You can subscribe to this list here.
| 2001 |
Jan
(38) |
Feb
(25) |
Mar
(37) |
Apr
(50) |
May
|
Jun
(156) |
Jul
(174) |
Aug
(94) |
Sep
(107) |
Oct
(18) |
Nov
(153) |
Dec
(91) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(79) |
Feb
(117) |
Mar
(39) |
Apr
(164) |
May
(12) |
Jun
(64) |
Jul
(138) |
Aug
(43) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2005 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
(17) |
Jun
(100) |
Jul
(210) |
Aug
(127) |
Sep
(89) |
Oct
(214) |
Nov
(176) |
Dec
(20) |
| 2006 |
Jan
(29) |
Feb
(85) |
Mar
(45) |
Apr
(54) |
May
(9) |
Jun
(7) |
Jul
(28) |
Aug
(65) |
Sep
(3) |
Oct
(62) |
Nov
(68) |
Dec
(52) |
| 2007 |
Jan
(6) |
Feb
|
Mar
(8) |
Apr
|
May
|
Jun
(2) |
Jul
(4) |
Aug
|
Sep
|
Oct
(2) |
Nov
|
Dec
|
|
From: Richard R. <fl...@us...> - 2002-07-15 16:30:44
|
Changes by: flatcap
Update of /cvsroot/linux-ntfs/linux-ntfs/ntfstools
In directory usw-pr-cvs1:/tmp/cvs-serv11841
Modified Files:
ntfsundelete.8.in ntfsundelete.c ntfsundelete.h
Log Message:
more tidying, more comments
Index: ntfsundelete.8.in
===================================================================
RCS file: /cvsroot/linux-ntfs/linux-ntfs/ntfstools/ntfsundelete.8.in,v
retrieving revision 1.2
retrieving revision 1.3
diff -U2 -r1.2 -r1.3
--- ntfsundelete.8.in 15 Jul 2002 02:57:21 -0000 1.2
+++ ntfsundelete.8.in 15 Jul 2002 16:30:41 -0000 1.3
@@ -1,7 +1,6 @@
-.\" -*- nroff -*-
.\" Copyright (c) 2002 Richard Russon. All Rights Reserved.
.\" This file may be copied under the terms of the GNU Public License.
.\"
-.TH NTFSUNDELETE 8 "June 2002" "Linux-NTFS version @VERSION@"
+.TH NTFSUNDELETE 8 "June 2002" "Linux\-NTFS version @VERSION@"
.SH NAME
ntfsundelete \- recover a deleted file from an NTFS volume.
@@ -13,9 +12,4 @@
.B device
.SH DESCRIPTION
-In the simplest case,
-.B ntfsundelete
-scans an NTFS volume for files that have been deleted and prints
-a list of them.
-.PP
.B ntfsundelete
has three modes of operation:
@@ -24,4 +18,24 @@
and
.I copy.
+
+
+
+
+In the simplest case,
+.B ntfsundelete
+scans an NTFS volume for files that have been deleted and prints
+a list of them.
+.PP
+
+
+.PP
+.B Note:
+.B ntfsundelete
+only ever
+.B reads
+from the NTFS Volume.
+.B ntfsundelete
+will never change the volume.
+
.SH OPTIONS
Below is a summary of all the options that
@@ -57,6 +71,6 @@
an NTFS volume, any filename matching (using the
.I \-\-match
-option) is case-insensitive. This option makes the maching
-case-sensitive.
+option) is case\-insensitive. This option makes the maching
+case\-sensitive.
.TP
.BI "\-\-copy " range
@@ -70,7 +84,7 @@
which will be created in the current directory. This option can
be combined with the
-.B --output
+.B \-\-output
and
-.B --destination
+.B \-\-destination
options.
.TP
@@ -110,5 +124,5 @@
option, by only looking for matching filenames. The pattern can include the
wildcards '?', match exactly one character or '*', match zero or more
-characters. By default the matching is case-insensitive. To make the search
+characters. By default the matching is case\-insensitive. To make the search
case sensitive, use the
.B \-\-case
@@ -121,7 +135,7 @@
.BI "\-\-output " file
Use this option to set name of output file that
-.B --undelete
+.B \-\-undelete
or
-.B --copy
+.B \-\-copy
will create.
.TP
@@ -146,9 +160,9 @@
This list can be filtered by filename, size, percentage recoverable or last
modification time, using the
-.B --match,
-.B --size,
-.B --percent
+.B \-\-match,
+.B \-\-size,
+.B \-\-percent
and
-.B --time
+.B \-\-time
options, respectively.
.TP
@@ -161,13 +175,13 @@
.B \-\-scan
option, by looking for a particular range of file sizes. The range may be
-specified as two numbers separated by a '-'. The sizes may be abbreviated
+specified as two numbers separated by a '\-'. The sizes may be abbreviated
using the suffixes k, m, g, t, for kilobytes, megabytes, gigabytes and terabytes
respectively.
.TP
-.BI "\-t " time
+.BI "\-t " since
.br
.ns
.TP
-.BI "\-\-time " time
+.BI "\-\-time " since
Filter the output of the
.B \-\-scan
@@ -182,8 +196,8 @@
.BI "\-\-undelete " num
Recover the file with this inode number. This option can be combined with
-.B --output,
-.B --destination,
+.B \-\-output,
+.B \-\-destination,
and
-.B --byte.
+.B \-\-byte.
.TP
.B \-v
@@ -205,4 +219,6 @@
.SH EXAMPLES
.SH CAVEATS
+.SS Miracles
+.SS Extended MFT Records
.B ntfsundelete
cannot perform miracles.
@@ -210,4 +226,7 @@
guarantee that the file hasn't been partially overwritten.
read only
+locale
+extended mft records != file framentation
+if you find this tool useful
potential, no guarantee
.SH BUGS
@@ -217,5 +236,5 @@
.SH AVAILABILITY
.B ntfsundelete
-is part of the linux-ntfs package and is available from
+is part of the linux\-ntfs package and is available from
.br
.nh
Index: ntfsundelete.c
===================================================================
RCS file: /cvsroot/linux-ntfs/linux-ntfs/ntfstools/ntfsundelete.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -U2 -r1.11 -r1.12
--- ntfsundelete.c 15 Jul 2002 02:57:21 -0000 1.11
+++ ntfsundelete.c 15 Jul 2002 16:30:41 -0000 1.12
@@ -51,4 +51,7 @@
static const char *AUTHOR = "Richard Russon (FlatCap)";
static const char *EXEC_NAME = "ntfsundelete";
+static const char *MFTFILE = "mft";
+static char *UNKNOWN = "unknown";
+static char *NONAME = "<none>";
static struct options opts;
@@ -89,5 +92,5 @@
" -C --case Case sensitive matching\n"
" -S range --size range Match files of this size\n"
- " -t time --time time Last referenced since this time\n"
+ " -t since --time since Last referenced since this time\n"
"\n"
" -u num --undelete num Undelete inode\n"
@@ -106,5 +109,4 @@
}
-
/**
* transform - Convert a shell style pattern to a regex
@@ -338,5 +340,4 @@
}
-
/**
* parse_options - Read and validate the programs command line
@@ -350,21 +351,21 @@
int parse_options (int argc, char *argv[])
{
- static const char *sopt = "-sp:m:CS:t:u:o:d:b:c:fvVh";
+ static const char *sopt = "-b:Cc:d:fhm:o:p:sS:t:u:vV";
static const struct option lopt[] = {
- { "scan", no_argument, NULL, 's' },
- { "percentage", required_argument, NULL, 'p' },
- { "match", required_argument, NULL, 'm' },
+ { "byte", required_argument, NULL, 'b' },
{ "case", no_argument, NULL, 'C' },
+ { "copy", required_argument, NULL, 'c' },
+ { "destination", required_argument, NULL, 'd' },
+ { "force", no_argument, NULL, 'f' },
+ { "help", no_argument, NULL, 'h' },
+ { "match", required_argument, NULL, 'm' },
+ { "output", required_argument, NULL, 'o' },
+ { "percentage", required_argument, NULL, 'p' },
+ { "scan", no_argument, NULL, 's' },
{ "size", required_argument, NULL, 'S' },
{ "time", required_argument, NULL, 't' },
{ "undelete", required_argument, NULL, 'u' },
- { "output", required_argument, NULL, 'o' },
- { "destination", required_argument, NULL, 'd' },
- { "byte", required_argument, NULL, 'b' },
- { "copy", required_argument, NULL, 'c' },
- { "force", no_argument, NULL, 'f' },
{ "verbose", no_argument, NULL, 'v' },
{ "version", no_argument, NULL, 'V' },
- { "help", no_argument, NULL, 'h' },
{ NULL }
};
@@ -393,20 +394,16 @@
}
break;
- case 's':
- if (opts.mode == MODE_NONE)
- opts.mode = MODE_SCAN;
- else
- opts.mode = MODE_ERROR;
- break;
- case 'u':
- if (opts.mode == MODE_NONE) {
- opts.mode = MODE_UNDELETE;
- opts.uinode = strtol (optarg, &end, 0);
+ case 'b':
+ if (opts.fillbyte == -1) {
+ opts.fillbyte = strtol (optarg, &end, 0);
if (end && *end)
err++;
} else {
- opts.mode = MODE_ERROR;
+ err++;
}
break;
+ case 'C':
+ opts.match_case++;
+ break;
case 'c':
if (opts.mode == MODE_NONE) {
@@ -418,34 +415,15 @@
}
break;
- case 'S':
- if ((opts.size_begin > 0) || (opts.size_end > 0) ||
- !parse_range (argv[optind-1], &opts.size_begin,
- &opts.size_end)) {
- err++;
- }
- break;
- case 't':
- if (opts.since == 0) {
- if (!parse_time (argv[optind-1], &opts.since))
- err++;
- } else {
- err++;
- }
- break;
- case 'o':
- if (!opts.output) {
- opts.output = argv[optind-1];
- } else {
+ case 'd':
+ if (!opts.dest)
+ opts.dest = argv[optind-1];
+ else
err++;
- }
break;
- case 'b':
- if (opts.fillbyte == -1) {
- opts.fillbyte = strtol (optarg, &end, 0);
- if (end && *end)
- err++;
- } else {
- err++;
- }
+ case 'f':
+ opts.force++;
+ break;
+ case 'h':
+ help++;
break;
case 'm':
@@ -455,4 +433,11 @@
err++;
break;
+ case 'o':
+ if (!opts.output) {
+ opts.output = argv[optind-1];
+ } else {
+ err++;
+ }
+ break;
case 'p':
if (opts.percent == -1) {
@@ -464,15 +449,34 @@
}
break;
- case 'd':
- if (!opts.dest)
- opts.dest = argv[optind-1];
+ case 's':
+ if (opts.mode == MODE_NONE)
+ opts.mode = MODE_SCAN;
else
- err++;
+ opts.mode = MODE_ERROR;
break;
- case 'C':
- opts.match_case++;
+ case 'S':
+ if ((opts.size_begin > 0) || (opts.size_end > 0) ||
+ !parse_range (argv[optind-1], &opts.size_begin,
+ &opts.size_end)) {
+ err++;
+ }
break;
- case 'f':
- opts.force++;
+ case 't':
+ if (opts.since == 0) {
+ if (!parse_time (argv[optind-1], &opts.since))
+ err++;
+ } else {
+ err++;
+ }
+ break;
+ case 'u':
+ if (opts.mode == MODE_NONE) {
+ opts.mode = MODE_UNDELETE;
+ opts.uinode = strtol (optarg, &end, 0);
+ if (end && *end)
+ err++;
+ } else {
+ opts.mode = MODE_ERROR;
+ }
break;
case 'v':
@@ -482,13 +486,10 @@
ver++;
break;
- case 'h':
- help++;
- break;
default:
- if (((optopt == 'u') || (optopt == 'o') ||
- (optopt == 'd') || (optopt == 'p') ||
- (optopt == 'b') || (optopt == 'c') ||
- (optopt == 'm') || (optopt == 'S') ||
- (optopt == 't')) && (!optarg)) {
+ if (((optopt == 'b') || (optopt == 'c') ||
+ (optopt == 'd') || (optopt == 'm') ||
+ (optopt == 'o') || (optopt == 'p') ||
+ (optopt == 'S') || (optopt == 't') ||
+ (optopt == 'u')) && (!optarg)) {
printf ("Option '%s' requires an "
"argument.\n", argv[optind-1]);
@@ -519,5 +520,5 @@
err++;
}
- if (opts.case && !opts.match) {
+ if (opts.match_case && !opts.match) {
printf ("The --case option doesn't make sense without the --match option\n");
err++;
@@ -560,5 +561,4 @@
}
-
/**
* ntfs2utc - Convert an NTFS time to Unix time
@@ -583,5 +583,6 @@
* given attribute type.
*
- * XXX it won't overflow the buffer as long as the context doesn't include an inode.
+ * N.B. This will return a pointer into @mft. As long as the search context
+ * has been created without an inode, it won't overflow the buffer.
*
* Return: Pointer Success, an attribute was found
@@ -607,4 +608,7 @@
* The return value is a pointer into the MFT record that was supplied.
*
+ * N.B. This will return a pointer into @mft. The pointer won't stray outside
+ * the buffer, since we created the search context without an inode.
+ *
* Return: Pointer Success, an attribute was found
* NULL Error, no matching attributes were found
@@ -658,5 +662,4 @@
}
-
/**
* cluster_in_use - Determine if a cluster is in use
@@ -715,5 +718,5 @@
/**
- * get_filenames - Read the MFT Record's $FILENAME attributes
+ * get_filenames - Read an MFT Record's $FILENAME attributes
* @file: The file object to work with
*
@@ -727,4 +730,6 @@
* object.
