Scribd
Upload
87 views10 pages

Lecture # 36: System Programming Course Code: CS609 Cs609@vu - Edu.pk

The document discusses file system concepts in system programming. Specifically, it talks about converting cluster numbers to LSNs, shows the contents of files including executable code and text, and demonstrates deleting a file from the root directory.

Uploaded by

api-3812413
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
87 views10 pages

Lecture # 36: System Programming Course Code: CS609 Cs609@vu - Edu.pk

The document discusses file system concepts in system programming. Specifically, it talks about converting cluster numbers to LSNs, shows the contents of files including executable code and text, and demonstrates deleting a file from the root directory.

Uploaded by

api-3812413
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd

System Programming Course Code: CS609

Cs609@[Link]

Lecture # 36

Now converting all those cluster number in previous lecture into LSN we get the starting
LSN for each cluster.
For cluster # 0009H and 55h

Contents of FILE
-l 1000 5 1f8 8

-d 1000

13A6:1000 65 65 6E 20 64 65 6C 65-74 65 64 20 61 63 63 69 een deleted acci


13A6:1010 64 65 6E 74 6C 79 20 61-6E 64 20 69 66 20 79 6F dently and if yo
13A6:1020 75 0D 0A 77 61 6E 74 20-74 6F 20 63 6F 70 79 20 u..want to copy
13A6:1030 61 6C 6C 20 65 78 65 63-75 74 61 62 6C 65 20 66 all executable f
13A6:1040 69 6C 65 73 20 74 6F 20-74 68 65 20 73 70 65 63 iles to the spec
13A6:1050 69 66 69 65 64 20 64 69-72 65 63 74 6F 72 79 2C ified directory,
13A6:1060 20 79 6F 75 20 68 61 76-65 20 74 6F 0D 0A 72 65 you have to..re
13A6:1070 63 6F 6D 70 69 6C 65 20-61 6C 6C 20 74 68 65 20 compile all the
-l 1000 5 458 8

-d 1000

13A6:1000 20 2A 2F 0D 0A 0D 0A 09-77 68 69 6C 65 20 28 20 */.....while (


13A6:1010 71 20 21 3D 20 4E 55 4C-4C 20 29 0D 0A 09 7B 0D q != NULL )...{.
13A6:1020 0A 09 09 73 20 3D 20 72-20 3B 0D 0A 09 09 72 20 ...s = r ;....r
13A6:1030 3D 20 71 20 3B 0D 0A 09-09 71 20 3D 20 71 20 2D = q ;....q = q -
13A6:1040 3E 20 6C 69 6E 6B 20 3B-0D 0A 09 09 72 20 2D 3E > link ;....r ->
13A6:1050 20 6C 69 6E 6B 20 3D 20-73 20 3B 0D 0A 09 7D 0D link = s ;...}.
13A6:1060 0A 0D 0A 09 2A 78 20 3D-20 72 20 3B 0D 0A 7D 0D ....*x = r ;..}.
13A6:1070 0A 0D 0A 2F 2A 20 64 69-73 70 6C 61 79 73 20 74 .../* displays t

For cluster 56H and 57H

Cont…
-l 1000 5 460 8

-d 1000

13A6:1000 20 61 72 72 2C 20 62 76-61 6C 2C 20 65 76 61 6C arr, bval, eval


13A6:1010 2C 20 28 20 70 20 2B 20-31 20 29 2C 20 6C 61 73 , ( p + 1 ), las
13A6:1020 74 73 75 62 20 29 20 3B-0D 0A 0D 0A 09 09 61 72 tsub ) ;......ar
13A6:1030 72 5B 70 5D 2B 2B 20 3B-0D 0A 09 7D 0D 0A 7D 0D r[p]++ ;...}..}.
13A6:1040 0A 0D 0A 77 6F 72 6B 20-28 20 69 6E 74 20 2A 61 ...work ( int *a
13A6:1050 72 72 2C 20 69 6E 74 20-6C 61 73 74 73 75 62 20 rr, int lastsub
13A6:1060 29 0D 0A 7B 0D 0A 09 69-6E 74 20 70 2C 20 6A 2C )..{...int p, j,
13A6:1070 20 6E 75 6D 20 3B 0D 0A-0D 0A 09 66 6F 72 20 28 num ;.....for (

-l 1000 5 468 8

-d 1000

13A6:1000 09 09 09 09 72 20 3D 20-30 20 3B 0D 0A 09 09 09 ....r = 0 ;.....


