One step recovery using Symantec Ghost.

One step recovery using Symantec Ghost – similar to IBM/Dell recovery

[email protected]; [email protected]

BEFORE I START:- The following guide will help you install a boot message when the system boot from hard-disk to restore using any of the key combination. This guide will use F-10 as the key to initiate an automated recovery of partition using Ghost in DOS mode. This is similar to recovery presented by OEM manufactures like DELL/IBM etc. The restore files or ghost images are stored in a hidden partition, which would prevent unauthorized access through windows. For the snap shot purpose, I have used a virtual machine to test. These steps work on actual hardware as well. I tested the software on virtual machine using VirtualBox (http://www.virtualbox.org/). The Ghost Suite used for testing is 30-day trial version which can be downloaded from Symantec site after registration. In my opinion it would let you create backup in DOS mode but wont let you restore using DOS mode. In full version this would not be a limitation. Things that you would need before you start:-

1. Virtual Machine(for simulating like http://www.virtualbox.org/) or actual hardware to test

2. Symantec Ghost software which will run in DOS mode 3. MS-DOS or Free-DOS bootable Disc. 4. Master Boot-loader (http://mbldr.sourceforge.net/) 5. Keyboard scan code list to have a custom key to initiate recovery. Mentioned at the end

of the guide for reference.



ONE STEP RECOVERY IMPLEMETATION GUIDE First step would be setting up the whole system and creating partitions and all. I take the following example configuration for the hard disk. The hard disk is 200GB capacity. The following would be partition created:-

1. First partition of 50GB (approx) – Operating System 2. Second partition of 70GB (approx) – user data 3. Third partition of 70GB (approx) – user data 4. Third partition of 10GB (approx) – Recovery partition.

CREATING HARD-DISK PARTITIONS:- This is how I created the partitions using Windows XP setup.

1. I create first partition of 50Gb using the windows setup and leave the rest 150GB as un-partitioned space. I let windows XP install. This partition will be primary partition, which windows create for installation.

2. Then when Windows XP is loaded, I do to disk management tool by right click My Computer-. Manage -> Disk Management.

3. I create extended partition of 140GB out of the 150GB shown there as unallocated space and format using NTFS.

4. I create two logical partitions of approx size 70GB. You can label this partition if you want. This is where you can put your files etc

5. The remaining 10GB, I create another partition i.e. primary again and format using FAT32 file format. I labeled this as RECOVERY

This is the hard-disk structure for the given experiment. You can create more partitions but try limiting primary partitions to two. I read in some blogs too many (I think 3) may fail Ghost to work properly. If you have any other disc management software create Disc configuration which suites your need but try keeping two primary partition one for the operating system and other for the Ghost recovery. I have shown a snapshot of the current hard-disk configuration below to have a clear picture.



INSTALLING NORTON GHOST Download the trial from the Symantec site or if you have the full version install it using the disk or setup provided.



Additionally, I have taken a snapshot of the license window, which was emailed, to me for testing the trial version.



WORKING WITH SYMANTEC GHOST

So to have recovery purpose you would require to copy the DOS-executable of Ghost and Gdisk( optional but useful if you use it disc management) into the RECOVERY partition. Therefore, I copy the ghost.exe and gdisk.exe from the program files where the ghost is installed.



MAKING RECOVERY PARTITON BOOTABLE

There are two ways to make the RECOVERY partition bootable.

1. Using MS-DOS bootable disc provided with win98SE/winME

2. Using Free-DOS and installing it on the RECOVERY partition.

3. IBM PC-DOS

For MS-DOS once you boot into the command prompt type “sys C:” This would copy the file needed to boot the partition. This is the bare-minimum files, which it will copy to boot this partition and run Ghost.exe.

I don’t know what is the relevant command or setting in Free-DOS or IBM PC-DOS for that matter.

The following steps apply to MS-DOS.

1. Edit the MSDOS.sys with the following contents. Remove all the text present in the MSDOS.sys and paste the lines below:-

[Options] BootWarn=0; set to 0 to disable the safe boot warning message BootWin=1; set to 1 to force Win98 system to load at startup Logo=0; set to 0 to prevent animated logo from appearing

2. Edit the AUTOEXEC.bat file in RECOVERY partition and add following lines SET TZ=GHO-04:30 ghost.exe or the restore command-line if you have bootable ghost disc to create backup

3. In the AUTOEXEC.BAT you can add the command line to perform the automation task of recovering the partition without user interface.