*
+ * XXX pref_name
+ *
* Return: n The number of $FILENAME attributes found
* -1 Error
@@ -735,6 +740,7 @@
FILE_NAME_ATTR *attr;
ntfs_attr_search_ctx *ctx;
- int count = 0;
struct filename *name;
+ int count = 0;
+ int space = 4;
if (!file)
@@ -776,4 +782,9 @@
}
+ if (attr->file_name_type < space) {
+ file->pref_name = name->name;
+ space = attr->file_name_type;
+ }
+
list_add_tail (&name->list, &file->name);
count++;
@@ -785,5 +796,5 @@
/**
- * get_data - Read the MFT Record's $DATA attributes
+ * get_data - Read an MFT Record's $DATA attributes
* @file: The file object to work with
* @vol: An ntfs volume obtained from ntfs_mount
@@ -858,5 +869,4 @@
}
-
/**
* read_record - Read an MFT record into memory
@@ -1176,5 +1186,4 @@
struct list_head *item;
char *name = NULL;
- int space = 4;
long long size = 0;
int percent = 0;
@@ -1192,16 +1201,4 @@
flagd = 'F';
- list_for_each (item, &file->name) {
- struct filename *f = list_entry (item, struct filename, list);
-
- if (f->name_space < space) {
- name = f->name;
- space = f->name_space;
- }
-
- //size = max (size, f->size_alloc);
- //size = max (size, f->size_data);
- }
-
list_for_each (item, &file->data) {
struct data *d = list_entry (item, struct data, list);
@@ -1221,6 +1218,8 @@
}
- if (!name)
- name = "<none>";
+ if (file->pref_name)
+ name = file->pref_name;
+ else
+ name = NONAME;
printf ("%-8lld %c%c%c%c%c %3d%% %s %9lld %s\n",
@@ -1229,5 +1228,4 @@
}
-
/**
* name_match - Does a file have a name matching a regex
@@ -1266,7 +1264,15 @@
}
-
/**
- * scan_disk
+ * scan_disk - Search an NTFS volume for files that could be undeleted
+ * @vol: An ntfs volume obtained from ntfs_mount
+ *
+ * Read through all the MFT entries looking for deleted files. For each one
+ * determine how much of the data lies in unused disk space.
+ *
+ * The list can be filtered by name, size and date, using command line options.
+ *
+ * Return: -1 Error, something went wrong
+ * n Success, the number of recoverable files
*/
int scan_disk (ntfs_volume *vol)
@@ -1360,7 +1366,14 @@
}
-
/**
- * write_data
+ * write_data - Write out a block of data
+ * @fd: File descriptor to write to
+ * @buffer: Data to write
+ * @bufsize: Amount of data to write
+ *
+ * Write a block of data to a file descriptor.
+ *
+ * Return: -1 Error, something went wrong
+ * 0 Success, all the data was written
*/
int write_data (int fd, const char *buffer, int bufsize)
@@ -1383,48 +1396,67 @@
result2 = write (fd, buffer, bufsize);
if (result2 < 0)
- return result2;
+ return result1;
return result1 + result2;
}
-
/**
- * open_file
+ * open_file - Create a file based on the dir, name and stream supplied
+ * @dir: Directory in which to create the file (optional)
+ * @name: Filename to give the file (optional)
+ * @stream: Name of the stream (optional)
+ *
+ * Create a file and return the file descriptor. All the components are
+ * optional. If the name is missing, "unknown" will be used. If the directory
+ * is missing the file will be created in the current directory. If the stream
+ * name is present it will be appended to the filename, delimited by a colon.
+ *
+ * Return: -1 Error, failed to create the file
+ * n Success, this is the file descriptor
*/
-int open_file (struct ufile *file, char *dest)
+int open_file (const char *dir, const char *name, const char *stream)
{
- char buffer[256];
- struct list_head *item;
- char *name = NULL;
- int space = 4;
-
- if (!file)
- return -1;
-
- list_for_each (item, &file->name) {
- struct filename *f = list_entry (item, struct filename, list);
-
- if (f->name_space >= space)
- continue;
-
- name = f->name;
- space = f->name_space;
- }
+ char buf[256];
if (!name)
- name = "unknown";
+ name = UNKNOWN;
- if (dest)
- snprintf (buffer, sizeof (buffer), "%s/%s", dest, name);
+ if (dir)
+ if (stream)
+ snprintf (buf, sizeof (buf), "%s/%s:%s", dir, name, stream);
+ else
+ snprintf (buf, sizeof (buf), "%s/%s", dir, name);
else
- snprintf (buffer, sizeof (buffer), "%s", name);
+ if (stream)
+ snprintf (buf, sizeof (buf), "%s:%s", name, stream);
+ else
+ snprintf (buf, sizeof (buf), "%s", name);
- printf ("Creating file: %s\n", buffer);
+ printf ("Creating file: %s\n", buf);
- return open (buffer, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR);
+ return open (buf, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR);
}
/**
- * undelete_file
+ * undelete_file - Recover a deleted file from an NTFS volume
+ * @vol: An ntfs volume obtained from ntfs_mount
+ * @inode: MFT Record number to be recovered
+ *
+ * Read an MFT Record and try an recover any data associated with it. Some of
+ * the clusters may be in use; these will be filled with zeros or the fill byte
+ * supplied in the options.
+ *
+ * Each data stream will be recovered and saved to a file. The file's name will
+ * be the original filename and it will be written to the current directory.
+ * Any named data stream will be saved as filename:streamname.
+ *
+ * The output file's name and location can be altered by using the command line
+ * options.
+ *
+ * N.B. We cannot tell if someone has overwritten some of the data since the
+ * file was deleted.
+ *
+ * Return: 0 Error, something went wrong
+ * 1 Success, the data was recovered
*/
int undelete_file (ntfs_volume *vol, long long inode)
@@ -1472,11 +1504,13 @@
struct data *d = list_entry (item, struct data, list);
+ /*
if (d->name) {
printf ("skipping named stream\n");
continue;
}
+ **/
if (d->resident) {
- fd = open_file (file, opts.dest);
+ fd = open_file (opts.dest, file->pref_name, d->name);
if (fd < 0) {
printf ("couldn't create file\n");
@@ -1507,5 +1541,5 @@
}
- fd = open_file (file, opts.dest);
+ fd = open_file (opts.dest, file->pref_name, d->name);
if (fd < 0) {
printf ("couldn't create file\n");
@@ -1591,12 +1625,20 @@
}
-
/**
- * copy_mft
+ * copy_mft - Write a range of MFT Records to a file
+ * @vol: An ntfs volume obtained from ntfs_mount
+ * @mft_begin: First MFT Record to save
+ * @mft_end: Last MFT Record to save
+ *
+ * Read a number of MFT Records and write them to a file.
+ *
+ * Return: 0 Success, all the records were written
+ * 1 Error, something went wrong
*/
int copy_mft (ntfs_volume *vol, long long mft_begin, long long mft_end)
{
ntfs_attr *mft;
- char *buffer = NULL;
+ char *buffer;
+ const char *name;
long long i;
int result = 1;
@@ -1606,4 +1648,7 @@
return 1;
+ if (mft_end < mft_begin)
+ return 1;
+
buffer = malloc (vol->mft_record_size);
if (!buffer)
@@ -1615,7 +1660,13 @@
}
- fd = open ("mft", O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
- if (fd < 0)
+ name = opts.output;
+ if (!name)
+ name = MFTFILE;
+
+ fd = open_file (opts.dest, MFTFILE, NULL);
+ if (fd < 0) {
+ printf ("error\n");
goto attr;
+ }
//printf ("MFT records\n");
@@ -1627,5 +1678,5 @@
for (i = mft_begin; i <= mft_end; i++) {
- printf ("for i = %lld\n", i);
+ //printf ("for i = %lld\n", i);
if (ntfs_attr_pread (mft, vol->mft_record_size * i, vol->mft_record_size, buffer) < vol->mft_record_size) {
printf ("ntfs_attr_pread failed\n");
@@ -1649,7 +1700,14 @@
}
-
/**
- * valid_device
+ * valid_device - Perform some safety checks on the device, before we start
+ * @name: Full pathname of the device/file to work with
+ * @force: Continue regardless of problems
+ *
+ * Check that the name refers to a device and that is isn't already mounted.
+ * These checks can be overridden by using the force option.
+ *
+ * Return: 0 Error, we cannot use this device
+ * 1 Success, we can continue
*/
int valid_device (const char *name, int force)
@@ -1695,5 +1753,10 @@
/**
- * main
+ * main - Begin here
+ *
+ * Start from here.
+ *
+ * Return: 0 Success, the program worked
+ * 1 Error, something went wrong
*/
int main (int argc, char *argv[])
Index: ntfsundelete.h
===================================================================
RCS file: /cvsroot/linux-ntfs/linux-ntfs/ntfstools/ntfsundelete.h,v
retrieving revision 1.7
retrieving revision 1.8
diff -U2 -r1.7 -r1.8
--- ntfsundelete.h 14 Jul 2002 15:53:03 -0000 1.7
+++ ntfsundelete.h 15 Jul 2002 16:30:41 -0000 1.8
@@ -93,4 +93,5 @@
struct list_head name; /* A list of filenames */
struct list_head data; /* A list of data streams */
+ char *pref_name; /* The preferred filename */
int attr_list; /* MFT record may be one of many */
int directory; /* MFT record represents a directory */
|
|
From: Richard R. <fl...@us...> - 2002-07-15 15:09:26
|
Changes by: flatcap Update of /cvsroot/linux-ntfs/linux-ntfs/ntfstools In directory usw-pr-cvs1:/tmp/cvs-serv17680 Modified Files: mkntfs.c Log Message: lingering attribute name problems Index: mkntfs.c =================================================================== RCS file: /cvsroot/linux-ntfs/linux-ntfs/ntfstools/mkntfs.c,v retrieving revision 1.80 retrieving revision 1.81 diff -U2 -r1.80 -r1.81 --- mkntfs.c 11 Jul 2002 16:20:34 -0000 1.80 +++ mkntfs.c 15 Jul 2002 15:09:21 -0000 1.81 @@ -5,5 +5,5 @@ * * Copyright (c) 2000-2002 Anton Altaparmakov. - * Copyright (C) 2001 Richard Russon. + * Copyright (C) 2001-2002 Richard Russon. * * This utility will create an NTFS 1.2 (Windows NT 4.0) volume on a user @@ -1227,5 +1227,5 @@ } } else - uname = NULL; + uname = AT_NONAME; /* Check if the attribute is already there. */ ctx = ntfs_get_attr_search_ctx(NULL, m); @@ -1379,5 +1379,5 @@ if (ctx) ntfs_put_attr_search_ctx(ctx); - if (uname) + if (uname && (uname != AT_NONAME)) free(uname); if (rl) @@ -1408,5 +1408,5 @@ return -ENAMETOOLONG; } else - uname = NULL; + uname = AT_NONAME; /* Check if the attribute is already there. */ ctx = ntfs_get_attr_search_ctx(NULL, m); @@ -1481,5 +1481,5 @@ if (ctx) ntfs_put_attr_search_ctx(ctx); - if (uname) + if (uname && (uname != AT_NONAME)) free(uname); return err; |
|
From: Richard R. <fl...@us...> - 2002-07-15 02:57:26
|
Changes by: flatcap Update of /cvsroot/linux-ntfs/linux-ntfs/ntfstools In directory usw-pr-cvs1:/tmp/cvs-serv11411 Modified Files: ntfsundelete.8.in ntfsundelete.c Log Message: start tidying up and documenting Index: ntfsundelete.8.in =================================================================== RCS file: /cvsroot/linux-ntfs/linux-ntfs/ntfstools/ntfsundelete.8.in,v retrieving revision 1.1 retrieving revision 1.2 diff -U2 -r1.1 -r1.2 --- ntfsundelete.8.in 30 Jun 2002 22:46:51 -0000 1.1 +++ ntfsundelete.8.in 15 Jul 2002 02:57:21 -0000 1.2 @@ -1,4 +1,4 @@ .\" -*- nroff -*- -.\" Copyright (c) 2002 Anton Altaparmakov. All Rights Reserved. +.\" Copyright (c) 2002 Richard Russon. All Rights Reserved. .\" This file may be copied under the terms of the GNU Public License. .\" @@ -8,9 +8,208 @@ .SH SYNOPSIS .B ntfsundelete -.I [options] -.I device +[ +.I options +] +.B device .SH DESCRIPTION +In the simplest case, .B ntfsundelete -will try to recover a deleted file from an NTFS volume. +scans an NTFS volume for files that have been deleted and prints +a list of them. +.PP +.B ntfsundelete +has three modes of operation: +.I scan, +.I undelete +and +.I copy. +.SH OPTIONS +Below is a summary of all the options that +.B ntfsundelete +accepts. All options have two equivalent names. The short name +is preceded by +.BR \- +and the long name is preceded by +.BR \-\- . +Any single letter options, that don't take an argument, can be +combined into a single command, e.g. +.BR \-fv +is equivalent to +.BR "\-f \-v". +Long named options can be abbreviated to any unique prefix of +their name. +.TP +.BI "\-b " num +.br +.ns +.TP +.BI "\-\-byte " num +If any clusters of the file cannot be recovered, the missing +parts will be filled with this byte. The default is zeros. +.TP +.B \-C +.br +.ns +.TP +.B \-\-case +When +.I scanning +an NTFS volume, any filename matching (using the +.I \-\-match +option) is case-insensitive. This option makes the maching +case-sensitive. +.TP +.BI "\-\-copy " range +.br +.ns +.TP +.BI "\-c " range +This wizard's option will write a block of MFT FILE records to +a file. The default file is +.I mft +which will be created in the current directory. This option can +be combined with the +.B --output +and +.B --destination +options. +.TP +.BI "\-d " dir +.br +.ns +.TP +.BI "\-\-destination " dir +This option controls where to put the output file of the +.B \-\-undelete +and +.B \-\-copy +options. +.TP +.B \-f +.br +.ns +.TP +.B \-\-force +This will override some sensible defaults, such as not overwriting an existing +file. Use this option with caution. +.TP +.B \-h +.br +.ns +.TP +.B \-\-help +Show a list of options with a brief description of each one. +.TP +.BI "\-m " pattern +.br +.ns +.TP +.BI "\-\-match " pattern +Filter the output of the +.B \-\-scan +option, by only looking for matching filenames. The pattern can include the +wildcards '?', match exactly one character or '*', match zero or more +characters. By default the matching is case-insensitive. To make the search +case sensitive, use the +.B \-\-case +option. +.TP +.BI "\-o " file +.br +.ns +.TP +.BI "\-\-output " file +Use this option to set name of output file that +.B --undelete +or +.B --copy +will create. +.TP +.BI "\-p " num +.br +.ns +.TP +.BI "\-\-percentage " num +Filter the output of the +.B \-\-scan +option, by only matching files with a certain amount of recoverable content. +.B Please read the caveats section for more details. +.TP +.B \-s +.br +.ns +.TP +.B \-\-scan +Search through an NTFS volume and print a list of files that could be recovered. +This is the default action of +.B ntfsundelete. +This list can be filtered by filename, size, percentage recoverable or last +modification time, using the +.B --match, +.B --size, +.B --percent +and +.B --time +options, respectively. +.TP +.BI "\-S " range +.br +.ns +.TP +.BI "\-\-size " range +Filter the output of the +.B \-\-scan +option, by looking for a