# Linux获取磁盘分区的Windows盘符
**Repository Path**: wkt/nt_mounted_devices
## Basic Information
- **Project Name**: Linux获取磁盘分区的Windows盘符
- **Description**: 在Linux上读取各磁盘分区在Windows系统的盘符
- **Primary Language**: Unknown
- **License**: LGPL-2.1
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No
## Statistics
- **Stars**: 0
- **Forks**: 0
- **Created**: 2022-04-17
- **Last Updated**: 2022-05-09
## Categories & Tags
**Categories**: Uncategorized
**Tags**: None
## README
# Linux读取磁盘分区的Windows盘符
对于Linux和Windows多系统的计算机,当我们运行的是Linux系统时,
如何知道各个磁盘分区在Windows系统的盘符呢?
我们的这个脚本就是要解决这个问题的。
原理也比较简单:
先搜索windows的注册表文件,再读取注册表中盘符-分区id对应信息,
再根据分区id生成规则计算出id,然后一比对就OK了。
### 依赖
udev
grep
awk
udisks2(Linux,macOS则不需要)
python3
pyregf (https://github.com/libyal/libregf, Ubuntu包名: python3-libregf)
pyregfi (http://projects.sentinelchicken.org/reglookup, Ubuntu包名: python3-pyregfi)
hivex (https://libguestfs.org/, Ubuntu包名: python3-hivex)
pyregf、pyregfi、hivex安装其中一个即可
### 代码示例
代码
```
import os
import nt_mounted_devices
def test_get_partition_drive(write_drive=False):
maps = nt_mounted_devices.get_partition_drive(mount=True)
for m in maps:
mp = m["mount_point"]
dev = m['dev']
drive = m['drive']
txt = "Device = {}\r\nMountPoint = {}\r\nWindowsDrive = {}\r\n\r\n".format(dev, mp, drive)
print(txt)
if write_drive:
f = os.path.join(mp, 'nt_mounted_device.txt')
with open(f, 'w') as fp:
fp.write(txt)
if __name__ == '__main__':
test_get_partition_drive()
```
运行
```
python3 example.py
```
## 运行环境
原则上只要是满足依赖的Linux系统就可以工作
但是实测的系统只有:
unix: Ubuntu 18.04/20.04/21.10 Manjaro 21.2.6 macOS 10.14.4
Windows: Windows 7/10
### 参考文献
https://github.com/libyal/libregf/wiki/Python-development
http://what-when-how.com/windows-forensic-analysis/registry-analysis-windows-forensic-analysis-part-6/
https://winreg-kb.readthedocs.io/en/latest/sources/system-keys/Mounted-devices.html