2019 ne. dakin gwaje-gwajenmu sun sami motar QUANTUM FIREBALL Plus KA mai karfin 9.1GB, wanda ba a saba gani a zamaninmu ba. A cewar mamallakin motar, gazawar ta faru ne a shekara ta 2004, sakamakon gazawar samar da wutar lantarki, wanda ya dauki rumbun kwamfutarka da sauran abubuwan PC da shi. Sannan kuma an kai ziyara a ayyuka daban-daban tare da kokarin gyara tukin da dawo da bayanai, wanda bai yi nasara ba. A wasu lokuta sun yi alkawarin zai zama mai arha, amma ba su taba magance matsalar ba, a wasu kuma yana da tsada sosai kuma abokin ciniki ba ya so ya mayar da bayanan, amma a ƙarshe faifan ya shiga cikin cibiyoyin sabis da yawa. An rasa sau da yawa, amma godiya ga gaskiyar cewa mai shi ya kula da rikodin bayanai daga lambobi daban-daban a kan tuƙi a gaba, ya yi nasarar tabbatar da cewa an dawo da rumbun kwamfutarka daga wasu cibiyoyin sabis. Tafiya ba ta wuce ba tare da ganowa ba, alamun siyarwa da yawa sun kasance a kan allon kulawa na asali, kuma ana ganin rashin abubuwan SMD na gani (duba gaba, zan ce wannan shine mafi ƙarancin matsalolin wannan tuƙi).
Shinkafa 1 HDD Quantum Fireball Plus KA 9,1GB
Abu na farko da ya kamata mu yi shine bincika a cikin ma'ajiyar gudummawa don irin wannan ɗan'uwan tagwaye na wannan tuƙi tare da allon sarrafawa mai aiki. Lokacin da aka kammala wannan nema, ya zama mai yiwuwa a aiwatar da matakan bincike da yawa. Bayan duba motsin motar don ɗan gajeren kewayawa kuma tabbatar da cewa babu gajeriyar kewayawa, muna shigar da allon daga motar mai ba da gudummawa zuwa motar mai haƙuri. Muna amfani da wutar lantarki kuma muna jin sautin al'ada na shaft yana jujjuya sama, muna yin gwajin daidaitawa tare da loda firmware, kuma bayan ƴan daƙiƙa kaɗan direban ya yi rahoton ta hanyar yin rijista cewa a shirye yake don amsa umarni daga mai dubawa.
Shinkafa 2 DRD DSC alamomi suna nuna shirye-shiryen karɓar umarni.
Muna adana duk kwafi na kayan aikin firmware. Muna bincika amincin samfuran firmware. Babu matsala tare da tsarin karatun, amma nazarin rahotannin ya nuna cewa akwai wasu abubuwan ban mamaki.
Shinkafa 3. Zone tebur.
Mun kula da shiyya rarraba tebur da kuma lura cewa yawan cylinders ne 13845.
Shinkafa 4 P-jerin (jerin farko - jerin lahani da aka gabatar yayin zagayowar samarwa).
Muna jawo hankali ga ƙananan ƙananan lahani da wurin su. Mun duba ma'aikata na ɓoye log module (60h) sai mu ga cewa babu komai kuma ba ya ƙunshi shigarwa guda ɗaya. Dangane da wannan, zamu iya ɗauka cewa a ɗaya daga cikin cibiyoyin sabis na baya, ana iya yin wasu gyare-gyare tare da yankin sabis na tuƙi, kuma ba da gangan ko da gangan aka rubuta wani ƙirar waje ba, ko jerin lahani a cikin asali. daya aka share. Don gwada wannan zato, mun ƙirƙiri ɗawainiya a cikin Data Extractor tare da “ƙirƙiri kwafin yanki-da-bangare” da “ƙirƙirar mai fassara ta zahiri” an kunna zaɓuɓɓukan.
Shinkafa 5 Siffofin ayyuka.
Bayan ƙirƙirar aikin, mun kalli abubuwan da aka shigar a cikin tebirin ɓarna a cikin sifilin sashe (LBA 0)
Shinkafa 6 Babban rikodin taya da tebur bangare.
A biya diyya 0x1BE akwai shigarwa guda ɗaya (16 bytes). Nau'in tsarin fayil akan ɓangaren shine NTFS, an daidaita shi zuwa farkon sassan 0x3F (63), girman ɓangaren 0x011309A3 (18).
A cikin editan sashen, buɗe LBA 63.
Shinkafa 7 NTFS taya sashen
Dangane da bayanin da ke cikin sashin taya na sashin NTFS, zamu iya cewa masu zuwa: girman sashin da aka karɓa a cikin ƙarar shine 512 bytes (kalmar 0x0 (0) an rubuta ta a cikin 0200x512B), adadin sassan a cikin gungu shine 8 (byte 0x0 an rubuta shi a 0x08D), girman gungu shine 512x8 = 4096 bytes, rikodin MFT na farko yana samuwa a cikin ɓangarori na 6 daga farkon faifai (a kashe 291x519 quadruple kalma 0x30 0 00 00C 00 00 (00) lambar ta MFT ta farko. Ana ƙididdige lambar sashin ta hanyar dabara: Lambar tari * adadin sassa a cikin cluster + kashewa zuwa farkon sashe 0* 00+00= 786).
Mu ci gaba zuwa sashi na 6.
Hoto: 8
Amma bayanan da ke cikin wannan sashin sun bambanta da rikodin MFT. Ko da yake wannan yana nuna yuwuwar fassarar kuskure saboda lissafin da ba daidai ba, bai tabbatar da wannan gaskiyar ba. Don ƙarin dubawa, za mu karanta faifai ta sassa 10 a cikin sassan biyu dangane da sassan 000. Sannan za mu nemo furci na yau da kullun a cikin abin da muka karanta.
Shinkafa 9 Rikodin MFT na farko
A cikin sashin 6 mun sami rikodin MFT na farko. Matsayinsa ya bambanta da wanda aka lasafta ɗaya ta sassa 291, sannan rukuni na rikodin 551 (daga 32 zuwa 16) yana ci gaba da bi. Bari mu shigar da matsayin sashi na 0 a cikin tebur na canji kuma mu ci gaba da sassa 15.
Hoto: 10
Matsayin rikodin No. 16 ya kamata ya kasance a kashe 12, amma mun sami sifili a can maimakon rikodin MFT. Bari mu yi irin wannan bincike a yankin da ke kewaye.
Shinkafa 11 MFT shigarwa 0x00000011 (17)
An gano babban guntu na MFT, farawa tare da lambar rikodin 17 tare da tsawon rikodin 53) tare da sauyawa na sassan 646. Don matsayi 17, sanya canjin +12 sassa a cikin tebur na motsi.
Bayan da aka ƙayyade matsayin guntuwar MFT a cikin sararin samaniya, zamu iya yanke shawarar cewa wannan baya kama da gazawar bazuwar da rikodin guntun MFT a ɓangarorin da ba daidai ba. Ana iya ɗaukar sigar mai fassarar da ba daidai ba ta tabbata.
Don ƙara gano wuraren motsi, za mu saita matsakaicin yiwuwar ƙaura. Don yin wannan, mun ƙayyade nawa ne aka canza alamar ƙarshen NTFS partition (kwafin sashin taya). A cikin Hoto 7, a kashe 0x28, quadword shine ƙimar girman ɓangaren 0x00 00 00 00 01 13 09 A2 (18). Bari mu ƙara diyya na ɓangaren da kansa daga farkon faifai zuwa tsayinsa, kuma muna samun kashe ƙarshen alamar NTFS 024 + 866 = 18. Kamar yadda aka zata, kwafin da ake buƙata na sashin taya bai kasance a can ba. Lokacin bincika yankin da ke kewaye, an same shi tare da haɓaka haɓakar +024 sassa dangane da guntun MFT na ƙarshe.
Shinkafa 12 Kwafi na NTFS boot sector
Mun yi watsi da sauran kwafin sashin taya a biya 18, tunda ba shi da alaƙa da ɓangaren mu. Dangane da ayyukan da aka yi a baya, an kafa cewa a cikin sashin akwai abubuwan da ke tattare da sassan 041 da suka "fito" a cikin watsa shirye-shiryen, wanda ya fadada bayanai.
Muna yin cikakken karatun tuƙi, wanda ya bar sassan 34 waɗanda ba a karanta su ba. Abin baƙin ciki, ba shi yiwuwa a dogara da tabbacin cewa dukan su ne lahani cire daga P-list, amma a cikin ƙarin bincike yana da kyau a yi la'akari da matsayin su, tun da a wasu lokuta zai yiwu a dogara da kayyade matsawa maki. daidaiton fannin, kuma ba fayil ɗin ba.
Shinkafa 13 Kididdigar karatun diski.
Ayyukanmu na gaba zai kasance don kafa kusan wuraren sauye-sauye (zuwa daidaiton fayil ɗin da suka faru). Don yin wannan, za mu bincika duk bayanan MFT kuma mu gina sarƙoƙi na wuraren fayil (gutsiyar fayil).
Shinkafa 14 Sarƙoƙi na wurin fayiloli ko guntuwar su.
Na gaba, motsawa daga fayil zuwa fayil, muna neman lokacin da za a sami wasu bayanai maimakon babban fayil ɗin da ake tsammani, kuma za a sami maɓallin da ake so tare da wani canji mai kyau. Kuma yayin da muke tsaftace wuraren motsi, muna cika tebur. Sakamakon cika shi zai kasance sama da 99% na fayiloli ba tare da lalacewa ba.
Shinkafa Jerin fayilolin mai amfani 15 (an karɓi izini daga abokin ciniki don buga wannan hoton)
Don kafa sauye-sauye a cikin fayiloli guda ɗaya, zaku iya aiwatar da ƙarin aiki kuma, idan kun san tsarin fayil ɗin, nemo abubuwan haɗa bayanan da basu da alaƙa da shi. Amma a cikin wannan aikin bai dace da tattalin arziki ba.
PS Ina kuma so in yi magana da abokan aiki na, waɗanda wannan faifan ke hannunsu a baya. Da fatan za a yi hankali lokacin aiki tare da firmware na na'ura da adana bayanan sabis kafin canza wani abu, kuma kada ku ƙara tsananta matsalar da gangan idan kun kasa yarda da abokin ciniki akan aikin.
source: www.habr.com