Since your computer is still on, you have a good chance of saving things.
First, sysfs
exposes the kernel's in memory view of partition tables. Right now, your kernel has not reread the disk's table and it remembers your partitioning. Inside /sys/block/sda/
, there should be one directory for each partition. Each such subdirectory contains a file start
and a file size
, which represent the partition's location and size, in sectors. Run fdisk
and then recreate each partition (in order!) with the information in its sysfs
directory. Note that you will have to create a new partition table, too. Make sure your new partition table is the same as the one before. You can check this in /sys/block/sda
. If you see sda1
up to sda7
while you only have 6 partitions, you likely had MBR, and otherwise it was probably GPT. You also need to set flags and types for these partitions. Look at /etc/fstab
and try to glean information about the types of partitions you have, then check Wikipedia to convert those to codes for your partitioning scheme.
Since you appear to be able to use your filesystem, it's likely that your dd
did not get to overwrite any of it, since most of the important bits of a filesystem are at the front. Check /etc/fstab
to see which partitions correspond to what part of your system, and then use the amount of data dd
copied to get an estimate of how much you nuked. If you overwrote only part of a filesystem a good fsck
might be able to fix it a bit (but you've lost a good chunk of data).
Most likely, you overwrote /boot
. You'll have to reinstall your kernel (with aptitude
) and reinstall GRUB2 (with grub-install
) (which got both its first and second stage destroyed). GRUB2 is configured with files in /etc
, so you won't have to manually recreate anything.
dd
has shown its ugly 'Data Destroyer' face again :-( It has overwritten the head end of the drive (corresponding to the size of the iso file). The data that were there are lost. Have you got a fairly recent backup of the files that you cannot afford to lose? Otherwise you must prepare for hard work to repair the partition table and file systems, best on a cloned copy using Testdisk, and if that fails, even harder work to recover file data to be found 'behind' the part of the drive that is overwritten. You can use PhotoRec for that purpose. See this link, cgsecurity.orgdd
has shown its ugly 'Data Destroyer' face again" - Except it's nothing to do withdd
, it's to do with directly accessing a disk device as root. Any other tool could've had the same effect.cat image.iso > /dev/sda
would have had the exact same effect. Orpv ...
. Or, to some extent, evenvi /dev/sda
. In fact, this reminds me of the story where Linus Torvalds tried to dial in to a network using his hard drive device rather than the modem device, overwriting the start of his drive with the dial-in handshake. Nothing to do withdd
..iso
file? Did you interruptdd
, or did it run to completion?dd
like this (for this purpose), so I think the 'Data Destroyer' warning is relevant, although the completely correct warning should be longer: "Do not use a command line likesudo dd if=image.iso of=/dev/sdx
to clone to a mass storage device. Use a tool that helps you identify and select the correct target device and that has a final checkpoint, so that you can double-check that you will clone from the iso file to the correct target device, e.g. StartupDiskCreator, Disks, mkusb, Win32DiskImager."