Improve driveletter selection for windows disks #498
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Schamper
requested changes
Jan 8, 2024
| # "fake" ntfs filesystem is mounted. | ||
| # The precedence for drives is first the drive letter drives (e.g. c:), | ||
| # second the "normally" named drives (e.g. sysvol) and finally the anonymous | ||
| # drives (e.g. /$fs/fs0). | ||
| mount_items = (item for item in target.fs.mounts.items() if hasattr(item[1], "ntfs")) |
There was a problem hiding this comment.
Suggested change
| mount_items = (item for item in target.fs.mounts.items() if hasattr(item[1], "ntfs")) | |
| mount_items = (item for item in target.fs.mounts.items() if item[1].__type__ == "ntfs") |
There was a problem hiding this comment.
This will break dir and tar filesystems with a fake ntfs part though.
If the mft plugin walks the actual NtfsFilesystem (which checks on __type__ == "ntfs"). The paths generated from this will get an anonymous fs mountpoint (e.g. $fs$\fs0), but these paths are not reachable through things like target-shell, as the directory structures etc are not available, just the mft.
There was a problem hiding this comment.
Pff right, forgot about that and thought we'd already fixed that.
Schamper
previously approved these changes
Jan 9, 2024
|
Can you maybe add a note about |
pyrco
force-pushed
the
feature/dis-2912_improve-drive-letter-selection
branch
from
3d9e6c0 to
15fecd0
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #498 +/- ##
==========================================
+ Coverage 74.77% 74.79% +0.01%
==========================================
Files 269 269
Lines 22073 22085 +12
==========================================
+ Hits 16506 16518 +12
Misses 5567 5567
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
pyrco
force-pushed
the
feature/dis-2912_improve-drive-letter-selection
branch
from
15fecd0 to
78130f3
Compare
Schamper
requested changes
Jan 10, 2024
pyrco
force-pushed
the
feature/dis-2912_improve-drive-letter-selection
branch
from
78130f3 to
79061db
Compare
Schamper
requested changes
Jan 11, 2024
As of c97c344 filesystems are always mounted. In the case of "fake" NTFS filesystems, as used by e.g. the dir and tar loaders, this means such a filesystem can be present under up to three different mount points, e.g.: sysvol, C: and $fs$\fs0 When a plugin does not use the root filesystem but the bare ntfs filesystem to parse ntfs specific properties, e.g. the mft plugin, it extends paths with a "driveletter" (read: mountpoint) to construct a path that is reachable from the root filesystem. The old setup always returned the last mount point a drive was mounted under. The new setup changes this to return the first mount point present in the following order: 1. the first mount point with a letter and colon, e.g. C:, 2. the first mount point not starting with $fs$, e.g. sysvol, 3. the first mount point starting with $fs$, e.g. $fs$\fs0.
pyrco
force-pushed
the
feature/dis-2912_improve-drive-letter-selection
branch
from
79061db to
4e03ed0
Compare
Schamper
approved these changes
Jan 11, 2024
Poeloe
pushed a commit
that referenced
this pull request
Feb 29, 2024
As of c97c344 filesystems are always mounted. In the case of "fake" NTFS filesystems, as used by e.g. the dir and tar loaders, this means such a filesystem can be present under up to three different mount points, e.g.: sysvol, C: and $fs$\fs0 When a plugin does not use the root filesystem but the bare ntfs filesystem to parse ntfs specific properties, e.g. the mft plugin, it extends paths with a "driveletter" (read: mountpoint) to construct a path that is reachable from the root filesystem. The old setup always returned the last mount point a drive was mounted under. The new setup changes this to return the first mount point present in the following order: 1. the first mount point with a letter and colon, e.g. C:, 2. the first mount point not starting with $fs$, e.g. sysvol, 3. the first mount point starting with $fs$, e.g. $fs$\fs0.
Zawadidone
pushed a commit
to Zawadidone/dissect.target
that referenced
this pull request
Apr 5, 2024
As of c97c344 filesystems are always mounted. In the case of "fake" NTFS filesystems, as used by e.g. the dir and tar loaders, this means such a filesystem can be present under up to three different mount points, e.g.: sysvol, C: and $fs$\fs0 When a plugin does not use the root filesystem but the bare ntfs filesystem to parse ntfs specific properties, e.g. the mft plugin, it extends paths with a "driveletter" (read: mountpoint) to construct a path that is reachable from the root filesystem. The old setup always returned the last mount point a drive was mounted under. The new setup changes this to return the first mount point present in the following order: 1. the first mount point with a letter and colon, e.g. C:, 2. the first mount point not starting with $fs$, e.g. sysvol, 3. the first mount point starting with $fs$, e.g. $fs$\fs0.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As of c97c344 filesystems are always mounted. In the case of "fake" NTFS filesystems, as used by e.g. the dir and tar loaders, this means such a filesystem can be present under up to three different mount points, e.g.: sysvol, C: and$fs$ \fs0
When a plugin does not use the root filesystem but the bare ntfs filesystem to parse ntfs specific properties, e.g. the mft plugin, it extends paths with a "driveletter" (read: mountpoint) to construct a path that is reachable from the root filesystem.
The old setup always returned the last mount point a drive was mounted under. The new setup changes this to return the first mount point present in the following order: