2013年5月8日 星期三

[dd][Linux] Learning Linux commands: dd


[dd][Linux] Learning Linux commands: dd




















































































































































































































































































































Learning Linux dd command with examples

Linux command syntax

Linux command description

File systems


dd if=/dev/urandom of=/dev/sda bs=4k


Fills the drive with random data


dd if=/dev/sda of=/dev/sdb bs=4096



Drive-to-drive duplication




dd if=/dev/zero of=/dev/sda bs=4k


Clean up a hard drive (may need to be repeated)


dd if=inputfile of=/dev/st0 bs=32k conv=sync


Copy from file to tape device


dd if=/dev/st0 of=outfile bs=32k conv=sync


The above, reversed


dd if=/dev/sda | hexdump -C | grep [^00]


Check if drive is really zeroed out


dd if=/dev/urandom of=/home/$user/hugefile\
bs=4096


Fills out a partition (careful with system partitions!)


ls -l myfile
-rw-r--r-- 6703104 Oct 31 18:25 myfile
dd if=/dev/urandom of=myfile bs=6703104 count=1


Scramble a file (maybe before deleting it)


dd if=/dev/sda3 of=/dev/sdb3 bs=4096 \
conv=notrunc,noerror


Copy a partition to another partition


dd if=/proc/filesystems | hexdump -C | less


View available filesystems


dd if=/proc/partitions | hexdump -C | less


View availble partitions in kb


dd if=/dev/sdb2 ibs=4096 | gzip > partition.image.gz \
conv=noerror


Creates a gzipped image of the second partition

of the second disk


dd bs=10240 cbs=80 conv=ascii,unblock\
if=/dev/st0 of=ascii.out


Copy the contents of a tape drive to a file, converting

from EBCDIC to ASCII


dd if=/dev/st0 ibs=1024 obs=2048 of=/dev/st1


Copy from 1KB block device to 2KB block device


dd if=/dev/zero of=/dev/null bs=100M count=100
100+0 records in
100+0 records out
10485760000 bytes (10 GB) copied,

5.62955 s, 1.9 GB/s


Copy 10 GB of zeros to the garbage can.


dd if=/dev/zero of=/dev/sda bs=512 count=2
fdisk -s /dev/sda
dd if=/dev/zero of=/dev/sda seek=\
(number_of_sectors - 20) bs=1k


Erase GPT from disk. Since GPT writes data at the beginning

AND at the end of the drive, after

erasing from the beginning, we need to find out the number

of sectors (second command), then erase the last 20 sectors.


dd if=/home/$user/bootimage.img of=/dev/sdc


Create bootable USB drive (here shown as /dev/sdc)


dd if=/dev/sda of=/dev/null bs=1m


A good way to check for bad blocks

Backup and system-related


dd if=/dev/sda of=/dev/fd0 bs=512 count=1


Copies the MBR to a floppy


dd if=/dev/sda1 of=/dev/sdb1 bs=4096


Drive-to-drive duplication


dd if=/dev/sr0 of=/home/$user/mycdimage.iso\
bs=2048 conv=nosync


Create an image of a CD


mount -o loop /home/$user/mycdimage.iso\
/mnt/cdimages/


Mount said image locally


dd if=/dev/sda of=/dev/sdb bs=64k conv=sync


Useful when replacing a disk with another of identical size


dd if=/dev/sda2 of=/home/$user/hddimage1.img\
bs=1M count=4430
dd if=/dev/sda2 of=/home/$user/hddimage2.img\
bs=1M count=8860
[...]


Create DVD images of a partition (useful for backing up)


dd if=/$location/hddimage1.img of=/dev/sda2\
bs=1M
dd if=/$location/hddimage2.img of=/dev/sda2\
seek=4430 bs=1M
dd if=/$location/hddimage3.img of=/dev/sda2\
seek=8860 bs=1M
[and so on...]


Restore from above backup


dd if=/dev/zero count=1 bs=1024 seek=1 of=/dev/sda6


Destroy the superblock


dd if=/dev/zero count=1 bs=4096 seek=0 of=/dev/sda5


Another way to destroy the superblock


dd if=/home/$user/suspicious.doc | clamscan -


Check file for viruses (needs ClamAV)


dd if=/home/$user/binary file | hexdump -C | less


Look at the contents of a binary file (needs hexdump)


dd if=/home/$user/bigfile of=/dev/null
dd if=/dev/zero of=/home/$user/bigfile \
bs=1024 count=1000000


