ext4recovery/test/ff.sh

# Search for /var related strings in the assembled array
# Things that would only appear in /var:
python3 -c "
import os

targets = [
    b'/var/log/syslog',
    b'/var/lib/apt',
    b'/var/cache',
    b'dpkg/status',
    b'apt/lists',
    b'journald',
    b'/var/log/auth.log',
]

with open('/dev/nbd0', 'rb') as f:
    chunk = 128*1024*1024
    offset = 0
    limit = 50*1024*1024*1024
    while offset < limit:
        f.seek(offset)
        data = f.read(chunk)
        if not data: break
        for target in targets:
            pos = data.find(target)
            if pos >= 0:
                abs_byte = offset + pos
                ctx = data[max(0,pos-50):pos+100]
                print(f'{target.decode()!r} at byte {abs_byte}')
                print(f'  {ctx.decode(\"latin1\",errors=\"replace\")}')
                print()
        offset += chunk
        if offset % (1024*1024*1024) == 0:
            print(f'Scanned {offset//1024//1024//1024}GB...',flush=True)
" 2>&1 | grep -v "^Scanned"