存储今日谈?D?D硬盘固件(Firmware)_DOSTOR.com_存储在线

认识硬盘固件（Firmware）

本文援引存储社区内关于硬盘固件的激烈讨论，主要观点均为[贵宾]Huyiyang所表达

若要参与FIRMWARE话题的线上讨论，请点此进入[CLUB.STOL.COM.CN]

序言
刚才在存储社区一些帖子上看到关于FIRMWARE的讨论，感觉大家对FIRMWARE还是比较生疏，有的居然想出一些拆掉芯片用编程器烧录后再焊回去的方式，这种方式千万不能使用，因为一些隐含的问题会发生。具体的问题不必多说大家都会明白。

为什么很难获得FIRMWARE？
作为固件程序员，我这里几乎有全部种类的FIRMWARE，但是，有些不能公开，有的是为一些厂商而做的，是规定收取费用的种类，有的是内部测试版本，针对特定的方案而专门编写的，不能公开。一般公开的版本号有特别的规定，不能高于市场正在销售的版本。（FIRMWARE）

Q1：对于普通用户来说，有没有升级硬盘固伯的必要？如果有，什么情况下推荐升级Firmware？
A1：对于普通用户来说，没有必要升级硬盘固件，一般微小的缺陷可以在软件里使用补丁程序解决。除非和适配器的兼容性存在问题或者弥补硬件的某些缺陷，厂家才会推出升级的程序（包括全部升级或部分补丁升级）。这里要着重说一下补丁，补丁具有很严密的针对性，不是每个同型号的产品都适用补丁，不正当的升级会导致严重的问题。(huyiyang)

Q2：如果真的要升级硬盘固件，是如何升级？是否跟升级DVD的Firmware一样？即跟涮新BIOS相似的道理和过程？
A2：PC里的SCSI硬盘升级程序只是一个传送升级代码的程序，是把升级代码送到硬盘缓冲里，然后让硬盘的DSP运行升级代码，升级代码运行过程中执行升级过程并修改EEPROM相应的区域，这时候升级程序进入了状态监视过程。(huyiyang)

你们看到的FIRMWARE为什么和EEPROM的大小不一样，现在该明白是什么原因了吧。

Q3：厂家会不会不断升级Firmware，就像升级驱动程序一样，不断更新版本？如果是的话，Firmeware对于厂商又有何意义？
A3：厂家会不断升级Firmware，并且应用到新生产的产品中去，但是厂家不会公开发布FIRMWARE，只有当厂家判定你的硬盘确实需要升级的时候才会给你。当然对于升级的后果厂家不会承担任何责任。FIRMWARE的作用，打个比方硬盘的控制板是台电脑，FIRMWARE就是操作系统，它包括很多模块：驱动，控制，解码，传送，检测……

这里建议大家不要随便升级硬盘的FIRMWARE，你的硬盘现在能够正常使用就是没有升级的必要，因为升级的后果有不可预见性。一定要小心！！！(huyiyang)

Q4：据说富士通硬盘的Firmware有公开发行的？这是真的否？
A4：对于SCSI公开的只是一部分况且是退出市场的产品型号，你能取得现在正在销售的MAP，MAS的FIRMWARE吗？如果能获得，我认为你是从一些渠道获得的，而不是他们公开发布的。

厂家往往提醒大家不要使用网上流传的一些FIRMWARE，网上流传的一些FIRMWARE很多是好奇者修改的版本。据我所了解，在某BSD论坛上曾经有一个SCSI工具打包发布了一部分FIRMWARE，但是就在这个四月，他们的新版本里删除了那一部分FIRMWARE，具体原因可能是受到厂商的警告。

当然对于一些计算机大厂有自己的FIRMWARE开发能力（象HP，SUN，COMPAQ，IBM,etc）为了自己的整个产品的性能会推出一些较新的FIRMWARE，但是这些FIRMWARE具有特别严密的针对性，发布的版本往往是经过加密换算的，需使用专门提供的升级程序。专门提供的升级程序在升级前会判断你的硬盘是否属于升级范围内的硬盘，升级代码在执行过程中也会判定当前硬盘是不是属于要升级的类型。

另外提醒的是厂家的硬盘生产型号往往是系列的，比方说，现在大部分36，72，148的硬件方案都是一样的，有时候为了生产调配，明明是72G的硬盘，厂家可能会写成36G销售，这样一些非法商人可能会破解FIRMWARE，如果JS能把那些硬盘从36G改变回去成了72G，JS就获利，厂家受到损失。这也是厂家为什么不公开发布FIRMWARE的原因。(huyiyang)

想自由增大或缩小硬盘的容量吗？固件给你答案

事实上硬盘的生产和CPU等配件的生产是一样的，如果你找到了厂家的漏洞也可以“升级”。同一系列的盘体和控制板是可以互换的，比如说36G和73G，大部分时候，厂家会尽量少装盘片在里面，但是有时候赶货固不来时间就会用73G或者148G的盘体，只是修改了型号显示和LBA参数。

例如，在大陆市场很少看到ST336605这个型号，因为盘体就是ST373405，73G的。在IBM微盘也很少看到512MB的，其实就是1GB的。

有些盘体不是也没有关系呀，可以当成坏盘拿回厂商维修更换，知道以前QUANTUM为什么会被收购，IBM为什么出售了硬盘部门吗？大量的非法坏盘造成了巨大的负担。

还有比如上面所说的大厂HP、COMPAQ、IBM、SUN、DELL等，盘体采用硬盘生产商的产品，FIRMWARE是自己写的，在这些大厂的FIRMWARE里往往包含一些各自的特有的或专利的技术，价格也是市面的几倍。（打个比方市面的盘就好象用DOS，大厂的盘就是用WINDOWS，UNIX etc.），一些非法商人擅自修改VENDOR ID 和PRODUCT ID，或者抄袭大厂的FIRMWARE，使之和大厂的表面显示一样，从中谋取暴利。

[高朋]：举个例子：美钻二代有三种容量，10G、15G和20G，其实内部都是一个盘片一个磁头，电路板也一样，只是firmware不同而己。谁有本事也可能把10G的改成20G出售。

如果硬盘能够具备改大，剩下的就是FIRMWARE和一些参数了。

因为涉及到行业秘密，我笼统的说一下，硬盘容量的修改要经过FIRMWARE的判定，当LBA值小于等于厂方标定的容量参数时，可以继续。大于时返回错误信息，终止执行指令。JS们首先破解FIRMWARE的着一模块，让他能接受任意参数，剩下的就是用一些工具改变参数了。如果暴力的拆焊编程方式修改就不存在这个问题，但是会破坏当前硬盘的很多预置信息，甚至破坏电路部分，影响硬盘的性能，当然JS为了利益是不会在乎这一点的。

拿某一个型号的硬盘为例，厂方标定的容量参数LBA最大为222EE00（18G），存储方式为00 EE 22 02，有些人居然把它改成了445DC00（36G）存储方式为00 DC 45 04，JS们修改了FIRMWARE后，那样JS就可以在0-36G之间任意修改容量了，当然还要修改别的东西以保证磁头的移位安全。

这是随便举的例子，即使和你的硬盘参数一样，请也不要尝试！

再说一点，为便于理解我会尽量通俗一些，少用一些专用词多打些比方（有的可能不恰当）。

其实可以把硬盘的控制板看成是一台电脑（没有显示器的）它的FIRMWARE存放的EEPROM就相当于一个硬盘，也是分为很多块（BLOCK）的，不同的功能模块占用着这些BLOCK，如果熟悉计算机的BIOS的人就知道BIOS也是很多功能模块（原理一样）。JS们破解相应的模块就可以了，或者删除模块或者把其他的相应模块嵌入到FIRMWARE里。

当前计算机大厂使用的硬盘都在自己的FIRMWARE里嵌入了一些身份识别的东西，如IBM，普通硬盘上去可能就不好管理，用了他自己的硬盘就特别顺，因为在计算机的硬件除了常规的指令请求外还有一些它们内部自己定义的东西。

我的一个同事居然在业余时间写了个函数模块在他的硬盘里，计算机的程序把参数送到硬盘里执行，执行完毕后再把结果返回给计算机。这才是真正的硬盘加密，很多很牛的程序员都无法破解，因为他们就不知道怎样提取分析那个模块，当前对于很大很大部分SCSI硬盘来说，因为FIRMWARE的严格保密，至今还没有能把FIRMWARE上载到计算机的程序，因为FIRMWARE也没有模块来支持这个功能（就是说备份FIRMWARE是不可能的）。当然对于这样的加密，烙铁是非常有用的。

