http://www.partition-saving.com
Copyright © 2015-2019 D. Guibouret

Table of contents

  1- License and preface
  2- Introduction
  3- System requirements
  4- Interface features/functions
  5- Using the program
     a) Executing program
     b) Program functions
  6- Menu
     a) File menu
     b) Support menu
     c) Goto menu
     d) View as menu
     e) Information menu
  7- Configuration
     a) Common configuration
     b) FAT configuration
     c) NTFS configuration
     d) Ext2 configuration
  8- Driver refresh
  9- Calculator
  10- Test of support's definition
     a) Presentation
     b) Main display
     c) Details display
  11- Disk definitions
     a) MBR partition sector
     b) GPT header sectors
     c) GPT entries sectors
  12- FAT definitions
     a) FAT12/FAT16 boot sector
     b) FAT12/FAT16 FAT
     c) Directory
     d) FAT32 boot sector
     e) FAT32 information sector
     f) FAT32 FAT
  13- NTFS definitions
     a) Boot sector
     b) MFT
     c) Standard information attribute
     d) Attributes list attribute
     e) File name attribute
     f) Object identifier attribute
     g) Security descriptor attribute
     h) Volume name attribute
     i) Volume information attribute
     j) Data attribute
     k) Index root attribute
     l) Index allocation attribute
     m) Bitmap attribute
     n) Reparse point attribute
     o) Extended attribute information attribute
     p) Extended attribute attribute
     q) Property set attribute
     r) Logged utility stream attribute
  14- Ext2 definitions
     a) Superblock
     b) Group descriptor (32 bits)
     c) Group descriptor (64 bits)
     d) Inodes table
     e) Inodes bitmap
     f) Blocks bitmap
     g) Directory
     h) Indexed directory
     i) Indirect blocks list
     j) Double indirect blocks list
     k) Triple indirect blocks list
     l) Extents
     m) Multimount protection block
     n) Extended attributes block
  15- Configuration file
  16- Options file
  17- Evolutions
     a) V1.01
     b) V1.10
     c) V1.20
     d) V1.30
     e) V1.40

1- License and preface

This program may be copied and freely redistributed. It may not be sold in any way, either alone or included in another program. All that is in this package must be kept together in its original form.

This program is offered as-is without any guarantee. No pursuit can be engaged against its author in case of damages due to this program.

All remarks are welcome.

2- Introduction

Partition-Explorer is a program that allows viewing and editing content of a partition. As it accesses content of a partition at a low level, you can easily damage this partition and render it no more accessible by your OS (so lost partition content). SO BE ALWAYS CAUTIOUS ON WHAT YOU DO WITH THIS PROGRAM. There is no undo feature, once something is done and written to disk, there is no way to come back to previous state unless you remember what the previous values were.

3- System requirements

Hardware:

• 386 or better.
• 4 MB of memory (could work with less, but data compression might not work). Free DOS memory must be at least 300 kB.

• DOS (version >= 3.3) for DOS version.
• any Windows version less 3.1 versions for Windows version.
• any Linux version having a kernel version >= 2.5.4 and glibc version >= 2.3.

4- Interface features/functions

Interface if based on a menu on top of the edition window. At startup the edition window is not displayed until you select a support to explore. This interface can be split in two with each part having its own menu in order to explore two different partitions simultaneously (or the same one with using two views). The interface can also be split in two with displaying a simple calculator.
On right side of the menu, the read-only or read/write state of the support is displayed and in case something has been modified without having been written back to disk, a "*" is displayed on left of this state. The following screenshots give examples of the interface:

• A single display in read-only mode:
• Two displays with top one being in read-only mode and bottom one in read/write mode and having its content modified:
• A single display with the calculator (this one will always appear on bottom side of the screen or as an indenpendant window if two displays mode is used):

5- Using the program

a) Executing program

Usage:
explpart.exe [-cm|-nm|-pm] [-f <options file>] [-cfg <configuration file>] [-ncd] [-ncs] [-nvd|-vd] [-nvf|-vf] [-tds] [-noroot] [-tui|-tuix|-bui|-buix] [-utf8|-noutf8] [-hiber=warn|exit|ignore] [-term <terminal>] [-termopt <terminal command execution flag>]
To use the Windows version, explpwin.exe (32 bits) or explpw64.exe (64 bits) shall be used instead of explpart.exe.
To launch the Linux version, explplnx.run (32 bits) or explpl64.run (64 bits) shall be used instead of explpart.exe.
In Windows and Linux versions, same options are available, but some of them will have no effect (see below).

