Recover "Logical sector size is 0" with dd

A few hours ago while I was using my pc suddenly Windows froze completely (mouse was stuck and Ctrl+Alt+Del did nothing). It's not astonishing but I was quite surprised because such a freeze never happened since I began using Windows XP on my new pc.
The problem appeared at the reboot: grub, the bootloader on /dev/sda, showed this error message:

13 : Invalid or unsupported executable format

I have a dual boot configuration with Windows XP booting from a EIDE disk and Ubuntu booting from a SATA disk, so I entered Ubuntu, successfully; /dev/hda1 (the Windows partition) was not mounted while /dev/hda5 and /dev/hda6 were; attempting to mount it resulted in

Special device /dev/hda1 does not exist

At reboot I started Windows XP Recovery Console from the Windows CD and tried CHKDSK.EXE, and this was the outcome:

The volume appears to contain one or more unrecoverable problems

I booted again linux to launch fsck and see it fail:

Logical sector size is zero.

Then I found the solution in ubuntu forum:

root@am2:/home/z24# dd if=/dev/hda1 of=/defmedia/bkup_fat32_hda1.img bs=512 count=2048000 conv=noerror,sync
2048000+0 records in
2048000+0 records out
1048576000 bytes (1.0 GB) copied, 43.61 seconds, 24.0 MB/s

root@am2:/home/z24# dd if=/defmedia/bkup_fat32_hda1.img of=/home/z24/sector6.bin bs=512 count=1 skip=6 conv=noerror,sync
1+0 records in
1+0 records out
512 bytes (512 B) copied, 0.011544 seconds, 44.4 kB/s

root@am2:/home/z24# dd if=/home/z24/sector6.bin of=/dev/hda1 bs=512 count=1 conv=noerror,sync,notrunc
1+0 records in
1+0 records out
512 bytes (512 B) copied, 0.030644 seconds, 16.7 kB/s

Explanation:

• the first dd makes a backup of the first gigabyte of the Windows partition: I copied 1 GB only because I didn't have enough space on a ext2fs to backup all the 28 GB of /dev/hda1.
• the second dd extracts the sixth sector to a temporary file: as reported by Microsoft KB247575, "The backup FAT32 boot sector is located at sector 6 of the logical drive".
• the third dd copies the extracted sector 6 to sector 0 of /dev/hda1.

In the original post the partition that was just backupped with dd was also checked with losetup and mount. Thanks a lot to the ubuntuforums user Onlymee for his post!

Update 13.09.2008

The same problem happened again today and gave me the opportunity to complete the series of error messages :)
The first, at boot time, was the same:

grub: 13 : Invalid or unsupported executable format

Mounting the partition (mount -t vfat /dev/sda1 /mnt):

mount: wrong fs type, bad option, bad superblock on /dev/sda1, missing codepage or other error

dmesg | grep sda1

VFS: Can't find a valid FAT filesystem on dev sda1

But fdisk -l /dev/sda shows the partition table.
fsck.vfat /dev/sda1 (executed from Ubuntu 8.04 alternate cd)

Cluster size is zero

The solution was exactly the same: copy the sixth sector back to the first. And voilà, it booted.

Posted by: z24 | Sun, Jun 24 2007 | Category: /hardware | Permanent link | home
Tagged as: error, grub, hardware, linux, system recover

---

Accessing and changing the registry from outside Windows

Problem: I got myself locked out of my pc
Solution: access the registry from outside Windows and change the account lockout settings

After enabling Remote Desktop access to access from my notebook to my pc through my wireless LAN, I was playing around with account locking settings to defend from possible brute force attacks coming through the WLAN (supposing the attacker cracked the WPA-PSK password): I set the lock so that after two failed attempts to login the account would be locked until the administrator (me) unlocks it manually.
I wanted to adopt such a security measure for RDP access only, but unfortunately the account lockout policy is valid for any login attempt, being it local or remote.
Then, as a slight security measure, I also disabled the administrator user (my user is already an administrator and an attacker should also find a valid username).
I mistyped the password twice and I got myself stuck: administrator and guest were disabled and my account was locked.
After rebooting, at the logon screen there were no more users, so that the "To begin, click your username" sentence on the left sounded like a joke, having absolutely nothing on the right.

The solution was obvious:

1. try to access and change the registry from linux (I have dual boot)
2. manually restore a previous version of the registry

I solved using Offline NTPassword & Registry Editor, an offline regitry editor on a boot disk; I made the floppy, rebooted and then I started looking in the registry the affecting keys, but it was not necessary: there's a feature to edit the accounts, and that allowed me to enable the administrator.

I also found dumphive, a useful program to dump the registry hives to text files.

Instead on www.beginningtoseethelight.org there's plenty of Windows NT, 2000 and XP low level settings and hacks, I would say "all about the registry": for instance, where and how users and passwords, including account statistics and policies, are stored and encoded in the SAM hive of the registry, and a schematic explanation of the registry structure; and don't miss the other sections of the site, they're enlightening too.
About the second option, there's a Microsoft article that explains how to manually restore the registry to a previous state.

Posted by: Z24 | Fri, Apr 20 2007 | Category: /windows | Permanent link | home
Tagged as: system recover, windows, xp

---