如果大家感兴趣，好好学习并分析FIRMWARE，以后可以自己加个些功能模块在自己的硬盘FIRMWARE里，做个真正的DIY，另外在数据安全上也不要害怕外国人放什么后门的东西在FIRMWARE里了，任重道远啊。

每个硬盘的FIRMWARE其实使用的指令就是它的DSP的指令系统，学会了相关的系统，你也可以编写自己的FIRMWARE。

实例分析SEAGATE硬盘固件的升级程序

以下是SEAGATE的一段升级程序（局部），现在应该还可以使用。从这段程序里s.scsi_command[0]= 0x3B……0x05……0x07可以看到，升级的过程实际是一个传送过程，先把代码送到BUFFER里执行，后面的指令就是状态监视。

对硬盘来说是需要专门的方式进行传送升级代码的，不然，你的代码会被硬盘当成DATA写到了盘片上。

编译环境是使用BC++ 3.1

声明：当年很多和SEAGATE硬盘相关的软件大都使用或借鉴这段程序，所以运行的流程在一定程度上和其他的软件有相似的地方，甚至窗口位置都一样。升级FIRMWARE的过程特别简单，实在没有什么新花样可以加进程序里，WINDOWS版的还可以把窗口搞花俏一些。但是，该程序具有版权，请大家不要原封不动的抄，理解了后可以变换变换，除非得到授权才能照抄发布自己的东西。

void download_firmware()
{
SCSI *dl;
int w, key, fh, choice, org_asa, new_asa, n= 0, off= 0;
unsigned bufsize= 8*1024, rv;
char *filename, *p;
long l, j, i, jj, offset;

if (!is_seagate_disk(inq))
message("WARNING !\r\n"
"\r\n"
"Download firmware is only tested with Seagate disk drives.");

filename= calloc(1, 128);
if (!filename)
{
printf("Error allocating %u bytes of memory\n", 128);
exit(0);
}

strcpy(filename, config->download_file);
key= edit_string_window(filename, 70, "Enter firmware file to download");
if (key== KEY_ENTER)
{
fh= open(filename, O_RDONLY|O_BINARY);
if (fh!= -1)
{
w= window_create(-1, 9, 60, 18, BLUE<<4|LIGHTGRAY, BORDER_SINGLE,
_NOCURSOR, BLUE<<4|YELLOW, "Download firmware");

l= filelength(fh);
if (overwrite(inq, "Download firmware to ")== 1)
{
list_select("Download firmware", &off, "Without offset",
"With offset", NULL);
if (off!= -1)
{
org_asa= seagate_asa_level(inq);
gotoxy(1,1);
cprintf("Original ASA level is ASA%u\r\n", org_asa);

if (off== 0) bufsize= 0;

dl= scsi_init(bufsize);
dl->s.host_adapter= inq->s.host_adapter;
dl->s.target_id= inq->s.target_id;
dl->s.lun= inq->s.lun;

dl->s.scsi_command[0]= 0x3B;
if (off== 0)
{
p= farmalloc(l);
if (p== NULL)
{
message("Error allocating %lu bytes", l);
einde(-1);
}

dl->s.scsi_command[1]= 0x05;
dl->s.data_buffer= p;
dl->s.data_buffer_length= l;
}
else
dl->s.scsi_command[1]= 0x07;

*(unsigned long *)&dl->s.scsi_command[5]=
swaplong(dl->s.data_buffer_length);

if (off== 1)
{
offset= 0;
j= l / bufsize;
jj= l % bufsize;
gotoxy(1,3);
cprintf("%lu blocks of %uK and %lu bytes\r\n",
j, (bufsize >> 10), jj);
cprintf("Block:");
for (i= 0; i < j; i++)
{
_dos_read(fh, dl->s.data_buffer, bufsize, &rv);
*(unsigned long *)&dl->s.scsi_command[2]=
swaplong(offset);
if (rv== bufsize)
scsi_execute(dl, 1);
else
{
message("Error while reading firmware file");
einde(-1);
}

gotoxy(8,4);
cprintf("%lu", i);
offset+= rv;
}

if (jj)
{
gotoxy(20,3);
_dos_read(fh, dl->s.data_buffer, jj, &rv);
*(unsigned long *)&dl->s.scsi_command[2]=
swaplong(offset);
*(unsigned long *)&dl->s.scsi_command[5]=
swaplong(rv);
if (rv== jj)
scsi_execute_bg(dl);
else
{
message("Error while reading firmware file");
einde(-1);
}

gotoxy(26,4);
cprintf("%u", i);
offset+= rv;
}
}
else
{
cprintf("Reading file %s, %lu KB", filename, l >> 10);
rv= file_read_into_memory(fh, p, l);
if (rv)
{
message("Error while reading firmware file");
einde(-1);
}
scsi_execute_bg(dl);
}

gotoxy(1,4);
clreol();
cprintf("Download status :");

n= 0;
while(dl->s.status== 0)
{
gotoxy(18,4);
putch(wiekje[n++]);
if (!wiekje[n]) n= 0;
gotoxy(19,4);
cprintf("%-10.10s", aspi_status_name(dl->s.status));
delay(250);
}

gotoxy(18,4);
putch(' ');
gotoxy(19,4);
cprintf("%-10.10s", aspi_status_name(dl->s.status));

if (dl->s.status!= 1)
{
gotoxy(1,5);
print_sense_info_short(dl);
}
else
{
gotoxy(1,6);
cprintf("Waiting for unit");
wait_unit_ready(inq);

new_asa= seagate_asa_level(inq);
gotoxy(1,6);
clreol();
cprintf("New ASA level is ASA%u", new_asa);

if (org_asa!= new_asa)
{
message("You upgraded your drive to a new\r\n"
"ASA level, drive needs low level format !\r\n"
/*大家注意这点，升级是有风险的，这个信息只是其中一个很小的风险，由于ASA级别的改变，需要你低级格式化硬盘，哈哈数据没啦！
SEAGATE厂的ASA为2。其他计算机大厂的ASA有的为0有的为1……，自己找些资料参考吧。
*/
"\r\n"
"%s", fortune(fun_message));
}
}

if (off== 0)
{
dl->s.data_buffer= NULL;
dl->s.data_buffer_length= 0;
farfree(p);
}
scsi_destroy(dl);

pause();
}
}

close(fh);
window_destroy(w);
strcpy(config->download_file, filename);
cfg_save();
}
else
message("Error opening file %s\n\r->%s", filename, sys_errlist[errno]);
}

free(filename);
}

硬盘格式化其实跟固件紧密相联

说到低级格式化，大家可能不陌生，很多SCSI卡的BIOS里都带了个小工具可以做到，但是如果我问你格式化进行到多少了，你就不能回答上来了，能不能象校验磁盘一样可以看到进度呢，答案是肯定的。不过是让硬盘的FIRMWARE一个一个BLOCK的执行格式化，发现坏道就把他仍到P――LIST里，格完了还不需要校验，更省时间，剩下的咱们不过是作个状态监视就可以了。

既然是硬盘的FIRMWARE来执行格式化，不需要占用系统的资源那样就可以几个硬盘一起来格式化，一个状态监视他们所有设备的进度，更省了大家的时间。

这个功能其实是厂家的内部功能，你让它开始格式化了，你还可以用计算机干其他的活儿，只要不断电，硬盘会一直到任务完成为止，在这期间内，即使你拔掉信号线也终止不了任务。除非……嘿嘿，不说了，自己慢慢看就明白了。

下面三部分讲的就是怎样实现我上面说的，自己慢慢理解吧。

void multi_drive_format_list(LISTPTR *ptr) //选择多个需要格式化的设备
{
int w, done= 0, line, n, key, page= 0, fw, lines, drives_busy;
int purge_glist= 0, choice= 0, drive_ok;
unsigned int blocksize;
SCSI *sp;
LIST *l, *disp_start;
struct bg_struct *bg;
struct tm *t;
time_t update_t, tt;

list_select("Data on all selected disks will be destroyed! Continue?",
&choice, fortune(overwrite_no), fortune(overwrite_yes), NULL);
if (choice!= 1) return;

if (format_parameters_ask(&blocksize, &purge_glist)== -1) return;

log_printf(1, "Multiple drive format started\n");
drive_ok= 0;
l= ptr->head;
while(l)
{
sp= l->otherinfo;
bg= (struct bg_struct *)memalloc(sizeof(struct bg_struct));
bg->s= sp;
l->otherinfo= bg;

format_command_set(sp, blocksize, purge_glist);

sp->s.data_buffer[1]|= 0x02;
sp->s.scsi_command[1]|= 0x10;
scsi_execute_bg(sp);

tt= time(0)+ 5;
while (sp->s.status== 0 && time(0) < tt);
if (sp->s.status!= 1)
{

format_command_set(sp, blocksize, purge_glist);
scsi_execute_bg(sp);
log_printf(0, "Formating %s\n", l->text);
}
else
{
drive_ok++;
log_printf(0, "Formating (immediate) %s\n", l->text);
}

time(&bg->start_t);
l= l->next;
}

fw= foot_window(1, CYAN<<4|BLUE);
cputs(" Esc=Exit Tab=Sense info");
w= window_create(0, 4, 0, 24, BLUE<<4|LIGHTGRAY, BORDER_SINGLE,
_NOCURSOR, BLUE<<4|YELLOW, "Format multiple drives at once");
lines= warr[w].winyy- warr[w].winy-2;

gotoxy(1,1);
cprintf("Drives selected to format : %u", list_count(ptr));
log_printf(0, "%u drive(s) total\n", list_count(ptr));
gotoxy(40,1);
cprintf("Drives busy :");
gotoxy(1,2);
cprintf("%-30.30s %-10.10s %-8.8s", "ID Drive", "Status", "Elapsed");

if (drive_ok)
{
message("There are %u drive(s) that support the Format Immediate\r\n"
"bit see the \"format progress indicator\" option to see when\r\n"
"the drive(s) are finished formating", drive_ok);
}
update_t= time(0);
disp_start= ptr->head;

while(!done)
{
drives_busy= 0;
l= ptr->head;
while(l)
{
bg= l->otherinfo;
sp= bg->s;

if (sp->s.status)
{
if (!bg->done)
{
bg->done= 1;
bg->start_t= time(0)- bg->start_t+86400;
t= gmtime(&bg->start_t);
log_printf(1, "Format done on device %30.30s\n"
"status=%s, time elapsed %02u:%02u:%02u\n", l->text,
aspi_status_name(sp->s.status), t->tm_hour, t->tm_min, t->tm_sec);
if (sp->s.status!= 1)
{
log_printf(0, "Error: %s - %s\n", sense_key_short(sp),
sense_code_description(sp));
}
}
}
else
drives_busy++;
l= l->next;
}

while(kbhit())
{
key= readkey();
switch(key)
{
case KEY_ESC:
if (drives_busy== 0)
done= 1;
else
{
message("You cannot exit now (there's %u drive(s) still busy)\r\n"
"\r\n"
"%s", drives_busy, fortune(fun_message));
}
break;
case KEY_PGDN:
l= disp_start;
for (n= 0; n<= lines && l; n++)
l=l->next;
if (l)
disp_start= l;
else
disp_start= ptr->tail;
gotoxy(1,3);
clrscr_rest();
break;
case KEY_HOME:
disp_start= ptr->head;
break;
case KEY_TAB:
page= !page;
break;
}
update_t= time(0);
}

if (update_t <= time(0) )
{
gotoxy(54,1);
cprintf("%u", drives_busy);

l= disp_start;
line= 0;
while(l)
{
bg= l->otherinfo;
sp= bg->s;

gotoxy(1,line+3);
if (!page)
{
cprintf("%30.30s ", l->text);
cprintf("%-10.10s ", aspi_status_name(sp->s.status));
if (!bg->done)
t= time_elapsed(bg->start_t);
else
t= gmtime(&bg->start_t);
cprintf("%02u:%02u:%02u", t->tm_hour, t->tm_min, t->tm_sec);
clreol();
}
else
{
print_sense_info_short(sp);
clreol();
}

if (line < lines)
{
line++;
l= l->next;
}
else
l= NULL;
}
update_t= time(0)+config->screen_update;

}
}

l= ptr->head;
while(l)
{
bg= l->otherinfo;
sp= bg->s;
free(bg);
l->otherinfo= sp;
l= l->next;
}

window_destroy(w);
window_destroy(fw);

}

void format_progress() //这是看状态执行进度的
{
int w, done= 0, line, n, key, page= 0, fw, lines, drives_busy;
int rv;
unsigned int progress;
SCSI *sp, *s;
LIST *l, *disp_start, *ll;
LISTPTR *ptr;
time_t update_t;

ptr= list_init();
l= driveptr->head;
sp= scsi_init(32);
while(l)
{
if (l->marked!= 0xff)
{
idcpy(sp, (SCSI *)l->otherinfo);
clear_cdb(sp);
clear_data_buffer(sp);
rv= scsi_execute(sp, 0);
if (rv!= 1)
{
if (get_sense_code_and_qual(sp)== 0x0404)
{
ll= list_add(ptr, l->text);
s= scsi_init(32);
idcpy(s, sp);
ll->otherinfo= s;
}
}
}
l= l->next;
}
scsi_destroy(sp);

if (ptr->head)
{
fw= foot_window(1, CYAN<<4|BLUE);
cputs(" Esc=Exit Tab=Sense info");
w= window_create(0, 4, 0, 24, BLUE<<4|LIGHTGRAY, BORDER_SINGLE,
_NOCURSOR, BLUE<<4|YELLOW, "Format progress indicators");
lines= warr[w].winyy- warr[w].winy-2;

gotoxy(1,1);
cprintf("Drives busy formating : %u", list_count(ptr));
gotoxy(40,1);
cprintf("Drives busy :");
gotoxy(1,2);
cprintf("%-30.30s %-10.10s %-8.8s", "ID Drive", "Status", "%Done");

update_t= time(0);
disp_start= ptr->head;

while(!done)
{
while(kbhit())
{
key= readkey();
switch(key)
{
case KEY_ESC:
done= 1;
break;
case KEY_PGDN:
l= disp_start;
for (n= 0; n<= lines && l; n++)
l=l->next;
if (l)
disp_start= l;
else
disp_start= ptr->tail;
gotoxy(1,3);
clrscr_rest();
break;
case KEY_HOME:
disp_start= ptr->head;
break;
case KEY_TAB:
page= !page;
break;
}
update_t= time(0);
}

if (update_t <= time(0) )
{
l= disp_start;
line= 0;
drives_busy= 0;
while(l)
{
sp= l->otherinfo;
clear_cdb(sp);
clear_data_buffer(sp);
rv= scsi_execute(sp, 0);
if (rv!= 1)
{
if (get_sense_code_and_qual(sp)== 0x0404)
{
drives_busy++;
}
}

gotoxy(1,line+3);
if (!page)
{
cprintf("%30.30s ", l->text);
cprintf("%-10.10s ", sense_key_short(sp));
if (sp->s.scsi_command[sp->s.scsi_command_length+15] & 0x80)
{
progress= swapint(*(unsigned int *)
&sp->s.scsi_command[sp->s.scsi_command_length+16]);
cprintf("%4.1lf ",
((float)progress / (float)65536) * 100);

}
else
{
cprintf("%8s", "N/A ");
}

clreol();
}
else
{
print_sense_info_short(sp);
clreol();
}

if (line < lines)
{
line++;
l= l->next;
}
else
l= NULL;
}
gotoxy(54,1);
cprintf("%u", drives_busy);

update_t= time(0)+config->screen_update;
}
}

window_destroy(w);
window_destroy(fw);
}
else
{
message("No drives are currently formatting");
}
scsi_list_destroy(ptr);
list_destroy(ptr);
}

void mdrive_format() //按照上面选择的设备，让他们执行定义的格式化动作
{
LISTPTR *ptr, *ptr2;
LIST *l;
SCSI *sp;
int fw;

ptr= list_init();
ptr2= list_init();

l= NULL;
fw= foot_window(1, CYAN<<4|BLUE);
cputs(" Esc=Exit Space=Mark drive Enter=Start");

scsi_list_make(ptr, driveptr, md_dad);
l= list(ptr, "Select drive(s) to format", l, 16, LIST_MARK);
window_destroy(fw);

if (l)
{
scsi_list_make(ptr2, ptr, md_marked);
if (ptr2->head)
{
mdrive_format_list(ptr2);
update_header();
}
else
message("No device selected.");

scsi_list_destroy(ptr);
scsi_list_destroy(ptr2);
}

list_destroy(ptr);
list_destroy(ptr2);
}

硬盘缺陷表 VS 硬盘固件

上次说到低级格式化，涉及到缺陷列表的问题，看了这里好多的帖子，大家对缺陷列表的分类还是不明确，实际缺陷列表分为四类，1PLIST，2GLIST，3CLIST，4DLIST。
明确了这几个列表的区别，才能更好的编制FIRMWARE来管理自己的硬盘，维护自己的数据。

1，PLIST，基本缺陷列表 这是厂家使用专门的测试设备发现的缺陷，这些缺陷是磁介质寿命完成之后产生的永久缺陷，对于非厂家来说是不能够取消的，只能使用特别的设备来增加它，因为有GLIST，一般没有必要去动它，所以有些厂家的新销售磁盘里的GLIST的列表并不是空的。

