http://www.fpns.net/willy/msbackup.htm#NTBKUP NTBKUP Ver 1.07c compiled for OS_STR with MAX_PATH = 100 Copyright 2003 William T. Kranz ... usage: ntbkup [-x[filter]] [-l] [-p] [@] [-c] [-d] [-f] [-j#] [-s#] [-t] [-v] -x to unconditionally extract all files matching filter -l where full case sensitive path limits extract -p recursive path based directory extract @ use path based extract and redirection command file all extracts use [filter] from -x, default filter is *.* -c to display catalog regions for TAG == TFDD -d display directory tree from raw data region -f[:start:[len]] to find 4 char tag with optional start pos and length -j#[:#] jump to start position in file for data recovery (modulo 0x400) optionally follow start offset with :# for an end offset -s# to limit options above to a particular SET by # -t[:start[:end]] display tags only from start to end offset -v to set verbose mode The argument is required, without it you get the display above. Under MSDOS the file name must be a 8.3 style short filename. The OS_STR above indicates the Operating System the program was compiled for: MSDOS, WIN32, Unix, or CYGWIN. Currently NTBKUP will by default display all the tags in the source archive file. The -c option lists the files in the archive by parsing the catalog region(s). The rest of the options ignore the catalog and parse (or control parsing in) the data region directly which can be useful for data recovery. The -d option only lists the directories (DIRB tags) and can be useful to determine the paths to be used with the -l, -p, or @ commands. As indicated below the -x has an optional filter argument. When -x is used without -p or -l it ignores the directories and extracts all files in the archive matching the filter. You can use -l with a path description to limit file extraction to a single directory (this path description should not include a drive specification, to select a drive use the -s option). The -p option is similar but also extracts and optionally creates subdirectories below the specified archive directory. The -l and -p options are mutually exclusive. In both cases the extraction starts in the current directory. You can additionally define a filter to be used in these directories with -x. This filter specification is also used with the @ file. The default filter is *.* for all files. Since version 1.02 the time stamp and attribute (READ/WRITE status) is preserved when the files are extracted. A command file can also be used to specify a series of paths for the extraction with the @ command, its format is discussed below. Under MSDOS the short, 8.3, filename is used when the file is extracted. Under WIN32 and Linux the full file name is used. The -s# option may be used in multi-set volumes to restrict the operations above to a single set. Run NTBKUP with no options to see the set numbers. If -s is not used, operations are performed on all sets in the archive. Although its not indicated in the program output above because there isn't space on the console screen, the options -f, -j, and -t may all be followed by the letter 'h'. By default the arguments are treated as unsigned integers (ie decimal). Appending either an 'h' or an 'H' ahead of the numeric value interpruts the value as hexidecimal. Ie -jA would fail and be ignored, but -jhA would jump to hex offset 0xA before starting to process the file. The -p and @ options are new with version 1.02 (and relatively untested so use prudence). They mimic logic developed in MSQIC. A preliminary pass is made through the data file and the names and location of all the directoires (DIRB regions) in the archive are stored in a dynamically allocated tree structure. Then this tree is searched for the user supplied directory strings. Unlike -l, a drive specification is required, ie "C:". The source path is the name stored in the archive, these paths may be viewed with the -d option. A source path description is valid if it has one of 3 terminators. 1) the OS specific directory terminator, '/' in unix and '\' in an MSDOS or WIN32 environment. This denotes only this directory should be extracted. 2) A '*' which denotes that this directory and all those below it in the directory tree should be extracted if, and only if, the matching directory exists on the target system. 3) A '+' is similar to '*', but will attempt to create sub directories as required. With the -p option you just specify the source path and extraction starts at the current directory. With option 2 or 3 above the archive subdirectories below the source directory will be copied to corresponding location below the current directory on the target system. With the @ option, the represents a command file name. This ascii text file will be opened and read line by line. Each line should contain an archive source path as described above, one or more spaces, ' ', and a redirection path. Rather than starting in the current directory, the redirection path is used for the starting directory. For proper parsing the redirection path must end with the OS specific delimitor, '\' or '/'. Note that if any of the directory names in a path include spaces, ' ', then the entire path must be quoted. Further more there are some odd side effects with the -p option when processing a quoted path that ends in '\' as required by MSDOS and WIN32. See the examples and discussion page. CAUTION: Due to the way this program evolved, files are extracted by changing the current directory on the target machine to a desired directory and then doing the extraction in this directory. This has a couple implications. First, your current directory is likely to change after using the @ command. Second, this has not been extensively tested. I've tried to trap errors, but if it gets out of sync during extraction from a large archive you could have a real mess. Be cautious with use of the '+' terminator enabling directory creation. Try some small sub paths to be sure you know how it works before attempting to extract the entire archive as indicated in my example. I've done this successfully, but you might not be so fortunate. Potential file command lines are shown in quotes below followed by a comment which should NOT be in the file: "c:+ \croot\" create & extact all archive files & directories at or below C:\ in the archive to \croot and below on the current drive "c:\temp\ d:\temp\" extract files from archive c:\temp to d:\temp "c:\csource* \csource" extact files and directories from archive at pr below c:\csource to matching directorys on current drive if the directory exists, otherwise skip over it. I've now talked to a couple people with corrupted *.BKF files. I was surprised, but apparently NTBackUp isn't always happy with archive files after they have been created. Especially if they have been passed around networks. Still exploring this, but added a few more command line options. The -j and -f options should not be used together. The program terminates after -f. You can force it to start at a particular offset with -j. -f will search for identifiers at ALL file offsets rather than just block boundries. You must enter 4 ascii characters for the desired tag, you may optionally enter a ':' delimited start offset and byte length for the search area. Use -fh if hex offsets are to be used for these qualifiers. Note I was sloppy about this, the maximum value you can enter here is a 32 bit unsigned integer. If you have a file that requires 64 bit offsets you won't be able to specify start or end points beyond 4GB. It appears that the lack of file compression and the advent of large disks causes people to make what I concider very large backup archives, see large file issues. Dan and I worked together in March of 2004 to debug my -p and @ logic. Ultimately he was able to extract 4GB from the directory tree in a 20GB *.bkf file with a single -p command line option. Warning in the Spring of 2007 I was contacted by two different people who were attempting to recover files with NTBackUp and discovered to their dismay that it completely ignores unicode in the file names when it tires to extract them. Sorry I was pretty lazy about this. The *.BKF file format supports the use of unicode file names, but I ignore the 16 bit information and just strip the 8 bit char portion in the function getn_unicode() in ntbkup.c. This could be corrected fairly easily if you have a compiler that supports unicode in its open() function (my MSVC 5.0 does not, but I believe linux gcc with glibc-2.2 does). At the moment I have no plan to revisit this myself, but will post here if someone else takes the effort. Multi-Volume *.BKF Backup Issues In 2005 I spoke to someone who had made an MTF style backup to floppy disks. Apparently its still possible to do this, and although one can recover a lot of the data with the current version of NTBKUP by processing the floppies one by one you can't get it all. The problem is NTBKUP.exe expects a single contiguous file and doesn't know how to skip ahead to the next floppy. Presumably there is a continuation header of some sort, but I have not looked at this problem. The person who brought this to my attention recovered everything they wanted by processing the disks individually. If anyone is desperate, I could work it out, but it would cost you. It took a couple days to get a workable solution for *.qic files. --------------------------------------------- --------------------------------------------- --------------------------------------------- --------------------------------------------- I suggest first using the "-d" option to view the directories that are archived within the BKF file. Then, I suggest using the "-p" option to extract the directory of interest (and all of its sub-directories). If all goes well, don't forget to send a 'thank-you' to Will. (See http://www.fpns.net/willy/contact.htm.) --------------------------------------------- Thought I was lost with the backup I had prior to my laptop being stolen, and didn't want to spend >$300 to get my data. A wonderful utility ntbkup.exe! Here's the command line entry that worked for me (same as above). Make sure you do a directory (-d) command prior to the extract, to limit the extract to those files that you want. D:\temp>ntbkup backup.bkf -p"D:\Documents and Settings\bp329\My Documents+" ---------------------------------------------