particular range of file sizes. The range may be +specified as two numbers separated by a '-'. The sizes may be abbreviated +using the suffixes k, m, g, t, for kilobytes, megabytes, gigabytes and terabytes +respectively. +.TP +.BI "\-t " time +.br +.ns +.TP +.BI "\-\-time " time +Filter the output of the +.B \-\-scan +option. Only match files that have been altered since this time. The time must +be given as number using a suffix of d, w, m, y for days, weeks, months or years +ago. +.TP +.BI "\-u " num +.br +.ns +.TP +.BI "\-\-undelete " num +Recover the file with this inode number. This option can be combined with +.B --output, +.B --destination, +and +.B --byte. +.TP +.B \-v +.br +.ns +.TP +.B \-\-verbose +Increase the amount of output that +.B ntfsundelete +prints. +.TP +.B \-V +.br +.ns +.TP +.B \-\-version +Show the version number, copyright and license +.B ntfsundelete. +.SH EXAMPLES +.SH CAVEATS +.B ntfsundelete +cannot perform miracles. +Even if a file is entirely within unused portions of the disk, it does not +guarantee that the file hasn't been partially overwritten. +read only +potential, no guarantee +.SH BUGS .SH AUTHOR .B ntfsundelete @@ -19,5 +218,14 @@ .B ntfsundelete is part of the linux-ntfs package and is available from -http://linux-ntfs.sourceforge.net/. - - +.br +.nh +http://linux\-ntfs.sourceforge.net/downloads.html +.hy +This manual page is available online at: +.br +.nh +http://linux\-ntfs.sourceforge.net/tools/ntfsundelete.html +.hy +.SH SEE ALSO +.BR ntfsinfo(8) +.br Index: ntfsundelete.c =================================================================== RCS file: /cvsroot/linux-ntfs/linux-ntfs/ntfstools/ntfsundelete.c,v retrieving revision 1.10 retrieving revision 1.11 diff -U2 -r1.10 -r1.11 --- ntfsundelete.c 14 Jul 2002 15:53:03 -0000 1.10 +++ ntfsundelete.c 15 Jul 2002 02:57:21 -0000 1.11 @@ -84,22 +84,22 @@ { printf ("Usage: %s [options] device\n" - " -s --scan Scan for files (default)\n" - " -p num --percentage num Minimum percentage recoverable\n" - " -m regex --match regex Only work on files with matching names\n" - " -C --case Case sensitive matching\n" - " -S range --size range Match files of this size\n" - " -t time --time time Last referenced since this time\n" + " -s --scan Scan for files (default)\n" + " -p num --percentage num Minimum percentage recoverable\n" + " -m pattern --match pattern Only work on files with matching names\n" + " -C --case Case sensitive matching\n" + " -S range --size range Match files of this size\n" + " -t time --time time Last referenced since this time\n" "\n" - " -u num --undelete num Undelete inode\n" - " -o file --output file Save with this filename\n" - " -d dir --destination dir Destination directory\n" - " -b num --byte num Fill missing parts with this byte\n" + " -u num --undelete num Undelete inode\n" + " -o file --output file Save with this filename\n" + " -d dir --destination dir Destination directory\n" + " -b num --byte num Fill missing parts with this byte\n" "\n" - " -c range --copy range Write a range of MFT records to a file\n" + " -c range --copy range Write a range of MFT records to a file\n" "\n" - " -f --force Use less caution\n" - " -v --verbose More output\n" - " -V --version Version information\n" - " -h --help Print this help\n\n", + " -f --force Use less caution\n" + " -v --verbose More output\n" + " -V --version Version information\n" + " -h --help Print this help\n\n", EXEC_NAME); @@ -108,5 +108,20 @@ /** - * transform + * transform - Convert a shell style pattern to a regex + * @pattern: The string to be converted + * + * This will transform patterns, such as "*.doc" to true regular expressions. + * The function will also place '^' and '$' around the expression to make it + * behave as the user would expect + * + * Before After + * . \. + * * .* + * ? . + * + * N.B. The returned string must be freed by the caller. + * + * Return: Pointer, A newly allocated string for the regex + * NULL An error occurred */ char * transform (const char *pattern) @@ -159,5 +174,24 @@ /** - * parse_time + * parse_time - Convert a time abbreviation to seconds + * @string: The string to be converted + * @since: The absolute time referred to + * + * Strings representing times will be converted into a time_t. The numbers will + * be regarded as seconds unless suffixed. + * + * Suffix Description + * [yY] Year + * [mM] Month + * [wW] Week + * [dD] Day + * [sS] Second + * + * Therefore, passing "1W" will return the time_t representing 1 week ago. + * + * N.B. Only the first character of the suffix is read. + * + * Return: 1 Success + * 0 Error, the string was malformed */ int parse_time (const char *string, time_t *since) @@ -187,5 +221,4 @@ case 'd': case 'D': result *= 24; case 'h': case 'H': result *= 3600; - case 's': case 'S': case 0: break; @@ -202,5 +235,20 @@ /** - * parse_size + * parse_size - Convert a string representing a size + * @value: The string to be parsed + * + * Read a string and convert it to a number. Strings may be suffixed to scale + * them. Any number without a suffix is assumed to be in bytes. + * + * Suffix Description Multiple + * [tT] Terabytes 10^12 + * [gG] Gigabytes 10^9 + * [mM] Megabytes 10^6 + * [kK] Kilobytes 10^3 + * + * N.B. The multipliers are decimal thousands, not binary: 1000, not 1024. + * + * Return: n The parsed valued + * -1 An error occurred */ long long parse_size (const char *value) @@ -229,4 +277,9 @@ case 'm': case 'M': result *= 1000; case 'k': case 'K': result *= 1000; + case '-': case 0: + break; + default: + printf ("bad suffix\n"); + return -1; } @@ -235,5 +288,15 @@ /** - * parse_range + * parse_range - Convert a string representing a range of numbers + * @string: The string to be parsed + * @start: The beginning of the range will be stored here + * @finish: The end of the range will be stored here + * + * Read a string of the form n-m. If the lower end is missing, zero will be + * substituted. If the upper end is missing LONG_MAX will be used. If the + * string cannot be parsed correctly, @start and @finish will not be changed. + * + * Return: 1 Success, a valid string was found + * 0 Error, the string was not a valid range */ int parse_range (const char *string, long long *start, long long *finish) @@ -246,9 +309,4 @@ middle = strchr (string, '-'); - if (!middle) { - //printf ("strchr\n"); - return 0; - } - if (string == middle) { //printf ("no start\n"); @@ -260,19 +318,25 @@ } - if (middle[1] == 0) { - //printf ("no stop\n"); - b = LONG_MAX; + if (middle) { + if (middle[1] == 0) { + //printf ("no stop\n"); + b = LONG_MAX; + } else { + b = parse_size (middle+1); + if (b < 0) + return 0; + } } else { - b = parse_size (middle+1); - if (b < 0) - return 0; + b = a; } *start = a; *finish = b; + printf ("range = %lld - %lld\n", a, b); return 1; } + /** * parse_options - Read and validate the programs command line @@ -343,12 +407,14 @@ } else { opts.mode = MODE_ERROR; - err++; } break; case 'c': - if (opts.mode == MODE_NONE) + if (opts.mode == MODE_NONE) { + if (!parse_range (argv[optind-1], &opts.mft_begin, &opts.mft_end)) + err++; opts.mode = MODE_COPY; - else + } else { opts.mode = MODE_ERROR; + } break; case 'S': @@ -423,6 +489,6 @@ (optopt == 'd') || (optopt == 'p') || (optopt == 'b') || (optopt == 'c') || - (optopt == 'm') || (optopt == 'S')) && - (!optarg)) { + (optopt == 'm') || (optopt == 'S') || + (optopt == 't')) && (!optarg)) { printf ("Option '%s' requires an " "argument.\n", argv[optind-1]); @@ -450,5 +516,9 @@ if (opts.output || opts.dest || (opts.fillbyte != -1)) { printf ("Scan can only be used with --percent, " - "--match, --ignore-case or --size.\n"); + "--match, --ignore-case, --size and --time.\n"); + err++; + } + if (opts.case && !opts.match) { + printf ("The --case option doesn't make sense without the --match option\n"); err++; } @@ -458,5 +528,5 @@ (opts.size_begin > 0) || (opts.size_end > 0)) { printf ("Undelete can only be used with " - "--output, --destination or --byte.\n"); + "--output, --destination and --byte.\n"); err++; } @@ -467,5 +537,5 @@ opts.match_case || (opts.size_begin > 0) || (opts.size_end > 0)) { - printf ("Copy can only be used with --output\n"); + printf ("Copy can only be used with --output and --destination.\n"); err++; } @@ -487,5 +557,5 @@ usage(); - return (err == 0); + return ((err == 0) && !help && !ver); } @@ -1161,5 +1231,13 @@ /** - * name_match + * name_match - Does a file have a name matching a regex + * @re: The regular expression object + * @file: The file to be tested + * + * Iterate through the file's $FILENAME attributes and compare them against the + * regular expression, created with regcomp. + * + * Return: 1 There is a matching filename. + * 0 There is no match. */ int name_match (regex_t *re, struct ufile *file) @@ -1188,4 +1266,5 @@ } + /** * scan_disk @@ -1516,7 +1595,56 @@ * copy_mft */ -int copy_mft (ntfs_volume *vol) +int copy_mft (ntfs_volume *vol, long long mft_begin, long long mft_end) { - return 0; + ntfs_attr *mft; + char *buffer = NULL; + long long i; + int result = 1; + int fd; + + if (!vol) + return 1; + + buffer = malloc (vol->mft_record_size); + if (!buffer) + return 1; + + mft = ntfs_attr_open (vol->mft_ni, AT_DATA, NULL, 0); + if (!mft) { + goto free; + } + + fd = open ("mft", O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); + if (fd < 0) + goto attr; + + //printf ("MFT records\n"); + //printf (" Total: %8lld\n", vol->nr_mft_records); + //printf (" Begin: %8lld\n", mft_begin); + //printf (" End: %8lld\n", mft_end); + + mft_end = min (mft_end, vol->nr_mft_records - 1); + + for (i = mft_begin; i <= mft_end; i++) { + printf ("for i = %lld\n", i); + if (ntfs_attr_pread (mft, vol->mft_record_size * i, vol->mft_record_size, buffer) < vol->mft_record_size) { + printf ("ntfs_attr_pread failed\n"); + goto close; + } + + if (write_data (fd, buffer, vol->mft_record_size) < vol->mft_record_size) { + printf ("write_data failed\n"); + goto close; + } + } + + result = 0; +close: + close (fd); +attr: + ntfs_attr_close (mft); +free: + free (buffer); + return result; } @@ -1604,5 +1732,5 @@ break; case MODE_COPY: - result = copy_mft (vol); + result = copy_mft (vol, opts.mft_begin, opts.mft_end); break; default: |
|
From: ? <sz...@us...> - 2002-07-14 18:13:07
|
Changes by: szaka
Update of /cvsroot/linux-ntfs/linux-ntfs/ntfstools
In directory usw-pr-cvs1:/tmp/cvs-serv32416/ntfstools
Modified Files:
ntfsresize.c
Log Message:
Mark the NTFS volume dirty. No need for ntfsfix anymore after ntfsresize.
Index: ntfsresize.c
===================================================================
RCS file: /cvsroot/linux-ntfs/linux-ntfs/ntfstools/ntfsresize.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -U2 -r1.13 -r1.14
--- ntfsresize.c 14 Jul 2002 15:43:35 -0000 1.13
+++ ntfsresize.c 14 Jul 2002 18:13:04 -0000 1.14
@@ -177,5 +177,5 @@
/* Needs to be multiple of 8 bytes */
bm_bsize = (bm_bsize + 7) & ~7;
- printf("Bitmap byte size : %lld (%lld clusters)\n",
+ Dprintf("Bitmap byte size : %lld (%lld clusters)\n",
bm_bsize, rounded_up_division(bm_bsize, vol->cluster_size));
@@ -449,5 +449,5 @@
u64 k = (u64)rl[i].lcn + j;
ntfs_set_bit(lcn_bitmap.bm, k, 0);
- printf("Unallocate cluster: "
+ Dprintf("Unallocate cluster: "
"%llu (%llx)\n", k, k);
}
@@ -464,5 +464,5 @@
rl_set(rl + trunc_at + 1, nr_bm_clusters, -1LL, 0LL);
- printf("Runlist truncated at index %d, "
+ Dprintf("Runlist truncated at index %d, "
"new cluster length %d\n", trunc_at, i);
}
@@ -641,10 +641,10 @@
"please try again (or see -f option).\n");
+ printf("NTFS volume version: %d.%d\n", vol->major_ver, vol->minor_ver);
if (ntfs_is_version_supported(vol))
- perr_exit("Unknown NTFS version %d.%d detected",
- vol->major_ver, vol->minor_ver);
+ perr_exit("Unknown NTFS version");
- printf("Cluster size : %u\n", vol->cluster_size);
- printf("Number of clusters: %lld\n", vol->nr_clusters);
+ printf("Cluster size : %u\n", vol->cluster_size);
+ printf("Number of clusters : %lld\n", vol->nr_clusters);
setup_lcn_bitmap();
@@ -678,7 +678,19 @@
/* FIXME: first do all checks before any write attempt */
- if (!opt.ro_flag)
+ if (!opt.ro_flag) {
+ u16 flags;
+
+ flags = vol->flags | VOLUME_IS_DIRTY;
+ if (vol->major_ver >= 2)
+ flags |= VOLUME_MOUNTED_ON_NT4;
+
+ printf("Setting NTFS $Volume flag dirty ...\n");
+ if (ntfs_set_volume_flags(vol, flags))
+ perr_exit("Failed to set $Volume dirty");
+
+ printf("Resetting $LogFile ...\n");
if (ntfs_reset_logfile(vol))
perr_exit("Failed to reset $LogFile");
+ }
truncate_badclust_file(new_volume_size);
@@ -687,8 +699,9 @@
/* FIXME: create backup boot sector -- if possible*/
- /* FIXME: set the volume dirty */
- printf("NTFS had been resized on device %s. "
- "Please run 'ntfsfix' on it.\n", vol->dev_name);
+ printf("==> NTFS had been successfully resized on device %s.\n"
+ "==> New NTFS volume size is %lld MB.\n"
+ "==> Now you can go on to resize/split the partition.\n",
+ vol->dev_name, (((opt.size * vol->cluster_size) >> 20) + 1));
return 0;
|
|
From: Anton A. <an...@us...> - 2002-07-14 17:41:52
|
Changes by: antona
Update of /cvsroot/linux-ntfs/linux-ntfs
In directory usw-pr-cvs1:/tmp/cvs-serv25947
Modified Files:
ChangeLog
Log Message:
Update changelog
Index: ChangeLog
===================================================================
RCS file: /cvsroot/linux-ntfs/linux-ntfs/ChangeLog,v
retrieving revision 1.71
retrieving revision 1.72
diff -U2 -r1.71 -r1.72
--- ChangeLog 12 Jul 2002 08:23:42 -0000 1.71
+++ ChangeLog 14 Jul 2002 17:41:48 -0000 1.72
@@ -135,6 +135,8 @@
- Move run list functions to runlist.[hc]. (Richard Russon)
- Add new API to volume.[hc] and use it (Szakacsits Szabolcs):
- ntfs_is_version_supported(), and
- NTFS_V{1_[12],2_x,3_[01]}() macros.