13A6:1010 09 62 72 65 61 6B 20 3B-0D 0A 09 09 7D 0D 0A 09 .break ;....}...
13A6:1020 7D 0D 0A 09 70 72 69 6E-74 66 20 28 20 22 25 64 }...printf ( "%d
13A6:1030 22 2C 20 72 65 73 75 6C-74 20 29 20 3B 0D 0A 7D ", result ) ;..}
13A6:1040 0D 0A 0D 0A 2D 2D 2D 2D-2D 2D 2D 2D 2D 2D 2D 2D ....------------
13A6:1050 2D 2D 2D 2D 2D 2D 2D 2D-2D 2D 2D 2D 2D 2D 2D 2D ----------------
13A6:1060 2D 2D 2D 2D 2D 2D 2D 2D-2D 2D 2D 2D 2D 2D 2D 2D ----------------
13A6:1070 2D 2D 2D 2D 2D 2D 2D 2D-2D 2D 2D 2D 2D 2D 2D 2D ----------------
-q

Virtual University of Pakistan 30


System Programming Course Code: CS609
Cs609@[Link]

File Delete Experiment (Contents of ROOT)


-l 1000 5 1a0 20

-d 1000 5000
13A6:1000 4E 45 57 20 56 4F 4C 55-4D 45 20 08 00 00 00 00 NEW VOLUME .....
13A6:1010 00 00 00 00 00 00 61 76-2D 33 00 00 00 00 00 00 ......av-3......
13A6:1020 41 52 00 65 00 63 00 79-00 63 00 0F 00 21 6C 00 AR.e.c.y.c...!l.
13A6:1030 65 00 64 00 00 00 FF FF-FF FF 00 00 FF FF FF FF e.d.............
13A6:1040 52 45 43 59 43 4C 45 44-20 20 20 16 00 4E 79 5E RECYCLED ..Ny^
13A6:1050 2F 33 2F 33 00 00 7A 5E-2F 33 02 00 00 00 00 00 /3/3..z^/3......
13A6:1060 42 20 00 49 00 6E 00 66-00 6F 00 0F 00 72 72 00 B .I.n.f.o...rr.
13A6:1070 6D 00 61 00 74 00 69 00-6F 00 00 00 6E 00 00 00 m.a.t.i.o...n...
13A6:1080 01 53 00 79 00 73 00 74-00 65 00 0F 00 72 6D 00 .S.y.s.t.e...rm.
13A6:1090 20 00 56 00 6F 00 6C 00-75 00 00 00 6D 00 65 00 .V.o.l.u...m.e.
13A6:10A0 53 59 53 54 45 4D 7E 31-20 20 20 16 00 4E 79 5E SYSTEM~1 ..Ny^
13A6:10B0 2F 33 2F 33 00 00 7A 5E-2F 33 03 00 00 00 00 00 /3/3..z^/3......
13A6:10C0 41 64 00 50 00 62 00 31-00 2E 00 0F 00 6A 74 00 Ad.P.b.1.....jt.
13A6:10D0 78 00 74 00 00 00 FF FF-FF FF 00 00 FF FF FF FF x.t.............
13A6:10E0 44 50 42 31 20 20 20 20-54 58 54 20 00 57 81 69 DPB1 TXT .W.i
13A6:10F0 36 33 36 33 00 00 07 78-36 33 0A 00 8A 06 00 00 6363...x63......
13A6:1100 44 50 42 32 20 20 20 20-54 58 54 20 18 12 AE 69 DPB2 TXT ...i
13A6:1110 36 33 36 33 00 00 03 75-36 33 0B 00 5F 06 00 00 6363...u63.._...
13A6:1120 46 49 52 53 54 20 20 20-20 20 20 10 08 6F ED 56 FIRST ..o.V
13A6:1130 3C 33 3C 33 00 00 EE 56-3C 33 0C 00 00 00 00 00 <3<3...V<3......
13A6:1140 53 45 43 4F 4E 44 20 20-20 20 20 10 08 50 EF 56 SECOND ..P.V
13A6:1150 3C 33 3C 33 00 00 F0 56-3C 33 12 00 00 00 00 00 <3<3...V<3......
13A6:1160 54 48 49 52 44 20 20 20-20 20 20 10 08 1B F1 56 THIRD ....V
13A6:1170 3C 33 3C 33 00 00 F2 56-3C 33 13 00 00 00 00 00 <3<3...V<3......