  -cm: this option is the default way the mouse is utilised.

  -pm: this option is another way to utilise the mouse that can be used in case the first one does not work (it is default method when using DOS version on Windows NT/XP). Using this method may prevent detecting some double clicks. This option is equivalent to -cm into Windows version. In Linux version, program does not try to install its own mouse handler but fully relies on ncurses one.

  -nm: this option disables the mouse. You would have to use it only if mouse use seems to pose a problem with 2 previous methods.

  -f <options file>: this option allows you to set same options than on command line and in way supports are detected. To understand the contents of this file, please read chapter 16.

  -cfg <configuration file>: this option allows you set initial configuration of program. Configuration is described in chapter 7. To understand the contents of this file, please read chapter 15.

  -ncd: this option disables the check that created/read file is not on saved/restored element. It is generally recommended only if DOS drive letter attribution is wrong. This option has no influence in Windows and Linux versions (this check cannot be disabled).

  -ncs: this option disables the check on free size on drive where files are created. This is a workaround in case the driver report a wrong free size, but you have to be aware that in case performing some copy, these ones could fail only once the destination drive is full.

  -nvd|-vd: this option disables/enables the check that sectors are correctly written. It is disabled as default. This speeds up disk access, but may prevent detecting bad sectors on the disk. The check that sectors are correctly written cannot be enabled in Windows and Linux versions (less for floppy disks in Windows 9x).

  -nvf|-vf: this option disables/enables the check that files are correctly written and that sectors are correctly written when using DOS devices access. It is disabled as default. This speeds up file access, but created files or restored devices may be incorrect because the disk where they are written is damaged. The check that files are correctly written cannot be enabled in Windows and Linux versions.

  -tds: this option enables check of disk size with relying on partitions table content (for disk with extended access) or with searching last cylinder (for disk with standard access). This option is needed only if partitions do not appear.

  -noroot: this option disables check if user has administrator's rights. It only avoids a potential warning message telling all support could be not seen in case user does not have administrator's rights.

  -tui|-tuix|-bui|-buix: this option allows you to select the user interface:

• -tui: textual window interface.
• -tuix: same as -tui but with using extended display mode (43 or 50 lines instead of 25). In Linux version, the whole terminal size is used. In Linux and Windows modes, program will adapt displayed area is you modify terminal size (without allowing it to be smaller than 80*25).
• -bui: textual window interface using BIOS calls to write on the screen. This ensures better compatibility but goes slower. This option is the same than -tui in Windows and Linux versions.
• -buix: same as -bui but with using extended display mode (43 or 50 lines instead of 25). This option is the same than -tuix in Windows and Linux versions.

  -utf8|-noutf8: forces use or not use of UTF-8 terminal capability in Linux version. The default behaviour is to detect it automatically.

  -hiber=warn|exit|ignore: what program shall perform if it finds an hibernated operating system. An hibernated operating system does not have flushed content of disk and will not refresh it on startup, so modifying disk could lead to incoherences or corruptions. As default, program searches for such system to warn you in case it finds some.

  -term <terminal>: this option is specific to Linux and Windows versions.
In Linux version, if program finds it does not run in a terminal, it launches itself into a terminal with using the "xterm" command (this mechanism is useful if you double click on program from a file explorer). This option allows setting command to use to create the X terminal in which running program instead of "xterm". If <terminal> is equal to "no", program does not try to create a terminal even if it finds it is not executed into a terminal.
In Windows version, program tries to launch a new console to ensure the mouse quick edit mode is disabled (thus allowing use of mouse). Using this option (whatever <terminal> value is) disables this behaviour.

  -termopt <terminal command execution flag>: this option is specific to Linux version. It allows giving flag used by terminal program to execute a command with arguments. It is "-e" as default that is value for "xterm" program.

Return code of program can be one of the following:

• 0 if no error has been detected.
• 1 if an error has appeared.
• 255 if some exception has been raised.

b) Program functions

When program is started, it begins with analysing all your disks and devices to build a list of all what can be viewed. Once this is done you can start using it through its menu. Basically you will select a support through "Support" menu then navigate in the displayed data through the "Goto" menu. You will be able to modify some values and write changes back to disk (if you activated read/write mode in configuration first).
Chapter 6 gives a description of each command you can select inside menu. Depending on the state of the program, all the commands are not available (ex: if you did not select any support, the "Goto" and "View" menus are not available).
When the displayed data are a recognised structure of a filesystem, you can use two different views:

• the detailed one, where you have a complete description of the content of the sectors,
• the raw one, where the data are only viewed as an array of bytes.