+ ntfs_is_version_supported(),
+ NTFS_V{1_[12],2_x,3_[01]}() macros,
+ ntfs_reset_logfile(), and
+ ntfs_set_volume_flags().
12/03/2002 - 1.6.0 - More mkntfs options and cleanups.
|
|
From: ? <sz...@us...> - 2002-07-14 17:25:01
|
Changes by: szaka
Update of /cvsroot/linux-ntfs/linux-ntfs/libntfs
In directory usw-pr-cvs1:/tmp/cvs-serv21283/libntfs
Modified Files:
attrib.c
Log Message:
Remove obsolote/unused set_attribute_value()
Index: attrib.c
===================================================================
RCS file: /cvsroot/linux-ntfs/linux-ntfs/libntfs/attrib.c,v
retrieving revision 1.62
retrieving revision 1.63
diff -U2 -r1.62 -r1.63
--- attrib.c 14 Jul 2002 17:21:32 -0000 1.62
+++ attrib.c 14 Jul 2002 17:24:58 -0000 1.63
@@ -224,105 +224,4 @@
}
-/**
- * set_attribute_value
- */
-int set_attribute_value(ntfs_volume *vol, ATTR_RECORD *a,
- const u8 *b, s64 l)
-{
- /* Sanity check. */
- if (!vol || !a || !b) {
- errno = EINVAL;
- return 0;
- }
- /* FIXME: We can't deal with changes in attribute value length at the
- moment. */
- if ((l != get_attribute_value_length(a)) || !l) {
- errno = ENOTSUP;
- return 0;
- }
- /* Complex attribute? */
- if (a->flags) {
- puts("Enountered non-zero attribute flags. Cannot handle this "
- "yet.");
- errno = ENOTSUP;
- return 0;
- }
- if (!a->non_resident) { /* Attribute is resident. */
- /* Sanity check. */
- if (le32_to_cpu(a->value_length) +
- le16_to_cpu(a->value_offset) > le32_to_cpu(a->length)) {
- errno = EINVAL;
- return 0;
- }
- memcpy((char*)a + le16_to_cpu(a->value_offset), b, l);
- errno = 0;
- return 1;
- } else { /* Attribute is not resident. */
- run_list *rl;
- s64 total, w;
- int i;
-
- /* If no data return 1. FIXME: This needs to change when we can
- cope with changes in length of the attribute. */
- if (!(a->data_size)) {
- errno = 0;
- return 1;
- }
- /* Decompress the mapping pairs array into a run list. */
- rl = ntfs_decompress_mapping_pairs(vol, a, NULL);
- if (!rl) {
- errno = EINVAL;
- return 0;
- }
- /* Now write all clusters to disk from b. */
- for (i = 0, total = 0; rl[i].length && (l > 0); i++) {
- w = ntfs_pwrite(vol->fd, rl[i].lcn <<
- vol->cluster_size_bits, min(l,
- rl[i].length << vol->cluster_size_bits),
- b + total);
- if (w != min(l, rl[i].length <<
- vol->cluster_size_bits)) {
-#define ESTR "Error writing attribute value"
- if (w == -1) {
- int eo = errno;
- perror(ESTR);
- errno = eo;
- } else if (w < min(l, rl[i].length <<
- vol->cluster_size_bits)) {
- fprintf(stderr, ESTR ": Ran out of "
- "input data.\n");
- errno = EIO;
- } else {
- fprintf(stderr, ESTR ": unknown "
- "error\n");
- errno = EIO;
- }
-#undef ESTR
- return 0;
- }
- total += w;
- l -= w;
- if ((l <= 0) && rl[i+1].length) {
- fprintf(stderr,
- "Warning: Amount of data to write "
- "doesn't match attribute length in\n"
- "run list! - The old data that was "
- "present beyond the new data written\n"
- "has been preserved.\n");
- } else if ((l > 0) && !rl[i+1].length) {
- fprintf(stderr,
- "Warning: Still have data to write but "
- "the attribute length in the run list\n"
- "was exceeded! - Data written has been "
- "truncated!\n");
- }
- }
- free(rl);
- return 1;
- }
- errno = EINVAL;
- return 0;
-}
-
/* Already cleaned up code below, but still look for FIXME:... */
|
|
From: ? <sz...@us...> - 2002-07-14 17:25:01
|
Changes by: szaka Update of /cvsroot/linux-ntfs/linux-ntfs/include In directory usw-pr-cvs1:/tmp/cvs-serv21283/include Modified Files: attrib.h Log Message: Remove obsolote/unused set_attribute_value() Index: attrib.h =================================================================== RCS file: /cvsroot/linux-ntfs/linux-ntfs/include/attrib.h,v retrieving revision 1.49 retrieving revision 1.50 diff -U2 -r1.49 -r1.50 --- attrib.h 14 Jul 2002 17:21:32 -0000 1.49 +++ attrib.h 14 Jul 2002 17:24:58 -0000 1.50 @@ -296,25 +296,4 @@ const ATTR_RECORD *a, u8 *b); -/** - * set_attribute_value - set the attribute value of an attribute - * @vol: volume on which the attribute is present - * @a: attribute to set the value of - * @b: buffer containing the new attribute value - * @l: length in bytes of the new attribute value @b - * - * Set the value of the attribute @a to the contents of the buffer @b which has - * a byte-size of @l and write it to the NTFS volume @vol. - * Return 1 on success and 0 on error, errno will be set in the latter case. - * - * FIXME: This is only a temporary implementation which doesn't cope with - * changes in the length of the resident part of the attribute which in turn - * means it doesn't cope with changes in length or on disk location of the - * non-resident part of the attribute either! See ../ntfstools/ntfsfix.c for - * details. - * FIXME: Document possible errnos. - */ -int set_attribute_value(ntfs_volume *vol, ATTR_RECORD *a, - const u8 *b, s64 l); - #endif /* defined _NTFS_ATTRIB_H */ |
|
From: ? <sz...@us...> - 2002-07-14 17:21:35
|
Changes by: szaka
Update of /cvsroot/linux-ntfs/linux-ntfs/libntfs
In directory usw-pr-cvs1:/tmp/cvs-serv20454/libntfs
Modified Files:
volume.c attrib.c
Log Message:
Move ntfs_set_volume_flags() from attrib[ch] to volume.[ch]
Index: volume.c
===================================================================
RCS file: /cvsroot/linux-ntfs/linux-ntfs/libntfs/volume.c,v
retrieving revision 1.55
retrieving revision 1.56
diff -U2 -r1.55 -r1.56
--- volume.c 14 Jul 2002 13:18:01 -0000 1.55
+++ volume.c 14 Jul 2002 17:21:32 -0000 1.56
@@ -1016,2 +1016,87 @@
}
+/**
+ * ntfs_set_volume_flags - set the flags of an ntfs volume
+ * @vol: ntfs volume where we set the volume flags
+ * @flags: new flags
+ *
+ * Set the on-disk volume flags in the mft record of $Volume and
+ * on volume @vol to @flags.
+ *
+ * Return 0 on successful and -1 if not, with errno set to the error code.
+ */
+int ntfs_set_volume_flags(ntfs_volume *vol, const u16 flags)
+{
+ MFT_RECORD *m = NULL;
+ ATTR_RECORD *r;
+ VOLUME_INFORMATION *c;
+ ntfs_attr_search_ctx *ctx;
+ int ret = -1; /* failure */
+
+ if (!vol) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (ntfs_read_file_record(vol, FILE_Volume, &m, NULL)) {
+ Dperror("Failed to read $Volume");
+ return -1;
+ }
+
+ /* Sanity check */
+ if (!(m->flags & MFT_RECORD_IN_USE)) {
+ Dprintf("Error: $Volume has been deleted. Cannot "
+ "handle this yet. Run chkdsk to fix this.\n");
+ errno = EIO;
+ goto err_exit;
+ }
+
+ /* Get a pointer to the volume information attribute. */
+ ctx = ntfs_get_attr_search_ctx(NULL, m);
+ if (!ctx) {
+ Dperror("Failed to allocate attribute search context");
+ goto err_exit;
+ }
+ if (ntfs_lookup_attr(AT_VOLUME_INFORMATION, AT_NONAME, 0, 0, 0, NULL, 0,
+ ctx)) {
+ Dputs("Error: Attribute $VOLUME_INFORMATION was not found in "
+ "$Volume!");
+ goto err_out;
+ }
+ r = ctx->attr;
+ /* Sanity check. */
+ if (r->non_resident) {
+ Dputs("Error: Attribute $VOLUME_INFORMATION must be resident "
+ "(and it isn't)!");
+ errno = EIO;
+ goto err_out;
+ }
+ /* Get a pointer to the value of the attribute. */
+ c = (VOLUME_INFORMATION*)(le16_to_cpu(r->value_offset) + (char*)r);
+ /* Sanity checks. */
+ if ((char*)c + le32_to_cpu(r->value_length) >
+ le16_to_cpu(m->bytes_in_use) + (char*)m ||
+ le16_to_cpu(r->value_offset) +
+ le32_to_cpu(r->value_length) > le32_to_cpu(r->length)) {
+ Dputs("Error: Attribute $VOLUME_INFORMATION in $Volume is "
+ "corrupt!");
+ errno = EIO;
+ goto err_out;
+ }
+ /* Set the volume flags. */
+ vol->flags = c->flags = cpu_to_le16(flags);
+
+ if (ntfs_write_mft_record(vol, FILE_Volume, m)) {
+ Dperror("Error writing $Volume");
+ goto err_out;
+ }
+
+ ret = 0; /* success */
+err_out:
+ ntfs_put_attr_search_ctx(ctx);
+err_exit:
+ if (m)
+ free(m);
+ return ret;
+}
+
Index: attrib.c
===================================================================
RCS file: /cvsroot/linux-ntfs/linux-ntfs/libntfs/attrib.c,v
retrieving revision 1.61
retrieving revision 1.62
diff -U2 -r1.61 -r1.62
--- attrib.c 14 Jul 2002 17:16:52 -0000 1.61
+++ attrib.c 14 Jul 2002 17:21:32 -0000 1.62
@@ -42,89 +42,4 @@
/**
- * ntfs_set_volume_flags - set the flags of an ntfs volume
- * @vol: ntfs volume where we set the volume flags
- * @flags: new flags
- *
- * Set the on-disk volume flags in the mft record of $Volume and
- * on volume @vol to @flags.
- *
- * Return 0 on successful and -1 if not, with errno set to the error code.
- */
-int ntfs_set_volume_flags(ntfs_volume *vol, const u16 flags)
-{
- MFT_RECORD *m = NULL;
- ATTR_RECORD *r;
- VOLUME_INFORMATION *c;
- ntfs_attr_search_ctx *ctx;
- int ret = -1; /* failure */
-
- if (!vol) {
- errno = EINVAL;
- return -1;
- }
-
- if (ntfs_read_file_record(vol, FILE_Volume, &m, NULL)) {
- Dperror("Failed to read $Volume");
- return -1;
- }
-
- /* Sanity check */
- if (!(m->flags & MFT_RECORD_IN_USE)) {
- Dprintf("Error: $Volume has been deleted. Cannot "
- "handle this yet. Run chkdsk to fix this.\n");
- errno = EIO;
- goto err_exit;
- }
-
- /* Get a pointer to the volume information attribute. */
- ctx = ntfs_get_attr_search_ctx(NULL, m);
- if (!ctx) {
- Dperror("Failed to allocate attribute search context");
- goto err_exit;
- }
- if (ntfs_lookup_attr(AT_VOLUME_INFORMATION, AT_NONAME, 0, 0, 0, NULL, 0,
- ctx)) {
- Dputs("Error: Attribute $VOLUME_INFORMATION was not found in "
- "$Volume!");
- goto err_out;
- }
- r = ctx->attr;
- /* Sanity check. */
- if (r->non_resident) {
- Dputs("Error: Attribute $VOLUME_INFORMATION must be resident "
- "(and it isn't)!");
- errno = EIO;
- goto err_out;
- }
- /* Get a pointer to the value of the attribute. */
- c = (VOLUME_INFORMATION*)(le16_to_cpu(r->value_offset) + (char*)r);
- /* Sanity checks. */
- if ((char*)c + le32_to_cpu(r->value_length) >
- le16_to_cpu(m->bytes_in_use) + (char*)m ||
- le16_to_cpu(r->value_offset) +
- le32_to_cpu(r->value_length) > le32_to_cpu(r->length)) {
- Dputs("Error: Attribute $VOLUME_INFORMATION in $Volume is "
- "corrupt!");
- errno = EIO;
- goto err_out;
- }
- /* Set the volume flags. */
- vol->flags = c->flags = cpu_to_le16(flags);
-
- if (ntfs_write_mft_record(vol, FILE_Volume, m)) {
- Dperror("Error writing $Volume");
- goto err_out;
- }
-
- ret = 0; /* success */
-err_out:
- ntfs_put_attr_search_ctx(ctx);
-err_exit:
- if (m)
- free(m);
- return ret;
-}
-
-/**
* get_attribute_value_length
*/
|
|
From: ? <sz...@us...> - 2002-07-14 17:21:35
|
Changes by: szaka Update of /cvsroot/linux-ntfs/linux-ntfs/include In directory usw-pr-cvs1:/tmp/cvs-serv20454/include Modified Files: attrib.h volume.h Log Message: Move ntfs_set_volume_flags() from attrib[ch] to volume.[ch] Index: attrib.h =================================================================== RCS file: /cvsroot/linux-ntfs/linux-ntfs/include/attrib.h,v retrieving revision 1.48 retrieving revision 1.49 diff -U2 -r1.48 -r1.49 --- attrib.h 14 Jul 2002 17:16:52 -0000 1.48 +++ attrib.h 14 Jul 2002 17:21:32 -0000 1.49 @@ -264,6 +264,4 @@ const s64 n); -extern int ntfs_set_volume_flags(ntfs_volume *v, const u16 flags); - // FIXME / TODO: Above here the file is cleaned up. (AIA) Index: volume.h =================================================================== RCS file: /cvsroot/linux-ntfs/linux-ntfs/include/volume.h,v retrieving revision 1.30 retrieving revision 1.31 diff -U2 -r1.30 -r1.31 --- volume.h 14 Jul 2002 12:36:04 -0000 1.30 +++ volume.h 14 Jul 2002 17:21:32 -0000 1.31 @@ -149,4 +149,5 @@ extern int ntfs_is_version_supported(ntfs_volume *vol); extern int ntfs_reset_logfile(ntfs_volume *vol); +extern int ntfs_set_volume_flags(ntfs_volume *v, const u16 flags); #endif /* defined _NTFS_VOLUME_H */ |
|
From: ? <sz...@us...> - 2002-07-14 17:16:55
|
Changes by: szaka
Update of /cvsroot/linux-ntfs/linux-ntfs/libntfs
In directory usw-pr-cvs1:/tmp/cvs-serv19112/libntfs
Modified Files:
attrib.c
Log Message:
Merge set_ntfs_volume_flags() and code from ntfsfix as a new library
function: ntfs_set_volume_flags(). Note, ntfs_set_volume_flags() is
moving to volume.[ch]
Index: attrib.c
===================================================================
RCS file: /cvsroot/linux-ntfs/linux-ntfs/libntfs/attrib.c,v
retrieving revision 1.60
retrieving revision 1.61
diff -U2 -r1.60 -r1.61
--- attrib.c 12 Jul 2002 08:18:15 -0000 1.60
+++ attrib.c 14 Jul 2002 17:16:52 -0000 1.61
@@ -41,22 +41,45 @@
uchar_t AT_NONAME[] = { const_cpu_to_le16('\0') };
-/* FIXME: Need to write the new flags to disk. */
/**
- * set_ntfs_volume_flags
+ * ntfs_set_volume_flags - set the flags of an ntfs volume
+ * @vol: ntfs volume where we set the volume flags
+ * @flags: new flags
+ *
+ * Set the on-disk volume flags in the mft record of $Volume and
+ * on volume @vol to @flags.
