logo
http://www.partition-saving.com
Copyright © 2015-2016 D. Guibouret

Manual

Table of contents

  1- License and preface
  2- Introduction
  3- System requirements
  4- Interface features/functions
  5- Using the program
     a) Executing program
     b) Program functions
  6- Menu
     a) File menu
     b) Support menu
     c) Goto menu
     d) View as menu
     e) Information menu
  7- Configuration
     a) Common configuration
     b) FAT configuration
     c) NTFS configuration
     d) Ext2 configuration
  8- Driver refresh
  9- Calculator
  10- Test of support's definition
     a) Presentation
     b) Main display
     c) Details display
  11- Disk definitions
     a) MBR partition sector
     b) GPT header sectors
     c) GPT entries sectors
  12- FAT definitions
     a) FAT12/FAT16 boot sector
     b) FAT12/FAT16 FAT
     c) Directory
     d) FAT32 boot sector
     e) FAT32 information sector
     f) FAT32 FAT
  13- NTFS definitions
     a) Boot sector
     b) MFT
     c) Standard information attribute
     d) Attributes list attribute
     e) File name attribute
     f) Object identifier attribute
     g) Security descriptor attribute
     h) Volume name attribute
     i) Volume information attribute
     j) Data attribute
     k) Index root attribute
     l) Index allocation attribute
     m) Bitmap attribute
     n) Reparse point attribute
     o) Extended attribute information attribute
     p) Extended attribute attribute
     q) Property set attribute
     r) Logged utility stream attribute
  14- Ext2 definitions
     a) Superblock
     b) Group descriptor (32 bits)
     c) Group descriptor (64 bits)
     d) Inodes table
     e) Inodes bitmap
     f) Blocks bitmap
     g) Directory
     h) Indirect blocks list
     i) Double indirect blocks list
     j) Triple indirect blocks list
     k) Extents
     l) Multimount protection block
     m) Extended attributes block
  15- Configuration file
  16- Options file
  17- Evolutions
     a) V1.00 -> V1.01
     b) V1.01 -> V1.10


1- License and preface

This program may be copied and freely redistributed. It may not be sold in any way, either alone or included in another program. All that is in this package must be kept together in its original form.

This program is offered as-is without any guarantee. No pursuit can be engaged against its author in case of damages due to this program.

All remarks are welcome.


2- Introduction

Partition-Explorer is a program that allows viewing and editing content of a partition. As it accesses content of a partition at a low level, you can easily damage this partition and render it no more accessible by your OS (so lost partition content). SO BE ALWAYS CAUTIOUS ON WHAT YOU DO WITH THIS PROGRAM. There is no undo feature, once something is done and written to disk, there is no way to come back to previous state unless you remember what the previous values were.


3- System requirements

Hardware:

Software: To use DOS version, you need a bootable DOS floppy or CD (or a DOS partition on your disk). If you do not have one, you can use the boot disk that includes Partition-Saving (see spartbdk documentation) to create a bootable floppy or CD. You can also create your own floppy disk (see FAQ question 10). In case you use the Partition-Saving one, you will have to put the Partition-Explorer program on a partition that could be accessed from DOS (so a FAT partition or another floppy disk) as it is not provided with the Partition-Saving boot floppy disk.
In Windows and Linux cases, you need administrator's rights to be able to access partitions.
If you want to modify the system partition with Windows version, you need a second Windows installation or a WinPE or BartPE CD or use the Windows repair console because program cannot have a low level access to the active system.
If you want to modify the system partition with Linux version, you need a second Linux installation or a liveCD or use the repair console that is on most installation CD because program cannot have a low level access to a mounted system.
This program shall be used after a boot of computer without leaving any OS into some hibernation mode because in this case modification made by this program can disallow this OS booting back or OS can undo what program does.


4- Interface features/functions

Interface if based on a menu on top of the edition window. At startup the edition window is not displayed until you select a support to explore. This interface can be split in two with each part having its own menu in order to explore two different partitions simultaneously (or the same one with using two views). The interface can also be split in two with displaying a simple calculator.
On right side of the menu, the read-only or read/write state of the support is displayed and in case something has been modified without having been written back to disk, a "*" is displayed on left of this state. The following screenshots give examples of the interface:


The way to use this interface is similar to Partition-Saving's textual window interface and you can get more details in reading chapter 4.a of its manual.


5- Using the program

a) Executing program

Usage:
explpart.exe [-cm|-nm|-pm] [-f <options file>] [-cfg <configuration file>] [-ncd] [-ncs] [-nvd|-vd] [-nvf|-vf] [-tds] [-tui|-tuix|-bui|-buix] [-utf8|-noutf8] [-term <terminal>]
To use the Windows version, explpwin.exe (32 bits) or explpw64.exe (64 bits) shall be used instead of explpart.exe.
To launch the Linux version, explplnx.run (32 bits) or explpl64.run (64 bits) shall be used instead of explpart.exe.
In Windows and Linux versions, same options are available, but some of them will have no effect (see below).

  -cm: this option is the default way the mouse is utilised.

  -pm: this option is another way to utilise the mouse that can be used in case the first one does not work (it is default method when using DOS version on Windows NT/XP). Using this method may prevent detecting some double clicks. This option is equivalent to -cm into Windows version. In Linux version, program does not try to install its own mouse handler but fully relies on ncurses one.

  -nm: this option disables the mouse. You would have to use it only if mouse use seems to pose a problem with 2 previous methods.

  -f <options file>: this option allows you to set same options than on command line and in way supports are detected. To understand the contents of this file, please read chapter 16.

  -cfg <configuration file>: this option allows you set initial configuration of program. Configuration is described in chapter 7. To understand the contents of this file, please read chapter 15.

  -ncd: this option disables the check that created/read file is not on saved/restored element. It is generally recommended only if DOS drive letter attribution is wrong. This option has no influence in Windows and Linux versions (this check cannot be disabled).

  -ncs: this option disables the check on free size on drive where files are created. This is a workaround in case the driver report a wrong free size, but you have to be aware that in case performing some copy, these ones could fail only once the destination drive is full.

  -nvd|-vd: this option disables/enables the check that sectors are correctly written. It is disabled as default. This speeds up disk access, but may prevent detecting bad sectors on the disk. The check that sectors are correctly written cannot be enabled in Windows and Linux versions (less for floppy disks in Windows 9x).

  -nvf|-vf: this option disables/enables the check that files are correctly written and that sectors are correctly written when using DOS devices access. It is disabled as default. This speeds up file access, but created files or restored devices may be incorrect because the disk where they are written is damaged. The check that files are correctly written cannot be enabled in Windows and Linux versions.

  -tds: this option enables check of disk size with relying on partitions table content (for disk with extended access) or with searching last cylinder (for disk with standard access). This option is needed only if partitions do not appear.

  -tui|-tuix|-bui|-buix: this option allows you to select the user interface:

If this option is not given, extended textual window interface is used. This option has to be used only if this interface poses a problem (for example nothing appears when the program begins). In this case, you can try the -bui option.

  -utf8|-noutf8: forces use or not use of UTF-8 terminal capability in Linux version. The default behaviour is to detect it automatically.

  -term <terminal>: this option is specific to Linux and Windows versions.
In Linux version, if program finds it does not run in a terminal, it launches itself into a terminal with using the "xterm" command (this mechanism is useful if you double click on program from a file explorer). This option allows setting command to use to create the X terminal in which running program instead of "xterm" (this command shall allow using "-e" option to run a program). If <terminal> is equal to "no", program does not try to create a terminal even if it finds it is not executed into a terminal.
In Windows version, program tries to launch a new console to ensure the mouse quick edit mode is disabled (thus allowing use of mouse). Using this option (whatever <terminal> value is) disables this behaviour.

Return code of program can be one of the following:

b) Program functions

When program is started, it begins with analysing all your disks and devices to build a list of all what can be viewed. Once this is done you can start using it through its menu. Basically you will select a support through "Support" menu then navigate in the displayed data through the "Goto" menu. You will be able to modify some values and write changes back to disk (if you activated read/write mode in configuration first).
Chapter 6 gives a description of each command you can select inside menu. Depending on the state of the program, all the commands are not available (ex: if you did not select any support, the "Goto" and "View" menus are not available).
When the displayed data are a recognised structure of a filesystem, you can use two different views:

You can switch from one to another through "F9" key and see the consequences of a change. When switching, the cursor remains at the same location in the sector, so you can easily see which bytes correspond to a field of the structure.
Another view that is available is the "Explore" view that is a more standard way to see the filesystem. But in this case you can no more have the link between what is currently displayed and the content of the sectors.
Data that can be displayed depend on the kind of filesystem that is detected on the partition. The description of each kind of displayed information is given in chapters 11 to 14.
In case the filesystem was damaged and cannot be correctly be detected, you can either use the "View" menu to force displaying of content of sectors with using some specific structure or use the configuration to set the basics information needed to recognise a filesystem. In first case, it will remain local to the sectors you are currently viewing, in the second case, program will try to match the filesystem with relying on information you provided (so if you give some bad definition or if the filesystem is too deeply damaged, you can get some strange behaviour).
You can use the test functions if you want to know why a filesystem is not correctly recognised.
c) Navigating in the filesystem

When the filesystem is correctly recognised you can navigate into its content through the "Goto" menu or by hitting a key ("Enter" in most cases) in the field of a sector. At any moment you can come back to a previously displayed content through "Back", "Forward" and "History" commands of "Goto" menu.
For some views that are repeat of same kind of structure among whole sector, you can use a "Quick access" command of "View as" menu to reach directly an entry.
You can also type some characters and program will gives you all fields whose name contains what you typed. This allows going quickly to the desired field.
There can be some definition where displaying the whole content will need a lot of memory or a long time to build and navigate in the window. In that case, program splits definition at regular point to limit number of displayed items. You can change the limit in configuration. When the definition is split, you have on top and bottom of the window "Previous" and "Next" buttons and a "Go to item" entry: these are to access the definitions that were not displayed.

