Attached is a sample binary which fills sector #0 with 0xcd 0xab 0xcd 0xab pattern. Use it with care if you do decide to, as it overwrites a region which usually contains MBR, on the virtual disk.
I wasn't able to upload the a.bin directly; please run the below command to decode:
Code:
base64 -d a.txt > a.bin
# In case you want to see the instructions:
#Skip 32 bytes of multiboot header
dd if=a.bin of=b.bin skip=32 bs=1
objdump -D -b binary -m i386 b.bin
Code:
qemu-system-i386 -kernel a.bin -hda disk.img -trace enable=ide_*
WARNING: Image format was not specified for 'disk.img' and probing guessed raw.
Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted.
Specify the 'raw' format explicitly to remove the restrictions.
. . .
. . .
ide_ioport_write IDE PIO wr @ 0x1f6 (Device/Head); val 0x40; bus 0x5617afa3a4d0 IDEState 0x5617afa3a928
ide_ioport_write IDE PIO wr @ 0x1f2 (Sector Count); val 0x00; bus 0x5617afa3a4d0 IDEState 0x5617afa3a558
ide_ioport_write IDE PIO wr @ 0x1f3 (Sector Number); val 0x00; bus 0x5617afa3a4d0 IDEState 0x5617afa3a558
ide_ioport_write IDE PIO wr @ 0x1f4 (Cylinder Low); val 0x00; bus 0x5617afa3a4d0 IDEState 0x5617afa3a558
ide_ioport_write IDE PIO wr @ 0x1f5 (Cylinder High); val 0x00; bus 0x5617afa3a4d0 IDEState 0x5617afa3a558
ide_ioport_write IDE PIO wr @ 0x1f2 (Sector Count); val 0x01; bus 0x5617afa3a4d0 IDEState 0x5617afa3a558
ide_ioport_write IDE PIO wr @ 0x1f3 (Sector Number); val 0x00; bus 0x5617afa3a4d0 IDEState 0x5617afa3a558
ide_ioport_write IDE PIO wr @ 0x1f4 (Cylinder Low); val 0x00; bus 0x5617afa3a4d0 IDEState 0x5617afa3a558
ide_ioport_write IDE PIO wr @ 0x1f5 (Cylinder High); val 0x00; bus 0x5617afa3a4d0 IDEState 0x5617afa3a558
ide_ioport_write IDE PIO wr @ 0x1f7 (Command); val 0x34; bus 0x5617afa3a4d0 IDEState 0x5617afa3a558
ide_exec_cmd IDE exec cmd: bus 0x5617afa3a4d0; state 0x5617afa3a558; cmd 0x34
ide_ioport_read IDE PIO rd @ 0x1f7 (Status); val 0x58; bus 0x5617afa3a4d0 IDEState 0x5617afa3a558
ide_data_writew IDE PIO wr @ 0x1f0 (Data: Word); val 0xabcd; bus 0x5617afa3a4d0; IDEState 0x5617afa3a558
ide_data_writew IDE PIO wr @ 0x1f0 (Data: Word); val 0xabcd; bus 0x5617afa3a4d0; IDEState 0x5617afa3a558
. . .
# 256 such 0xabcd writes.
. . .
ide_data_writew IDE PIO wr @ 0x1f0 (Data: Word); val 0xabcd; bus 0x5617afa3a4d0; IDEState 0x5617afa3a558
ide_data_writew IDE PIO wr @ 0x1f0 (Data: Word); val 0xabcd; bus 0x5617afa3a4d0; IDEState 0x5617afa3a558
ide_sector_write sector=0 nsectors=1
ide_ioport_write IDE PIO wr @ 0x1f7 (Command); val 0xe7; bus 0x5617afa3a4d0 IDEState 0x5617afa3a558
ide_exec_cmd IDE exec cmd: bus 0x5617afa3a4d0; state 0x5617afa3a558; cmd 0xe7
After the write is done, close qemu and check disk.img using hexdump to see if it wrote the pattern.
It helps if the disk.img is filled with zeros before running the binary.
Even with the warning, the data was written, and it remained persistent.
You may want to check if this binary works on your qemu setup.
---
Edit: In the qemu's monitor/compatmonitor view, run "info block" to see if there's anything that suggests that qemu is treating the disk as read-only.
Code:
(qemu) info block
ide0-hd0 (#block108): disk.img (raw)
Attached to: /machine/unattached/device[23]
Cache mode: writeback
. . .