API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 19th, 2018
90
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.82 KB | None | 0 0
raw download clone embed print report
  1. local int exPartitionNumber = 1; //must be 0, 1, 2, or 3 (or up to 127 on gpt)
  2. local char exDir1[9] = "FRED";
  3. local char exDir1_LENGTH = Strlen(exDir1);
  4. local char exDir2[9] = "";
  5. local char exDir2_LENGTH = Strlen(exDir2);
  6. local char exDir3[9] = "";
  7. local char exDir3_LENGTH = Strlen(exDir3);
  8. local uint32 exClusterList = 0x7205; // 0 is off, non-zero builds list
  9.  
  10. typedef struct {
  11. char stuff[446];
  12. struct PARTs {
  13. uchar boot_flag;
  14. uchar CHS_Begin[3];
  15. uchar type_code <format = hex>;
  16. uchar CHS_End[3];
  17. uint32 LBA_Begin <format = hex>;
  18. uint32 Number_of_Sectors;
  19. } part[4];
  20. ushort expectAA55 <format = hex>;
  21. } MBR;
  22.  
  23. typedef struct {
  24. char signature[8]; //must be EFI PART
  25. char revision[4];
  26. uint32 headersize;
  27. uint32 crc32;
  28. uint32 reserved;
  29. uint64 currentLBA <format = hex>;
  30. uint64 backupLBA <format = hex>;
  31. uint64 firstUsableLBA <format = hex>;
  32. uint64 lastUsableLBA <format = hex>;
  33. uchar disk_GUID[16] <format = hex>;
  34. uint64 startingLBAofPartitionEntries <format = hex>;
  35. uint32 numberOfPartitionEntries;
  36. uint32 sizeOfPartitionEntry;
  37. uint32 crc32x;
  38.  
  39. } GPT_HEADER <size = 512>;
  40.  
  41. typedef struct {
  42. byte partition_type_guid[16];
  43. byte unique_guid[16];
  44. uint64 first_lba;
  45. uint64 last_lba;
  46. uint64 flags;
  47. wchar_t name[36];
  48. } GPT_Partition_Entry;
  49.  
  50. local int i;
  51. local uint64 FAT32_start=0;
  52. local uint32 Partition_LBA_Begin=0;
  53. local byte MS_GPT_Basic_data_partition[16] = {
  54. 0xa2, 0xa0, 0xd0, 0xeb, 0xe5, 0xb9, 0x33, 0x44,
  55. 0x87, 0xc0, 0x68, 0xb6, 0xb7, 0x26, 0x99, 0xc7 };
  56.  
  57. LittleEndian();
  58.  
  59. void ExploreGPT( )
  60. {
  61. FSeek(0x200);
  62. GPT_HEADER gpt;
  63. GPT_Partition_Entry partitions[128];
  64. if (Memcmp(gpt.signature, "EFI PART", 8)) {
  65. Printf("ERROR: EFI PART signature not found\n");
  66. Exit(3);
  67. }
  68. for (i=0; i<gpt.numberOfPartitionEntries; i++) {
  69. if (!Memcmp(partitions[i].partition_type_guid,
  70. MS_GPT_Basic_data_partition, 16)) {
  71. Printf("Partition %d is MS Basic data\n", i);
  72. if (i == exPartitionNumber) {
  73. Partition_LBA_Begin = partitions[i].first_lba;
  74. FAT32_start = Partition_LBA_Begin * 512;
  75. }
  76. }
  77. }
  78. }
  79.  
  80. struct {
  81. MBR mbr;
  82. if (mbr.expectAA55 != 0xAA55) {
  83. Printf("error MBR record does not end with AA55!\n");
  84. Exit(1);
  85. } else {
  86. Printf("MBR seems okay, scanning partitions\n");
  87. }
  88.  
  89. if (mbr.part[0].type_code == 0xEE) { //use routine above to find GPT stuff
  90. Printf("Protective MBR found, searching for GPT partitions instead\n");
  91. ExploreGPT();
  92. //all done, try to load VOLUME ID next
  93.  
  94. } else { //MBR is home base, use contents for partition info
  95.  
