Step-by-step examples of how to use the disk editor can be found here.

Introduction

This chapter describes the use and functionality of the DiskPatch built-in disk editor.

A disk editor is a powerful tool that enables you to alter the contents of your hard disk without an operating system 'interfering'. This process is also called 'patching'. Editing hard disks requires expertise: you need to be familiar with the hexadecimal notation, and more importantly you need to be aware of how disks are organized. When viewing data on your hard disk using any disk editor, all data looks alike. Regardless of whether data is part of a Word document, an executable file or some file system structure such as the $MFT file in the NTFS file system, it is up to you, the user, to recognize the data that is displayed.

  (a disk's MBR as seen when using the disk editor)

For example, the primary partition table on a hard disk consists of a 64 bytes structure in sector 0 (the very first sector on the hard disk, also known as the MBR). If you have the expertise to locate the partition table, convert hex data to decimal values and interpret the different fields in a partition table entry, a disk editor is an extremely powerful tool allowing you to manipulate the hard disk contents without having to rely on the operating system. At the same time this makes a disk editor a potentially destructive tool if you don't exactly know what you are doing.

To make patching a disk more comfortable, DiskPatch can interpret a sector's data as if it were a partition table, or a FAT/FAT32/NTFS boot sector. By doing so it allows you to edit structures that are important for our purpose, being  data recovery, using decimal values and plain ascii ('normal' characters from the alphabet).

Using the disk editor

Browsing the disk

Select [Utilities], [Diskeditor] to start the disk editor. A warning screen may appear if the disk has not been analyzed (using the 'support analysis scan' or the 'partition table repair' scan). This means that certain browse functions that allow you to view all the important sectors that were found during the analysis, can not be used.
DiskPatch will show the 'create undo archive' dialogue. Enter a description or leave the suggested text and press <enter> to create the new undo file. Press <escape> at this point to skip creating the undo file. If enabled, all actions that will be performed after this prompt will be captured in the undo file, including 'import sector' actions. Beware that this could make the undo file quite large.
The disk editor always starts with the displaying of sector 0 (the MBR) of the selected disk.

To navigate the disk use the following keys:

[*] - these keys can only be used when the disk has been analyzed.

The information bar at the top of the disk editor screen displays information relevant to the browse option you use, on the right side of the screen:

• Example :  Item: 1/28 PTE1/FAT32 
  when browsing using the <up> and <down> keys, the type of sector that you are browsing is displayed. The information consists of 4 elements: the number of the item in the database, the total number of items in the database, the sector type, and the partition type. The example would be read as follows: you are viewing a partition table entry sector for a FAT32 type partition, and it's the first item in the database, which contains 28 items in total. The following types of sectors are identified:
  PTE for partition Table / BS for Boot Sector / BBS for Backup Boot Sector / F8FF for FAT sector.

• Example :  BS for PL entry 4 
  when browsing using the (ctrl)+<up> and <down> keys, details for the partition that is connected to the boot sector location you are viewing, are displayed. The information bar at the top of the disk edit screen will display (on the right side) for which partition list entry you are viewing a boot sector [*]. The example would be read as follows: you are looking at the boot sector location for entry 4 in the DiskPatch partition list.
  During browsing the status bar at the bottom of the screen will display relevant information for the partition that is connected to the boot sector location you are viewing, such as partition type and size.

[*] - a partition list entry in this context is an entry in the DiskPatch partition list. This list is shown when you select partitions for recovery during the partition table repair.

Other ways of navigating the disk

Another convenient way to locate partition tables and boot sectors is by displaying sector 0 (the MBR) as a 'partition table sector'. Make sure you are at sector 0 (press (ctrl)+<home>) and press <F5> to display the MBR as a partition table sector.

Once the Partition List is displayed you can use the entry number (1 to 4) to jump immediately to the LBA start location for that entry's item (either a partition or an Extended Partition Table Sector): press the corresponding number to jump to that partition entry's starting location (boot sector) or the next EPBR (in case of an extended partition table entry). 'Hopping' through the partitions like this is a quick and easy way to locate a specific partition table or boot sector.

To jump to any LBA address of your choice, press <F4> and enter the LBA address.

The disk editor main menu

Press <F10> to open the main menu.

This menu lists all the disk editor functions. Some functions can be accessed from the disk editor main screen by pressing the corresponding key, listed on the right side of the menu.

While it is possible to edit a boot sector in raw HEX you're advised not to do so. By using templates there is less room for error. You must specify if the current sector should be interpreted and edited as a FAT, FAT32 or NTFS boot sector. Once the boot sector editor has started, press <F10> for the boot sector editor menu. Select the appropriate action from the menu; edit, clear all fields, revert changes, exit & save.

Only for FAT(32) boot sectors: below the heading -info (calculated)- some additional information is displayed to help you locate certain disk structures. The values that are displayed are based on current boot sector values; as such they change when the appropriate values in the boot sector are changed.

Press <F10> to bring up the menu. From the menu you can exit the editor, revert any changes you made, clear the sector or switch the 'edit mode'. When switching edit mode, you alternate between the Hex edit mode or the Text edit mode. You can also switch modes from the editor main screen by pressing <tab>.
When changing bytes in the Hex edit mode, you must always type the 2 characters that make up the byte value; to change a byte value to "A" you must type "0A". If you start typing the first of the 2 characters, you can abort by pressing <esc>. A byte value that has been changed is displayed in yellow, making it easy to see where you left off when performing complex edits.

Enter the number of sectors you want to back up to a file, and enter a filename. The default filename suggested by DiskPatch will always be associated with the selected sector's address. This makes it easier to restore the 'backup' without you having to remember the backup's filename: when restoring the sector to its original location, DiskPatch will again suggest a default filename that is associated with this sector address. You can however use any filename you wish, but since DiskPatch runs in DOS, DOS file naming conventions apply (8 characters for the filename, the 3 character extension is reserved for use by DiskPatch).
The export process can be aborted by pressing <esc>. All sectors exported until then will be saved, the file will not be deleted.

[Copy to ClipBoard] will copy the current sector to the clipboard.
[Copy from ClipBoard] will copy the sector that's currently in the clipboard to the current sector on the disk.
[Compare to ClipBoard] will compare the current sector to the sector in the clipboard. If any differences exist the start offset for the differences will be displayed.
[Display/Edit ClipBoard] will start the sector editor with the sector from the clipboard loaded, allowing you to view and modify the sector in the clipboard.