Content-type: text/html Man page of fsdb

fsdb

Section: Maintenance Commands (8)
Index Return to Main Contents
 

NAME

fsdb - File system debugger  

SYNOPSIS

/usr/sbin/fsdb [options] special  

DESCRIPTION

Since fsdb reads the disk raw, it is able to circumvent normal file system security. Extreme caution is advised in determining its availability on the system. Suggested permissions are 500, owned by bin.

You must be root to use this command.

The fsdb command can be used to repair a damaged file system after a crash. It has conversions to translate block and i-numbers into their corresponding disk addresses. Also included are mnemonic offsets to access different parts of an inode. These greatly simplify the process of correcting control block entries or descending the file system tree.

The fsdb command contains several error-checking routines to verify inode and block addresses. These can be disabled if necessary by invoking fsdb with the -o option.

The fsdb command reads a block at a time and works with raw as well as block I/O. A buffer management routine is used to retain commonly used blocks of data in order to reduce the number of read system calls. All assignment operations result in an immediate write-through of the corresponding block. Note that in order to modify any portion of the disk, fsdb must be invoked with the -w option.

Wherever possible, adb-like syntax was adopted to promote the use of fsdb through familiarity.

Numbers are considered hexadecimal by default. However, you have control over how data is to be displayed or accepted. The base command displays or sets the input/output base. Once set, all input will default to this base and all output will be shown in this base. The base can be overridden temporarily for input by preceding hexadecimal numbers with '0x', preceding decimal numbers with '0t', or octal numbers with '0'. Hexadecimal numbers beginning with a-f or A-F must be preceded with '0x' to distinguish them from commands.

Disk addressing by fsdb is at the byte level. However, fsdb offers many commands to convert a desired inode, directory entry, block, superblock etc. to a byte address. Once the address has been calculated, fsdb will record the result in dot.

Several global values are maintained by fsdb: The current base (referred to as base); the current address (referred to as dot); the current inode (referred to as inode); the current count (referred to as count); and the current type (referred to as type). Most commands use the preset value of dot in their execution. For example: > 2:inode will first set the value of dot to 2, ':' will alert the start of a command, and the inode command will set inode to 2. A count is specified after a ','. Once set, count will remain at this value until a new command is encountered which will then reset the value back to 1 (the default). So, if > 2000,400/X is typed, 400 hex longs are listed from 2000, and when completed, the value of dot will be 2000 + 400 * sizeof (long). If you press the key, the output routine uses the current values of dot, count, and type and displays 400 more hex longs. An asterisk (*) causes the entire block to be displayed.

End of fragment, block and file are maintained by fsdb. When displaying data as fragments or blocks, an error message is displayed when the end of fragment or block is reached. When displaying data using the db, ib, directory, or file commands, an error message is displayed if the end of file is reached. This is mainly needed to avoid passing the end of a directory or file and getting unknown and unwanted results.

An example showing several commands and the use of follows: > 2:ino; 0:dir?d or > 2:ino; 0:db:block?d The two examples are synonymous for getting to the first directory entry of the root of the file system. Once there, subsequent use of the key (or +, -) advances to subsequent entries. The following display is again synonymous: > 2:inode; :ls or > :ls /  

FLAGS

Display usage Override some error conditions Set prompt to string Open for write  

EXAMPLES

will display 2010 in decimal (use of fsdb as a calculator for complex arithmetic). display i-number 386 in an inode format. This now becomes the current inode. changes the link count for the current inode to 4. increments the link count by 1. display the creation time as a hexadecimal long. display the modification time in time format. displays, in ASCII, block zero of the file associated with the current inode. displays the first blocks worth of directory entries for the root inode of this file system. It will stop prematurely if the eof is reached. changes the current inode to that associated with the 5th directory entry (numbered from zero) of the current inode. The first logical block of the file is then displayed in ASCII. displays the superblock of this file system. displays cylinder group information and summary for cylinder group 1. changes the i-number for the seventh directory slot in the root directory to 3. changes the name field in the directory slot to name. displays the third block of the current inode as directory entries. get fragment 3c3 and fill 20 type elements with 0x20. set the contents of address 2050 to 0xffffffff. 0xffffffff may be truncated depending on the current type. will place the ASCII for the string at 1c92434.  

Expressions

The symbols recognized by fsdb are: update the value of dot by the current value of type and display using the current value of count. numeric expressions may be composed of +, -, *, and % operators (evaluated left to right) and may use parentheses. Once evaluated, the value of dot is updated. count indicator. The global value of count will be updated to count. The value of count remains until a new command is run. A count specifier of '*' will attempt to show the information of a block. The default for count is 1. display in structured style with format specifier f display in unstructured style with format specifier f the value of dot. increment the value of dot by the expression e. The amount actually incremented is dependent on the size of type: dot = dot + e * sizeof (type) The default for e is 1. decrement the value of dot by the expression e (see +). multiply the value of dot by the expression e. Multiplication and division do not use type. In the above calculation of dot, consider the size of (type) to be 1. divide the value of" dot by the expression e (see *). restore an address saved in register name. name must be a single letter or digit. save an address in register name. name must be a single letter or digit. display indicator. If f is a legitimate format specifier, then the value of dot is displayed using format specifier f. Otherwise, assignment is assumed. assignment indicator. The address pointed to by dot has its contents changed to the value of the expression e or to the ASCII representation of the quoted ("") string s. This may be useful for changing directory names or ASCII file information. incremental assignment. The address pointed to by dot has its contents incremented by expression e. decremental assignment. The address pointed to by dot has its contents decremented by expression e.  