2，GLIST，成长缺陷列表 这是对硬盘操作过程中发现的缺陷，这些缺陷可以在格式化的过程中发现，也可以由自动的（就是上面所说的让FIRMWARE自动格式过程）或者使用REASSIGN BLOCK（操作码为0X07，上面的程序里有例子）命令做重新分配的过程中发现。

3，CLIST，检查列表 它包含了在操作系统格式化过程中发现的列表，一般也存储为GLIST方式，

4，DLIST，可以人为定义的列表 先定义了这个列表，最后由系统传送给硬盘的缺陷列表，在格式化的过程中，它将变成GLIST的一部分。也可以把好的块定义进去。

实际234最后都存储在GLIST列表里，这个GLIST总的列表和存储PLIST的列表也是存放在一起的，都在磁盘的介质上。对于一些软件表面看来是两个大类，但是实际上由于产生的原因不同，软件所发出的指令也是不一样的。这点对一般人来说怎么分类不重要。

硬盘的代替扇区和柱面，模式页参数和缺陷列表都是存储在盘体的磁介质上的,这些参数和VID，PID，LBA（not LBN）等基本参数是分开的。从这一点大家可以想象，修改了FIRMWARE后还要修改盘片上的一些信息。一般情况下，修改了FIRMWARE后，低级格式化可以恢复一部分FIRMWARE预制的参数到盘片上，但是有些预制参数往往是编写FIRMWARE时任意设置的，如果造成了数据偏移，就会使GLIST出现错误，SCSI的GLIST列表记录一般最大为2000H（8191）个.发现接近或超过这个数目的GLIST记录，那这个硬盘可能就报废了。

另外说明一点，GLIST是可以读取（0X37）清除（格式化）的，但是清楚以后故障还会存在。

再放一段程序便于你们理解。

int glist(SCSI *sp)
{
SCSI *s;
int al= 8, retval= -1, rv, format;
char format_mask[]= { 0x00, 0x04, 0x05, 0 };
int format_size[]= { 4,8,8,0 };

s= scsi_init(al);
idcpy(s, sp);

s->s.scsi_command[0]= 0x37;
s->s.scsi_command[2]= 0x08;
*(unsigned int *) &s->s.scsi_command[7]= swapint(al);

for (rv= 0, format= 0; format < 3 && rv!= 1; format++)
{
s->s.scsi_command[2]&= 0xf8;
s->s.scsi_command[2]|= format_mask[format];
rv= scsi_execute(s, 0);
}
format--;

if (rv== 1)
{
retval= swapint(*(unsigned int *)&s->s.data_buffer[2])
format_size[format];
}

scsi_destroy(s);
return(retval);
}

写入自己的名字固件帮你缔造唯一真正属于自己的硬盘

谁要的SEAGATE ST336607的部分模式页在这里，自己修改响应的值再写回去就可以了。

04 3c d9 40 00 00 02 00
01 0a c8 0b ff 00 00 00 05 00 27 10
02 0e 00 00 00 0a 00 00 00 00 00 00 10 00 00 00
03 16 11 aa 00 00 00 08 00 00 02 d0 02 00 00 01 00 66 00 66 40 00 00 00
04 16 00 c2 bf 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 27 31 00 00
07 0a 08 0b ff 00 00 00 00 00 27 10
08 12 10 00 ff ff 00 00 ff ff ff ff 00 10 00 00 00 00 00 00
0a 0a 00 00 00 00 00 00 00 00 03 00
19 06 01 00 ff ff 00 00
1a 0a 00 03 00 00 00 01 00 00 00 04
1c 0a 88 04 00 00 8c a0 00 00 00 00

谁要的ASPI的调用接口，下面给你一段参考汇编程序，希望对你有用。

.MODEL large, C
.DATA

.CODE

extrn AspiEntryPoint:dword
public SRBexec

SRBexec PROC C, segm:WORD, ofs:WORD

mov ax, segm
push ax
mov ax, ofs
push ax
call DWORD PTR [AspiEntryPoint]
add sp, 4
ret
SRBexec ENDP

public swaplong

swaplong PROC C, long1,long2:WORD

mov ax, long2
xchg al, ah
mov dx, long1
xchg dl, dh

ret
swaplong ENDP

public swapint

swapint PROC C, int1:WORD

mov ax, int1
xchg al, ah

ret
swapint ENDP

end

谁说的要把自己的硬盘改成自己的名字，防止丢失，这看起来是个好主意，请把你的硬盘型号和名字写上帖到这里。

[注意]此法仅供学习与研究硬盘技术之用，请勿效仿

>>在DOS中调用的时候，使用21号中断得到入口，使用ASPI首先要初始化ASPI打开它，然后…入口……用完了要记着关闭ASPI。

>>这几段程序只是帮助理解，因为你缺了很多资源头文件，所以你不能编译。

>>有些块出现ECC错误，不一定要全部格式化硬盘，可以找个工具，先计算出你那个出错的物理块的值，然后用指令0X3E读出，自己纠正后再用指令0X3F写回去。

再说硬盘ASA级别跟硬盘固件的关系

前面说道ASA级别的事情，很多人可能也不明白着是什么东西，很多工具软件可能无法看到ASA的级别，给很多人研究SCSI硬盘造成了麻烦，现在我上段程序帮助说明问题。

要着重说明的是FIRMWARE从一个ASA级别改变到另一个ASA级别的时候一定要低级格式化和优化磁盘。

int seagate_asa_level(SCSI *s)
{
int retval= 0, rv;
SCSI *p;

if (asa_off) return(0);

if (is_seagate_disk(s))
{
p= scsi_init(0xff);
idcpy(p, s);

p->s.scsi_command[0]= 0x12; /* INQ */
p->s.scsi_command[1]= 0x01; /* EDVP=1 */
p->s.scsi_command[2]= 0xC3; /* pagenumber */
p->s.scsi_command[4]= 0xff;
rv= scsi_execute(p, 0);

if (rv== 1)
retval= 2;
else
retval= 1;

scsi_destroy(p);
}

return(retval);
}

硬盘固件的通信方式及其程序算法分析

FIRMWARE本身就是可以在硬盘里运行的DSP程序，运行过程是自身块修复操作的过程。和硬盘通信的是下载工具，一般是通过ASPI调用，也有直接操作适配卡控制硬盘的（主要是一些计算机厂商才这样）。我们开发的一般都是通过ASPI方式和硬盘通信，比较简单规范通用一些。

虽然不同的硬盘使用的DSP芯片不一样，但是都要遵守ANSI标准规范，对外通讯的接口一定要符合ANSI标准。技术规范可参考ANSI公报。

有个文件名叫sgdskfl.c,是INTEL的工程师Andy cress写的，算法上和SEAGATE的大致相同，另外还包括很多其他可移动SCSI设备和流SCSI设备的方案。

Andy Cress的编程风格很好，具有很多注释，大家应该很容易看懂。不过由于页面显示程序的缘故，所有程序代码左边的空格均无效了，因此全靠左显示，给大家浏览带来了不便。如果希望浏览更好看的代码，请访问[STOL]存储社区

/*--------------------------------------------------------------------------
Filename : sgdskfl.c
Abstract : SCSI Generic Disk Firmware Load tool
Operation System: Linux 2.2 or greater
Copyright (c) Intel Corporation 2001
Author: Andy Cress
----------- Change History -----------------------------------------------
05/01/01 v0.70 ARCress created
07/17/01 v0.91 ARCress added code to download servo also
added write_buffers code to do multi-part dl.
08/08/01 v0.92 ARCress fixed write_buffers logic for IBM disks.
09/05/01 v0.93 ARCress message cleanup
09/28/01 v0.94 ARCress turn off sg_debug in afterdl
10/15/01 v0.95 ARCress fixed IBM chunk size
10/30/01 v1.0 ARCress cleanup includes & indent -kr
11/09/01 v1.0 ARCress enlarged devstat2 from 80 to 120 for overrun
11/14/01 v1.0 ARCress added default directory for image files.
04/11/02 v1.1 ARCress path changes for log & image files,
set do_numeric=1 default
05/08/02 v1.3 ARCress tune sg_debug level down to 5 by default
08/15/02 v1.4 ARCress moved common subroutines to sgcommon
added more usage messages
09/03/02 v1.5 ARCress streamline display for errors in get_scsi_info
01/08/03 v1.6 ARCress include Quantum in getimage:fscanmodel.
----------- Description --------------------------------------------------
sgdskfl
Sequence of events for this utility:
* List each device on the system with firmware versions.
* User selects a device for firmware load (automatic if using -m)
* Read the firmware image file for the selected disk and verify that it is
valid.
* Verify that the disk is present and ready
* Close all open files, flush the adapter, sync any data to the SCSI disks.
* Write the firmware image to the disk using a 'write buffer' SCSI command
with large reserved buffer or scatter/gather.
* Wait 5 (or specified number) seconds
* Verify that the disk comes ready again using SCSI test_unit_ready commands,
and start_unit or scsi_reset to recover if not.
* If the '-m' option was used, repeat writing the firmware for each disk of
this model.
sgdskfl [-e -m diskmodel -f imagefile -t secdelay -x]
Options:
-e Do not write to any files. Usually a log file (sgdskfl.log) is created
and written to, up until the firmware download begins on root.
-m Automatically download all drives that match this model string.
Note that this option will initiate a reboot after it is done,
unless option u is also specified.
-f Specify this filename for the firmware image. Normally, this option is
not used and the filename is formed using the first 8 characters of the
model, with the ".lod" extension. For example: "st39140w.lod".
Note that this utility uses the raw firmware image without any added
headers.
-t Specifies the number of seconds to delay after the firmware is written
and the program attempts to test if the unit is ready again.
Default is 10 seconds.
-r Recover a non-ready drive by updating its firmware.
Don't test if the drive is ready or not.
-x Outputs extra debug messages
-d Specify a unix device name
----------------------------------------------------------------------------*/
/*-------------------------------------------------------------------------
Copyright (c) 2002, Intel Corporation
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
a.. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
b.. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
c.. Neither the name of Intel Corporation nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-------------------------------------------------------------------------*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include "sgsub.h"
#include "sgcommon.h"

