This should help you to help us:)
How to compile the Linux driver as a module?
Extract the latest driver sources with tar -xvzopf ntfs-yymmdd.tgz
, then enter the right directory with cd ntfs
. Edit linux.mk to fit your desires (NTFS_DEVICE and MOUNT_POINT are respectively the default NTFS partition and mount point). Then just type make linux
. Now you should have, among the NTFS tools (ntdir, ntdump, ...), the NTFS module. Copy it as root to your module directory, using something like cp ntfs.o /lib/modules/2.x.yy/fs
and if you have kerneld, do depmod -a
in order it to find the module next time it will be asked to load it.
How to mount a NTFS partition?
If you don't use kerneld, load the NTFS module with insmod ntfs
. Then, type as usually mount -t ntfs <your NTFS partition> <your mount point>
How to enable/disable the debug mode?
Verify that you have compiled your driver with DEBUG_NTFS=y in linux.mk. Then just type echo "3" > /proc/sys/fs/ntfs-debug
to enable the logging of full debug information in your system logs, and echo "0" > /proc/sys/fs/ntfs-debug
to disable it. Note that if you use the driver as a module, you can also set this value at load-time using the ntdebug parameter with a value of 0 to 3.
Say that your volume is mounted in /nt and that the full path of the file is /nt/foo/bar/file, just type: ntdir foo/bar --long
and look at the decimal number just at the left of file. It is always 5 for the root directory.
Say that the file has the base FILE record decimal number x. Simply type: ntdump -i x
, and stop the dump with Control-C.
Just type: ntdump -i 7
, stops the dump with Control-C, and read the byte at the offset 40.
Say that the file has the base FILE record number x, and that your number of cluster per FILE record is y. Compute the decimal product z=x*y, then type: ntdump -i 0 -c z
, and stop the dump with Control-C.
Say that file has the base FILE record decimal number x. Simply type: ntdump -i x --mft
Regis Duchesne at VIA, ECP, France
Last modified: Wed Jan 27 00:02:20 PST 1999