Trinity Home

Trinity Rescue Kit 1.1: Usage Howto

Home - Download - Development - Usage howto - Screenshots - Discussion Forum

1. Scripts to help you
2. Boot time options
3. Third party utilities
4. Frequently and less frequently asked questions
5. Contact the author
6. Development Howto
7. Previous versions

Disclaimer:

Like any developer, I want to avoid laywers on my back for something I've made for free, so here it is:

This usage howto will explain some of the custom made features on Trinity Rescue Kit 1.1, it will not attempt to tell you how to use Linux and the author cannot be held responsible for any damage you may suffer from using Trinity Rescue Kit. The most dangerous things are explained and I will tell you this beforehand: all the failsaves are switched off. "rm" doesn 't ask you to confirm, it does what it does: remove. Many of the tools included in TRK are also developmental or experimental, and I am not responsible for any misuse or bugs

There, that should do it.

1. Scripts to help you

-mountallfs:

This script will mount any filesystem it finds on scsi and ide harddrives. It will also load the appropriate filesystem modules.
All partitions that contain a valid filesystem will be mounted in / as their respective device special file. E.g. /dev/hda1 will get mounted on /hda1. Mountallfs will tell you any partition it has mounted on execution anyway.
It has one flag, that is the -d flag, meaning "dangerous". Dangerous in a sense that it will load an alternative module for ntfs, nl. ntfs v1.1.21, the only one that has some writing capabilities to my knowledge. Be carefull with what you 're doing on ntfs drives, this is an ntfs driver that isn 't developed any longer and which had never stable writing capabilities. Always run "ntfsfix" on the ntfs partition after you 've written and unmounted it.
Mountallfs has a counterpart, called of course umountallfs, which will at the same time also unload any resident ntfs module.

-virusscan:
uses the free Linux antivirus version of F-prot (from Frisk software).
Depending on the flag you give it (-upd or -noupd), it attempts to get the latest updates at ftp.f-prot.com, unpacks it and scans all local disks. Of course, you first need networking support and local filesystems mounted.
F-prot has a weird license which permits you to use it for free for home use until a new version appears. It 's definitely not GPL, so I 'm considering a TRK version without f-prot after this one has been approved stable, just to avoid license problems

-winpass:
This is a script I have made to automate Windows NT/2000/XP password resets.
Just run it at the prompt and it will automatically mount any drive it finds by calling "mountallfs -d", dangerously.
It will then prompt you which Windows installation you want to reset the password from (by default it resets user Administrator), after which it will start chntpw, that will also prompt you some questions. After having said "y" to everything EXCEPT DISABLING SYSKEY all volumes get unmounted and any ntfs volume automatically gets an "ntfsfix", so a checkdisk will be performed on next startup of windows. It should then have reset your password .
winpass takes the same first two arguments as chntpw, so if you specify "winpass -u Harry", it will start "chntpw -u Harry", resetting the password of user Harry.
Watch out with disabling syskey! The winpass script calls for the utlity chntpw. This tool is the actual password resetter. Most of the time you don 't need to disable syskey. It removes strong password encryption, so all local passwords become invalid, since the hashes don 't correspond to the encryption algorythm anymore. This has been known to cause problems with Windows XP's product activation. Read the warning well!!!

-ntfsundeleteall
This small script just uses ntfsundelete from the ntfsprogs package. The original tool apparently doesn 't have any wildcard option when it comes to recovering files in batch. So I 've created the wildcard myself. E.g. "ntfsundeleteall /dev/hda1 /mnt0/temp23" will recover any 100% recoverable file from hda1 and write it to /mnt0/temp23, which can be f.i. a samba mount.

-mouseps2 and mouseser
They will start the gpm mouseserver for resp. generic ps2 mice and generic serial mice.

2. Boot time options:

Trinity Rescue Kit uses the widespread Linux Loader or LILO, which can take quite some arguments that one can pass on to his startup scripts. The different lilo items explained...

- TRK_1-1_default: as it says, the default startup for TRK. This will launch the kernel, start kudzu to detect devices and try to find an ip-address over dhcp. Keyboard language is default US qwerty

- TRK_1-1_keyb-be: same as the default, only it loads a belgian azerty keyboard

- TRK_1-1_scripts: /floppy/trkscripts is not actually a script, but you can make it one. TRK 1.1 (as did 1.0) has a lilo option that triggers mounting your floppy drive (on /dev/fd0) and search for the file "trkscripts" to execute. It executes in the current startup shell, so you can give it system wide variables. Somebody had asked me to implement this feature but from the computers' harddisk so one could launch computer specific maintenance. It was a great idea, except you would have to be certain you could mount any computers disk automatically (cfr. SCSI modules that don 't load in kudzu). A floppy is such a universal device that will almost always work.

- TRK_1-1_laptop: same as default, but tries to find any pcmcia or cardbus network cards. Apparently even with the latest version, kudzu is still unable to detect PCMCIA networkcards. This script just tries any pcmcia module it can find and unloads it whenever there is no network card found.

- TRK_1-1_USBnic: does what TRK_1-1_laptop does but with USB network adapters.

- TRKx: replaces TRK_1-1_lite, because without an argument at the lilo prompt, it will just run TRK without any option as it did before.
The special part of this option is that it takes several numbers after the prompt that will start different services.
To get to the Lilo prompt first, press CTRL+X

Here are the numbers explained:

1) run kudzu
2) try PCMCIA drivers
3) try USB nic drivers
4) start dhcpcd in background
5) belgian keyboard
6) run trkscripts
7) mountallfs (safe ntfs module)
8) run virusscan, implies that you have chosen option 7. If you 've chosen 4, dhcpcd, it will assume an Internet connection and fetch the latest virus definition files.
9) run partition image
0) run winpass (don 't use option 7, winpass itself will mount ntfs filesystem in rw mode.)

An example, at the lilo bootprompt: TRKx "12450" will start kudzu, try to detect PCMCIA cards, run dhcpcd, load a belgian keyboard and run winpass

Things you should know about this option

* The sequence of the numbers is of no importance, they will be run in alphanumeric order anyway.
* "Init", the first program run after the kernel startup, can also take a number as a runlevel, so if you do "TRKx 0" TRK will immediately shutdown after startup. To avoid this, just prefix the 0 with a letter, e.g. "TRKx t0"

- TRK_1-1_single: will run TRK in single user mode. Normally you don 't need this, it's just there for debugging purposes.

3. 3rd party tools

- chntpw: an offline registry editor and tool to change NT based Windows passwords with
use my custom winpass script to make life easier

author: Pavel Roskin
homepage and howto http://home.eunet.no/~pnordahl/ntpasswd/

- Partition Image: a disk cloning utility, capable of cloning NTFS partitions and at the same time over the network
I 've used this tool already a lot to clone Windows 2000 workstations with at my job. Works quite good but has some annoying usage bugs. The partition Image server is also included on TRK.
Given the situation, you could boot two PCs with TRK. On one you would mount a local drive to /mnt0 (make sure it has write rights for everyone, not just root). See what is its IP and then run "partimaged" On the other computer, run "partimage". Follow the steps for selecting a partition to clone, connect to your other computer's IP and login with user "trk" password "trk". You should be able to start cloning to an image file on the other computer. For more information on Partition Image, go to the homepage: http://www.partimage.org/

homepage and howto: http://www.partimage.org/
author: François Dupoux

- ntfsprogs: ntfsundelete, ntfsresize, ntfsfix, mkntfs and ntfsinfo
Part of the linux ntfs project, does what their name implies

homepage: http://linux-ntfs.sf.net/
author: many people

- fatback:
haven 't tested it yet, should be able to recover files from a fat partition

homepage: Google?
author: Nicholas Harbour

- F-prot: a free antivirus tool for Linux, very good, but will not be able to clean on ntfs, because of the write limitiations of the ntfs driver. You should manually delete any files that are viruses in itself by piping some text to it. E.g. "echo wasvirus > ezrfesrfd.exe"

