[PANTUGGeneral] Never mind... Re: XP undelete?!?
JP Vossen
JP Vossen wrote:
> OK, so this one is REALLY stupid.
>
> I spent several hours writing some code (on C: drive of XP2), then
> closed the editor, copied the file across Samba to Linux ext3 and was
> about to check it into revision control but deleted it instead. So
> there are 2 places it could be. ext3 is really hard to recover from, so
> C: might be better.
>
> Any good (free) tool suggestions?
Actually, I *moved* the file across Samba--if I'd copied it (as it says
above) I would have been OK. I should note that I moved the script
using the plain old DOS "move" command. By default that does NOT put
things into the Recycle bin, but SysInternals 'fundelete' tool corrects
that kind of problem, IF you have installed it previously. The command
shell I am using (4NT from jpsoft.com) can also do that, but I have it
turned off as it's slower, and I've never had this problem before. I
also create a LOT of temp files and 99.999% of the time I do not ever
want to see them again.
What I do NOT understand is why none of the tools I tried could find any
trace of the file after that. The only think I can think of is that it
was overwritten right away by something else, though I went to some
pains NOT to do that, perhaps some auto-save on something did it anyway.
The problem on the Linux side is that I'm using ext3, which is
journaled, and thus deliberately zeros out block pointers in inodes
(think FAT pointers) on deletion to make journal replays easier on
restart. So according to everything Google could find, the only option
in ext3 is to grep the disk looking for snippets. That has a chance of
working for code, but you are toast for binaries. In my case, it worked
OK and I was able to recover pretty much all of the code without even
unmounting the partition. [1]
On the Windows side, I found several interesting FREE tools. These two
both looked promising, and both found lots of stuff to undelete, but
none of it was my script.
http://ntfsundelete.com/
http://www.undelete-plus.com/
http://www.theabsolute.net/sware/diskinv.html looks really
interesting--kind of like the old Norton Disk Utility. Unfortunately,
you have to install it, and even I after installed it to another drive
it didn't work right. But the drive I installed to was over Samba, and
that probably broke it; the tool worked fine on a W2K Pro test box with
a local install.
Since I'd closed the file in my editor, it was gone from there and there
were no temp files. But there was a temp file of the POD (Perl's Plain
Old Documentation) from perldoc, which I used to re-create the docs.
So between what I could grep from Linux and recover the the temp file on
Windows, I have the file back, and the "new" output is identical to the
"old" output that I hadn't moved or deleted...
Sigh, what a waste an afternoon,
JP
[1] Grep commands (as root) I used, where my data partition on my RAID5
array is on /dev/sda2:
# grep -a -A 700 'llr2tab.pl' /dev/sda2 | strings | less
# grep -a -A 200 '# First, check the entire record verbatim' /dev/sda2 |
strings | less
----------------------------|:::======|-------------------------------
JP Vossen, CISSP |:::======| jp{at}jpsdomain{dot}org
My Account, My Opinions |=========| http://www.jpsdomain.org/
----------------------------|=========|-------------------------------
Microsoft has single-handedly nullified Moore's Law.
Innate design flaws of Windows make a personal firewall, anti-virus
and anti-malware software mandatory. The resulting software arms race
has effectively flattened Moore's Law on hardware running Windows.
To unsubscribe from this list, send an e-mail to pantug...@pantug.org with the subject: Unsubscribe