Cont…
13A6:1180 E5 52 45 45 20 20 20 20-54 58 54 20 18 89 4C 57 .REE TXT ..LW
13A6:1190 3C 33 3C 33 00 00 4D 57-3C 33 1D 00 F8 00 00 00 <3<3..MW<3......
13A6:11A0 E5 52 56 50 42 46 20 20-54 58 54 20 18 85 43 6C .RVPBF TXT ..Cl
13A6:11B0 3C 33 3C 33 00 00 62 6C-3C 33 10 00 AF 00 00 00 <3<3..bl<3......
13A6:11C0 E5 52 56 50 42 46 20 20-54 58 54 20 18 08 BB 6C .RVPBF TXT ...l
13A6:11D0 3C 33 3C 33 00 00 83 6D-3C 33 10 00 BA 04 00 00 <3<3...m<3......
13A6:11E0 E5 4F 4F 54 46 20 20 20-54 58 54 20 18 45 D3 6D .OOTF TXT .E.m
13A6:11F0 3C 33 3C 33 00 00 F8 6D-3C 33 11 00 6F 4F 00 00 <3<3...m<3..oO..
13A6:1200 E5 4F 4F 54 46 20 20 20-54 58 54 20 18 04 CF 6E .OOTF TXT ...n
13A6:1210 3C 33 3C 33 00 00 F8 6D-3C 33 1D 00 6F 4F 00 00 <3<3...m<3..oO..
13A6:1220 44 52 56 50 42 46 20 20-54 58 54 20 18 04 CF 6E DRVPBF TXT ...n
13A6:1230 3C 33 3C 33 00 00 83 6D-3C 33 22 00 BA 04 00 00 <3<3...m<3".....
13A6:1240 54 52 45 45 20 20 20 20-54 58 54 20 18 05 CF 6E TREE TXT ...n
13A6:1250 3C 33 3C 33 00 00 4D 57-3C 33 23 00 F8 00 00 00 <3<3..MW<3#.....
13A6:1260 52 4F 4F 54 46 20 20 20-54 58 54 20 18 04 CF 6E ROOTF TXT ...n
13A6:1270 3C 33 3C 33 00 00 36 73-3C 33 24 00 67 ED 00 00 <3<3..6s<3$.g...
13A6:1280 E5 5F 41 4E 53 20 20 20-54 58 54 20 10 9D 7D 6F ._ANS TXT ..}o
13A6:1290 3C 33 3C 33 00 00 60 05-72 28 29 00 4F 8F 00 00 <3<3..`.r().O...
13A6:12A0 E5 43 00 70 00 61 00 70-00 65 00 0F 00 54 72 00 .C.p.a.p.e...Tr.
13A6:12B0 2E 00 74 00 78 00 74 00-00 00 00 00 FF FF FF FF ..t.x.t.........
13A6:12C0 E5 50 41 50 45 52 20 20-54 58 54 20 00 9D 7D 6F .PAPER TXT ..}o
13A6:12D0 3C 33 3D 33 00 00 60 05-72 28 29 00 4F 8F 00 00 <3=3..`.r().O...
13A6:12E0 E5 6D 00 65 00 6E 00 74-00 2E 00 0F 00 9F 74 00 .m.e.n.t......t.
13A6:12F0 78 00 74 00 00 00 FF FF-FF FF 00 00 FF FF FF FF x.t.............
13A6:1300 E5 4E 00 65 00 77 00 20-00 54 00 0F 00 9F 65 00 .N.e.w. .T....e.
13A6:1310 78 00 74 00 20 00 44 00-6F 00 00 00 63 00 75 00 x.t. .D.o...c.u.

Virtual University of Pakistan 31


System Programming Course Code: CS609
Cs609@[Link]

Cont…
13A6:1320 E5 45 57 54 45 58 7E 31-54 58 54 20 00 32 09 73 .EWTEX~1TXT .2.s
13A6:1330 3C 33 3C 33 00 00 0A 73-3C 33 00 00 00 00 00 00 <3<3...s<3......
13A6:1340 54 45 53 54 20 20 20 20-54 58 54 20 18 32 09 73 TEST TXT .2.s
13A6:1350 3C 33 3C 33 00 00 17 73-3C 33 45 00 27 00 00 00 <3<3...s<3E.'...
13A6:1360 46 49 4C 45 20 20 20 20-54 58 54 20 18 81 83 73 FILE TXT ...s
13A6:1370 3C 33 3C 33 00 00 8D 73-3C 33 54 00 99 02 00 00 <3<3...s<3T.....
13A6:1380 E5 30 58 58 20 20 20 20-54 4D 50 20 18 65 A6 68 .0XX TMP .e.h
13A6:1390 3D 33 3D 33 00 00 A7 68-3D 33 08 00 12 63 00 00 =3=3...h=3...c..
13A6:13A0 41 43 00 70 00 61 00 70-00 65 00 0F 00 54 72 00 AC.p.a.p.e...Tr.
13A6:13B0 2E 00 74 00 78 00 74 00-00 00 00 00 FF FF FF FF ..t.x.t.........
13A6:13C0 43 50 41 50 45 52 20 20-54 58 54 20 00 9D 7D 6F CPAPER TXT ..}o
13A6:13D0 3C 33 3D 33 00 00 A7 68-3D 33 08 00 12 63 00 00 <3=3...h=3...c..
13A6:13E0 46 44 50 42 20 20 20 20-54 58 54 20 18 05 56 69 FDPB TXT ..Vi
13A6:13F0 3D 33 3D 33 00 00 BD 69-3D 33 29 00 BA 04 00 00 =3=3...i=3).....
13A6:1400 46 44 44 20 20 20 20 20-54 58 54 20 18 48 E4 75 FDD TXT .H.u
13A6:1410 3D 33 3D 33 00 00 23 76-3D 33 2A 00 13 00 00 00 =3=3..#v=3*.....

