Author: markfilipak
Subject: DiskView Export format is... What?
Posted: 01 September 2014 at 2:44am
I can't figure it out. Anybody know the format of the DiskView Export?
Details:
Given the LCN, I need to find its d:\path\filename. For why: See 'Reason', at end.
DiskView obviously knows this when it populates its map. Given d:\path\filename (via an 'Open' dialog) it gives me its LCNs, but not the other way around. The workaround is to hunt and peck at the squares in the map until I stumble upon the right LCN. That's pretty tedious, and it should be unnecessary.
But -- Aha! -- there's an 'Export' function. I might be able to automate a search of the export.
The export function produces a multi-MB file of ...what? I haven't been able to noodle it out. There's a few lines of what look like $MFT followed by an alpha list of all the files followed by a massive # of lines of numbers. For my C: drive, the exported file has 19 636 424 lines. Except for the 1st line following the alpha list (which has a single number), the lines of numbers have this pattern: ^\d+ (-1|\d+) \d+$ .
There were 19 537 040 such lines -- finding & marking them all was quite a stress test for my editor.
Interestingly, the 1st line following the alpha list holds the number 19537040 (which is the number of following lines, to EOF).
9 108 542 lines were ^1073741823 -1 3$ scattered around in tidy blocks.
1 499 809 lines were ^1073741822 -1 3$ similarly scattered about.
There were no other lines of: ^\d+ -1 \d+$ .
There were 8 884 741 lines of: ^\d+ \d+ 0$ .
There were 8 366 lines of: ^\d+ \d+ 1$ .
There were 35 582 lines of: ^\d+ \d+ 2$ .
19537040 - 9108542 - 1499809 - 8884741 - 8366 - 35582 = 0
So the 2nd \d+ can be a number or -1 (flag?) and the 3rd \d+ can be '0' or '1' or '2' or '3' (which must be a flag).
Reason:
DiskMon gives me LCN but not d:\path\filename. I need d:\path\filename because my disk sometimes -- rarely, but when it happens, it happens big-time -- acts like its trashing when it's not trashing. In other words, some running proc is taking the disk out for a run. So far the proc list in Taskman hasn't fingered the culprit. Maybe if I know the d:\path\filename of the target, I'll be able to figure out the "Who?" on my own. ...So, I set up DiskMon in the tray in wait for the disk run and... when it happens I dbl-click the tray icon, freeze the capture, and I have the LCN of the culprit's target. Now all I need do is convert that LCN into a d:\path\filename...
Edited by markfilipak - 1 hour 60 minutes ago at 2:47am
Subject: DiskView Export format is... What?
Posted: 01 September 2014 at 2:44am
I can't figure it out. Anybody know the format of the DiskView Export?
Details:
Given the LCN, I need to find its d:\path\filename. For why: See 'Reason', at end.
DiskView obviously knows this when it populates its map. Given d:\path\filename (via an 'Open' dialog) it gives me its LCNs, but not the other way around. The workaround is to hunt and peck at the squares in the map until I stumble upon the right LCN. That's pretty tedious, and it should be unnecessary.
But -- Aha! -- there's an 'Export' function. I might be able to automate a search of the export.
The export function produces a multi-MB file of ...what? I haven't been able to noodle it out. There's a few lines of what look like $MFT followed by an alpha list of all the files followed by a massive # of lines of numbers. For my C: drive, the exported file has 19 636 424 lines. Except for the 1st line following the alpha list (which has a single number), the lines of numbers have this pattern: ^\d+ (-1|\d+) \d+$ .
There were 19 537 040 such lines -- finding & marking them all was quite a stress test for my editor.
Interestingly, the 1st line following the alpha list holds the number 19537040 (which is the number of following lines, to EOF).
9 108 542 lines were ^1073741823 -1 3$ scattered around in tidy blocks.
1 499 809 lines were ^1073741822 -1 3$ similarly scattered about.
There were no other lines of: ^\d+ -1 \d+$ .
There were 8 884 741 lines of: ^\d+ \d+ 0$ .
There were 8 366 lines of: ^\d+ \d+ 1$ .
There were 35 582 lines of: ^\d+ \d+ 2$ .
19537040 - 9108542 - 1499809 - 8884741 - 8366 - 35582 = 0
So the 2nd \d+ can be a number or -1 (flag?) and the 3rd \d+ can be '0' or '1' or '2' or '3' (which must be a flag).
Reason:
DiskMon gives me LCN but not d:\path\filename. I need d:\path\filename because my disk sometimes -- rarely, but when it happens, it happens big-time -- acts like its trashing when it's not trashing. In other words, some running proc is taking the disk out for a run. So far the proc list in Taskman hasn't fingered the culprit. Maybe if I know the d:\path\filename of the target, I'll be able to figure out the "Who?" on my own. ...So, I set up DiskMon in the tray in wait for the disk run and... when it happens I dbl-click the tray icon, freeze the capture, and I have the LCN of the culprit's target. Now all I need do is convert that LCN into a d:\path\filename...
Edited by markfilipak - 1 hour 60 minutes ago at 2:47am