This is one page that looks best when viewed with a graphical
browser, I have looked at it using Netscape and lynx. There are no
important images here, but the tables don't
look very nice using lynx. You should use
Any Browser
that formats tables nicely.
This is a very quick walk through lde's
major modes. When you start lde, it will first
display the startup error/warning log with messages about the
filesystem found on the specified device. Hit any key and lde will display some of the information contained
in the file system's super block.
lde v2.4.0Alpha2 : minix : /dev/hda3
Inode: 1 (0x00000001) Block: 0 (0x00000000) 012345678
Inodes: 13943 (0x00003677)
Blocks: 41830 (0x0000A366)
Firstdatazone: 446 (N=446)
Zonesize: 1024 (0x0400)
Maximum size: 268966912 (0x10081C00)
* Directory entries are 30 characters.
* Inode map occupies 2 blocks.
* Zone map occupies 6 blocks.
* Inode table occupies 436 blocks.
F)lags, I)node, B)locks, R)ecover File
| |
While displaying the superblock, the keys for the other major modes are
listed at the bottom of the screen. We will zip through all of them,
starting with inode mode.
lde v2.4.0Alpha2 : minix : /dev/hda3
Inode: 1 (0x00000001) Block: 0 (0x00000000) 012345678
drwxr-xr-x 25 root system 1408 Wed Jul 2 01:06:23 1997
TYPE: directory LINKS: 25 DIRECT BLOCKS= 0x000001BE
MODE: \0755 FLAGS: \04 0x0000678D
UID: 00000(root) GID: 00000(system)
SIZE: 1408 SIZE(BLKS):
ACCESS TIME:
CREATION TIME:
MODIFICATION TIME: Wed Jul 2 01:06:23 1997 INDIRECT BLOCK=
DELETION TIME: 2x INDIRECT BLOCK=
F1/H for help. F2/^O for menu. Q to quit
| |
Inode mode starts on the file system's root directory inode. Looking at
the information above, we can see that it is indeed a directory with 25
entries (links) owned by root.system. Pressing the arrow keys will move the
cursor between fields. The first direct block is shown highlighted, if we
press 'd' now, we can view this inode formatted as a directory.
lde v2.4.0Alpha2 : minix : /dev/hda3
Inode: 1 (0x00000001) Block: 0 (0x00000000) 012345678
0x00000001: drwxr-xr-x 25 1408 .
0x00000001: drwxr-xr-x 25 1408 ..
0x0000047D: drwxr-xr-x 2 64 boot
0x000001AD: drwxr-xr-x 2 2144 bin
0x0000007F: drwxr-xr-x 2 8128 dev
0x00000153: drwxr-xr-x 10 384 dos
0x0000015A: drwxr-xr-x 19 8544 etc
0x000002D0: drwxr-xr-x 2 64 fishmonger
0x000001A9: drwxr-xr-x 3 3712 sbin
0x00000290: drwxr-xr-x 2 64 home
0x00000291: lrwxrwxrwx 1 9 info
0x00000292: drwxr-xr-x 3 2016 lib
0x000002E9: drwxrwxrwx 2 864 links
0x000002FF: drwxr-xr-x 2 160 mnt
0x00000300: drwxr-xr-x 2 64 mnt2
0x00000301: drwxrwxr-x 2 64 mnt3
0x00000302: dr-xr-xr-x 2 64 proc
0x00000000: mnbt
0x0000003D: drwxr-xr-x 3 96 man
0x00000305: drwxrwxr-x 2 224 shlib
0x0000030A: lrwxrwxrwx 1 11 stimpy
F1/H for help. F2/^O for menu. Q to quit | | | |
You can use the arrows to scroll through all the directory entries associated
with inode number 1 which we were viewing earlier. Clicking on a directory
will view that directory.
lde v2.4.0Alpha2 : minix : /dev/hda3
Inode: 1 (0x00000001) Block: 0 (0x00000000) 012345678
0x00000292: drwxr-xr-x 3 2016 .
0x00000001: drwxr-xr-x 25 1408 ..
