summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog8
-rw-r--r--INSTALL175
-rw-r--r--NEWS5
-rw-r--r--README268
-rwxr-xr-xconfigure30
-rw-r--r--configure.in6
-rw-r--r--src/Makefile.in4
-rw-r--r--src/ext4magic.837
8 files changed, 317 insertions, 216 deletions
diff --git a/ChangeLog b/ChangeLog
index 7725a05..83e56d9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,10 @@
-
+0.2.0 change :optimization of the ext3 magic scan functions
+ new: support for a lot of images, video and audio
+ new: possibility of the stream orientation. (needed for mp3)
+ change : prevent partially recover on txt and other
+ change : an already restored file tail does not prevent the recover of the entire file
+ BUG: #017694; #017695; #017712
+
0.2.0-pv2 new: support and modification for a lot of filetype
change :adjusting settings for version file-5.04
diff --git a/INSTALL b/INSTALL
index 0f7d95e..8ce5907 100644
--- a/INSTALL
+++ b/INSTALL
@@ -5,27 +5,46 @@ Install ext4magic
Install HOWTO
----------------------
-You have to compile it. It install a binary program /usr/local/sbin/ext4magic and a manpage
-It works only on Linux (with a few small limitations also Big-Endian-CPUs)
+You have to compile the ext4magic source code. It install a binary program /usr/local/sbin/ext4magic and a manpage
+This works only on Linux (also Big-Endian-CPUs)
Other UNIX operating systems will not compile.
You need the packages :
gcc
make
+Furthermore, there are dependencies to following libraries:
+
+ libmagic
+ libext2fs
+
+These libraries are present on any Linux, but you need actual versions.
+The following describes the procedure for the installation of ext4magic depends on the library versions.
+
+
+
+
+
The file-command an the library libmagic
----------------------------------------
In versions ext4magic > 0.1.4 you need the package of the Linux command "file".
-You need a version > 5.03 (see also BUG:#017561) for stabil magic-functions in ext4magic.
-If found, install also the devel package, or you must create a symlink of the library. (see follow)
+Needed a version > 5.03 (see also BUG:#017561) for stabil magic-functions in ext4magic.
+Which version is installed displays the following command
+# file -v
-Users who know exactly what they are doing, can also version file-5.04 install from source.
+If found 5.04 on your Linux, install also the devel package, or you must create a symlink of the library. (see follow)
+
+
+No version 5.04 for your Linux available? You can also install version file-5.04 from source.
download ftp://ftp.astron.com/pub/file/
-You can uninstall the older version of "file" if it has no dependencies to other packages. (eg. perl,apache,...)
-Or you can install a second version to /usr/local,
-If the old version deleted, the new must necessarily configured to /usr and not to /usr/local .
+
+You can uninstall the older version of "file" (not recommended) if it has no dependencies to other packages. (eg. perl,apache,...)
+If the old version deleted, the new must necessarily configured to /usr and not to /usr/local.
+
+Or you can install a second version to /usr/local (recommended)
+In this case, do not install the devel package of an old version.
The following illustrates the installation of a second version
@@ -38,15 +57,22 @@ The following illustrates the installation of a second version
# make install
# ldconfig
-( If use a 64-bit system, the library path can also be /usr/lib64 and /usr/local/lib64 )
+
The following command should now show both, the version in "/usr/lib/" and in "/usr/local/lib/"
+(If use a 64-bit system, the library path can also be /usr/lib64 and /usr/local/lib64)
# ldconfig -p | grep libmagic
libmagic.so.1 (libc6) => /usr/local/lib/libmagic.so.1
libmagic.so.1 (libc6) => /usr/lib/libmagic.so.1
libmagic.so (libc6) => /usr/local/lib/libmagic.so
-
In this case, the symlink "/usr/lib/libmagic.so" should not exist. (see follow)
+If the new version libmagic is now not available in /usr/local/... , or the following command failed
+
+ #/usr/local/bin/file -v
+
+then try the following command as root
+ # ldconfig /usr/local/lib /usr/local/lib64
+and check again.
Which of the two libmagic versions the finished ext4magic use, you can check with:
@@ -56,11 +82,12 @@ Which of the two libmagic versions the finished ext4magic use, you can check wit
-If you get the following error if configure ext4magic:
-"error: The library libmagic.so not found, install the package "file" to build ext4magic"
+If you get the following error during configure ext4magic:
+
+"error: library libmagic.so file-version >= 5.04 not found, install the package "file-5.04" to build ext4magic"
-and "file" is installed, probably the devel package it is not installed. Not for all distributions
+and "file-5.04" is installed, probably the devel package it is not installed. Not for all distributions
it is available. You can work around that by generate a symlink to the existing version of this library. (on a 64-bit system, the library path can also be /usr/lib64 )
see the following log:
@@ -71,13 +98,20 @@ lrwxrwxrwx 1 root root 13 Sep 23 01:40 /usr/lib/libmagic.so -> libmagic.so.1
lrwxrwxrwx 1 root root 17 Aug 28 16:09 /usr/lib/libmagic.so.1 -> libmagic.so.1.0.0
-rwxr-xr-x 1 root root 116720 Oct 24 2009 /usr/lib/libmagic.so.1.0.0
+The version for compiling with ext4magic should have the symlink "libmagic.so"
+another version of libmagic should not have this symlink.