WORD ON PARTITION NUMBERING BY GHOST The best part of Ghost is that it eliminates the confusion of the drive letters by using Numbers like 1 or 2instead of drive names like C or D etc. The current hard-disk configuration will look like this:-

� C partition would be 1:1 � D partition would be 1:2 � E partition would be 1:3 � F partition would be 1:4

In the numbering above like 1:2 indicates the 1 as the hard-disk number and 2 and the partition number. This would come handy when booting in DOS mode. When I boot in DOS mode, DOS doesn’t recognize the C, D and E drive as its NTFS and re-labels the FAT32 drive as C drive which actually is F drive in reality. Hence, number mode should be preferred for command line operations for correct backup and recovery.



TAKING BACKUP OF THE PARTITION If you have Ghost bootable disc use that one to create the backup. I strongly recommend it because this would save time in editing the RECOVERY partition startup files. If you have the bootable disc, I would suggest go to section taking initial backup and then set the recovery key.



SETTING UP THE RECOVERY KEY You would need to set up a recovery key which is displayed for sometime on the screen to initiate the recovery at the time of boot-up else will boot into the windows operating system. To edit MBR of the hard-disk I use a tool “Master Bootloader”. The best part of it is, it’s free and open source and above all you can custom the message and time out and other features quickly. This can be downloaded from http://mbldr.sourceforge.net/. I downloaded the windows version from available options. Run the mbldrgui.exe from windows mode. The first screen shows the hard-disk. Select the hard-disk present.



The next screen is where I modify all the settings are made to activate the recovery key and hide the RECOVERY partition. You would see two primary partitions, One is NTFS where Windows is installed and second is FAT32 where you have copied the bootable files. The Master Bootloader can perform several tasks of arranging boot order and timeout and all. We will deal with setting up functionality of adding a recovery key and display a message at boot-up to start the process. Now before you commit change to the MBR, I would recommend that you backup the MBR in case you would like to remove the recovery button option at some later stage. To set up the recovery key we need to have keyboard scan codes. Check the last section of the guide for this. I wanted to use the F-10 as the recovery key. The Master Bootloader sets the keys in sequence after the first key you select. So I keep the recovery PARTITION order on top of list. This means the F-10 key would be set for RECOVERY partition. The scan code for F-10 is 68 (44 in hex) as mentioned on the guide. Therefore, I use that. I have presented the full settings screenshot for the same below. The * against the partition shows which one is default partition to boot. I set that as the NTFS with windows installed. Finally I click save to MBR.



CREATING THE INITIAL BACKUP When the system restarts, press F-10 to boot into Ghost in DOS mode. The step would be to create a backup in the RECOVERY partition.

The second step is to select the partition to backup and then the destination of the image which will be in RECOVERY partition.



Don’t confuse the C shown here with the actual C partition. This is the DOS C drive which happens to be FAT-32. Select the destination in RECOVERY partition with Image name.



The backup process starts up and displayed as follows.



EDITING THE START-UP FILE TO AUTOMATE RECOVERY I haven’t fiddled around much with Free-DOS so currently I will mention the command line which can be used to recovery the C drive from the image copied in MS-DOS. The command line should be put in the AUTOEXEC.bat which is stored in RECOVERY partition. The place where we initially had Ghost.exe written should be replaced with this. ghost.exe -clone,mode=prestore,src=1:4\CImage.gho:1,dst=1:1 -sure>null The src=1:4\Cimage.gho will indicate the location of Ghost Image on the 4 partition of the disk which will be restore to 1:1 i.e. first partition of disk i.e. C(NTFS). Now since the backup has been taken we need to automate this recovery system. The RECOVERY partition is hidden in windows. We can boot using the Win98se disc and use edit C:\autoexec.bat command. This would open up a text editor in DOS, replace the ghost.exe with the command line above. I would recommend to put a password when you create a backup. This would prevent accidental recovery without any confirmation. The full version would let you recover using the Ghost in DOS mode. For trial version it won’t let me restore using ghost in DOS mode.



REMOVING THE RECOVERY KEY FROM BOOT-MENU There maybe a chance you would want to remove the recovery key and revert to normal situation. There are two options available:-

1. Using master Bootloader:- If you had taken a backup of the MBR before setting up the Recovery key you can restore it using the option in GUI provided. Generally, I would set the options and then remove the whole setup from the Hard disk to avoid anyone fiddling around with the boot sector or option.

2. The second and safer way is to use GDisk32 utility if in Windows Mode. Type the command

a. “Gdisk32 1 /mbr /z” to restore the MBR to original one. The next step is to unhide the RECOVERY partition, so you should use this command. “Gdisk32 1 /-hide /p:5” You must be surprised that why number 5 when RECOVERY partition is 4th in number. Well when the list pop ups it shows the extended partition is shown as 2 hence there is shift of 1 for every partition. Restart the system and its all back to normal.