Now lets just analyse the contents of root directory of the same volume. If the DIR
command is performed on the same volume its result will be as below. Note the entry for
file named [Link]

Contents of Root Listing


Volume in drive F is NEW VOLUME
Volume Serial Number is 2CA5-BC35

Directory of F:\

22-09-05 03:00 PM 1,674 [Link]


22-09-05 02:40 PM 1,631 [Link]
28-09-05 10:55 AM <DIR> first
28-09-05 10:55 AM <DIR> second
28-09-05 10:55 AM <DIR> third
28-09-05 01:44 PM 1,210 [Link]
28-09-05 10:58 AM 248 [Link]
28-09-05 02:25 PM 60,775 [Link]
28-09-05 02:24 PM 39 [Link]
28-09-05 02:28 PM 665 [Link]
29-09-05 01:05 PM 25,362 [Link]
29-09-05 01:13 PM 1,210 [Link]
29-09-05 02:49 PM 80,999 [Link]
29-09-05 03:02 PM 1,305 [Link]
29-09-05 03:06 PM 2,657 [Link]
29-09-05 03:52 PM 0 [Link]
13 File(s) 177,775 bytes
3 Dir(s) 213,278,720 bytes free

Virtual University of Pakistan 32


System Programming Course Code: CS609
Cs609@[Link]

Now on the same volume the file [Link] is deleted. Lets analyse the contents of the
root directory now.

Contents of Root After Deleting


-l 1000 5 1a0 20

-d1000 5000

13A6:1000 4E 45 57 20 56 4F 4C 55-4D 45 20 08 00 00 00 00 NEW VOLUME .....


13A6:1010 00 00 00 00 00 00 61 76-2D 33 00 00 00 00 00 00 ......av-3......
13A6:1020 41 52 00 65 00 63 00 79-00 63 00 0F 00 21 6C 00 AR.e.c.y.c...!l.
13A6:1030 65 00 64 00 00 00 FF FF-FF FF 00 00 FF FF FF FF e.d.............
13A6:1040 52 45 43 59 43 4C 45 44-20 20 20 16 00 4E 79 5E RECYCLED ..Ny^
13A6:1050 2F 33 2F 33 00 00 7A 5E-2F 33 02 00 00 00 00 00 /3/3..z^/3......
13A6:1060 42 20 00 49 00 6E 00 66-00 6F 00 0F 00 72 72 00 B .I.n.f.o...rr.
13A6:1070 6D 00 61 00 74 00 69 00-6F 00 00 00 6E 00 00 00 m.a.t.i.o...n...
13A6:1080 01 53 00 79 00 73 00 74-00 65 00 0F 00 72 6D 00 .S.y.s.t.e...rm.
13A6:1090 20 00 56 00 6F 00 6C 00-75 00 00 00 6D 00 65 00 .V.o.l.u...m.e.
13A6:10A0 53 59 53 54 45 4D 7E 31-20 20 20 16 00 4E 79 5E SYSTEM~1 ..Ny^
13A6:10B0 2F 33 2F 33 00 00 7A 5E-2F 33 03 00 00 00 00 00 /3/3..z^/3......
13A6:10C0 41 64 00 50 00 62 00 31-00 2E 00 0F 00 6A 74 00 Ad.P.b.1.....jt.
13A6:10D0 78 00 74 00 00 00 FF FF-FF FF 00 00 FF FF FF FF x.t.............
13A6:10E0 44 50 42 31 20 20 20 20-54 58 54 20 00 57 81 69 DPB1 TXT .W.i
13A6:10F0 36 33 36 33 00 00 07 78-36 33 0A 00 8A 06 00 00 6363...x63......
13A6:1100 44 50 42 32 20 20 20 20-54 58 54 20 18 12 AE 69 DPB2 TXT ...i
13A6:1110 36 33 36 33 00 00 03 75-36 33 0B 00 5F 06 00 00 6363...u63.._...
13A6:1120 46 49 52 53 54 20 20 20-20 20 20 10 08 6F ED 56 FIRST ..o.V
13A6:1130 3C 33 3C 33 00 00 EE 56-3C 33 0C 00 00 00 00 00 <3<3...V<3......
13A6:1140 53 45 43 4F 4E 44 20 20-20 20 20 10 08 50 EF 56 SECOND ..P.V
13A6:1150 3C 33 3C 33 00 00 F0 56-3C 33 12 00 00 00 00 00 <3<3...V<3......
13A6:1160 54 48 49 52 44 20 20 20-20 20 20 10 08 1B F1 56 THIRD ....V
13A6:1170 3C 33 3C 33 00 00 F2 56-3C 33 13 00 00 00 00 00 <3<3...V<3......