Another way to navigate is in case you want to search to which file a sector belongs. This can be done through "Sector info", "Cluster info", "Inode path" and "MFT path" entries of "Info" menu. This kind of search could be quite long (as program can have to scan the whole filesystem to find the corresponding file), you can cancel it at any time by hitting the "Escape" key (note: this one could take some time depending on the state of the search). Program will display what it was able to resolve when it was interrupted.

d) Modifying content

When you enable the read/write mode in configuration, you can modify the content of a field and write this back to the disk. You shall be very cautious as if you enter some wrong value, there will be nothing to prevent you from doing this (so you can damage the filesystem). A small check that can be performed is to switch from detailed view to raw then back (or vice-versa) and check that the value you modified was not modified. During such a switch you can get a window telling you that "Content description overflows content size. End is cut to match content size.". That means that the modified content becomes too big to enter into the initial content of sectors and so the end of this content was lost. This is not a problem as long as this end is some unused part in the structure, but becomes one is some needed data are lost. In this last case you will better have to revert your change (or to not write changes and read sectors again to retrieve initial values).
Depending on the displayed structure, some fields could be related to some other (ex: filename and filename length). Depending on the configuration you chose, program could update them automatically or not (so if you add some characters to a filename, its length is updated accordingly or on contrary if you changed the length, the name is modified). If you did not activate the automatic update, you can explicitly request it by hitting a key ("Shift+Enter" in most cases). The fields that are linked together are detailed in the filesystem descriptions.
When you modify content of sectors and write them back to disk, you could have to inform program of such a change if you want it to take them into account in its internal structures. You have to perform this explicitly to avoid breaking program behaviour in case you perform some incomplete change (such as you can do it only when you know a set of changes you did is coherent). You can get more details on this in chapter 8.

At any time you can save the sectors content to a file to be able to retrieve it latter (such restoring the content to its initial state if some change seems to lead to errors). This can be done through the "Save to file" and "Read from file" commands into "File" menu. The "Save as text" command allows saving the sector content as it is displayed into detailed view, but there is no way to reload such a file: it is only to have content in a readable form.

6- Menu

Menu is the entry point for user to use the program. You can activate it with clicking on menu item with mouse or with typing "Alt+<the name shortcut>".
Menu is divided into several entries:

a) File menu
The file menu allows managing configuration and windows of program. Program is able to display two windows showing two different supports. These windows are independent from each other and each of them has its own menu and configuration.
Available commands depend on what is currently displayed. Commands are:
b) Support menu
This menu gives the list of supports that could be viewed.
Supports are grouped by kind of supports and sub-menu are shown to view items on a support:
c) Goto menu
This menu allows reaching some specific construct on currently displayed support.
List of reachable definitions depends on kind of filesystem recognised on support:
Goto disk item:
This lists kind of items that can be reached when viewing a disk:
Goto FAT12/FAT16 item:
This lists kind of items that can be reached when viewing a FAT12 or FAT16 support:
Goto FAT32 item:
This lists kind of items that can be reached when viewing a FAT32 support:
Goto NTFS item:
This lists kind of items that can be reached when viewing a NTFS support:
Goto Ext2 item:
This lists kind of items that can be reached when viewing an ext2 support:
d) View as menu
This menu allows using a specific structure when displaying some sectors. This forces the given kind of view to be used without checking its coherence with current sector content, so it could give unexpected result.
The kind of views that could be used are grouped per kind of filesystem: When using one of the "View as" entry, program will read back sector content, so if you performed any modification and do not save it before they will not appear in the displayed window (program will request you if you want to save it unless you are in read-only mode).
View as disk item
This menu allows viewing sectors using some disk structure:
View as FAT12 item
This menu allows viewing sectors using some FAT12 structure:
View as FAT16 item
This menu allows viewing sectors using some FAT16 structure:
View as FAT32 item
This menu allows viewing sectors using some FAT32 structure:
View as NTFS item
This menu allows viewing sectors using some NTFS structure:
View as Ext2 item
This menu allows viewing sectors using some ext2 structure:
e) Information menu
This menu allows displaying some information about currently viewed item:

7- Configuration

Configuration allows configuring behaviour of the program. This can be defined or current configuration can be viewed with using the corresponding menu entry. This opens a tabbed window. This window displays the configuration to use to display disk items. Configuration allows defining how interface shall behave and how to treat support in case its content cannot be recognized.
A change of configuration is taken into account only when:

There are some common options that apply to several kinds of filesystems and some options specific to each filesystem: Depending on "Detection mode" in common configuration, only some of the definitions will be used. If it is set to: If the "Current configuration" button is available (when you edit configuration and a support is currently displayed), you can update default configuration with the one of current support.
a) Common configuration
Screenshot
The common configuration allows defining interface behaviour and setting definitions common to several filesystems.
Settings corresponding to interface behaviour are: Settings that are common to several filesystems are:
b) FAT configuration
Screenshot
These definitions are specific to FAT filesystems. They are used in case detection is forced to FAT12, FAT16 or FAT32 filesystem:
c) NTFS configuration
Screenshot
These definitions are specific to NTFS filesystem. They are used in case detection is forced to NTFS filesystem:
d) Ext2 configuration
Screenshot
These definitions are specific to ext2, ext3 and ext4 filesystems. They are used in case detection is forced to ext2 filesystem:

8- Driver refresh

Refreshing driver allows taking into account change you have done:

In order to work, program needs to memorise some sectors and cannot update their values automatically when you change them because this could lead to some incoherence (as if you change number of sectors per FAT and still have not updated FAT content). In that case, you have to explicitly choose to refresh driver through dedicated option in Goto menu when you think you have put filesystem back in a coherent state. Program will update corresponding sectors in memory and if they seem correct, use them else keep previous memorised content (but sectors on support will remain as you wrote them, so with values program finds incorrect).
The only case where program will try to automatically perform a refresh is when using exploration view in read/write mode. In that case it needs to memorise some other sectors and so shall ensure they are coherent. In case that fails, it enters exploration view in read-only mode.
Sectors that are memorised are: To improve performance, program could cache some sectors to avoid reading them too frequently. If you write them from inside the program, it will update the cached content automatically. But if you write these sectors from outside of the program, it will not be aware of that, so will still use the cached content. In that case refreshing the driver allows also clearing the cache. It shall be noticed that there is no such problem when support is accessed in read/write mode, as this prevents accessing the filesystem from outside of the program. In all views less read/write exploration view, sectors that can be cached are: In read/write exploration view, any sector can be cached.
The other cases where program keeps sectors content in memory and does not update it if they are written are: In case you access the same support in the two displays: The only definition that is never updated is the supports definition (so partitions table). If you change them, you have to restart program for it to use new definitions.

9- Calculator

Screenshot
This window displays a simple calculator: you can perform basic operations (arithmetical and bit operations), convert number from one base to another and perform computation with limiting number of bits used.
First display shows current number that is used in computation. Second display shows remainder of division when last operation is a division.
The "64 bits" ... "8 bits" list allows choosing number of bit to use in number representation. In case an operation overflows, bits above the limit are discarded. Changing number of bits will change currently displayed number. The "unsigned", "signed" list allows choosing if operations are done with considering they are unsigned or signed. Changing sign will change currently displayed number. The "Hexadecimal" ... "Binary" list allows changing base used to display numbers. Changing base will change currently displayed number. When using: The parentheses group allows opening and closing parentheses with current number of opened parentheses being displayed between the two buttons. The "Memorise" button allows adding current value into list of memorised values. The remainder is also added when it is different from 0. Memorised values can be retrieved through clicking on "V" button on right of first display or by hitting the "V" key, then selecting the value and hitting "Enter" key or double-clicking on it.
The operation buttons are: The digit buttons allow adding a digit to currently typed number. Available list of buttons depends on currently selected base. Number can also be copied or pasted through Ctrl+C and Ctrl+V (current base is used, so trying to paste a hexadecimal number when being in decimal will fail).
In addition to keys corresponding to each button, the following keys could be used:

10- Test of support's definition

a) Presentation
The test menu entries allow to check if a support contain a certain kind of definitions and to display result of these checks. Performed tests are not a deep scan of the support, they are only those the program performs to know if a support has a certain kind of definitions (so they are valid and coherent with the support).
You can get 3 results: If you forced the detection mode of filesystem in configuration and choose this kind of filesystem to test, program will use the definition you set in configuration. If you set configuration in automatic mode or the kind of filesystem to test is not the forced one, program will use the content that is stored on support.
b) Main display
Screenshot
Result of tests is displayed as a list of definitions that are checked with for each of them the result of this check. If it is valid, it is printed in black; if it is read-only, it is printed in blue; if it is invalid, it is printed in red. Next to this result, there is a button that allows displaying the details of the checks that are done for this definition.
A "Save" button is available if you want to save this result to a file. This file will contain the raw content of the read sectors and the details of each checked definition with a "<===" suffix for invalid check and "<---" for those leading to a read-only access.
The check that are done are the following:
c) Details display
Screenshot
The details window displays each part of a definition that is checked to know if content of a support will be recognized by program for the used kind of filesystem.
The window is composed of a list of items with giving for each of them: In case the value is correct, the text is displayed in black, if it wrong, it is displayed in red and if it is correct but will disallow using the filesystem in read/write mode, it is displayed in blue. In some cases, the item could be a simple message telling it cannot be checked because some previous definition is wrong.
If the content of the structure could be displayed a "View" button is available in order to display the whole content of the structure as this is done through the "View" menu.

