Quote:
Originally Posted by fedora.linux.64
I got lost with the process that we just did if sometime you could explain what we did for each step please?
|
Sure:
Information about the VMDK:
Code:
VMDK_IMG="/path/to/Win.Xp.Pro-0.vmdk"; DD_IMG="/other/path/to/${VMDK_IMG//.vmdk/.img}";
vmware-mount.pl -p "${VMDK_IMG}"
qemu-img info -f vmdk "${VMDK_IMG}"
Getting information about items you work with is crucial. Without information you'll be working blindly, or worse:
guessing about things. Running 'qemu-img' will tell you which VMDK is the
backing file (actual used image) for the VMDK. 'vmware-mount.pl -p' prints the
partition table.
Loop-mount VMDK partition 5 (ext3fs example, NTFS example) to get access to its contents:
Code:
mkdir /mnt/rescue0;
vmware-mount.pl "${VMDK_IMG}" 5 -t ext3 -o ro,norecovery,noload /mnt/rescue0;
mkdir /mnt/rescue1;
vmware-mount.pl "${VMDK_IMG}" 5 -t ntfs-3g -o ro /mnt/rescue1;
If this works then partition 5 will be accessible read-only at the next Network Block device (/dev/nb[0-255]) for fsck, backup or whatever else disk ops. If this fails then adding the VMDK to another VM guest could be an option if after booting that guest, and mounting the VMDK read-only, you can access disk contents. (Note that on adding the disk to another VM guest you can set disk write options in the VMware UI. Note with "-t ext3" the "norecovery,noloadprohibit" mount options should prohibit replaying and loading the journal, but this is in no way forensically sound. For that you would have to hash the disk image (md5deep -r; sha1sum) to compare after ops, ensure the disk image is read-only (chattr =i; chmod 0444) and capture any writing operations (auditd, loggedfs).)
Convert a VMDK back to a disk representation:
Code:
qemu-img convert -f vmdk -O raw "${VMDK_IMG}" "${DD_IMG}"
Information about the disk:
Code:
file "${DD_IMG}"; fdisk -l "${DD_IMG}"; disktype "${DD_IMG}"
Mount the whole disk so we can access partitions individually:
Code:
losetup /dev/loop0 "${DD_IMG}"
(substitute "loop0" if necessary).
See partitions that are going to be added, then add them (will appear in /dev/mapper/):
Code:
kpartx -l /dev/loop0; kpartx -a /dev/loop0
Now 'dmsetup status' should show any loop0p* devices.
Per-partition information:
Code:
disktype /dev/mapper/loop0p*
Get MFT information from the NTFS partition:
Code:
ntfsinfo -vfm /dev/mapper/loop1p5
Mount the NTFS partition readonly:
Code:
mkdir /mnt/rescue2; ntfs-3g /dev/mapper/loop1p5 /mnt/rescue2 -o force,ro
Quote:
Originally Posted by fedora.linux.64
how to mount my virtual disks from my fedora host with vmware-mount
|
See above.