+
+
-Devel packages and librarys
-----------------------------
+
+
+Devel packages and librarys of libext2fs
+----------------------------------------
First check your current version of libext2fs with the following command
-# /sbin/fsck.ext3 -V
+ # /sbin/fsck.ext3 -V
+
if Version >= 1.41.9
@@ -92,13 +126,14 @@ libuuid-devel uuid-dev libuuid-devel
libblkid-devel libblkid-dev libblkid-devel
-then
-# tar -xzf ext4magic-0.1.4.tar.gz
-# cd ext4magic-0.1.4
-# ./configure
-# make
-# su -
-# make install
+then compile ext4magic
+ # tar -xzf ext4magic-0.1.4.tar.gz
+ # cd ext4magic-0.1.4
+ # ./configure
+ # make
+ # su
+ # make install
+
if Version < 1.41.9
@@ -112,7 +147,7 @@ Important: Please do not install this version.
This could create problems with programs of your current distribution ..
-save the directory path of lib/ in a variable for future use in configure commandline.
+save the actual directory path of lib/ in a variable for future use in configure commandline.
# EXT2LIB="$(pwd)/lib"
After this, change into the code directory of ext4magic
@@ -120,6 +155,7 @@ After this, change into the code directory of ext4magic
# cd ext4magic-0.1.4
# ./configure CFLAGS="-I$EXT2LIB" LDFLAGS="-L$EXT2LIB" LIBS="-luuid -lcom_err -lpthread"
# make
+ # su
# make install
@@ -128,10 +164,15 @@ ext4magic is so linked to the newer library. You can see different version of li
# /sbin/fsck.ext3 -V
+
+
+
--------------------------------------------------------------------------
+
+
Installations HOWTO deutsch
Installation von ext4magic
@@ -141,8 +182,7 @@ Allgemeine Voraussetzungen
--------------------------
Die Installation von ext4magic ist derzeit nur auf Linux möglich. Andere Unix basierende
Betriebssyteme werden sich nicht ohne größere Änderungen am Quellcode compilieren lassen.
-Das Programm unterstützt mit derzeit noch kleinen Schönheitsfehlern auch "Big endian" basierende
-Prozessoren, getestet wurden derzeit
+Das Programm unterstützt auch "Big endian" basierende Prozessoren, getestet wurden derzeit
OpenSuse x86 32/64Bit
Ubuntu Sparc64
@@ -156,23 +196,44 @@ nicht schon vorhanden, vorher installiert werden.
gcc
make
+Desweiteren sind Abhängigkeiten zu folgenden Libraries zu beachten.
+
+ libmagic
+ libext2fs
+Diese Libraries sind zwar auf jedem Linux vorhanden, doch es werden aktuelle Versionen für ext4magic benötigt.
+Entsprechend der vorhanden Versionen ist im folgenden die Installation von ext4magic und gegebenenfalls
+der benötigten Libraries beschrieben.
-In ext4magic > 0.1.4 wird zusätzlich noch das Paket des Linux Befehls "file" benötigt.
+
+
+
+
+Das Kommando "file" und "libmagic"
+===================================
+In ext4magic > 0.1.4 wird zusätzlich noch "libmagic" des Linux Befehls "file" benutzt.
Es wird dabei für den stabilen Betrieb der Magic-funktionen eine Version > 5.03 benötigt.(siehe auch BUG:#017561)
-Sollte für diese Version auch ein Devel Paket für diese Distribution auffindbar sein, dann diese auch
+Welche Version installiert ist zeigt der Befehl
+
+# file -v
+
+Sollte für die Version 5.04 auch ein Devel Paket für diese Distribution auffindbar sein, dann dieses auch
installieren. Nicht in allen Distributionen wird ein solches Devel Paket für "file" gepflegt.
Das daraus entstehende Problem kann auch durch einen einfachen Symlink umgangen werden. (Siehe weiter unten)
-Anwender, welche genau wissen was sie tun, können auch die Version "file-5.04" aus dem Quellcode installieren.
+Sollte keine Version file-5.04 für dein Linux erhältlich sein, kann auch die Version "file-5.04" aus dem
+Quellcode installieren werden.