0x00000293: lrwxrwxrwx 1 25 libX11.so.3
0x00000294: lrwxrwxrwx 1 24 libXt.so.3
0x00000160: lrwxrwxrwx 1 12 cpp
0x00000004: drwxr-xr-x 10 384 modules
0x00000297: lrwxrwxrwx 1 25 libXaw.so.3
0x0000050C: -r-xr-xr-x 1 43502 libkpathsea.so.2.6
0x00000517: lrwxrwxrwx 1 20 libkpathsea.so.2
0x0000029A: -rwxr-xr-x 1 634880 libc.so.4.6.27
0x0000029B: -rwxr-xr-x 1 110592 libm.so.4.6.27
0x0000029C: lrwxrwxrwx 1 14 libc.so.4
0x00000518: lrwxrwxrwx 1 18 libkpathsea.so
0x000002B9: -rwxr-xr-x 1 49152 libcurses.so.0.1.2
0x000002BA: lrwxrwxrwx 1 13 libf2c.so.0
0x000002BB: -rwxr-xr-x 1 533508 libf2c.so.0.7
0x000002BC: lrwxrwxrwx 1 12 libgr.so.1
0x000002BD: lrwxrwxrwx 1 14 libm.so.4
0x000002BE: -rwxr-xr-x 1 630784 libc-lite.so.4.6.27
0x000002BF: lrwxrwxrwx 1 19 libc-lite.so.4
0x00000511: -rwxr-xr-x 2 24580 ld.so
F1/H for help. F2/^O for menu. Q to quit
| | | |
We can use this method to locate the file we are interested in, maybe
libc.so.4.6.27. We can then view its inode by pressing 'I'.
lde v2.4.0Alpha2 : minix : /dev/hda3
Inode: 666 (0x0000029A) Block: 0 (0x00000000) 012345678
-rwxr-xr-x 1 root system 634880 Tue Dec 13 16:39:05 1994
TYPE: regular file LINKS: 1 DIRECT BLOCKS= 0x00001E2C
MODE: \0755 FLAGS: \10 0x00001E2D
UID: 00000(root) GID: 00000(system) 0x00001E2E
SIZE: 634880 SIZE(BLKS): 0x00001E2F
0x00001E30
ACCESS TIME: 0x00001E31
CREATION TIME: 0x00001E32
MODIFICATION TIME: Tue Dec 13 16:39:05 1994 INDIRECT BLOCK= 0x00001E33
DELETION TIME: 2x INDIRECT BLOCK=0x00002034
F1/H for help. F2/^O for menu. Q to quit
| |
This information looks correct, now lets have a look at the contents of the
file. Hit 'B' to view the highlighted block.
lde v2.4.0Alpha2 : minix : /dev/hda3
Inode: 666 (0x0000029A) Block: 7724 (0x00001E2C) 012345678
0078B000 CC 00 64 00 00 00 09 00 : 00 B0 00 00 98 EE 02 00 ..d.............
0078B010 00 00 00 00 20 F0 FF 5F : 00 00 00 00 00 00 00 00 .... .._........
0078B020 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 ................
0078B030 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 ................
0078B040 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 ................
0078B050 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 ................
0078B060 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 ................
0078B070 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 ................
0078B080 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 ................
0078B090 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 ................
0078B0A0 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 ................
0078B0B0 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 ................
0078B0C0 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 ................
0078B0D0 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 ................
0078B0E0 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 ................
0078B0F0 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 ................
0078B100 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 ................
0078B110 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 ................
0078B120 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 ................
0078B130 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 ................
0078B140 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 ................
F1/H for help. F2/^O for menu. Q to quit
| |
We're looking at the first block of libc. It is possible to edit this block
in hex or ASCII and then write it back to the disk. Let's not do that,
instead, go back to inode mode and hit 'R'. This will copy the contents of
libc's inode into the "recovery inode" and switch to recovery mode.
lde v2.4.0Alpha2 : minix : /dev/hda3
Inode: 666 (0x0000029A) Block: 7724 (0x00001E2C) ---------
|
DIRECT BLOCKS: 0 : 0x00001E2C
1 : 0x00001E2D
2 : 0x00001E2E
3 : 0x00001E2F
4 : 0x00001E30
5 : 0x00001E31
6 : 0x00001E32
INDIRECT BLOCK: 7 : 0x00001E33
2x INDIRECT BLOCK: 8 : 0x00002034
Change blocks with adjacent characters. Q to quit. R to dump to file
|
From recovery mode, we can write out the file indexed by this inode to
disk. It may not sound very important, but this is how you would undelete
a unix file. This "recovery inode" is not stored on the disk and you can
put whatever you want in it. However, the indirect blocks are stored on
the disk. Most of the time, the inode information will be preserved after
you delete a file, and you can just undelete the entire file at once. If
there have been disk writes since you deleted the file, the inode information
may have been overwritten, in which case you may have to do a lot of work to
recover the file. See the file UNERASE
in the lde distribution for help with these
harder cases.
This is a very simple document. You could probably figure all this
out on your own just playing with lde for a few
seconds and it really doesn't accentuate any of lde's really nifty features which can be used to
find deleted files. See the man page and
the UNERASE document for examples and more
detailed explainations.
