Prev: Blogging clients on Debian - Blogilo and b2evolution
Next: Automatize pressing of "YES" while doing ssh
From: j3 on 17 Jan 2010 19:39
I had CentOS 5.2 installed with sda1 (100MB /boot) and sda2 (20GB /)
identically on several machines.
I installed CentOS 5.4 on machine1 and cloned sda1 and sda2 to
machine2 (which previously had the CentOS 5.2 installation. machine2
then wouldn't boot, but simply displayed "GRUB ". I concluded that
the MBR must have changed between CentOS 5.2 and 5.4, which is quite
reasonable. Sure enough, 3 bytes of the boot code are different, and
updating those on machine2 results in it being bootable again. Great.
However, when I look at the change to the boot code in the MBR it
puzzles me. I used "objdump -D -d binary -mi386 -Maddr16,data16 sda-
mbr.dat" to disassemble the MBR and although I don't understand the
assembly language, I understand enough to be quite surprised. The
area of difference is at offset 0x43.
In CentOS 5.2 the installed MBR contained
3f: 02 80 00 00 add 0(%bx,%si),%al
43: 80 3b 02 cmpb $0x2,(%bp,%di)
46: 01 00 add %ax,(%bx,%si)
48: 00 08 add %cl,(%bx,%si)
4a: fa cli
4b: 90 nop
while in CentOS 5.4 the installed MBR contained
3f: 02 80 00 00 add 0(%bx,%si),%al
43: 80 41 78 00 addb $0x0,120(%bx,%di)
47: 00 00 add %al,(%bx,%si)
49: 08 fa or %bh,%dl
4b: 90 nop
What surprises me is that "3b 02 01" changes to "41 78 00" and this
changes how the subsequent instructions are interpreted as if one of
these sets of instructions is out of phase with parameters being
interpreted as commands.
Can both forms be correct?
From: John Reiser on 17 Jan 2010 20:07
On 01/17/2010 04:39 PM, j3 wrote:
> In CentOS 5.2 the installed MBR contained
> 43: 80 3b 02 cmpb $0x2,(%bp,%di)
> 46: 01 00 add %ax,(%bx,%si)

> 4a: fa cli
> 4b: 90 nop
> while in CentOS 5.4 the installed MBR contained
> 43: 80 41 78 00 addb $0x0,120(%bx,%di)

> 49: 08 fa or %bh,%dl
> 4b: 90 nop

You missed this part:
0x0: jmp 0x4a
The differing bytes are in the DOS label area,
and are not executable code.
From: j3 on 17 Jan 2010 20:37
On Jan 18, 2:07 pm, John Reiser <jreise...(a)comcast.net> wrote:
> On 01/17/2010 04:39 PM, j3 wrote:
>
> You missed this part:
>    0x0: jmp    0x4a
> The differing bytes are in the DOS label area,
> and are not executable code.

Thanks, John. A blunder on my part!
Much appreciated,
Jeffrey.
From: j3 on 17 Jan 2010 22:38
On Jan 18, 2:37 pm, j3 <jeff.8...(a)yahoo.com> wrote:
> On Jan 18, 2:07 pm, John Reiser <jreise...(a)comcast.net> wrote:
>
> > On 01/17/2010 04:39 PM, j3 wrote:
>
> > You missed this part:
> >    0x0: jmp    0x4a
> > The differing bytes are in the DOS label area,
> > and are not executable code.
>
> Thanks, John.  A blunder on my part!
> Much appreciated,
> Jeffrey.

On further reading (http://mirror.href.com/thestarman/asm/mbr/
GRUB.htm) I see that the bytes in question appear to be the sector
address of the GRUB stage 2 file, which makes sense - change that and
GRUB can't load the next stage, so it fails. Or in my case,
overwrite /dev/sda1 so that the stage 2 file location changes and we
have the same effect.
So the conclusion is that nothinghas changed in the GRUB MBR between
CentOS 5.2 and 5.4. Rather, when GRUB is installed the stage 2 file
sector address is embedded into the MBR and that's the difference that
I observed.
 | 
Pages: 1
Prev: Blogging clients on Debian - Blogilo and b2evolution
Next: Automatize pressing of "YES" while doing ssh