Cont…
13A6:1180 E5 52 45 45 20 20 20 20-54 58 54 20 18 89 4C 57 .REE TXT ..LW
13A6:1190 3C 33 3C 33 00 00 4D 57-3C 33 1D 00 F8 00 00 00 <3<3..MW<3......
13A6:11A0 E5 52 56 50 42 46 20 20-54 58 54 20 18 85 43 6C .RVPBF TXT ..Cl
13A6:11B0 3C 33 3C 33 00 00 62 6C-3C 33 10 00 AF 00 00 00 <3<3..bl<3......
13A6:11C0 E5 52 56 50 42 46 20 20-54 58 54 20 18 08 BB 6C .RVPBF TXT ...l
13A6:11D0 3C 33 3C 33 00 00 83 6D-3C 33 10 00 BA 04 00 00 <3<3...m<3......
13A6:11E0 E5 4F 4F 54 46 20 20 20-54 58 54 20 18 45 D3 6D .OOTF TXT .E.m
13A6:11F0 3C 33 3C 33 00 00 F8 6D-3C 33 11 00 6F 4F 00 00 <3<3...m<3..oO..
13A6:1200 E5 4F 4F 54 46 20 20 20-54 58 54 20 18 04 CF 6E .OOTF TXT ...n
13A6:1210 3C 33 3C 33 00 00 F8 6D-3C 33 1D 00 6F 4F 00 00 <3<3...m<3..oO..
13A6:1220 44 52 56 50 42 46 20 20-54 58 54 20 18 04 CF 6E DRVPBF TXT ...n
13A6:1230 3C 33 3C 33 00 00 83 6D-3C 33 22 00 BA 04 00 00 <3<3...m<3".....
13A6:1240 54 52 45 45 20 20 20 20-54 58 54 20 18 05 CF 6E TREE TXT ...n
13A6:1250 3C 33 3C 33 00 00 4D 57-3C 33 23 00 F8 00 00 00 <3<3..MW<3#.....
13A6:1260 52 4F 4F 54 46 20 20 20-54 58 54 20 18 04 CF 6E ROOTF TXT ...n
13A6:1270 3C 33 3C 33 00 00 36 73-3C 33 24 00 67 ED 00 00 <3<3..6s<3$.g...
13A6:1280 E5 5F 41 4E 53 20 20 20-54 58 54 20 10 9D 7D 6F ._ANS TXT ..}o
13A6:1290 3C 33 3C 33 00 00 60 05-72 28 29 00 4F 8F 00 00 <3<3..`.r().O...
13A6:12A0 E5 43 00 70 00 61 00 70-00 65 00 0F 00 54 72 00 .C.p.a.p.e...Tr.
13A6:12B0 2E 00 74 00 78 00 74 00-00 00 00 00 FF FF FF FF ..t.x.t.........
13A6:12C0 E5 50 41 50 45 52 20 20-54 58 54 20 00 9D 7D 6F .PAPER TXT ..}o
13A6:12D0 3C 33 3D 33 00 00 60 05-72 28 29 00 4F 8F 00 00 <3=3..`.r().O...
13A6:12E0 E5 6D 00 65 00 6E 00 74-00 2E 00 0F 00 9F 74 00 .m.e.n.t......t.
13A6:12F0 78 00 74 00 00 00 FF FF-FF FF 00 00 FF FF FF FF x.t.............
13A6:1300 E5 4E 00 65 00 77 00 20-00 54 00 0F 00 9F 65 00 .N.e.w. .T....e.
13A6:1310 78 00 74 00 20 00 44 00-6F 00 00 00 63 00 75 00 x.t. .D.o...c.u.

The entry for [Link] still exists as can be seen from the next slide. The only
difference that have occurred is that the first character has been replaced by a byte with
the value 0xE5

Virtual University of Pakistan 33


System Programming Course Code: CS609
Cs609@[Link]