11- Disk definitions

a) MBR partition sector
Screenshot
This window displays MBR sector that has following structure:
Item name
Size
Description
Key
Action
Boot code 440 Code to boot from this disk.    
Windows disk signature 4 Unique identifier used by Windows to identify disk.    
Unused 2 Unused bytes.    
Partition 1 16 Description of first partition.    
Partition 2 16 Description of second partition.    
Partition 3 16 Description of third partition.    
Partition 4 16 Description of fourth partition.    
Boot marker 2 0xAA55 value to mark bootable sector.    
Unused Var. Unused bytes at end of sector if this one is more than 512 bytes.    
For each partition, the description is:
Item name
Size
Description
Key
Action
Active flag 1 128 value to mean partition can be booted.    
Start sector head 1 Head of first sector of partition.    
Start sector sector 6b Sector on track of first sector of partition.    
Start sector cylinder 10b Cylinder of first sector of partition.    
Partition type 1 Value to indicate type of partition. Enter Select partition type in list.
End sector head 1 Head of last sector of partition.    
End sector sector 6b Sector on track of last sector of partition.    
End sector cylinder 10b Cylinder of last sector of partition.    
First sector 4 First sector of partition from begin of disk for main partitions or from begin of extended partition for logical ones. Enter Go to partition.
Number of sectors 4 Number of sectors of partition.    
b) GPT header sectors
Screenshot
This window displays Global Partition Table header sector that has following structure:
Item name
Size
Description
Key
Action
Signature 8 0x5452415020494645 value.    
Revision 4 GPT version.    
Size 4 Size of this header.    
CRC 4 Checksum of this header. Enter Compute checksum.
Reserved 4 Unused.    
Current header sector 8 Sector where this header appears.    
Other header sector 8 Sector where a copy of this header appears.    
First usable sector 8 First sector that could be used by a partition.    
Last usable sector 8 Last sector that could be used by a partition.    
Disk GUID 16 Disk unique identifier.    
Partition entries sector 8 Sector from where partition entries are described. Enter Go to partition entries.
Partition entries number 4 Number of partition entries. Enter Go to partition entries.
Partition entry size 4 Size of one partition entry.    
Partition entries CRC 4 Checksum of partition entries. Enter Compute checksum.
Unused Var. Unused bytes at end of sector.    
c) GPT entries sectors
Screenshot
This window displays Global Partition Table partition entries sectors that are a list of partition entries having following structure:
Item name
Size
Description
Key
Action
Type GUID 16 Identifier of type of partition.    
Partition GUID 16 Unique identifier of partition.    
First sector 8 First sector of partition. Enter Go to sector.
Last sector 8 Last sector of partition.    
Flags 8 Flags to describe partition options. Enter Display flags detail.
Name 72 Name of partition in UTF-16.    
Unused Var. Unused bytes at end of entry depending on entry size defined in GPT header.    

12- FAT definitions

a) FAT 12/FAT 16 boot sector
Screenshot
This window displays the FAT12 or FAT16 boot sector:
Item name
Size
Description
Key
Action
Jump code 3 Code to reach begin of boot sector code.    
OEM name 8 OS Vendor identification string.    
Bytes per sector 2 Number of bytes a sector has.    
Sectors per cluster 1 Number of sectors a cluster has.    
Reserved sectors 2 Number of sectors before first FAT.    
Number of FAT 1 Number of FAT.    
Number of root entries 2 Number of entries in root directory. An entry is 32 bytes long.    
Number of sectors (short) 2 Number of sectors in partition. If it is 0, value is stored in Number of sectors (long).    
Media descriptor 1 Type of media (floppy disk with its type, disk, ...).    
Number of sectors per FAT 2 Number of sectors in one FAT.    
Sectors per track 2 Number of sectors on one track.    
Heads per cylinder 2 Number of heads on one cylinder.    
Number of sectors before 4 Sector at which partition begins (in relative from begin of disk or from extended partition).    
Number of sectors (long) 4 Number of sectors in partition when it is more than 65535.    
Disk number 1 Disk or floppy number for BIOS.    
Reserved 1 0 value.    
Additional information 1 0x29 value to mean that following information are given.    
Volume identifier 4 Volume serial number (used to track media change).    
Volume label 11 Volume name, equivalent to the one stored in root directory.    
FAT name 8 FAT12, FAT16 or FAT (but does not indicate type of FAT).    
Boot code 448 Code to be able to boot this partition.    
Boot signature 2 0xAA55 signature to indicate boot sector.    
Unused Var. Unused part (only present if sector is more than 512 bytes).    
b) FAT12/FAT16 FAT
Screenshot
This window displays the FAT12 or FAT16 FAT sectors. There are 8 entries per line with for each entry:
Item name
Size
Description
Key
Action
  12b or 16b FAT entry value (size depends on FAT kind). Enter Go to cluster.
Shift+Enter Follow FAT entry.
This can be followed by an 'Unused' entry for unused bytes at end of sectors.
The two first entries are specific:
c) Directory
Screenshot
This window displays the FAT directory entries. There are two kinds of directory entries: A long name is split among several long directory entries in reverse order and is followed by its corresponding short name. Long names are stored in UTF-16.
Directory entry for short name is composed of:
Item name
Size
Description
Key
Action
Name 8 Base name of the file (part before '.'). If first byte is:
  • 0: entry is free and following ones also.
  • 5: first byte should be interpreted as 229.
  • 229: entry is free.
   
Extension 3 Extension of the file (part after '.').    
Flags 1 Entry flags (directory, read-only, ...). Enter Display flags details.
Unused 1 0 value.    
Creation 1/10 s. 1 Entry creation time in tenth of seconds.    
Creation time 2 Entry creation time. Enter Display date details.
Creation date 2 Entry creation date. Enter Display date details.
Access date 2 Entry last access date. Enter Display date details.
Cluster (high) 2 High word of cluster value. Enter Display clusters chain content.
Write time 2 Entry last write time. Enter Display date details.
Write date 2 Entry last write date. Enter Display date details.
Cluster (low) 2 Low word of cluster value. Enter Display clusters chain content.
Size 4 Number of bytes of the file.    
Directory entry for long name is composed of:
Item name
Size
Description
Key
Action
Long entry number 1 Long entry number in long entry chain in reverse order. If masked with 0x40, it is last entry. First entry (the one just before the short entry) has number 1.    
Name (part1) 10 Character 1 to 5 of name for this entry.    
Flags 1 Entry flags (15 to identify long entry). Enter Display flags details.
Zero (1) 1 0 value.    
Checksum 1 Checksum of the corresponding short entry. Enter Compute checksum.
Name (part2) 12 Character 6 to 11 of name for this entry.    
Zero (2) 2 0 value.    
Name (part3) 4 Character 12 to 13 of name for this entry.    
d) FAT32 boot sector
Screenshot
This window displays the FAT32 boot sector:
Item name
Size
Description
Key
Action
Jump code 3 Code to reach begin of boot sector code.    
OEM name 8 OS Vendor identification string.    
Bytes per sector 2 Number of bytes a sector has.    
Sectors per cluster 1 Number of sectors a cluster has.    
Reserved sectors 2 Number of sectors before first FAT.    
Number of FAT 1 Number of FAT.    
Number of root entries 2 Number of entries in root directory. An entry is 32 bytes long.    
Number of sectors (short) 2 Number of sectors in partition. If it is 0, value is stored in Number of sectors (long).    
Media descriptor 1 Type of media (floppy disk with its type, disk, ...).    
Number of sectors per FAT (short) 2 Number of sectors in one FAT. If it is 0, value is stored in Number of sectors per FAT (long).    
Sectors per track 2 Number of sectors on one track.    
Heads per cylinder 2 Number of heads on one cylinder.    
Number of sectors before 4 Sector at which partition begins (in relative from begin of disk or from extended partition).    
Number of sectors (long) 4 Number of sectors in partition when it is more than 65535.    
Number of sectors per FAT (long) 4 Number of sectors in one FAT when it is more than 65535.    
Used FAT 2 Definition of which FAT is used. Enter Display details.
FAT version 2 0 to mean it is first FAT32 format.    
Root first cluster 4 First cluster of root directory.    
Information sector 2 Sector where are stored some information on FAT. Enter Go to sector.
Boot sector copy 2 Sector where is stored a copy of the boot sector. Enter Go to sector.
Reserved 12 0 value.    
Disk number 1 Disk or floppy number for BIOS.    
Reserved 1 0 value.    
Additional information 1 Value to mean that following information are given.    
Volume identifier 4 Volume serial number (used to track media change).    
Volume label 11 Volume name, equivalent to the one stored in root directory.    
FAT name 8 FAT32 (but does not indicate type of FAT).    
Boot code 420 Code to be able to boot this partition.    
Boot signature 2 0xAA55 signature to indicate boot sector.    
Unused Var. Unused part (only present if sector is more than 512 bytes).    
e) FAT32 information sector
Screenshot
This window displays the FAT32 information sector:
Item name
Size
Description
Key
Action
First signature 4 0x41615252 value.    
Reserved 480 0 value.    
Second signature 4 0x61417272 value.    
Free clusters number 4 Number of free clusters on the partition or 4294967295 if it is not computed.    
First free cluster 4 First cluster from which starting to look for free cluster or 4294967295 if it is not known.    
Reserved 12 0 value.    
Third signature 4 0xAA550000 value.    
Unused Var. Unused part (only present if sector is more than 512 bytes).    
f) FAT32 FAT
Screenshot
This window displays the FAT32 FAT sectors. There are 4 entries per line with each entry being split into:
Item name
Size
Description
Key
Action
  28b 28 lowest bits of FAT entry value. Enter Go to cluster.
Shift+Enter Follow FAT entry.
  4b 4 highest bits of FAT entry value.    
This can be followed by an 'Unused' entry for unused bytes at end of sectors.
The two first entries are specific:

13- NTFS definitions

a) Boot sector
Screenshot
This window displays the NTFS boot sector:
Item name
Size
Description
Key
Action
Jump code 3 Code to reach begin of boot sector code.    
OEM name 8 OS Vendor identification string.    
Bytes per sector 2 Number of bytes a sector has.    
Sectors per cluster 1 Number of sectors a cluster has.    
Reserved sectors 2 0 value.    
Null values 5 0 value.    
Media descriptor 1 Type of media (floppy disk with its type, disk, ...).    
Null values 2 0 value.    
Sectors per track 2 Number of sectors on one track.    
Heads per cylinder 2 Number of heads on one cylinder.    
Number of sectors before 4 Sector at which partition begins (in relative from begin of disk or from extended partition).    
Null values 4 0 value.    
Disk number 1 Disk or floppy number for BIOS.    
Unused 3 0 value.    
Number of sectors 8 Number of sectors in partition.    
MFT cluster 8 First cluster of $MFT file. Enter Go to MFT table
MFT mirror cluster 8 First cluster of $MFTMirr file. Enter Go to MFT mirror table
Cluster per MFT record 1 If positive, number of clusters per MFT record, if negative, size of MFT record in bytes (2 power absolute value).    
Unused 3 0 value.    
Cluster per index record 1 Size of index record (same computation than for cluster per MFT record).    
Unused 3 0 value.    
Volume serial number 8 Volume serial number.    
Unused 4 0 value.    
Boot code 426 Code to be able to boot this partition.    
Boot signature 2 0xAA55 signature to indicate boot sector.    
Unused Var. Unused part (only present if sector is more than 512 bytes).    
b) MFT
Screenshot
The Master File Table is composed of several MFT record each of them describing a file (or part of a file). They share the same structure: Attributes describe file information and content. They can have several representations depending on their type and if they are small enough to be stored into the MFT record (resident attribute) or not (not resident attribute). A resident attribute is composed of: A not resident attribute is composed of: Last attribute has type 0xffffffff to mark end of attributes list.
The MFT record header has the following structure:
Item name
Size
Description
Key
Action
Magic number 4 "FILE" value.    
Update sequence offset 2 Offset where the protection sequence appears. The protection sequence stores the two last bytes of each sector of MFT record and replaces them with a two bytes value appearing at begin of this sequence.    
Update sequence size 2 Number of two bytes values in protection sequence (number of sectors per MFT record + 1).    
File sequence number 8 Sequence number in $LogFile.    
Number of use 2 Number of use of file.    
Nb hard link 2 Number of hard links to file.    
Attribute offset 2 Offset of first attribute.    
Flags 2 MFT record flags. Enter Display flags detail.
File record size 4 Size of file record (padded to multiple of 8).    
Allocated size 4 Allocated size of file record.    
Base file 6 MFT record number of base record if this MFT is split among several records (base record if 0). Enter Go to corresponding MFT.
Seq. number 2 Number of use of base record.    
Next attribute number 2 Next value that can be used as attribute number.    
Padding Var. Padding to reach update sequence offset.    
Update sequence Var. Update sequence (2 first bytes: value set in two last bytes of each sector, following two bytes: original value read from each sector).    
Attributes Var. Content of attributes.    
Unused in MFT Var. Unused part at end of MFT record.    
When being displayed in detailed format, the update sequence protection is unset to see the correct value, but when being displayed in raw format, the protection is left (so two last bytes of each sector need to be read from update sequence).
A resident attribute header has following structure:
Item name
Size
Description
Key
Action
Attribute type 4 Type of attribute (content depends on this).    
Attribute size 4 Size of the attribute. Enter Get length from current size.
Shift+Enter Update unused part at end of attribute.
Not resident 1 0 to mean it is resident.    
Name length 1 Length of name of attribute in UTF-16. Enter Get value from current name length.
Shift+Enter Update name length.
Name offset 2 Offset of name of attribute. Enter Get offset from current name offset.
Shift+Enter Update padding length before name.
Flags 2 Attribute's flags. Enter Display flags detail.
Identifier 2 Attribute unique identifier into MFT record.    
Data size 4 Size of data part.    
Data offset 2 Offset of data part. Enter Get offset from current data offset.
Shift+Enter Update padding length before data.
Indexed flag 1 Flag to signal if attribute is indexed or not.    
Unused 1 0 value.    
Padding Var. Padding to reach name offset.    
Attribute name Var. Name of attribute in UTF-16.    
Padding Var. Padding to reach data offset.    
Data Var. Data of attribute (depends on attribute type).    
Unused in attr Var. Padding to reach size of attribute.    
A not resident attribute header structure depends on if data are compressed or not. In case of not resident not compressed attribute, it has following structure:
Item name
Size
Description
Key
Action
Attribute type 4 Type of attribute (content depends on this). Enter Go to the content with formatting it depending on its type.
Attribute size 4 Size of the attribute. Enter Get length from current size.
Shift+Enter Update unused part at end of attribute.
Not resident 1 1 to mean it is not resident.    
Name length 1 Length of name of attribute in UTF-16. Enter Get value from current name length.
Shift+Enter Update name length.
Name offset 2 Offset of name of attribute. Enter Get offset from current name offset.
Shift+Enter Update padding length before name.
Flags 2 Attribute's flags. Enter Display flags detail.
Identifier 2 Attribute unique identifier into MFT record.    
First VCN 8 First logical cluster covered by this attribute when several attributes of the same type exist in the same MFT record.    
Last VCN 8 Last logical cluster covered by this attribute.    
Data run offset 2 Offset of data runs. Enter Get offset from current data runs offset.
Shift+Enter Update padding length before data runs.
Compression unit 2 0 to mean uncompressed.    
Unused 4 0 value.    
Alloc. data size 8 Allocated size for data.    
Data size 8 Size of data.    
Init. data size 8 Initialised size of data.    
Padding Var. Padding to reach name offset.    
Attribute name Var. Name of attribute in UTF-16.    
Padding Var. Padding to reach data offset.    
Data runs Var. Description of clusters where data are.    
Unused in attr Var. Padding to reach size of attribute.    
In case of not resident compressed attribute, it has following structure:
Item name
Size
Description
Key
Action
Attribute type 4 Type of attribute (content depends on this). Enter Go to the content with formatting it depending on its type.
Attribute size 4 Size of the attribute. Enter Get length from current size.
Shift+Enter Update unused part at end of attribute.
Not resident 1 1 to mean it is not resident.    
Name length 1 Length of name of attribute in UTF-16. Enter Get value from current name length.
Shift+Enter Update name length.
Name offset 2 Offset of name of attribute. Enter Get offset from current name offset.
Shift+Enter Update padding length before name.
Flags 2 Attribute's flags. Enter Display flags detail.
Identifier 2 Attribute unique identifier into MFT record.    
First VCN 8 First virtual cluster covered by this attribute when several attributes of the same type exist in the same MFT record.    
Last VCN 8 Last virtual cluster covered by this attribute.    
Data run offset 2 Offset of data runs. Enter Get offset from current data runs offset.
Shift+Enter Update padding length before data runs.
Compression unit 2 Compression buffer size.    
Unused 4 0 value.    
Alloc. data size 8 Allocated size for data.    
Data size 8 Size of data.    
Init. data size 8 Initialised size of data.    
Compressed data size 8 Size of data after compression.    
Padding Var. Padding to reach name offset.    
Attribute name Var. Name of attribute in UTF-16.    
Padding Var. Padding to reach data offset.    
Data runs Var. Description of clusters where data are.    
Unused in attr Var. Padding to reach size of attribute.    
Data runs are described through a list of cluster ranges stored as:
Item name
Size
Description
Key
Action
Sizes 1 4 upper bits give size of begin cluster part, 4 lower bits give size of length part.    
Nb clusters Var. Number of clusters in this data run. Enter Go to clusters.
Shift+Enter Update sizes value.
Begin cluster Var. First cluster in this data run. Enter Go to clusters.
Shift+Enter Update sizes value.
Sparse type Var. Type of data run: either not sparse, or using V1.2 or V3.0 type of sparse data run encoding.    
Numbers are stored in a compressed way: first byte of data run gives number of bytes to represent each part. The begin cluster part gives cluster value in relative from absolute cluster starting previous data run (so is a signed value). When data area is filled by 0, data runs can be stored as sparse data runs: they do not occupy any space on disk. There is two ways to represent sparse data runs: Data runs list ends with a data run having both sizes equal to 0. When being displayed in detailed format, the begin cluster of data runs is displayed in absolute value. When being displayed in raw format, data runs are displayed as stored on disk (so with relative starting cluster).
Description of attributes depending on their type:
c) Standard information attribute
Screenshot
The standard information attribute has type 0x10 and has following structure:
Item name
Size
Description
Key
Action
Creation time 8 File creation time. Enter Display time details.
Mod. time 8 File modification time. Enter Display time details.
MFT time 8 MFT record modification time. Enter Display time details.
Read time 8 File access time. Enter Display time details.
DOS permissions 4 DOS permissions flag. Enter Display flags detail.
Max nb ver 4 Maximum allowed versions for file (0: disabled).    
Version 4 File version.    
Class id. 4 Class identifier for class index.    
Owner id. 4 Owner identifier.    
Secur. id. 4 Key in the $SSII index.    
Quota charged 8 Size of this file in user's quota.    
Up. seq. nb 8 Last update sequence number of the file.    
Depending on attribute's size, last four fields could be absent.
d) Attributes list attribute
Screenshot
The attributes list attribute has type 0x20. It stores references to all attributes in a MFT record when this one is split over several MFT. It is composed of several records describing one attribute and having following structure:
Item name
Size
Description
Key
Action
Type 4 Type of the attribute described by this record.    
Length 2 Length of this record. Enter Get length from current size.
Shift+Enter Update padding length at end.
Name length 1 Length of name of attribute. Enter Get value from current name length.
Shift+Enter Update name length.
Name offset 1 Offset of name of attribute. Enter Get offset from current name offset.
Shift+Enter Update padding length before name.
VCN 8 First virtual cluster of attribute.    
MFT 6 MFT record where the attribute is stored. Enter Go to corresponding MFT.
