FAT
Content Leader: Jess Garcia - Last Updated: November 7, 2006
1. Gral. Info
-
FAT Types:
-
Types: FAT 12 / FAT 16 / FAT 32
-
There is no field that accurately identifies
-
0x01 FAT12
0x04 FAT16 <32M
0x06 FAT16
0x0b Win95 FAT32
0x0c Win95 FAT32 (LB
0x0e Win95 FAT16 (LB
0x0f Win95 Ext'd (LB
0x11 Hidden FAT12
0x14 Hidden FAT16 <32M
0x16 Hidden FAT16
0x1b Hidden Win95 FAT32 (???)
0x1c Hidden Win95 FAT32 (LB (???)
0x1e Hidden Win95 FAT16 (LB (???)
-
VFAT as a file system is basically the same as FAT. Most of the new capabilities relate to how the file system is used, and not the actual structures on the disk The only significant change in terms of actual structures is the addition of long file names. Even here, VFAT supports these using what is basically a hack, as opposed to anything really revolutionary.
-
-
Long File Name Support
-
Improved Performance
-
Better Management Capabilities
FSystem C.Size # clusters Maximum Vol Size
FAT12 512b-8K 4096 32M
FAT16 512b-64K 65526 4G
FAT32 512b-8K 2^28 8T
-
Note: Windows NT supports a 64 kiB cluster size in FAT16, allowing a max partition of just under 4,096 MB. The amount of slack waste in a partition of this size is astronomical, and since the 64 kiB cluster partitions aren't supported by Windows 9x/ME or other FAT-using operating systems, this isn't a popular option.
-
There really is no hard-set minimum for these cluster sizes.
It sometimes appears that 512 MB is the minimum size for a 16 kiB cluster size partition, for example, because most utilities are pre-programmed to always pick the smallest possible cluster size, in order to cut down on slack. This means that if you use FDISK for example to create a partition that is 300 MB in size, it will always pick 8 kiB for the cluster size and not 16 kiB or 32 kiB. But that doesn't mean you can't have a 300 MB partition that uses 32 kiB clusters; Partition Magic will let you set this up if you want, and in certain special cases you may in fact want to (although usually not).
6. FAT 12 / 16
-
FAT12: Used by floppy disks.
-
Limited Root Directory: 256 entries
7. FAT 32
-
Files are limited to 4 GB
-
The partition can be up to 2 TB (in theory).
-
No entry limit for Root Directory (Root Dir. is an ordinary cluster chain)
-
Limited Error Recovery
4K 0.5G-8G
8K 8G-16G
16K 16G-32G
32K 32G-2T (in theory)
10. FAT Format
+----------+--------------+-------------+
| Reserved | FAT Area | Data Area |
+----------+--------------+-------------+
The Reserved and the FAT areas do not use cluster addresses.
Cluster numbering starts in the Root Directory.
11. Reserved Area
0 6 (typically)
+----------+------+------------+------+-----------------+-----+
| Boot Sct | .... | FSINFO Sct | .... | Backup Boot Sct | ... |
+----------+------+------------+------+-----------------+-----+
-
Characteristics:
-
Signature: 0xEB 0x58 0x90 MSWIN4.1
-
First Sector of the Volume
-
Common Boot Sector Format:
0 [3] Assembly instructions to boot code
3 [8] OEM Name in ASCII
11 [2] Bytes per sector ({512|1024|2048|4096})
13 [1] Sectors per cluster
14 [2] Size in sectors of the reserved area
16 [1] Number of FATs (typically 2, 1 for small devs)
17 [2] Max. # of files in root dir (512 FAT 12/16; 0 FAT32)
19 [2] No. sectors in file system (*) or 0
21 [1] Media type (0xf8 fixed; 0xf0 removable)
(typically not used; FAT entry 0 used instead)
22 [2] FAT 12/16: size in sectors; FAT32: 0
24 [2] Sectors per track of storage device.
26 [2] No. Heads in storage device
28 [4] No. Sectors before the start of partition.
32 [4] No. sectors in filesystem (*) or 0
(*) If it can be represented with 2 bytes. If not, use (**)
-
FAT12/16 Boot Sector Format
36 [1] BIOS INT13h drive number
37 [1] Not used
38 [1] Extended boot signature to identify if the next 3
values are valid: 0x29
39 [4] Vol. Serial # (sometimes calculated based on creation date/time)
43 [11] Vol. Label in ASCII
54 [8] File system label in ASCII ({FAT|FAT12|FAT16|<nothing>| |...})
62-509 Unused
511 [2] Signature: 0xAA55
36 [4] 32-bit size in sectors of one FAT
40 [2]
42 [2] Major & Minor ver. number
44 [4] Cluster where root dir can be found
48 [2] Sector where FSINFO structure can be found
50 [2] Sector where backup copy of boot sector is located
(dflt: 6)
52 [12] Reserved.
64 [1] BIOS INT13h drive number
65 [1] Not used
66 [1] Extended boot signature to identify if the next 3
sectors are valid (0x29)
67 [4] Vol. Serial # (sometimes calculated based on creation
date/time)
71 [11] Vol. Label in ASCII
82 [8] File system type label in ASCII ({FAT32|<nothing>|...})
90-509 Not used
510 [2] Signature: 0xAA55
-
* Location given in the boot sector
* Suggested, but no obligation to be updated
* Format:
0 [4]
4-483 Unused
484 [4] Signature (0x61417272)
488 [4] No. of free clusters
492 [4] Next free cluster
496-507 Unused
508 [4] Signature (0xAA550000)
12. FAT Area
-
Used to determine the allocation status of a cluster and to find the next allocated cluster in a file or dir.
-
Size: Given in the boot sector.
-
Typically 2 FATs (exact number given in the Boot Sector): FAT2 starts right after FAT1.
-
Each entry references the corresponding cluster, except for entries 0 and 1, because clusters 0 and 1 are not addressable.
Entry 0 -> Copy of the media type (typically)
Entry 1 -> Dirty status of the file system (typically)
Entry 2 -> Cluster 2
Entry 3 -> Cluster 3
... -> ...
-
Size: FAT12 -> 12 bits ; FAT16 -> 16 bits ; FAT32 -> 32 bits
-
Format:
0 [1] 1st char of filename (0xe5/0x00 -> unallocated)
1 [10] Chars 2-11 of filename
11 [1] File Attributes
12 [1] Reserved
13 [1] Created Time (tenths of second)
14 [2] Created Time (hours, mins, secs)
16 [2] Created Day
18 [2] Accessed Day
20 [2] High 2 bytes of 1st cluster addr (0 for FAT12/16)
22 [2] Written Time (hours, mins, secs)
24 [2] Written Day
26 [2] Low 2 bytes of 1st cluster addr
28 [4] Size of file (0 for dirs)
Unallocated -> 0
Allocated -> · Addr of the next cluster (if not last cluster)
· EOF marker (if last cluster):
FAT12: 0xff8; FAT16: 0xfff8 ; FAT32: 0x0fff fff8
Damaged -> FAT12: 0xff7; FAT16: 0xfff7 ; FAT32: 0x0fff fff7
(should not be used)
13. Data Area
+----------+-----------+
| Root Dir | Data |
+----------+-----------+
· Root Directory:
* The number of RD entries is given in the boot sector.
FAT 12/16
* Cluster 2 is the first cluster after the Root Directory.
FAT 32
* Cluster 2 is the first cluster of the Data Area.
+---+----------------------------------------------+
|x4n| |
+---+- - - - - - < Long Dir. Entry n > - - - - - - +
| |
+---+----------------------------------------------+
~ . . . . . . . . . ~
+---+----------------------------------------------+
|x03| |
+---+- - - - - - < Long Dir. Entry 3 > - - - - - - +
| |
+---+----------------------------------------------+
|x02| |
+---+- - - - - - < Long Dir. Entry 2 > - - - - - - +
| |
+---+----------------------------------------------+
|x01| |
+---+- - - - - - < Long Dir. Entry 1 > - - - - - - +
| |
+--------------------------------------------------+
| |
+- - - - - < Short Dir. Entry (see below) > - - - -+
| |
+--------------------------------------------------+
-
0[1] 1st char of file name (if allocated)
0xE5 -> Deleted ; 0x00 -> Unallocated
1[7] chars 2-8 of file name
8[3] File Extension
11[1] File Attributes
12[1] Reserved
13[1] Created time (tenths of second)
14[2] Created time (hours, mins, secs)
16[2] Created day
18[2] Accessed day
20[2] High 2 bytes of 1st cluster addr (0 for FAT12/16)
22[2] Written time (hours, mins, secs)
24[2] Written day
26[2] Low 2 bytes of 1st cluster address (Starting Cluster)
28[4] Size of file (0 for dirs)
* 1st cluster addr is relative to the begining of the Data Section in
FAT12/FAT16 or the begining of the Root Directory for FAT32, with
an offset of 2.
** Absolute cluster offset:
1st cluster addr + start of {Data Area(FAT12/16)|Root Dir(FAT32)} - 2
+ Attributes:
+---------------+-------+------+------------+------+------+---------+
|Unused (2 bits)|Archive|Subdir|Volume Label|System|Hidden|Read Only|
+---------------+-------+------+------------+------+------+---------+
All fields are 1 bit long except the Unused field.
+ Time Records
+---------------+--------------+---------------+
| Hours (5bits) | Mins (6bits) | Secs/2 (5bit) |
+---------------+--------------+---------------+
As we have Secs/2 -> DOS times are always even.
Date Records
+-------------------+---------------+------------+
| Year+1980 (7bits) | Month (4bits) | Day (4bit) |
+-------------------+---------------+------------+
· Each separate block of date & time structures begins the "powers of 2"
count.
15. Files
-
Summary: The directory entry contains the starting cluster of the file and the FAT structure is used to find the remaining clusters in the file.
-
The FAT entry for a particular file contains a pointer to the begining of the Cluster Chain. The first cluster will contain a pointer to the second cluster, etc.
-
End of Chain Identifiers: FAT32: 0xFFFFFF - FAT16: 0xFFFF - FAT12: 0xFFF
-
Unused Clusters: 0x00
20. Filesystem Operations
File Deletion
-
When FAT deletes files, the starting sector is still known, but the remaining ones are not because their entries in the File Allocation Table are set to 0. If the file was not fragmented (i.e. it had consecutive sectors), recovery will be easy if the sectors have not been allocated since the deletion (i.e. they are still set to 0).
99. Templates
- Template "FAT Directory Entry"
// Template by Stefan Fleischmann
// To be applied to a sector of a FAT16 or FAT32 drive
// that contains a directory. Not suitable for LFN
// (long filename) directory entries.
description "Normal/short entry format"
appliesto disk
multiple
begin
char[8] "Filename (blank-padded)"
char[3] "Extension (blank-padded)"
hex 1 "0F = LFN entry"
move -1
binary "Attributes ( - -a-dir-vol-s-h-r)"
goto 0
hex 1 "00 = Never used, E5 = Erased"
move 11
read-only byte "(reserved)"
move 1
DOSDateTime "Creation date & time"
move -5
byte "Creation time refinement in 10-ms units"
move 2
DOSDateTime "Access date (no time!)"
move 2
DOSDateTime "Update date & time"
move -6
uint16 "(FAT 32) High word of cluster #"
move 4
uint16 "16-bit cluster #"
uint32 "File size (zero for a directory)"
end
-
Template "FAT Directory Entry"
// Template by Roger R¿hrig and Stefan Fleischmann
// To be applied to a sector of a VFAT (FAT16 or FAT32)
// drive that contains a directory. Only suitable for
// LFN (long filename) directory entries.
description "Long entry format"
appliesto disk
requires 11 0F
multiple
begin
hex 1 "Sequence number"
char16[5] "Filename (5 chars, FF-padded)"
goto 14
char16[6] "Filename (next 6 chars)"
goto 28
char16[2] "Filename (next 2 chars)"
goto 11
hex 1 "0F = LFN entry"
move -1
binary "Attributes ( - -a-dir-vol-s-h-r)"
read-only byte "(reserved)"
hex 1 "SFN checksum"
goto 26
uint16 "16-bit cluster # (always 0)"
end
-
Template "Boot Sector FAT16"
// Template by Stefan Fleischmann
// Revised by Paul Mullen 7/14/2000
// Boot sector format for MSDOS 4.0 onwards (incl. Windows 9x)
// To be applied to sector 0 of a FAT16-formatted logical drive.
description "BIOS parameter block (BPB) of a FAT16 partition"
appliesto disk
sector-aligned
requires 0x0 "EB" // JMP instruction will usually be EB xx 90
requires 0x2 "90" // (though older drives may use E9 xx xx)
requires 0x1FE "55 AA"
begin
read-only hex 3 "JMP instruction" //00
char[8] "OEM" //03
uint16 "Bytes per sector" //0B
uint8 "Sectors per cluster" //0D
uint16 "Reserved sectors" //0E
uint8 "FATs" //10
uint16 "Root entries" //11
uint16 "Sectors (under 32 MB)" //13
hex 1 "Media descriptor (hex)" //15
uint16 "Sectors per FAT" //16
uint16 "Sectors per track" //18
uint16 "Heads" //1A
uint32 "Hidden sectors" //1C
uint32 "Sectors (over 32 MB)" //20
hex 1 "BIOS drive (HD=8xh)" //24
read-only uint8 "(unused)"
hex 1 "Extended BS (29h)" //26
uint32 "Serial number as integer" //27
move -4
hex 4 "Serial number as hex" //27
char[11] "Volume label" //2B
char[8] "File system" //36
goto 0x1FE
read-only hex 2 "Signature (55 AA)"
end
-
Template "Boot Sector FAT32"
// Template by Stefan Fleischmann
// To be applied to sector 0 of a FAT32-formatted logical drive.
description "BIOS parameter block (BPB) of a FAT32 partition"
appliesto disk
sector-aligned
requires 0x02 "90"
requires 0x52 "46 41 54 33 32" // ="FAT32" at offset 52
begin
read-only hex 3 "JMP instruction"
char[8] "OEM"
uint16 "Bytes per sector"
uint8 "Sectors per cluster"
uint16 "Reserved sectors"
uint8 "FATs"
uint16 "Root entries"
uint16 "Sectors (on small volumes)"
hex 1 "Media descriptor (hex)"
uint16 "Sectors per FAT"
uint16 "Sectors per track"
uint16 "Heads"
uint32 "Hidden sectors"
uint32 "Sectors (on large volumes)"
section "FAT32 Section"
uint32 "Sectors per FAT"
uint16 "Flags"
uint16 "Version"
uint32 "Root cluster"
uint16 "File system info sector"
uint16 "Backup boot sector"
read-only hex 12 "(reserved)"
endsection
hex 1 "BIOS drive (HD=8xh)"
read-only uint8 (unused)
hex 1 "Extended BS (29h)"
uint32 "Serial number as integer"
move -4
hex 4 "Serial number as hex"
char[11] "Volume label"
char[8] "File system"
end
