Linux上文件恢復工具
文件恢復工具extundelete官網:http://extundelete.sourceforge.net/html
使用方法,在頁面裏找到download,下載源碼安裝包:extundelete-0.2.4.tar.bz2node
安裝:c++
[root@localhost extundelete-0.2.4]# yum -y install e2fsprogs-libs e2fsprogs e2fsprogs-devel [root@localhost extundelete-0.2.4]# rpm -q e2fsprogs-libs e2fsprogs e2fsprogs-devel [root@localhost extundelete-0.2.4]# tar jxvf extundelete-0.2.4.tar.bz2 [root@localhost extundelete-0.2.4]# cd extundelete-0.2.4 [root@localhost extundelete-0.2.4]#extundelete-0.2.4]# ./configure && make && make install
使用:工具
#查看能恢復的數據: [root@localhost ~]# extundelete /dev/sdc1 --inode 2 #恢復單個文件 [root@localhost ~]# extundelete /dev/sdc1 --restore-file somefile #恢復目錄 [root@localhost ~]# extundelete /dev/sdc1 --restore-directory /somedir #恢復全部文件 [root@localhost ~]# extundelete /dev/sdb1 --restore-all
使用步驟再也不贅述,詳情請參考別人博客:http://www.javashuo.com/article/p-bcfauzvy-gd.html測試
可是讓我鬱悶的是測試的時候竟然報錯了:(並且問題我也沒有解決,若是着急就別往下看了)spa
[root@ceph01 src]# ./extundelete /dev/sdc1 --restore-all NOTICE: Extended attributes are not restored. Loading filesystem metadata ... 1600 groups loaded. Loading journal descriptors ... 176 descriptors loaded. *** Error in `./extundelete': double free or corruption (!prev): 0x000000000141efd0 *** ======= Backtrace: ========= /lib64/libc.so.6(+0x7c619)[0x7f84baff0619] ./extundelete[0x40ce6b] ./extundelete[0x40ff86] ./extundelete[0x404654] /lib64/libc.so.6(__libc_start_main+0xf5)[0x7f84baf95c05] ./extundelete[0x404b8f] ======= Memory map: ======== 00400000-0041c000 r-xp 00000000 fd:02 659238 /home/wangdong/extundel/extundelete-0.2.4/src/extundelete 0061c000-0061d000 r--p 0001c000 fd:02 659238 /home/wangdong/extundel/extundelete-0.2.4/src/extundelete 0061d000-0061e000 rw-p 0001d000 fd:02 659238 /home/wangdong/extundel/extundelete-0.2.4/src/extundelete 0061e000-0061f000 rw-p 00000000 00:00 0 013fd000-0143f000 rw-p 00000000 00:00 0 [heap] 7f84b4000000-7f84b4021000 rw-p 00000000 00:00 0 7f84b4021000-7f84b8000000 ---p 00000000 00:00 0 7f84ba717000-7f84bad58000 rw-p 00000000 00:00 0 7f84bad58000-7f84bad6f000 r-xp 00000000 fd:00 201371296 /usr/lib64/libpthread-2.17.so 7f84bad6f000-7f84baf6e000 ---p 00017000 fd:00 201371296 /usr/lib64/libpthread-2.17.so 7f84baf6e000-7f84baf6f000 r--p 00016000 fd:00 201371296 /usr/lib64/libpthread-2.17.so 7f84baf6f000-7f84baf70000 rw-p 00017000 fd:00 201371296 /usr/lib64/libpthread-2.17.so 7f84baf70000-7f84baf74000 rw-p 00000000 00:00 0 7f84baf74000-7f84bb12c000 r-xp 00000000 fd:00 201328485 /usr/lib64/libc-2.17.so 7f84bb12c000-7f84bb32c000 ---p 001b8000 fd:00 201328485 /usr/lib64/libc-2.17.so 7f84bb32c000-7f84bb330000 r--p 001b8000 fd:00 201328485 /usr/lib64/libc-2.17.so 7f84bb330000-7f84bb332000 rw-p 001bc000 fd:00 201328485 /usr/lib64/libc-2.17.so 7f84bb332000-7f84bb337000 rw-p 00000000 00:00 0 7f84bb337000-7f84bb34c000 r-xp 00000000 fd:00 203151519 /usr/lib64/libgcc_s-4.8.5-20150702.so.1 7f84bb34c000-7f84bb54b000 ---p 00015000 fd:00 203151519 /usr/lib64/libgcc_s-4.8.5-20150702.so.1 7f84bb54b000-7f84bb54c000 r--p 00014000 fd:00 203151519 /usr/lib64/libgcc_s-4.8.5-20150702.so.1 7f84bb54c000-7f84bb54d000 rw-p 00015000 fd:00 203151519 /usr/lib64/libgcc_s-4.8.5-20150702.so.1 7f84bb54d000-7f84bb64e000 r-xp 00000000 fd:00 201328494 /usr/lib64/libm-2.17.so 7f84bb64e000-7f84bb84d000 ---p 00101000 fd:00 201328494 /usr/lib64/libm-2.17.so 7f84bb84d000-7f84bb84e000 