Hi guys,
bing said:
See ! I knew it, JDany3D is a kungfu master !
!
Don't say that. You are embarrassing me....
bing said:
... Re- subscribed... my own thread ! LOL
hahahahah
bing said:
Very nice discovery on that boot sector !
That will be very useful for future reference, especially for brute force recovery process ! Again, really great discovery !
Thanks for sharing it here !
It's a pleasure sharing with you both and the others my work.
I learned a lot reading this thread from the beginning to the end.
The least thing i can do is sharing my experience and showing my gratitude for you all.
bing said:
Eagerly waiting for your experience in alternative booting scenario in drive disaster !
bing said:
That's very cool mate... well done.
The whole Boot from C or D idea with the same image is wicked. Can't wait to see your total success!
Thanks again.
Here we are and i'm ready.
Just a digression on what i did the last night.
I was not completely satisfied about volume 0 + 5 size so i deleted them both and recreated them with 300 GB raid 0 and the rest on raid 5.
I enlarged the raid 0 in order to fit the scratch audio/video partition in it.
Booted from my Hitachi HD (i don't like waiting BartPE booting time (4 minutes)), i created two primary (active partitions one on raid 0 and one on raid 5 and restored on both them the previously saved backup of Win XP.
Tried a reboot from raid 0 goes well.
Detached the first HD from ICH9R and restarted the PC.
Raid 0 disappeared (failure), raid 5 is in degraded state but still booting from primary. Up to now, nothing new.
A this point i was exactly in the same situation i described in my previous post, but with a different raid volume sizes.
Do you remember my issue booting from raid 5, with a very long startup time waiting for a driver to start?
Well, it disappeared.
Maybe there was something wrong in the previous win configuration on raid 5.
The difference between the last win configuration and the previous one was having swap and temp on separate partition in the former, while in the latter it's all (system, swap and temp files) contained into a single partition as windows default.
Of course throwing away the raid 0 containing the temp partition, but still having windows on raid 5 looking for this partition, caused probably some trouble.
Resetting the windows standard configuration on raid 5 having the temp and swap on the same win partition, didn't help to solve the problem.
Only doing this resetting (using registry) on partition on raid 0, taking a backup of it and restoring it onto the primary raid 5 partition, solved the issue.
Don't ask me why...
Perhaps you are wondering why i did separate win and swap + temp.
Well, i don't like temp files continuously fragmenting windows partition.
About the swap, the answer is very simple: take a backup of C: with and without swap file and look at the difference between file sizes....
End of digression.
OK, below some notice on what i did after that bunch of tedious stuffs described above.
- Zeroed the detached HD with a hex editor (i didn't like to wait the whole formatting).
I tried to format the very last part of the HD creating a big partition from the start and a little one reaching the end.
After formatted the latter, the raid signature was still there.
So i opened a disk editor and zeroed it by hand (the 3 last sectors of HD).
I did the same onto the MBR and partition table (first hd sector).
A very strange behavior of Disk Management (in windows) is that after blanking partition table and the MBR and then refreshing the view in it, nothing happens. Partitions was still showed like if they had not been deleted.
Restarting windows (again on raid 5 degraded) fixed the issue and i finally saw all the changes.
It seems windows has a cache of drives configuration. It doesn't refresh the configuration from partition data at all!
Only if you make changes using Disk management you'll see them at once.
After that, i just spent 2 minute to take a performance test of single WD HD.
This is the result....
Then, i powered off the PC, and reconnected the HDD to the intel ICH9R controller and rebooted.
As expected the "new" drive was detected as "Non-RAID Disk" while the others were still joined in raid 0 failure ad raid 5 degraded.
A this point i pressed Ctrl-I to enter in raid bios.
WOW, a windows showed me a waring "
DEGRADED VOLUME DETECTED", "
Degraded volume and disk available for rebuilding detected. Selecting a disk initiates a rebuild."
I selected the "fresh new wiped" WD drive and pressed enter.
Of course, i had to fix raid 0 deleting and recreating it again.
At the end, i exited from the bios and booted again.
This time i had raid 5 in rebuilding state while the raid 0 is on state Normal as it should be.
Raid 5 partition fired up flawlessly.
Well, let's have a look at Disk Management....
As soon as i opened it, it showed me the wizard to initialize the new 300 GB disk.
At this point we have at least 3 ways we could follow:
1) Let the Disk Management init the drive for us (creating a standard master boot record and a blank primary partition table on it).
1.1) continuing on the GUI, we could create by hand all the partitions we need.
1.2) otherwise we could run a DISKPART script doing the job of creating partition for us. Of course we prepared the script by hand, looking at the raid 0 partition configuration that was there before the failure.
2) initialize the disk by hand replacing the sector 1 with the previously saved image of it.
The first two methods (1 and 1.1) or (1 and 1.2) i'm pretty confident they will work.
So i tested the 3rd one, the number 2 just to play with sector 1.
Forgive me the word's game.
I want to spend just two words about a free windows version tool usually found in linux/unix like system:
DD. Here another
link to learn more about it.
Well it is a very useful tool and it is easy to use.
You can make a bit-to-bit copy from a source to a destination.
Source and destination could be disks, as well as floppies or keyboard input. See the documentation for a list of all supported devices.
You could save an image of a floppy disk in just one step.
I used it to make a backup of MBR + Master Partition Table (Sector 1).
So, before simulating the failure of a disk, i saved the first sector of the raid 0 volume to a binary file.
The command was something like that:
DD if=\\?\Device\Harddisk0\Partition0 of=x:\backup\Disk0_sector1.img count=1
Type:
DD --list to see all the available devices and volumes you can deal with.
To restore the content from the image onto the HDD 1st sector will be:
DD of=\\?\Device\Harddisk0\Partition0 if=x:\backup\Disk0_sector1.img count=1
Very easy.
I'm going to do that replace just now and let's see what happens on sector 1...
Done.
Ok, DD wrote correctly the sector onto the HDD (i opened the sector in an Hex editor), but as stated before, neither Disk Management nor DISKPART see the changes.
I tried to rescan disks (menu Action->Rescan Disks) but nothing changed.
Tried also to go the other way around: i initialized the disk using Disk Management (OK), created a primary partition (OK) and then opened the hex editor on the sector 1.
Going ahead, i erased the whole sector filling it with 0 (zero) values, saved changes and rescanned disks from disk management: AGAIN, nothing happened!
It still shows the partition i created inside it, like the partition table was still there.
This strange behavior could be a bug or a "feature" of windows xp pro.
As stated before, only after restarting windows i could see all the changes done.
But rebooting at this point means having a partition table on raid 0 saying "hey, there is an active partition on this disk, please boot from me!".
Of course we are not ready to boot on that partition yet.
So the trick would be forcing the bios to boot from raid 5 again in order to complete the restore process.
Not very easy and time consuming.
Summing it up: if you have a single partition, Disk Management is the way to go, the easiest one. Just create your partition and you'll be ok!
If you had a complex partition scheme (primary and extended partitions), you'd use a DISKPART script and you'll have the whole scheme back in seconds.
I think i spent enough time playing at "The Sector one poor KungFu" game.
It's time to go ahead and finish the restoring process.
I have just booted from raid 5 partition and i'm going to create the primary partition where we restore the backup of C:.
We are still there....
So, i opened the disk management, initialized the disk and created a primary partition of 20 GB and did a QUICK FORMAT.
Absolutely no need to format it completely.
All needed data is already stored onto the backup.
We just need windows changes the filesystem type in the partition table for this partition from "06" to "07".
This is the master partition table before quick format:
00000001B0 0000 0000 002C 4463 7A14 09E1 0000 0001 .....,Dcz..á....
00000001C0 0100 06FE FFFF 3F00 0000 340A 8002 0000 ...þÿÿ?...4.€...
00000001D0 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000001E0 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000001F0 0000 0000 0000 0000 0000 0000 0000 55AA ..............Uª
and this is after:
00000001B0 0000 0000 002C 4463 7A14 09E1 0000 0001 .....,Dcz..á....
00000001C0 0100 07FE FFFF 3F00 0000 340A 8002 0000 ...þÿÿ?...4.€...
00000001D0 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000001E0 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000001F0 0000 0000 0000 0000 0000 0000 0000 55AA ..............Uª
Of course we again could do this change with a disk editor at any time before rebooting but it is so easy to do with disk management....hehehe
If you take a look at DriveimageXML, in the listbox containing all the partitions, under the column "Type" you'll see just those numbers.
6 for fat16-huge/non formatted partition.
7 for a NTFS formatted one.
Of course, Quick format do something more: it writes the boot sector (first sector of partition) and File allocation table for NTFS.
We could live without this extra work because the backup image of C: disk contains them.
Then, i opened DriveimageXML, selected the brand new partition (DISK0#1) just created on raid 0, selected the file to restore from and began the restore.
Well, the last thing to do is to make the partition active in order to be able booting from it and, of course, reboot and enjoy the restored system at full raid 0 speed!
Let me try it....
YESSS, IT WORKS!!!
Well, just after the reboot i checked the disk and found a minor problem fixed with "chkdsk c: /F".
Rebooted again and it went well.
So give the chkdsk a try just to be sure all went well in restoring the system.
I'm pretty happy now...heheheh.
I've to excuse me for the long post but i wanted to share with you my "try & fails" too.
Any comment will be appreciated.
Bye
JDany3D
OT1: today i got my new LG LCD 24" L245BW monitor. Men, it's fantastic! That's another reason to be happy for!
OT2: Bing, i played
Wing Chung Kung Fu for a long time in real life.....hahahahh