CN111258666B - Method and device for reading computer file, computer system and storage medium - Google Patents
Method and device for reading computer file, computer system and storage medium Download PDFInfo
- Publication number
- CN111258666B CN111258666B CN202010075338.9A CN202010075338A CN111258666B CN 111258666 B CN111258666 B CN 111258666B CN 202010075338 A CN202010075338 A CN 202010075338A CN 111258666 B CN111258666 B CN 111258666B
- Authority
- CN
- China
- Prior art keywords
- file
- starting
- partition
- computer
- gpt
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4406—Loading of operating system
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The invention provides a method, a device, a computer system and a storage medium for reading a computer file, wherein the method for reading the computer file comprises the following steps: the method comprises the steps of manufacturing a GPT partition starting file of a windows system, wherein the GPT partition starting file is used for guiding the starting of a GPT partition in a Linux system; providing a storage file; and starting a windows system in the FAT32 starting partition according to the GPT partition starting file, starting a Linux system according to configuration information in the started configuration file, and reading the storage file in the Linux system. The invention starts the system by using the GPT partition starting mode of the Windows system, and then the system starting control right is handed over to the Linux system after the system is started, so that the Linux system is started under the GPT partition, and the reading of the storage file under the Linux system is realized.
Description
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a method and apparatus for reading a computer file, a computer system, and a storage medium.
Background
In the technical field of computers, the method often involves the reading of files, especially in virtual machines in the process of computer evidence collection, wherein the real simulation of a Linux system is an important link in the evidence collection field, and the method is widely used in GPT partitions at will, so that the method has important meaning for the real simulation of the materials of the cases. However, because the starting support of the Linux system under the GPT partition is not perfect, the condition that the Linux system cannot be successfully started can occur in the simulation process, and the development of work is affected. Therefore, there is a need to provide a method for a Linux system in a GPT partition to start normally on a virtual machine.
Disclosure of Invention
The invention aims to provide a method and a device for reading a computer file, a computer system and a storage medium, so as to provide a method for starting a Linux system in a GPT partition.
In order to achieve the above object, the present invention provides a method for reading a computer file, comprising the steps of:
generating a GPT partition starting file of a windows system, wherein the GPT partition starting file is used for guiding the starting of a GPT partition in a Linux system;
obtaining a storage file, making an image file of the storage file, and carrying out snapshot processing on the image file to form a snapshot file;
and starting a windows system in the FAT32 starting partition according to the GPT partition starting file, starting a Linux system according to the configuration information in the started configuration file, and reading the image file in the Linux system.
Further, the GPT partition starting file comprises an operating system module, a file system module and a partition starting module.
Further, the storage file is an image file, and snapshot processing is performed on the image file to form a snapshot file.
Further, when snapshot processing is performed, a snapshot technology under a virtual machine framework is adopted to process the image file to form a snapshot file.
Further, when the GPT partition starting file is manufactured, the GPT partition starting file is generated through a grub-mkimage. Exe program.
Further, when the Linux system is started, the main program installed in the starting area is executed first, and then the configuration file and the environment parameter file are loaded.
Further, the method for reading the computer file is used for computer evidence collection.
In order to achieve the above object, the present invention provides a device for reading a computer file, including a partition forming module, a storage file and a starting module, where the partition forming module is used to make a GPT partition starting file of a windows system, the GPT partition starting file is used to guide the starting of a GPT partition in a Linux system, the storage file is used to make an image file, and snapshot processing is performed on the image file to form a snapshot file, and the starting module is used to start the windows system in a FAT32 starting partition according to the GPT partition starting file, then start the Linux system according to configuration information in the starting configuration file, and read the storage file in the Linux system.
In order to achieve the above object, the present invention also provides a computer system comprising a plurality of computer devices, each computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processors of the plurality of computer devices together implementing the steps of the aforementioned method when executing the computer program.
In order to achieve the above object, the present invention also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the aforementioned method.
By adopting the technical scheme, the invention has the following beneficial effects compared with the prior art:
the method, the device, the computer system and the storage medium for reading the computer file firstly start the system by utilizing the GPT partition starting mode of the Windows system, and then the system starting control right is handed over to the Linux system after the system is started, so that the Linux system is started under the GPT partition, the storage file is made into an image file and forms a snapshot file, and the reading of the storage file under the Linux system is realized.