r--p 00100000 fd:00 201328494 /usr/lib64/libm-2.17.so 7f84bb84e000-7f84bb84f000 rw-p 00101000 fd:00 201328494 /usr/lib64/libm-2.17.so 7f84bb84f000-7f84bb938000 r-xp 00000000 fd:00 201371650 /usr/lib64/libstdc++.so.6.0.19 7f84bb938000-7f84bbb37000 ---p 000e9000 fd:00 201371650 /usr/lib64/libstdc++.so.6.0.19 7f84bbb37000-7f84bbb3f000 r--p 000e8000 fd:00 201371650 /usr/lib64/libstdc++.so.6.0.19 7f84bbb3f000-7f84bbb41000 rw-p 000f0000 fd:00 201371650 /usr/lib64/libstdc++.so.6.0.19 7f84bbb41000-7f84bbb56000 rw-p 00000000 00:00 0 7f84bbb56000-7f84bbb98000 r-xp 00000000 fd:00 201372415 /usr/lib64/libext2fs.so.2.4 7f84bbb98000-7f84bbd98000 ---p 00042000 fd:00 201372415 /usr/lib64/libext2fs.so.2.4 7f84bbd98000-7f84bbd99000 r--p 00042000 fd:00 201372415 /usr/lib64/libext2fs.so.2.4 7f84bbd99000-7f84bbd9b000 rw-p 00043000 fd:00 201372415 /usr/lib64/libext2fs.so.2.4 7f84bbd9b000-7f84bbd9e000 r-xp 00000000 fd:00 201371665 /usr/lib64/libcom_err.so.2.1 7f84bbd9e000-7f84bbf9d000 ---p 00003000 fd:00 201371665 /usr/lib64/libcom_err.so.2.1 7f84bbf9d000-7f84bbf9e000 r--p 00002000 fd:00 201371665 /usr/lib64/libcom_err.so.2.1 7f84bbf9e000-7f84bbf9f000 rw-p 00003000 fd:00 201371665 /usr/lib64/libcom_err.so.2.1 7f84bbf9f000-7f84bbfc0000 r-xp 00000000 fd:00 201328478 /usr/lib64/ld-2.17.so 7f84bbfd6000-7f84bc1ae000 rw-p 00000000 00:00 0 7f84bc1bd000-7f84bc1c0000 rw-p 00000000 00:00 0 7f84bc1c0000-7f84bc1c1000 r--p 00021000 fd:00 201328478 /usr/lib64/ld-2.17.so 7f84bc1c1000-7f84bc1c2000 rw-p 00022000 fd:00 201328478 /usr/lib64/ld-2.17.so 7f84bc1c2000-7f84bc1c3000 rw-p 00000000 00:00 0 7ffc13f68000-7ffc13f89000 rw-p 00000000 00:00 0 [stack] 7ffc13fc8000-7ffc13fca000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
磁盤自己SSD的,用VMWare虛擬機虛擬出來的磁盤,掛載到系統上,用mkfs.ext4格式化成了ext4,也mount上去,寫了文件,而後刪除,而後umount,而後恢復,結果居然掛了。官網說依賴包「ensure you have e2fsprogs version 1.41 or newer」,個人也符合要求啊。.net
[root@localhost extundelete-0.2.4]# rpm -qa | grep e2fsprogs e2fsprogs-devel-1.42.9-13.el7.x86_64 e2fsprogs-libs-1.42.9-13.el7.x86_64 e2fsprogs-1.42.9-13.el7.x86_64
爲何?看代碼也不是不少,看看本身能不能定位出問題。debug
#打開core [root@localhost src]# ulimit -c unlimited #運行產生core文件 [root@localhost src]# ./extundelete /dev/sdc1 --restore-all #調試運行後產生的core文件 [root@localhost src]# gdb extundelete core.6756 (gdb) bt #0 0x00007f80061a71f7 in raise () from /lib64/libc.so.6 #1 0x00007f80061a88e8 in abort () from /lib64/libc.so.6 #2 0x00007f80061e6f47 in __libc_message () from /lib64/libc.so.6 #3 0x00007f80061ee619 in _int_free () from /lib64/libc.so.6 #4 0x000000000040ce6b in init_journal (fs=fs@entry=0x1f8e0a0, jfs=0x1f8e0a0, jsb=jsb@entry=0x7fffdea06aa0) at extundelete.cc:1167 #5 0x000000000040ff86 in examine_fs (fs=0x1f8e0a0) at cli.cc:287 #6 0x0000000000404654 in main (argc=1, argv=0x7fffdea07088) at cli.cc:806 (gdb)
最終出錯在extundelete.cc:1167,恕本人才疏學淺,gdb各類運行跟蹤打斷點,也沒看出代碼有什麼問題,根據報錯的狀況能夠大概猜想「應該是某種緣由致使一開始new的指針類型發生了變化,致使delete的時候釋放越界致使的,並不是是屢次釋放指針形成的」。想一想只是實驗一下功能,一次性的,那我直接在最後return掉,不釋放內存,行不行指針
1163 Log::debug << std::endl; 1164 } 1165 return 0; 1166 1167 finally: 1168 delete[] buf; 1169 delete[] descbuf; 1170 delete[] blocks;
結果這一關過了,下一關又卡住了調試
(gdb) bt #0 0x00007fef076451f7 in raise () from /lib64/libc.so.6 #1 0x00007fef076468e8 in abort () from /lib64/libc.so.6 #2 0x00007fef07684f47 in __libc_message () from /lib64/libc.so.6 #3 0x00007fef0768c619 in _int_free () from /lib64/libc.so.6 #4 0x00007fef0820e716 in ext2fs_free () from /lib64/libext2fs.so.2 #5 0x00007fef082092d7 in ext2fs_close2 () from /lib64/libext2fs.so.2 #6 0x000000000040466a in main (argc=1, argv=0x7ffe9c53c598) at cli.cc:812
我不closefs行不行
812 //errcode = ext2fs_close (fs); 813 if (errcode) { 814 com_err(Config::progname.c_str(), errcode, "when trying to close filesystem"); 815 }
結果,雖然不coredump了,可是也沒成功:(RECOVERED_FILES一個文件都沒有)
[root@localhost src]# ./extundelete /dev/sdc1 --restore-all NOTICE: Extended attributes are not restored. Loading filesystem metadata ... 1600 groups loaded. Loading journal descriptors ... 176 descriptors loaded. Searching for recoverable inodes in directory / ... 0 recoverable inodes found. Looking through the directory structure for deleted files ... 0 recoverable inodes still lost. No files were undeleted.
但我磁盤中自己是有文件的:
[root@localhost src]# extundelete /dev/sdc1 --inode 2 NOTICE: Extended attributes are not restored. Loading filesystem metadata ... 1600 groups loaded. Group: 0 Contents of inode 2: 0000 | ed 41 00 00 00 10 00 00 ff 39 40 5c 0c 3a 40 5c | .A.......9@\.:@\ 0010 | 0c 3a 40 5c 00 00 00 00 00 00 03 00 08 00 00 00 | .:@\............ 0020 | 00 00 08 00 04 00 00 00 0a f3 01 00 04 00 00 00 | ................ 0030 | 00 00 00 00 00 00 00 00 01 00 00 00 3a 24 00 00 | ............:$.. 0040 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 0050 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 0060 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 0070 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 0080 | 1c 00 00 00 f0 32 f5 62 f0 32 f5 62 1c db be 52 | .....2.b.2.b...R 0090 | 74 36 40 5c 00 00 00 00 00 00 00 00 00 00 00 00 | t6@\............ 00a0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00b0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00c0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00d0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00e0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00f0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ Inode is Allocated File mode: 16877 Low 16 bits of Owner Uid: 0 Size in bytes: 4096 Access time: 1547713023 Creation time: 1547713036 Modification time: 1547713036 Deletion Time: 0 Low 16 bits of Group Id: 0 Links count: 3 Blocks count: 8 File flags: 524288 File version (for NFS): 0 File ACL: 0 Directory ACL: 0 Fragment address: 0 Direct blocks: 127754, 4, 0, 0, 1, 9274, 0, 0, 0, 0, 0, 0 Indirect block: 0 Double indirect block: 0 Triple indirect block: 0 File name | Inode number | Deleted status . 2 .. 2 lost+found 11 test 2883585 Deleted
因爲沒有研究過ext4文件系統相關的東西,所以此問題也沒看出什麼眉目,目前也不急於使用這個功能,問題也沒有解決,待以後研究出結果以後出來結帖。
本人測試所使用的系統:
[root@ceph01 src]# cat /etc/redhat-release CentOS Linux release 7.4.1708 (Core) [root@ceph01 src]# uname -a Linux ceph01 3.10.0-693.2.2.el7.x86_64 #1 SMP Tue Sep 12 22:26:13 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
唉。。。。。。
相關文章
- 1. 使用 Linux 文件恢復工具
- 2. linux數據恢復工具
- 3. Linux 恢復文件
- 4. 硬盤誤刪除文件恢復工具,怎樣恢復誤刪文件
- 5. 恢復Linux誤刪除文件系列之scalpel工具
- 6. linux下的開源文件恢復工具
- 7. 恢復Linux誤刪除文件系列之foremost工具
- 8. 恢復Linux誤刪除文件系列之extundelete工具
- 9. 在Linux系統下使用PhotoRec & TestDisk工具來恢復文件
- 10. linux文件刪除恢復
- 更多相關文章...
- • PHP 文件上傳 - PHP教程
- • jQuery Mobile 工具欄 - jQuery Mobile 教程
- • PHP開發工具
- • IDEA下SpringBoot工程配置文件沒有提示
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
歡迎關注本站公眾號,獲取更多信息
