5.再看该机器的挂载情况:
root@myhost /home/test # mount proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) sys on /sys type sysfs (rw,nosuid,nodev,noexec,relatime) dev on /dev type devtmpfs (rw,nosuid,relatime,size=964304k,nr_inodes=213867,mode=755) run on /run type tmpfs (rw,nosuid,nodev,relatime,mode=755) /dev/sda1 on / type ext4 (rw,noatime,data=ordered) securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev) devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000) tmpfs on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,mode=755) cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio) 。。。。。。。。。。。。。。 tmpfs on /tmp type tmpfs (rw) root@myhost /home/test #
即整个文件系统挂载在第一个主分区/dev/sda1(46GB)上面。要使用逻辑分区/dev/sda5(415G),则需要自己进行挂载。
注:本机是从jd.com上面买的一个lenovo Linux主机。
6. 附A OSType
取自 http://www.win.tue.nl/~aeb/partitions/partition_types-1.html0f WIN95: Extended partition, LBA-mapped Windows 95 uses 0e and 0f as the extended-INT13 equivalents of 06 and 05. For the problems this causes, see Possible data loss with LBA and INT13 extensions. (Especially when going back and forth between MSDOS and Windows 95, strange things may happen with a type 0e or 0f partition.) Windows NT does not recognize the four W95 types 0b, 0c, 0e, 0f ( Win95 Partition Types Not Recognized by Windows NT). DRDOS 7.03 does not support this type (but DRDOS 7.04 does). 82 Linux swap 83 Linux native partition Linux is a Unix-like operating system written by Linus Torvalds and many others on the internet since Fall 1991. It runs on PCs (386 and up) and a variety of other hardware. It is distributed under GPL. Software can be found numerous places, like ftp.funet.fi, metalab.unc.edu and tsx-11.mit.edu. See also comp.os.linux.* and http://www.linux.org/. Various filesystem types like xiafs, ext2, ext3, reiserfs, etc. all use ID 83. Some systems mistakenly assume that 83 must mean ext2.
7. 附B 在线计算器等
- 一个比较好用的在线计算器:http://tools.2345.com/jishunqi.htm
- 前面查看MBR使用的命令,来源于 http://360percents.com/posts/command-to-read-mbr-in-linux/
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。