  96. for (i=0; i<4; i++) {
  97. if (mbr.part[i].type_code == 0x0b) {
  98. Printf("Partition %d is FAT32 and LBA Begins at 0x%08x offset in file\n",
  99. i, mbr.part[i].LBA_Begin * 512);
  100. if (i == exPartitionNumber) {
  101. Partition_LBA_Begin = mbr.part[i].LBA_Begin;
  102. FAT32_start = Partition_LBA_Begin * 512;
  103. }
  104. } else {
  105. Printf("Partition %d is type 0x%02x, LBA Begins: 0x%08x offset in file\n",
  106. i, mbr.part[i].type_code, mbr.part[i].LBA_Begin * 512);
  107. }
  108. }
  109. }
  110. if (Partition_LBA_Begin == 0) {
  111. Printf("WARNING: no partition selected for FAT32 exploration\n");
  112. Printf(" Do you need to set exPartitionNumber?\n");
  113. Exit(2);
  114. }
  115. } vhd_file;
  116.  
  117. typedef struct {
  118. char pad[11];
  119. ushort BPB_BytsPerSec; /* offset 11,12 */
  120. uchar BPB_SecPerClus; /* offset 13 */
  121. ushort BPB_RsvdSecCnt; /* offset 14,15 */
  122. uchar BPB_NumFATs; /* offset 16 */
  123. ushort FAT16_RootEntries; //supposed to be 0 for FAT32
  124. ushort FAT16_SmallSectors; //supposed to be 0 for FAT32
  125. uchar pad2[11]; /* offset 17-31 */
  126. uchar pad3[4];
  127. uint32 BPB_FATSz32; /* offset 36 0x24 */
  128. uchar pad4[4];
  129. uint32 BPB_RootClus; /* offset 0x2c */
  130. uchar pad5[0x1ce];
  131. ushort expectAA55 <format = hex>;
  132. } FAT32VOLUMEID;
  133.  
  134.  
  135. local uint32 fat_begin_lba;
  136. local uint32 fat2_begin_lba;
  137. local uint32 cluster_begin_lba;
  138. local uint32 sectors_per_cluster;
  139. local uint32 clusters_per_fat;
  140. local uint32 root_dir_first_cluster;
  141. local uint64 ROOT_start;
  142.  
  143. FSeek(FAT32_start);
  144. struct {
  145. FAT32VOLUMEID fvol;
  146.  
  147. if (fvol.expectAA55 != 0xAA55) {
  148. Printf("error FAT32 VolumeID record does not end with AA55!\n");
  149. Exit(1);
  150. } else if ((fvol.FAT16_RootEntries !=0) || (fvol.FAT16_SmallSectors != 0)) {
  151. Printf("Error: FAT16 information found in VolumeID structure.\n");
  152. Printf(" This is NOT a valid FAT32 Volume.\n");
  153. Exit(1);
  154. } else {
  155. Printf("FAT32 VolumeID seems okay\n");
  156. }
  157. Printf("%d bytes per sector (MUST BE 512!!)\n", fvol.BPB_BytsPerSec);
  158. Printf("%d sectors per cluster\n", fvol.BPB_SecPerClus);
  159. Printf("0x%04x (%d) reserved sectors\n", fvol.BPB_RsvdSecCnt, fvol.BPB_RsvdSecCnt);
  160. Printf("%d FATs (There better be 2!!)\n", fvol.BPB_NumFATs);
  161. Printf("0x%08x (%d) sectors per FAT\n", fvol.BPB_FATSz32, fvol.BPB_FATSz32);
  162. Printf("Root Directory Cluster (supposed to be 2) == %d\n", fvol.BPB_RootClus);
  163.  
  164. fat_begin_lba = Partition_LBA_Begin + fvol.BPB_RsvdSecCnt;
  165. fat2_begin_lba = fat_begin_lba + fvol.BPB_FATSz32;
  166. cluster_begin_lba = Partition_LBA_Begin + fvol.BPB_RsvdSecCnt + (fvol.BPB_NumFATs * fvol.BPB_FATSz32);
  167. sectors_per_cluster = fvol.BPB_SecPerClus;
  168. clusters_per_fat = fvol.BPB_FATSz32 * (512/4);
  169. Printf("There are %d. cluster indices in each FAT\n", clusters_per_fat);
  170. root_dir_first_cluster = fvol.BPB_RootClus;
  171.  
  172. Printf("FAT 1 LBA = 0x%08x, FAT 1 raw file offset = 0x%08x\n", fat_begin_lba, fat_begin_lba * 512);
  173. Printf("FAT 2 LBA = 0x%08x, FAT 2 raw file offset = 0x%08x\n", fat2_begin_lba, fat2_begin_lba*512);
  174. Printf("First Cluster LBA = 0x%08x, First Cluster raw file offset = %08x\n", cluster_begin_lba, cluster_begin_lba*512);
  175. ROOT_start = cluster_begin_lba * 512;
  176. } fatvolume;
  177.  
  178. FSeek(fat_begin_lba * 512);
  179. uint32 FAT1[clusters_per_fat];
  180. FSeek(fat2_begin_lba * 512);
  181. uint32 FAT2[clusters_per_fat];
  182.  
  183.  
  184. typedef struct {
  185. char filename[8];
  186. char extension[3];
  187. uchar attrib <format = hex>;
  188. uchar ulcase;
  189. uchar creationTimeMS;
  190. DOSTIME creationTime;
  191. DOSDATE creationDate;
  192. DOSDATE lastAccessDate;
  193. uint16 first_cluster_hi <format = hex>;
  194. DOSTIME timeStamp;
  195. DOSDATE dateStamp;
  196. uint16 first_cluster_lo <format= hex>;
  197. uint32 filesize;
  198. } DIRENTRY;
  199.  
  200. void PrintDirEntry( DIRENTRY &ent)
  201. {
  202. local uchar slotkey;
  203. slotkey = ent.filename[0];
  204. if ((slotkey == 0) || (ent.attrib == 0x0f)) { // slot is empty OR long filename
  205. return;
  206. } else if (slotkey == 0xe5) {
  207. Printf(" DELETED ");
  208. }
  209. Printf(" %8s.%3s attrib:0x%02x ", ent.filename, ent.extension, ent.attrib);
  210. if (ent.attrib & 0x01) Printf("Read_Only ");
  211. if (ent.attrib & 0x02) Printf("Hidden ");
  212. if (ent.attrib & 0x04) Printf("System ");
  213. if (ent.attrib & 0x08) Printf("VolumeID ");
  214. if (ent.attrib & 0x10) Printf("Directory ");
  215. if (ent.attrib & 0x20) Printf("Archive ");
  216. Printf("\n");
  217. }
  218.  
  219. uint32 ConvertClusterHiLo2LBA( uint16 clusterHi, uint16 clusterLo)
  220. {
  221. local uint32 lba, cluster;
  222.  
  223. cluster = clusterHi << 16 | clusterLo;
  224. lba = cluster_begin_lba;
  225. lba = lba + ((cluster - 2) * sectors_per_cluster);
  226. return lba;
  227. }
  228.  
  229. local uint64 DIR1_start=0;
  230. local uint32 DIR1_LBA = 0;
  231. local uint64 DIR2_start=0;
  232. local uint32 DIR2_LBA = 0;
  233. local uint64 DIR3_start=0;
  234. local uint32 DIR3_LBA = 0;
  235.  
  236. local int NumDirEntriesPerCluster = (sectors_per_cluster * 512)/32;
  237.  
  238. FSeek(ROOT_start);
  239. struct {
  240. DIRENTRY entry[NumDirEntriesPerCluster];
  241. Printf("Volume ID Name: %s\n", entry[0].filename);
  242. Printf("Root Directory Contents:\n");
  243. for (i=0; i<NumDirEntriesPerCluster; i++) {
  244. PrintDirEntry( entry[i]);
  245. if (exDir1_LENGTH != 0) {
  246. if (!Memcmp(entry[i].filename, exDir1, exDir1_LENGTH)) { //look for dir1 in root
  247. //Printf("Found %s!, 0x%04x, 0x%04x\n", exDir1, entry[i].first_cluster_hi, entry[i].first_cluster_lo);
  248. DIR1_LBA = ConvertClusterHiLo2LBA(entry[i].first_cluster_hi, entry[i].first_cluster_lo);
  249. DIR1_start = DIR1_LBA * 512;
  250. }
  251. }
  252. }
  253. } root;
  254.  
  255.  
  256. if (DIR1_start != 0) {
  257. Printf("DIR 1 is %s, at LBA 0x%08x, at raw file offset 0x%08x\n", exDir1, DIR1_LBA, DIR1_start);
  258. FSeek(DIR1_start);
  259. struct {
  260. DIRENTRY entry[NumDirEntriesPerCluster];
  261. for (i=0; i<NumDirEntriesPerCluster; i++) {
  262. PrintDirEntry( entry[i]);
  263. if (exDir2_LENGTH != 0) {
  264. if (!Memcmp(entry[i].filename, exDir2, exDir2_LENGTH)) { //look for dir2 in dir1
  265. //Printf("Found %s!\n", exDir2);
  266. DIR2_LBA = ConvertClusterHiLo2LBA(entry[i].first_cluster_hi, entry[i].first_cluster_lo);
  267. DIR2_start = DIR2_LBA * 512;
  268. }
  269. }
  270. }
  271. } DirOne;
  272. }
  273.  
  274. if (DIR2_start != 0) {
  275. Printf("DIR 2 is %s, at LBA 0x%08x, at raw file offset 0x%08x\n", exDir2, DIR2_LBA, DIR2_start);
  276. FSeek(DIR2_start);
  277. struct {
  278. DIRENTRY entry[NumDirEntriesPerCluster];
  279. for (i=0; i<NumDirEntriesPerCluster; i++) {
  280. PrintDirEntry( entry[i]);
  281. if (exDir3_LENGTH != 0) {
  282. if (!Memcmp(entry[i].filename, exDir3, exDir3_LENGTH)) { //look for dir3 in dir2
  283. //Printf("Found %s!\n", exDir3);
  284. DIR3_LBA = ConvertClusterHiLo2LBA(entry[i].first_cluster_hi, entry[i].first_cluster_lo);
  285. DIR3_start = DIR3_LBA * 512;
  286. }
  287. }
  288. }
  289. } DirTwo;
  290. }
  291.  
  292. if (DIR3_start != 0) {
  293. Printf("DIR 3 is %s, at LBA 0x%08x, at raw file offset 0x%08x\n", exDir3, DIR3_LBA, DIR3_start);
  294. FSeek(DIR3_start);
  295. struct {
  296. DIRENTRY entry[NumDirEntriesPerCluster];
  297. for (i=0; i<NumDirEntriesPerCluster; i++) {
  298. PrintDirEntry( entry[i]);
  299. }
  300. } DirTwo;
  301. }
  302.  
  303. void PrintClusterList( uint32 first)
  304. {
  305. local uint32 c, nextAddress;
  306. local uint32 fat_start;
  307. local uint32 fat_end;
  308.  
  309. fat_start = fat_begin_lba * 512;
  310. fat_end = fat2_begin_lba * 512;
  311. c = first;
  312.  
  313. Printf("Cluster # FAT start ClusterIdx: Next Cluster\n");
  314. Printf(" 0x%08x (%d.)\n", c, c);
  315. while (1) {
  316. if ((c == 0x0fffffff) || (c == 0xffffffff)) { // normal end of cluster list
  317. return;
  318. }
  319. if (c > clusters_per_fat) {
  320. Printf("ERROR: unable to follow cluster list. It goes beyond FAT limit\n");
  321. return;
  322. }
  323. nextAddress = (c * 4) + fat_start;
  324. FSeek(nextAddress);
  325. uint32 nextCluster;
  326. Printf("0x%08x (* 4) + 0x%08x = 0x%08x: 0x%08x (%d.)\n", c, (fat_begin_lba *512), nextAddress, nextCluster, nextCluster);
  327. c = nextCluster;
  328. }
  329. }
  330.  
  331. if (exClusterList != 0) {
  332. PrintClusterList( exClusterList);
  333. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!