Drawings
FIG. 1 is a flow chart of a method for reading a computer file according to the present invention;
FIG. 2 is a diagram showing a structure of a directory constructed by the method for reading a computer file according to the present invention at the time of startup;
FIG. 3 is a block diagram showing a computer file reading apparatus according to the present invention;
FIG. 4 is a hardware architecture diagram of one embodiment of a computer device of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1
As shown in FIG. 1, in step S10, first, a GPT (GUID partition table, globally unique identification partition table) partition start file of a windows system, such as a bootx64.Efi file, can be generated in a computer system, so that other valid efi files can be loaded and started by the computer, where the GPT partition start file is used to guide the start of a GPT partition under a Linux system, in addition to meeting the start of the GPT partition of the windows system, where the GPT partition start file may integrate many module characteristics, including: an operating system module, a file system module, a partition starting module, etc.
GPT partition is a standard for the structural layout of a partition table of a physical hard disk, which is a part of the extensible firmware interface (UEFI) standard, and is used to replace a Master Boot Record (MBR) partition table in a BIOS system, which uses 32bits to store logical block addresses and partition size information, and uses 64bits to record logical block addresses, so that larger hard disk space can be supported. The GPT partition format contains a conventional MBR (master boot record), partition header, partition table, backup partition header, backup partition table, and data area. In terms of compatibility and security, the GPT partition format reserves a conventional MBR, located at LBA0 (first logical sector), for preventing hard disk management software that does not support GPT from erroneously identifying and destroying hard disk data, in which MBR only one partition marked with 0xEE indicates that the hard disk uses the GPT partition format. Software that does not support the GPT partition format will identify partitions of unknown type; software supporting the GPT partition format can correctly identify the GPT partition disk.
GPT partitioning is a disk partitioning architecture used by the extensible firmware interface (EFI, extensible Firmware Interface) and has a number of advantages over the Master Boot Record (MBR) partitioning approach because it allows up to 128 partitions per disk, supports volume sizes of up to 18 gigabytes, allows the use of master and backup disk partition tables for redundancy, and also supports unique disk and partition IDs (GUIDs). In contrast to the Master Boot Record (MBR) disk partition style that supports a maximum volume of 2TB (terabytes) and a maximum of 4 main partitions (or 3 main partitions, 1 extended partition and unlimited logical drives) per disk, the GUID Partition Table (GPT) disk partition style supports a maximum volume of 18EB (exebs) and a maximum of 128 partitions per disk. Unlike the disks of an MBR partition, vital platform operating data is located in the partition, rather than in a non-partitioned or hidden sector. In addition, GPT partition disks have redundant primary and backup partition tables to improve the integrity of the partition data structure. On the "volume" tab in the disk properties dialog in "disk management", the disk with the GPT partition style is displayed as a GUID Partition Table (GPT) disk, and the disk with the MBR partition style is displayed as a Master Boot Record (MBR) disk.
The EFI can be a miniaturized system constructed by modularized high-level language (mainly C language), and after the EFI is upgraded and changed into UEFI, and like BIOS, the EFI mainly completes hardware initialization in the starting process, but directly utilizes the mode of loading EFI drive to identify system hardware and complete hardware initialization, and thoroughly abandons reading various interrupt execution. The EFI driver is not directly code facing the CPU, but is written by EFI byte codes, which are virtual machine instructions dedicated to EFI, and need to be interpreted and run under the EFI driver running environment DXE, so that EFI can realize wild-card and provide good compatibility. In addition, EFI is completely 32-bit or 64-bit, and the 16-bit real mode is abandoned, so that the maximum addressing of the processor can be realized in EFI, and therefore, any information can be stored in any memory address. In addition, since the driving development of the EFI is very simple, the driving model based on the EFI can basically make the EFI contact all hardware functions, and the file reading and writing on the EFI are completely possible. The CMOS setup program on the BIOS is executed as one EFI program on the EFI, the hardware setup is the hardware setup program, and the boot management is the other program, keeping the CMOS is the other program, although they are together on the form Shell.
Both EFI and UEFI must be composed of the necessary parts such as a preloading environment, a driving execution environment, a driving program, etc., and in order to support part of old devices (such as a traditional MBR hard disk mounted on the UEFI, a display card which does not support the initiation of the UEFI still supports operation under the UEFI, etc.), a CSM compatibility support module, EFI or UEFI is required to support only the GPT disk boot system.
