{"id":79,"date":"2009-11-29T21:37:09","date_gmt":"2009-11-30T03:37:09","guid":{"rendered":"http:\/\/edplese.com\/blog\/?p=79"},"modified":"2009-11-29T22:32:58","modified_gmt":"2009-11-30T04:32:58","slug":"ntfsprogs-for-virtual-disk-partitions","status":"publish","type":"post","link":"https:\/\/www.edplese.com\/blog\/2009\/11\/29\/ntfsprogs-for-virtual-disk-partitions\/","title":{"rendered":"ntfsprogs for Virtual Disk Partitions"},"content":{"rendered":"<p>The <a href=\"http:\/\/www.linux-ntfs.org\/doku.php?id=ntfsprogs\">ntfsprogs<\/a> package provides a nice set of tools for performing operations on NTFS file systems from non-Windows environments.\u00a0 There are many uses for these, and I&#8217;ve found them helpful in virtualized environments when dealing with virtual disk images.\u00a0 In particular, they allow for the easy restoration of individual files from NTFS virtual disks from the host OS.\u00a0 These tools however, are only capable of operating on entire devices, and in many cases the individual partitions of virtual disk images are not exposed as block devices by the operating system, preventing these tools from working.<\/p>\n<p>As a workaround for this, I&#8217;ve created a patch against ntfsprogs 2.0.0 that adds an <code>--offset<\/code> option to most of the tools, allowing a partition offset, in bytes from the start of the device, to be specified.<\/p>\n<p>These patches were tested on OpenSolaris, but should work with other systems as well.\u00a0 They include a <a href=\"http:\/\/sourceforge.net\/mailarchive\/message.php?msg_name=589996.94310.qm%40web84105.mail.mud.yahoo.com\">Solaris patch<\/a> to fix compilation issues on Solaris.\u00a0 They are available in the following forms:<\/p>\n<ul>\n<li><a href=\"\/files\/ntfsprogs-2.0.0-offset.patch.gz\">ntfsprogs-2.0.0-offset.patch.gz<\/a> &#8211; A patch against the ntfsprogs-2.0.0 source.<\/li>\n<li><a href=\"\/files\/ntfsprogs-2.0.0-offset.tar.gz\">ntfsprogs-2.0.0-offset.tar.gz<\/a> &#8211; The full ntfsprogs-2.0.0 source with the patch applied.<\/li>\n<li><a href=\"\/files\/lspart.py\">lspart.py<\/a> &#8211; A script that parses the MBR of the device and displays the partitions and their offsets.<\/li>\n<\/ul>\n<p>Compiling the tools can be done with:<\/p>\n<pre>$ wget http:\/\/www.edplese.com\/files\/ntfsprogs-2.0.0-offset.tar.gz\r\n$ gzcat ntfsprogs-2.0.0-offset.tar.gz | tar -xf -\r\n$ cd ntfsprogs-2.0.0-offset\r\n$ .\/configure &amp;&amp; make<\/pre>\n<p>Once compiled, the tools can be installed with <code>make install<\/code>, or run in place from the <code>ntfsprogs-2.0.0-offset\/ntfsprogs<\/code> directory without having to install them.<\/p>\n<p>The following example demonstrates the tools operating on a snapshot of an NTFS volume stored on a ZFS zvol block device.<\/p>\n<pre># <strong>lspart.py \/dev\/zvol\/dsk\/rpool\/xvm\/win2k8@installed<\/strong>\r\n  Start Offset\u00a0\u00a0\u00a0 Size\u00a0 Type\r\n       1048576\u00a0 100.0M\u00a0 07 Windows NTFS\r\n     105906176\u00a0\u00a0 15.9G\u00a0 07 Windows NTFS\r\n             0\u00a0\u00a0\u00a0 0.0B\u00a0 00 Empty\r\n             0\u00a0\u00a0\u00a0 0.0B\u00a0 00 Empty\r\n# <strong>ntfsls \/dev\/zvol\/dsk\/rpool\/xvm\/win2k8@installed<\/strong>\r\nFailed to startup volume: Invalid argument.\r\nFailed to mount '\/dev\/zvol\/dsk\/rpool\/xvm\/win2k8': Invalid argument.\r\nThe device '\/dev\/zvol\/dsk\/rpool\/xvm\/win2k8' doesn't have a valid NTFS.\r\nMaybe you selected the wrong device? Or the whole disk instead of a\r\npartition (e.g. \/dev\/hda, not \/dev\/hda1)? Or the other way around?\r\n# <strong>ntfsls --offset 1048576 \/dev\/zvol\/dsk\/rpool\/xvm\/win2k8@installed<\/strong>\r\nBoot\r\nbootmgr\r\nBOOTSECT.BAK\r\nSystem Volume Information\r\n# <strong>ntfsls --offset 105906176 \/dev\/zvol\/dsk\/rpool\/xvm\/win2k8@installed<\/strong>\r\n$Recycle.Bin\r\nDocuments and Settings\r\npagefile.sys\r\nPerfLogs\r\nProgram Files\r\nProgram Files (x86)\r\nProgramData\r\nRecovery\r\nSystem Volume Information\r\nUsers\r\nWindows\r\n# <strong>ntfscat --offset 105906176 \/dev\/zvol\/dsk\/rpool\/xvm\/win2k8@installed \\\r\n          Windows\/System32\/notepad.exe &gt; notepad.exe<\/strong><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>The ntfsprogs package provides a nice set of tools for performing operations on NTFS file systems from non-Windows environments.\u00a0 There are many uses for these, and I&#8217;ve found them helpful in virtualized environments when dealing with virtual disk images.\u00a0 In particular, they allow for the easy restoration of individual files from NTFS virtual disks from [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[4,6,5],"_links":{"self":[{"href":"https:\/\/www.edplese.com\/blog\/wp-json\/wp\/v2\/posts\/79"}],"collection":[{"href":"https:\/\/www.edplese.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.edplese.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.edplese.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.edplese.com\/blog\/wp-json\/wp\/v2\/comments?post=79"}],"version-history":[{"count":17,"href":"https:\/\/www.edplese.com\/blog\/wp-json\/wp\/v2\/posts\/79\/revisions"}],"predecessor-version":[{"id":95,"href":"https:\/\/www.edplese.com\/blog\/wp-json\/wp\/v2\/posts\/79\/revisions\/95"}],"wp:attachment":[{"href":"https:\/\/www.edplese.com\/blog\/wp-json\/wp\/v2\/media?parent=79"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.edplese.com\/blog\/wp-json\/wp\/v2\/categories?post=79"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.edplese.com\/blog\/wp-json\/wp\/v2\/tags?post=79"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}