-
Notifications
You must be signed in to change notification settings - Fork 196
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
8KB of data garbled at 2TB boundary #51
Comments
This file is not compressed and sysinternals Contig reported that it is stored in one fragment. |
Is it possible for you to run a In the same spirit, are these two blocks at the end of the file? Or are they in the middle? |
Do you think it might have run into a BitLocker metadata header? I see those are also 8192 bytes. The corruption is ~568,303,648 bytes into a 605,594,334 byte file. |
Probably not a surprise BitLocker metadata header. I checked and I have headers at the three metadata header offsets listed, but not near the 2905324924928 and 2778237616128 positions listed in the strace. (Though I wonder why ntfs-3g is reading from two completely different positions for an unfragmented file?) |
Oops, probably just looking at calls for metadata instead of data. |
On a fresh mount.ntfs-3g process that hasn't cached any data yet, doing a read of the garbled 8KB section shows this strace:
The data read is at 2199023247360, which is exactly at the 2TB boundary:
|
Running dislocker with DEBUG logging shows this when reading the troubled 8KB section:
It looks like it's calling into |
I added some more debug lines, and I see
|
My file is read correctly after changing if(version == V_SEVEN &&
- (uint32_t)sector_offset < io_data->nb_backup_sectors)
+ (uint64_t)sector_offset < io_data->nb_backup_sectors)
{ |
Regressed in d9174c8 |
Wowkay, nice catch! I'll have to make some tests to revert this commit but I'll definitely fix that (thanks to you!). |
Thanks for your report! |
First, thanks for dislocker, it's great to be able to read BitLocker disks on Linux!
I have a 4TB BitLocker volume that I created on Windows 10. I checksummed 1.8TB of files on this volume, and found a single file that dislocker appears to be reading incorrectly. Specifically, two 4KB blocks in the file appear to be garbled. Windows 10 reads the file correctly (tested twice on different weeks) while dislocker reads the file incorrectly (tested twice across two physical-power-off events).
I built dislocker@develop 564420c on Ubuntu 15.10 (64-bit).
With dislocker:
I booted into Windows 10 after seeing the incorrect hash
f943abbd99343db0d4e384524e8d588a
and confirmed that Windows 10 still saw the correct hash61ac59d3b615cf191b22351b706d7db4
.On a known-good copy of the data created on Windows 10, copying into a Linux Samba share:
(no errors)
Binary-diffing the file shows these differences, indicating that two 4KB blocks are garbled.
strace'ing the
mount.ntfs-3g
process and then running this program to read the garbled block:shows
Is there any other debugging information that might be useful?
The text was updated successfully, but these errors were encountered: