Disk Probe Cheat Sheet. This is a sheet for Experienced Support Individuals and should not be used by anyone but! You have been warned!

 

Good day all,

Today I have a share for you. This is credited to Kristian Lamb. I am helping him to get his blog going. And I am sharing this work  he had put in, to improve on a cheat sheet for use with a tool called DISKPROBE. You will need to consult other documentation, if you need to execute a use case; but for a quick cheat sheet, Kristin has done a great job, and I encourage him to get his blog going to show off his very good work.

Here is a link to start you off on DiskProbe. Let this be a warning. You want to learn this today! IF your array goes down, you will not have time to learn this on the fly! There is a lot to understand before you even consider using it!

https://technet.microsoft.com/en-us/library/bb457122.aspx

 

Better yet, Contact your Support organization, and get some help. This should be used BY professional IT support agents Only!

You have been warned!

 

 

MBR

clip_image002

Boot code first 440bytes of the MBR are boot code. Boot code is only used if we are booting to the drive otherwise it is ignored.
Disk Signature Bytes 01B8 – 01BB unique 32bit number
Partition Table Bytes 01BE to 01FD. Notice the Highlighted line. This section is 4 lines and is also the reason for the MBR disk limitation of 4 primary partitions!
End of Sector Marker aka MBR Signature – for MBR’s and EBR’s will always be 0x55 0xAA. Boxed in Blue

MBR Partition Table Entries

clip_image004

Bootable Flag 00 or 80 (when you mark a partition as Active that is writing a value of 0x80 here.
Starting CHS:  – Cylinder Head Sector
Partition Identifier: Common partition ID by windows [07h NTFS, 42h Dynamic disk, EEh GPT]
Ending CHS: Cylinder Head Sector
Relative Sector (LBA): Logical Block Address where Partition Starts
Total Sectors (LBA): Number of Sectors that make up the Partition

NTFS Boot Sector

clip_image006

 

JUMP INSTRUCTION : valid x86 assembly to point to entry of boot code.(only used if booting to volume)
OEM TAG : ASCI encoded 8byte field
BIOS PARAMETER BLOCK : Defines Properties of the Volume
EXTENDED BIOS PARAMETER BLOCK : Defines structures specific to NTFS aka $MFT ect.. Ect..
BOOT CODE : The Entry point from jump instruction (note more to boot strap than shown in NTFS Boot Sector. NTFS reserves the first 16 sectors of a volume for bootcode information.
END OF SECTOR MARKER : Same as an MBR signature the NTFS Boot sector will have 0x55AA

BIOS Parameter Block (NTFS BootSector)

clip_image008

Note: *Fields were used with FAT, and are not used in NTFS.
Bytes Per Sector
Sectors Per Cluster
Reserved Sectors *
Number of FATs *
ROOT Dir Entries *
Media Descriptor
Small Sectors *
Sectors Per Track
Number of Heads
Hidden Sectors
Large Sectors *

Exteneded BIOS Parameter Block (NTFS BootSector)

clip_image010

Note: *Fields were used with FAT, and are not used in NTFS.
Drive Number or FAT Size *
Total Sectors
Clusters to $MFT
Cluster to $MFTMIR
Clusters per FRS
Clusters Per Index Block
Volume Serial Number
CheckSum

GPT Array Header

clip_image012

Signature This is always the same value (EFI PART).  It identifies the header as being EFI compatible.  Making it misleading, as it is NOT the start of, or any part of, an EFI partition.
Version While this has remained the same for as long as Windows has incorporated GPT disks, it is possible that if the UEFI standard changes, then the GPT version might be incremented.
Header Size This value tells how big the Array Header is.  Currently it is always 92 bytes but by defining it here, it is possible to make the header bigger if we should ever need to.  Since the field is 4 bytes in size, the header size could be defined as large as 4 GB.

Note: Even though only 92 bytes of LBA 1 is used for the Array Header, the rest of the sector is left unused.  The header size does NOT have to align to sector boundaries.

Header CRC A CRC32 checksum of the Array Header against its counterpart at the end of the drive.
Reserved Must be zeros.  While this could actually be used for something on some future date, it is my opinion that this is just keeping everything quad word aligned.
This LBA The LBA where the Array Header is located.
Alternate LBA The LBA where the Array Header’s backup is located.
First Useable LBA The first LBA that partitions can actually be created at.  For Microsoft GPT disks, this is normally the start of the Microsoft Reserved Partition.
Last Useable LBA The last LBA that partitions can use.
Disk GUID This is the number that should be used to identify the disk rather than the old disk signature.
Partition Entry LBA This is the location of the beginning of the Partition Array
Number of Partition Entries The number of possible partitions.  While this is currently 128, it is left open to change this number later if the need arises.

Note: This is a 4 byte field.  Meaning that GPT disks COULD be defined to store over 4 billion partitions.

Partition Entry Size Defines the size of the partition entries in bytes (seen later).  Currently this is 128 bytes.
Partition Array CRC A CRC32 checksum of the Partition Array against its counterpart near the end of the drive.

GPT Partition Array

clip_image014

Partition Type GUID This is the replacement for the old partition ID.
Partition Unique GUID This is a GUID that is unique for every partition
Starting LBA The first LBA of the partition being defined
Ending LBA The last LBA of the partition being defined
Partition Name This usually corresponds to what is found in the list of partition type GUIDs.
NAME GUID
Microsoft Reserved Partition E3C9E316-0B5C-4DB8-817D-F92DF00215AE
Basic Data Partition EBD0A0A2-B9E5-4433-87C0-68B6B72699C7
LDM Metadata Partition   5808C8AA-7E8F-42E0-85D2-E1E90434CFB3
LDM Data Partition   AF9B60A0-1431-4F62-BC68-3311714A69AD
Cluster Partition DB97dBA9-0840-4bAE-97F0-FFB9A327C7E1
WinRE DE94BBA4-06D1-4D40-A16A-BFD50179D6AC
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s