Re: I'm having an image problem...

From: James.Holleyat_private
Date: Fri Feb 14 2003 - 20:03:11 PST

Next message: Jason Upchurch: "Re: I'm having an image problem..."

Previous message: James: "I'm having an image problem..."
Maybe in reply to: James: "I'm having an image problem..."
Next in thread: Jason Upchurch: "Re: I'm having an image problem..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

James said:

/*
Any help with the possible drive geometry or the possible cause of this 
effect 
would be much appreciated.
*/

Check the partition table in the Master Boot Record to get a rough idea of 
the drive geometry. A partition entry includes starting and ending 
cylinder, head, sector info as well as other very useful data.

Here's the format of a 512 byte MBR - sector 0 - for a Windows/DOS 
compatible system:

        HEX Offset      Stuff
        000h            446 bytes = boot code
        1BEh            16 bytes - 1st partition entry
        1CEh            16 bytes - 2nd partition entry
        1DEh            16 bytes - 3rd partition entry
        1EEh            16 bytes - 4th partition entry
        1FEh            2 bytes - 55 AA - Boot Record Signature

Each partition entry has the following structure:

        HEX Offset      Stuff
        00h             1 byte - Current State = 00h for not Bootable or 
80h for Bootable
        01h             1 byte - Starting Head = Beginning of Partition
        02h             1 Word - Beginning Cylinder/Sector
        04h             1 byte - Partition Type/File System Indicator Byte 
- 0C = FAT32 - 07 = NTFS
        05h             1 byte - Ending head of Partition
        06h             1 Word - End of Partition - Cylinder and Sector
        08h             1DWord - # of Sectors Between MBR and 1st Sector 
in Partition
        0Ch             1DWord - # of Sectors in the Partition

James
===============================

James O. Holley
Ernst & Young
Litigation Advisory Services &
Computer Forensic Services
http://litigation.ey.com

Office:   703.747.1059
Fax:       703.747.0104
Lab:       703.747.0253
Pager:    888.620.5275
Pager email: 6205275 "AT" skytel.com

===============================

________________________________________________________________________
The information contained in this message may be privileged and confidential and protected from disclosure.  If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.  Thank you.  Ernst & Young LLP


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Jason Upchurch: "Re: I'm having an image problem..."
Previous message: James: "I'm having an image problem..."
Maybe in reply to: James: "I'm having an image problem..."
Next in thread: Jason Upchurch: "Re: I'm having an image problem..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Feb 14 2003 - 20:55:49 PST