-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathext4scanv1
More file actions
114 lines (99 loc) · 2.66 KB
/
ext4scanv1
File metadata and controls
114 lines (99 loc) · 2.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
#!/bin/bash
#WARNING: This script requires superuser level commands to complete, please
# read my code carefully and confirm it is safe. It is provided AS-IS
# with no warranty implied or otherwise. Feel free to use this in any
# MIT-friendly way.
# This script uses filesystem blocks which usually do not match physical
# blocks, and is offset by the partition start block. In theory, this should
# work with any filesystem that debugfs returns sane results for icheck and
# ncheck. Span is for segmenting very large block ranges.
if [ "$2" == "" ]; then
echo "Usage: target start [last] [span]"
exit 1
fi
target=$1
block=$2
#check if target is a valid filesystem
if ! tune2fs -l $target ; then
echo "${target} does not have a valid filesystem"
exit 1
fi
if [ "$3" == "end" ]; then
lastblock=$(( $(tune2fs -l $target | grep "Block c" | \
awk '{print $3}') - 1 ))
elif [ "$3" == "" ]; then
lastblock=$block
else
lastblock=$3
fi
if [ $[block] -gt $[lastblock] ]; then
echo "Start block is after last block!"
exit 1
fi
if [ "$4" == "" ]; then
span=1000
else
span=$4
fi
#this working dir should be a tmpfs mount
WORKDIR="/run/ext4scan"
if [ ! -d "$WORKDIR" ]; then
mkdir "$WORKDIR"
fi
rm -rf "${WORKDIR}/$$"
mkdir "${WORKDIR}/$$"
cd "${WORKDIR}/$$"
until [ "$block" -gt "$lastblock" ]; do
if [ $(($[block] + $[span])) -gt $[lastblock] ]
then
next=$[lastblock]
else
next=$(($[block]+$[span]))
fi
echo "Processing ${block}-${next}"
if [ "${IGNORE_BLOCK_BITMAP}" == "1" ]; then
rm cmdset
echo "icheck" `seq $[block] $[CHECK_EVERY] $[next]` >> cmdset
else
for i in `seq $[block] $[next]`
do
echo "testb ${i}" >> cmdset
done
debugfs $target -f cmdset | grep 'marked' | awk '{print $2}' \
> blocklist
rm cmdset
echo "icheck" `cat blocklist | tr "\n" " "` >> cmdset
rm blocklist
fi
if [ -e cmdset ]; then
debugfs $target -f cmdset | grep -v '[a-zA-Z]' | \
awk '{print $2}' | uniq > inodelist
rm cmdset
cat inodelist | while read line; do
echo "inode found: ${line}"
echo "ncheck ${line}" >> cmdset
done
rm inodelist
fi
if [ -e cmdset ]; then
debugfs $target -f cmdset | grep "^[0-9]" | \
sed 's/^[0-9]*.//' > tempmanifest
echo "Files that use FS blocks ${block}-${next}:"
cat tempmanifest
# merge tempmanifest and manifest, then eliminate duplicates
# and resort
cat manifest >> tempmanifest
sort -u tempmanifest > manifest
rm cmdset
else
echo "Nothing found in this block range"
fi
block=$(($[next] + 1))
done
if [ -e manifest ]; then
mv manifest "${WORKDIR}/manifest_$$"
echo "File manifest can be found at ${WORKDIR}/manifest_$$"
else
echo "No files found in this run"
fi
rm -rf "${WORKDIR}/$$"