homepage: http://www.frisk.is
author: Frisk Software

4. Frequently and less frequently asked questions

-How do I map a Windows network drive on TRK?
-I don 't have a Windows or SMB capable machine on my network, but I do have FTP access somewhere. Can I store files somewhere on TRK outside my ntfs partitions?
-Aaaah, I need another keyboard lay-out!
-Why can 't the antivirus F-prot not run properly on ntfs drives? The read/write module is loaded and enabled writable with mountallfs -d
-Some of my machines don 't boot all too well. How?
-What are the system requirements for TRK?
-What hardware is supported?
-I don 't have a DHCP server, how do I configure my network card manually?
-Pleeeaasssse!!! I only know Windows but I would like to get my files back. I got so far of mapping my Windows share already. How do I copy files? How do I see them?
-What 's with that "message of the day"?
-Who are you and why are you doing this?
-What are your future plans for the next version?

How do I map a Windows network drive on TRK?

The easiest way to work is to first add a local user called "root" on a Windows NT/2K/XP machine somewhere. This user does not need to be administrator on your Windows machine, he just needs to have access rights on a some share. So also create a share.
Why root? Because it 's the logged on user in TRK and the default to be taken at the command line.

Ok. Let 's say you 've created the user root, which has access to your Windows 2000 Professional machine on share "rescue". Note also the IP-adress, although Netbios name seems to work too.

At the command line in TRK type: "smbmount //WINDOWSMACHINE/rescue /mnt0"
Next you 'll be prompted for a password et voilà, you 're in, you can start copying files to /mnt0. To test, try "touch /mnt0/testfile.txt"

I don 't have a Windows or SMB capable machine on my network, but I do have FTP access somewhere. Can I store files somewhere on TRK outside my ntfs partitions?

Let 's say you want to undelete files on ntfs. "ntfsundelete" always requires you to write recovered files to elsewhere than ntfs partitions, because ntfs write access is dangerous. If you don 't have a sharing Windows machine, but nonetheless access to an FTP server, you can put the files in /tmp, which is a symbolic link to /dev/shm which is actually your complete available RAM. If you have lots of RAM, you can copy lots of files there. Once you 've put them there, you can upload them with "ftp" or "lftp –u username" Needless to say that your RAM is cleared when you reboot.

Aaaah, I need another keyboard lay-out!

There are small scripts for each common country that has weird keyboard lay-outs (f.i. us Belgians).
be = belgian latin1
de = german qwertz
fr = french azerty
nl = dutch qwerty
uk = uk qwerty
us = us qwerty

Why can 't the antivirus F-prot not run properly on ntfs drives? The read/write module is loaded and enabled writable with mountallfs -d

F-prot cannot disinfect files from an NTFS drive, but it can detect which files are infected and which prevent you from entering Windows without a running infection.
Once you know these files, you could try several options, but this is undiscovered country.
Apparently, the write capabilities of the ntfs 1.1.21 module are limited to overwriting files that are not bigger than the original.
-if it 's an important Windows system file, copy the file to /tmp, disinfect it there and copy it back.
-if it has a weird, random name like dfjqzed.exe, it 's probably a Klez or something, you 'll find you 're not able to delete it, but you can try to empty the file by doing: " > dfjqzed.exe" or "echo > dfjqzed.exe" , which will make the file 0 bytes.
-if you have a copy of the file somewhere, try overwriting it with that one, but I wouldn 't recommend it. It can be an old version which can render Windows unstable, or if you get it out of WINNT\system32\dllcache, that could also do weird stuff, since the ntfs module doesn 't support compressed files, and this is a compressed directory by default.

Best to try with the first option...

Some of my machines don 't boot all too well. How?

Apparently, there have been reported kernel paging problems on some Gateway machines, but a bios update on those machines seemed to have fixed those problems.
In any case, I always set bios settings on a machine to be as "auto" as possible, unless I 'm having problems. But if you 've been manually tweaking your bios, you may have set your memory speed too high and that can result in a faulty running TRK. Just set it lower or auto, maybe that helps...
Also set "PnP OS installed" to "YES" , "resources controlled by" to "Auto" and "Reset configuration data" to "YES"
Also a good thing is to disable PCI Mastering (in any case)
Of course, boot sequence should be CDROM first (duh!!!)

What are the system requirements for TRK?

-A Pentium class machine
-64Mb ram, although 32 might work.
-An ATAPI compliant CDRom player (most of them are)
-A bios that can boot from CD
-Optionally, an ethernet network card, an ethernet network preferrably with a DHCP server and another machine to transfer your data to. Or you could just hook up an extra disk.
-Something to rescue ;-)

What hardware is supported?

TRK 1.1 build 98 uses the generic 2.4.21 kernel.
It uses Pentium i586 as basic CPU platform (I 'm not going to start with 386es anymore), has all common PC based IDE controllers baked in + the Adaptec 78xx SCSI chipsets, since most computers have their CD drive hooked up to an IDE controller or some extremely popular Adaptec SCSI controller.
All other hardware is modular and will be detected by kudzu at boot time.
The other hardware includes: all Ethernet cards provided with the generic kernel, including PCI, PCMCIA, Cardbus, ISA and EISA bus-architecture (no MCA). All generic USB chipsets. All included USB Ethernet adapters. No Token ring or other obsolete architectures.

This should cover 99% of all hardware you need to rescue data and transfer it over the network.

I don 't have a DHCP server, how do I configure my network card manually?

-First do "ifconfig –a" to see whether you even have a network interface.
-There are several things you may need, but the most important one is an IP-address. Look for a free address in your network. If your other computer has something like 192.168.0.5, give yourself something in the neighbourhood, like 192.168.0.6.
Do it like this: "ifconfig eth0 192.168.0.6"
-If you want to access the Internet, you would need a working firewall and point your default gateway to that. If your firewall is 192.168.0.5, then type: "route add –net default gw 192.168.0.5"
-For name resolution (DNS): figure out your DNS server from your provider and put it in /etc/resolv.conf. Do it like this: echo "nameserver 195.130.132.17" > /etc/resolv.conf (replace 195.130.132.17 with your own DNS, this is my provider 's)

Now try "ping trinityhome.org", and do ctrl+c after a few secs.

Pleeeaasssse!!! I only know Windows but I would like to get my files back. I got so far of mapping my Windows share already. How do I copy files? How do I see them?

I 'm not going to start explaining basic Unix, but you could manage it with Midnight Commander, a console text based graphical file manager. You can even work with your mouse in it. You would first have to start your mouse with the provided scripts. Do "mouseser" for a serial mouse, "mouseps2" for a PS2 mouse. Type "mc" to start Midnight Commander. Remember that Linux and any Unix system is case sensitive, so capitalized commands don 't work, unless their filename is also capitalized. That 's as far as I 'm gonna help.

What 's with that "message of the day"?

Fetching the message of the day is just a test to see whether your Internet connection works or not. If the message is succesfully displayed, you know immediately:
-your network card was detected
-you have a working dhcp server on your network
-you can do name resolution because it tries to lookup trinityhome.dyndns.org
-you have the ability to at least access the Internet over FTP, so you know you can perform f-prot virusscan with the latest updates
-you 'll be informed about important updates or at least get an interesting tip.

The message of the day does not trigger any scripts, it 's just fetched with wget over passive ftp and displayed with the "cat" command.

Who are you and why are you doing this?

I 'm a Belgian system engineer with a daytime job in a Windows environment, but passionate about Linux. It all started with an effort to make a bootable linux diskette with a bash prompt and ntfs, but it got way out of hand. Making Trinity Rescue Kit was just plain ...fun! (and yes, I have a private life)

What are your future plans for the next version?

Version 2.0, with server features like firewalling or maybe a graphical front-end to all the stuff that 's in now. But the latter would require me to start programming, and I know squad from C or C++ or QT or whatever. Only some bash and bat scripting.

5. Contact the author

Contact me, Tom Kerremans aka harakiri at
I 'd like to know what you think of it. Any support question is also welcome, I will answer it asap.

6. Development howto