If you are using util-linux prior to version 2.12b, specifying an offset that required more than 32-bits was not possible.

Attempting to mount my ext3 partition near the end of the disk with a 2.11 version of util-linux yields (7695198 * 512 = 3939941376):

faith:/usr/src#  mount -o loop,offset=3939941376
-t ext3 /nebula/hda_dd.image /mnt
mount: wrong fs type, bad option, bad superblock on /dev/loop0,
or too many mounted file systems

Fortunately, we aren’t done yet. The second method utilizes a loopback device designed to mount partitions within the image without an offset limitation. In fact, no offset need be specified at all.
Mounting with a Special Patch

As this was written back in 2004, I do not believe the NASA loopback patch is still around.

You will need to patch your kernel to use the enhanced loopback device. This patch alters the way the loopback device works. You will no longer be able to mount partitions via the loopback device beyond /dev/loop0. If you use /dev/loop[1-7] this could be a show stopper for you; Check out the last method.

The patch is currently available against 2.4.20 and 2.4.21 prepatch 4. You will need to fetch the patch from NASA HQ’s public FTP server. It’s the enhanced_loop-x.x-linux-2.4.x-xfs.patch file located there. You can also fetch the XFS patch for 2.4.21-pre4 and the 2.4.21-pre4 patch itself as of this writing. I used 2.4.21-pre4 with Alan Cox’s -ac7. For convenience, a patched kernel ready for compiling is also available.

faith:/usr/src/linux-2.4.20#  patch
-p1 < ../enhanced_loop-0.2-linux-2.4.21-pre4-xfs.patch
patching file drivers/block/loop.c
patching file Makefile
Hunk # 1 FAILED at 1.
1 out of 1 hunk FAILED — saving rejects to file Makefile.rej

Don’t worry about the Makefile reject; It’s just the EXTRA_VERSION variable. (That’s because I used -ac7.)

Now, recompile your kernel in the usual way (I use Debian GNU/Linux’s make-kpkg command) and make sure you enable the loopback device if it isn’t already. When that task is complete, reboot with your shiny new kernel.

To accomodate the enhanced loopback device, some new entries need to be created in /dev. A script named createdev is available to handle that task for you, and it can be run at start up if you’re running devfs to recreate the entries for you at boot. You can fetch the script from NASA HQ. You may need to comment out the sourcing of the RedHat functions within the script if you aren’t on a RedHat based distribution, like Debian. By default the script will create enough entries in /dev for a fifteen disks with up to fifteen partitions. You can adjust that to your requirements within the script. It will blow away any existing /dev entries it has added if you change configurations, so you need not tend to them yourself.

faith:/nebula#  vi createdev
faith:/nebula#  bash createdev start
faith:/nebula#

Once you’ve run the script, you should find a entries like the following in your /dev directory:

faith:/#  ls /dev/loop[a-zA-Z]*
/dev/loopa    /dev/loopd12  /dev/loopg2
/dev/loopj6   /dev/loopn   /dev/loopa1
/dev/loopd13  /dev/loopg3   /dev/loopj7
/dev/loopn1   /dev/loopa10  /dev/loopd14
/dev/loopg4   /dev/loopj8   /dev/loopn10
/dev/loopa11  /dev/loopd15  /dev/loopg5
/dev/loopj9   /dev/loopn11

With the kernel up and running, you also need to acquire a modified copy of losetup, the loopback setup program. If you’re running an RPM based distribution, you’re in luck. You can fetch the modified losetup by making another journey to NASA HQ’s FTP server. Rebuild it with rpmbuild -bb and install. If you’re running Debian GNU/Linux, as I am, you can install the rpm package with the usual apt-get command. Then, you could either build the RPM package and use alien to convert it to a Debian package or use rpm2cpio to create a cpio archive of the RPM. For the latter, you can extract the source from the resultant cpio archive and compile:

faith:/usr/src#  rpm2cpio loop-utils-0.0.1-1.src.rpm > loop-utils.cpio
faith:/usr/src#  cpio -i < loop-utils.cpio
39 blocks
faith:/usr/src#  tar -zxvf loop-utils-0.0.1.tar.gz
loop-utils-0.0.1/
loop-utils-0.0.1/COPYING
loop-utils-0.0.1/Makefile
loop-utils-0.0.1/loimginfo.c
loop-utils-0.0.1/lomount.c
loop-utils-0.0.1/lomount.h
loop-utils-0.0.1/loop.h
loop-utils-0.0.1/loop.sgml
loop-utils-0.0.1/losetgeo.c
loop-utils-0.0.1/lotest.c
loop-utils-0.0.1/nls.h
loop-utils-0.0.1/partinfo.c
faith:/usr/src#  cd loop-utils-0.0.1

