http://bugs.winehq.org/show_bug.cgi?id=4672
------- Additional Comments From saulius.krasuckas@elst.vtu.lt 2006-05-07 06:32 ------- There are only 5 bytes of the MBR that get changed:
--- hda_OK.mbr.txt 2006-07-05 12:59:16.000000000 +0300 +++ hda_BAD.mbr.txt 2006-07-05 12:59:25.000000000 +0300 @@ -1,4 +1,4 @@ -0000000 30 30 30 30 30 30 30 20 65 62 20 34 38 20 39 30 +0000000 30 30 30 30 30 30 30 20 30 30 20 30 30 20 30 30 0000020 20 30 30 20 65 63 20 30 30 20 30 30 20 30 30 20 0000040 30 30 20 30 30 20 30 30 20 30 30 20 30 30 20 30 0000060 30 20 30 30 20 30 30 0a 30 30 30 30 30 32 30 20
Changes occur at low offsets (<15 B) from the beginning of /dev/hda:
8 B: 65 -> 30 9 B: 62 -> 30 11 B: 34 -> 30 12 B: 38 -> 30 14 B: 39 -> 30.
May be some overflow somewhere? I have no idea on how to catch disk writes to /dev/hda. Well, maybe except using strace combined with +all Wine trace for a first time, e.g.:
$ WINEDEBUG=+all strace ./wine notepad &> strace_wine.txt
Then you shoud be able to filter interesting strings from the log, e.g.:
$ cat strace_wpath.txt | grep -v ^[^a-z] | grep -C10 /hda[^0-9] | less -S
An interesting part for me was this:
write(2, "0009:trace:reg:NtSetValueKey (0x"..., 750009:trace:reg:NtSetValueKey (0x14,L"FirstBusTimeScanInMs",4,0xbfc64714,4) rt_sigprocmask(SIG_BLOCK, [HUP INT USR1 USR2 ALRM CHLD IO], [], 8) = 0 writev(3, [{"^\0\0\0,\0\0\0\0\0\0\0\24\0\0\0\4\0\0\0(\0\0\0\0\0\0\0"..., 64}, {"F\0i\0r\0s\0t\0B\0u\0s\0T\0i\0m\0e\0S\0c\0a\0n\0" read(5, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 64) = 64 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 write(2, "0009:Ret ntdll.NtSetValueKey() "..., 610009:Ret ntdll.NtSetValueKey() retval=00000000 ret=7fc7bfee write(2, "0009:Call ntdll.RtlFreeUnicodeSt"..., 600009:Call ntdll.RtlFreeUnicodeString(bfc646f0) ret=7fc7bffc write(2, "0009:trace:heap:RtlFreeHeap (0x7"..., 770009:trace:heap:RtlFreeHeap (0x7fd10000,00000002,0x7fd14630): returning TRUE write(2, "0009:Ret ntdll.RtlFreeUnicodeSt"..., 680009:Ret ntdll.RtlFreeUnicodeString() retval=00000001 ret=7fc7bffc open("/dev/hda", O_RDONLY|O_NONBLOCK|O_LARGEFILE) = 9 ioctl(9, 0x30b, 0xbfc646f8) = 0 close(9) = 0 rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 write(2, "0009:Call ntdll.RtlCreateUnicode"..., 940009:Call ntdll.RtlCreateUnicodeStringFromAsciiz(bfc646f0,7fcae580 "DMAEnabled"
Here I see two important lines:
open("/dev/hda", O_RDONLY|O_NONBLOCK|O_LARGEFILE) = 9 ioctl(9, 0x30b, 0xbfc646f8) = 0
By which we can see Wine is opening device of my HD and trying to get a chipset of a it (from man ioctl_list: 0x00000309 HDIO_GET_CHIPSET) or something like that... I guess you should find quite a few more IOCTLs. Well, it's a slow way but quite strightforward.