EFI is functionally equivalent to a lightweight OS, but EFI is located in a position insufficient to be a professional OS at the time of manufacture, first, it is simply an interface between hardware and operating system; secondly, EFI does not provide interrupt access mechanism, EFI has to check and interpret hardware in a polling mode, which is lower than the execution efficiency of drive under OS, and finally EFI has only a simple memory management mechanism, and in segment protection mode, only segments memory, all programs can access any segment position, and no real protection service is provided. With EFI, a brand new GUID disk partition system (GPT) is introduced and supported, the traditional MBR disk only has 4 main partitions, only when the number of the main partitions is less than 4, an expansion partition can be established, then logical partitions recognized by the system are established on the expansion partition, the number of the logical partitions is too large, the system start is seriously affected by too many logical partitions, the MBR hard disk partition only supports 2T capacity at maximum, and the method is wasteful for the existing large-capacity hard disk. GPT supports any number of partitions, each of which is in principle unlimited in size, but in practice is not limited by the OS's specifications, but is a very important advance over the 2T limit of MBR. The partition type of the GPT is uniquely specified by the GUID table, and is substantially unlikely to be duplicated, and the EFI system partition therein can be accessed by EFI for accessing part of the driver and application, although this would in principle render the EFI system partition unsafe, typically some "edge" data is placed here, which, even if corrupted, would not generally have serious consequences, and would simply be restored back.
The GPT partition initiation file may be formed by a generation tool, such as using a grub-mkimage. Exe program, and may be in a command line manner, where the command format is as follows:
grub-mkimage-o bootx64.efi-p/efi/boot-O x86_64-efi fat iso9660 part_gpt part_msdos normal boot linux linux16 configfile loopback chain efifwsetup efi_gop efi_uga ls search search_label search_fs_uuid search_fs_file exfat ext2 ntfs btrfs hfsplus udf
with the above command, a bootx64.Efi file can be generated for system startup.
The grub-mkimage program can be used for generating the file core.img structure, namely diskboot.img firstly, a decompression program lzma_decompensation.img, a kernel.img secondly and finally an image corresponding to each module. After the computer is started, the files are loaded, firstly, the boot. Img of the first sector is read, a starting sector of the whole core. Img is necessarily stored somewhere at the file, then, firstly, a sector such as diskboot. Img is read from the starting sector, the tail of the image is stored with the length of the subsequent image, the data are read according to the length, the head of the data such as lzma_uncompress. Img image is stored with parameters of compression, such as the size of the compressed file, and the size of the decompressed file, the subsequent data are decompressed according to the parameters, so that the image starting address of the kernel. Img and each module are obtained, and finally, the entry function of the kernel. Img is entered for continuous execution.
The initiation of the UEFI may be/EFI/Boot 64.EFI, and then the process is handed to EFI by the UEFI, and may be generated using grub-mkimage commands, where a built-in configuration file is required in EFI, a configuration file similar to grub's grldr file is required, and an externally-directed cfg configuration file in a designated configuration file is required.
The GPT partition mode is more powerful and stable than the MBR partition mode, if the partition of the hard disk is the GPT mode or the MBR mode, the fdisk command (sudo fdisk-l) or the shared command (sudo shared-l) can be executed in the terminal operation under the Linux system environment, and the partition mode can be seen in the disklabel.
In this embodiment, since the dual system needs to be run, the GPT partition start file needs to integrate many module characteristics, and the GPT partition start file includes an operating system module, a file system module, and a partition start module, which may be formed by corresponding program tools, where the operating system module uses event triggers, and all objects capable of triggering events are instances of EventEmitter class, where the objects have an eventemitter.on () function for binding one or more functions to a named event; the file system module is an operation module of files and folders, and is mainly used for operating the two parts, wherein one part is a folder, and the other part is a file; the partition starting module can load the hardware information of the BIOS and perform self-checking, and can read and execute the boot partition in the first starting device according to the setting.
In step S20, a storage file is obtained in the computer system, an image file of the storage file is produced, the image file is subjected to snapshot processing to form a snapshot file, the storage file is obtained by copying, downloading, generating through software and the like, the storage file comprises pictures, audio files, video files, application program files, documents and the like, the storage file is also an object to be obtained, the storage file can be in any file format, corresponding data is recorded, in order to ensure the integrity of the obtained image file, the original obtained image file is subjected to snapshot processing at the initial stage of simulation, the modified content is recorded in the snapshot file, the snapshot file can be usually stored on a disk, a snapshot technology under a virtual machine (VMware) framework can be adopted, the snapshot processing is carried out on the image file to form a snapshot file, a system of the snapshot file adopts a GPT partition, the starting partition adopts a FAT32 format, the FAT32 format has good compatibility, almost all operating systems can be dealt with, and the quick read-write operation is carried out without setting security authority.