KEYBOARD SCAN CODES

Physical keys scan codes

Code Key Code Key Code Key

00 NoKey 3D F3 70 ALT-F9 01 ALT-Esc 3E F4 71 ALT-F10 02 ALT-Space 3F F5 72 CTRL-PrtSc 04 CTRL-Ins 40 F6 73 CTRL-Left 05 SHIFT-Ins 41 F7 74 CTRL-Right 06 CTRL-Del 42 F8 75 CTRL-end 07 SHIFT-Del 43 F9 76 CTRL-PgDn 08 ALT-Back 44 F10 77 CTRL-Home 09 ALT-SHIFT-Back 47 Home 78 ALT-1 0F SHIFT-Tab 48 Up 79 ALT-2 10 ALT-Q 49 PgUp 7A ALT-3 11 ALT-W 4B Left 7B ALT-4 12 ALT-E 4C Center 7C ALT-5 13 ALT-R 4D Right 7D ALT-6 14 ALT-T 4E ALT-GrayPlus 7E ALT-7 15 ALT-Y 4F end 7F ALT-8 16 ALT-U 50 Down 80 ALT-9 17 ALT-I 51 PgDn 81 ALT-0 18 ALT-O 52 Ins 82 ALT-Minus 19 ALT-P 53 Del 83 ALT-Equal 1A ALT-LftBrack 54 SHIFT-F1 84 CTRL-PgUp 1B ALT-RgtBrack 55 SHIFT-F2 85 F11 1E ALT-A 56 SHIFT-F3 86 F12 1F ALT-S 57 SHIFT-F4 87 SHIFT-F11 20 ALT-D 58 SHIFT-F5 88 SHIFT-F12 21 ALT-F 59 SHIFT-F6 89 CTRL-F11 22 ALT-G 5A SHIFT-F7 8A CTRL-F12 23 ALT-H 5B SHIFT-F8 8B ALT-F11 24 ALT-J 5C SHIFT-F9 8C ALT-F12 25 ALT-K 5D SHIFT-F10 8D CTRL-Up 26 ALT-L 5E CTRL-F1 8E CTRL-Minus 27 ALT-SemiCol 5F CTRL-F2 8F CTRL-Center 28 ALT-Quote 60 CTRL-F3 90 CTRL-GreyPlus 29 ALT-OpQuote 61 CTRL-F4 91 CTRL-Down 2B ALT-BkSlash 62 CTRL-F5 94 CTRL-Tab 2C ALT-Z 63 CTRL-F6 97 ALT-Home 2D ALT-X 64 CTRL-F7 98 ALT-Up 2E ALT-C 65 CTRL-F8 99 ALT-PgUp 2F ALT-V 66 CTRL-F9 9B ALT-Left 30 ALT-B 67 CTRL-F10 9D ALT-Right 31 ALT-N 68 ALT-F1 9F ALT-end 32 ALT-M 69 ALT-F2 A0 ALT-Down 33 ALT-Comma 6A ALT-F3 A1 ALT-PgDn 34 ALT-Period 6B ALT-F4 A2 ALT-Ins 35 ALT-Slash 6C ALT-F5 A3 ALT-Del 37 ALT-GreyAst 6D ALT-F6 A5 ALT-Tab 3B F1 6E ALT-F7 3C F2 6F ALT-F8

A list of scan codes for special keys and combinations with the SHIFT, ALT and CTRL keys can be found in table below. They are for quick reference only.



Special keys scan codes

Key Code SHIFT-Key CTRL-Key Alt-Key

NoKey 00 F1 3B 54 5E 68 F2 3C 55 5F 69 F3 3D 56 60 6A F4 3E 57 61 6B F5 3F 58 62 6C F6 40 59 63 6D F7 41 5A 64 6E F8 42 5A 65 6F F9 43 5B 66 70 F10 44 5C 67 71 F11 85 87 89 8B F12 86 88 8A 8C Home 47 77 97 Up 48 8D 98 PgUp 49 84 99 Left 4B 73 9B Center 4C 8F Right 4D 74 9D end 4F 75 9F Down 50 91 A0 PgDn 51 76 A1 Ins 52 05 04 A2 Del 53 07 06 A3 Tab 8 0F 94 A5 GreyPlus 90 4E



FINAL WORDS I read the recovery manual given along, the utility mentioned for setting boot menu was SRFixMbr.exe along with SRFixMbr.xml. It seems in the trialware they didn’t want to give in for evaluation. However, the manual itself wasn’t explaining what this would do. Simple telling about setting and not explain what each will do was showing pretty laid back attitude of the company. If I search for SRFixMbr to know what this application does, I end up with the official forum https://forums.symantec.com/syment/board/message?board.id=109&thread.id=12279 where people still await what this is. Nothing has come forward from the Symantec. I hope you find this guide useful and I appreciate any feedback or suggestions in this regard. Email is provided in the footer.

One step recovery using Symantec Ghost.

Documents

Transcript of One step recovery using Symantec Ghost.