VFAT i_pos value

Sat Dec 3 01:20:04 EST 2011

Kai Meyer <kai at gnukai.com> writes:

> Thanks for the helpful response. I'm not entirely sure I understand the 
> next part though. I hacked a dirty entry dumper tool:
>
> #include <stdio.h>
> #include <linux/msdos_fs.h>
> #include <sys/types.h>
> #include <sys/stat.h>
> #include <fcntl.h>
> #include <unistd.h>
> #include <string.h>
>
> int main(int argc, char** argv)
> {
>          off_t pos = atoi(argv[2]);
>          unsigned long block;
>          off_t sector;
>          unsigned int offset;
>          int fd = open(argv[1], O_RDONLY);
>          char buf[512];
>          struct msdos_dir_entry dirent;
>          block = pos / (4096 / 32);
>          sector = block * 8;
>          offset = pos % (4096 / 32);
>          printf("block %lu, sector %lu, offset %u\n", block, sector, 
> offset);
>          lseek(fd, sector * 512, SEEK_SET);
>          if (read(fd, buf, 512) < 0) {
>                  fprintf(stderr, "Unable to read from device %s\n", 
> argv[1]);
>                  return -1;
>          }
>          memcpy(&dirent, buf + offset, sizeof(dirent));
>          printf("name      %s\n", dirent.name);
>          printf("attr      %u\n", dirent.attr);
>          printf("lcase     %u\n", dirent.lcase);
>          printf("ctime_cs  %u\n", dirent.ctime_cs);
>          printf("ctime     %u\n", dirent.ctime);
>          printf("cdate     %u\n", dirent.cdate);
>          printf("adate     %u\n", dirent.adate);
>          printf("starthi   %u\n", dirent.starthi);
>          printf("time      %u\n", dirent.time);
>          printf("date      %u\n", dirent.date);
>          printf("start     %u\n", dirent.start);
>          printf("size      %u\n", dirent.size);
> }
>
> Here's what it outputs:
>
> ./vfat_entry /dev/sblsnap0 523793
> block 4092, sector 32736, offset 17
> name
> attr      255
> lcase     255
> ctime_cs  255
> ctime     12799
> cdate     12670
> adate     8224
> starthi   8224
> time      23072
> date      21061
> start     32
> size      2171155456
>
> So, I take starthi, and shift 16 bits left, then and in the start value. 
> That should give me the byte address of the first cluster of the file, 
> correct?
>
> Then I need to follow the cluster chain until I get a bad value.

It looks like wrong as dirent. Did you use 523793 really? If so, I think
523791 is correct value. :)
-- 
OGAWA Hirofumi <hirofumi at mail.parknet.co.jp>