In order to perform simulated electronic evidence collection, in general, data acquisition is implemented through image (image), and an image file is an effective way to protect evidence and extract evidence, which is an important link in data evidence collection, that is, a storage file is an image file. The mirror image file copies the original data bit by bit so as to generate mirror image data completely consistent with the original data, and the mirror image file can be used for evidence of analysis in a simulation environment. The format of the image file can be divided into an original format and a proprietary format, wherein the original format refers to a format which is duplicated in a counterpoint mode according to the original position of a disk and is not compressed, such as DD format; proprietary formats are mirror formats owned by specialized mirror tools, including E01, ex01, X-Ways Forensics CTR, and so on. Creating an image file can select a source disc to be imaged; then selecting a mirror image format, a processing path and inputting related information; after the mirror image is finished, the generated mirror image is automatically checked, and the check is performed by verifying whether the hash value generated by the new mirror image is identical to the file hash value of the source disk, and when the hash value is identical, the generated mirror image file can be proved to be identical to the source file.
The purpose of snapshot technology includes the ability to record and save data information at a point in time, and if some failure later occurs and data recovery is required, the data can be recovered to the state at the previous point in time by the snapshot file, and the data after the point in time is lost. The purpose of the snapshot technique is to be able to recover to the previous one when a system error occurs, while the purpose of the mirror technique is to ensure data redundancy, and to recover quickly when a data source fails. If the user deletes a certain file by mistake, the user can reply if the user makes a snapshot before; if the user does the mirror image, the file under the mirror image file is lost and cannot be recovered. Conversely, if the user's target data source is corrupted and all data is lost, then the snapshot can only be restored to the most recent snapshot. The latest modified data can be lost, and the mirror image can quickly recover all the data, so that the continuity of the service is ensured. The snapshot file formed by the quick processing of the image file confirms that the data can be safely processed.
As shown in fig. 2, a directory structure is constructed during startup, where EFI, BOOT and centos correspond to corresponding file names, the bootx64.EFI is a windows system startup file, the grobx 64.EFI is a Linux system startup file, and grob1. Cfg and grob2. Cfg are configuration files, a windows system GPT partition startup mode may be constructed in a FAT32 partition, an added windows system GPT startup file a is in a directory of the startup file, in step S30, the windows system may be started according to the GPT partition startup file in a FAT32 startup partition in the computer system, that is, the windows system is started first by a virtual machine startup (bootx 64.EFI file), and then the Linux system is started according to configuration information of the startup configuration file, that is, after startup, the Linux system of the GPT partition is started according to configuration information in the grob1. Cfg configuration file, where the configuration information of the grob1. Cfg points to the following configuration file is applied to the GPT partition, in the FAT32 partition may be automatically tried to generate a specific operation file corresponding to the following operation of the Linux system by detecting the following operation of the corresponding menu file/the corresponding to the corresponding operation of the Linux system in the following 32 partition/the running partition, and the method is tried to be 64:
set timeout=3
hiddenmenu
menuentry'CentOS'{
chainloader/efi/centos/grubx64.efi
}
after the operation is executed, the simulation is carried out to enter a Linux system, so that the system can be used for computer evidence collection, can be configured at the moment, and can complete evidence collection in a mirrored storage file.
In the starting process of the Linux system, after the information is pre-read, the MBR of the first starting device reads the boot loader, the boot loader can have the functions of menu selection, direct loading of core files, control right transfer and the like, and the core of the operating system is the fact that the loader is needed to be loaded by the system. The Linux system divides the program code execution and the configuration value loading of the boot loader into two stages (stages) for execution, wherein the first stage is to execute the main program of the boot loader, and the main program must be installed in the boot area, namely, the main program installed in the boot area, that is, the MBR or the boot sector, usually only the minimum main program of the boot loader is installed, and no relevant configuration file of the loader is installed; the second stage is to load all configuration files and related environmental parameter files (including file system definition and main configuration file grub1. Cfg) through boot loader, and generally, the configuration files are under/boot.
For a system partition to be a partition that directs the inclusion of hardware specific files required to load a Windows system (or Linux system) (e.g., ntldr, boot. Ini, ntdetect. Com), such as a GPT partition, the system partition may (but need not) be the same as the boot partition. The boot partition refers to a partition that includes an operating system and its supporting files, such as a FAT32 partition. That is, the system partition is a partition (also called a boot partition) that stores various boot files, and the boot partition is a partition that stores a Windows system directory (or a Linux system directory). For example, in a Windows 7 system, the partition storing the Bootmgr file and boot directory is a system partition, and the boot partition is a partition storing the Windows directory. For general system users, the system partition is generally the boot partition, because the boot file and the Windows directory are both in the same location, in this scheme the system partition and the boot partition may not be in the same location. The Java version, installation directory, operating system, etc. information may be obtained through a system in Java class.
Example two
As shown in fig. 3, a reading device 10 for a computer file in this embodiment is shown, which can run in a computer system and a corresponding machine device thereof, and includes a partition forming module 11, a storage file 12 and a starting module 13, where the partition forming module 11 is used to make a GPT partition starting file of a windows system, the GPT partition starting file is used to guide the starting of a GPT partition under the Linux system, the storage file 12 is used to make an image file, and perform snapshot processing on the image file to form a snapshot file, and the starting module 13 is used to start the windows system according to the GPT partition starting file in a FAT32 starting partition, then start the Linux system according to configuration information in the started configuration file, and read the storage file in the Linux system.
In the partition forming module 11, that is, when the GPT partition start file is created, the GPT partition start file may be generated by a grub-mkimage. Exe program, and the operating system may be booted by two modes of direct-boot (direct-load) and chain-boot (chain-load), the operating system written in the default configuration file may be booted by direct-boot directly through the default boot loader, and the chain-boot uses the default boot loader to chain-boot another boot loader, which will boot the corresponding operating system.
In this embodiment, the system may further include a snapshot module, where the snapshot module is configured to form the storage file 12 into a snapshot file, and snapshot technologies adopted by the snapshot module may include three major categories, that is, mirror separation (split minor), changed block, and concurrency (concurrency), where the latter two technologies are usually used in implementation, that is, pointer remapping (pointer remapping) and copy on write (copy on write) technologies, and flexibility in a changed block mode and efficiency in using storage space. The reading device of the computer file can create a snapshot file for the image file with the APFS file system under the VMwareWorkstation Pro framework, that is, snapshot processing is performed on the image file to form the snapshot file.
Image separation creates a data image before the instant copy, and when a complete image is available for replication, the instant copy can be created by instantaneously "separating" the image. Changing a block is after the snapshot is created successfully, the source and destination share the same copy of the physical data until a write operation of the data occurs, at which point the source or destination will be written to a new storage space, the shared data unit may be a block, sector, or other level of granularity, and in order to record and track the changing and copying information of the block, a bitmap (bitmap) is required to determine the location of the actual copied data, and to determine whether the data is to be retrieved from the source or destination. Concurrency is very similar to changing blocks, but it always physically copies data, when the copy-on-time is performed, no data is copied, it creates a bitmap to record the copy of the data, and makes a real physical copy of the data in the background.
In this embodiment, the storage file 12 may be in any file format, corresponding data is recorded, the storage file 12 includes a picture, an audio file, a video file, a document, or the like, which is also an object to be obtained, and is generally made into an image file, and snapshot processing is performed, and a snapshot file is created under the VMware architecture, so that modified contents may be recorded in the formed snapshot file. The evidence collection work can be completed by simulation after the Linux system is started.
Because of the need to run dual systems, the GPT partition start file includes an operating system module, a file system module and a partition start module, the operating system module adopts event triggers, all objects capable of triggering events are instances of eventEmitter class, and the objects have eventEmitter.on () function for binding one or more functions to named events; the file system module is an operation module of files and folders, and is mainly used for operating the two parts, wherein one part is a folder, and the other part is a file; the partition starting module can load the hardware information of the BIOS and perform self-checking, and can read and execute the boot partition in the first starting device according to the setting.
The apparatus embodiments described above are merely illustrative, wherein elements illustrated as separate elements may or may not be physically separate, and elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over at least two network elements. Some or all of the modules may be selected according to actual needs to achieve the purposes of the embodiments of the present application. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
Example III
The present embodiment also provides a computer system, as shown in fig. 4, where the computer system includes a plurality of computer devices 20, and in the second embodiment, the components of the multithreaded calling device may be distributed in different computer devices 20, and the computer devices 20 may be a smart phone, a tablet computer, a notebook computer, a desktop computer, a rack server, a blade server, a tower server, or a rack server (including a stand-alone server, or a server cluster formed by a plurality of servers) for executing a program, and so on. The computer device 20 of the present embodiment includes at least, but is not limited to: a memory 21, a processor 22, which may be communicatively coupled to each other via a system bus. It should be noted that FIG. 4 only shows computer device 20 having components 21-22, but it should be understood that not all of the illustrated components are required to be implemented and that more or fewer components may be implemented instead. The computer system in this embodiment refers to the hardware portion of the associated computer device that becomes the complete set of system, and in other embodiments refers to the software portion corresponding to the operating system of the computer.
In the present embodiment, the memory 21 (i.e., readable storage medium) includes a flash memory, a hard disk, a multimedia card, a card memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, and the like. In some embodiments, the memory 21 may be an internal storage unit of the computer device 100, such as a hard disk or a memory of the computer device 20. In other embodiments, the memory 21 may also be an external storage device of the computer device 20, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the computer device 20. Of course, the memory 21 may also include both internal storage units of the computer device 20 and external storage devices. In this embodiment, the memory 21 is generally used for storing an operating system and various application software installed in a computer system device, for example, a reading device of a computer file in the second embodiment. Further, the memory 21 may be used to temporarily store various types of data that have been output or are to be output.
The processor 22 may be a central processing unit (Central Processing Unit, CPU), controller, microcontroller, microprocessor, or other data processing chip in some embodiments. The processor 22 is generally used to control the overall operation of the computer device 20. In this embodiment, the processor 22 is configured to execute program codes or process data stored in the memory 21. The method for reading a computer file according to the first embodiment is implemented when the processors 22 of the plurality of computer devices 20 of the computer system execute the computer program together.
From the above description of embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus a general purpose hardware platform, or may be implemented by hardware. Those skilled in the art will appreciate that all or part of the processes implementing the methods of the above embodiments may be implemented by a computer program for instructing relevant hardware, where the program may be stored in a computer readable storage medium, and where the program may include processes implementing the embodiments of the methods described above.
Example IV
The present embodiment also provides a computer-readable storage medium such as a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, a server, an App application store, etc., on which a computer program is stored, which when executed by a processor, performs the corresponding functions. The computer-readable storage medium of the present embodiment stores the reading apparatus 10 of the computer file of the second embodiment, and when executed by the processor, implements the reading method of the computer file of the first embodiment.
At present, the virtual machine (VMware) cannot support the starting of GPT partition Linux well, so that the simulation cannot be performed on the GPT partition Linux, and the simulation failure can be caused. By adopting the starting mode of the GPT partition of the windows system, after the system is started, the starting control right is handed over to the GPT partition control program of the Linux system, and finally the starting is finished, so that the Linux system which completes the GPT partition is smoothly started under the condition that no processing is needed, and the content of the storage file can be read under the environment of the Linux system.
The method, the device, the computer system and the storage medium for reading the computer file firstly start the system by utilizing the GPT partition starting mode of the Windows system, and then the system starting control right is handed over to the Linux system after the system is started, so that the Linux system is started under the GPT partition, the storage file is made into an image file and forms a snapshot file, and the reading of the storage file under the Linux system is realized.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment.
The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.
Claims (10)
1. A method for reading a computer file, comprising the steps of:
generating a GPT partition starting file of a windows system, wherein the GPT partition starting file is used for guiding the starting of a GPT partition in a Linux system;
obtaining a storage file, making an image file of the storage file, and carrying out snapshot processing on the image file to form a snapshot file;
starting a windows system in the FAT32 starting partition according to the GPT partition starting file, starting a Linux system according to configuration information in the started configuration file, and reading the mirror image file in the Linux system;
the step of starting the Linux system according to the configuration information in the started configuration file comprises the following steps:
starting a Linux system of the GPT partition according to the configuration information in the grub1.Cfg configuration file, wherein the configuration information of the grub1.Cfg under the BOOT directory is used for pointing to a starting file of the Linux system of the GPT partition; the grub1.Cfg configuration file is a configuration file of a windows system starting file.
