在Linux机器上解析Windows原始数据 [英] Parse Windows raw data on Linux machine
问题描述
我正在使用C / C ++开发备份应用程序。我已经备份了Windows卷快照(客户端是Windows)中的所有数据,并将其发送到我们的服务器,这是一台Linux机器。我备份和发送的数据是所有扇区和原始数据。现在在服务器端(linux机器)我想解析这些数据,意味着我想要实际的数据,文件名,大小等。那么我怎样才能从扇区实现这一目标呢?实际上我想在服务器端(linux)开发一个NTFS解析器。我已经参考了 ntfs-3g 但它确实他没有帮助我,他们也在使用内核驱动程序。在我的情况下,我实际上将原始数据和扇区存储在.db文件中。
任何形式的帮助将不胜感激。在此先感谢。
I am working on a backup application using C/C++. I have backed up all the data from a Windows volume snapshot(client is Windows) and has send it to our server which is a linux machine. The data that I have backed up and send is all the sectors and raw data. Now at the server side(linux machine) I want to parse this data, means I want the actual data, filename, size, etc. So how can I achieve this from the sectors? Actually I want to develop a NTFS parser at the server side(linux).I have refer ntfs-3g but it did not helped me much, they are also using kernel driver. And in my case I actually have the raw data and sectors stored in a .db file.
Any kind of help will be appreciated. Thanks in advance.
推荐答案
您所描述的不是窗口原始数据,这是磁盘原始数据。它与Windows或Linux无关,并且两者具有相同的结构。没有什么可以解析。
让我告诉你,你没有保存任何文件。您正在保存原始数据,如果您具有相同结构的磁盘,则可以使用这些数据:完全相同的柱面数,扇区数等。此外,此数据仅在您要还原整个磁盘或至少整个物理磁盘时才有意义具有相同结构的磁盘分区,但是这样的磁盘应该首先得到相同的分区集。那么,你还备份分区信息吗?你还备份了磁盘的规格吗?
对于你的低级备份/恢复,你应该开发(并彻底测试)恢复程序我们倒置备份:您应该能够获取具有相同规格的磁盘,并填写与原始保存磁盘相同的扇区。不应该涉及解析或任何类似的事情。
让我告诉你:这种备份和恢复确实有一定意义,因为恢复系统磁盘已损坏可以非常快速地完成,使系统恢复生产而不会有相当大的延迟(我希望这是你的目标,不是吗?),但它只在具有相同物理结构的磁盘可用时才有用。想象一下,如果他们缺货会发生什么?至少你应该留意它并重新安装整个系统以转移到更新的磁盘类型。因此,您的备份/恢复类型远远不够。您是否还备份了所有相关文件和元数据,这些文件和元数据允许您在具有不同(和未知)硬件配置的其他类型的计算机上重新安装整个系统?如果你没有与低级备份/恢复同时进行,你的系统仍然存在风险。
-SA
What you describe is not "Window raw data", this is disk raw data. It has nothing to do with Windows or Linux and has the same structure for both. There is nothing to "parse".
And let me tell you that you are not saving any files. You are saving raw data which you can utilize if you have the disk with identical structure: exact same number of cylinders, sectors, etc. Also, this data only makes sense if you want to restore the whole disk, or at least the whole physical partition of the disk with identical structure, but this such disk should first get identical partition set. So, do you also backup partition information? Do you also backup the specs of the disk?
As to your "low-level" backup/restore, you should develop (and test thoroughly) the restore procedure which us inverted backup: you should be able to take the disk with the same specs and fill in the same exact sectors as in the original saved disk. No parsing or anything like that should be involved.
Let me tell you: such kind of backup and restore does makes some sense, as restoration of the system with damaged disk can be done very quickly, to put the system back to production without a considerable delay (I hope this is your goal, isn't it?), but it is only useful when the disks of the same physical structure are available. Imagine what happens if they go out of stock? At least you should keep an eye on it and reinstall the whole system to move to the newer sort of a disk. So, your kind of backup/restore would be by far not enough. Do you also backup all relevant files and metadata which would allow you to re-install the whole system on a different kind of computer with different (and unknown) hardware configuration? If you don't do it in parallel with your low-level backup/restore, your system is still at risk.
—SA
我不确定你是不是想这样做。
NTFS结构远比FAT复杂,也是由于版本到版本。为什么不做通常的文件复制?
如果副本是为了恢复目的,那么你应该购买为此目的完成的现有软件。
此外,如果您执行在该级别工作的备份实用程序,则在进行恢复时可能很难过滤内容。你是否总是想要完全恢复磁盘?
此外,在许多情况下,完整备份并没有那么多意义。如果您的系统出现故障,通常最好花一天或两天时间重新安装每个软件,因为它会清理系统。此外,当磁盘发生故障时,可能会有新的操作系统可用,因此您可能仍需要升级。
如果您正在使用软件实用程序或驱动程序Linux然后你需要更多地了解你会在网站上找到的东西,比如CodeProject,因为很少人会做这种低级别的东西而不是发布它。
I am not sure that you want to do that.
NTFS structure is far more complicated than FAT and also changes from version to version. Why not do an usual file copy?
If the copy is for restauration purpose, then you should buy an existing software done for that purpose.
Also if you do a backup utility that works at that level, it might be hard to filter stuff when doing a restauration. Do you always want to restore the disk exactly as it was?
Also, in many case a full backup does not make that much sense. If your system fails, it is usually best to take a day or 2 to reinstall every software as it will cleanup the system. Also, by the time that the disk fails, a new OS might be available so you might want to upgrade anyway.
And if you are doing software utilities or drivers for Linux then you need to know much more that what you would find on site such as CodeProject as seldom people do such low-level stuff and much less publish it.
这篇关于在Linux机器上解析Windows原始数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
