The SUPER_BLOCK structure contains information needed to parse EXT2/3 filesystem.
The SUPER_BLOCK can (must) be found at offset 1024bytes from the begining of LINUX_NATIVE partition.
It length's 1024 bytes.
SUPER BLOCK
| [DATA TYPE] | Field name | About it ... |
| [DWORD] | s_inodes_count | Inodes count |
| [DWORD] | s_blocks_count | Blocks count |
| [DWORD] | s_r_blocks_count | Reserved blocks count |
| [DWORD] | s_free_blocks_count | Free blocks count |
| [DWORD] | s_free_inodes_count | Free inodes count |
| [DWORD] | s_first_data_block | First Data Block |
| [DWORD] | s_log_block_size | Block size |
| [DWORD] | s_log_frag_size | Fragment size |
| [DWORD] | s_blocks_per_group | # Blocks per group |
| [DWORD] | s_frags_per_group | # Fragments per group |
| [DWORD] | s_inodes_per_group | # Inodes per group |
| [DWORD] | s_mtime | Mount time |
| [DWORD] | s_wtime | Write time |
| [WORD] | s_mnt_count | Mount count |
| [WORD] | s_max_mnt_count | Maximal mount count |
| [WORD] | s_magic | Magic signature |
| [WORD] | s_state | File system state |
| [WORD] | s_errors | Behaviour when detecting errors |
| [WORD] | s_minor_rev_level | Minor revision level |
| [DWORD] | s_lastcheck | time of last check (*) |
| [DWORD] | s_checkinterval | max. time between checks |
| [DWORD] | s_creator_os | OS |
| [DWORD] | s_rev_level | Revision level |
| [WORD] | s_def_resuid | Default uid for reserved blocks |
| [WORD] | s_def_resgid | Default gid for reserved blocks |
| The next fields are for EXT2_DYNAMIC_REV superblocks only(newer) |
| [DWORD] | s_first_ino | First non-reserved inode |
| [WORD] | s_inode_size | size of inode structure |
| [WORD] | s_block_group_nr | block group # of this superblock |
| [DWORD] | s_feature_compat | compatible feature set |
| [DWORD] | s_feature_incompat | incompatible feature set |
| [DWORD] | s_feature_ro_compat | readonly-compatible feature set |
| [DWORD] | s_pad[229] | Padding to the end of the block |
(*)All time records in this structures/recors/types are in seconds. The amount of seconds
passed from 0:00:00 1/january/1970
GROUP DESCRIPTOR
| [DATA TYPE] | Field name | About it ... |
| [DWORD] | bg_block_bitmap | Blocks bitmap block |
| [DWORD] | bg_inode_bitmap | Inodes bitmap block |
| [DWORD] | bg_inode_table | Inodes table block |
| [WORD] | bg_free_blocks_count | Free blocks count |
| [WORD] | bg_free_inodes_count | Free inodes count |
| [WORD] | bg_used_dirs_count | Directories count |
| [WORD] | bg_pad | |
| [DWORD] | bg_reserved[2] | |
INODE
| [DATA TYPE] | Field name | About it ... |
| [WORD] | i_mode | File mode |
| [WORD] | i_uid | Owner Uid |
| [DWORD] | i_size | Size in bytes |
| [DWORD] | i_atime | Access time |
| [DWORD] | i_ctime | Creation time |
| [DWORD] | i_mtime | Modification time |
| [DWORD] | i_dtime | Deletion Time |
| [WORD] | i_gid | Group Id |
| [WORD] | i_links_count | Links count |
| [DWORD] | i_blocks | Blocks count |
| [DWORD] | i_flags | File flags |
| [DWORD] | i_reserved1 | Reserved 1 |
| [DWORD] | i_block[15] | Pointers to blocks |
| [DWORD] | i_version | File version (for NFS) |
| [DWORD] | i_file_acl | File ACL |
| [DWORD] | i_dir_acl | Directory ACL |
| [DWORD] | i_faddr | Fragment address |
| [BYTE] | i_frag | Fragment number |
| [BYTE] | i_fsize | Fragment size |
| [WORD] | i_pad1 | |
| [WORD] | i_uid_high | high bits of uid |
| [WORD] | i_gid_high | high bits of gid |
| [DWORD] | i_reserved2 | |
WARNING ! EXT2_DIRECTOY structure it is NOT in the same sector/block with the inode !!!
The inode occupies some space (128/256 bytes) just after -INODE BITMAP which is after -BLOCK BITMAP which is after GROUP DESCRIPTOR - which group desciptor is sometimes after SUPER_BLOCK.
.
But the EXT2_DIRECTORY structures are store separatlly in a special file.
Directories are normal linked list. Each entry in the directory points to an inode - the inode
contains information about the entry - block(s) used, size, attributes, time(s), creator ... etc.
The inode size on disk can be found in SUPER_BLOCK.s_inode_size (which is 128 or 256 or 512 ...)
So when reading inodes from disk you must take care ! You must not use a predefined constat for inode length (128) but
use the information given by SUPER_BLOCK.s_inode_size.
EXT2 DIRETORY
| [DATA TYPE] | Field name | About it ... |
| [DWORD] | inode_num | The inode containing information about this entry |
| [WORD] | rec_len | Length of this record |
| [BYTE] | name_len | Length of string [filename] |
| [BYTE] | file_type | File type (2 is for dir) |
| [BYTE] | name[((((neme_len-1) >> 2)+1) << 2)] | String containing filename + padding (4 byte allignament) |
(*)The last entry -name = filename - contains the filename + padding bytes(dword allignament) !
That means:
name : autoconf.sh
len : 11
So because lenght of filename is 11 which is not DWORD alligned you substract 1,shift right length by 2,then add 1, the shift left by 2.
That is : 0b1011 - 1 = 0b1010 ; 0b1010 >> 2 = 0b10 ; 0b10 + 1 = 0b11 ; 0b11 << 2 = 0b1100 (which is 12 and 12 is divisible by 4 !)
Not all directories just EXT2_DIRECTORY record ! There is also hashing (for directories with many files !).
Also there exist HASHING for big directories, backword compatibility must always be kept !
So even if a directory is HASHED it also contains normal EXT2_DIRECTORY fields !
The whole standard is : -- page under development---
|