c) Navigating in the filesystem

When the filesystem is correctly recognised you can navigate into its content through the "Goto" menu or by hitting a key ("Enter" in most cases) in the field of a sector. At any moment you can come back to a previously displayed content through "Back", "Forward" and "History" commands of "Goto" menu.
For some views that are repeat of same kind of structure among whole sector, you can use a "Quick access" command of "View as" menu to reach directly an entry.
You can also type some characters and program will gives you all fields whose name contains what you typed. This allows going quickly to the desired field.
There can be some definition where displaying the whole content will need a lot of memory or a long time to build and navigate in the window. In that case, program splits definition at regular point to limit number of displayed items. You can change the limit in configuration. When the definition is split, you have on top and bottom of the window "Previous" and "Next" buttons and a "Go to item" entry: these are to access the definitions that were not displayed.

Another way to navigate is in case you want to search to which file a sector belongs. This can be done through "Sector info", "Cluster info", "Inode path" and "MFT path" entries of "Info" menu. This kind of search could be quite long (as program can have to scan the whole filesystem to find the corresponding file), you can cancel it at any time by hitting the "Escape" key (note: this one could take some time depending on the state of the search). Program will display what it was able to resolve when it was interrupted.

d) Modifying content

When you enable the read/write mode in configuration, you can modify the content of a field and write this back to the disk. You shall be very cautious as if you enter some wrong value, there will be nothing to prevent you from doing this (so you can damage the filesystem). A small check that can be performed is to switch from detailed view to raw then back (or vice-versa) and check that the value you modified was not modified. During such a switch you can get a window telling you that "Content description overflows content size. End is cut to match content size.". That means that the modified content becomes too big to enter into the initial content of sectors and so the end of this content was lost. This is not a problem as long as this end is some unused part in the structure, but becomes one is some needed data are lost. In this last case you will better have to revert your change (or to not write changes and read sectors again to retrieve initial values).
Depending on the displayed structure, some fields could be related to some other (ex: filename and filename length). Depending on the configuration you chose, program could update them automatically or not (so if you add some characters to a filename, its length is updated accordingly or on contrary if you changed the length, the name is modified). If you did not activate the automatic update, you can explicitly request it by hitting a key ("Shift+Enter" in most cases). The fields that are linked together are detailed in the filesystem descriptions.
When you modify content of sectors and write them back to disk, you could have to inform program of such a change if you want it to take them into account in its internal structures. You have to perform this explicitly to avoid breaking program behaviour in case you perform some incomplete change (such as you can do it only when you know a set of changes you did is coherent). You can get more details on this in chapter 8.

At any time you can save the sectors content to a file to be able to retrieve it latter (such restoring the content to its initial state if some change seems to lead to errors). This can be done through the "Save to file" and "Read from file" commands into "File" menu. The "Save as text" command allows saving the sector content as it is displayed into detailed view, but there is no way to reload such a file: it is only to have content in a readable form.

6- Menu

Menu is the entry point for user to use the program. You can activate it with clicking on menu item with mouse or with typing "Alt+<the name shortcut>".
Menu is divided into several entries:

• File that allows configuring program, save or load content, open or close display and quit program,
• Support that gives the list of supports that could be displayed,
• Goto that allows go to specific construction on current support. This menu is available only when a support is chosen,
• View that allows forcing the way currently displayed sectors shall be treated,
• Info that gives some information about currently displayed support,
• On right the read/write current configuration is displayed and in case some modification was done on current displayed item, a "*" is displayed before.

a) File menu

• Write changes: write change you have done to support for current display,
• Save as text: save currently displayed sectors into a text file in a way similar to what is currently displayed. This command is available only when displaying sectors in a detailed form,
• Save to file: save currently displayed sectors into a binary file,
• Load from file: load content of currently displayed sectors from a binary file. This replaces current sectors content,
• Configure: allows setting configuration for this display. This configuration is taken into account only when a new support is chosen,
• Current configuration: displays current configuration of this display,
• Load configuration: load the configuration from a file.
• Save configuration: save configuration to a file.
• New display: allows splitting screen in two to view another support. This command is not available if there is already two displays or if calculator is displayed,
• Close display: allows closing current display,
• Calculator: allows splitting screen in two to display a simple calculator. If there is already two displays, calculator is opened in modal mode,
• Close calculator: allows closing calculator when it is displayed in lower half of the screen. If calculator is in modal mode, calculator can be closed through the "[X]" button on top right corner of the window or through the "Escape" key,
• Exit: allows exiting program.