Commands

A command must be prefixed by a ':' character. Only enough letters of the command to uniquely distinguish it are needed. Multiple commands may be entered on one line by separating them by a space, tab or ';'.

In order to view a potentially unmounted disk in a reasonable manner, fsdb offers the cd, pwd, ls, and find commands. The functionality of these commands substantially matches those of its UNIX counterparts. The '*', '?', and '[-]' wild card characters are available. display or set base. As stated above, all input and output is governed by the current base. If the '=b' is left off, the current base is displayed. Otherwise, the current base is set to b. Note that this is interpreted using the old value of base, so to ensure correctness use the '0', '0t', or '0x' prefix when changing the base. The default for base is hexadecimal. convert the value of dot to a block address. change the current directory to directory dir. The current values of inode and dot are also updated. If no dir is specified, then change directories to inode 2 ("/"). convert the value of dot to a cylinder group. If the current inode is a directory, then the value of dot is converted to a directory slot offset in that directory and dot now points to this entry. the value of dot is taken as a relative block count from the beginning of the file. The value of dot is updated to the first byte of this block. find files by name or i-number. find recursively searches directory dir and below for filenames whose i-number matches i or whose name matches pattern n. Note that only one of the two options (-name or -inum) may be used at one time. Also, the -print is not needed or accepted. fill an area of disk with pattern p. The area of disk is delimited by dot and count. convert the value of dot to a fragment address. The only difference between the fragment command and the block command is the amount that is able to be displayed. convert the value of dot to an inode address. If successful, the current value of inode will be updated as well as the value of dot. As a convenient shorthand, if ':inode' appears at the beginning of the line, the value of dot is set to the current inode and that inode is displayed in inode format. list directories or files. If no file is specified, the current directory is assumed. Either or both of the options may be used (but, if used, must be specified before the filename specifiers). Also, as stated above, wild card characters are available and multiple arguments may be given. The long listing shows only the i-number and the name; use the inode command with '?i' to get more information. toggle the value of override. Some error conditions may be overridden if override is toggled on. change the fsdb prompt to p. p must be surrounded by (")s. display the current working directory. quit fsdb. the value of dot is taken as a cylinder group number and then converted to the address of the superblock in that cylinder group. As a shorthand, ':sb' at the beginning of a line will set the value of dot to the superblock and display it in superblock format. escape to shell  

Inode Commands

In addition to the above commands, there are several commands that deal with inode fields and operate directly on the current inode (they still require the ':'). They may be used to more easily display or change the particular fields.

The value of dot is only used by the ':db' and ':ib' commands. Upon completion of the command, the value of dot is changed to point to that particular field. For example, > :ln=+1 would increment the link count of the current inode and set the value of dot to the address of the link count field. access time. block size. creation time. use the current value of dot as a direct block index, where direct blocks number from 0 - 11. In order to display the block itself, you need to 'pipe' this result into the block or fragment command. For example, > 1:db:block,20/X would get the contents of data block field 1 from the inode and convert it to a block address. 20 longs are then displayed in hexadecimal (see Formatted Output section). group id. use the current value of dot as an indirect block index where indirect blocks number from 0 - 2. This will only get the indirect block itself (the block containing the pointers to the actual blocks). Use the file command and start at block 12 to get to the actual blocks. link count. modification time. mode. major device number. minor device number. although listed here, this command actually operates on the directory name field. Once poised at the desired directory entry (using the directory command), this command will allow you to change or display the directory name. For example, > 7:dir:nm="foo" will get the 7th directory entry of the current inode and change its name to foo. Note that names cannot be made larger than the field is set up for. If an attempt is made, the string is truncated to fit and a warning message to this effect is displayed. file size. user id.  

Formatted Output

There are two styles and many format types. The two styles are structured and unstructured. Structured output is used to display inodes, directories, superblocks and the like. Unstructured just displays raw data. The following table shows the different ways of displaying: display as cylinder groups display as inodes display as directories display as superblocks display as bytes display as characters display as octal shorts or longs display as decimal shorts or longs display as hexadecimal shorts or longs

The format specifier immediately follows the '/' or '?' character. The values displayed by '/b' and all '?' formats are displayed in the current base. Also, type is appropriately updated upon completion.  

FILES

Specifies the command path  

RELATED INFORMATION

Commands: fsck(8) delim off


 

Index

NAME
SYNOPSIS
DESCRIPTION
FLAGS
EXAMPLES
Expressions
Commands
Inode Commands
Formatted Output
FILES
RELATED INFORMATION

This document was created by man2html, using the manual pages.
Time: 02:40:34 GMT, October 02, 2010