2. The method of claim 1, wherein the GPT partition initiation file comprises an operating system module, a file system module, and a partition initiation module.
3. The method of reading a computer file according to claim 1 or 2, wherein the storage file includes a picture, an audio file, a video file, an application file, and a document.
4. A method for reading a computer file according to claim 3, wherein when performing snapshot processing, the image file is processed to form a snapshot file by using a snapshot technology under a virtual machine framework.
5. The method for reading a computer file according to claim 1 or 2, wherein the GPT partition start file is generated by a grub-mkimage exe program when the GPT partition start file is created.
6. The method for reading a computer file according to claim 1 or 2, wherein when the Linux system is started, a main program installed in a start area is executed first, and then a configuration file and an environment parameter file are loaded.
7. The method for reading a computer file according to claim 1 or 2, wherein the method for reading a computer file is used for computer evidence collection.
8. A reading device for a computer file, the reading device for a computer file comprising:
the partition forming module is used for manufacturing a GPT partition starting file of the windows system, and the GPT partition starting file is used for guiding the starting of a GPT partition in the Linux system;
the storage file is used for making an image file, and carrying out snapshot processing on the image file to form a snapshot file;
the starting module is used for starting a windows system in the FAT32 starting partition according to the GPT partition starting file, starting a Linux system according to configuration information in the started configuration file, and reading the storage file in the Linux system; the step of starting the Linux system according to the configuration information in the started configuration file comprises the following steps: starting a Linux system of the GPT partition according to the configuration information in the grub1.Cfg configuration file, wherein the configuration information of the grub1.Cfg under the BOOT directory is used for pointing to a starting file of the Linux system of the GPT partition; the grub1.Cfg configuration file is a configuration file of a windows system starting file.
9. A computer system comprising a plurality of computer devices, each computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processors of the plurality of computer devices collectively implement the steps of the method of any one of claims 1 to 7 when the computer program is executed.
10. A computer readable storage medium having stored thereon a computer program, characterized in that the computer program stored on the storage medium, when executed by a processor, implements the steps of the method according to any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010075338.9A CN111258666B (en) | 2020-01-22 | 2020-01-22 | Method and device for reading computer file, computer system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010075338.9A CN111258666B (en) | 2020-01-22 | 2020-01-22 | Method and device for reading computer file, computer system and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111258666A CN111258666A (en) | 2020-06-09 |
| CN111258666B true CN111258666B (en) | 2023-07-04 |
Family
ID=70949181
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010075338.9A Active CN111258666B (en) | 2020-01-22 | 2020-01-22 | Method and device for reading computer file, computer system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111258666B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112130930B (en) * | 2020-09-23 | 2023-08-22 | 平安科技(深圳)有限公司 | Mirror image system generation method, device, equipment and medium |
| CN112416467A (en) * | 2020-12-10 | 2021-02-26 | 上海维宏电子科技股份有限公司 | Control system, method, device, processor and computer readable storage medium for realizing rapid starting and initialization of numerical control system |
| CN113254089B (en) * | 2021-06-04 | 2021-10-29 | 深圳市科力锐科技有限公司 | System boot method correction method, device, equipment and storage medium |
| CN114063913A (en) * | 2021-11-03 | 2022-02-18 | 东风汽车集团股份有限公司 | EMMC partition storage method and structure |
| CN114816542A (en) * | 2022-04-07 | 2022-07-29 | 联想开天科技有限公司 | System starting method and device |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5930831A (en) * | 1995-02-23 | 1999-07-27 | Powerquest Corporation | Partition manipulation architecture supporting multiple file systems |
| CN101957769A (en) * | 2010-09-27 | 2011-01-26 | 浙江大学 | MID (Mobile Internet Device) multiple operating system parallelizing method |
| CN102591691A (en) * | 2011-12-31 | 2012-07-18 | 曙光信息产业股份有限公司 | Hard disc starting method and operation system starting and loading method based on basic input/output system (BIOS) |