b) Support menu

• a disk support selects the given disk or one of its partitions,
• a floppy support selects the given floppy,
• the devices support lists the devices that could be selected,
• raw file support allows giving name of a file that is treated as a support.

c) Goto menu

• Back: this allows reaching the previous viewed item if there is one,
• Forward: this allows reaching the next viewed item if there is one,
• History: this displays a list of viewed items to display them again. You shall be aware that history is not updated in case you write something on disk, so they can become wrong in that case (see "Refresh driver" below to get more detail),
• Refresh driver: this allows forcing update of some definition as explained in refreshing help,
• Sector: this is always available and allows giving the first sector and number of sectors to display,
• Menu when displayed support is a disk,
• Menu when displayed support is a FAT12 or FAT16 support,
• Menu when displayed support is a FAT32 support,
• Menu when displayed support is a NTFS support,
• Menu when displayed support is an ext2 support.

Goto disk item:

• Partition table: this allows reaching Master Boot Record and primary partitions table sector,
• GPT header: this allows reaching the Global Partition Table header.

Goto FAT12/FAT16 item:

• Cluster: this allows giving the first cluster and number of clusters to display,
• Boot sector: this allows reaching the boot sector,
• FAT table: this allows reaching the File Allocation Table,
• FAT table copy: this allows reaching the copy of File Allocation Table if there is one,
• Root directory: this allows displaying the root directory,
• Directory: this allows giving name of directory to display,
• File: this allows giving name of file to display,
• Explore: this allows exploring support with seeing directories and files tree.

Goto FAT32 item:

• Cluster: this allows giving the first cluster and number of clusters to display,
• Boot sector: this allows reaching the boot sector,
• Boot sector copy: this allows reaching the copy of the boot sector,
• Information sector: this allows reaching the FAT32 information sector,
• Information sector copy: this allows reaching the copy of the FAT32 information sector,
• FAT table: this allows reaching the File Allocation Table,
• FAT table copy: this allows reaching the copy of File Allocation Table if there is one,
• Root directory: this allows displaying the root directory,
• Directory: this allows giving name of directory to display,
• File: this allows giving name of file to display,
• Explore: this allows exploring support with seeing directories and files tree.

Goto NTFS item:

• Cluster: this allows giving the first cluster and number of clusters to display,
• Boot sector: this allows reaching the boot sector,
• Boot sector copy: this allows reaching the copy of the boot sector,
• MFT table: this allows reaching begin of Master File Table,
• MFT: this allows giving the number of the MFT to display,
• Root directory: this allows displaying the root directory,
• Directory: this allows giving name of directory to display,
• File: this allows giving name of file to display,
• Explore: this allows exploring support with seeing directories and files tree.

Goto Ext2 item:

• Block: this allows giving the first block and number of blocks to display,
• Superblock: this allows reaching the superblock of first group,
• Group descriptors: this allows reaching the group descriptors in first group either as 32 bits or 64 bits depending on configuration,
• Group: this allows giving the number of the group to display,
• Superblock in group: this allows giving the number of the group of which displaying the superblock,
• Group descriptors in group: this allows giving the number of the group of which displaying the group descriptors either as 32 bits or 64 bits depending on configuration,
• Inode table in group: this allows giving the number of the group of which displaying the inode table,
• Inode bitmap in group: this allows giving the number of the group of which displaying the inode allocation bitmap,
• Block bitmap in group: this allows giving the number of the group of which displaying the block allocation bitmap,
• Root directory: this allows displaying the root directory,
• Directory: this allows giving name of directory to display.

• File: this allows giving name of file to display,
• Explore: this allows exploring support with seeing directories and files tree.

d) View as menu

• Quick access: this menu is available for some views (as directory content) to be able to reach a specific entry inside the currently displayed view,
• Switch to raw: this menu is available when the kind of sectors is recognised. It allows displaying sectors as a list of bytes,
• Switch to details: this menu is available when the kind of sectors is recognised. It allows displaying sectors using structured definition,
• View as disk: allows choosing a disk structure,
• View as FAT12: allows choosing a FAT12 structure,
• View as FAT16: allows choosing a FAT16 structure,
• View as FAT32: allows choosing a FAT32 structure,
• View as NTFS: allows choosing a NTFS structure,
• View as ext2: allows choosing an ext2 structure.

View as disk item

• Partition table,
• GPT header,
• GPT entries.

View as FAT12 item

• Boot sector,
• FAT,
• Directory.

View as FAT16 item

• Boot sector,
• FAT,
• Directory.

View as FAT32 item

• Boot sector,
• Information sector,
• FAT,
• Directory.

View as NTFS item

• Boot sector,
• MFT,
• Standard information,
• Attributes list,
• File name,
• Object identifier,
• Security descriptor,
• Volume name,
• Volume information,
• Data,
• Root index,
• Index allocation,
• Bitmap,
• Reparse point,
• Extended attributes information,
• Extended attributes,
• Property set,
• Logged utility stream,
• Directory.

View as Ext2 item

• Superblock,
• Indirect block list,
• Directory,
• Indexed directory,
• Group descriptors (32 bits or 64 bits),
• Block bitmap,
• Inode bitmap,
• Inode table,
• Extents block,
• Multi-mount protection block,
• Extented attributes block.

e) Information menu

• Support info.: this displays information on currently displayed support,
• Sector info.: this displays information on a specific sector,
• Cluster info.: this displays information on a specific cluster or block,
• Inode path: this displays the path of the file corresponding to an inode. This entry is present only in case of ext2 driver,
• MFT path: this displays the path of the file corresponding to a MFT. This entry is present only in case of a NTFS driver,
• View info.: this displays information on currently displayed sectors,
• Test as disk: this tests whether the support is a partitioned one (see details about this and following tests option),
• Test as FAT12: this tests whether the filesystem on support is a FAT12 one and displays the reason if the test fails,
• Test as FAT16: this tests whether the filesystem on support is a FAT16 one and displays the reason if the test fails,
• Test as FAT32: this tests whether the filesystem on support is a FAT32 one and displays the reason if the test fails,
• Test as NTFS: this tests whether the filesystem on support is a NTFS one and displays the reason if the test fails,
• Test as ext2: this tests whether the filesystem on support is a ext2 one and displays the reason if the test fails,
• Compare: this allows comparing content of the two displays. This entry is present only when the two displays are active. If it is used when a display is in detailed view, comparison is done with currently visible part (if it is limited through "Max. nb items displayed" configuration), you can switch to raw to compare complete content. If a display is empty or in directory tree view of explore mode, compare will not be possible,
• Unlock supports: when being in write mode, support are locked to avoid simultaneous write from another program. This allows unlocking them for them to be usable from another program,
• Help: this displays this help,
• About: this displays program information.

7- Configuration

Configuration allows configuring behaviour of the program. This can be defined or current configuration can be viewed with using the corresponding menu entry. This opens a tabbed window. This window displays the configuration to use to display disk items. Configuration allows defining how interface shall behave and how to treat support in case its content cannot be recognized.
A change of configuration is taken into account only when:

• changing support through the Support menu,
• refreshing driver when this option is available in Goto menu. In that case change of read-only state is not taken into account (only changing support allows it).

• Common configuration
• FAT configuration
• NTFS configuration
• Ext2 configuration

• "automatic": only common definitions not related to filesystem will be used,
• some filesystem name: common definitions and those related to this filesystem will be used.

a) Common configuration

• Read only: modifications done to the displayed content are not written back to support.
• Update linked values: in filesystem some values can be linked (as a field that gives length of a name and the corresponding name). If this option is checked, program will automatically update the linked field if one is modified (changing name length will update field giving its length or vice-versa). It is better to not use this option if the filesystem is in a bad state. In this case, program could get wrong because of invalid content and so modifies some fields when reading sectors before you can check the field value.
• Open in raw mode: this allows opening display in raw mode even if a detailed description is available. This can be used in case the filesystem is damaged such as the detailed description will be broken. Using this mode allows also avoiding an update of linked values when reading sectors. You can still switch to detailed view through the corresponding menu entry.
• Detection mode: this allows setting how program shall behave when accessing a new support: either try to detect its filesystem or force one with using values given here to configure it (so without relying on current filesystem content). Forcing to use a given filesystem should only be set in case filesystem is damaged and cannot be correctly recognised.
• Max. nb sectors in "View as": this setting allows limiting number of sectors to use when trying to consider some sectors as being of some kind of definition.
• Max. nb items displayed: this setting limits number of items that are displayed to avoid using too much memory or slowing down interface because of number of items shown. In that case, you can reach not displayed items through giving there number when hitting Alt+L or through entries at top and bottom of display.
• History size: this configures maximum number of views that are kept in history list. As views can use a huge amount of memory this value shall not be too high if you are low in memory.
• Calculator memory size: this configures maximum number of values that can be memorised into calculator.

• Cluster/block size: size in bytes of a cluster (for FAT and NTFS filesystem) or of a block (for ext2, ext3 and ext4 filesystems).

b) FAT configuration

• Number of FATs: number of File Allocation Table: 2 in most cases.
• First used FAT: first FAT that shall be used: 0 in most cases. This configuration is theoretically available with FAT32 only, but is made available for all types of FAT as an extension. This allows managing filesystem with damaged FAT to ignore damaged one (but this extension works only in the program, there is no way to put such parameter on a FAT12 or FAT16 filesystem).
• Number of used FATs: number of FAT that shall be used: 2 in most cases. As for "First used FAT" parameter, this parameter is an extension for FAT12 and FAT16 filesystems.
• First sector of FAT: first sector used for the FAT: 1 for FAT12 and FAT16 and not fixed for FAT32 (often 32).
• Number of sectors per FAT: number of sectors used to store one FAT. This depends on number of clusters and is at least (but can be greater): (2 * number of clusters) * size of FAT entry in bytes / size of sector (rounded up).
• Nb sectors of root directory (FAT12/FAT16): number of sectors used to store root directory content. This is used only for FAT12 and FAT16 and is often 32 for partitions (lower for floppy disk).
• Cluster of root directory (FAT32): cluster used to store root directory content. This is used only for FAT32 and is often 2.

c) NTFS configuration

• Cluster of MFT: first cluster used to store Master File Table.
• Number of sectors per MFT: number of sectors to store one file record.
• Number of sectors per index record: number of sectors to store one index record (as directory entry).

d) Ext2 configuration

• Version number: version of the filesystem: 1 in most case.
• Blocks per group: number of blocks in a group: 8 * size of a block in most cases.
• Inodes per group: number of inodes in a group.
• Size of inode: size in bytes of one inode description: at least 128 and at most block size.
• Has sparse superblock: kind of sparse superblock to use:
  • none: all groups have a superblock copy,
  • sparse: groups over power of 3, 5, 7 have a superblock copy,
  • sparse2: second and last groups have a superblock copy.
  This is considered only in case version number is 1.
• Has meta blocks group: flag to know if meta blocks group are used. This is considered only in case version number is 1.
• First meta blocks group: number of first group having meta information. This is considered only in case previous flag is checked.
• 64 bits group descriptors: flag to know if group descriptors use definition on 32 bits or 64 bits. This is considered only in case version number is 1.
• Group descriptor size: size in bytes of a group descriptor. This is considered only in case previous option is checked.
• Checksum kind: type of checksum used to check filesystem coherence:
  • none: no checksum is used,
  • group descriptors: only group descriptors have checksum,
  • metadata: all metadata have checksum.
  This is considered only in case version number is 1.
• Volume identifier: value of volume identifier that is used to initialize checksum computation. This value is composed of 16 bytes that shall be given in hexadecimal and separated by spaces. In case the value is not known and there is problem with checksum, it is easier to disactivate this one than trying to find the volume identifier (you can try getting it in the backup of superblock if the one in primary superblock is lost). This is considered only in case version number is 1.
• Has checksum seed: flag to know if checksum seed value will be used instead of volume identifier. This is considered only if checksum kind is "metadata".
• Checksum seed: initialization value for checksum computation instead of of using volume identifier. In case the value is not known and there is problem with checksum, it is easier to disactivate this one than trying to find the checksum seed (you can try getting it in the backup of superblock if the one in primary superblock is lost). This is considered only if checksum kind is "metadata".
• Has indexed directories: flag to know if indexed directories can be present on disk. This is considered only in case version number is 1.

8- Driver refresh

Refreshing driver allows taking into account change you have done:

• either in configuration, less for the read-only status,
• or because you wrote some specific sectors on disk.

• for FAT filesystem: boot sector,
• for NTFS filesystem: boot sector and MFT 0 ($MFT), 1 ($MFTMirr) and 3 ($Volume) definitions,
• for ext2 filesystem: superblock and group descriptors.

• for FAT filesystem: FAT sectors,
• for NTFS filesystem: MFT 4 ($AttrDef) and 6 ($Bitmap),
• for ext2 filesystem: blocks bitmap, inodes bitmap and inodes sectors.

• content of what is currently displayed,
• previous definitions that you can reuse through Back, Forward and History buttons of Goto menu.

• refreshing driver applies only to the display where you execute it,
• modifying the support in one display will not update content of the other display as explained above. You have to read sectors again in other display with avoiding using Back, Forward and History buttons of Goto menu if modification changes more than just sector content but definitions limit (as when increasing size of file you are viewing).

9- Calculator

• hexadecimal displaying, digits are grouped per 16 bits values,
• decimal displaying, digits are grouped per thousands,
• octal displaying, digits are grouped per 24 bits values,
• binary displaying, digits are grouped per 8 bits values.

• Lsh: performs unsigned left shift of number (even if signed displaying is used),
• Rsh: performs unsigned right shift of number (even if signed displaying is used),
• C: clears current number (but keep already computed part of operation),
• AC: clears everything,
• Not, And, Or, Xor: performs the corresponding bit operation,
• *, /, +, -: performs the corresponding operation,
• Rem: performs the remainder operation,
• x^y: performs the power operation with "y" being limited to positive numbers up to 64,
• +\-: changes sign of current number (not available with unsigned displaying),
• =: performs computation.

• g: select the signed/unsigned list,
• s: select the base list,
• z: select the number of bits list,
• Backspace: remove current digit,
• Delete: clears everything,
• Return: performs computation,
• Escape: close calculator.

10- Test of support's definition

a) Presentation

• the filesystem is valid: the program will consider this support has this kind of filesystem (but that does not mean there is no error on it),
• the filesystem is read-only: the program will consider this support has this kind of filesystem, but there is some definition that is not supported by program so it will not try to write on it. A specific case is if the filesystem has a "dirty flag" notion (some way to signal the filesystem is damaged) and this one is set: if the support is not currently in use, that means you will have to check it (with scandisk, chkdsk or e2fsck depending on your OS and filesystem type),
• the filesystem is not valid: the program does not recognize the content or this one uses some specific options not supported by the program (so it does not necessarily mean that the filesystem is damaged).

b) Main display

• disk: content of the Master Boot Record, of GPT headers and definitions,
• FAT12: content of the boot sector,
• FAT16: content of the boot sector and dirty flag value in second entry of FAT,
• FAT32: content of the boot sector and dirty flag value in second entry of FAT,
• NTFS: content of the boot sector, Volume information, MFT and MFT Mirror (a partial copy of MFT) files,
• ext2: content of the superblock, group descriptors or their 64 bits version.

c) Details display

• its name,
• the value that is currently stored,
• the values that are considered as valid, either as a simple value or a masked value (any bit set to 1 outside of the mask is not valid) or a range or set of values.

11- Disk definitions

a) MBR partition sector

b) GPT header sectors

c) GPT entries sectors

12- FAT definitions

a) FAT 12/FAT 16 boot sector

b) FAT12/FAT16 FAT

• the first one contains the media descriptor value with higher bits set to 1,
• the second one contains the end of clusters list mark in FAT12 case and dirty flag bits on two highest bits in FAT16 case (0x8000: volume is clean, 0x4000: no disk read/write error).

c) Directory

• standard directory entry (short name).
• long directory entry (long name).

d) FAT32 boot sector

e) FAT32 information sector

f) FAT32 FAT

• the first one contains the media descriptor value with higher bits set to 1,
• the second one contains the dirty flag bits on two highest bits of the 28 bits value (0x08000000: volume is clean, 0x04000000: no disk read/write error).

13- NTFS definitions

a) Boot sector

b) MFT

• a header,
• one or several attributes.

• a header,
• attribute data depending on its type.

• a header,
• list of clusters (stored under data runs format) where attribute data are.

• setting the absolute value of begin cluster to -1 (this way was used before Windows 2000 but can still be used). This coding is used when the V1.2 sparse type is checked.
• setting the length of begin cluster to 0 (it is used since Windows 2000). This coding is used when the V3.0 sparse type is checked.

• 0x00000010: standard information
• 0x00000020: attributes list
• 0x00000030: file name
• 0x00000040: object identifier
• 0x00000050: security descriptor
• 0x00000060: volume name
• 0x00000070: volume information
• 0x00000080: data
• 0x00000090: root index
• 0x000000a0: index allocation
• 0x000000b0: bitmap
• 0x000000c0: reparse point
• 0x000000d0: extended attributes information
• 0x000000e0: extended attributes
• 0x000000f0: property set
• 0x00000100: logged utility stream
• 0xffffffff: end of attributes: this attribute has neither header nor data.

c) Standard information attribute

d) Attributes list attribute

e) File name attribute

f) Object identifier attribute

g) Security descriptor attribute

h) Volume name attribute

i) Volume information attribute

j) Data attribute

k) Index root attribute

l) Index allocation attribute

m) Bitmap attribute

n) Reparse point attribute

o) Extended attribute information attribute

p) Extended attribute attribute

q) Property set attribute

r) Logged utility stream attribute

14- Ext2 definitions

a) Superblock

b) Group descriptor (32 bits)

c) Group descriptor (64 bits)

d) Inodes table

e) Inodes bitmap

f) Blocks bitmap

g) Directory

h) Indexed directory

• first block that contains the current and upper directory entries, an index header then index entries,
• other blocks that could be composed of:
  • either an empty standard entry covering whole block then index entries,
  • or standard entries.

i) Indirect blocks list

j) Double indirect blocks list

k) Triple indirect blocks list

l) Extents

• a header:

• one or several leaf extents if depth is 0 in header:

• one or several index extents if depth is different from 0 in header:

• a checksum of previous definitions if metadata checksum is used:

m) Multimount protection block

n) Extended attributes block

• a block header:

• several attribute headers:

• a separator between headers and values:

• some padding until first value,
• several attribute values:

15- Configuration file

The configuration file allows you to set the configuration of the program. The configuration is described into chapter 7. Such a file can be created with using the "Save configuration" menu and can be loaded either through the "-cfg" option on command line or the "cfg_file" option in option file or can be loaded through the "Load configuration" menu.
The configuration file is a text file that allows configuration to be specified. Each option must be alone on a line.
If the line begins with ";", its a comment line (it is not analysed).
Option content can be defined with an environment variable. In that case, the environment variable must be given between % (example: file=%CONF%.PAR, %CONF% will be replaced by the content of the CONF environment variable). If the environment variable does not exist, an error will be generated. To be able to give the % character inside option contents, you have to double it (example: file=WITH%%.PAR, the file name would be WITH%.PAR).

Options have <option name>=<option value> format. Name and value of each option are described below. You can read the chapter 7 to get more details on each option.

16- Options file

The options file allows you set options that are set on command line or to configure support to detect. When using explpart with the -f <options file name> option, the various parameters are read from the file. Contents of this file can be partial (not covering all the options), but in this case some rules described below must be followed.
The options file is a text file that allows options to be specified. Each option must be alone on a line.
If the line begins with ";", its a comment line (it is not analysed).
Option content can be defined with an environment variable. In that case, the environment variable must be given between % (example: file=%CONF%.PAR, %CONF% will be replaced by the content of the CONF environment variable). If the environment variable does not exist, an error will be generated. To be able to give the % character inside option contents, you have to double it (example: file=WITH%%.PAR, the file name would be WITH%.PAR).

Options have <option name>=<option value> format. Name and value of each option are the following:

17- Evolutions

This chapter gives main evolutions of Partition-Explorer.

a) V1.01:

Changes in this version are the following:

• a correction to limit comparison to currently displayed content when view is in detailled mode with limited number of displayed items,
• the possibility to display calculator even if two displays are used.

b) V1.10:

Changes in this version are the following:

• add of support of new ext4 features,
• add of capability to test content of a support to know if it has some kind of filesystem and to display corresponding result,
• add of support for typing some text to get all fields whose label contains this typed text to quickly access them,
• change of configuration handling to ignore definition that are not related to chosen filesystem to avoid meaningless error (as setting a cluster size to 512 that is valid for a FAT filesystem but not for an ext2 one).

c) V1.20:

Changes in this version are the following:

• add of support of indexed directories in ext2 case,
• add of detection for filesystem in case of not partitioned disk,
• add of treatment of blkid information to detect devices in Linux.

d) V1.30:

Changes in this version are the following:

• add of detection of hibernated systems,
• add of "-hyber" command line option and "hyber=" options file option to configure what to perform in case of hibernated system,
• add of "-termopt" option to give additional terminal option,
• update console handling on Windows to take new console mode in Windows 10 (console can be resized as on Linux with using "-tuix" option),
• add capability to reuse a raw file such as you could access several partitions in the file if it contains a partitionned disk,
• add capability to use "main_part=" and "ext_part=" options with raw files in options file in case raw file contains a partitionned disk,
• add of treatment of "heads_sectors=" option in DOS version to have similar behaviour with Linux and Windows versions,
• add of "cylinders=" option to force used number of cylinders.

e) V1.40:

Changes in this version are the following:

• detect more devices on Linux version with taking into account all block devices less those known as CD/DVD drives,
• add of detection of administrator's rights on Windows and Linux versions to display a warning message in case they are not granted (as devices will not be accessible). The "-noroot" option disables this check,
• add capability to keep source file date when copying a file during partition exploration,
• display size in GB instead of MB as default,
• allow folding/unfolding repeated definitions to hide/unhide them to reduce length of displayed items.

Hoping this program will be useful,

D. Guibouret <>