Download ftp://ftp.astron.com/pub/file/
-Es kann die alte "file" Version vom Rechner deinstalliert werden, wenn keine weiteren Abhängikeiten zu
-anderen Paketen (zB apache, perl,...) bestehen, oder auch eine zweite Version nach /usr/local
-installiert werden. Wird die alte Version gelöscht, muss die neue zwingend für /usr und nicht für /usr/local
+Es kann die alte "file" Version vom Rechner deinstalliert werden, (nicht empfohlener Weg)
+soweit keine weiteren Abhängikeiten zu anderen Paketen (zB apache, perl,...) bestehen,
+Wird die alte Version gelöscht, muss die neue zwingend wieder für /usr und nicht für /usr/local
konfiguriert werden.
+Oder, es kann auch eine zweite Version zusätzlich unterhalb von /usr/local installiert, werden. (empfohlener Weg)
+In diesem Fall dann das Devel Paket einer älteren Version nicht installieren.
+
Die Installation einer zweiten Version hier im Überblick.
# tar -xzf file-5.04.tar.gz
@@ -184,28 +245,42 @@ Die Installation einer zweiten Version hier im Überblick.
# make install
# ldconfig
-( Auf einem 64-bit System könnten die Library Verzeichnisse auch /usr/lib64 und /usr/local/lib64 sein)
+
Das folgenden Kommando sollte jetzt beide Versionen von libmagic zeigen, unterhalb "/usr/lib/" und unterhalb "/usr/local/lib/"
+(Auf einem 64-bit System könnten die Library Verzeichnisse auch /usr/lib64 und /usr/local/lib64 sein)
# ldconfig -p | grep libmagic
libmagic.so.1 (libc6) => /usr/local/lib/libmagic.so.1
libmagic.so.1 (libc6) => /usr/lib/libmagic.so.1
libmagic.so (libc6) => /usr/local/lib/libmagic.so
In diesem Fall sollte dann der Symlink "/usr/lib/libmagic.so" nicht existieren (siehe weiter unten).
+Wird die libmagic.so jetzt nicht unterhalb von /usr/local/ angezeigt, oder das Kommando
+
+ # /usr/local/bin/file -v
+bringt eine Fehlermeldung, obwohl "ldconfig" nach der Installation
+ausgeführt wurde, dann ist wahrscheinlich in der Datei /etc/ld.so.conf das Verzeichnis
+/usr/local/lib oder /usr/local/lib64 nicht eingetragen.
+In diesem Fall noch einmal als root den Befehl mit dem Library Verzeichnis absetzten.
+ # ldconfig /usr/local/lib /usr/local/lib64
+
+
-Welche der beiden libmagic Versionen das fertig ext4magic nutzt, kann wie folgt überprüft werden:
+
+Welche der beiden libmagic Versionen das fertig ext4magic nutzt, kann später wie folgt überprüft werden:
# ldd /usr/local/sbin/ext4magic | grep libmagic
libmagic.so.1 => /usr/local/lib/libmagic.so.1 (0xb7741000)
-Erzeugt configure bei ext4magic trotz installiertem "file" Paket folgende Fehlermeldung:
+Erzeugt configure bei ext4magic trotz installiertem "file-5.04" Paket folgende Fehlermeldung:
-"error: The library libmagic.so not found, install the package "file" to build ext4magic"
+"error: library libmagic.so file-version >= 5.04 not found, install the package "file-5.04" to build ext4magic"
-dann als root in das Verzeichnis /usr/lib wechseln und einen Symlink libmagic.so
+Es ist in diesem Fall wohl das devel Paket nicht installiert. Dieses ist auch nicht für jedes Linux erhältlich.
+Es fehlt nur ein Symlink, dieser ist schnell auch per Hand angelegt.
+Dazu als root in das Verzeichnis /usr/lib oder /usr/lib64 wechseln und einen Symlink libmagic.so
auf die dort vorhandene Version dieser Library erzeugen. Folgender Konsollog zeigt das Vorgehen.
(auf einem 64-bit System könnte dieses Verzeichnis auch /usr/lib64 sein)
@@ -219,27 +294,31 @@ lrwxrwxrwx 1 root root 13 Sep 23 01:40 /usr/lib/libmagic.so -> libmagic.so.1
lrwxrwxrwx 1 root root 17 Aug 28 16:09 /usr/lib/libmagic.so.1 -> libmagic.so.1.0.0
-rwxr-xr-x 1 root root 116720 Oct 24 2009 /usr/lib/libmagic.so.1.0.0
+Die Version von libmagic mit der ext4magic zusammen kompiliert werden soll, muss diesen Link besitzen.
+Eine eventuelle weitere Version von libmagic sollte diesen Link nicht besitzen damit sie nicht unbeabsichtigt
+während der Kompilierung doch benutzt wird. Dieses würde innerhalb von ext4magic zu Speicherfehlern und Abstürzen führen.
+
-Devel Pakete und Libraries
-----------------------------
-Was weiter benötigt wird, ist abhängig von der Version einer auf ihrem System verwendeten Library.
