Search code examples
filesystemsfatfat16

How to traverse a FAT directory, file


I am trying to understand how a FAT file system works. From the attached first sector of FAT 16 partition I could understand,

  1. Bytes per sector = 512.
  2. Sectors per cluster = 4.
  3. FAT 16 file system.
  4. reserved sectors = 4.
  5. FAT table count = 2.
  6. Number of entries in root directory = 512.
  7. Total sectors = 204800.
  8. Root dir sector = 32.
  9. Size of FAT table = 200.
  10. First data sector = 436 (4 + 2 * 200 + 32).
  11. Cluster count = 51091.

First sector of FAT partition

Root directory is at 404th sector (0x32800th byte)

Root directory

Root directory at address 0x32800 is attached. The root directory has two folders named a, b and one file named file.txt. In the given image above how to distinguish between file and folder.

Doubts listed below: 1. A folder entry should start with a 0x2E but there is no such value. So how to find out whether a given entry is a file or folder? 2. As you can see each entry in the root directory occupies 64 bytes (instead of 32 bytes). There seems to be 2 32byte entries for each file and folder. For example, folder 'a' has entries at 0x32800 and 0x32820 (totally 64bytes). 3. What does the value 0x41 denote in this context? The value 0x41 appears at 0x32800, 0x32820, 0x32840, 0x32880. The values at 0x32860 and 0x328A0 are different from 0x41. 4. The offset 0x1A from address 0x32800 (0x32800 + 0x1a = 0x3281a) has value 0, offset 0x1A from address 0x32820 (0x32820 + 0x1a = 0x3283a) has value 3. Which is the correct cluster number corresponding to folder 'a'?


Solution

  • No, folder entries do NOT start with "." (0x2E) unless they are for the . and .. entries of subdirectories (these aren't in the root). The dirent's attributes byte has the 0x10 bit set if the dirent is a directory.

    You are also looking at a directory that has long file names. The original FAT file system specification only allowed 11 character names that were all upper case and were in the OEM codepage. Windows 95 extended this. It's pretty complicated to explain on stackoverflow how this works. I suggest looking at the MSDN documentation for LFN or Long File Names.

    http://technet.microsoft.com/en-us/library/cc938438.aspx