scudette
commented
1 year ago can you clarify which file in that image can not be read? I just verified that we give the same hash as tsk:
$ ~/projects/go-ntfs/ntfs ls ./raw.ntfs /compress-test
+----------+-----------------------------------------------+----------+--------------------------------+-------+-----------------------------------------+
| MFT ID | FULLPATH | SIZE | MTIME | ISDIR | FILENAME |
+----------+-----------------------------------------------+----------+--------------------------------+-------+-----------------------------------------+
| 50-128-1 | /compress-test/all-zeros.bin | 4194304 | 2023-01-25 20:02:51.4727826 | false | all-zeros.bin |
| | | | +0000 UTC | | |
| 57-128-0 | /compress-test/combofile.bin | 86245376 | 2023-01-26 01:15:04.178488 | false | combofile.bin |
| | | | +0000 UTC | | |
| 51-128-1 | /compress-test/compact-default-settings.bin | 4194304 | 2023-01-25 20:02:51.4727826 | false | compact-default-settings.bin |
| | | | +0000 UTC | | |
$ icat ./raw.ntfs 57 | md5sum
6930d7038a261edcce49665f957e5d80 -
$ ~/projects/go-ntfs/ntfs cat ./raw.ntfs 57 | md5sum
6930d7038a261edcce49665f957e5d80 -
mappu
Hi,
I have an NTFS image that contains a compressed (LZNT1) file. When trying to read its content with go-ntfs, i get the
Decompression error - shift is too largeerror message.7-Zip's ntfs library is successfully able to extract this file from the disk image.
Steps to reproduce:
for i in {1..512} ; do dd if=/dev/zero bs=4K count=10 >> combofile.bin ; dd if=/dev/urandom bs=4K count=10 >> combofile.bincompact.exe /c filename)Here is an affected filesystem: http://ms11.ivysaur.me/pub/raw.ntfs.xz . Try to extract the interior
compresstest/combofile.binfile