+Devel Pakete und Libraries libext2fs
+====================================
+Was weiter benötigt wird, ist abhängig von der Version einer auf ihrem System verwendeten Library libext2fs.
Auf dieser Library basieren die Befehle zum Erstellen und Verwalten der ext2/3/4 Filesysteme
Installation bei einer aktuellen Version von libext2fs
------------------------------------------------------
Soweit eine aktuelle Version (>= 1.41.9 ) von libext2fs auf dem Rechner installiert ist,
-kann folgende Vorgehensweise zum erstellen des Programmes genutzt werden.
+kann die folgende Vorgehensweise zum erstellen des Programmes genutzt werden.
Die Version kann mit folgendem Befehl ermittet werden.
# /sbin/fsck.ext3 -V
e2fsck 1.41.9 (22-Aug-2009)
Using EXT2FS Library version 1.41.9, 22-Aug-2009
-weiter werden jetzt einige Devel-Pakete benötigt, diese können in den einzelnen Distributionen
+Zum kompilieren werden dabei einige Devel-Pakete benötigt, diese können in den einzelnen Distributionen
unterschiedliche Namen tragen. Hier als Beispiel der Vergleich der Paketnamen
zwischen einigen Distributionen
@@ -272,6 +351,8 @@ Deinstallieren dann entsprechend mit "make uninstall"
+
+
Installation bei einer älteren Version von libext2fs
---------------------------------------------------------------------------------------
@@ -285,7 +366,7 @@ Mit folgender Vorgehensweise kann dieses Problem umgangen werden.
Von http://e2fsprogs.sourceforge.net/ eine Version von e2fsprogs größer oder gleich Version 1.41.9 herunterladen.
Das Archiv entpacken und in das Verzeichnis wechseln.
-Dort das Programm und kompilieren, jedoch ohne es zu installieren.
+Dort den Quellcode kompilieren, jedoch ohne ihn zu installieren.
# tar -xzf e2fsprogs-1.41.9.tar.gz
# cd e2fsprogs-1.41.9
@@ -295,7 +376,7 @@ Dort das Programm und kompilieren, jedoch ohne es zu installieren.
Die letzten beiden Befehle werden einige Zeit benötigen und eine Reihe von Ausgaben auf dem Bildschirm machen.
Erfolgreich ist der Vorgang, wenn in den letzen Zeilen nichts von "ERROR" steht.
Das aktuelle Verzeichnis in dem sie sich momentan noch befinden mit folgendem Befehl
-in einer Variable abspeichern.
+in einer Variable abspeichern. Diesen Path benötigen wir zum kompilieren von ext4magic.
# EXT2LIB="$(pwd)/lib"
@@ -310,6 +391,9 @@ ext4magic angelegt wird. Jetzt die gleiche Shell benutzen in der die EXT2LIB Var
# ./configure CFLAGS="-I$EXT2LIB" LDFLAGS="-L$EXT2LIB" LIBS="-luuid -lcom_err -lpthread"
# make
+ installieren dann als root mit
+
+ # make install
Die Verwendung der unterschiedlichen Versionen von libext2fs kann im Vergleich der
@@ -354,6 +438,3 @@ um die Manpage zu lesen:
-----------------------------------------------------------------------------
-
-
-
diff --git a/NEWS b/NEWS
index eeca32c..105f23d 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,8 @@
+ext4magic 0.2.0 The Magic features for ext3 are complete.
+ Support for most files types of a typical Linux system and lots of multimedia files.
+
+
+
ext4magic 0.2.0 pv2 The magic functions have been adjusted for libmagic (file-5.04)
Many bugs have been fixed and added support for many file types
diff --git a/README b/README
index 573804c..541580e 100644
--- a/README
+++ b/README
@@ -1,125 +1,17 @@
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-Instructions to experimenting with new features, the magic functions.
----------------------------------------------------------------------
-
-Use no file system specially created for this purpose.
-Why?
- If you create a test file system, it is likely that all inode copies are included
- in the Journal. The first stage can restore all files, and you'll never see the
- magic functions in the third stage.
-
-
-Better is the following:
- Use an existing ext3 filesystem. The last hours should no "find" or a backup tool
- used global in this file system. That too would write to many inode copies.
- umount this file system, and create a 1-to-1 copy of the file system.
- Now mount the file system copy and delete all or many files. Then umount the file system copy.
-
-
-
-Now you can test ext4magic with the deleted copy.
- You need free space for writing the recovered files.
- Assuming, the copy is "/dev/sdb1" and you have enough free
- space at "/home/test/"
-
- # ext4magic /dev/sdb1 -d /home/test/RECOVER -M
- if you have deleted all files.
-
- or
- # ext4magic /dev/sdb1 -d /home/test/RECOVER -m
- if not all files were deleted.
-
-
- It will automatically search for the time of the last deletion.
- And with a little delay should start the recover. You can now only wait. Depending on the
- number of deleted files can take a long time. Then you can compare the files with those
- in the original file system.
