* Any tool under linux to parsing BPB/Bs/FAT table? [not found] <AANLkTi=DGPap0sBBgQu1c7kot0zzi0C_p3KUnKWzY1ZM@mail.gmail.com> @ 2010-12-20 7:45 ` loody 2010-12-20 13:45 ` loody 2010-12-20 15:56 ` Greg Freemyer 0 siblings, 2 replies; 8+ messages in thread From: loody @ 2010-12-20 7:45 UTC (permalink / raw) To: kernelnewbies Dear all: I recently trace FS/fat and I want to know is there any utility under linux that can help us to easily parse BPB/BS or FAT tables? appreciate your help, miloody ^ permalink raw reply [flat|nested] 8+ messages in thread
* Any tool under linux to parsing BPB/Bs/FAT table? 2010-12-20 7:45 ` Any tool under linux to parsing BPB/Bs/FAT table? loody @ 2010-12-20 13:45 ` loody 2010-12-20 11:01 ` Beraldo Leal 2010-12-20 15:56 ` Greg Freemyer 1 sibling, 1 reply; 8+ messages in thread From: loody @ 2010-12-20 13:45 UTC (permalink / raw) To: kernelnewbies Dear all: I recently trace FS/fat and I want to know is there any utility under linux that can help us to easily parse BPB/BS or FAT tables? appreciate your help, miloody ^ permalink raw reply [flat|nested] 8+ messages in thread
* Any tool under linux to parsing BPB/Bs/FAT table? 2010-12-20 13:45 ` loody @ 2010-12-20 11:01 ` Beraldo Leal 2011-03-03 8:36 ` loody 0 siblings, 1 reply; 8+ messages in thread From: Beraldo Leal @ 2010-12-20 11:01 UTC (permalink / raw) To: kernelnewbies On Mon, Dec 20, 2010 at 09:45:47PM +0800, loody wrote: > Dear all: > I recently trace FS/fat and I want to know is there any utility under > linux that can help us to easily parse BPB/BS or FAT tables? http://gitorious.org/unix-stuff/fat-util ? -- Beraldo Costa Leal FLOSS Competence Center - CCSL University of S?o Paulo - USP http://ccsl.ime.usp.br/ 0xE98690EB - http://pgp.mit.edu -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: Digital signature Url : http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20101220/73799603/attachment-0001.bin ^ permalink raw reply [flat|nested] 8+ messages in thread
* Any tool under linux to parsing BPB/Bs/FAT table? 2010-12-20 11:01 ` Beraldo Leal @ 2011-03-03 8:36 ` loody [not found] ` <20110303114118.GA4733@beraldoleal.com> 0 siblings, 1 reply; 8+ messages in thread From: loody @ 2011-03-03 8:36 UTC (permalink / raw) To: kernelnewbies hi beraldo: 2010/12/20 Beraldo Leal <beraldo@beraldoleal.com>: > On Mon, Dec 20, 2010 at 09:45:47PM +0800, loody wrote: >> Dear all: >> I recently trace FS/fat and I want to know is there any utility under >> linux that can help us to easily parse BPB/BS or FAT tables? > > http://gitorious.org/unix-stuff/fat-util ? > I download the tool you mentioned but I have some questions about the usage. I try to list out the dir content on my usb flash disk, which is fat file system. But I got the below messages: # mount /dev/sdc1 on /media/disk type vfat (rw) # ls /media/disk ifrename iwconfig iwevent iwgetid iwlist iwpriv iwspy strace strace.output strace.output.tar.bz2 # ./fat-util list strace.output /dev/sdc1 strace.output not found. # did I use the wrong cmds or the file system type the utility not support? appreciate your help, miloody ^ permalink raw reply [flat|nested] 8+ messages in thread
[parent not found: <20110303114118.GA4733@beraldoleal.com>]
* Any tool under linux to parsing BPB/Bs/FAT table? [not found] ` <20110303114118.GA4733@beraldoleal.com> @ 2011-03-04 2:28 ` loody [not found] ` <20110304103906.GC5786@beraldoleal.com> 0 siblings, 1 reply; 8+ messages in thread From: loody @ 2011-03-04 2:28 UTC (permalink / raw) To: kernelnewbies hi : 2011/3/3 Beraldo Leal <beraldo@beraldoleal.com>: > On Thu, Mar 03, 2011 at 04:36:50PM +0800, loody wrote: >> hi beraldo: >> >> 2010/12/20 Beraldo Leal <beraldo@beraldoleal.com>: >> > On Mon, Dec 20, 2010 at 09:45:47PM +0800, loody wrote: >> >> Dear all: >> >> I recently trace FS/fat and I want to know is there any utility under >> >> linux that can help us to easily parse BPB/BS or FAT tables? >> > >> > http://gitorious.org/unix-stuff/fat-util ? >> > >> I download the tool you mentioned but I have some questions about the usage. >> I try to list out the dir content on my usb flash disk, which is fat >> file system. >> But I got the below messages: >> >> # mount >> /dev/sdc1 on /media/disk type vfat (rw) >> # ls /media/disk >> ifrename ?iwconfig ?iwevent ?iwgetid ?iwlist ?iwpriv ?iwspy ?strace >> strace.output ?strace.output.tar.bz2 >> # ./fat-util list strace.output /dev/sdc1 >> strace.output not found. > Try: ./fat-util list / /dev/sdc1 > > May be it show with upper case. > I tried the cmds you suggested as below: # ./fat-util list / /dev/sdc1 0 file(s), 0 dir(s) # But the disk did have dirs and files # mount /dev/sdc1 on /media/disk type vfat (rw) # ls /media/disk ifrename iwconfig iwevent iwgetid iwlist iwpriv iwspy strace strace.output strace.output.tar.bz2 # thanks for your help, miloody ^ permalink raw reply [flat|nested] 8+ messages in thread
[parent not found: <20110304103906.GC5786@beraldoleal.com>]
* Any tool under linux to parsing BPB/Bs/FAT table? [not found] ` <20110304103906.GC5786@beraldoleal.com> @ 2011-03-04 12:09 ` loody [not found] ` <20110304134053.GH5786@beraldoleal.com> 0 siblings, 1 reply; 8+ messages in thread From: loody @ 2011-03-04 12:09 UTC (permalink / raw) To: kernelnewbies hi: 2011/3/4 Beraldo Leal <beraldo@beraldoleal.com>: > On Fri, Mar 04, 2011 at 10:28:58AM +0800, loody wrote: >> hi : >> >> But the disk did have dirs and files >> # mount >> /dev/sdc1 on /media/disk type vfat (rw) >> # ls /media/disk >> ifrename ?iwconfig ?iwevent ?iwgetid ?iwlist ?iwpriv ?iwspy ?strace >> strace.output ?strace.output.tar.bz2 >> # > Please, print the ./fat-util info /dev/sdc1 output here it is : # ./fat-util info /dev/sdc1 JMP opcodes: EB 58 90 OEM Name: mkdosfs Bytes per sector: 512 Sectors per cluster: 8 # reserved sectors: 32 # FATs on volume: 2 # root directory entries: 0 Sectors in volume: 0 Media descriptor type: 248 Sectors per FAT: 0 Sectors per Track: 62 # heads: 63 # hidden sectors: 0 Huge sectors in volume: 3941092 FAT Type: 32 Drive number: 0 Signature: 29 Volume ID: -1598503492 Volume Label: FAT Type: FAT32 Root Cluster: 2 # appreciate your help, miloody ^ permalink raw reply [flat|nested] 8+ messages in thread
[parent not found: <20110304134053.GH5786@beraldoleal.com>]
* Any tool under linux to parsing BPB/Bs/FAT table? [not found] ` <20110304134053.GH5786@beraldoleal.com> @ 2011-03-05 4:40 ` loody 0 siblings, 0 replies; 8+ messages in thread From: loody @ 2011-03-05 4:40 UTC (permalink / raw) To: kernelnewbies hi Beraldo: > On Fri, Mar 04, 2011 at 08:09:17PM +0800, loody wrote: >> hi: >> # ./fat-util info /dev/sdc1 >> JMP opcodes: EB 58 90 >> OEM Name: ?mkdosfs >> Bytes per sector: 512 >> Sectors per cluster: 8 >> # reserved sectors: 32 >> # FATs on volume: 2 >> # root directory entries: 0 >> Sectors in volume: 0 >> Media descriptor type: 248 >> Sectors per FAT: 0 >> Sectors per Track: 62 >> # heads: 63 >> # hidden sectors: 0 >> Huge sectors in volume: 3941092 >> FAT Type: 32 >> Drive number: 0 >> Signature: 29 >> Volume ID: -1598503492 >> Volume Label: >> FAT Type: FAT32 >> Root Cluster: 2 >> # > > Hi loody, I think this is a bug. > > I never try this tool with a real partition, just with img files: > > ?