Magnum One

home *** CD-ROM | disk | FTP | other *** search

/ Magnum One / Magnum One (Mid-American Digital) (Disc Manufacturing).iso / d22 / fixfat.arc / FAT.FIX next >

Wrap

Text File | 1988-03-24 | 16.6 KB | 356 lines

October 20, 1987 It doesn't take a trojan to wipe out your hard disk! My FATs (File Allocation Table) were wiped out when I had several TSRs loaded, a DOS shell on top of those and I loaded another COMMAND.COM on top of that. When my word processor ran out of memory the whole stack of programs crashed and wrote garbage over my FAT. When I rebooted the computer it wouldn't boot off the hard disk. I hadn't backed up my drives for four months and I was facing the loss of close to 40MB of memory off two 20MB drives. When I ran CHKDSK it came up with the cyptic message "Probable non-DOS disk. Continue (Y/N)?" Of course it was a DOS disk. What was going on? Well I finally figured out I had access to a couple of subdirectories but my disk was obviously wasted. I was desperate. What do I do now? Norton Utilities wouldn't read the disk saying I was running out of memory. I didn't have MACE so I don't know how that program would have worked. Then I remembered -- there are two copies of the FAT on a disk. It seems DOS writes two copies of the FAT every time a change is made but it only reads the first when reading the disk. The second FAT isn't even used for CHKDSK. Was that FAT still in one piece? Fortunately it was. Now all I had to do was get the second copy of the FAT copied over to where the first one was. How do you do this? If you're like me you take a stab at it using DEBUG. It actually took me three days to figure out how the process worked but once I knew all the steps it only took about 15 minutes for the entire operation. I'm writing this file in the hope that I can help someone else in similar circumstances to bypass the three day portion. I have two Seagate ST-225's formatted under 3.10 and I'm not sure that everything will work the same for other versions of DOS or if you have a RLL controller. But what are your alternatives? First let me explain how a hard drive is set up at the byte level. Your disk is set up with sectors labeled in ascending sequence starting at zero. Depending under what DOS you are formatted with, the Boot sector occupies the first sector, the FAT is in sectors 1-82, the root directory is sector 83 and all the rest of your subdirectories and files occupy the remainder of the disk. So right now we have: Sector 0 Boot record Sector 1-82 FATs Sector 83 Root directory Sector 84-? Subdirectories and files Using DEBUG the BOOT sector should look like this under 3.10 (similar under other versions). Notice the identifying IBM 3.1 on the first line. This is the version the disk was formatted under. xxxx:0100 EB 29 90 49 42 4D 20 20-33 2E 31 00 02 04 01 00 .).IBM 3.1..... xxxx:0110 02 00 02 3B A2 F8 29 00-11 00 04 00 11 00 80 00 ...;..)......... xxxx:0120 00 00 00 00 0F 00 00 00-00 01 00 FA 33 C0 8E D0 ............3... xxxx:0130 BC 00 7C 16 07 BB 78 00-36 C5 37 1E 56 16 53 BF ..|...x.6.7.V.S. xxxx:0140 20 7C B9 0B 00 FC AC 26-80 3D 00 74 03 26 8A 05 |.....&.=.t.&.. xxxx:0150 AA 8A C4 E2 F1 06 1F 89-47 02 C7 07 20 7C FB CD ........G... |.. xxxx:0160 13 72 67 A0 10 7C 98 F7-26 16 7C 03 06 1C 7C 03 .rg..|..&.|...|. xxxx:0170 06 0E 7C A3 34 7C A3 2C-7C B8 20 00 F7 26 11 7C ..|.4|.,|. ..&.| xxxx:0180 8B 1E 0B 7C 03 C3 48 F7-F3 01 06 2C 7C BB 00 05 ...|..H....,|... xxxx:0190 A1 34 7C E8 96 00 B8 01-02 E8 AA 00 72 19 8B FB .4|.........r... xxxx:01A0 B9 0B 00 BE BE 7D F3 A6-75 0D 8D 7F 20 BE C9 7D .....}..u... ..} xxxx:01B0 B9 0B 00 F3 A6 74 18 BE-5F 7D E8 61 00 32 E4 CD .....t.._}.a.2.. xxxx:01C0 16 5E 1F 8F 04 8F 44 02-CD 19 BE A8 7D EB EB A1 .^....D.....}... xxxx:01D0 1C 05 33 D2 F7 36 0B 7C-FE C0 A2 31 7C A1 2C 7C ..3..6.|...1|.,| xxxx:01E0 A3 32 7C BB 00 07 A1 2C-7C E8 40 00 A1 18 7C 2A .2|....,|.@...|* xxxx:01F0 06 30 7C 40 50 E8 4E 00-58 72 CF 28 06 31 7C 76 .0|@P.N.Xr.(.1|v xxxx:0200 0C 01 06 2C 7C F7 26 0B-7C 03 D8 EB D9 8A 2E 15 ...,|.&.|....... xxxx:0210 7C 8A 16 1E 7C 8B 1E 32-7C EA 00 00 70 00 AC 0A |...|..2|...p... xxxx:0220 C0 74 22 B4 0E BB 07 00-CD 10 EB F2 33 D2 F7 36 .t".........3..6 xxxx:0230 18 7C FE C2 88 16 30 7C-33 D2 F7 36 1A 7C 88 16 .|....0|3..6.|.. xxxx:0240 1F 7C A3 2E 7C C3 B4 02-8B 16 2E 7C B1 06 D2 E6 .|..|......|.... xxxx:0250 0A 36 30 7C 8B CA 86 E9-8B 16 1E 7C CD 13 C3 0D .60|.......