-
- The functions are developed from scratch and can not be stable and reliable.
- A few responses: working or not working, the last words before a crash, or what file types
- are ok and which not, can help to improve the features and to develop the tool further.
-
-
-
-
- A few words about the current development status 0.2.0-pv2
- -----------------------------------------------------------
- Extensive testing has confirmed that magic-functions are now stable with libmagic of file-5.04.
- Good support exists for: all text file types, a lot of image formats, Open Office documents, PDF,
- TAR, CPIO, BZ2, ZIP, GZIP, 7Z. Some audio and video formats and a lot more is often restored correctly.
-
- Major problems still exist with some multimedia formats and some documents.
- For example: MP3, OGG and MS Office files. The recovery of CD/DVD images and other file system containers
- is also problematic.
-
- The Magic functions do not work particularly fast, but we find some files that other tools can not recover.
- In real file systems are unfortunately often ext4magic also find many very old files.
- The idea, to prevent this by using the metadata from the journal, is definitely good, but
- in a real file system it works only limited. In test file systems it works very well, but in a real
- file system journal we find not always enough of these metadata to prevent the recover of very old files.
-
-
-
- robi@users.berlios.de
-
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-
---------------------------------------------------------------------
-
-
-
-FIXME:
-so far only draft
-
-What is, and what can ext4magic ?
-=================================
-
-ext4magic is a small utility and can help to recover deleted or
-overwritten files on ext3 or ext4 filesystems. It uses the information
-stored in the filesystem Journal to attempt to recover a file that has
-been deleted from the partition.
-
-A reliable way to restore all deleted data from a ext3 or ext4 filesystem
-does not exist.
-In all official documents the ext3/ext4 developer write the same:
-
- "it isn't possible to undelete ext3 or ext4 files."
-
-The only way for a long time was:
- "to grep for parts of deleted files and hope for the best."
-
-
-There are two other programs:
- ext3grep ( http://www.xs4all.nl/~carlo17/howto/undelete_ext3.html )
- extundelete ( http://extundelete.sourceforge.net)
-which can restore deleted files with old journal data. ext4magic uses also
-this experience. The whole functionality was again developed from scratch,
-and ext4magic goes one step further.
-
-
-It handles more file types, hardlinks and softlinks, has more possibilities
-of working with the Journal and filesystem, restore owner and group of files
-and directories, restore the modification time, can find moved and overwritten
-directories and files, can find more then one version of a file, search older
-directory versions, prints a lot of helpful information over the Journal and
-the contained data, and any more.
-
-But, there is absolutely no guarantee that any particular file will be able
-to be undeleted. The program is dependent on the data on the journal and
-the datablocks on disk. The Journal has a different purpose, it is directed
-forwarding. For a recover we can only hope, old information still available.
-And not always, we can find there for each file, was required for a recovery.
-
-
-
-
You accidentally deleted files ?
=================================
Now, you can try it with ext4magic - probably you will find many - but not all
-deleted files.
+deleted files. ext4magic will not change the data on your partition.
+It write copies of the found files. For that you need enough disk space
+on a different Linux file system.
+This tool requires a working file system. If the partition table ore the file system
+damaged, ext4magic can not help. Then you should use a different recover tool.
+In addition to the recovery functions a lot of other functions are included.
+These functions allow a deep look into the file system and can also help to find
+data and files which are not automatically recover.
@@ -157,9 +49,18 @@ undelete the file. We find in the Inode the properties and all refer to the
data blocks. In the directory we find the old file name. With a little luck,
the data blocks are not reused.
-This is the principle of the ext4magic recover.
+This is the principle of ext4magic to recover from inode copies.
+
+In the Journal there are not only inode copies. We will also find tables with
+the block and inode allocation. This data are used in the magic functions
+for controlling the file carving. The functions of the file carving matched
+exactly to the respective properties of the file system types and these functions
+included into a multi-stage recover process. This feature is new in this version
+and currently only usable for ext3.
+
+----------------------------------------------------------------------------------
How we can use ext4magic ?
@@ -217,17 +118,19 @@ exceptional cases. Never use ext4magic for a not readonly mounted partition.
ext4magic read over the filesystem buffer from journal but the kernel write
unbuffered to journal.
-The first read is often ok, but all subsequent reads can read wrong data
-blocks from journal. So long the journalfile is buffered, you read wrong data
-blocks at the moment of the first read.
-First, if you can, stop all writing processes to write to that file system
+The first read of the Journal is often ok, but all subsequent reads can read
+wrong data blocks from journal. So long the journalfile is buffered, you read
+wrong data blocks at the moment of the first read. The file system is operating
+normally, but ext4magic reads wrong blocks from the Journal.
-ext4magic supports external journal.
-You can make a copy of the filesystem Journal with the following command.
-Use this copy as external Journal. But, if mounted readwrite, here also only
-the first backup will work good, after read the journal, it is also
-buffered and the next ext4magic process read also wrong blocks.