Cont…
13A6:1320 E5 45 57 54 45 58 7E 31-54 58 54 20 00 32 09 73 .EWTEX~1TXT .2.s
13A6:1330 3C 33 3C 33 00 00 0A 73-3C 33 00 00 00 00 00 00 <3<3...s<3......
13A6:1340 E5 45 53 54 20 20 20 20-54 58 54 20 18 32 09 73 .EST TXT .2.s
13A6:1350 3C 33 3C 33 00 00 17 73-3C 33 45 00 27 00 00 00 <3<3...s<3E.'...
13A6:1360 46 49 4C 45 20 20 20 20-54 58 54 20 18 81 83 73 FILE TXT ...s
13A6:1370 3C 33 3C 33 00 00 8D 73-3C 33 54 00 99 02 00 00 <3<3...s<3T.....
13A6:1380 E5 30 58 58 20 20 20 20-54 4D 50 20 18 65 A6 68 .0XX TMP .e.h
13A6:1390 3D 33 3D 33 00 00 A7 68-3D 33 08 00 12 63 00 00 =3=3...h=3...c..
13A6:13A0 41 43 00 70 00 61 00 70-00 65 00 0F 00 54 72 00 AC.p.a.p.e...Tr.
13A6:13B0 2E 00 74 00 78 00 74 00-00 00 00 00 FF FF FF FF ..t.x.t.........
13A6:13C0 43 50 41 50 45 52 20 20-54 58 54 20 00 9D 7D 6F CPAPER TXT ..}o
13A6:13D0 3C 33 3D 33 00 00 A7 68-3D 33 08 00 12 63 00 00 <3=3...h=3...c..
13A6:13E0 46 44 50 42 20 20 20 20-54 58 54 20 18 05 56 69 FDPB TXT ..Vi
13A6:13F0 3D 33 3D 33 00 00 BD 69-3D 33 29 00 BA 04 00 00 =3=3...i=3).....
13A6:1400 46 44 44 20 20 20 20 20-54 58 54 20 18 48 E4 75 FDD TXT .H.u
13A6:1410 3D 33 3D 33 00 00 31 76-3D 33 2A 00 67 3C 01 00 =3=3..1v=3*.g<..
13A6:1420 E5 46 41 54 20 20 20 20-54 58 54 20 18 96 2C 78 .FAT TXT ..,x
13A6:1430 3D 33 3D 33 00 00 37 78-3D 33 6D 00 1A 05 00 00 =3=3..7x=3m.....
13A6:1440 46 46 41 54 20 20 20 20-54 58 54 20 18 96 2C 78 FFAT TXT ..,x
13A6:1450 3D 33 3D 33 00 00 50 78-3D 33 6E 00 19 05 00 00 =3=3..Px=3n.....
13A6:1460 46 46 49 4C 45 20 20 20-54 58 54 20 18 11 97 78 FFILE TXT ...x
13A6:1470 3D 33 3D 33 00 00 D3 78-3D 33 6D 00 61 0A 00 00 =3=3...x=3m.a...
13A6:1480 44 49 52 20 20 20 20 20-54 58 54 20 18 49 9A 7E DIR TXT .I.~
13A6:1490 3D 33 3D 33 00 00 9B 7E-3D 33 6F 00 AC 03 00 00 =3=3...~=3o.....
13A6:14A0 44 49 52 44 20 20 20 20-54 58 54 20 18 7B C0 7E DIRD TXT .{.~
13A6:14B0 3D 33 3D 33 00 00 C1 7E-3D 33 45 00 AC 03 00 00 =3=3...~=3E.....
13A6:14C0 44 44 44 45 4C 20 20 20-54 58 54 20 18 49 F7 7E DDDEL TXT .I.~
13A6:14D0 3D 33 3D 33 00 00 F8 7E-3D 33 70 00 13 00 00 00 =3=3...~=3p.....

But when the DIR command execute on the same volume the file does not show.

Contents of Root Listing After Deleting


Volume in drive F is NEW VOLUME
Volume Serial Number is 2CA5-BC35

Directory of F:\

22-09-05 03:00 PM 1,674 [Link]


22-09-05 02:40 PM 1,631 [Link]
28-09-05 10:55 AM <DIR> first
28-09-05 10:55 AM <DIR> second
28-09-05 10:55 AM <DIR> third
28-09-05 01:44 PM 1,210 [Link]
28-09-05 10:58 AM 248 [Link]
28-09-05 02:25 PM 60,775 [Link]
28-09-05 02:28 PM 665 [Link]
29-09-05 01:05 PM 25,362 [Link]
29-09-05 01:13 PM 1,210 [Link]
29-09-05 02:49 PM 80,999 [Link]
29-09-05 03:02 PM 1,305 [Link]
29-09-05 03:06 PM 2,657 [Link]
29-09-05 03:52 PM 940 [Link]
29-09-05 03:54 PM 0 [Link]
13 File(s) 178,676 bytes
3 Dir(s) 213,278,720 bytes free

Now lets see the contents of the file by converting the first cluster number in the FCB
into LSN and taking its dump. We get the following slide.

Virtual University of Pakistan 34


System Programming Course Code: CS609
Cs609@[Link]

Contents of File After Deleting


-l 1000 5 3d8 1

-d 1000

13AD:1000 74 68 69 73 20 69 73 20-61 20 74 65 73 74 20 74 this is a test t


13AD:1010 65 78 74 20 66 69 6C 65-20 66 6F 72 20 31 36 20 ext file for 16
13AD:1020 62 69 74 20 46 41 54 00-00 00 00 00 00 00 00 00 bit FAT.........
13AD:1030 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13AD:1040 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13AD:1050 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13AD:1060 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13AD:1070 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
-q

The contents of the file are still there.

So we infer the following.

Deleted Files
• 0xE5 at the start of file entry is used to mark the
file as deleted.
• The contents of file still remain on disk.
• The contents can be recovered by placing a valid
file name, character in place of E5 and then
recovering the chain of file in FAT.
• If somehow the clusters used by deleted file has
been overwritten by some other file, it cannot be
recovered.

Not only the file is marked for deletion but also the chain of its cluster in FAT is
reclaimed by putting zeros in there place. This also indicate that these clusters are now
free.

Virtual University of Pakistan 35


System Programming Course Code: CS609
Cs609@[Link]

Now lets have some discussion about sub-directories. In the contents of the above given
root directory notice an entry named SECOND. The attribute byte of this entry is 0x20
which indicates that it’s a directory, the size is 0 which shows that there is now user data
in it, but even though the size 0 its has a first cluster which is 0x12. Converting 0x12 into
LSN and then reading its contents we get the following dump. This shows that this cluster
contains the FCBs for all the file and folders within this directory.

Contents of Sub-Directories
-l 1000 5 240 8

-d 1000

13A6:1000 2E 20 20 20 20 20 20 20-20 20 20 10 00 50 EF 56 . ..P.V


13A6:1010 3C 33 3C 33 00 00 F0 56-3C 33 12 00 00 00 00 00 <3<3...V<3......
13A6:1020 2E 2E 20 20 20 20 20 20-20 20 20 10 00 50 EF 56 .. ..P.V
13A6:1030 3C 33 3C 33 00 00 F0 56-3C 33 00 00 00 00 00 00 <3<3...V<3......
13A6:1040 53 55 42 31 20 20 20 20-20 20 20 10 08 B1 07 57 SUB1 ....W
13A6:1050 3C 33 3C 33 00 00 08 57-3C 33 16 00 00 00 00 00 <3<3...W<3......
13A6:1060 53 55 42 32 20 20 20 20-20 20 20 10 08 23 0A 57 SUB2 ..#.W
13A6:1070 3C 33 3D 33 00 00 0B 57-3C 33 17 00 00 00 00 00 <3=3...W<3......

-l 1000 5 268 8

-d 1000

13A6:1000 2E 20 20 20 20 20 20 20-20 20 20 10 00 23 0A 57 . ..#.W


13A6:1010 3C 33 3C 33 00 00 0B 57-3C 33 17 00 00 00 00 00 <3<3...W<3......
13A6:1020 2E 2E 20 20 20 20 20 20-20 20 20 10 00 23 0A 57 .. ..#.W
13A6:1030 3C 33 3C 33 00 00 0B 57-3C 33 12 00 00 00 00 00 <3<3...W<3......
13A6:1040 53 55 42 33 20 20 20 20-20 20 20 10 08 9A 0E 57 SUB3 ....W
13A6:1050 3C 33 3D 33 00 00 0F 57-3C 33 18 00 00 00 00 00 <3=3...W<3......
13A6:1060 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13A6:1070 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

In the entries within SECOND we see an entry SUB2. Its starting cluster is 0017H. This
value is converted into LSN and the contents read. The slide above also show the
contents of SUB2.

Virtual University of Pakistan 36


System Programming Course Code: CS609
Cs609@[Link]

Similarly the following slide shows the contents of SUB3 within SUB2 and the contents
of SUB4 within SUB3.

Cont…
-l 1000 5 270 8

-d 1000

13A6:1000 2E 20 20 20 20 20 20 20-20 20 20 10 00 9A 0E 57 . ....W


13A6:1010 3C 33 3C 33 00 00 0F 57-3C 33 18 00 00 00 00 00 <3<3...W<3......
13A6:1020 2E 2E 20 20 20 20 20 20-20 20 20 10 00 9A 0E 57 .. ....W
13A6:1030 3C 33 3C 33 00 00 0F 57-3C 33 17 00 00 00 00 00 <3<3...W<3......
13A6:1040 53 55 42 34 20 20 20 20-20 20 20 10 08 AF 12 57 SUB4 ....W
13A6:1050 3C 33 3D 33 00 00 13 57-3C 33 19 00 00 00 00 00 <3=3...W<3......
13A6:1060 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13A6:1070 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

-l 1000 5 278 8

-d 1000

13A6:1000 2E 20 20 20 20 20 20 20-20 20 20 10 00 AF 12 57 . ....W


13A6:1010 3C 33 3C 33 00 00 13 57-3C 33 19 00 00 00 00 00 <3<3...W<3......
13A6:1020 2E 2E 20 20 20 20 20 20-20 20 20 10 00 AF 12 57 .. ....W
13A6:1030 3C 33 3C 33 00 00 13 57-3C 33 18 00 00 00 00 00 <3<3...W<3......
13A6:1040 53 55 42 35 20 20 20 20-20 20 20 10 08 0D 17 57 SUB5 ....W
13A6:1050 3C 33 3D 33 00 00 18 57-3C 33 1A 00 00 00 00 00 <3=3...W<3......
13A6:1060 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13A6:1070 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

The following slide shows the contents of SUB5 and also the contents of file
[Link] in SUB5.

Cont…
-l 1000 5 280 8

-d 1000

13A6:1000 2E 20 20 20 20 20 20 20-20 20 20 10 00 0D 17 57 . ....W


13A6:1010 3C 33 3C 33 00 00 18 57-3C 33 1A 00 00 00 00 00 <3<3...W<3......
13A6:1020 2E 2E 20 20 20 20 20 20-20 20 20 10 00 0D 17 57 .. ....W
13A6:1030 3C 33 3C 33 00 00 18 57-3C 33 19 00 00 00 00 00 <3<3...W<3......
13A6:1040 4D 59 46 49 4C 45 20 20-54 58 54 20 18 00 23 57 MYFILE TXT ..#W
13A6:1050 3C 33 3C 33 00 00 25 57-3C 33 1B 00 15 00 00 00 <3<3..%W<3......
13A6:1060 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13A6:1070 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

-l 1000 5 288 8

-d 1000

13A6:1000 73 6E 66 6B 73 6E 66 73-6E 66 61 73 6E 7A 78 63 snfksnfsnfasnzxc


13A6:1010 73 64 63 0D 0A 00 00 00-00 00 00 00 00 00 00 00 sdc.............
13A6:1020 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13A6:1030 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13A6:1040 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13A6:1050 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13A6:1060 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13A6:1070 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
-q

Virtual University of Pakistan 37


System Programming Course Code: CS609
Cs609@[Link]

In all the sub-directories one thing is worth noticing. The first two entries are the . and ..
entries. These two are special entries as described in the slide below.