Seq. number 2 Number of use of MFT record.    
Attribute id. 2 Unique identifier of attribute into MFT record.    
Padding Var. Padding to reach name offset.    
Attr name Var. Attribute name.    
Padding Var. Padding to reach record size.    
e) File name attribute
Screenshot
The file name attribute has type 0x30 and has following structure:
Item name
Size
Description
Key
Action
Directory 6 MFT record of directory where file is. Enter Go to corresponding MFT.
Shift+Enter Go to directory content.
Seq. number 2 Number of use of directory MFT record.    
Creation time 8 File creation time. Enter Display time details.
Mod. time 8 File modification time. Enter Display time details.
MFT time 8 MFT record modification time. Enter Display time details.
Read time 8 File access time. Enter Display time details.
Alloc. size 8 Size allocated to file.    
Size 8 Size of file.    
File flags 4 File flags. Enter Display flags detail.
Ext. attr. 4 Size of extended attributes.    
Name length 1 Length of file name. Enter Get value from current name length.
Shift+Enter Update name length.
Namespace 1 Namespace of the file name (0: POSIX, 1: Win32, 2: DOS, 3: Win32 and DOS).    
Name Var. File name in UTF-16.    
f) Object identifier attribute
Screenshot
The file name attribute has type 0x40 and has following structure:
Item name
Size
Description
Key
Action
GUID object identifier 16 Object unique identifier.    
GUID birth volume identifier 16 Unique identifier of volume where file was created.    
GUID birth object identifier 16 Original unique identifier.    
GUID domain identifier 16 Network unique identifier.    
Depending on attribute's size only first fields could be present.
g) Security descriptor attribute
Screenshot
The security descriptor attribute has type 0x50 and has following structure:
Item name
Size
Description
Key
Action
Revision 1 Security descriptor version.    
Padding 1 Unused value.    
Control flags 2 Flags to describe security descriptor. Enter Display flags detail.
User SID offset 4 Offset of the user SID. Enter Get offset from current user SID offset.
Shift+Enter Update padding length before user SID.
Group SID offset 4 Offset of the group SID. Enter Get offset from current group SID offset.
Shift+Enter Update padding length before group SID.
SACL offset 4 Offset of the SACL. Enter Get offset from current SACL offset.
Shift+Enter Update padding length before SACL.
DACL offset 4 Offset of the DACL Enter Get offset from current DACL offset.
Shift+Enter Update padding length before DACL.
Padding Var. Padding to reach SACL offset.    
SACL Var. System Access Control List description.    
Padding Var. Padding to reach DACL offset.    
DACL Var. Discretionary Access Control List description.    
Padding Var. Padding to reach user SID.    
User SID Var. User that owns the file.    
Padding Var. Padding to reach group SID.    
Group SID Var. Group that owns the file.    
Unused Var. Unused part at end of attribute.    
An Access Control List has the following structure:
Item name
Size
Description
Key
Action
Revision 1 ACL version.    
Padding 1 Unused value.    
Size 2 ACL size. Enter Get size from current ACL size.
Shift+Enter Update unused part length at end.
ACE count 2 Number of Access Control Entry.    
Padding 2 Unused value.    
ACE Var. Access Control Entries.    
Unused in ACL Var. Unused bytes at end of ACL.    
An Access Control Entry has the following structure:
Item name
Size
Description
Key
Action
Type 1 ACE type.    
Flags 1 ACE flags. Enter Display flags detail.
Size 2 ACE size. Enter Get size from current ACE size.
Shift+Enter Update unused part length at end.
Access mask 4 Allowed or disallowed actions. Enter Display actions detail.
SID Var. Identifier to which ACE applies.    
Unused in ACE Var. Unused bytes at end of ACE.    
h) Volume name attribute
Screenshot
The volume name attribute has type 0x60 and has following structure:
Item name
Size
Description
Key
Action
Name Var. Name of volume in UTF-16.    
i) Volume information attribute
Screenshot
The volume information attribute has type 0x70 and has following structure:
Item name
Size
Description
Key
Action
Unknown 8 Not known content.    
Major version 1 NTFS major version.    
Minor version 1 NTFS minor version.    
Flags 2 Volume flags. Enter Display flags detail.
Unknown 4 Not known content.    
j) Data attribute
The data attribute has type 0x80 and has following structure:
Item name
Size
Description
Key
Action
Data Var. Content of attribute.    
k) Index root attribute
Screenshot
The index root attribute has type 0x90 and has following structure:
Item name
Size
Description
Key
Action
Type 4 Type of the indexed attribute.    
Collation rule 4 Collation rule used to sort entries.    
Alloc. index size 4 Size of index allocation entries.    
Cluster per index record 1 Size of each index block (same way of coding than in boot sector).    
Padding 3 Unused value.    
Entries offset 4 Offset of content. Enter Get offset from current offset.
Shift+Enter Update padding length before entries.
Entries size 4 Size of entries.    
Allocated size 4 Size allocated for entries.    
Uses index_alloc 1 0: entries in this attribute, 1: entries in index allocation attribute.    
Padding Var. Padding to reach entries offset.    
Content Var. Entries content.    
Empty Var. Padding to reach allocated size.    
In case of directory, entries content has following structure:
Item name
Size
Description
Key
Action
File reference 6 MFT record of the referenced file. Enter Go to MFT of file.
Shift+Enter Go to file content.
Seq. number 2 Number of use of file MFT record.    
Entry length 2 Size of the entry.    
Attribute size 2 Size of the attribute.    
Entry flags 2 Entry flags. Enter Displays flags detail.
Unused 2 Unused value.    
Directory 6 MFT record of directory where file is. Enter Go to corresponding MFT.
Shift+Enter Go to directory content.
Seq. number 2 Number of use of directory MFT record.    
Creation time 8 File creation time. Enter Display time details.
Mod. time 8 File modification time. Enter Display time details.
MFT time 8 MFT record modification time. Enter Display time details.
Read time 8 File access time. Enter Display time details.
Alloc. size 8 Size allocated to file.    
Size 8 Size of file.    
File flags 4 File flags. Enter Display flags detail.
Ext. attr. 4 Size of extended attributes.    
Name length 1 Length of file name. Enter Get length from current name.
Shift+Enter Update name length.
Namespace 1 Namespace of the file name (0: POSIX, 1: Win32, 2: DOS, 3: Win32 and DOS).    
Name Var. File name in UTF-16.    
Padding Var. Padding value.    
Sub-node VCN 8 VCN of sub-node (only present if sub-node flag is set in flags).    
Part after "Unused" entry could be not given for last entry.
l) Index allocation attribute
Screenshot
The index allocation attribute has type 0xa0 and is composed of several entries having following structure:
Item name
Size
Description
Key
Action
Magic number 4 "INDX" value.    
Update sequence offset 2 Offset where the protection sequence appears. The protection sequence stores the two last bytes of each sector of index record and replaces them with a two bytes value appearing at begin of this sequence.    
Update sequence size 2 Number of two bytes values in protection sequence (number of sectors per index record + 1).    
$LogFile seq. number 8 Sequence number in $LogFile.    
VCN in sequence 8 Virtual cluster of this index record into index allocation.    
Entries offset 4 Offset of content. Enter Get offset from content offset.
Shift+Enter Update padding length before content.
Entries size 4 Size of entries.    
Allocated size 4 Size allocated for entries. Enter Get size from content size.
Shift+Enter Update empty length at end.
Has children 1 0: index record is leaf, 1: index record has children.    
Padding Var. Padding to reach entries offset.    
Content Var. Entries content.    
Empty Var. Padding to reach allocated size.    
In case of directory, entries content has following structure:
Item name
Size
Description
Key
Action
File reference 6 MFT record of the referenced file. Enter Go to MFT of file.
Shift+Enter Go to file content.
Seq. number 2 Number of use of file MFT record.    
Entry length 2 Size of the entry.    
Attribute size 2 Size of the attribute.    
Entry flags 2 Entry flags. Enter Displays flags detail.
Unused 2 Unused value.    
Directory 6 MFT record of directory where file is. Enter Go to corresponding MFT.
Shift+Enter Go to directory content.
Seq. number 2 Number of use of directory MFT record.    
Creation time 8 File creation time. Enter Display time details.
Mod. time 8 File modification time. Enter Display time details.
MFT time 8 MFT record modification time. Enter Display time details.
Read time 8 File access time. Enter Display time details.
Alloc. size 8 Size allocated to file.    
Size 8 Size of file.    
File flags 4 File flags. Enter Display flags detail.
Ext. attr. 4 Size of extended attributes.    
Name length 1 Length of file name. Enter Get length from current name.
Shift+Enter Update name length.
Namespace 1 Namespace of the file name (0: POSIX, 1: Win32, 2: DOS, 3: Win32 and DOS).    
Name Var. File name in UTF-16.    
Padding Var. Padding value.    
Sub-node VCN 8 VCN of sub-node (only present if sub-node flag is set in flags).    
m) Bitmap attribute
Screenshot
The bitmap attribute has type 0xb0 and has following structure:
Item name
Size
Description
Key
Action
Bitmap Var. Bits giving object state (depends on bitmap type). Enter Displays bits definition.
n) Reparse point attribute
Screenshot
The reparse point attribute has type 0xc0 and has following structure:
Item name
Size
Description
Key
Action
Type 4 Type and flags of reparse point.    
Size 2 Content length. Enter Get length from current content.
Shift+Enter Update content length.
Reserved 2 Padding.    
Content Var. Content depending on type.    
o) Extended attribute information attribute
The extended attributes information attribute has type 0xd0 and has following structure:
Item name
Size
Description
Key
Action
Packed size 2 Size of the packed information.    
Nb ext. attr. 2 Number of extended attributes.    
Unpacked size 4 Size of the unpacked information.    
p) Extended attribute attribute
The extended attributes attribute has type 0xe0 and stores several definitions having following structure:
Item name
Size
Description
Key
Action
Size 4 Extended attribute size. Enter Get length from current size.
Shift+Enter Update unused length.
Flags 1 Extended attribute flags.    
Name length 1 Length of extended attribute name. Enter Get length from current name.
Shift+Enter Update name length.
Value length 2 Length of extended attribute value. Enter Get length from current value.
Shift+Enter Update value length.
Name Var. Extended attribute name.    
Value Var. Extended attribute value.    
Unused Var. Padding to reach extended attribute size.    
q) Property set attribute
The property set attribute has type 0xf0 and has following structure:
Item name
Size
Description
Key
Action
Content Var. Content of the attribute.    
r) Logged utility stream attribute
Screenshot
The logged utility stream attribute has type 0x100 and has following structure:
Item name
Size
Description
Key
Action
Content Var. Content of the attribute.    