+Workaround : ext4magic supports external journal.
+You can make a copy of the filesystem journal with the following command.
+Use this copy as external Journal for the mounted file system.
+But, if mounted readwrite, here also only the first backup will work good,
+after read the journal by debug2fs, it is also buffered and the next read by
+debug2fs results also a bad journal copy.
+
# debug2fs -R "dump <8> /path/to/journalbackup" /dev/sda1
@@ -237,49 +140,152 @@ you can use this copy of Journal
ext4magic then only read Journal data from this Journal backup.
-Warning: This procedure is at this time not fully tested,
-this reason to say, it is very risky.
+Warning: This procedure is tested, it works, but please be very careful
+with this feature.
+--------------------------------------------------------------------------------------------------
+A few words about the magic functions (current version 0.2.0)
+ ============================================================
+ These functions are designed to make undo of recursive deletes. It is a multi-level recover.
+ 1. recover files of the file system tree with the help of old inode copies.
+ 2. recover all other inode copies which were not found in first stage.
+ 3. (currently only ext3) recover the remaining data blocks, using a file carving function (we say magic function)
+
-
+ After an accidental deletion: prevent all writing into this file system and if possible also
+ prevent reading of this file system. Also reading overwrites old journal data
+ which are needed for the restore.
-
+ Umount the file system, and use ext4magic before you mount the file system again,
+ or create a copy of the file system and use this for the recover.
+ Perform no file system check on this file system before.
-
+
+ The magic functions are very user friendly because very few command options are required.
+
+ Extensive testing has confirmed that magic-scan-functions are now stable with libmagic of file-5.04.
+ Good support exists for: all text file types, a lot of image formats,
+ often-used video and audio file types, Open Office documents,
+ PDF, RAR, TAR, CPIO, BZ2, ZIP, GZIP, 7Z ...
+
+ Many other file types are also found and restored with default function, but without examining
+ the contents of the files. This works more or less.
+
+ Problems still exist with some multimedia formats and some documents. Not every file type
+ can be restored only based on head and foot patterns. Some types of multimedia streams, splited or
+ truncated files are hard to recover.
+ The recovery of CD/DVD images and other file system containers is also problematic.
+ Sparse files, and large files if these not deleted in one step, can not be restored with this function.
+ Of course, we can only find files when the "file" command recognize this file type.
+ Some files are one (or few) byte too short. These are final zero byte.
+ Most of these files can be repaired by appending zeros.
+ The following command illustrates how attach two zero byte to a file.
+ #echo -en "\0\0" >> file
+ Some files are one or more bytes to long. These are often zero byte at the end of the restored file.
+ You can see this at the end of a file. "hexdump-C file | tail -4"
+ These files can be opened usually normal, possibly with a warning. Only a few programs block the
+ processing of such files. Here is an example, how this can be fixed (xz compressed file)
+# ls -l test.xz
+-rw-r--r-- 1 rob users 1005 4. Dez 12:54 test.xz
+# xz -t test.xz
+xz: test.xz: Compressed data is corrupt
+# xz -d test.xz
+xz: test.xz: Compressed data is corrupt
+# dd if=test.xz of=test_.xz bs=1 count=1004
+1004+0 Datensätze ein
+1004+0 Datensätze aus
+1004 Bytes (1,0 kB) kopiert, 0,0164605 s, 61,0 kB/s
+# xz -t test_.xz
+# xz -d test_.xz
+
+ The magic functions do not work particularly fast, but very efficient and can find some files
+ that other tools can not recover. It also find very long files when the data are fragmented in the
+ file system. Others file carving tools find here often no complete files, or recover data trash.
+ Because of the previously running recover stages, the hit rate of this function is often very good.
+ But, at very high fragmentation the chances are low for a successful recovery for many files.
+
+ In real file systems the magic function find also unfortunately some very old files.
+ The idea, to prevent this by using the metadata from the journal, is definitely good, but,
+ in a real file system it works only limited. In test file systems it works very well, but in a real
+ file system journal we find not always enough of these metadata to prevent the recover of very old files.
+
+--------------------------------------------------------------------
+Instructions to experimenting with new features, the magic functions.
+---------------------------------------------------------------------
+Use no file system specially created for this purpose.
+Why?
+ If you create a test file system, it is likely that all inode copies are included
+ in the Journal. The first stage can restore all files, and you'll never see the
+ magic functions in the third stage.
+Better is the following:
+ Use an existing ext3 filesystem. The last hours should no run a global "find" or a backup tool
+ in this file system. That too would write to many inode copies and to be easy to recover.
+ umount this file system, and create a 1-to-1 copy of the file system.
+ Now mount the file system copy and delete all or many files. Then umount the file system copy.
+Now you can test ext4magic with the deleted copy.
+ You need free space for writing the recovered files.