Benchmarks hard drive for read/write speed


dd if=/dev/sda of=/dev/sda


Gives new life to older hard drives that haven't been used for a while (disk must be unmounted)


dd if=/dev/mem | strings | grep 'string_to_search'


Examine memory contents (human-readable, that is)


dd if=/dev/fd0 of=/home/$user/floppy.image\
bs=2x80x18b conv=notrunc


Copy a floppy disk


dd if=/proc/kcore | hexdump -C | less


View virtual memory


dd if=/proc/filesystems | hexdump -C | less


View available filesystems


dd if=/proc/kallsyms | hexdump -C | less


View loaded modules


dd if=/proc/interrupts | hexdump -C | less


View interrupt table


dd if=/proc/uptime | hexdump -C | less


View uptime in seconds


dd if=/proc/partitions | hexdump -C | less


View availble partitions in kb


dd if=/proc/meminfo | hexdump -C | less


View memstats


dd if=/dev/urandom of=/home/$user/myrandom \
bs=100 count=1


Creates a 1kb file of random gibberish


dd if=/dev/mem of=/home/$user/mem.bin\
bs=1024


Creates an image of the actual state of your system memory


dd if=/home/$user/myfile


Prints the file to stdout


dd if=/dev/sda2 bs=16065 | hexdump -C\
| grep 'text_to_search'


Search an entire partition for a string; even if it's secured,

you can boot a liveCD


dd if=/home/$user/file.bin skip=64k bs=1\
of=/home/$user/convfile.bin


Copy file.bin to convfile.bin skipping the first 64 kB


dd if=/home/$user/bootimage.img of=/dev/sdc


Create bootable USB drive (here shown as /dev/sdc)


dd if=/dev/mem bs=1k skip=768 count=256 \
2>/dev/null | strings -n 8


Read BIOS.


dd bs=1k if=imagefile.nrg of=imagefile.iso skip=300k


Convert Nero image into ISO standard image.

This is possible because the only difference between

the two is a 300 kB header Nero adds to a standard ISO file.


echo -n "hello vertical world" | dd cbs=1 \
conv=unblock 2> /dev/null


Try it, it's safe. :-)


dd if=/dev/sda1 | gzip -c | split -b 2000m - \
/mnt/hdc1/backup.img.gz



Create a gzipped image of a partition using split




cat /mnt/hdc1/backup.img.gz.* | gzip -dc |\
dd of=/dev/sda1



Restore above backup




dd if=/dev/zero of=myimage bs=1024 count=10240



Create an empty disk image




dd ibs=10 skip=1



Strip first 10 bytes of stdin




dd bs=265b conv=noerror if=/dev/st0 \
of=/tmp/bad.tape.image



Make image of a tape drive with bad spots




dd if=/dev/sda count=1 | hexdump -C



View your MBR




dd if=/dev/sda | nc -l 10001
nc $system_to_backup_IP 10001 | dd\
of=sysbackupsda.img



Fast network backup using netcat




dd if=/dev/zero of=/dev/sdX\
bs=1024000 count=1


Clear first 10MB of the partition


dd if=/dev/zero of=tmpswap bs=1k\
count=1000000
chmod 600 tmpswap
mkswap tmpswap
swapon tmpswap


Create temporary swap space


dd if=/dev/sda of=/dev/null bs=1024k \
count=1024
1073741824 bytes (1.1 GB) copied,
24.1684 s, 44.4 MB/s


Determine sequential I/O speed of your drive. Reading 1GB file


dd if=/dev/random count=1 2>/dev/null | od -t u1 |\
awk '{ print $2}' | head -1


Generate random number


dd if=/dev/mem of=myRAM bs=1024


Copy RAM memory to a file


dd if=/dev/sda bs=512 count=1 | od -xa


See content of your MBR in hex and ASCII format


dd if=/my/old/mbr of=/dev/sda bs=446 count=1


Restore MBR without disturbing partition table record

which is between 447 - 511 bytes


dd if=/dev/sda1 | split -b 700m - sda1-image


Create a partition copy and save images where maximum

volume size is 700MB

Text manipulation


ls -l | dd conv=ucase


Convert the output of a command to uppercase


echo "MY UPPER CASE TEXT" | dd conv=lcase


Convert any text to lowercase


dd if=/etc/passwd cbs=132 conv=ebcdic of=/tmp/passwd.ebcdic


Convert the system password file to fixed-length EBCDIC-format file


dd if=text.ascii of=text.ebcdic conv=ebcdic


Convert from ASCII to EBCDIC


dd if=myfile of=myfile conv=ucase


Convert a file to uppercase (simple sed or tr replacement)


Reference :



Related Posts:

0 意見:

張貼留言