Recover "Logical sector size is 0" with dd
A few hours ago while I was using my pc suddenly Windows froze completely (mouse was stuck and Ctrl+Alt+Del did nothing). It's not astonishing but I was quite surprised because such a freeze never happened since I began using Windows XP on my new pc.
The problem appeared at the reboot:
grub, the bootloader on /dev/sda, showed this error message:
I have a dual boot configuration with Windows XP booting from a EIDE disk and Ubuntu booting from a SATA disk, so I entered Ubuntu, successfully; /dev/hda1 (the Windows partition) was not mounted while /dev/hda5 and /dev/hda6 were; attempting to mount it resulted in
At reboot I started Windows XP Recovery Console from the Windows CD and tried
CHKDSK.EXE, and this was the outcome:
I booted again linux to launch
fsckand see it fail:
Then I found the solution in ubuntu forum:
root@am2:/home/z24# dd if=/dev/hda1 of=/defmedia/bkup_fat32_hda1.img bs=512 count=2048000 conv=noerror,sync 2048000+0 records in 2048000+0 records out 1048576000 bytes (1.0 GB) copied, 43.61 seconds, 24.0 MB/s root@am2:/home/z24# dd if=/defmedia/bkup_fat32_hda1.img of=/home/z24/sector6.bin bs=512 count=1 skip=6 conv=noerror,sync 1+0 records in 1+0 records out 512 bytes (512 B) copied, 0.011544 seconds, 44.4 kB/s root@am2:/home/z24# dd if=/home/z24/sector6.bin of=/dev/hda1 bs=512 count=1 conv=noerror,sync,notrunc 1+0 records in 1+0 records out 512 bytes (512 B) copied, 0.030644 seconds, 16.7 kB/sExplanation:
- the first dd makes a backup of the first gigabyte of the Windows partition: I copied 1 GB only because I didn't have enough space on a ext2fs to backup all the 28 GB of /dev/hda1.
- the second dd extracts the sixth sector to a temporary file: as reported by Microsoft KB247575, "The backup FAT32 boot sector is located at sector 6 of the logical drive".
- the third
ddcopies the extracted sector 6 to sector 0 of /dev/hda1.
ddwas also checked with
mount. Thanks a lot to the ubuntuforums user Onlymee for his post!
Update 13.09.2008The same problem happened again today and gave me the opportunity to complete the series of error messages :)
The first, at boot time, was the same: Mounting the partition (
mount -t vfat /dev/sda1 /mnt):
dmesg | grep sda1But
fdisk -l /dev/sdashows the partition table.
fsck.vfat /dev/sda1(executed from Ubuntu 8.04 alternate cd) The solution was exactly the same: copy the sixth sector back to the first. And voilà, it booted.
Accessing and changing the registry from outside Windows
Problem: I got myself locked out of my pc
Solution: access the registry from outside Windows and change the account lockout settings
After enabling Remote Desktop access to access from my notebook to my pc through my wireless LAN, I was playing around with account locking settings to defend from possible brute force attacks coming through the WLAN (supposing the attacker cracked the WPA-PSK password): I set the lock so that after two failed attempts to login the account would be locked until the administrator (me) unlocks it manually.
I wanted to adopt such a security measure for RDP access only, but unfortunately the account lockout policy is valid for any login attempt, being it local or remote.
Then, as a slight security measure, I also disabled the administrator user (my user is already an administrator and an attacker should also find a valid username).
I mistyped the password twice and I got myself stuck: administrator and guest were disabled and my account was locked.
After rebooting, at the logon screen there were no more users, so that the "To begin, click your username" sentence on the left sounded like a joke, having absolutely nothing on the right.
The solution was obvious:
- try to access and change the registry from linux (I have dual boot)
- manually restore a previous version of the registry
I solved using Offline NTPassword & Registry Editor, an offline regitry editor on a boot disk; I made the floppy, rebooted and then I started looking in the registry the affecting keys, but it was not necessary: there's a feature to edit the accounts, and that allowed me to enable the administrator.
I also found dumphive, a useful program to dump the registry hives to text files.
Instead on www.beginningtoseethelight.org there's plenty of Windows NT, 2000 and XP low level settings and hacks, I would say "all about the registry": for instance, where and how users and passwords, including account statistics and policies, are stored and encoded in the SAM hive of the registry, and a schematic explanation of the registry structure; and don't miss the other sections of the site, they're enlightening too.
About the second option, there's a Microsoft article that explains how to manually restore the registry to a previous state.