+ *
+ * Return 0 on successful and -1 if not, with errno set to the error code.
*/
-int set_ntfs_volume_flags(ntfs_volume *v, MFT_RECORD *b, const u16 flags)
+int ntfs_set_volume_flags(ntfs_volume *vol, const u16 flags)
{
+ MFT_RECORD *m = NULL;
ATTR_RECORD *r;
VOLUME_INFORMATION *c;
ntfs_attr_search_ctx *ctx;
+ int ret = -1; /* failure */
+
+ if (!vol) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (ntfs_read_file_record(vol, FILE_Volume, &m, NULL)) {
+ Dperror("Failed to read $Volume");
+ return -1;
+ }
+
+ /* Sanity check */
+ if (!(m->flags & MFT_RECORD_IN_USE)) {
+ Dprintf("Error: $Volume has been deleted. Cannot "
+ "handle this yet. Run chkdsk to fix this.\n");
+ errno = EIO;
+ goto err_exit;
+ }
- /* Sanity checks. */
- if (!b || !is_mft_record(b->magic))
- return 0;
/* Get a pointer to the volume information attribute. */
- ctx = ntfs_get_attr_search_ctx(NULL, b);
+ ctx = ntfs_get_attr_search_ctx(NULL, m);
if (!ctx) {
Dperror("Failed to allocate attribute search context");
- return 0;
+ goto err_exit;
}
if (ntfs_lookup_attr(AT_VOLUME_INFORMATION, AT_NONAME, 0, 0, 0, NULL, 0,
@@ -71,4 +94,5 @@
Dputs("Error: Attribute $VOLUME_INFORMATION must be resident "
"(and it isn't)!");
+ errno = EIO;
goto err_out;
}
@@ -77,19 +101,27 @@
/* Sanity checks. */
if ((char*)c + le32_to_cpu(r->value_length) >
- le16_to_cpu(b->bytes_in_use) + (char*)b ||
+ le16_to_cpu(m->bytes_in_use) + (char*)m ||
le16_to_cpu(r->value_offset) +
le32_to_cpu(r->value_length) > le32_to_cpu(r->length)) {
Dputs("Error: Attribute $VOLUME_INFORMATION in $Volume is "
"corrupt!");
+ errno = EIO;
goto err_out;
}
/* Set the volume flags. */
- v->flags = c->flags = cpu_to_le16(flags);
- ntfs_put_attr_search_ctx(ctx);
- /* Success! */
- return 1;
+ vol->flags = c->flags = cpu_to_le16(flags);
+
+ if (ntfs_write_mft_record(vol, FILE_Volume, m)) {
+ Dperror("Error writing $Volume");
+ goto err_out;
+ }
+
+ ret = 0; /* success */
err_out:
ntfs_put_attr_search_ctx(ctx);
- return 0;
+err_exit:
+ if (m)
+ free(m);
+ return ret;
}
|
|
From: ? <sz...@us...> - 2002-07-14 17:16:55
|
Changes by: szaka
Update of /cvsroot/linux-ntfs/linux-ntfs/ntfstools
In directory usw-pr-cvs1:/tmp/cvs-serv19112/ntfstools
Modified Files:
ntfsfix.c
Log Message:
Merge set_ntfs_volume_flags() and code from ntfsfix as a new library
function: ntfs_set_volume_flags(). Note, ntfs_set_volume_flags() is
moving to volume.[ch]
Index: ntfsfix.c
===================================================================
RCS file: /cvsroot/linux-ntfs/linux-ntfs/ntfstools/ntfsfix.c,v
retrieving revision 1.40
retrieving revision 1.41
diff -U2 -r1.40 -r1.41
--- ntfsfix.c 12 Jul 2002 12:38:54 -0000 1.40
+++ ntfsfix.c 14 Jul 2002 17:16:52 -0000 1.41
@@ -254,13 +254,4 @@
mount_ok:
m = NULL;
- if (ntfs_read_file_record(vol, FILE_Volume, (MFT_RECORD**)&m, NULL)) {
- perror("Failed to read $Volume");
- goto error_exit;
- }
- if (!(((MFT_RECORD*)m)->flags & MFT_RECORD_IN_USE)) {
- fprintf(stderr, "Error: $Volume has been deleted. Cannot "
- "handle this yet. Run chkdsk to fix this.\n");
- goto error_exit;
- }
/* Check NTFS version is ok for us (in $Volume) */
@@ -271,4 +262,5 @@
goto error_exit;
}
+
printf("Setting required flags on partition... ");
/*
@@ -280,15 +272,7 @@
if (vol->major_ver >= 2)
flags |= VOLUME_MOUNTED_ON_NT4;
- if (!set_ntfs_volume_flags(vol, (MFT_RECORD*)m, flags)) {
+ if (ntfs_set_volume_flags(vol, flags)) {
puts(FAILED);
fprintf(stderr, "Error setting volume flags.\n");
- goto error_exit;
- }
- /* FIXME: The above makes me puke! We definitely need functions just
- taking the volume and flags and setting the volume flags! */
- br = ntfs_write_mft_record(vol, FILE_Volume, (MFT_RECORD*)m);
- if (br) {
- puts(FAILED);
- perror("Error writing $Volume");
goto error_exit;
}
|
|
From: ? <sz...@us...> - 2002-07-14 17:16:55
|
Changes by: szaka Update of /cvsroot/linux-ntfs/linux-ntfs/include In directory usw-pr-cvs1:/tmp/cvs-serv19112/include Modified Files: attrib.h Log Message: Merge set_ntfs_volume_flags() and code from ntfsfix as a new library function: ntfs_set_volume_flags(). Note, ntfs_set_volume_flags() is moving to volume.[ch] Index: attrib.h =================================================================== RCS file: /cvsroot/linux-ntfs/linux-ntfs/include/attrib.h,v retrieving revision 1.47 retrieving revision 1.48 diff -U2 -r1.47 -r1.48 --- attrib.h 11 Jul 2002 16:20:32 -0000 1.47 +++ attrib.h 14 Jul 2002 17:16:52 -0000 1.48 @@ -264,17 +264,8 @@ const s64 n); -// FIXME / TODO: Above here the file is cleaned up. (AIA) +extern int ntfs_set_volume_flags(ntfs_volume *v, const u16 flags); -/** - * set_ntfs_volume_flags - set the flags of an ntfs volume - * @v: ntfs volume the mft record @b is from - * @b: pointer to a buffer containing the mft record of FILE_Volume - * @flags: new flags - * - * Set the volume flags in the mft record buffer @b and on volume @v to @flags. - * Return 1 on success or 0 on error. - */ -int set_ntfs_volume_flags(ntfs_volume *v, MFT_RECORD *b, const u16 flags); +// FIXME / TODO: Above here the file is cleaned up. (AIA) /** * get_attribute_value_length - return the length of the value of an attribute |
|
From: Richard R. <fl...@us...> - 2002-07-14 15:53:07
|
Changes by: flatcap
Update of /cvsroot/linux-ntfs/linux-ntfs/ntfstools
In directory usw-pr-cvs1:/tmp/cvs-serv31192
Modified Files:
ntfsundelete.c ntfsundelete.h
Log Message:
perform some checks on the device we're opening
Index: ntfsundelete.c
===================================================================
RCS file: /cvsroot/linux-ntfs/linux-ntfs/ntfstools/ntfsundelete.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -U2 -r1.9 -r1.10
--- ntfsundelete.c 14 Jul 2002 14:49:22 -0000 1.9
+++ ntfsundelete.c 14 Jul 2002 15:53:03 -0000 1.10
@@ -89,5 +89,5 @@
" -C --case Case sensitive matching\n"
" -S range --size range Match files of this size\n"
- " -t time --time Last referenced since this time"
+ " -t time --time time Last referenced since this time\n"
"\n"
" -u num --undelete num Undelete inode\n"
@@ -196,6 +196,6 @@
}
- //printf ("now = %d, since = %d\n", time(NULL), result);
- *since = time(NULL) - result;
+ //printf ("now = %d, since = %d\n", time (NULL), result);
+ *since = time (NULL) - result;
return 1;
}
@@ -768,5 +768,5 @@
if (data->resident) {
data->size_data = rec->value_length;
- data->data = ((char*)(rec)) + rec->value_offset;
+ data->data = ((char*) (rec)) + rec->value_offset;
} else {
data->size_alloc = rec->allocated_size;
@@ -1514,4 +1514,57 @@
/**
+ * copy_mft
+ */
+int copy_mft (ntfs_volume *vol)
+{
+ return 0;
+}
+
+
+/**
+ * valid_device
+ */
+int valid_device (const char *name, int force)
+{
+ unsigned long mnt_flags = 0;
+ struct stat st;
+
+ if (stat (name, &st) == -1) {
+ if (errno == ENOENT) {
+ printf ("The device %s doesn't exist\n", name);
+ } else {
+ printf ("Error getting information about %s: %s\n", name, strerror (errno));
+ }
+ return 0;
+ }
+
+ if (!S_ISBLK (st.st_mode)) {
+ printf ("not a block device.\n");
+ if (!force) {
+ printf ("bailing out\n");
+ return 0;
+ }
+ }
+
+ /* Make sure the file system is not mounted. */
+ if (ntfs_check_if_mounted (name, &mnt_flags)) {
+ printf ("Failed to determine whether %s is mounted: %s\n", name, strerror (errno));
+ if (!force) {
+ printf ("bailing out\n");
+ return 0;
+ }
+ } else if (mnt_flags & NTFS_MF_MOUNTED) {
+ //printf ("%s is mounted.\n", name);
+ if (!force) {
+ printf ("Refusing to work with a mounted filesystem.\n");
+ return 0;
+ }
+ //printf ("forced\n");
+ }
+
+ return 1;
+}
+
+/**
* main
*/
@@ -1519,9 +1572,6 @@
{
const char *locale;
-
ntfs_volume *vol;
-
- if (!parse_options (argc, argv))
- return 1;
+ int result = 1;
locale = setlocale (LC_ALL, "");
@@ -1529,17 +1579,38 @@
locale = setlocale (LC_ALL, NULL);
printf ("Failed to set locale, using default '%s'.\n", locale);
+ } else {
+ //printf ("using locale...