$ dd if=/dev/zero of=/tmp/img2 bs=521 count=100000 > ?$ mkdosfs /tmp/img2 > ?$ mount -o loop /tmp/img2 /media/fat > ?$ mkdir /media/fat/teste2 > ?$ > /media/fat/teste > ?$ cp /etc/passwd /media/fat/ > ?$ umount /media/fat > ?$ ./fat-util list / /tmp/img2 > ? ?2 file(s), 1 dir(s) > ? ?-----a ? ? ? ?0 2011 Mar 04 TESTE > ? ?----d- ? ? ? ?0 2011 Mar 04 TESTE2 > ? ?-----a ? ? 2869 2011 Mar 04 PASSWD > > Maybe the tool is not ready for real partitions! Sorry... Actually I think you did a great job, at least you provide a tool for newbies like me to have a chance to learn file system. What is the difference between real partition and image? for kernel, they are nothing but a place to write file systems, right? Appreciate your help, miloody it is fine. what is the diff ^ permalink raw reply [flat|nested] 8+ messages in thread
* Any tool under linux to parsing BPB/Bs/FAT table? 2010-12-20 7:45 ` Any tool under linux to parsing BPB/Bs/FAT table? loody 2010-12-20 13:45 ` loody @ 2010-12-20 15:56 ` Greg Freemyer 1 sibling, 0 replies; 8+ messages in thread From: Greg Freemyer @ 2010-12-20 15:56 UTC (permalink / raw) To: kernelnewbies On Mon, Dec 20, 2010 at 2:45 AM, loody <miloody@gmail.com> wrote: > Dear all: > I recently trace FS/fat and I want to know is there any utility under > linux that can help us to easily parse BPB/BS or FAT tables? > > appreciate your help, > miloody TSK3 apparently does some FAT analysis/parsing. See this extracted from http://www.sleuthkit.org/sleuthkit/docs/api-docs/files.html === tsk3/fs/fatfs.c Contains the internal TSK FAT file system code to handle basic file system processing for opening file system, processing sectors, and directory entries tsk3/fs/fatfs_dent.c Contains the internal TSK FAT file name processing code tsk3/fs/fatfs_meta.c Contains the internal TSK FAT file system code to handle metadata structures === TSK3 is command line I believe. (I've not used it.) TSK3 is included in Sleuthkit, which is a pretty basic gui I believe plus some wrappers. Both TSK3 and Sleuthkit are in the more modern GUI: PTK. http://ptk.dflabs.com/ All of the above is opensource I believe. (I normally use commercial software for filesystem analysis, so I have not used any of the above. The only commercial linux filesystem anal. tool that I know of is "smart". http://www.asrdata.com/forensic-software/smart-for-linux/ I haven't tried it in years, so I can't say how good/bad it is currently.) Greg ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2011-03-05 4:40 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <AANLkTi=DGPap0sBBgQu1c7kot0zzi0C_p3KUnKWzY1ZM@mail.gmail.com>
2010-12-20 7:45 ` Any tool under linux to parsing BPB/Bs/FAT table? loody
2010-12-20 13:45 ` loody
2010-12-20 11:01 ` Beraldo Leal
2011-03-03 8:36 ` loody
[not found] ` <20110303114118.GA4733@beraldoleal.com>
2011-03-04 2:28 ` loody
[not found] ` <20110304103906.GC5786@beraldoleal.com>
2011-03-04 12:09 ` loody
[not found] ` <20110304134053.GH5786@beraldoleal.com>
2011-03-05 4:40 ` loody
2010-12-20 15:56 ` Greg Freemyer
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).