+ Assuming, the copy is "/dev/sdb1" and you have enough free
+ space at "/home/test/"
+
+ # ext4magic /dev/sdb1 -d /home/test/RECOVER -M
+ if you have deleted all files.
+
+ or
+ # ext4magic /dev/sdb1 -d /home/test/RECOVER -m
+ if not all files were deleted.
+
+
+ It will automatically search for the time of the last deletion.
+ And with a little delay should start the recover. You can now only wait. Depending on the
+ number of deleted files can take a long time. Then you can compare the files with
+ the original file system.
+---------------------------------------------------------------------------------------------
+Some common problems
+Command not found
+------------------
+ext4magic is installed to /usr/local/sbin/
+This directory is only included in the PATH if you use root as a login shell.
+For a full root environment use "su -l" for the user change.
+ext4magic nothing works
+-----------------------
+two possible causes:
+- either you are not root
+- or the time options are not set correctly. Only the magical functions automatically search
+ for the right time, all other options use default values. (See manpage)
diff --git a/configure b/configure
index 261ddd6..3dd1f77 100755
--- a/configure
+++ b/configure
@@ -2494,7 +2494,7 @@ fi
# Define the identity of the package.
PACKAGE=ext4magic
- VERSION=0.2.0-pv2
+ VERSION=0.2.0
cat >>confdefs.h <<_ACEOF
@@ -11692,9 +11692,9 @@ $as_echo "$as_me: error: You must have ext2fs version >= 1.41.9 to build ext4mag
{ (exit 1); exit 1; }; }
fail=0
-{ $as_echo "$as_me:$LINENO: checking for library containing magic_buffer" >&5
-$as_echo_n "checking for library containing magic_buffer... " >&6; }
-if test "${ac_cv_search_magic_buffer+set}" = set; then
+{ $as_echo "$as_me:$LINENO: checking for library containing magic_getpath" >&5
+$as_echo_n "checking for library containing magic_getpath... " >&6; }
+if test "${ac_cv_search_magic_getpath+set}" = set; then
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
@@ -11711,11 +11711,11 @@ cat >>conftest.$ac_ext <<_ACEOF
#ifdef __cplusplus
extern "C"
#endif
-char magic_buffer ();
+char magic_getpath ();
int
main ()
{
-return magic_buffer ();
+return magic_getpath ();
;
return 0;
}
@@ -11748,7 +11748,7 @@ $as_echo "$ac_try_echo") >&5
test "$cross_compiling" = yes ||
$as_test_x conftest$ac_exeext
}; then
- ac_cv_search_magic_buffer=$ac_res
+ ac_cv_search_magic_getpath=$ac_res
else
$as_echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
@@ -11759,21 +11759,21 @@ fi
rm -rf conftest.dSYM
rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
conftest$ac_exeext
- if test "${ac_cv_search_magic_buffer+set}" = set; then
+ if test "${ac_cv_search_magic_getpath+set}" = set; then
break
fi
done
-if test "${ac_cv_search_magic_buffer+set}" = set; then
+if test "${ac_cv_search_magic_getpath+set}" = set; then
:
else
- ac_cv_search_magic_buffer=no
+ ac_cv_search_magic_getpath=no
fi
rm conftest.$ac_ext
LIBS=$ac_func_search_save_LIBS
fi
-{ $as_echo "$as_me:$LINENO: result: $ac_cv_search_magic_buffer" >&5
-$as_echo "$ac_cv_search_magic_buffer" >&6; }
-ac_res=$ac_cv_search_magic_buffer
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_search_magic_getpath" >&5
+$as_echo "$ac_cv_search_magic_getpath" >&6; }
+ac_res=$ac_cv_search_magic_getpath
if test "$ac_res" != no; then
test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
@@ -11782,8 +11782,8 @@ else
fi
test $fail = 1 &&
-{ { $as_echo "$as_me:$LINENO: error: The library libmagic.so not found, install the package \"file\" to build ext4magic" >&5
-$as_echo "$as_me: error: The library libmagic.so not found, install the package \"file\" to build ext4magic" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: library libmagic.so file-version >= 5.04 not found, install the package \"file-5.04\" to build ext4magic" >&5
+$as_echo "$as_me: error: library libmagic.so file-version >= 5.04 not found, install the package \"file-5.04\" to build ext4magic" >&2;}
{ (exit 1); exit 1; }; }
diff --git a/configure.in b/configure.in
index 388db36..1187cec 100644
--- a/configure.in
+++ b/configure.in
@@ -1,7 +1,7 @@
AC_INIT(configure.in)
AM_CONFIG_HEADER(config.h)
-AM_INIT_AUTOMAKE(ext4magic, 0.2.0-pv2)
+AM_INIT_AUTOMAKE(ext4magic, 0.2.0)
AC_LANG_C
AC_PROG_CC
@@ -22,9 +22,9 @@ test $fail = 1 &&
AC_MSG_ERROR([You must have ext2fs version >= 1.41.9 to build ext4magic])
fail=0
-AC_SEARCH_LIBS([magic_buffer], [magic], [], [fail=1])
+AC_SEARCH_LIBS([magic_getpath], [magic], [], [fail=1])
test $fail = 1 &&
-AC_MSG_ERROR([The library libmagic.so not found, install the package "file" to build ext4magic])
+AC_MSG_ERROR([library libmagic.so file-version >= 5.04 not found, install the package "file-5.04" to build ext4magic])