+ }
+
+ if (!parse_options (argc, argv))
+ return 1;
+
+ if (!valid_device (opts.device, opts.force)) {
+ return 1;
}
vol = ntfs_mount (opts.device, MS_RDONLY);
+ if (!vol) {
+ printf ("mount failed\n");
+ return 1;
+ }
- if (opts.uinode >= 0)
- undelete_file (vol, opts.uinode);
- else
- scan_disk (vol);
+ switch (opts.mode) {
+ case MODE_SCAN:
+ result = scan_disk (vol);
+ break;
+ case MODE_UNDELETE:
+ result = undelete_file (vol, opts.uinode);
+ break;
+ case MODE_COPY:
+ result = copy_mft (vol);
+ break;
+ default:
+ /* Cannot happen */
+ }
ntfs_umount (vol, FALSE);
- return 0;
+ return result;
}
-
Index: ntfsundelete.h
===================================================================
RCS file: /cvsroot/linux-ntfs/linux-ntfs/ntfstools/ntfsundelete.h,v
retrieving revision 1.6
retrieving revision 1.7
diff -U2 -r1.6 -r1.7
--- ntfsundelete.h 14 Jul 2002 14:49:22 -0000 1.6
+++ ntfsundelete.h 14 Jul 2002 15:53:03 -0000 1.7
@@ -37,5 +37,4 @@
};
-
struct options {
char *device; /* Device/File to work with */
|
|
From: ? <sz...@us...> - 2002-07-14 15:43:38
|
Changes by: szaka
Update of /cvsroot/linux-ntfs/linux-ntfs/ntfstools
In directory usw-pr-cvs1:/tmp/cvs-serv29302/ntfstools
Modified Files:
ntfsresize.c
Log Message:
Reserve space for backup boot sector at the end of device
Index: ntfsresize.c
===================================================================
RCS file: /cvsroot/linux-ntfs/linux-ntfs/ntfstools/ntfsresize.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -U2 -r1.12 -r1.13
--- ntfsresize.c 14 Jul 2002 14:48:51 -0000 1.12
+++ ntfsresize.c 14 Jul 2002 15:43:35 -0000 1.13
@@ -335,5 +335,6 @@
if (ntfs_get_bit(lcn_bitmap.bm, i))
break;
- if (++i >= vol->nr_clusters)
+ i += 2; /* first free + we reserve one for the backup boot sector */
+ if (i >= vol->nr_clusters)
exit(1);
err_exit("However, you could resize at cluster %lld gaining %lld MB.\n",
@@ -615,4 +616,5 @@
struct bitmap on_disk_lcn_bitmap;
unsigned long mntflag;
+ s64 new_volume_size; /* in clusters */
int i;
@@ -654,12 +656,20 @@
free(on_disk_lcn_bitmap.bm);
- /* FIXME: check/adjust opt.size validity */
+ /* FIXME: check opt.size validity */
- if (opt.size > vol->nr_clusters)
+ new_volume_size = opt.size;
+
+ /* Backup boot sector at the end of device isn't counted in NTFS
+ volume size thus we have to reserve space for. We don't trust
+ the user does this for us: better to be on the safe side ;) */
+ if (new_volume_size)
+ --new_volume_size;
+
+ if (new_volume_size > vol->nr_clusters)
err_exit("Volume enlargement not yet supported\n");
- else if (opt.size == vol->nr_clusters)
- exit(0); /* FIXME: backup boot sector not counted! */
+ else if (new_volume_size == vol->nr_clusters)
+ exit(0);
- for (i = opt.size; i < vol->nr_clusters; i++)
+ for (i = new_volume_size; i < vol->nr_clusters; i++)
if (ntfs_get_bit(lcn_bitmap.bm, (u64)i))
/* FIXME: relocate cluster */
@@ -672,10 +682,10 @@
perr_exit("Failed to reset $LogFile");
- truncate_badclust_file(opt.size);
- truncate_bitmap_file(opt.size);
- update_bootsector(opt.size);
+ truncate_badclust_file(new_volume_size);
+ truncate_bitmap_file(new_volume_size);
+ update_bootsector(new_volume_size);
/* FIXME: create backup boot sector -- if possible*/
- /* FIXME: "call" ntfsfix: set the volume dirty, delete log, etc */
+ /* FIXME: set the volume dirty */
printf("NTFS had been resized on device %s. "
|
|
From: Richard R. <fl...@us...> - 2002-07-14 14:49:26
|
Changes by: flatcap
Update of /cvsroot/linux-ntfs/linux-ntfs/ntfstools
In directory usw-pr-cvs1:/tmp/cvs-serv16216/ntfstools
Modified Files:
ntfsundelete.c ntfsundelete.h
Log Message:
open vol read-only, filter by last mod time
Index: ntfsundelete.c
===================================================================
RCS file: /cvsroot/linux-ntfs/linux-ntfs/ntfstools/ntfsundelete.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -U2 -r1.8 -r1.9
--- ntfsundelete.c 14 Jul 2002 11:20:20 -0000 1.8
+++ ntfsundelete.c 14 Jul 2002 14:49:22 -0000 1.9
@@ -39,4 +39,5 @@
#include <regex.h>
#include <libintl.h>
+#include <time.h>
#include "ntfsundelete.h"
@@ -86,6 +87,7 @@
" -p num --percentage num Minimum percentage recoverable\n"
" -m regex --match regex Only work on files with matching names\n"
- " -C --case Case sensive matching\n"
+ " -C --case Case sensitive matching\n"
" -S range --size range Match files of this size\n"
+ " -t time --time Last referenced since this time"
"\n"
" -u num --undelete num Undelete inode\n"
@@ -157,4 +159,47 @@
/**
+ * parse_time
+ */
+int parse_time (const char *string, time_t *since)
+{
+ time_t result;
+ char mult = 0;
+
+ if (!string || !since) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ for (result = 0; *string; string++) {
+ if ((*string >= '0') && (*string <= '9')) {
+ result *= 10;
+ result += *string - '0';
+ } else {
+ mult = *string;
+ break;
+ }
+ }
+
+ switch (mult) {
+ case 'y': case 'Y': result *= 12;
+ case 'm': case 'M': result *= 4;
+ case 'w': case 'W': result *= 7;
+ case 'd': case 'D': result *= 24;
+ case 'h': case 'H': result *= 3600;
+ case 's': case 'S':
+ case 0:
+ break;
+
+ default:
+ printf ("invalid time\n");
+ return 0;
+ }
+
+ //printf ("now = %d, since = %d\n", time(NULL), result);
+ *since = time(NULL) - result;
+ return 1;
+}
+
+/**
* parse_size
*/
@@ -241,5 +286,5 @@
int parse_options (int argc, char *argv[])
{
- static const char *sopt = "-sp:m:CS:u:o:d:b:c:fvVh";
+ static const char *sopt = "-sp:m:CS:t:u:o:d:b:c:fvVh";
static const struct option lopt[] = {
{ "scan", no_argument, NULL, 's' },
@@ -248,4 +293,5 @@
{ "case", no_argument, NULL, 'C' },
{ "size", required_argument, NULL, 'S' },
+ { "time", required_argument, NULL, 't' },
{ "undelete", required_argument, NULL, 'u' },
{ "output", required_argument, NULL, 'o' },
@@ -313,4 +359,12 @@
}
break;
+ case 't':
+ if (opts.since == 0) {
+ if (!parse_time (argv[optind-1], &opts.since))
+ err++;
+ } else {
+ err++;
+ }
+ break;
case 'o':
if (!opts.output) {
@@ -638,4 +692,14 @@
name->flags = attr->file_attributes;
+ name->date_c = ntfs2utc (attr->creation_time);
+ name->date_a = ntfs2utc (attr->last_data_change_time);
+ name->date_m = ntfs2utc (attr->last_mft_change_time);
+ name->date_r = ntfs2utc (attr->last_access_time);
+
+ file->date = max (file->date, name->date_c);
+ file->date = max (file->date, name->date_a);
+ file->date = max (file->date, name->date_m);
+ file->date = max (file->date, name->date_r);
+
if (ntfs_ucstombs (name->uname, name->uname_len, &name->name,
name->uname_len) < 0) {
@@ -782,5 +846,5 @@
STANDARD_INFORMATION *si;
si = (STANDARD_INFORMATION *) ((char *) attr10 + le16_to_cpu (attr10->value_offset));
- file->date = ntfs2utc (si->last_data_change_time);
+ file->date = max (file->date, ntfs2utc (si->last_data_change_time));
}
@@ -970,4 +1034,13 @@
printf ("Size alloc: %lld\n", f->size_alloc);
printf ("Size data: %lld\n", f->size_data);
+
+ strftime (buffer, sizeof (buffer), "%F %R", localtime (&f->date_c));
+ printf ("Date C: %s\n", buffer);
+ strftime (buffer, sizeof (buffer), "%F %R", localtime (&f->date_a));
+ printf ("Date A: %s\n", buffer);
+ strftime (buffer, sizeof (buffer), "%F %R", localtime (&f->date_m));
+ printf ("Date M: %s\n", buffer);
+ strftime (buffer, sizeof (buffer), "%F %R", localtime (&f->date_r));
+ printf ("Date R: %s\n", buffer);
}
@@ -1175,6 +1248,8 @@
}
+ if ((opts.since > 0) && (file->date <= opts.since))
+ continue;
if (opts.match && !name_match (&re, file))
- continue;
+ continue;
percent = calc_percentage (file, vol);
@@ -1456,5 +1531,5 @@
}
- vol = ntfs_mount (opts.device, 0);
+ vol = ntfs_mount (opts.device, MS_RDONLY);
if (opts.uinode >= 0)
Index: ntfsundelete.h
===================================================================
RCS file: /cvsroot/linux-ntfs/linux-ntfs/ntfstools/ntfsundelete.h,v
retrieving revision 1.5
retrieving revision 1.6
diff -U2 -r1.5 -r1.6
--- ntfsundelete.h 14 Jul 2002 11:20:20 -0000 1.5
+++ ntfsundelete.h 14 Jul 2002 14:49:22 -0000 1.6
@@ -50,4 +50,5 @@
int verbose; /* Extra output */
int force; /* Override common sense */
+ time_t since; /* Since this time */
long long size_begin; /* Range for file size */
long long size_end;
@@ -65,4 +66,8 @@
long long size_data; /* Actual size of data */
FILE_ATTR_FLAGS flags;
+ time_t date_c;
+ time_t date_a;
+ time_t date_m;
+ time_t date_r;
};
|
|
From: ? <sz...@us...> - 2002-07-14 14:48:55
|
Changes by: szaka
Update of /cvsroot/linux-ntfs/linux-ntfs/ntfstools
In directory usw-pr-cvs1:/tmp/cvs-serv15049/ntfstools
Modified Files:
ntfsresize.c
Log Message:
Check if device mounted. Progress only if it's not or both ntfsresize
operation is read-only and device mounted read-only
Index: ntfsresize.c
===================================================================
RCS file: /cvsroot/linux-ntfs/linux-ntfs/ntfstools/ntfsresize.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -U2 -r1.11 -r1.12
--- ntfsresize.c 12 Jul 2002 12:38:54 -0000 1.11
+++ ntfsresize.c 14 Jul 2002 14:48:51 -0000 1.12
@@ -162,4 +162,8 @@
perr_exit("Couldn't open /dev/null");
+ /* If '-c clusters' isn't given then we mount read-only. opt.size = 0
+ basically means "give advice where volume could be resized. */
+ if (!opt.size)
+ opt.ro_flag = MS_RDONLY;
}
@@ -349,5 +353,5 @@
for (i = 0; rl[i].length; i++)
if (rl[i].lcn != LCN_HOLE)
- err_exit("Volume has bad sectors, not supported\n");
+ err_exit("Device has bad sectors, not supported\n");
free(rl);
@@ -610,8 +614,21 @@
{
struct bitmap on_disk_lcn_bitmap;
+ unsigned long mntflag;
int i;
parse_options(argc, argv);
+ if (ntfs_check_if_mounted(opt.volume, &mntflag))
+ perr_exit("Failed to check '%s' mount state", opt.volume);
+
+ if (mntflag & NTFS_MF_MOUNTED) {
+ if (!(mntflag & NTFS_MF_READONLY))
+ err_exit("Device %s is mounted read-write. "
+ "You must umount it first.\n", opt.volume);
+ if (!opt.ro_flag)
+ err_exit("Device %s is mounted. "
+ "You must umount it first.\n", opt.volume);
+ }
+
if (!(vol = ntfs_mount(opt.volume, opt.ro_flag)))
perr_exit("ntfs_mount failed");
@@ -662,5 +679,5 @@
/* FIXME: "call" ntfsfix: set the volume dirty, delete log, etc */
- printf("NTFS had been resized on volume %s. "
+ printf("NTFS had been resized on device %s. "
"Please run 'ntfsfix' on it.\n", vol->dev_name);
|
|
From: ? <sz...@us...> - 2002-07-14 13:18:03
|
Changes by: szaka
Update of /cvsroot/linux-ntfs/linux-ntfs/libntfs
In directory usw-pr-cvs1:/tmp/cvs-serv23569/libntfs
Modified Files:
volume.c
Log Message:
ntfs_reset_logfile(): delete a NOOP
Index: volume.c
===================================================================
RCS file: /cvsroot/linux-ntfs/linux-ntfs/libntfs/volume.c,v
retrieving revision 1.54
retrieving revision 1.55
diff -U2 -r1.54 -r1.55
--- volume.c 14 Jul 2002 12:34:44 -0000 1.54
+++ volume.c 14 Jul 2002 13:18:01 -0000 1.55
@@ -976,5 +976,5 @@
pos += count;
- if (count == -1 || (pos + count) != len) {
+ if (count == -1 || pos != len) {
Dprintf("Amount of $LogFile data read does not "
"correspond to expected length!");
|
|
From: Anton A. <ai...@ca...> - 2002-07-14 13:02:41
|
At 12:55 14/07/02, Szakacsits Szabolcs wrote: >On Fri, 12 Jul 2002, Anton Altaparmakov wrote: > > Are you saying that you found a RSTR record in the $MFT/$DATA attribute? > >No, just reference in the driver. Ah, ok. Nothing to worry about then. (-: Anton -- "I've not lost my mind. It's backed up on tape somewhere." - Unknown -- Anton Altaparmakov <aia21 at cantab.net> (replace at with @) Linux NTFS Maintainer / IRC: #ntfs on irc.openprojects.net WWW: http://linux-ntfs.sf.net/ & http://www-stu.christs.cam.ac.uk/~aia21/ |
|
From: Szakacsits S. <sz...@si...> - 2002-07-14 12:55:04
|
On Fri, 12 Jul 2002, Anton Altaparmakov wrote: > Are you saying that you found a RSTR record in the $MFT/$DATA attribute? No, just reference in the driver. Szaka |
|
From: ? <sz...@us...> - 2002-07-14 12:36:07
|
Changes by: szaka Update of /cvsroot/linux-ntfs/linux-ntfs/include In directory usw-pr-cvs1:/tmp/cvs-serv15488/include Modified Files: volume.h Log Message: Increase NTFS_BUF_SIZE to 8192 (better average performance) Index: volume.h =================================================================== RCS file: /cvsroot/linux-ntfs/linux-ntfs/include/volume.h,v retrieving revision 1.29 retrieving revision 1.30 diff -U2 -r1.29 -r1.30 --- volume.h 12 Jul 2002 12:38:54 -0000 1.29 +++ volume.h 14 Jul 2002 12:36:04 -0000 1.30 @@ -83,5 +83,5 @@ #define NTFS_V3_1(major, minor) ((major) == 3 && (minor) == 1) -#define NTFS_BUF_SIZE 4096 +#define NTFS_BUF_SIZE 8192 /* |
|
From: ? <sz...@us...> - 2002-07-14 12:34:48
|
Changes by: szaka
Update of /cvsroot/linux-ntfs/linux-ntfs/libntfs