|.... xxxx:0260 0A 4E 6F 6E 2D 53 79 73-74 65 6D 20 64 69 73 6B .Non-System disk xxxx:0270 20 6F 72 20 64 69 73 6B-20 65 72 72 6F 72 0D 0A or disk error.. xxxx:0280 52 65 70 6C 61 63 65 20-61 6E 64 20 73 74 72 69 Replace and stri xxxx:0290 6B 65 20 61 6E 79 20 6B-65 79 20 77 68 65 6E 20 ke any key when xxxx:02A0 72 65 61 64 79 0D 0A 00-0D 0A 44 69 73 6B 20 42 ready.....Disk B xxxx:02B0 6F 6F 74 20 66 61 69 6C-75 72 65 0D 0A 00 49 42 oot failure...IB xxxx:02C0 4D 42 49 4F 20 20 43 4F-4D 49 42 4D 44 4F 53 20 MBIO COMIBMDOS xxxx:02D0 20 43 4F 4D 00 00 00 00-00 00 00 00 00 00 00 00 COM............ xxxx:02E0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ xxxx:02F0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 55 AA ..............U. I've listed the boot sector only so that you can compare it to your's and see if it's intact. In my case it wasn't and I had to get it from another disk. Alternatively you could enter it onto the disk using debug. The next portion of your disk is the FAT. Here is what the first portion of mine looks like. xxxx:0300 F8 FF FF FF 03 00 04 00-05 00 06 00 FF FF 08 00 ................ xxxx:0310 09 00 0A 00 0B 00 0C 00-0D 00 0E 00 0F 00 10 00 ................ xxxx:0320 11 00 12 00 13 00 14 00-FF FF 16 00 17 00 18 00 ................ xxxx:0330 19 00 1A 00 1B 00 1C 00-1D 00 1E 00 1F 00 20 00 .............. . xxxx:0340 FF FF FF FF FF FF FF FF-25 00 26 00 27 00 28 00 ........%.&.'.(. xxxx:0350 29 00 2A 00 2B 00 2C 00-FF FF 2E 00 2F 00 30 00 ).*.+.,...../.0. xxxx:0360 31 00 32 00 33 00 34 00-35 00 36 00 37 00 38 00 1.2.3.4.5.6.7.8. xxxx:0370 39 00 3A 00 3B 00 3C 00-3D 00 3E 00 3F 00 40 00 9.:.;.<.=.>.?.@. The FAT is the road map which DOS uses to find it's way around your disk. When DOS needs to access a file it finds the first sector the file is in by looking it up in the directory listing. Then it takes a look at the FAT listing for that sector. If the FAT for that sector is a FFFF there are no more sectors for DOS to read. If there is a number there that is the number to the next sector which the file is in. DOS goes to the next sector and continues on until it reaches a FFFF. It's fairly easy to read this. Each word (2 bytes) corresponds to a disk sector. Two rules to this table. All the numbers are in hex and the words have the bytes reversed. So if you were looking at a word from the table that read "EF 12" first you would invert them "12 EF". Next convert them to decimal. 12EF hex = 4847 decimal. The first file starts in sector 2, goes to 3, 4, 5 and then 6 where it reads a FFFF and stops. Since your system files are normally the first files on a disk the first couple of files should be contiguous. This will help you locate the start of your FAT. Hopefully the next figure will make it clearer. Sector --> 0 1 2 3 4 5 6 7 | | | | | | | | / \ / \ / \ / \ / \ / \ / \ / \ xxxx:0300 F8 FF FF FF 03 00 04 00-05 00 06 00 FF FF 08 00 ................ Sector --> 8 9 10 11 12 13 14 15 | | | | | | | | / \ / \ / \ / \ / \ / \ / \ / \ xxxx:0310 09 00 0A 00 0B 00 0C 00-0D 00 0E 00 0F 00 10 00 ................ Sector --> 16 17 18 19 20 21 22 23 | | | | | | | | / \ / \ / \ / \ / \ / \ / \ / \ xxxx:0320 11 00 12 00 13 00 14 00-FF FF 16 00 17 00 18 00 ................ The first byte is is not a sector but a special marker which tells DOS what type of disk it is. Now that you have an idea how to read the FAT I'll explain a little bit about DEBUG so that you can read the FAT from your disk and manipulate it if neccessary. First DEBUG only understands hexadecimal numbers. So in the following discussion all numbers are in hex unless otherwise noted. DEBUG uses single letters for all it's commands. The ones you will need are explained below. There are more DEBUG commands but since explaining DEBUG is not the intent of this file I will have to direct you to your manual for any additional ones you may be interested in. The DEBUG prompt is a very unimposing dash "-". All commands are entered from the "-". Dump command - displays a portion of memory syntax - D address or range address - address to start displaying memory range - range of memory to display notes - if no address is specified display starts at current instruction pointer address Fill command - fills a specified range of memory with any list of characters syntax - F range list range - fill specified range list - bytes to fill range with Load command - Loads a file or disk sectors into memory syntax - L address drive sector sector address - memory address to start loading at drive - drive number to load from (A: is 0, B: is 1) sector - beginning sector of drive sector - ending sector of drive notes - max sectors to load is 80 (hex) Move command - Moves the contents of memory from one location to another. syntax - M range address range - range of memory to move address - address to move to notes - actually this is a copy operation. The source code isn't changed unless the move operation overwrites it. Name command - assigns a name for the W command to use syntax - N d:path filename.ext notes - drive and path are optional. Quit command - quit debug syntax - Q notes - self explanatory Register command - displays and optionally changes value of a register syntax - R registername registername - name of register to change. Search command - Searches a specified area of memory syntax - S range list range - range of memory to search list - list of bytes to search for notes - if no matches are found you will be returned to the DEBUG prompt Write command - writes the contents of memory to disk syntax - W address drive sector sector address - beginning address of memory to write drive - drive to write to sector - sector to begin writing on sector - number of sectors to write notes - this is a VERY DANGEROUS command as you are writing to absolute disk sectors and bypassing DOS. Ensure you are entering correct information. There is no backing up from this one. - if writing to a file the CX register must be set. Now to the actual steps to fix your FAT (we hope). Boot your computer with a system formatted disk in A: Have the minimum of files on this disk as we will be writing the FAT to this disk in case of a mistake. The only files you should need beside the system files is COMMAND.COM and DEBUG.COM In the following discussion it is assumed your hard disk is C: First you have to load the entire FAT into memory. If your disk is setup different then mine you will have to experiment to load just the boot sector and FAT. Before we load the FAT, just to make sure we'll clear the spot of memory we're going to use. Remember that all numbers are in hex. Do not type the items in {notes and explanations} To find the second copy of the FAT you can search for the first four bytes of the FAT or the sequence of sectors 3, 4, 5. Then subtract the start of the first FAT from the start of the second. This will give you the length of the FAT. Then add the length of the FAT to the start of the second FAT. This should be the end of the second FAT. Make sure this is the end of the display in memory. The xxxx can be any number, it depends on your computer. A:\ {DOS prompt} >debug {enter DEBUG} -F 0 ffff 00 {fill memeory with 0's just in case} -L 100 3 0 53 {load boot sector and FAT} -S 0 L FFFF F8 FF FF FF {search from 0 to FFFF for the string F8 FF FF FF} \ xxxx:0300 {my computer responds with this \ xxxx:5500 first FAT at 0300, second at 5500} \ \ OR / / / -S 0 FFFF 03 00 04 00 {search from 0 to FFFF for the / string 03 00 04 00} xxxx:0304 {FAT starts at even number 0300 xxxx:5504 and 5500} -D 5500 {display second FAT to make sure we can use it} xxxx:5500 F8 FF FF FF 03 00 04 00-05 00 06 00 FF FF 08 00 ................ xxxx:5510 09 00 0A 00 0B 00 0C 00-0D 00 0E 00 0F 00 10 00 ................ xxxx:5520 11 00 12 00 13 00 14 00-FF FF 16 00 17 00 18 00 ................ xxxx:5530 19 00 1A 00 1B 00 1C 00-1D 00 1E 00 1F 00 20 00 .............. . xxxx:5540 FF FF FF FF FF FF FF FF-25 00 26 00 27 00 28 00 ........%.&.'.(. A-rcx {change CX register to end of FAT} CX 0000 {DEBUG responds with this} :a600 {you type this, may need to be adjusted for your disk} -n fatc {write file to floppy disk with this name, this is the backup in case a mistake is made} -w {this will write your C: FAT to floppy} Writing A600 bytes {DEBUG responds with this} -q {quit DEBUG} At this point you should check the file on the floppy. It should be about 50K long. Look at it using your favorite viewing program to make sure it was written correctly. The biggest item to look for is that the boot sector is the first portion of the file. Up to this point we haven't modified anything on the hard drive. The next step will directly modify the sectors on the hard drive. Make sure you understand what you are doing if your disk is configured different than mine. :\ {DOS prompt} >debug {enter DEBUG} -f 0 ffff 00 {fill memeory with 0's just in case} -l 100 3 0 53 {load boot sector and FAT} -M 5500 A700 300 {copy second FAT to position of first FAT} -W 100 3 0 53 {write the whole thing back to hard disk. this is the inverse of the L command} -Q {quit debug} If everything worked your hard drive should now be operational. I recommend you run chkdsk to see if there are any errors, fix them if any, backup your disk, then do a low level format. If you find this file useful (or suggestions to expand it) you can reach me at EXEC-PC 414-768-5160 MBBS 414-xxx-xxxx Erik Dufek