14- Ext2 definitions

a) Superblock
Screenshot
This window displays the ext2/ext3/ext4 superblock. Superblock description depends on its version number.
Common part is:
Item name
Size
Description
Key
Action
Unused 1024 Unused bytes before superblock.    
Number of inodes 4 Number of inodes.    
Number of blocks 4 Number of blocks.    
Number of reserved blocks 4 Number of blocks reserved to specific user when filesystem becomes full.    
Number of free blocks 4 Number of free blocks.    
Number of free inodes 4 Number of free inodes.    
First data block 4 Number of first block.    
Block size 4 Size of block (in power of 2 from 1024).    
Fragment size 4 Size of fragment.    
Blocks per group 4 Number of blocks in a group (multiple of 8).    
Fragments per group 4 Number of fragments in a group.    
Inodes per group 4 Number of inodes in a group (multiple of 8).    
Mount date 4 Last mount time. Enter Display time.
Write date 4 Last write time. Enter Display time.
Number of mount 2 Number of mounts since last filesystem check.    
Maximum number of mount 2 Maximum number of mounts between two filesystems checks.    
Superblock signature 2 0xEF53 value.    
File system state 2 Flags giving filesystem state. Enter Display details of flag.
Error treatment 2 What to perform in case of error (1: ignore, 2: mount read-only, 3: panic).    
Unused 2 0 value.    
Last check date 4 Last check time. Enter Display time.
Time between checks 4 Maximum number of seconds between two filesystems checks.    
OS 4 OS creator of filesystem (0: Linux, 1: Hurd, 2: Masix). This influences some data structure.    
Version number 4 Filesystem version (0 or 1).    
Reserved blocks uid 2 Identifier of user that can use reserved blocks.    
Reserved blocks gid 2 Identifier of group that can use reserved blocks.    
Following fields are defined for filesystem version 1 only and depend on the defined compatibility/read compatibility/incompatiblity flags:
Item name
Size
Description
Key
Action
First not reserved inode 4 Number of first inode that could be allocated.    
Inode size 2 Size of an inode.    
Group number 2 Group to which this superblock belongs.    
Compatibility flags 4 Options used on this filesystem that does not prevent it to be used by a kernel that does not know them. Enter Display flags detail.
Incompatibility flags 4 Options used on this filesystem that prevents it to be used by a kernel that does not know them. Enter Display flags detail.
Read compatibility flags 4 Options used on this filesystem that force a kernel that does not know them to mount it read only. Enter Display flags detail.
Volume identifier 16 Volume unique identifier.    
Volume name 16 Volume name.    
Last mount point 64 Path to which the filesystem was last mounted.    
Allocation algorithm 4 Used compression algorithm.    
Preallocated blocks number 1 Number of blocks preallocated on allocation.    
Preallocated directories number 1 Number of blocks preallocated on directory allocation.    
Reserved blocks in group table 2 Number of blocks reserved at end of group descriptors for online growth.    
Journal identifier 16 Unique identifier of journal superblock.    
Journal inode 4 Inode of journal file.    
Journal device 4 Device of journal file.    
First inode to delete 4 Start of list of inodes to delete.    
Hash seed 16 HTREE hash seed for directory tree.    
Hash version 1 HTREE hash version to used.    
Journal backup type 1 Default type of journal backup.    
Group descriptor size 2 Size of group descriptors (only if 64 bits incompatibility flag is set).    
Default mount options 4 Options to use on mount. Enter Display mount flags.
First meta block group 4 Group of first metablock.    
File system creation time 4 Time of creation of filesystem. Enter Display time.
Journal blocks backup 68 Backup of blocks in journal inode.    
Number of blocks (hi) 4 High part of number of blocks.    
Number of reserved blocks (hi) 4 High part of number of reserved blocks.    
Number of free blocks (hi) 4 High part of number of free blocks.    
Minimum inode extra size 2 Minimum size of an inode.    
New inode extra size 2 Minimum size of new inodes.    
Flags 4 Miscellaneous flags. Enter Display flags.
RAID stride 2 RAID stride.    
Multi mount protection interval 2 Number of seconds to wait in multi-mount check.    
Multi mount protection block 8 Block for multi-mount protection. Enter Display block.
RAID stripe size 4 RAID stripe size.    
Flexible block group size 1 Number of groups per flexible group (power of 2).    
Checksum type 1 Type of algorithm for metadata checksum.    
Encryption level 1 Versioning level for encryption.    
Reserved 1 Unused.    
Number of kilobytes written 8 Number of kilobytes that were written.    
Snapshot inode 4 Inode number of the active snapshot.    
Snapshot identifier 4 Identifier of the active snapshot.    
Snapshot reserved blocks 8 Number of blocks reserved for active snapshot.    
Snapshot head inode 4 Inode number of the head of snapshot.    
Number of filesystem errors 4 Number of errors encountered on filesystem.    
Time of first error 4 Time at which first error happened. Enter Display time.
Inode of first error 4 Inode that was involved in first error.    
Block of first error 8 Block that was involved in first error.    
Function of first error 32 Name of function where first error happened.    
Line of first error 4 Line number where first error happened.    
Time of last error 4 Time at which last error happened. Enter Display time.
Inode of last error 4 Inode that was involved in last error.    
Line of last error 4 Line number where last error happened.    
Block of last error 8 Block that was involved in last error.    
Function of last error 32 Name of function where last error happened.    
Mount options 64 Options that were used to mount filesystem.    
User quota inode 4 Inode number of user quota file.    
Group quota inode 4 Inode number of group quota file.    
Overhead blocks 4 Overheap blocks/clusters in filesystem.    
First backup block group 4 Group number of first backup block group.    
Second backup block group 4 Group number of second backup block group.    
Encryption algorithm 4 Algorithm used for encryption.    
Encryption salt 16 Initialisation of encryption algorithm.    
Lost+found inode 4 Inode of lost+found directory.    
Project quota inode 4 Inode number of project quota file.    
Checksum seed 4 Seed of checksum computed from UUID.    
Padding 392 Unused bytes at end of superblock.    
Superblock ckecksum 4 Checksum of the super block. Enter Compute checksum.
Unused Var. Unused bytes after superblock (only if cluster size is bigger than superblock size).    
b) Group descriptor (32 bits)
Screenshot
This window displays the group descriptors table for 32 bits version.
Table is composed of several descriptors having the following structure:
Item name
Size
Description
Key
Action
Block bitmap block 4 Block number of the bitmap block. Enter Go to block bitmap.
Inode bitmap block 4 Block number of the inode block. Enter Go to inode bitmap.
Inode table block 4 First block of the inode table. Enter Go to inode table.
Free blocks count 2 Number of free blocks in group.    
Free inodes count 2 Number of free inodes in group.    
Used directories count 2 Number of directories in group.    
Flags 2 Group descriptor flags. Enter Display flags detail.
Snapshot exclude bitmap 4 Block number storing exclude bitmap for snapshot.    
Block bitmap checksum 2 Low part of checksum of block bitmap. Enter Compute checksum.
Inode bitmap checksum 2 Low part of checksum of inode bitmap. Enter Compute checksum.
Number unused inodes 2 Number of inodes not used in group.    
Checksum 2 Group descriptor checksum. Enter Compute checksum.
The four last fields are used only if the group descriptor checksum compatibility flag is set into superblock. The group descriptors table could be followed by an unused part in case it does not fill up the blocks.
c) Group descriptor (64 bits)
Screenshot
This window displays the group descriptors table for 64 bits version.
Table is composed of several descriptors having the following structure:
Item name
Size
Description
Key
Action
Block bitmap block (low) 4 Low part of block number of the bitmap block. Enter Go to block bitmap.
Inode bitmap block (low) 4 Low part of block number of the inode block. Enter Go to inode bitmap.
Inode table block (low) 4 Low part of first block of the inode table. Enter Go to inode table.
Free blocks count (low) 2 Low part of number of free blocks in group.    
Free inodes count (low) 2 Low part of number of free inodes in group.    
Used directories count (low) 2 Low part of number of directories in group.    
Flags 2 Group descriptor flags. Enter Display flags detail.
Snapshot exclude bitmap (low) 4 Low part of block number storing exclude bitmap for snapshot.    
Block bitmap checksum (low) 2 Low part of checksum of block bitmap. Enter Compute checksum.
Inode bitmap checksum (low) 2 Low part of checksum of inode bitmap. Enter Compute checksum.
Number unused inodes (low) 2 Low part of number of inodes not used in group.    
Checksum 2 Group descriptor checksum. Enter Compute checksum.
Block bitmap block (high) 4 High part of block number of the bitmap block. Enter Go to block bitmap.
Inode bitmap block (high) 4 High part of block number of the inode block. Enter Go to inode bitmap.
Inode table block (high) 4 High part of first block of the inode table. Enter Go to inode table.
Free blocks count (high) 2 High part of number of free blocks in group.    
Free inodes count (high) 2 High part of number of free inodes in group.    
Used directories count (high) 2 High part of number of directories in group.    
Number unused inodes (high) 2 High part of number of inodes not used in group.    
Snapshot exclude bitmap (high) 4 High part of block number storing exclude bitmap for snapshot.    
Block bitmap checksum (high) 2 High part of checksum of block bitmap. Enter Compute checksum.
Inode bitmap checksum (high) 2 High part of checksum of inode bitmap. Enter Compute checksum.
Reserved 4 Unused.    
The group descriptors table could be followed by an unused part in case it does not fill up the blocks.
d) Inodes table
Screenshot
This window displays the inode table.
Table is composed of several inodes followed by an optional unused part if inodes table does not fill the blocks. An inode has a different structure depending on creator OS, only Linux one is displayed here. An inode has a different definition depending on its content. All inodes share the following structure:
Item name
Size
Description
Key
Action
Mode 2 Inode mode (protection bits, ...). Enter Display mode details.
User id 2 User owner of inode.    
Size 4 Size of the inode in bytes.    
Access time 4 Last access time. Enter Display time.
Inode change time 4 Last modification time of inode. Enter Display time.
Modification time 4 Last modification time of content of inode. Enter Display time.
Deletion time 4 Last deletion time. Enter Display time.
Group id 2 Group owner of inode.    
Number of links 2 Number of hard-links to this inode.    
Number of sectors 4 Number of sectors allocated to this inode.    
Flags 4 Inode flags. Enter Display flags details.
Version 4 Inode version.    
Inode content definition 60 Variable definition depending on inode content.    
Generation 4 NFS version.    
File ACL 4 Block number of a block giving inode attributes. Enter Go to block.
Directory ACL 4 High part of inode size.    
Fragment address 4 Fragment address.    
Nb of sectors (hi) 2 High part of number of sectors.    
File ACL (high) 2 High part of file ACL block. Enter Go to block.
User id (high) 2 High part of user identifier.    
Group id (high) 2 High part of group identifier.    
Checksum 2 Low part of inode checksum.    
Reserved 2 Unused.    
Extra size 2 Additional size for inode.    
Checksum (high) 2 High part of checksum.    
Extra change time 4 Precision on change time.    
Extra modification time 4 Precision on modification time.    
Extra access time 4 Precision on access time.    
Creation time 4 Creation time.    
Extra creation time 4 Precision on creation time.    
Version (high) 4 High part of inode version.    
Extended attributes header 4 Marker of extended attributes definition.    
Extended attributes Var. Extended attributes definition.    
Unknown Var. Additional content.    
Definition starting from "Extra size" one depends on inode size and on this "Extra size" value.
In case of standard inode, the inode content definition is:
Item name
Size
Description
Key
Action
Direct blocks 12*4 12 blocks containing inode data (if not 0). Enter Go to block.
Indirect blocks 4 Block that defines a list of blocks containing inode data (if not 0). Enter Go to block.
Double indirect blocks 4 Block that gives a list of indirect blocks (if not 0). Enter Go to block.
Triple indirect blocks 4 Block that gives a list of double indirect blocks (if not 0). Enter Go to block.
In case of device, the block numbers contain the device major and minor number. In case of socket or pipe, the block numbers are 0 (there is no associated data).
In case of fast symbolic links (symbolic links with less than 60 bytes), the inode content definition is:
Item name
Size
Description
Key
Action
Symbolic link name 60 Name of the symbolic link (ending with 0).    
In case of inode with extents, the inode content definition contains an extent definition without the checksum part.
In case of inode with inline data, the inode content definition is:
Item name
Size
Description
Key
Action
Inline data 60 Start of inline data. Following part is into data extended attribute.    
In case inode uses extended attributes, their format is the same than in extended attributes definition without the header part, this one being reduced to the "extended attributes header" field corresponding to "magic field" of complete header.
e) Inodes bitmap
Screenshot
The inode bitmap gives for each inode of current group if it is occupied or not:
Item name
Size
Description
Key
Action
  n Bits giving if inodes are occupied or not. Enter Displays bits definition.
Unused Var. Optional part if inode bitmap does not fill block.    
f) Blocks bitmap
Screenshot
The block bitmap gives for each block of current group if it is occupied or not:
Item name
Size
Description
Key
Action
  n Bits giving if blocks are occupied or not. Enter Displays bits definition.
Unused Var. Optional part if block bitmap does not fill block.    
g) Directory
Screenshot
This window displays the ext2 directory entries:
Item name
Size
Description
Key
Action
Inode 4 Inode number. Enter Go to inode.
Entry length 2 Size of directory entry. Shift+Enter Update padding length.
Name length 1 Length of file name. Enter Get length from name.
Shift+Enter Update file name.
File type 1 Type of file.    
Name Var. File name. Enter Go to file.
Shift+Enter Update name length.
Padding Var. Padding for directory entry to be multiple of 4.    
h) Indirect blocks list
Screenshot
The indirect block list is composed of list of number of blocks containing inode data:
Item name
Size
Description
Key
Action
  n*4 Block containing data. Enter Go to block.
Unused Var. Optional part if list of blocks does not fill block.    
i) Double indirect blocks list
The double indirect block list is composed of list of number of blocks containing direct blocks numbers:
Item name
Size
Description
Key
Action
Indirect blocks n*4 Block containing indirect blocks number. Enter Go to block.
Unused Var. Optional part if list of blocks does not fill block.    
j) Triple indirect blocks list
The triple indirect block list is composed of list of number of blocks containing double indirect blocks numbers:
Item name
Size
Description
Key
Action
Double indirect blocks n*4 Block containing double indirect blocks number. Enter Go to block.
Unused Var. Optional part if list of blocks does not fill block.    
k) Extents
Screenshot
Extent definition is composed of:
Item name
Size
Description
Key
Action
Magic 2 0xF30A value    
Number of entries 2 Number of leaf or index extents.    
Maximum number of entries 2 Maximum number of leaf or index extents.    
Depth 2 Depth to reach leaf extents.    
Generation 4 Extent version.    
Item name
Size
Description
Key
Action
Logical block 4 Logical block in extents definition.    
Number of blocks 2 Number of blocks in extent.    
Physical block (high) 2 High part of physical block. Enter Go to block.
Physical block (low) 4 Low part of physical block. Enter Go to block.
Item name
Size
Description
Key
Action
From logical block 4 First logical block in extents definition.    
Index block (low) 4 Low part of block containing extents one depth lower. Enter Go to block.
Index block (high) 2 High part of block containing extents one depth lower. Enter Go to block.
Unused 2 Unused.    
Item name
Size
Description
Key
Action
Checksum 4 Checksum of extents definition. Enter Compute checksum.
Extents definition can be followed by unused part if they do not fill the whole area.
l) Multimount protection block
Screenshot
This window displays the multi-mount protection block content:
Item name
Size
Description
Key
Action
Magic 4 0x004D4D50 value.    
Sequence number 4 Sequence number that is periodically updated.    
Last updated time 8 Last time the block was updated.    
Node name 64 Last node that updated the block.    
Device name 32 Last device that updated the block.    
Check interval 2 Time between two checks of the block.    
Unused 906 Unused part.    
Checksum 4 Block checksum. Enter Compute checksum.
Padding Var. Unused part when block is bigger than 1024 b.    
m) Extended attributes block
Screenshot
This window displays the content of an extended attribute block. An extended attribute block contain some definition whose meaning depends on a header. Such a block is filled with:
Item name
Size
Description
Key
Action
Magic 4 0xEA020000 value.    
Nb use 4 Number of inodes that reference this block.    
Nb blocks 4 Number of blocks for this definition.    
Hash 4 Hash of the block. Enter Compute hash.
Checksum 4 Block checksum. Enter Compute checksum.
Reserved 12 Unused part in header.    
Item name
Size
Description
Key
Action
Attribute name length 1 Length of the name given at end of header. Enter Update from name length.
Shift+Enter Update name.
Attribute name index 1 Value that allows identifying content of attribute.    
Value offset 2 Offset of the value from end of block header. Enter Update from size of padding before value.
Shift+Enter Update size of padding before value.
Value block 4 Block in which value is.    
Value size 4 Size of the value in bytes. Enter Update from value size.
Shift+Enter Update value size.
Value hash 4 Hash of the attribute. Enter Compute hash.
Name Var. Name of the attribute. Enter Update name length.
Padding Var. Unused part to align next entry on multiple of 4.    
Item name
Size
Description
Key
Action
End of entries 4 Value set to 0 to mean end of headers.    
Item name
Size
Description
Key
Action
Value Var. Value of the attribute. Enter Update value size.
Padding Var. Some padding until next value (at least for it to start on a multiple of 4).    
Headers grow from start to end and values grow from end to start and a 4 bytes value set to 0 shall always separate them. Such a block could be shared between several inodes.


