# Recovering a file using inode



## ashwyn222 (Mar 17, 2008)

I am doing a project in File recovery system. This system recovers deleted files. I have an inode of the deleted file. Is there any function in C that reads a file by taking inode as an argument OR is there any other way to recover deleted file.


----------



## lensman3 (Oct 19, 2007)

Try this. I found this in "Unix Power Tools" O'Reilly 1993 page 426. This was under a chapter on how to remove files that had strange characters in the name, like starting with a dash "-" or an unprintable character. This pretty well assumes the file is still there and the file hasn't been written over.

find . -inum 6349 -exec mv {} newname \;

Where newname is the "newname it will be called!!! The find command with -exec, I always foun d to be dangerous. Entire file systems can go "away" or be changed to be almost unusable. 

You get the files inum using "ls -i"

Once upon a time in Unix, the log files were opened using inodes instead of by filename. That way nobody could delete the files. It also prevented the files from being moved, but the could be copied. So the log files were copied then truncated using the hack "cp /dev/null /logfile". You might see if you can find some code on how the files were opened using inodes. It would show you how to open a file by inode then read and write by inode.

Good luck


----------



## lensman3 (Oct 19, 2007)

Try this. I found this in "Unix Power Tools" O'Reilly 1993 page 426. This was under a chapter on how to remove files that had strange characters in the name, like starting with a dash "-" or an unprintable character. This pretty well assumes the file is still there and the file hasn't been written over.

find . -inum 6349 -exec mv {} newname \;

Where newname is the "newname it will be called!!! The find command with -exec, I always foun d to be dangerous. Entire file systems can go "away" or be changed to be almost unusable. 

You get the files inum using "ls -i"

Once upon a time in Unix, the log files were opened using inodes instead of by filename. That way nobody could delete the files. It also prevented the files from being moved, but the could be copied. So the log files were copied then truncated using the hack "cp /dev/null /logfile". You might see if you can find some code on how the files were opened using inodes. It would show you how to open a file by inode then read and write by inode.

Good luck


----------

