From: Fiona Ebner <f.ebner@proxmox.com>
To: Mike Maslenkin <mike.maslenkin@gmail.com>
Cc: John Snow <jsnow@redhat.com>,
QEMU Developers <qemu-devel@nongnu.org>,
"open list:Network Block Dev..." <qemu-block@nongnu.org>,
Thomas Lamprecht <t.lamprecht@proxmox.com>,
Aaron Lauterer <a.lauterer@proxmox.com>
Subject: Re: Lost partition tables on ide-hd + ahci drive
Date: Fri, 17 Feb 2023 14:40:45 +0100 [thread overview]
Message-ID: <85488658-80df-f6ac-8a1d-51172148a436@proxmox.com> (raw)
In-Reply-To: <CAL77WPAdDyKFWP_Dqsz_xr7OCzHLTkw6VbYDMGobi8kek4e_8A@mail.gmail.com>
Am 16.02.23 um 15:17 schrieb Mike Maslenkin:
> Does additional comparison make a sense here: check for LBA == 0 and
> then check MBR signature bytes.
> Additionally it’s easy to check buffer_is_zero() result or even print
> FIS contents under these conditions.
> Data looks like a part of guest memory of 64bit Windows.
Just today we got a new dump [0], and it's very similar. Again only 512
bytes and again guest memory?
> febner@enia ~/Downloads % hexdump -C dump.raw
> 00000000 00 03 22 00 4e 74 46 73 da 4c a3 1c 3b f5 7d 19 |..".NtFs.L..;.}.|
> 00000010 60 a5 a6 d4 0c a8 ff ff 30 15 d9 e6 0c a8 ff ff |`.......0.......|
> 00000020 5c 00 53 00 6f 00 66 00 74 00 77 00 61 00 72 00 |\.S.o.f.t.w.a.r.|
> 00000030 65 00 44 00 69 00 73 00 74 00 72 00 69 00 62 00 |e.D.i.s.t.r.i.b.|
> 00000040 75 00 74 00 69 00 6f 00 6e 00 5c 00 44 00 6f 00 |u.t.i.o.n.\.D.o.|
> 00000050 77 00 6e 00 6c 00 6f 00 61 00 64 00 5c 00 37 00 |w.n.l.o.a.d.\.7.|
> 00000060 33 00 63 00 36 00 33 00 65 00 32 00 64 00 37 00 |3.c.6.3.e.2.d.7.|
> 00000070 66 00 66 00 38 00 66 00 36 00 35 00 31 00 31 00 |f.f.8.f.6.5.1.1.|
> 00000080 39 00 36 00 63 00 65 00 61 00 31 00 65 00 30 00 |9.6.c.e.a.1.e.0.|
> 00000090 39 00 66 00 66 00 36 00 32 00 30 00 65 00 5c 00 |9.f.f.6.2.0.e.\.|
> 000000a0 69 00 6e 00 73 00 74 00 5c 00 70 00 61 00 63 00 |i.n.s.t.\.p.a.c.|
> 000000b0 6b 00 61 00 67 00 65 00 5f 00 39 00 31 00 37 00 |k.a.g.e._.9.1.7.|
> 000000c0 31 00 5f 00 66 00 6f 00 72 00 5f 00 6b 00 62 00 |1._.f.o.r._.k.b.|
> 000000d0 35 00 30 00 32 00 32 00 38 00 33 00 38 00 7e 00 |5.0.2.2.8.3.8.~.|
> 000000e0 33 00 31 00 62 00 66 00 33 00 38 00 35 00 36 00 |3.1.b.f.3.8.5.6.|
> 000000f0 61 00 64 00 33 00 36 00 34 00 65 00 33 00 35 00 |a.d.3.6.4.e.3.5.|
> 00000100 7e 00 61 00 6d 00 64 00 36 00 34 00 7e 00 7e 00 |~.a.m.d.6.4.~.~.|
> 00000110 31 00 30 00 2e 00 30 00 2e 00 31 00 2e 00 31 00 |1.0...0...1...1.|
> 00000120 33 00 2e 00 63 00 61 00 74 00 1d 08 0d a8 ff ff |3...c.a.t.......|
> 00000130 13 03 0f 00 4e 74 46 73 ea 4d a3 1c 3b f5 7d 19 |....NtFs.M..;.}.|
> 00000140 90 05 4d 0f 0d a8 ff ff a0 0c 55 0d 0d a8 ff ff |..M.......U.....|
> 00000150 43 52 4f 53 4f 46 54 2d 57 49 4e 44 4f 57 53 2d |CROSOFT-WINDOWS-|
> 00000160 44 2e 2e 2d 57 49 4e 50 52 4f 56 49 44 45 52 53 |D..-WINPROVIDERS|
> 00000170 2d 41 53 53 4f 43 5f 33 31 42 46 33 38 35 36 41 |-ASSOC_31BF3856A|
> 00000180 0c 03 67 00 70 00 73 00 63 00 72 00 69 00 70 00 |..g.p.s.c.r.i.p.|
> 00000190 74 00 2e 00 65 00 78 00 65 00 37 00 36 00 34 00 |t...e.x.e.7.6.4.|
> 000001a0 37 00 62 00 33 00 36 00 30 00 30 00 63 00 64 00 |7.b.3.6.0.0.c.d.|
> 000001b0 65 00 30 00 34 00 31 00 35 00 39 00 35 00 32 00 |e.0.4.1.5.9.5.2.|
> 000001c0 31 00 2e 00 74 00 6d 00 70 00 47 00 50 00 53 00 |1...t.m.p.G.P.S.|
> 000001d0 43 00 52 00 49 00 50 00 54 00 2e 00 45 00 58 00 |C.R.I.P.T...E.X.|
> 000001e0 45 00 37 00 36 00 34 00 37 00 42 00 33 00 36 00 |E.7.6.4.7.B.3.6.|
> 000001f0 30 00 30 00 43 00 44 00 45 00 30 00 34 00 31 00 |0.0.C.D.E.0.4.1.|
> 00000200 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
> *
> 00100000
[0]:
https://forum.proxmox.com/threads/not-a-bootable-disk-vm-ms-server-2016.122849/post-534473
next prev parent reply other threads:[~2023-02-17 13:41 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-02 12:08 Lost partition tables on ide-hd + ahci drive Fiona Ebner
2023-02-14 18:21 ` John Snow
2023-02-15 10:53 ` Fiona Ebner
2023-02-15 21:47 ` John Snow
2023-02-16 8:58 ` Fiona Ebner
2023-02-16 14:17 ` Mike Maslenkin
2023-02-16 15:25 ` Fiona Ebner
2023-02-16 16:15 ` Mike Maslenkin
2023-02-17 12:25 ` Fiona Ebner
2023-02-17 13:40 ` Fiona Ebner [this message]
2023-02-17 21:22 ` Mike Maslenkin
2023-08-23 8:47 ` Fiona Ebner
2023-08-23 9:17 ` Fiona Ebner
2023-08-26 18:07 ` Mike Maslenkin
2023-02-17 9:44 ` Aaron Lauterer
2023-06-14 14:48 ` Simon J. Rowe
2023-06-15 7:04 ` Fiona Ebner
2023-06-15 8:24 ` Simon Rowe
2023-07-27 13:22 ` Simon Rowe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=85488658-80df-f6ac-8a1d-51172148a436@proxmox.com \
--to=f.ebner@proxmox.com \
--cc=a.lauterer@proxmox.com \
--cc=jsnow@redhat.com \
--cc=mike.maslenkin@gmail.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=t.lamprecht@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).