Is there a way to determine if a USB drive has been formatted as FAT, FAT32 or NTFS?
I think you can plug it into a Linux box and figure out what is the device (dmesg), then something like fdisk -l [device] will print out the partitions and their types.
use "mount" to show all mounted file systems. It shows the file system type and mount parameters.
Related
When a file is saved into a drive, its contents are written & then indexed. I want to get the indexes and to access the raw contents of the files.
Any idea on the method how to do it, especially for ex4 & btrfs?
UPDATE: I want to get the addresses of the extents of a file. The information about the addresses must be stored somewhere onto the disk. I want to retrieve this info, in order to map the physical location of the file contents. Any methods in order to achieve that?
UPDATE: Hello, all! Thanks for your replies. What I want is a function/command which returns me a list of extent addresses. debugfs seems the function/command with the most-relevant functionality.
It depends of the filesystem you are using. If you are running Linux you can use debufs to seek the file in the filesystem.
I have to say that all FSs are mounted through a VFS, a virtual filesystem that is like a simplified interface with the standard operations (open, close, read...). What is the meaning of that? No filesystem nor its contents(files, dirs) are opened directly from disk, when you open something, you move it to the main memory(your RAM) you do your operations and when you close something it returns to the disk drive.
Now, the question is: Can I get the absolute address in a FS? Yes, if you open your whole filesystem like open ("/dev/sdaX", 0_RDONLY); so you get the address relative to your filesystem using lseek in C for example.
And then... Can I get the same in the whole drive? No, that is because you cannot open the whole drive as a file descriptor. Remember /dev/sdaXin UNIX? Partitions and its can be opened like files because they have a virtual interface running on them.
Your last answer: Can I read really raw contents? All files are read as they appear on disk, the only thing that changes is the descriptor used by the OS and some data about how is indexed, all this as a "file header".
I hope all your questions are answered.
The current solution/workaround is to call these functions with popen:
filefrag -e /path/to/file
hdparm --fibmap /path/to/filename
Then one should simply parse the stringoutputs of these programs. It is not a real solution (i.e.: outputs at C/C++ level), but I'll accept it for now.
Sources:
https://unix.stackexchange.com/questions/106802/what-command-do-i-use-to-see-the-start-and-end-block-of-a-file-in-the-file-syste
https://serverfault.com/questions/29886/how-do-i-list-a-files-data-blocks-on-linux
I know it's possible on linux. I tried using open("E:", 0); and open("E:\\", 0); but it returns as -1. I'd like to read the DVD as a large file rather than use it as a filesystem.
There's plenty of information on the CreateFile documentation on MSDN. It's fairly simple, though: "When opening a volume or removable media drive (for example, a floppy disk drive or flash memory thumb drive), the lpFileName string should be the following form: \\.\X:. Do not use a trailing backslash \, which indicates the root directory of a drive.
I get the id of my hard disk like this:
system("hdparm -i /dev/xxx > /tmp/hdid");
How can I get the device name (/dev/sda or /dev/sdb or /dev/hda, etc) from a program in C?
Thanks
Your question is not clear at all to me - If this is Linux then try:
getmntent() to enumerate mounted file systems
The /proc/mounts directory lists mounted devices
The /dev/disks directory lists disk devices, their names are usually sda, sdb, etc. This includes devices that are not mounted. The entries there are symlinks, so readlink or ls -l will reveal the target.
I am working in the kernel and I am trying to make a system call that takes a partition as input (i.e. /dev/sda1) and then prints every file on the filesystem using printk().
I enter a partition (i.e. /dev/sda1) and I put a printk() inside this system call to print.
First, I tried to do this with a process, because if I am right each process is represented by a task_struct and I tried to access the files with the files_struct. But the problem is that I only have the file descriptors of the opened files and not all the files.
So, what I want to do is that I pass the name of the partition and I printk() the names of all the files.
For example:
I enter the path /dev/sda1 as an argument and let's suppose I have the file a.txt and b.txt inside this partition , so the system call should print a.txt and b.txt.
