User:lN2/Sandbox/dd

From Wikipedia, the free encyclopedia
Jump to: navigation, search

dd is a common UNIX program whose primary purpose is the low-level copying and conversion of raw data. The title of the UNIX sixth edition manual page of May 1975 was dd - convert and copy a file, and some have suggested[citation needed] that since "cc" was already in use as the code for the C Compiler, "dd" was used instead; in any case, DD is an acronym for "data definition" in IBM JCL (to which the command's syntax bears a strong resemblance) and the name and syntax of the command is generally presumed to be a bit of gallows humor.

dd is used to copy a specified number of bytes or blocks, performing on-the-fly byte order conversions, as well as more esoteric EBCDIC to ASCII conversions. dd is commonly used to copy regions of raw device files, e.g. backing up the boot sector of a hard disk, or to read fixed amounts of data from special files like /dev/zero or /dev/random. It also works well reading and writing to block based media like magnetic tape. Because dd with Unix can copy entire partitions or disks, it is used in computer forensics when the contents need to be preserved as a byte-exact copy. Using cp would not be enough, since data from deleted files that may still be present on a disk are not visible through the file system interface. It is jokingly said to stand for "destroy disk" or "delete data", since, being used for low-level operations on hard disks, a small mistake, such as reversing the if and of parameters, may accidentally render the entire disk unusable.[1]

The command line syntax of dd is unlike that of any other UNIX program; a violation of the Unix philosophy of using a common syntax for all command line tools. Generally, dd uses an option=value format, whereas most Unix programs use a -option value format. Also, dd's input is specified using the "if" (input file) option, while most programs simply take the name by itself. It is rumored to have been based on IBM's JCL, and though the syntax may have been a joke, there seems never to have been any effort to write a more Unix-like replacement. The obscure syntax may also have been deliberately designed to prevent careless usage, due to the major damage this utility can cause if misused (see anti-examples).[citation needed]

Usage[edit]

dd [options]

operands[edit]

if=file 
Input File: Read from file instead from standard input.
of=file 
Output File: Write to file instead to standard output. See also the keyword notrunc.
ibs=bytes 
Input Block Size: Read bytes bytes at once.
obs=bytes 
Output Block Size: Write bytes bytes at once.
bs=bytes 
Block Size: A shortcut for ibs=bytes obs=bytes. If the user does not provide a block size, 512 bytes is used.[2] One can determine the block size of a storage medium by assuming a block size, writing one block and checking for an error message. One author wrote in 2005 that for "most modern drives", the optimum value for this operand for maximum read/write performance is 4k (i.e. bs=4k);[3] however, the value of 1024 is far more widely used in practice.
count=blocks 
Count: copy only this many blocks from the input to the output, then stop.
skip=blocks 
When starting to read from input, skip blocks number of blocks of size ibs.
seek=blocks 
When starting to write to output, skip blocks number of blocks of size obs.
conv=keywords 
Convert the file according to a comma-separated list of keywords.
cbs=bytes 
Convert Block Size: Convert bytes bytes at once.

conv[edit]

When specifying conv as parameter the following keywords may be used:

ascii 
Convert from EBCDIC to ASCII.
ebcdic 
Convert from ASCII to EBCDIC.
IBM 
Convert from ASCII to an alternative EBCDIC.
block 
Fill datasets which are terminated by a newline-character with space-characters to fit size of cbs.
unblock 
Replace trailing space-characters in datasets of size cbs with newline-characters.
lcase 
Change uppercase characters to lowercase.
ucase 
Change lowercase characters to uppercase.
notrunc 
Do not truncate output file to zero bytes before writing to it. If the existing output file is longer than the amount of data to be written to it, this will cause the written data to overwrite the initial portion, leaving the remainder intact.
swab 
Swap every pair of input bytes.
noerror 
Ignore reading errors and continue.
sync 
Pad every input block with null bytes if it is shorter than the size specified. If used with block or unblock, pad with space characters instead.

Notes and units[edit]

On various systems the option --version is supported. dd will then output its version number and quit.

file may be any real file or any block-device file.

On certain systems bytes may be specified with multiplicative units. This units may then be[4]:

c 
Character: 1
w 
Word: 2
b 
Block: 512
kB 
Decimal kilobytes: 1,000 bytes
k 
Binary kilobytes (kibibytes): 1,024 bytes
MB 
Decimal megabytes: 1,000,000 bytes
M 
Binary megabytes (mebibytes): 1,048,576 bytes (1,024×1,024)

This may be carried on similarly with G, T, P, E, Z, Y. The standard "IEEE Std 1003.1" only requires that the 'b' and 'k' multipliers be supported, and does not specify the meaning of any other multipliers. Also, multiple numbers may be provided separated by 'x'. These numbers are multiplied together.

