Results 1 to 5 of 5

Thread: how to read superblocks and inodes

  1. #1
    Join Date
    Aug 2012
    Beans
    185

    how to read superblocks and inodes

    Hello everyone,

    I have been attempting to write C code that would be able to read the superblocks and inodes of a volume. In the particular case at hand, I have formatted an 8 GB USB flash drive with an ext2 partition. At the moment, there are no files on the drive--just a bare filesystem.

    My thinking was that after mounting the drive at /mnt/flash I could open /mnt/flash/ and, according to the reading I've done,read past the first 1024 bytes to find the start of the superblock. This doesn't work. All I see are 1024 zeroes where their should be 76 4- byte integers and 2 2-byte integers.

    Here's the code:

    Code:
    #include <stdio.h>
    #include <stdlib.h>
    #include <fcntl.h>
    #include <unistd.h>
    #include <sys/types.h>
    #include <sys/stat.h>
    
    char header[1024];
    char buffer[4];
    
    int main (void ){
    off_t start_pos;
    int datum, i;
    
    int handle=open("/dev/sde4", 1024); 
    read(handle, &header, 1024);
    for(i=0; i<76; i++){
    read (handle, &buffer, 4);
    datum = atoi(buffer);
    printf("buffer string is %d \n", datum);
    }
    close (handle);
    return 0;
    }
    Plainly there is something I don't get. I am well aware that the stat shell command or the stat() library call gives a lot of -- but not the data block locations of-- inode info. Also, dumpe2fs and tune2fs are useful as well. But, I'd like to understand how to get to the guts of the filesystem structures, if it's possible.

    Thanks,
    Mark Allyn

  2. #2
    Join Date
    Sep 2013
    Beans
    14

    Re: how to read superblocks and inodes

    Wait, I'm not an expert in C, but isn't second argument of open is mode integer? If I understand correctly, your code reads FIRST 1024 bytes (which are reserved for bootloader and supposed to be all-zeroes if no bootloader is present). You're supposed to seek to 1024 after opening device.

    Update: I think I misunderstood your code. You're using this

    Code:
    read(handle, &header, 1024);
    for "seeking" past first 1024 bytes, aren't you? Good that I have printed Ext2FS specification. No, standard ext2 superblock contains 17 4-byte integers and 8 2-byte integers (they are mixed). You can use this for reference:

    http://www.nongnu.org/ext2-doc/ext2.html
    Last edited by Nil_Pointer; September 8th, 2013 at 09:05 PM.

  3. #3
    Join Date
    Aug 2011
    Location
    47°9′S 126°43W
    Beans
    2,165
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: how to read superblocks and inodes

    Your code doesn't check return codes nor tries to get errno and the matching message, so anything could be happening (like for instance not having the privileges to read devices directly). Writing such exploratory code without cramming it with error checking and trace won't get you very far.

  4. #4
    Join Date
    Aug 2012
    Beans
    185

    Re: how to read superblocks and inodes

    Hi ofnuts and Nil_Pointer,

    I take your points and without dispute or excuses.

    I've been busy trying to solve this problem via a different route, and I think I have been successful. I plan to put some code up that will show how to do what I wanted to do in a day or two.

    Suffice it for now that the key is to do a hexdump (or od) on the device itself, not the file it is mounted to. The superblock is located 1024 bytes past the beginning of /dev/sde1 (in my particular case). Reading from this block gets you to the block descriptor table and from this to the file descriptor and thence to the inode and from the inode direct block pointer finally to the file itself. Very interesting exercise. Perhaps you two already knew this, but it was a most enlightening for me. BTW, the filesystem I'm playing with is ext2.

    Stay tuned.

    Regards,

    Mark Allyn

  5. #5
    Join Date
    Dec 2013
    Beans
    1

    Re: how to read superblocks and inodes

    > But, I'd like to understand how to get to the guts of the filesystem structures, if it's possible.


    Yes, Its possible. I've tried something like that http://giis.co.in/Kick_start.html
    https://github.com/Lakshmipathi/giis/tree/master/src


    If you want simple approach, best bet is to use libext2fs.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •