I've had a hard disk failure and managed to rescue some data from the disk (1TB) with GNU's ddrescue
. The last 800GB of the disk were perfect, no single error, but in the first 200GB there were almost 14000 errors (badblocks) spread across the area. ddrescue
creates a logfile that describes where the badblocks are.
ddrescue
s command line params:
ddrescue /dev/sdb /dev/sdd /mnt/sdc1/sdb.log -r -1 -f -d -v
The logfile looks like this:
# pos size status
0x00000000 0x1C08CE00 +
0x1C08CE00 0x00000200 -
0x1C08D000 0x011E6800 +
0x1D273800 0x00000200 -
0x1D273A00 0x005EC000 +
0x1D85FA00 0x00000200 -
... ... ...
The plus (+) means contiguous good space, the minus (-) unreadable space; position and size are in hexadecimal. Striping the lines ending in '+' I have a list whith badblock positions, but I need a way to correlate this badblocks to files on the File System, which is, by the way, NTFS.
I know that I can use something like DiskExplorer to do this manually, but it would be the hell with 14000 sectors. So, there is a more or less automatic and elegant way of doing this ?
Best Answer
Since the huge success of this question, I've been left without answers, if there were any. But I continued researching and found an Microsoft utility that dates 1999, called nfi.exe, part of the OEM Support Tools Phase 3 Service Release 2 for Windows NT 4 and 2000. The utility does exactly what I needed, receives a sector and returns a file. But it does that to individual sectors, so I had to created a script to automate the process. It's a Python (2.7+) script that works this way:
It receives as input an ddrescue log file, parses it, calls nfi.exe for each sector in the file and generates a list with the files in alphabetical order.
Example:
Where: sdb.log is ddrescue's log,
\device\harddisk0\dr0 is an NT-style path to the HD (you discover it using an sysinternals tool called WinObj and the Disk Management Utility)
and filelist.txt is the file list you want. It will look like this:
The other arguments on the script are optional and are explained when you run it with -h. By default, the script assumes nfi.exe is in the same dir, if not, use -n pathtonfi.exe.
Finally, here is the link to the script: sector_correlator.py
It's very rudimentary and has no error handling, but does the job.