15- Configuration file

The configuration file allows you to set the configuration of the program. The configuration is described into chapter 7. Such a file can be created with using the "Save configuration" menu and can be loaded either through the "-cfg" option on command line or the "cfg_file" option in option file or can be loaded through the "Load configuration" menu.
The configuration file is a text file that allows configuration to be specified. Each option must be alone on a line.
If the line begins with ";", its a comment line (it is not analysed).
Option content can be defined with an environment variable. In that case, the environment variable must be given between % (example: file=%CONF%.PAR, %CONF% will be replaced by the content of the CONF environment variable). If the environment variable does not exist, an error will be generated. To be able to give the % character inside option contents, you have to double it (example: file=WITH%%.PAR, the file name would be WITH%.PAR).

Options have <option name>=<option value> format. Name and value of each option are described below. You can read the chapter 7 to get more details on each option.

Option Values Default value
Common definitions
read_only yes|no yes
This option sets if the program is in read-only mode or not. When it is in read-only mode, any change performed will not be saved.
update_linked_values yes|no yes
This option sets if the program updates related values when there is a link between them.
open_raw_view yes|no no
This option sets if the program shall open a display in raw mode even if some detailed description is available. This can be needed in case the filesystem is damaged enough for the detailed view to become unusable. This allows also not having update of linked values at initial displaying.
detection_mode automatic|raw|disk|fat12|fat16|fat32|ntfs|ext2 automatic
This option sets how the program shall treat the content of a support. The check and use of the other options will depend on this setting. If it is set to "automatic", only common definitions not related to filesystem are used, if it is set to some filesystem value, common definitions and those related to this filesystem will be used.
cluster_size [512..65536] 1024
This option sets the size of a cluster (for FAT and NTFS filesystems) or of a block (for ext2 filesystem) in bytes.
view_as_max_nb_sectors [1..4294967295] 128
This option limits number of sectors to use when using one of the "View as" menu.
displayed_max_nb_items [16..4194303] 4096
This option limits number of items that are displayed. This allows reducing memory need and time to build the windows.
history_size [0..255] 16
This option sets number of items that were displayed and that can be easily retrieved through "Back" and "Forward" menu.
calculator_memory_size [0..255] 16
This option limits number of values to keep inside calculator memory.
FAT definitions
nb_fats [1..2] 2
This option sets the number of FAT that are on a FAT filesystem.
first_used_fat [0..<nb_fats>-1] 0
This option sets the first FAT to use.
nb_used_fats [1..<nb_fats>-<first_used_fat>] 2
This option sets the number of FAT to use.
first_sector_of_fat [1..65535] 1
This option sets the sector where first FAT starts.
nb_sectors_per_fat [1..4294967295] 128
This option sets the number of sectors per FAT.
nb_sectors_of_root [1..4095] 32
This option sets the number of sectors for root directory for FAT12 and FAT16 filesystems.
cluster_of_root [2..268435446] 2
This option sets the first cluster of root directory for FAT32 filesystem.
NTFS definitions
cluster_of_mft [1..281474976710655] 2
This option sets the first cluster of $MFT for NTFS filesystem.
nb_sectors_per_mft [1..128] 2
This option sets the number of sectors per MFT entry.
nb_sectors_per_idx_record [1..128] 2
This option sets the number of sectors per index record.
Ext2/3/4 definitions
version_number [0..1] 1
This option sets the filesystem version for ext2 filesystem.
blocks_per_group [8..65528] 8192
This option sets the number of blocks in a group for ext2 filesystem.
inodes_per_group [8..65528] 8192
This option sets the number of inodes in a group for ext2 filesystem.
inode_size [128..32768] 128
This option sets the size of an inode.
has_sparse_superblock yes|no yes
This option marks if an ext2 filesystem uses sparse superblock.
has_meta_block_group yes|no no
This option marks if an ext2 filesystem uses meta block group.
first_meta_block_group [0..4294967295] 0
This option sets the first meta block group when filesystem uses meta block group.
has_64_bits_group_desc yes|no no
This option sets if an ext2 filesystem uses 64 bits group descriptors.
group_descriptor_size [32,64..1024] 32
This option sets the ext2 group descriptors size.
has_group_descriptor_checksum yes|no no
This option sets if an ext2 filesystem uses checksum in group descriptors.
checksum_kind none|gdt|medata none
This option sets the kind of checksum to use:
  • none: no checksum is used,
  • gdt: group descriptor checksum only,
  • metadata: checksum for all metdata.
In case of damaged filesystem it is better to set this option to none as it could prevent correct handling of ext2 filesystem.
checksum_seed [0..4294967295] 0
Seed used when using metdata checksum. It is used in replacement of volume_identifier when it is defined.
volume_identifier 16 hexadecimal numbers separated by spaces 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
This option sets the volume identifier of the ext2 filesystem. This volume identifier is used to initialize checksum. It is used only if checksum_seed is not defined.


16- Options file

The options file allows you set options that are set on command line or to configure support to detect. When using explpart with the -f <options file name> option, the various parameters are read from the file. Contents of this file can be partial (not covering all the options), but in this case some rules described below must be followed.
The options file is a text file that allows options to be specified. Each option must be alone on a line.
If the line begins with ";", its a comment line (it is not analysed).
Option content can be defined with an environment variable. In that case, the environment variable must be given between % (example: file=%CONF%.PAR, %CONF% will be replaced by the content of the CONF environment variable). If the environment variable does not exist, an error will be generated. To be able to give the % character inside option contents, you have to double it (example: file=WITH%%.PAR, the file name would be WITH%.PAR).

Options have <option name>=<option value> format. Name and value of each option are the following:

Option Values Default value
mouse yes|no|poll yes
Choice of the method of using the mouse (same as -cm|-nm|-pm option on command line).
Please read command line option description to get more details.
check_drive yes|no yes
Verification that created/read file is not on saved/restored element is disabled when set to "no" (same as -ncd option on command line).
Please read command line option description to get more details.
verify_free_size yes|no yes
Verification of free remaining size on destination drive is not done when set to "no" (same as -ncs option on command line).
Please read command line option description to get more details.
verify_disk_write yes|no yes
Verification that sectors are correctly written is disabled when set to "no" (same as -nvd option on command line).
Please read command line option description to get more details.
verify_file_write yes|no yes
Verification that files are correctly written is disabled when set to "no" (same as -nvf option on command line).
Please read command line option description to get more details.
test_disk_size yes|no|<number> no
This option allows trying to detect disk size if it is set to "yes" (same as -tds option on command line).
Please read command line option description to get more details.
If a number is given, it is number of disk for which trying to detect disk size. In this case, this option can be given several times with different numbers.
utf8 yes|no automatic detection
Forces use or not use of UTF-8 terminal capability in Linux version.
user_interface text|text_bios|text_ext|text_bios_ext text_ext
User interface choice (same as -tui|-bui|-tuix|-buix option on command line).
Please read command line option description to get more details.
disk <number> detect all disks
Gives the disk number to use. This number must be between zero and the number of disks minus one. When it is used, program limits detection of support to the given disk.
This option cannot be given if "floppy", "device" or "raw_file" option is given.
floppy <number> detect all floppies
Gives the floppy drive number to use. This number must be between zero and number of floppy drives minus one. When it is used, program limits detection of support to the given floppy.
This option cannot be given if "disk", "device" or "raw_file" option is given.
device DOS/Windows: A-`
Linux: <block device>
detect all devices
Gives the DOS/Windows device letter or Linux device file to use. When it is used, program limits detection of support to the given floppy.
This option cannot be given if "disk", "floppy" or "raw_file" option is given.
raw_file <filename> asked to user
Gives name of raw file to use. When it is used, program limits detection of support to the given file.
This option cannot be given if "disk", "floppy" or "device" option is given.
main_part <number> detect all partitions
Gives the number of the main partition to use. This number must be between 1 and 4 for MBR partitions table, 1 and 4294967295 for GUID partitions table.
For this option to be used, "disk" option must be given.
ext_part <number> detect all partitions if "main_part" not given, 0 else
Gives the number of the extended partition to use. This number must be between 1 and the number of extended partition corresponding to main partition. It can be used only in case of MBR partitions table.
For this option to be used, "main_part" option must be given.
mount <drive number>:<disk number>/<main partition number>,<extended partition number>
or
DOS/Windows: <drive number>:<device letter>
Linux: <drive number>:<block device>
asked to user
Allows defining mounting options of a partition or a device.
In first syntax, the first number is the drive number used to identify mounted partition, it must be between 0 and 2147483647. The second number is the disk number on which partition to mount is, it must be between 0 and number of disks - 1. The third number is the main partition number of partition to mount, it is between 1 and 4 for a MBR partitions table and between 1 and 4294967295 for a GUID partitions table. The last number must not be given for a main partition (if it is omitted, the colon before must be also) and is the extended partition number where the main partition is a logical partition, it must be between 1 and 255.
In second syntax, disk and partitions numbers are replaced with the drive letter/device file of the device to mount.
The drive number must be unique and a partition can only be mounted with one number. When a mount is defined, the "file" option can use this number to define a file name.
Example:
mount=0:0/1 mounts as 0: the first main partition of the first disk,
mount=10:3/2,2 mounts as 10: the second extended partition in the second main partition of the forth disk,
file=0:\DISK_C.PAR (or FILE=//O/DISK_C.PAR for Linux version) defines a file that is on the partition mounted by the first mount.
gmt <hours>h<minutes> automatic detection
This option permits setting difference between your hour and GMT hour (example: 1h00 in France in winter). It is used when writing file to NTFS partition because this one stores file modification time in GMT time. This option is not mandatory, it only avoids having some file modification time in future or past.
Automatic detection cannot be performed in DOS version, in this case 0 is used.
max_mem_size <number> [kB|MB] available memory
This option allows reducing memory usage by program. It shall be used only when getting the "Error: could not allocate page table memory" error (mostly when exploring compressed backup). This limit is not absolute (program will use more memory than that in case of need), but allows reducing biggest buffers size. If you do not get the error, you do not need to use it, if you get the error, try with giving half the memory you have (reduce it or try to free some DOS memory if it is not enough).
heads_sectors standard|extended|parttable|<heads number>/<sectors number> automatic detection
When fixing physical definition of a disk on a boot sector, this option permits to choose which values to use. Three first options (standard|extended|parttable) are to use predefined values, the last option is to give your own values (the number of heads and the number of sectors per track). In case this option is not used and fix_first_sector option is used, program updates first sector value only.
In Windows and Linux versions, this option allows forcing number of heads and sectors per cylinder for a disk in case these definitions cannot be obtained with reading partitions table (for this numbers shall be given, not predefined values).
This option allows also forcing the definition when using a raw file.
stdaccess <number> detection of type of access
This option allows forcing use of standard access for disks that support both access modes (disks of less than 8 GB). The <number> allows giving disk number for which access mode shall be forced (see "disk" option). This option can be given several times with different disk numbers.
This option shall be carefully used and only in case of a disk found as using extended access but that does not support it (case of very old disks). Before using this option, it is better to check disks with partinfo.exe with and without "-s" option, then to try exploring a partition to check what program sees.
This situation is in most cases bad. It shows that disk is badly recognised and that can lead to some loss of data, overlapping partitions, ... (moreover in case of using disk with several OS). It can potentially be corrected with changing disk parameters into BIOS, but this can lead to the loss of all data of this disk (it is better after such a change to destroy all partitions and create them again to be sure they are correctly defined).
cfg_file <filename> default configuration
Gives the configuration file to use (same as -cfg option on command line).
Please read command line option description to get more details.


17- Evolutions

This chapter gives main evolutions of Partition-Explorer.

a) V1.00 -> V1.01:

Changes in this version are the following:

b) V1.01 -> V1.10:

Changes in this version are the following:


Hoping this program will be useful,

D. Guibouret <>

Back to homepage

All trademarks and registered trademarks are property of their respective holders.