Notebook drive recovery

After helping poker buddy JJOK get the data off his dead laptop drive, I found to my delight that karma really works. Here's how I recovered all the data off my dead notebook computer (as well as how I killed it in the first place).

Sunday afternoon I decided to install Ubuntu 6 on my Fujitsu Lifebook p1510d. I deleted unnecessary data off the WinXP partition, defragmented it, and then did the installation. Ubuntu resized the NTFS partition, installed GRUB, and all was well. Unfortunately the Atheros wireless chipset on the notebook didn't play nicely with the Ubuntu drivers, and the only known fix was a recompilation of the drivers myself with a "+4" inserted in an obscure .c file to get around some seemingly superfluous extra bytes in the network stream. The author of the fix also blithely noted occasional kernel panics. So I applied my usual fix to Linux desktop issues like these, which is to uninstall and wait another three months.

But this time I did the uninstallation in a boneheaded fashion: I booted back into XP, deleted the Linux partition, and reformatted it as an NTFS volume. Those of you paying attention will note that the MBR was now pointing to a nonexistent bootloader. Everything worked great until a couple hours later when I tried to awaken the laptop from hibernation. Fortunately, I knew exactly what the problem was and exactly how to fix it.

Enter a deadly combination of laziness and hastiness. My notebook is an ultraportable and doesn't have a floppy drive, so I couldn't create a DOS floppy disk and type "fdisk /mbr," which would have fixed the problem. I didn't feel like burning a CD-R to do the same thing, so instead I found a utility on the web to turn a USB key into a bootable DOS volume.

This worked great except that it mounted itself as the C: drive, and my dead drive as a "second fixed disk." Apparently fdisk won't do much of anything with a fixed disk other than the first one. Remember, at this point I could have easily solved the problem by burning a CD-R. That was the laziness I spoke of earlier.

Now, here's the hastiness. In a moment of excessive cleverness, I booted my Ubuntu CD-R and copied the MBR from the USB key to my dead drive with the following command:

dd if=/dev/sda of=/dev/hda bs=512

Even if this had done what I'd intended, it would have erased the partition table from my drive. Instead, what it actually did before I frantically pounded control-c-control-c-control-c-control-c-control-c on the keyboard was copy 840KB of my USB key onto my dead drive, which not surprisingly now claimed to be not my trusty 30GB Windows XP installation, but a 32MB USB key circa 2002.

I came this close (holding index finger/thumb really close together) to shamefully hauling out the Fujitsu PC Recovery CD and just starting over, but I did the math and guessed that the cost even of contacting software companies for stuff I'd bought and asking for permission to reinstall would likely exceed the cost even of a couple hours of investigation, and the investigation route might even recover my personal data. So I pressed on.

Step one: find a Linux rescue CD. Boot into it. Run gpart -W /dev/hda /dev/hda and thus write an inaccurate but workable partition table to the drive.

Step two: fdisk /dev/hda and change the first partition from a 32-meg FAT partition to a properly sized NTFS partition.

Step three: do some research on the web and figure out that NTFS, bless its soul, writes a second copy of 16 critical files to the middle of each NTFS partition. Normally it keeps these 16 files at the front of the partition; my dd command overwrote one or more of those. So I was now confident that I'd lost no irreplaceable data.

Step four: find a Windows XP installation CD. Boot into recovery mode. Run fixboot, which rewrote the NTLDR file and probably pointed the MBR at it. At this point the shell seemed to agree with me that there was a C drive, but that it had some serious issues.

Step five: CHKDSK /R. I think what this tool did was notice that the critical files were missing or invalid, and restored them from the mid-disk versions. I ran it once more for good measure.

Step six: reboot. Not only was my laptop back, but it even resumed successfully from hibernation!

Thank you, NTFS designers, for creating a filesystem that can withstand this kind of abuse. Thank you, NTFS hackers who authored miscellaneous web pages that gave me hope that my drive was recoverable. Thank you, worldwide army of Linux hackers, for building the tools that destroyed my drive, and for building some of the tools that fixed it.

Categories

geek
By Mike Tsao on October 9, 2006 9:40 AM | | Comments (0)

Leave a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search

About this Entry

This page contains a single entry by Mike Tsao published on October 9, 2006 9:40 AM.

Google Code Search was the previous entry in this blog.

Should we clamp down on general aviation? is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Powered by Movable Type 4.2-en