You may wish to edit the Makefile, which sticks things in /usr by default. I changed it to /usr/local and added ${prefix} as the path for the sbin_prefix variable. It originally had no value at all, but is later used when installing the losetup binary, which would instead end up in your /sbin directory. Oops.

faith:/usr/src/loop-utils-0.0.1#  make
gcc -Wall -Wstrict-prototypes -O6 -DVERSION='”0.3.9″‘
-DLOG2_NR_PARTITION=’4’   -c -o losetgeo.o losetgeo.c
gcc   losetgeo.o   -o losetgeo
gcc -Wall -Wstrict-prototypes -O6 -DVERSION='”0.3.9″‘
-DLOG2_NR_PARTITION=’4’   -c -o loimginfo.o loimginfo.c
gcc   loimginfo.o   -o loimginfo
gcc -Wall -Wstrict-prototypes -O6 -DVERSION='”0.3.9″‘
-DLOG2_NR_PARTITION=’4’   -c -o partinfo.o partinfo.c
gcc   partinfo.o   -o partinfo
gcc -DMAIN -D_FILE_OFFSET_BITS=64 lomount.c -o losetup.o
<warnings…>
ld losetup.o -o losetup
gcc -Wall -Wstrict-prototypes -O6 -DVERSION='”0.3.9″‘
-DLOG2_NR_PARTITION=’4’   -c -o lotest.o lotest.c
gcc   lotest.o   -o lotest
sgml2latex loop.sgml
Processing file loop.sgml
sgml2html -s 0 loop.sgml
Processing file loop.sgml
sgml2info loop.sgml
Processing file loop.sgml
echo “START-INFO-DIR-ENTRY” > loop.info.2
echo “* Loop: (loop). Block device loopback package.”
>> loop.info.2
echo “END-INFO-DIR-ENTRY” >> loop.info.2
cat loop.info.2 loop.info > loop.info.3
rm loop.info.2
mv loop.info.3 loop.info

Now, let’s test drive our new loopback device.

faith:/nebula#  /usr/local/sbin/losetup -d /dev/loopa
faith:/nebula#  /usr/local/sbin/losetup /dev/loopa hda_dd.image
faith:/nebula#  mount -t ntfs /dev/loopa1 /mnt
faith:/nebula#  ls /mnt
AUTOEXEC.BAT
boot.ini
CONFIG.SYS
Corel
Documents and Settings
IO.SYS
MSDOS.SYS
NTDETECT.COM
ntldr
PUTTY.RND
Program Files
pagefile.sys
RECYCLER
System Volume Information
WINNT
faith:/nebula#  umount /mnt
faith:/nebula#  /usr/local/sbin/losetup -d /dev/loopa
faith:/nebula#

By jasonb

You can use dd to extract the partition of interest manually and then mount it via loopback. Again, the assumption of 512 bytes per sector is assumed here. As explained in Brian Carrier’s March 15th Sleuth Kit Informer column, Splitting The Disk, we can pass dd the starting sector of the partition in question and calculate the size and allow it to extract it for us. For example, let’s extract my ext3 partition, then mount it on loopback.

We pass dd bytes at a time size (bs option) of 512. Next, we pass it the starting sector of my ext3 partition from the fdisk output above, 7695198, as the number of blocks to skip ahead in the image. Last, we calculate the size as explained in the Sleuth Kit Informer above by taking the starting and ending sectors of the partition, subtracting them, then adding one (9510479 – 7695198 + 1 = 1815282).

Ronald Woelfel raised an interesting question about a missing sector on partitions with an odd number of sectors, which was explained thusly by Brian Carrier of Sleuth Kit fame: ”The reason that you noticing the difference is likely because your linux system has the 2.4 kernel, which has a bug when accessing disk or partition devices. If a partition or disk has an odd number of sectors, the last sector is not read.”

faith:/home/jasonb#  dd if=/nebula/hda_dd.image of=/nebula/test.image
bs=512 skip=7695198 count=1815282
1815282+0 records in
1815282+0 records out

Once dd completes, you can mount the image as you normally would:

faith:/home/jasonb#  mount -o loop -t ext3 /nebula/test.image /mnt
faith:/home/jasonb#  ls /mnt
bin    dev     home    lib opt   sbin  var
boot   etc     import  lost+found  proc  tmp   vmlinuz
cdrom  floppy  initrd  mnt root  usr   vmlinuz.old
faith:/home/jasonb#  umount /mnt

By jasonb

When dealing with partition mounting within an image file it is always best to examine the partition table of the original disk.
To do this type:

fdisk -l /dev/sda (/dev/sda is the standard first hard drive device location.  Modify this accordingly to meet your drive situation)

Disk /dev/sda: 1024 MB, 1024966656 bytes
255 heads, 63 sectors/track, 124 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot      Start         End      Blocks   Id  System
/dev/sda1               1          20      160618+  83  Linux
/dev/sda2              21         124      835380   83  Linux

Create an image of the disk

dd if=/dev/sda of=test.dd

Verify your image integrity (sanity)

fdisk -C 124 test.dd

WARNING: DOS-compatible mode is deprecated. It’s strongly recommended to
switch off the mode (command ‘c’) and change display units to
sectors (command ‘u’).

Command (m for help):

Press “p” and “enter”

Command (m for help): p

Disk test.dd: 0 MB, 0 bytes
255 heads, 63 sectors/track, 124 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x73e7e9f6

Device Boot      Start         End      Blocks   Id  System
test.dd1               1          18      144553+  83  Linux
test.dd2              19         124      851445   83  Linux

These typically should be identicle.  If not you may still be able to mount the partition

Let’s say that we want to mount the second partition.  We can do this by calculating the offset.

First do the following:

fdisk -l -u -C 124 test.dd

Disk test.dd: 0 MB, 0 bytes
255 heads, 63 sectors/track, 1 cylinders, total 0 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x73e7e9f6

Device Boot      Start         End      Blocks   Id  System
test.dd1              63      289169      144553+  83  Linux
test.dd2          289170     1992059      851445   83  Linux

The starting sector is at 289170.  Since we can see from the above partition structure that our Sector size it 512 bytes.  To calculate the “byte” offset that we will need to use multiply the following:
289170 x 512 = 148055040
So 148055040 is our offset

sudo mount -t ext2 -o loop,offset=148055040 test.dd /mnt/
[sudo] password for user:
user@pc:~/home/example$ cd /mnt
user@pc:/mnt$ ls
boot  etc  lib  lost+found  mnt  root  usr  var

We now have full access to the second partition within this disk image.

To look at your DHCP settings in linux do the following:

cat /var/lib/dhcp3/dhclient.leases

If you are using multiple NICs then it is best to cd to /var/lib/dhcp3/
and ls what .leases are there.

For Windows users this is similar to ipconfig /all.
The .leases file actually show more information though.


How do I copy MBR from one hard disk to another hard disk under Debian Linux?

To copy MBR simply use the dd command. dd command works under all Linux distros and other UNIX like operating systems too. A master boot record (MBR) is the 512-byte boot sector that is the first sector of a partitioned data storage device of a hard disk.

MBR Total Size

446 + 64 + 2 = 512

Where,

• 446 bytes – Bootstrap.
• 64 bytes – Partition table.
• 2 bytes – Signature.

512 vs 446 Bytes

• Use 446 bytes to overwrite or restore your /dev/XYZ MBR boot code only with the contents of $mbr.backup.file.
• Use 512 bytes to overwrite or restore your /dev/XYZ the full MBR (which contains both boot code and the drive’s partition table) with the contents of $mbr.backup.file.

dd command to copy MBR (identically sized partitions only)

Type dd command as follows:
dd if=/dev/sda of=/dev/sdb bs=512 count=1
Above command will copy 512 bytes (MBR) from sda to sdb disk. This will only work if both discs have identically sized partitions.

dd command for two discs with different size partitions

# dd if=/dev/sda of=/tmp/mbrsda.bak bs=512 count=1
Now to restore the image to any sdb:
# dd if=/tmp/mbrsda.bak of=/dev/sdb bs=446 count=1
The above commands will preserve the partitioning schema.

Linux sfdisk Command Example

Linux sfdisk command can make a backup of the primary and extended partition table as follows. It creates a file that can be read in a text editor, or this file can be used by sfdisk to restore the primary/extended partition table. To back up the partition table /dev/sda, enter:
# sfdisk -d /dev/sda > /tmp/sda.bak
To restore, enter:
# sfdisk /dev/sda < /tmp/sda.bak
The above command will restore extended partitions.

Task: Backup MBR and Extended Partitions Schema

Backup /dev/sda MBR, enter:
# dd if=/dev/sda of=/tmp/backup-sda.mbr bs=512 count=1
Next, backup entries of the extended partitions:
# sfdisk -d /dev/sda > /tmp/backup-sda.sfdisk
Copy /tmp/backup-sda.sfdisk and /tmp/backup-sda.mbr to USB pen or somewhere else safe over the network based nas server.

Task: Restore MBR and Extended Partitions Schema

To restore the MBR and the extended partitions copy backup files from backup media and enter:
# dd if=backup-sda.mbr of=/dev/sda
# sfdisk /dev/sda < backup-sda.sfdisk

By Vivek Gite