In directory usw-pr-cvs1:/tmp/cvs-serv15070/libntfs
Modified Files:
volume.c
Log Message:
ntfs_reset_logfile(): free resources in error, handle partial I/O
Index: volume.c
===================================================================
RCS file: /cvsroot/linux-ntfs/linux-ntfs/libntfs/volume.c,v
retrieving revision 1.53
retrieving revision 1.54
diff -U2 -r1.53 -r1.54
--- volume.c 12 Jul 2002 12:38:54 -0000 1.53
+++ volume.c 14 Jul 2002 12:34:44 -0000 1.54
@@ -938,5 +938,11 @@
s64 len, pos, count;
char buf[NTFS_BUF_SIZE];
+ int eo;
+ if (!vol) {
+ errno = EINVAL;
+ return -1;
+ }
+
if ((ni = ntfs_open_inode(vol, FILE_LogFile)) == NULL) {
Dperror("Failed to open inode FILE_LogFile.\n");
@@ -946,5 +952,5 @@
if ((na = ntfs_attr_open(ni, AT_DATA, AT_NONAME, 0)) == NULL) {
Dperror("Failed to open $FILE_LogFile/$DATA\n");
- return -1;
+ goto error_exit;
}
@@ -953,5 +959,5 @@
Dprintf("$LogFile $DATA attribute is resident!?!\n");
errno = EIO;
- return -1;
+ goto io_error_exit;
}
@@ -967,20 +973,13 @@
array correctly and hence writing below is safe as well. */
pos = 0;
- while (1) {
- count = ntfs_attr_pread(na, pos, NTFS_BUF_SIZE, buf);
- if (count == -1)
- break;
-
+ while ((count = ntfs_attr_pread(na, pos, NTFS_BUF_SIZE, buf)) > 0)
pos += count;
- if (count != NTFS_BUF_SIZE || !count)
- break;
- }
- if (count == -1 || pos != len) {
+ if (count == -1 || (pos + count) != len) {
Dprintf("Amount of $LogFile data read does not "
"correspond to expected length!");
if (count != -1)
errno = EIO;
- return -1;
+ goto io_error_exit;
}
@@ -994,9 +993,9 @@
count = NTFS_BUF_SIZE;
- if (count != ntfs_attr_pwrite(na, pos, count, buf)) {
+ if ((count = ntfs_attr_pwrite(na, pos, count, buf)) <= 0) {
Dprintf("Failed to set the $LogFile attribute value.");
if (count != -1)
errno = EIO;
- return -1;
+ goto io_error_exit;
}
pos += count;
@@ -1004,6 +1003,15 @@
ntfs_attr_close(na);
-
return ntfs_close_inode(ni);
+
+io_error_exit:
+ eo = errno;
+ ntfs_attr_close(na);
+ errno = eo;
+error_exit:
+ eo = errno;
+ ntfs_close_inode(ni);
+ errno = eo;
+ return -1;
}
|
|
From: Richard R. <fl...@us...> - 2002-07-14 11:20:24
|
Changes by: flatcap
Update of /cvsroot/linux-ntfs/linux-ntfs/ntfstools
In directory usw-pr-cvs1:/tmp/cvs-serv703/ntfstools
Modified Files:
ntfsundelete.c ntfsundelete.h
Log Message:
filename regex matching works, default to case insensitive matching
Index: ntfsundelete.c
===================================================================
RCS file: /cvsroot/linux-ntfs/linux-ntfs/ntfstools/ntfsundelete.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -U2 -r1.7 -r1.8
--- ntfsundelete.c 13 Jul 2002 16:33:00 -0000 1.7
+++ ntfsundelete.c 14 Jul 2002 11:20:20 -0000 1.8
@@ -86,5 +86,5 @@
" -p num --percentage num Minimum percentage recoverable\n"
" -m regex --match regex Only work on files with matching names\n"
- " -i --ignore-case Case insensive matching\n"
+ " -C --case Case sensive matching\n"
" -S range --size range Match files of this size\n"
"\n"
@@ -105,52 +105,4 @@
-#if 0
-/**
- * create_regex
- */
-int create_regex (const char *pattern, int case, regex_t *re)
-{
- int result;
- int retval = 1;
- char *arg1, *arg2;
-
- arg1 = create_regex (argv[1]);
- arg2 = argv[2];
- if (!arg1) {
- printf ("create_regex\n");
- goto free;
- }
-
- //printf ("match '%s' = regex '%s'\n", argv[1], arg1);
-
- if (regcomp (&re, arg1, REG_NOSUB)) {
- printf ("regcomp\n");
- goto out;
- }
-
- result = regexec (&re, arg2, 0, NULL, 0);
- if (result < 0) {
- printf ("regexec\n");
- goto rfree;
- }
-
- if (result == REG_NOMATCH) {
- printf ("no match\n");
- goto rfree;
- }
-
- printf ("match\n");
- retval = 0;
-
-rfree:
- regfree (&re);
-free:
- free (arg1);
-out:
- return retval;
-}
-
-#endif
-
/**
* transform
@@ -177,9 +129,11 @@
}
- result = malloc (length + 1);
+ result = malloc (length + 3);
if (!result)
return NULL;
- for (i = 0, j = 0; pattern[i]; i++, j++) {
+ result[0] = '^';
+
+ for (i = 0, j = 1; pattern[i]; i++, j++) {
if (pattern[i] == '*') {
result[j] = '.';
@@ -197,4 +151,6 @@
}
+ result[j] = '$';
+
return result;
}
@@ -274,5 +230,4 @@
}
-
/**
* parse_options - Read and validate the programs command line
@@ -286,10 +241,10 @@
int parse_options (int argc, char *argv[])
{
- static const char *sopt = "-sp:m:iS:u:o:d:b:c:fvVh";
+ static const char *sopt = "-sp:m:CS:u:o:d:b:c:fvVh";
static const struct option lopt[] = {
{ "scan", no_argument, NULL, 's' },
{ "percentage", required_argument, NULL, 'p' },
{ "match", required_argument, NULL, 'm' },
- { "ignore-case", no_argument, NULL, 'i' },
+ { "case", no_argument, NULL, 'C' },
{ "size", required_argument, NULL, 'S' },
{ "undelete", required_argument, NULL, 'u' },
@@ -395,6 +350,6 @@
err++;
break;
- case 'i':
- opts.ignore_case++;
+ case 'C':
+ opts.match_case++;
break;
case 'f':
@@ -446,5 +401,5 @@
break;
case MODE_UNDELETE:
- if ((opts.percent != -1) || opts.match || opts.ignore_case ||
+ if ((opts.percent != -1) || opts.match || opts.match_case ||
(opts.size_begin > 0) || (opts.size_end > 0)) {
printf ("Undelete can only be used with "
@@ -456,5 +411,5 @@
if (opts.dest || (opts.fillbyte != -1) ||
(opts.percent != -1) || opts.match ||
- opts.ignore_case || (opts.size_begin > 0) ||
+ opts.match_case || (opts.size_begin > 0) ||
(opts.size_end > 0)) {
printf ("Copy can only be used with --output\n");
@@ -1133,9 +1088,37 @@
/**
+ * name_match
+ */
+int name_match (regex_t *re, struct ufile *file)
+{
+ struct list_head *item;
+ int result;
+
+ if (!re || !file)
+ return 0;
+
+ list_for_each (item, &file->name) {
+ struct filename *f = list_entry (item, struct filename, list);
+
+ if (!f->name)
+ continue;
+ result = regexec (re, f->name, 0, NULL, 0);
+ if (result < 0) {
+ printf ("regexec\n");
+ return 0;
+ } else if (result == REG_NOERROR) {
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
+/**
* scan_disk
*/
int scan_disk (ntfs_volume *vol)
{
- char *buffer;
+ char *buffer = NULL;
int results = 0;
ntfs_attr *attr;
@@ -1145,4 +1128,5 @@
int percent;
struct ufile *file;
+ regex_t re;
if (!vol)
@@ -1155,6 +1139,19 @@
buffer = malloc (vol->mft_record_size);
if (!buffer) {
- ntfs_attr_close (attr);
- return -1;
+ results = -1;
+ goto out;
+ }
+
+ //printf ("match '%s' = regex '%s'\n", argv[1], arg1);
+
+ if (opts.match) {
+ int flags = REG_NOSUB;
+
+ if (!opts.match_case)
+ flags |= REG_ICASE;
+ if (regcomp (&re, opts.match, flags)) {
+ printf ("regcomp\n");
+ goto out;
+ }
}
@@ -1178,4 +1175,7 @@
}
+ if (opts.match && !name_match (&re, file))
+ continue;
+
percent = calc_percentage (file, vol);
@@ -1197,7 +1197,10 @@
}
printf ("\nFiles with potentially recoverable content: %d\n", results);
-
+out:
+ if (opts.match)
+ regfree (&re);
free (buffer);
- ntfs_attr_close (attr);
+ if (attr)
+ ntfs_attr_close (attr);
return results;
}
Index: ntfsundelete.h
===================================================================
RCS file: /cvsroot/linux-ntfs/linux-ntfs/ntfstools/ntfsundelete.h,v
retrieving revision 1.4
retrieving revision 1.5
diff -U2 -r1.4 -r1.5
--- ntfsundelete.h 13 Jul 2002 16:33:00 -0000 1.4
+++ ntfsundelete.h 14 Jul 2002 11:20:20 -0000 1.5
@@ -47,5 +47,5 @@
char fillbyte; /* Use for unrecoverable sections */
char *match; /* Regex for filename matching */
- int ignore_case; /* Case insensitive matching */
+ int match_case; /* Case sensitive matching */
int verbose; /* Extra output */
int force; /* Override common sense */
|
|
From: Richard R. <fl...@us...> - 2002-07-13 16:33:04
|
Changes by: flatcap
Update of /cvsroot/linux-ntfs/linux-ntfs/ntfstools
In directory usw-pr-cvs1:/tmp/cvs-serv5862
Modified Files:
ntfsundelete.c ntfsundelete.h
Log Message:
start to fill in the options
Index: ntfsundelete.c
===================================================================
RCS file: /cvsroot/linux-ntfs/linux-ntfs/ntfstools/ntfsundelete.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -U2 -r1.6 -r1.7
--- ntfsundelete.c 11 Jul 2002 13:18:11 -0000 1.6
+++ ntfsundelete.c 13 Jul 2002 16:33:00 -0000 1.7
@@ -36,4 +36,7 @@
#include <getopt.h>
#include <time.h>
+#include <limits.h>
+#include <regex.h>
+#include <libintl.h>
#include "ntfsundelete.h"
@@ -49,4 +52,6 @@
static struct options opts;
+#define _(S) gettext(S)
+
/**
* version - Print version information about the program
@@ -78,32 +83,201 @@
{
printf ("Usage: %s [options] device\n"
- " -s --scan Scan for files (default)\n"
+ " -s --scan Scan for files (default)\n"
+ " -p num --percentage num Minimum percentage recoverable\n"
+ " -m regex --match regex Only work on files with matching names\n"
+ " -i --ignore-case Case insensive matching\n"
+ " -S range --size range Match files of this size\n"
+ "\n"
+ " -u num --undelete num Undelete inode\n"
+ " -o file --output file Save with this filename\n"
+ " -d dir --destination dir Destination directory\n"
+ " -b num --byte num Fill missing parts with this byte\n"
"\n"
- " -u num --undelete num Undelete inode\n"
- // " -n stream --name stream Undelete the named stream\n"
- // " -a --all Undelete all files\n"
- " -d dir --destination dir Destination directory\n"
- // " -o file --output file Save with this filename\n"
- " -p num --percentage num Minimum percentage recoverable\n"
- // " -b file --byte num Fill missing parts with this byte\n"
+ " -c range --copy range Write a range of MFT records to a file\n"
"\n"
- // " -m regex --match regex Only work on files with matching names\n"
- // " -i --ignore-case Case insensive matching\n"
- // " -S range --size range Match files of this size\n"
- // "\n"
- // " -c range --copy range Write a range of MFT records to a file\n"
- // "\n"
- // " -f --force Use less caution\n"
- " -v --verbose More output\n"
- " -V --version Version information\n"
- " -h --help Print this help\n\n",
+ " -f --force Use less caution\n"
+ " -v --verbose More output\n"
+ " -V --version Version information\n"
+ " -h --help Print this help\n\n",
EXEC_NAME);
}
+
+#if 0
+/**
+ * create_regex
+ */
+int create_regex (const char *pattern, int case, regex_t *re)
+{
+ int result;
+ int retval = 1;
+ char *arg1, *arg2;
+
+ arg1 = create_regex (argv[1]);
+ arg2 = argv[2];
+ if (!arg1) {
+ printf ("create_regex\n");
+ goto free;
+ }
+
+ //printf ("match '%s' = regex '%s'\n", argv[1], arg1);
+
+ if (regcomp (&re, arg1, REG_NOSUB)) {
+ printf ("regcomp\n");
+ goto out;
+ }
+
+ result = regexec (&re, arg2, 0, NULL, 0);
+ if (result < 0) {
+ printf ("regexec\n");
+ goto rfree;
+ }
+
+ if (result == REG_NOMATCH) {
+ printf ("no match\n");
+ goto rfree;
+ }
+
+ printf ("match\n");
+ retval = 0;
+
+rfree:
+ regfree (&re);
+free:
+ free (arg1);
+out:
+ return retval;
+}
+
+#endif
+
+/**
+ * transform
+ */
+char * transform (const char *pattern)
+{
+ char *result;
+ int length, i, j;
+
+ if (!pattern) {
+ errno = EINVAL;
+ return NULL;
+ }
+
+ length = strlen (pattern);
+ if (length < 1) {
+ errno = EINVAL;
+ return NULL;
+ }
+
+ for (i = 0; pattern[i]; i++) {
+ if ((pattern[i] == '*') || (pattern[i] == '.'))
+ length++;
+ }
+
+ result = malloc (length + 1);
+ if (!result)
+ return NULL;
+
+ for (i = 0, j = 0; pattern[i]; i++, j++) {
+ if (pattern[i] == '*') {
+ result[j] = '.';
+ j++;
+ result[j] = '*';
+ } else if (pattern[i] == '.') {
+ result[j] = '\\';
+ j++;
+ result[j] = '.';
+ } else if (pattern[i] == '?') {
+ result[j] = '.';
+ } else {
+ result[j] = pattern[i];
+ }
+ }
+
+ return result;
+}
+
+/**
+ * parse_size
+ */
+long long parse_size (const char *value)
+{
+ unsigned long long result;
+ char mult = 0;
+
+ if (!value) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ for (result = 0; *value; value++) {
+ if ((*value >= '0') && (*value <= '9')) {
+ result *= 10;
+ result += *value - '0';
+ } else {
+ mult = *value;
+ break;
+ }
+ }
+
+ switch (mult) {
+ case 't': case 'T': result *= 1000;
+ case 'g': case 'G': result *= 1000;
+ case 'm': case 'M': result *= 1000;
+ case 'k': case 'K': result *= 1000;
+ }
+
+ return result;
+}
+
+/**
+ * parse_range
+ */
+int parse_range (const char *string, long long *start, long long *finish)
+{
+ long long a, b;
+ char *middle;
+
+ if (!start || !finish)
+ return 0;
+
+ middle = strchr (string, '-');
+ if (!middle) {
+ //printf ("strchr\n");
+ return 0;
+ }
+
+ if (string == middle) {
+ //printf ("no start\n");
+ a = 0;
+ } else {
+ a = parse_size (string);
+ if (a < 0)
+ return 0;
+ }
+
+ if (middle[1] == 0) {
+ //printf ("no stop\n");
+ b = LONG_MAX;
+ } else {
+ b = parse_size (middle+1);
+ if (b < 0)
+ return 0;
+ }
+
+ *start = a;
+ *finish = b;
+
+ return 1;
+}
+
+
/**
* parse_options - Read and validate the programs command line
*
* Read the command line, verify the syntax and parse the options.