The signature will be like this:
asmlinkage long sys_acall(char *partition_name);
There is a few things that needs to be discussed.
The partition_name parameter of your syscall should have the __user tag.
If you want to, strictly speaking, read files from a partition you will have to implement filesystem recognition (is that partition ext3, reiserfs, ntfs, ...?) and then implement the driver for that kind of filesystem. As Christ pointed out, partitions doesn't contain files but filesystems does. Another option is use the drivers already implemented for the filesystem on that partition. This option is just horrible.
If you want to read files from a filesystem your work gets easier, you can use the VFS interface to access it, but you will need that filesystem to be mounted (you can do it on-the-fly though).
My final opinion, I would change "implement a system call that prints every file in a partition" for "implement a system call that prints every file in a directory". The signature for that system call would be:
asmlinkage long sys_crazyness(__user const char *dir);
We don't care if the directory passed is the root of a filesystem or just a folder in any depth-level of a filesystem.
If you can change your problem to this one it would be much easier ;)
I need to clear sector 0 for removable media devices (custom USB memory devices) which I have been trying to clear within a WPF/C# application. My first attempt was to use DD, but I ran into problems. During the manufacturing of the devices a MBR is created at sector 0 and the volume (logical?) starts at sector 40. When I issue the following command it clears sector 40 and not sector 0:
dd bs=512 count=1 if=/dev/zero of=\.\E:
I found another version of DD here which includes a wipe utility. I tried this version and I am seeing the same behavior. I am using both HxD and Runtime's DiskExplorer that sector 40 is being cleared and not sector 0. I could use HxD or Runtime's DiskExplorer, but this needs to be scriptable.
Does anyone know of any other methods of clearing (filling) sector 0 within Windows XP SP2?? Any help would be greatly appreciated. Thanks.
Mark
Solution: My solution used WMI to find the physical drive based upon the logical drive letter. First, query the Win32_LogicalDiskToPartition class to find the logical drive I am looking for. This provides the Antecedent field which constains something like '...DeviceID="Disk #X, Partition #Y"'. Next, I query Win32_DiskDriveToDiskPartition class while searching against the Dependent field to find the match for the Antecedent field within the Win32_LogicalDiskToPartition class. Once found, the Antecedent field from Win32_LogicalDiskToPartition will yield the physical drive. I selected atzz since it is the closes to my solution. I wanted to use Eugene's suggestion, but I only had a few hours to implement this so I selected the easier of the two. I will need to revisit this at a later time though.
There are two ways to format a USB drive, from Windows standpoint:
As a floppy disk. In this case entire USB drive contains a single file system, and its boot record is located in sector 0.
As a hard drive. In this case, sector 0 contains MBR with partition table. Actual file system(s) with their individual boot records are located further on the drive.
I think you are observing the second case. Using \.\E: to identify the device, you end up accessing file system's boot record instead of MBR.
Here is how you can access sector 0 of the USB drive.
Load WinObj from here.
In WinObj, under GLOBAL??, find E:. It will be a SymbolicLink pointing to something like \Device\Harddisk2\DP(1)0-0+30.
Under GLOBAL??, find a PhysicalDrive# symlink referring to the same Harddisk# that you found on step 2. Most probably it will have the same numeric suffix as Harddisk#. E.g.: SymbolicLink PhysicalDrive2 refers to \Device\Harddisk2\DR47.
Use the PhysicalDrive# you've found in DD command:
dd bs=512 count=1 if=\\.\PhysicalDrive2 of=mbr.dat
You are trying to clear logical device E: and not physical device. Try doing the following:
call CreateFile() WinAPI function to open "\\.\PhysicalDriveX" where X is the number of the device (see Remarks in description of CreateFile function for information about how to open the physical device properly). Then use WriteFile API function to write 512 bytes at offset 0 of the opened device.
If you get permission denied error when opening the device for writing, you can take our RawDisk product (trial version will work fine for you) which lets one bypass this security measure of Windows.
upd: As for calling CreateFile from C#, see PInvoke.net.