diff --git a/src/Makefile.in b/src/Makefile.in
index 8aef4e4..3b4622c 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -245,9 +245,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --foreign src/Makefile
+ $(AUTOMAKE) --gnu src/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
diff --git a/src/ext4magic.8 b/src/ext4magic.8
index 076f1a0..7e2a5b3 100644
--- a/src/ext4magic.8
+++ b/src/ext4magic.8
@@ -1,11 +1,8 @@
-.TH ext4magic 8 "Sep 2010" "version 0.2.0" "Administrations Tool"
+.TH ext4magic 8 "Dec 2010" "version 0.2.0" "Administrations Tool"
.SH NAME
ext4magic \- allows to recover deleted files on ext3/4 filesystems
.SH SYNOPSIS
-.B ext4magic \-M
-[\-j <journal_file>] [\-d <target_dir>] <filesystem>
-
-.B ext4magic \-m
+.B ext4magic {\-M|\-m}
[\-j <journal_file>] [\-d <target_dir>] <filesystem>
.B ext4magic
@@ -29,16 +26,18 @@ be possible to recover any file at any time. Many factors affects which data and
long the data store in the Journal. Read the ext4magic documentation for more
extensive information about the filesytem Journal.
-.B
-Direct use of the Journal of a currently read-write open filesystem produce reading of bad blocks. Such bad blocks provide program errors and false results. You shall therefore never use the Journal of such a read-write open file system directly.
-
.SH OPTIONS
.B
-Magic Options: (new and experimental)
-These options are for a mulit-stage recover especially for file restore after delete the file system. These functions are currently only available for ext3.
-Umount the file system directly after an accidentally destroy and use these options with a copy of this file system. These functions are not adequately tested in this version and can include a lot of bugs.
+Magic Options: (new in version 0.2.0)
+These options are for a mulit-stage recover especially for file restore after a recursiv deletion of parts or the whole file system.
+(third step currently only available for ext3.)
+
+Umount the file system directly after an accidentally destroy and use these options with the umount file system or with a copy of this file system.
+The program automatically determines the correct time options.
+In the first and second step files restored by copies of inodes.
+The third step is trying to restore the remaining files without inode copies. This may take a long time
.TP
.B
@@ -393,7 +392,7 @@ The Time options affect the search. If a file name already exists, or you recove
"#"
will created. The maximum ist the extension "
.B
-######
+#####
" for a filename.
single files also can recovered, possible search with time-stamps or transaction number.
@@ -449,7 +448,7 @@ With option "
" works ext4magic more accurately, and can avoid such false and duplicate files. This requires old data blocks of the directories in the Journal. You will not find of all directories those old blocks in the Journal. Only directories in which files have been previously created or deleted, but not of directories in which no change has been a long time. You should set the time stamp "
.B
before
-" immediately before destruction time of the files. Are not sufficient directory data available, may be, ext4magic can't found deleted files or entire directory content.
+" immediately before destruction time of the files. Are not sufficient directory data available, may be, ext4magic can't found deleted files or entire directory content. This option should be used carefully.
.PP
.B
@@ -514,7 +513,7 @@ try to restore all files deleted last 24 hours. Write in directory "./RECOVERDIR
.B
# ext4magic /dev/sda3 -M -d /home/recover
-try the new experimental multi-stage recover of all files after the filesystem is deleted with a "rm -rf *" . Write the files to "/home/recover".
+try multi-stage recover of all files after the filesystem is deleted with a "rm -rf *" . Write the files to "/home/recover". (on ext4 : in this version skipped the last step.)
.B
@@ -531,12 +530,16 @@ try to restore the directory tree "user1/Dokuments/". The "-b" timestamp you mus
try to restore only all deleted files from directory tree "user1/", and have "jpg" in filename. (last 24 hour) and write to "/mnt/testrecover" - use a temporary file "./tmpfile" for a list of filenames.
+.SH BUGS
+Direct use of the Journal of a currently read-write open filesystem produce reading of bad blocks. Such bad blocks provide program errors and false results. You shall therefore never use the Journal of such a read-write open file system directly.
+Should it be necessary to use a mounted file system, create a copy of the file system journal and used the option
+.B
+-j
+
+
.SH AUTHOR
Roberto Maar
.SH SEE ALSO
debugfs(8)
-
-
-
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-27 07:37:52 +0000