+ * This function is very long, but quite simple.
*
* Return: 0 Success
@@ -112,19 +286,17 @@
int parse_options (int argc, char *argv[])
{
- const char *sopt = "-su:p:d:vVh"; // "-su:n:ad:o:p:b:m:iS:c:fvVh";
- const struct option lopt[] = {
+ static const char *sopt = "-sp:m:iS:u:o:d:b:c:fvVh";
+ static const struct option lopt[] = {
{ "scan", no_argument, NULL, 's' },
+ { "percentage", required_argument, NULL, 'p' },
+ { "match", required_argument, NULL, 'm' },
+ { "ignore-case", no_argument, NULL, 'i' },
+ { "size", required_argument, NULL, 'S' },
{ "undelete", required_argument, NULL, 'u' },
- // { "name", required_argument, NULL, 'n' },
- // { "all", no_argument, NULL, 'a' },
+ { "output", required_argument, NULL, 'o' },
{ "destination", required_argument, NULL, 'd' },
- // { "output", required_argument, NULL, 'o' },
- { "percentage", required_argument, NULL, 'p' },
- // { "byte", required_argument, NULL, 'b' },
- // { "match", required_argument, NULL, 'm' },
- // { "ignore-case", no_argument, NULL, 'i' },
- // { "size", required_argument, NULL, 'S' },
- // { "copy", required_argument, NULL, 'c' },
- // { "force", no_argument, NULL, 'f' },
+ { "byte", required_argument, NULL, 'b' },
+ { "copy", required_argument, NULL, 'c' },
+ { "force", no_argument, NULL, 'f' },
{ "verbose", no_argument, NULL, 'v' },
{ "version", no_argument, NULL, 'V' },
@@ -141,72 +313,159 @@
opterr = 0; /* We'll handle the errors, thank you. */
- opts.uinode = -1;
+ opts.mode = MODE_NONE;
+ opts.uinode = -1;
+ opts.percent = -1;
+ opts.fillbyte = -1;
while ((c = getopt_long (argc, argv, sopt, lopt, NULL)) != -1) {
switch (c) {
- case 1: /* A non-option argument */
- if (!opts.device)
- opts.device = argv[optind-1];
- else
- err++;
- break;
- case 's':
- opts.scan++;
- break;
- case 'u':
- if (opts.uinode < 0) {
- opts.uinode = strtol (optarg, &end, 0);
- if (end && *end)
- err++;
- } else {
+ case 1: /* A non-option argument */
+ if (!opts.device) {
+ opts.device = argv[optind-1];
+ } else {
+ opts.device = NULL;
+ err++;
+ }
+ break;
+ case 's':
+ if (opts.mode == MODE_NONE)
+ opts.mode = MODE_SCAN;
+ else
+ opts.mode = MODE_ERROR;
+ break;
+ case 'u':
+ if (opts.mode == MODE_NONE) {
+ opts.mode = MODE_UNDELETE;
+ opts.uinode = strtol (optarg, &end, 0);
+ if (end && *end)
err++;
- }
- break;
- case 'p':
- if (opts.percent == 0) {
- opts.percent = strtol (optarg, &end, 0);
- if (end && *end)
- err++;
- } else {
+ } else {
+ opts.mode = MODE_ERROR;
+ err++;
+ }
+ break;
+ case 'c':
+ if (opts.mode == MODE_NONE)
+ opts.mode = MODE_COPY;
+ else
+ opts.mode = MODE_ERROR;
+ break;
+ case 'S':
+ if ((opts.size_begin > 0) || (opts.size_end > 0) ||
+ !parse_range (argv[optind-1], &opts.size_begin,
+ &opts.size_end)) {
+ err++;
+ }
+ break;
+ case 'o':
+ if (!opts.output) {
+ opts.output = argv[optind-1];
+ } else {
+ err++;
+ }
+ break;
+ case 'b':
+ if (opts.fillbyte == -1) {
+ opts.fillbyte = strtol (optarg, &end, 0);
+ if (end && *end)
err++;
- }
- break;
- case 'd':
- if (!opts.dest)
- opts.dest = argv[optind-1];
- else
+ } else {
+ err++;
+ }
+ break;
+ case 'm':
+ if (!opts.match)
+ opts.match = transform (argv[optind-1]);
+ else
+ err++;
+ break;
+ case 'p':
+ if (opts.percent == -1) {
+ opts.percent = strtol (optarg, &end, 0);
+ if (end && *end)
err++;
- break;
- case 'v':
- opts.verbose++;
- break;
- case 'V':
- ver++;
- break;
- case 'h':
- help++;
- break;
- case '?':
- default:
- if (((optopt == 'u') || (optopt == 'd') || (optopt == 'p')) && !optarg) {
- printf ("Option '%s' requires an argument.\n", argv[optind-1]);
- } else {
- printf ("Unknown option '%s'.\n", argv[optind-1]);
- }
+ } else {
+ err++;
+ }
+ break;
+ case 'd':
+ if (!opts.dest)
+ opts.dest = argv[optind-1];
+ else
err++;
- break;
+ break;
+ case 'i':
+ opts.ignore_case++;
+ break;
+ case 'f':
+ opts.force++;
+ break;
+ case 'v':
+ opts.verbose++;
+ break;
+ case 'V':
+ ver++;
+ break;
+ case 'h':
+ help++;
+ break;
+ default:
+ if (((optopt == 'u') || (optopt == 'o') ||
+ (optopt == 'd') || (optopt == 'p') ||
+ (optopt == 'b') || (optopt == 'c') ||
+ (optopt == 'm') || (optopt == 'S')) &&
+ (!optarg)) {
+ printf ("Option '%s' requires an "
+ "argument.\n", argv[optind-1]);
+ } else {
+ printf ("Unknown option '%s'.\n",
+ argv[optind-1]);
+ }
+ err++;
+ break;
}
}
if (!help && !ver) {
- if (!opts.device) {
- printf ("No device has been specified.\n");
+ if (opts.device == NULL) {
+ printf ("You must specify exactly one device.\n");
err++;
}
- if ((opts.uinode > -1) && ((opts.percent > 0) || opts.scan)) {
- printf ("Scan and percentage options cannot be combined with undelete.\n");
+
+ if (opts.mode == MODE_NONE) {
+ opts.mode = MODE_SCAN;
+ }
+
+ switch (opts.mode) {
+ case MODE_SCAN:
+ if (opts.output || opts.dest || (opts.fillbyte != -1)) {
+ printf ("Scan can only be used with --percent, "
+ "--match, --ignore-case or --size.\n");
+ err++;
+ }
+ break;
+ case MODE_UNDELETE:
+ if ((opts.percent != -1) || opts.match || opts.ignore_case ||
+ (opts.size_begin > 0) || (opts.size_end > 0)) {
+ printf ("Undelete can only be used with "
+ "--output, --destination or --byte.\n");
+ err++;
+ }
+ break;
+ case MODE_COPY:
+ if (opts.dest || (opts.fillbyte != -1) ||
+ (opts.percent != -1) || opts.match ||
+ opts.ignore_case || (opts.size_begin > 0) ||
+ (opts.size_end > 0)) {
+ printf ("Copy can only be used with --output\n");
+ err++;
+ }
+ break;
+ default:
+ printf ("You can only select one of Scan, Undelete or Copy.\n");
err++;
}
- if ((opts.percent < 0) || (opts.percent > 100)) {
+
+ if ((opts.percent < -1) || (opts.percent > 100)) {
printf ("Percentage value must be in the range 0 - 100.\n");
err++;
@@ -792,8 +1051,8 @@
/**
- * list_record - Print a one-line summary of the file
+ * list_record - Print a one line summary of the file
* @file: The file to work with
*
- * Print a one-line description of a file.
+ * Print a one line description of a file.
*
* Inode Flags %age Date Size Filename
@@ -921,5 +1180,5 @@
percent = calc_percentage (file, vol);
- if ((opts.percent == 0) || (percent >= opts.percent)) {
+ if ((opts.percent == -1) || (percent >= opts.percent)) {
if (opts.verbose)
dump_record (file);
@@ -928,5 +1187,5 @@
}
- if (((opts.percent == 0) && (percent > 0)) ||
+ if (((opts.percent == -1) && (percent > 0)) ||
((opts.percent > 0) && (percent >= opts.percent))) {
results++;
@@ -946,4 +1205,32 @@
/**
+ * write_data
+ */
+int write_data (int fd, const char *buffer, int bufsize)
+{
+ ssize_t result1, result2;
+
+ if (!buffer) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ result1 = write (fd, buffer, bufsize);
+ if ((result1 == bufsize) || (result1 < 0))
+ return result1;
+
+ /* Try again with the rest of the buffer */
+ buffer += result1;
+ bufsize -= result1;
+
+ result2 = write (fd, buffer, bufsize);
+ if (result2 < 0)
+ return result2;
+
+ return result1 + result2;
+}
+
+
+/**
* open_file
*/
@@ -1041,5 +1328,5 @@
printf ("resident data\n");
- if (write (fd, d->data, d->size_data) < d->size_data) {
+ if (write_data (fd, d->data, d->size_data) < d->size_data) {
printf ("write failed\n");
close (fd);
@@ -1073,5 +1360,5 @@
memset (buffer, 'R', sizeof (buffer));
for (k = 0; k < rl[0].length * vol->cluster_size; k += sizeof (buffer)) {
- if (write (fd, buffer, sizeof (buffer)) < sizeof (buffer)) {
+ if (write_data (fd, buffer, sizeof (buffer)) < sizeof (buffer)) {
printf ("write failed\n");
close (fd);
@@ -1087,5 +1374,5 @@
memset (buffer, 'S', sizeof (buffer));
for (k = 0; k < rl[k].length * vol->cluster_size; k += sizeof (buffer)) {
- if (write (fd, buffer, sizeof (buffer)) < sizeof (buffer)) {
+ if (write_data (fd, buffer, sizeof (buffer)) < sizeof (buffer)) {
printf ("write failed\n");
close (fd);
@@ -1100,5 +1387,5 @@
memset (buffer, 'H', sizeof (buffer));
for (k = 0; k < rl[k].length * vol->cluster_size; k += sizeof (buffer)) {
- if (write (fd, buffer, sizeof (buffer)) < sizeof (buffer)) {
+ if (write_data (fd, buffer, sizeof (buffer)) < sizeof (buffer)) {
printf ("write failed\n");
close (fd);
@@ -1115,5 +1402,5 @@
if (cluster_in_use (vol, j)) {
memset (buffer, 'X', sizeof (buffer));
- if (write (fd, buffer, sizeof (buffer)) < sizeof (buffer)) {
+ if (write_data (fd, buffer, sizeof (buffer)) < sizeof (buffer)) {
printf ("write failed\n");
close (fd);
@@ -1126,5 +1413,5 @@
return 0;
}
- if (write (fd, buffer, sizeof (buffer)) < sizeof (buffer)) {
+ if (write_data (fd, buffer, sizeof (buffer)) < sizeof (buffer)) {
printf ("write failed\n");
close (fd);
Index: ntfsundelete.h
===================================================================
RCS file: /cvsroot/linux-ntfs/linux-ntfs/ntfstools/ntfsundelete.h,v
retrieving revision 1.3
retrieving revision 1.4
diff -U2 -r1.3 -r1.4
--- ntfsundelete.h 11 Jul 2002 13:18:12 -0000 1.3
+++ ntfsundelete.h 13 Jul 2002 16:33:00 -0000 1.4
@@ -1,6 +1,3 @@
-#ifndef _NTFSUNDELETE_H_
-#define _NTFSUNDELETE_H_
-
-/**
+/*
* ntfsundelete - Part of the Linux-NTFS project.
*
@@ -25,15 +22,36 @@
*/
+#ifndef _NTFSUNDELETE_H_
+#define _NTFSUNDELETE_H_
+
#include "types.h"
#include "list.h"
#include "runlist.h"
+enum optmode {
+ MODE_NONE = 0,
+ MODE_SCAN,
+ MODE_UNDELETE,
+ MODE_COPY,
+ MODE_ERROR
+};
+
+
struct options {
char *device; /* Device/File to work with */
- int scan; /* Scan the disk */
+ enum optmode mode; /* Scan / Undelete / Copy */
int percent; /* Minimum recoverability */
- int verbose; /* Extra output */
int uinode; /* Undelete this inode */
char *dest; /* Save file to this directory */
+ char *output; /* With this filename */
+ char fillbyte; /* Use for unrecoverable sections */
+ char *match; /* Regex for filename matching */
+ int ignore_case; /* Case insensitive matching */
+ int verbose; /* Extra output */
+ int force; /* Override common sense */
+ long long size_begin; /* Range for file size */
+ long long size_end;
+ long long mft_begin; /* Range for mft copy */
+ long long mft_end;
};
|
|
From: Anton A. <ai...@ca...> - 2002-07-12 15:55:29
|
On Fri, 12 Jul 2002, Szakacsits Szabolcs wrote: > On Tue, 9 Jul 2002, Anton Altaparmakov wrote: > > > Can you tell me what records you found other than file? I have > > seen CHKD (check disk), BAAD (corrupt mft record), and from the > > windows ntfs driver source I know that HOLE is a valid record but > > I haven't seen it in the wild yet and I was too lazy to figure out > > what it meant by reverse engineering it... > > Hmm, not much reference (1 at the definition) to HOLE however > apparently there are some RSTR (probably meaning 'restore' especially > their occurances are around CHKD). RSTR = ReSTaRt area. There are two such records at the beginning of $LogFile/$DATA attribute. Are you saying that you found a RSTR record in the $MFT/$DATA attribute? If yes, that would be a very interesting finding! Definitely something that would make me get fire up IDA Pro and search around the windows ntfs driver... Best regards, Anton -- Anton Altaparmakov <aia21 at cantab.net> (replace at with @) Linux NTFS maintainer / IRC: #ntfs on irc.openprojects.net WWW: http://linux-ntfs.sf.net/ & http://www-stu.christs.cam.ac.uk/~aia21/ |
|
From: Szakacsits S. <sz...@si...> - 2002-07-12 13:36:25
|
On Tue, 9 Jul 2002, Anton Altaparmakov wrote: > Can you tell me what records you found other than file? I have > seen CHKD (check disk), BAAD (corrupt mft record), and from the > windows ntfs driver source I know that HOLE is a valid record but > I haven't seen it in the wild yet and I was too lazy to figure out > what it meant by reverse engineering it... Hmm, not much reference (1 at the definition) to HOLE however apparently there are some RSTR (probably meaning 'restore' especially their occurances are around CHKD). Szaka |