The . and . . Directories


cd .
gives the current path
cd . .
goes one level backwards.

Notice the contents of SECOND directory. The . entry has the cluster number 0012H
which is the cluster number for the SECOND directory and the .. entry has cluster
number which indicates the higher level directory which is the root directory.

. and .. Sub-Directories
-l 1000 5 240 8

-d 1000

13A6:1000 2E 20 20 20 20 20 20 20-20 20 20 10 00 50 EF 56 . ..P.V


13A6:1010 3C 33 3C 33 00 00 F0 56-3C 33 12 00 00 00 00 00 <3<3...V<3......
13A6:1020 2E 2E 20 20 20 20 20 20-20 20 20 10 00 50 EF 56 .. ..P.V
13A6:1030 3C 33 3C 33 00 00 F0 56-3C 33 00 00 00 00 00 00 <3<3...V<3......
13A6:1040 53 55 42 31 20 20 20 20-20 20 20 10 08 B1 07 57 SUB1 ....W
13A6:1050 3C 33 3C 33 00 00 08 57-3C 33 16 00 00 00 00 00 <3<3...W<3......
13A6:1060 53 55 42 32 20 20 20 20-20 20 20 10 08 23 0A 57 SUB2 ..#.W
13A6:1070 3C 33 3D 33 00 00 0B 57-3C 33 17 00 00 00 00 00 <3=3...W<3......

-l 1000 5 268 8

-d 1000

13A6:1000 2E 20 20 20 20 20 20 20-20 20 20 10 00 23 0A 57 . ..#.W


13A6:1010 3C 33 3C 33 00 00 0B 57-3C 33 17 00 00 00 00 00 <3<3...W<3......
13A6:1020 2E 2E 20 20 20 20 20 20-20 20 20 10 00 23 0A 57 .. ..#.W
13A6:1030 3C 33 3C 33 00 00 0B 57-3C 33 12 00 00 00 00 00 <3<3...W<3......
13A6:1040 53 55 42 33 20 20 20 20-20 20 20 10 08 9A 0E 57 SUB3 ....W
13A6:1050 3C 33 3D 33 00 00 0F 57-3C 33 18 00 00 00 00 00 <3=3...W<3......
13A6:1060 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13A6:1070 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

Also examine the contents of SUB2 directory the . directory has cluster number 0017h
which the cluster number for SUB2 and the .. entry has the cluster number 0012H which
is the cluster number of its parent directory SECOND
Virtual University of Pakistan 38
System Programming Course Code: CS609
Cs609@[Link]

Same can be observed for SUB3, SUB4, SUB5 or any other sub-directory in question.

Cont…
-l 1000 5 270 8

-d 1000

13A6:1000 2E 20 20 20 20 20 20 20-20 20 20 10 00 9A 0E 57 . ....W


13A6:1010 3C 33 3C 33 00 00 0F 57-3C 33 18 00 00 00 00 00 <3<3...W<3......
13A6:1020 2E 2E 20 20 20 20 20 20-20 20 20 10 00 9A 0E 57 .. ....W
13A6:1030 3C 33 3C 33 00 00 0F 57-3C 33 17 00 00 00 00 00 <3<3...W<3......
13A6:1040 53 55 42 34 20 20 20 20-20 20 20 10 08 AF 12 57 SUB4 ....W
13A6:1050 3C 33 3D 33 00 00 13 57-3C 33 19 00 00 00 00 00 <3=3...W<3......
13A6:1060 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13A6:1070 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

-l 1000 5 278 8

-d 1000

13A6:1000 2E 20 20 20 20 20 20 20-20 20 20 10 00 AF 12 57 . ....W


13A6:1010 3C 33 3C 33 00 00 13 57-3C 33 19 00 00 00 00 00 <3<3...W<3......
13A6:1020 2E 2E 20 20 20 20 20 20-20 20 20 10 00 AF 12 57 .. ....W
13A6:1030 3C 33 3C 33 00 00 13 57-3C 33 18 00 00 00 00 00 <3<3...W<3......
13A6:1040 53 55 42 35 20 20 20 20-20 20 20 10 08 0D 17 57 SUB5 ....W
13A6:1050 3C 33 3D 33 00 00 18 57-3C 33 1A 00 00 00 00 00 <3=3...W<3......
13A6:1060 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13A6:1070 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

So this how CD. command gives the current path and CD.. moves to the one higher level
directory.

Virtual University of Pakistan 39

You might also like