| CN102955706A (en) * | 2011-08-30 | 2013-03-06 | 比亚迪股份有限公司 | Installing method and boot loading method for dual operation system |
| CN103777981A (en) * | 2014-01-13 | 2014-05-07 | 中南大学 | Multi-operation-system remote loading implementation method suitable for X86 framework |
| CN108287733A (en) * | 2017-12-19 | 2018-07-17 | 广东睿江云计算股份有限公司 | A kind of virtual machine load startup method |
| CN108647034A (en) * | 2018-04-09 | 2018-10-12 | 南京百敖软件有限公司 | A kind of method that list mobile hard disk installs multiple operating systems |
| CN108804034A (en) * | 2018-05-22 | 2018-11-13 | 无锡辰云科技股份有限公司 | A kind of cloud terminal processing method and system based on read and write abruption |
-
2020
- 2020-01-22 CN CN202010075338.9A patent/CN111258666B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5930831A (en) * | 1995-02-23 | 1999-07-27 | Powerquest Corporation | Partition manipulation architecture supporting multiple file systems |
| CN101957769A (en) * | 2010-09-27 | 2011-01-26 | 浙江大学 | MID (Mobile Internet Device) multiple operating system parallelizing method |
| CN102955706A (en) * | 2011-08-30 | 2013-03-06 | 比亚迪股份有限公司 | Installing method and boot loading method for dual operation system |
| CN102591691A (en) * | 2011-12-31 | 2012-07-18 | 曙光信息产业股份有限公司 | Hard disc starting method and operation system starting and loading method based on basic input/output system (BIOS) |
| CN103777981A (en) * | 2014-01-13 | 2014-05-07 | 中南大学 | Multi-operation-system remote loading implementation method suitable for X86 framework |
| CN108287733A (en) * | 2017-12-19 | 2018-07-17 | 广东睿江云计算股份有限公司 | A kind of virtual machine load startup method |
| CN108647034A (en) * | 2018-04-09 | 2018-10-12 | 南京百敖软件有限公司 | A kind of method that list mobile hard disk installs multiple operating systems |
| CN108804034A (en) * | 2018-05-22 | 2018-11-13 | 无锡辰云科技股份有限公司 | A kind of cloud terminal processing method and system based on read and write abruption |
Non-Patent Citations (2)
| Title |
|---|
| Brian D. Carrier.Volume analysis of disk spanning logical volumes.Digital Investigation.2005,第2卷(第2期),全文. * |
| 郭金龙 ; 刘珍珍 ; .UEFI系统启动过程与设置研究.福建电脑.2017,(第04期),1-10. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111258666A (en) | 2020-06-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111258666B (en) | Method and device for reading computer file, computer system and storage medium | |
| US8112464B2 (en) | On-demand access to container file directories | |
| US10296423B2 (en) | System and method for live virtual incremental restoring of data from cloud storage | |
| US9075758B2 (en) | Removable storage device with transactional operation support and system including same | |
| CN100478946C (en) | Method and apparatus for file system snapshot persistence | |
| US7366887B2 (en) | System and method for loading programs from HDD independent of operating system | |
| US8321482B2 (en) | Selectively modifying files of a container file | |
| US9448889B2 (en) | BIOS failover update with service processor | |
| US20060282653A1 (en) | Method for updating frimware of memory card | |
| US9286320B2 (en) | System and method for maintaining consistency among metadata elements of filesystem's logical objects | |
| US6944789B2 (en) | Method and apparatus for data backup and recovery | |
| JP2006286001A (en) | Usage of usb memory device for recovery of operating system | |
| CN104254840A (en) | Memory dump and analysis in a computer system | |
| US9448808B2 (en) | BIOS update with service processor without serial peripheral interface (SPI) access | |
| CN110162429B (en) | System repair method, server and storage medium | |
| CN115098299B (en) | Backup method, disaster recovery method, device and equipment of virtual machine | |
| US10185573B2 (en) | Caching based operating system installation | |
| KR20180023575A (en) | Firmware auto updating method and computer readable recording medium writing firmware auto updating method | |
| US6907506B2 (en) | Security device for a mass storage | |
| US7024493B1 (en) | Bootable CD for transferring files independently of computer operating systems | |
| US20060200656A1 (en) | Apparatus and method to capture data from an embedded device | |
| CN113791934A (en) | Data recovery method, computing device and storage medium | |
| JP4735765B2 (en) | Linux program startup system | |
| JP3951808B2 (en) | Hard disk drive subsystem | |
| CN100389396C (en) | FAT file system error treating method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Applicant after: Qianxin Technology Group Co.,Ltd. Applicant after: Qianxin Wangshen information technology (Beijing) Co.,Ltd. Address before: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Applicant before: Qianxin Technology Group Co.,Ltd. Applicant before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |