Project 4 - Disk Structure Analysis
DAT 2343 - Fall 2001
Synopsis
This Project has you use DOS DEBUG to analyze the structure of a
specially-formatted FAT12/16-style diskette. You are to locate some deleted
subdirectories and files, trace their location on disk, and ultimately find
the contents of the first data block of a deleted file located inside a
deleted subdirectory.
Preparation
- For this project you will need to use the diskette that was specially
formatted for you. Your disk is
custom-made uniquely for you; you cannot share it (or your answers) with
your classmates. Every disk is different.
- You may or may not be able to get a Microsoft O/S to make a duplicate
of your diskette. Some versions of Windows and DOS can; some can
not. If you want to try, use the Windows right-click menu item "Copy Disk..." or the DOS
command-line utility DISKCOPY. Copying just the files from the
diskette to another diskette will not work! You must copy the entire
diskette. It may or may not work. If you use Linux, you will
have no problem.
- Write protect the disk before you begin your analysis. Since
you are analyzing deleted file structures, anything you write to this
diskette will over-write and damage the information for which you are
looking. (If you ignore this warning and do overwrite your disk, you
will have to contact the instructor for a replacement and pick it up at the
next class. No extensions are granted for overwritten disks.)
- To do this project, you must shut down Windows completely. Use "pure" MS-DOS
for this project. You (probably) can't decode all parts of these disks if
Windows is running. You must restart your computer in "pure"
MS-DOS mode. (If you try using DEBUG to read these disks under some
versions of Windows, you will get fatal disk errors: Abort, Retry, Fail?)
Do not use a DOS window inside Windows. Restart the computer in
pure MS-DOS mode. You can also boot your computer from a Windows
start-up diskette and use that version of DOS and DEBUG.
- Use the DOS "TYPE" command to display the contents of the
README file on your diskette. EMail the personalized diskette code in
that file to your instructor immediately. Don't wait until the day
before the project is due - you will forget. EMail it now.
The Subject line on the EMail must read: Subject: abcd0001 code
0123456789 where 0123456789 is your personalized diskette code from the
README file and abcd0001 is your Algonquin userid.
- Did you write protect the diskette and EMail the diskette code to your
instructor? Do it!
Project Steps
You will have to provide twelve (12) different outputs from the following
steps.
Each output is numbered, below, as OUT#N:
- Write protect your disk before you insert it. This is extremely
important. No extensions are granted for overwritten disks.
- Shut down Windows and start up your computer in pure MS-DOS mode. (Using
an MS-DOS window under Windows probably won't work. You can try it;
but, you'll probably get many errors.) Write protect your disk.
- Use DOS DEBUG to load a copy of the boot sector from your floppy disk into
memory. (Did you write protect your disk yet?)
- (OUT#1) (Warning: This is the step where most students
trash their disks because they forgot to write protect them.) Display at least the first
40h bytes of the boot sector
and either save a copy of this dump to a file (using output redirection on the
MS-DOS command line) or print a copy of the screen directly (using Print
Screen) if you have an attached printer that works under DOS. If you choose to save to a file, you will need to print this file
later (using a Courier or Terminal fixed-width font)
and hand in the output.
- (OUT#2) Based on the values supplied by the DEBUG dump, provide the following
information in both hexadecimal and decimal (giving two numbers for each of
the seven values):
Boot Sector Dump Value for Your Diskette |
Hexadecimal |
Decimal |
1. the number of bytes per sector |
|
|
2. the number of sectors per file allocation unit (cluster) |
|
|
3. the number of copies of the FAT |
|
|
4. the number of root directory entries |
|
|
5. the number of sectors used by each copy of the FAT |
|
|
6. the number of sectors per track |
|
|
7. the number of heads |
|
|
(OUT#3) Calculate the absolute disk sector number of the first sector of the root
directory.
- Show clearly how you used the Boot Sector Dump information and formula
to
calculate this value.
- Give this absolute disk sector number in both hexadecimal and decimal (two
numbers).
Using the absolute disk sector number of the first sector of the root
directory, load the
first sector of the root directory into memory. (Remember to use
only hexadecimal numbers in your commands to DEBUG!) Your DEBUG dump
will show that this root directory once contained many odd file names, as
well as holding the entries for the few not-deleted files you can still see
left on your diskette (including the README file).
Display enough of this root directory to locate the entry for the
deleted subdirectory named "Project Four Directory".
This name is the Windows95 long name of this subdirectory; skip over the
long name entries. You will have to locate its corresponding
MS-DOS short name.
(OUT#4) Save the DEBUG output showing the complete deleted root directory entry
for the subdirectory "Project Four Directory" to
a file, or print your screen directly.
(OUT#5) Examine the dump of the root directory entry for the deleted "Project
Four Directory" subdirectory. From the dump, determine the starting cluster number of this
"Project Four Directory" subdirectory. Give the cluster
number in both hexadecimal and decimal (two numbers).
(OUT#6) Using the cluster number of the deleted "Project
Four Directory" subdirectory, determine the absolute disk sector number
of the first sector of the deleted subdirectory.
- Show clearly how you used the Boot Sector Dump information and the
subdirectory's cluster number to calculate this absolute disk sector number.
- Give this absolute disk sector number in both hexadecimal and decimal
(two numbers).
Using the absolute disk sector number of the first sector of the deleted "Project
Four Directory" subdirectory, load the first
sector of the deleted subdirectory into
memory. When you succeed, you will see that the dump shows that
this deleted subdirectory itself only contains deleted items.Display enough of
the "Project Four Directory" subdirectory to locate the entry for the
deleted file that was
called "Find This File". This name is the Windows95 long name of this
file; skip over the
long name entries. You will have to locate its corresponding
MS-DOS short name. (Warning: This file name appeared in more than
one directory. Make sure you are looking in the correct directory.)
(OUT#7) Save the DEBUG output showing the complete deleted subdirectory entry
for "Find This File" to
a file, or print your screen directly.
(OUT#8) Examine the dump of the subdirectory entry for the deleted "Find
This File" file. From the dump, determine the starting cluster number of this
"Find This File" file. Give the cluster
number in both hexadecimal and decimal (two numbers).
(OUT#9) Using the cluster number of the deleted "Find This
File" file, determine the absolute disk sector number
of the first sector of the deleted file.
- Show clearly how you used the Boot Sector Dump information and the
file's cluster number to calculate this absolute disk sector number.
- Give this absolute disk sector number in both hexadecimal and decimal
(two numbers).
Using the absolute disk sector number of the first sector of the deleted "Find
This File" file, load the first
sector of the deleted file into
memory. You will recognize that you have found the right sector, because the
ASCII dump will show the word "BINGO!" followed by your disk
serial number as the first strings of the sector.
(OUT#10) Save the DEBUG output showing at least the first
70h bytes of the contents of the deleted "Find This File" file
(including the word BINGO!) to
a file, or print your screen directly.
(OUT#11) Using the disk geometry of your encoded floppy disk, calculate the
location on disk in terms of Cylinder, Head (also known as side or surface),
and track-Sector numbers (C/H/S) of absolute disk sector 84h.
Express the numbers in C/H/S in decimal, not hexadecimal.
- Show clearly how you used the Boot Sector Dump information and the
absolute disk sector number 84h to calculate
this C/H/S location.
- Is the sector 84h located on the top side of your floppy disk
or on the bottom side?
(OUT#12) Calculate the location on disk of the first sector of file
"Find This File" in terms of C/H/S. Express the numbers in
C/H/S in decimal, not hexadecimal.
- Show clearly how you used the Boot Sector Dump information and the
file's absolute disk sector number to calculate
this C/H/S location.
- Was the first sector of the "Find This File" file located on
the top side of your floppy disk or on the bottom side?
Completely reformat your diskette before you use it for anything else!
Hand In
- No diskettes! Keep your encoded floppy as a souvenir. Hand
in only paper. No envelopes!
- Submit only clearly printed calculations on paper, in a format adhering
to my usual assignment
guidelines. Use the correct Courier or Terminal fixed-width font for your DEBUG
dumps.
- Please pay attention to the required DEBUG output dumps for various
steps, above. You may wish to review how to do DEBUG dumps using output redirection on
the MS-DOS command line.
Make sure you completely reformat your specially encoded floppy before you try
to re-use it for other data storage!
Problems?
As with all questions and comments on course content, please post any
problems you encounter to the course discussion news group.
|