Examples[edit]

Note: Read the man page for your dd command before trying examples as your system may be different. These examples are for Linux: on other platforms the device names may be different and have different semantics. You must still adjust the commands to your platform. Make sure the if (source) and of (target) is specified correctly, or you may lose data.

  • To create an ISO image file named image.iso of a CD. Insert the source CD and unmount it first if auto CD mount is enabled, this is to improve performance by preventing random access to the mounted filesystem.
dd if=/dev/cdrom of=image.iso bs=2k
  • To create an image file named floppy.img of a floppy disk:
dd if=/dev/fd0 of=floppy.img
  • To copy the image file back to a floppy:
dd if=floppy.img of=/dev/fd0 bs=18k
  • To create a file of the size 1 GB with the name reallylargefile, filled with random data:
dd if=/dev/random of=reallylargefile count=2M
  • As above but faster and cryptographicly less secure
dd if=/dev/urandom of=reallylargefile count=2M
  • As above but faster by increasing block size:
dd if=/dev/urandom of=reallylargefile count=256k obs=4096
  • To create a file of the size 10 GB with the name virtualpartition, filled with zeros, and make it available as a ext2 virtual partition:
dd if=/dev/zero of=virtualpartition bs=1M count=10k
mke2fs virtualpartition (reply yes when it says it's not a block device)
mkdir /mnt/virtual
mount -o loop virtualpartition /mnt/virtual/
  • To create a 10GB sparse file which doesn't allocate any actual space (if the filesystem supports this feature):
dd if=/dev/zero of=sparsefile.img bs=1 seek=10G count=0
  • To copy the first partition of the first hard disk to the file partitionone.
dd if=/dev/hda1 of=partitionone
  • To copy the first IDE-harddisk (master) to the second IDE-hard disk (slave), i.e. clone the drive including file systems, partition tables and the master boot record.
dd if=/dev/hda of=/dev/hdb

For many more examples of the Linux dd command, which is the same as the UNIX version, go here: http://www.linuxquestions.org/questions/showthread.php?t=362506

Under Windows (GNU Unix Utils)[edit]

dd is available with the GNU Unix Utils.

Windows devices are named like \\.\PhysicalDrive0 or \\.\CDROM0.

To turn a CD into an ISO image:

dd if=\\.\CDROM0 of=cdimage.iso obs=2048

Under Windows (Cygwin)[edit]

dd is also available within Cygwin (www.cygwin.com)

The CD-Rom is typically available as /dev/scd0 (first SCSI-device).

To turn a CD into an ISO image do

dd if=/dev/scd0 of=cdimage.iso obs=2048

To turn a 3½" floppy into an image file do

Mount the floppy

mount -f -b //./a: /dev/fd0

Create the image

dd if=/dev/fd0 of=fdimage.img count=1 bs=1440k

Unmount the floppy

umount /dev/fd0

Anti-examples[edit]

The following examples are provided to warn about the dangers of dd, if used incorrectly. Trying any of these commands with the proper privileges will almost certainly result in major data loss, and may make the system unusable. In order to prevent accidental copying and pasting, "dd" has been replaced with "[dd]" here.

This overwrites the complete first hard disk with null bytes, erasing it (though not in a manner that is as secure as overwriting with random data):

[dd] if=/dev/zero of=/dev/hda

This overwrites the first few blocks of the first hard disk with the file, resulting in a loss of the partition table:

[dd] if=funnysong.mp3 of=/dev/hda

This will completely corrupt an entire hard disk (/dev/dsp is the sound player/recorder):

[dd] if=/dev/dsp of=/dev/hda

This will overwrite an entire disk with pseudorandom data, making its initial contents relatively irrecoverable

[dd] if=/dev/urandom of=/dev/hda

The examples above presume device names (valid on some Linux systems) that may be different on other platforms. Here are some common variations.

Mac OS X:

[dd] if=/dev/zero of=/dev/disk0

Minix:

[dd] if=/dev/zero of=/dev/c0d0p0

NetBSD/OpenBSD (does not work if securelevel > 1):

[dd] if=/dev/zero of=/dev/rwd0

See also[edit]

External links[edit]

Category:Unix software