/* External Functions prototypes */
extern void setbuf(FILE * stream, char *buf);
extern int errno;
extern char fdebugsub; /* used in sgsub.c */
extern FILE *dbgout; /* used in sgsub.c */

#define EBUFF_LEN 80
#define MAX_ERRORS 4

/* Global data definitions */
char progver[] = "1.6"; /* program version */
char *progname = "sgdskfl"; /* program name */
char logfile[] = "/var/log/sgdskfl.log"; /* log filename */
char fwsufx[] = ".lod"; /* suffix for firmware image filenames */
char model[20] = ""; /* default model string */
char fsetfile = 0;
char fwfile[20] = "default"; /* default firmware filename (8.lod) */
char defdir[30] = "/usr/share/scsirastools/"; /*default directory for fw files*/
char devname[80] = "/dev/sda"; /* UNIX device name (w path) */
char svfile[20] = "default"; /* default servo filename (8.tms) */
int sdelay = 10; /* num sec to delay before TUR */
FILE *fdlog = NULL; /* log file descriptor */
FILE *fdmsg; /* file descriptor for messages */
char fautomodel = 0; /* =1 to automatically do all of a model */
char filesok = 1; /* =1 if ok to write to files */
char fdebug = 0; /* =1 for debug messages */
char fdoreset = 0; /* =1 if need to do reset for this drive */
char flogopen = 0; /* =1 if log file is open */
char fnotur = 0; /* =1 to not try TUR */
char fdevname = 0; /* =1 if device name specified */
int do_numeric = 1; /* NUMERIC_SCAN_DEF; */
uchar sense_buffer[80]; /* buffer for sense data */
char output[132]; /* message output buffer */
char output2[80]; /* extra message output buffer */
uchar devstat[80]; /* used for inquiry & device status */
uchar devstat2[120]; /* used for Seagate inquiry2 & Mylex stat */
uchar disk_buffer[0x200]; /* 512 bytes, used for misc scsi data */
uchar *image_buffer; /* malloc'd firmware image buffer */
uchar *servo_buffer; /* malloc'd servo buffer */
int idev = 0;
int ndev = 0;
DEVLIST_TYPE devlist[32];
char *devtype_array[11] = {
"Disk ",
"Tape ",
"Printer",
"Procesr",
"WORM ",
"CD-ROM ",
"Scanner",
"Optical",
"Med Chg",
"Comm ",
"Unknown"
};

/* Local subroutines */
int writeimage(int idx, uchar * imgbuf, ulong len, char fservo);
ulong getimage(int idx, uchar ** pbuf, char fservo);
int beforedl(int idx, int *pnumrdy);
int afterdl(void);

int main(int argc, char **argv)
{
int i, c, idx;
char response = 0;
ulong size; /* size of fw */
ulong size_sv; /* size of servo */
int runl;
short sts, rc;
ulong ltime1;
char fname[64];
char ebuff[EBUFF_LEN];
int sg_fd;
int flags;
int res, k;
int eacces_err = 0;
int num_errors = 0;
DEVFS_LIST devfs_components = {0,0,0,0,0};

// progname = argv[0];
fdmsg = stdout; /* set default fdmsg */
while ((c = getopt(argc, argv, "enxrf:m:t:d:?")) != EOF)
switch (c) {
case 'e':
filesok = 0;
break;
case 'x':
fdebug = 1;
break;
case 'r':
fnotur = 1;
break;
case 'n':
do_numeric = 0;
break;
case 'f':
strcpy(fwfile, optarg);
fsetfile = 1;
break;
case 'm':
fautomodel = 1; /* automatically do all of this model */
strcpy(model, optarg);
break;
case 't':
sdelay = atoi(optarg); /* time to delay */
break;
case 'd':
strcpy(devname, optarg); /* specify a unix device name */
fdevname = 1;
break;
case '?':
default:
printf("Usage: %s [-m diskmodel -f imagefile -t secdelay -enrx]\n",
progname);
printf(" -m Automatically download all drives that match this model string\n");
printf(" -f Specify filename for firmware image instead of default\n");
printf(" -t Time in seconds to delay after the firmware is written, default 10\n");
printf(" -n Turn off Numeric, use alpha device names instead\n");
printf(" -e Do not write to any files, so don't use the log file\n");
printf(" -r Recover a non-ready drive by updating its firmware\n");
printf(" -x Outputs extra debug messages\n");
exit(1);
}
/* only run this as superuser */
i = geteuid();
if (i > 1) {
printf("Not superuser (%d)\n", i);
exit(1);
}
/* check for run-level 1 */
{
runl = 1;
/* how to check this? */
if (fdebug) {
/*DEBUG*/ printf("sdelay = %d sec\n", sdelay);
printf("run-level = %d\n", runl);
}
}
if (runl != 1) { /* show warning if not run level 1 */
printf
("Warning: Make sure disks are inactive during firmware download\n");
// dont exit, just give a warning.
}
/* open log file */
if (filesok)
fdlog = fopen(logfile, "a+");
if (fdlog == NULL) {
flogopen = 0;
filesok = 0;
fdlog = stderr;
} else { /* logfile open successful */
flogopen = 1;
time((time_t *) & ltime1);
fprintf(fdlog, "\n--- %s v%s log started at %s", progname, progver,
ctime((long *) fprintf(fdlog, "model: %s\n", model);
fprintf(fdlog, "fw file: %s\n", fwfile);
}
fdebugsub = fdebug;
dbgout = fdlog;
/* loop to display disk choices and do downloads */
while (1) {
/* display header */
printf("\n");
printf(" %s utility v%s for SCSI disks\n",
progname, progver);
printf
(" ******************************************\n");
if (flogopen)
printf("Log file %s is open, debug=%d\n", logfile, fdebug);
printf
("\nNum Name [bus:ch:id:lun] Type Vendor Device_Model FW__ Serial#_ Servo___\n");
/* get SCSI Device Info */
idev = 0;
flags = O_RDWR; /* could use OPEN_FLAG if read-only. */
num_errors = 0;
for (k = 0; (k < 1000) && (num_errors < MAX_ERRORS); ++k) {
// if (fdebug) fprintf(fdlog,"k=%d, num_errors=%d\n", k, num_errors);
if (fdevname) { /* user-specified device name */
strcpy(fname, devname);
k = 1000;
} else {
make_dev_name(fname, k, do_numeric, &devfs_components);
if (devfs_components.all_leaves_searched != 0) {
devfs_components.all_leaves_searched=0;
break;
}
}
sg_fd = open(fname, flags | O_NONBLOCK);
if (fdevname && fdebug)
fprintf(fdlog, "k=%d, %s open, sg_fd = %d\n", k, fname,
sg_fd);
if (sg_fd < 0) {
if (EBUSY == errno) {
printf("%s: device busy (O_EXCL lock), skipping\n",
fname);
continue;
} else if ((ENODEV == errno) || (ENOENT == errno) ||
(ENXIO == errno)) {
++num_errors;
continue;
} else { /* open failed with other error */
if (EACCES == errno)
eacces_err = 1;
sprintf(ebuff, "Error opening %s ", fname);
perror(ebuff);
++num_errors;
continue;
}
}
sts = get_scsi_info(sg_fd, idev, fname,1);
if (sts) {
fprintf(fdlog, "device %s failed with sts = %d, skip\n",
fname, sts);
}
if (sg_fd > 0) {
res = close(sg_fd);
if (res < 0)
fprintf(fdmsg, "Error closing %s, errno = %d\n",
fname, errno);
else
devlist[idev].sgfd = 0; /* set in get_scsi_info() */
}
idev++;
} /*end loop */
ndev = idev;
if (ndev == 0 && errno == ENODEV) { /* CONFIG_CHR_DEV_SG != y ? */
sprintf(output,
"Cant open any SCSI devices.\nMake sure CONFIG_CHR_DEV_SG is set in /usr/src/linux/.config\n");
showit(output);
quit(1);
}
else if (ndev == 0) {
sprintf(output,"Cant open any sg SCSI devices, errno = %d\n",errno);
if (errno == ENOENT)
strcat(output,"Try option -n to change /dev/sg* device names\n");
showit(output);
}
printf("\nEnter Selection ('d' to download, 'q' to quit) : ");
if (fautomodel) {
response = 'd';
printf("%c\n", response);
} else {
response = get_func();
}
if (response == 'q' || response == 'Q')
quit(0);
else if (response == 'd' || response == 'D') { /* do download */
if (fautomodel)
i = get_mdev(model); // get first matching dev
else
i = get_idev(); /* get the device index that the user picks */
if (i == 0xff)
printf("Index out of range, try again.\n");
else { /*index ok */
int numrdy;
idx = i; /* first disk to download */
size = getimage(idx, &image_buffer, 0); /* read in the firmware image */
size_sv = getimage(idx, &servo_buffer, 1); /* read in the servo image */
if (fdebug) {
/*DEBUG*/ fprintf(fdlog, "size = %ld\n", size);
if (size != 0)
fprintf(fdlog, "imgbuf: %02x %02x %02x %02x \n",
image_buffer[0], image_buffer[1],
image_buffer[2], image_buffer[3]);
if (!fautomodel) {
do_pause();
}
}
if (size == 0)
idx = ndev; /* error, skip download */
else { /* image ok */
rc = beforedl(idx, &numrdy);
if (numrdy == 0)
idx = ndev;
/* download the image to each matching disk */
for (i = idx; i < ndev; i++) {
if (devlist[I.fdoit) {
struct SCSI_INQUIRY *scsi_inq;
char fservo;
/* decide which download method to use */
scsi_inq =
(struct SCSI_INQUIRY *) devlist[I.inq;
if ((devlist[I.inq[0] & 0x1F) == 1) { /* devtype == tape */
if (strncmp
((char *) scsi_inq->vendorid,
"SEAGATE", 7) != 0)
fservo = 3; /* Seagate tapes use split buffer method 3 */
/* Tecmar, Travan, Wangtek, WangDAT tapes use method 2 */
else
fservo = 2; /* use split buffer method 2 */
}
else
if (
(strncmp
((char *) scsi_inq->vendorid, "IBM",
3) == 0)
&&
(strncmp
((char *) scsi_inq->productid, "ST",
2) != 0))
/* for all IBM disks, except Seagate OEM */
fservo = 4; /* IBM disks use split buffer method X */
else
fservo = 0; /* normal, all one buffer */
if (size > 0) { /* flash firmware */
rc =
writeimage(i, image_buffer, size,
fservo);
free(image_buffer); /*allocated in getimage() */
if (fdebug && rc != 0) {
showit((char *) disk_buffer); /*writes saved messages */
quit(rc);
}
}
if (size_sv > 0) { /* flash servo */
rc =
writeimage(i, servo_buffer, size_sv,
1);
free(servo_buffer); /*allocated in getimage() */
}
}
if (!fautomodel)
i = ndev; /* only do one if interactive */
} /*endfor each disk */
rc = afterdl();
} /*endif image ok */
} /*end else index ok */
} /*end else do download */
else { /* response not d or q */
printf("Invalid input [%c], enter 'd' or 'q'.\n", response);
}
if (fautomodel) { /* then done */
if (0) { /* if root is down and likely to hang otherwise, */
printf("Rebooting ...\n");
sleep(3);
// /* do reboot without shutdown */
} else
quit(0); /* normal exit, successful */
} else { /* interactive, go to menu again */
do_pause();
}
} /*end while(1) */
} /*end main() */

ulong getimage(int idx, uchar ** pbuf, char fservo)
{
ulong filsz;
FILE *fdimg;
struct stat statbuf;
struct SCSI_INQUIRY *scsi_inq;
char modelx[20];
char *filenm;
char fullfilenm[80];
char *buf;
int i, rc;
*pbuf = NULL;
scsi_inq = (struct SCSI_INQUIRY *) devlist[idx].inq;
if (fautomodel)
strncpy(modelx, model, strlen(model));
else
strncpy(modelx, (char *) scsi_inq->productid, 16);
for (i = 0; i < 16; i++) /* eliminate trailing spaces */
if (modelx[I == ' ')
break;
modelx[I = 0; /*stringify */
if (fdebug) {
/*DEBUG*/ fprintf(fdlog, "get image idx=%d\n", idx);
fprintf(fdlog, "fw file: %s\n", fwfile);
fprintf(fdlog,
"___________ 0....+....1....+....2....+....3....+....4\n");
fprintf(fdlog, "scsi_inq[8]: %s\n", &devlist[idx].inq[8]);
}
if (fservo != 1) {
sprintf(output, "Selected %d: [%d:%d] %s\n", idx,
devlist[idx].chn, devlist[idx].tgt, scsi_inq->vendorid);
showit(output);
}
if (!fsetfile) { /* build the default filename */
for (i = 0; i < 8; i++) { /*limit filename to 8 chars */
if (modelx[I == ' ')
break;
else
fwfile[I = tolower(modelx[I);
}
fwfile[I = 0;
strcat(fwfile, fwsufx);
}
if (fservo == 1) {
char *p;
filenm = fwfile;
strcpy(svfile, fwfile); /* servo filename */
p = strrchr(svfile, '.'); /* find last '.' in filename */
strcpy(++p, "tms"); /* skip '.', add new suffix */
filenm = svfile;
} else
filenm = fwfile;
if (fdebug)
fprintf(fdlog, "fw filename: %s\n", filenm);
/* open file */
fdimg = fopen(filenm, "r"); /* try current directory */
if (fdimg == NULL) { /* if error, set default directory */
strcpy(fullfilenm,defdir);
strcat(fullfilenm,filenm);
filenm = fullfilenm;
}
fdimg = fopen(filenm, "r"); /* try default directory */
if (fdimg == NULL) {
if (fservo == 1) {
if (fdebug)
fprintf(fdlog, "Cannot open %s, errno = %d\n", filenm,
errno);
sprintf(output, "No servo image\n");
} else
sprintf(output, "Cannot open %s, errno = %d\n", filenm, errno);
showit(output);
return (0); /* size = 0 */
}
/* get image file size */
if (fstat(fileno(fdimg), &statbuf) < 0) {
sprintf(output, "Can't get size of %s, errno = %d\n", filenm,
errno);
showit(output);
fclose(fdimg);
return (0); /* size = 0 */
}
filsz = statbuf.st_size;
buf = malloc(filsz);
if (buf == NULL) {
sprintf(output,
"Cannot allocate %ld bytes of memory, errno = %d.\n",
filsz, errno);
showit(output);
fclose(fdimg);
return (0); /* size = 0 */
}
/* read in the image file */
sprintf(output, "Reading image file %s, size = %ld\n", filenm, filsz);
showit(output);
rc = fread(buf, filsz, 1, fdimg);
if (rc == -1) {
sprintf(output, "Error reading %s, errno = %d.\n", filenm, errno);
showit(output);
fclose(fdimg);
free(buf);
return (0); /* size = 0 */
}
if (fservo != 1) {
char fscanmodel;
fscanmodel = 0;
if (strncmp((char *) scsi_inq->vendorid, "SEAGATE", 7) == 0) {
if (modelx[7] == 'W')
modelx[7] = 'N'; /*always match with narrow */
modelx[8] = 0; /* truncate to 8 chars for search */
fscanmodel = 1;
} else if (strncmp((char *) scsi_inq->vendorid, "IBM", 3) == 0)
fscanmodel = 1;
else if (strncmp((char *) scsi_inq->vendorid, "MAXTOR", 6) == 0)
fscanmodel = 1;
else if (strncmp((char *) scsi_inq->vendorid, "QUANTUM", 7) == 0)
fscanmodel = 1;
/* HITACHI and FUJITSU only have partial model strings to match */
if (fscanmodel) { /* scan image buffer for model(productid) */
/* A variable offset in the file has a list of the target models. */
rc = findmatch(buf, filsz, modelx, strlen(modelx), 1); /*also ignore case */
if (rc == -1) {
sprintf(output, "Image does not match model %s\n", modelx);
showit(output);
fclose(fdimg);
free(buf);
return (0); /* size = 0 */
}
if (fdebug) {
sprintf(output, "Image file matches model %s\n", modelx);
showit(output);
}
} /*endif scanmodel */
}
/*endif not servo */
*pbuf = buf;
fclose(fdimg);
return (filsz);
} /*end getimage() */

int write_buffers(int sgfd, uchar * buf, ulong len, uchar fservo)
{
int sts;
ulong j, sz_left;
ulong max_chunk;
uchar save_mode;
uchar bufid;
uchar ebuf[20];
if (fservo >= 2) {
if (fservo == 3) { /* Seagate tapes */
max_chunk = 0x4000;
save_mode = 0x07;
} else if (fservo == 2) { /* other tapes */
max_chunk = 0x8000;
save_mode = 0x05;
} else // if (fservo == 4) { /* IBM disks */
{
max_chunk = 0x8000; /* get this from mode page C7, bytes 16-18 */
save_mode = 0x05;
if (fdebug)
fprintf(fdlog, "IBM split buffer mode, chunk size = %ld\n",
max_chunk);
j = 0;
sz_left = len;
bufid = 0;
while (sz_left > max_chunk) {
/* Note that it uses mode 05 for every chunk, not just last one */
sts =
write_buffer(sgfd, &buf[j], max_chunk, save_mode,
bufid);
if (sts != 0) {
unsigned int k, a, q;
int rc;
rc = get_sense(sts, ebuf);
k = ebuf[2] & 0x0f; /*Sense Key */
a = ebuf[12];
/*ASC*/ q = ebuf[13];
/*ASCQ*/
sprintf(output, "wb sense error: %x/%x/%x\n", k, a,
q);
showit(output);
if (k == 03 && a == 0x30)
printf("Overlay upload error\n");
else if ((k == 2 || k == 3 || k == 4) &&
(a == 0x40 && q <= 0x85))
printf("Microcode Load Failure\n");
return (sts);
}
sz_left -= max_chunk;
j += max_chunk;
bufid++;
}
sts = write_buffer(sgfd, &buf[j], sz_left, save_mode, bufid);
return (sts);
} /*endelse IBM disks */
/* Handle the split buffer scheme */
/* This assumes that the start address is zero for all. */
bufid = 0;
j = 0;
sz_left = len;
while (sz_left > max_chunk) {
sts = write_buffer(sgfd, &buf[j], max_chunk, 0x04, bufid);
if (sts != 0)
return (sts);
sz_left -= max_chunk;
j += max_chunk;
}
sts = write_buffer(sgfd, &buf[j], sz_left, save_mode, bufid);
}
/*endif split buffer scheme */
else { /* fservo == 0, or fservo == 1 */
/* Send it all as one big buffer */
sts = write_buffer(sgfd, buf, len, 0x05, 0L);
}
return (sts);
} /* end write_buffers() */

int writeimage(int idx, uchar * imgbuf, ulong len, char fservo)
{
int sts;
int devfd;
int isave;
ulong ltime, ltime1, ltime2;
ulong ltime3;
int i, rc, rcdl;
int k, a, q;
char *tag;
uchar ch, dv;
isave = idx;
rcdl = 0;
/* Download firmware to this disk */
{
rcdl = 0;
fdoreset = 0;
if (!fautomodel)
idx = isave; /* only do selected disk */
devfd = devlist[idx].sgfd;
ch = devlist[idx].chn;
dv = devlist[idx].tgt;
if (devlist[idx].fdoit == 1) {
if (fautomodel) {
/* Sometimes next device may have a unit attention/reset check
* condition pending, so clear that first before the write_buffer.
*/
sts = test_unit_ready(devfd, 0);
if (fdebug)
fprintf(fdlog, "Extra test_unit_ready sts = %x\n",
sts);
}
time((time_t *) & ltime1); // get the start time
/* start the firmware download */
if (fservo == 1)
tag = "Servo";
else
tag = "Firmware";
sprintf(output, "Downloading %s image to disk %d %s",
tag, idx, ctime((long *) // ctime outputs a '\n' at end
showit(output);
sts = write_buffers(devfd, imgbuf, len, fservo);
if (sts) {
rcdl = sts;
sprintf(output, "[%d] Error %d in writing buffer\n", idx,
sts);
showit(output); // fdlog closed
if (fdebug || !fautomodel) {
return (rcdl); // (only if debug on)
}
}
if (fautomodel && rcdl != 0) {
/* Save error for logging later */
sprintf(output, "[%d] %s download error, status = 0x%x\n",
idx, tag, rcdl);
strcat((char *) disk_buffer, output);
/* Try to restart the drive, even if the download failed. */
return (rcdl); /*skip to next one if error */
}
// Test if Unit is Ready again
sprintf(output, "Waiting for disk to come ready again ");
showit(output);
sleep(sdelay); /* wait for the drive to reset and come ready */
for (i = 0; i < 30 && sts; i++) {
// sts = restart_device(devfd,devlist[idx].dstat);
sts = test_unit_ready(devfd, 0);
if (sts == SCHECK_CND) { /* check for certain key/asc/ascq values */
rc = get_sense(sts, sense_buffer);
k = sense_buffer[2] & 0x0f; /*Sense Key */
a = sense_buffer[12];
/*ASC*/ q = sense_buffer[13];
/*ASCQ*/ if (k == 2 && a == 4 && q == 2) {
/* 02-04-02 means it needs a start command, so issue it. */
sts = start_unit(devfd);
if (fdebug) {
/*DEBUG*/
sprintf(output, "\nStart Unit: sts=%d, ",
sts);
showit(output);
}
} /*endif 02-04-02 */
} /*endif sts */
else {
k = 0;
a = 0;
q = 0;
}
if (fdebug) {
sprintf(output, "[%d: %d %d %d]", sts, k, a, q);
showit(output);
}
fprintf(fdmsg, ".");
sleep(3);
} /* end TUR for loop */
showit("\n");
// filesok = 1; /* afterdl allows files to be opened again */
if (sts < 0) { /* still not ready, needs a reset */
fdoreset = 1;
sts = scsi_reset(devfd, 3);
if (sts) {
sprintf(output,
"Error %d during SCSI reset of channel\n",
sts);
strcat((char *) disk_buffer, output);
} else {
sprintf(output,
"SCSI reset of channel %d successful\n", ch);
strcat((char *) disk_buffer, output);
}
if (fdebug)
do_pause();
sleep(1);
sts = test_unit_ready(devfd, 0); /*first may get check condition */
sts = test_unit_ready(devfd, 1);
}
if (sts) { /* TUR status reports not ready */
rcdl = 0x1000 | sts;
sprintf(output,
"[%d] Did not come ready after download, (%d)\n",
idx, sts);
showit(output); // fdlog closed, so ok
} /*endif not ready */
else { /* successful download */
sprintf(output, "[%d] Successful %s download\n", idx, tag);
showit(output); // fdlog closed, so ok
}
if (fdebug) {
time((time_t *) & ltime3); // get the interval time into ltime3
sprintf(output,
"[%d] write_buffer complete, sts = 0x%x, elapsed secs %02ld\n",
idx, rcdl, ltime3 - ltime1);
showit(output);
}
/* Set the timeout shorter. */
k = 500;
sts = ioctl(devfd, 0x2201, &k); /* SG_SET_TIMEOUT */
// if (sts < 0) just continue
// First SCSI command after this may time out, so send a dummy command.
sts = scsi_inquiry(devfd, devstat, 80); // do a dummy inquiry
if (fdebug)
fprintf(fdmsg, "dummy inq sts = %d\n", sts); // should be ok now
if (sts != 0)
rcdl = 0x3000 | sts; // use status from inquiry
/* Dont make a device online if it was offline before we started. */
sts = test_unit_ready(devfd, 0); /*first may get check condition */
if (fdebug)
fprintf(fdmsg, "dummy tur sts = %d\n", sts); // should be ok now
/* may get 06/29/04 here */
/* Set the timeout shorter. */
k = 6000;
sts = ioctl(devfd, 0x2201, &k); /* SG_SET_TIMEOUT */
// if (sts < 0) just continue
time((time_t *) & ltime2); // get the end time into ltime2
ltime = ltime2 - ltime1; // total time in seconds
ltime1 = ltime / 3600; // num hours
ltime = ltime % 3600; // remainder, minutes & seconds
sprintf(output, "\t\t elapsed time %02ld:%02ld:%02ld\n",
ltime1, ltime / 60, ltime % 60);
showit(output); // fdlog closed, so ok
/* save result for logging later */
sprintf(output,
"[%d] %s download complete, status = 0x%x, elapsed time %02ld:%02ld:%02ld\n",
idx, tag, rcdl, ltime1, ltime / 60, ltime % 60);
strcat((char *) disk_buffer, output);
if ((rcdl & 0x0FFF) == SCHECK_CND) {
sprintf(output, " Sense data: %02x %02x %02x\n",
sense_buffer[2] & 0x0f, sense_buffer[12],
sense_buffer[13]);
strcat((char *) disk_buffer, output);
}
if (fdebug && rcdl != 0) {
return (rcdl); /* return (only if debug on) */
}
if (!fautomodel)
idx = ndev; /* end loop */
} /*endif fdoit */
} /*endfor each disk */
return (rcdl);
} /*end writeimage() */

int beforedl(int idx, int *pnumrdy)
{
struct SCSI_INQUIRY *scsi_inq;
int sts;
int sgfd;
int isave, nrdy;
char *pl;
int i, rc, rcdl;
int k, a, q;
int openflags;
char *fname;
int dbglvl;
isave = idx;
nrdy = 0;
sts = 0;
rcdl = 0;
openflags = O_RDWR; /* | O_NONBLOCK; */

/* if fautomodel, use global model from optarg */
if (!fautomodel) {
scsi_inq = (struct SCSI_INQUIRY *) devlist[idx].inq;
strncpy(model, (char *) scsi_inq->productid, 8);
model[8] = 0; /*stringify */
}
for (idx = 0; idx < ndev; idx++) {
if (!fautomodel)
idx = isave; /* only do selected disk */
fname = devlist[idx].fname;
sgfd = open(fname, openflags); /* open blocking */
if (sgfd < 0) {
printf("%s: open error, errno = %d\n", fname, errno);
return (errno);
}
devlist[idx].sgfd = sgfd;
if (fdebug) dbglvl = 10;
else dbglvl = 5;
sts = set_sg_debug(sgfd, dbglvl);
if (sts) {
sprintf(output, "[%d] cant set debug level %d, sts = %d",
idx, dbglvl, sts);
showit(output);
}
scsi_inq = (struct SCSI_INQUIRY *) devlist[idx].inq;
if (fdebug)
/*DEBUG*/
fprintf(fdlog,
"Doing Test Unit Ready on idx = %d, model=%s\n",
idx, model);
if (strncmp(model, (char *) scsi_inq->productid, 8) == 0) { /* do only ones of the same disk product id */
sts = test_unit_ready(sgfd, 0);
if (sts == SCHECK_CND) { /* not ready initially, try to make it ready */
i = get_sense(sts, sense_buffer);
k = sense_buffer[2] & 0x0f; /*Sense Key */
a = sense_buffer[12];
/*ASC*/ q = sense_buffer[13];
/*ASCQ*/ if (k == 2 && a == 4 && q == 2) {
/* 02-04-02 means it needs a start command, so issue it. */
sts = start_unit(sgfd);
if (fdebug) {
/*DEBUG*/ printf("\nStart Unit: sts=%d, ", sts);
if (sts == SCHECK_CND) {
rc = get_sense(sts, sense_buffer);
printf("sense data: %x %x %x\n",
sense_buffer[2] & 0x0f,
sense_buffer[12], sense_buffer[13]);
}
}
} /*endif 02-04-02 */
sts = test_unit_ready(sgfd, 1); /* try again */
}
if (sts) {
sprintf(output, "[%d] Error %d from Test Unit Ready\n",
idx, sts);
showit(output);
devlist[idx].fdoit = 0;
if (fnotur) {
devlist[idx].fdoit = 1;
nrdy++;
}
} else {
devlist[idx].fdoit = 1;
sprintf(output, "Device [%d] is ready for download\n",
idx);
showit(output);
nrdy++; /* number ready to download */
}
} else
devlist[idx].fdoit = 0; /* not same product id */
if (!fautomodel)
idx = ndev; /* end loop */
} /* end for devlist TUR loop */
*pnumrdy = nrdy; /* set return value */
if (nrdy == 0) {
sprintf(output, "There are no ready devices for model %s.\n",
model);
showit(output);
return (sts);
} else {
if (nrdy > 1)
pl = "s";
else
pl = "";
sprintf(output, "Starting download process for %d disk%s.\n", nrdy,
pl);
showit(output);
}
closelog(); /* sets flogopen to false */
filesok = 0; /* allows files to be opened again */
fflush(fdmsg); /* flush stdout/stderr for messages */
setbuf(fdmsg, NULL); /* set for unbuffered writes */
sync();
sync(); /* write all UNIX buffers to disk */
sleep(2);
/* can't have any more disk IOs from here on */
if (0) { /* fumntroot) *//* unmount root by default, skip it if user says not to. */
fprintf(fdmsg, "Unmounting root ...");
// rc = uadmin(4, 128, 0); /* unmount root fs */
if (rc == 0)
fprintf(fdmsg, "done\n");
else
fprintf(fdmsg, "rc = %d\n", rc);
// frootdown = 1;
}
/* Take all drives offline first if specified. */
disk_buffer[0] = 0; /* used for messages later */
return (rcdl);
} /*end beforedl() */

int afterdl(void)
{
int i, sts;
sts = 0;
/* Bring all drives online again if raid */
/* done, all drives should be ready now */
filesok = 1; /* allows files to be opened again */
showit((char *) disk_buffer); /* writes saved messages */
for (i = 0; i < ndev; i++) {
if (devlist[I.sgfd > 0) {
sts = set_sg_debug(devlist[I.sgfd, 0);
if (sts && fdebug)
fprintf(fdlog, "[%d] cant clear debug flag, sts=%d errno=%d\n",
i, sts, errno);
close(devlist[I.sgfd); /*opened in beforedl() */
devlist[I.sgfd = 0;
}
}
return (sts);
} /*end afterdl() */

/* end sgdskfl.c */

实用：教你看懂SCSI卡里的错误提示

有人问用SCSI卡里的工具时有时候会出现一些错误信息，怎么能看明白？

这里简单说一下，卡里出现的信息往往是对SCSI卡操作过程中的产生的，自带的工具和电脑程序通过ASPI对卡操作是一样的，这牵扯到ASPI的调用函数，ASPI的函数有7个：

1，00H，适配器咨询
2，01H，获取设备类型
3，02H，执行SCSI命令
4，03H，终止SCSI命令
5，04H，复位SCSI设备，这点要说明的是，由于SCSI是多任务处理，如果出错只能终止相应的SCSI命令而不能复位SCSI适配器，强制复位会导致所有的正在处理的任务全部停止运行，上面我贴出的格式化程序里就没有使用任何复位和终止命令，所以，即使在DOS中SCSI设备格式化进程运行的同时可以干别的工作。
6，05H，设置适配卡的参数
7，06H，取得设备的信息。

函数命令执行过程中程序就进入监控过程，监控程序将从ASPI获得的状态字节来判断运行情况，状态字节最常用的有7种：

1，00H，正在处理中。
2，01H，处理成功。
3，02H，SRB被主机取消
4，04H，出错
5，80H，无效的SRB
6，81H，无效的适配器
7，82H，无效的SCSI设备或者设备没有找到。

SRB。SRB是什么东西？我以前的帖子里几次都出现SRB，SRB是由8个字节组成的头标，它包含一定的参数，参数不同，SRB的功能也不一样。

在实际编程操作过程中，对于SRB的状态一定要不断的进行查询，一直到他的值从开始的00H（处理中）变成不是00H（其他状态码）为止。

说明：很多人好象不关心这写基础的东西，总问怎样修改设备的什么LOGO和序列号。我不明白LOGO是什么东西？是不是制造商和产品型号？我现在就这个问题简单说一下，过程从略，希望大家知道可以从编写FIRMWARE并修改FIRMWARE响应的区域就行了。

一般在FIRMWARE中，每个BLOCK都做了CHECKSUM和CRC检查，预防复制过程中出现错误，错误的FIRMWARE会导致升级设备的失败或者设备损坏，升级操作程序一般不做这个检查，这种检查是FIRMWARE在硬盘里运行时自己检查自身的。具体算法我不能多说了，举个例子说明吧，拿IBM的厂家的一款硬盘为例（随便举的例子用来学习使用，不要用以实验，后果自负，还要说明一点，你可能看到的代码是乱码，那是经过加密变换了的，你还要解秘变换才能看到内容），如果要修改VID和PID：[IBM IC35L146UWDY10-0]，相应的BLOCK的CHECKSUM和CRC检查代码为1011387F，如果将VID和PID改成了[STOL STOL.COM.CN]那么相应的BLOCK的CHECKSUM和CRC检查代码就应该改变为0C3E1A5E。