public SecurityDescriptors(File file)
{
_file = file;
_hashIndex = new IndexView <HashIndexKey, HashIndexData>(file.GetIndex("$SDH"));
_idIndex = new IndexView <IdIndexKey, IdIndexData>(file.GetIndex("$SII"));
foreach (KeyValuePair <IdIndexKey, IdIndexData> entry in _idIndex.Entries)
{
if (entry.Key.Id > _nextId)
{
_nextId = entry.Key.Id;
}
long end = entry.Value.SdsOffset + entry.Value.SdsLength;
if (end > _nextSpace)
{
_nextSpace = end;
}
}
if (_nextId == 0)
{
_nextId = 256;
}
else
{
_nextId++;
}
_nextSpace = Utilities.RoundUp(_nextSpace, 16);
}
private void VerifyDirectories()
{
foreach (FileRecord fr in _context.Mft.Records)
{
if (fr.BaseFile.Value != 0)
{
continue;
}
File f = new File(_context, fr);
foreach (NtfsStream stream in f.AllStreams)
{
if (stream.AttributeType == AttributeType.IndexRoot && stream.Name == "$I30")
{
IndexView <FileNameRecord, FileRecordReference> dir =
new IndexView <FileNameRecord, FileRecordReference>(f.GetIndex("$I30"));
foreach (KeyValuePair <FileNameRecord, FileRecordReference> entry in dir.Entries)
{
FileRecord refFile = _context.Mft.GetRecord(entry.Value);
// Make sure each referenced file actually exists...
if (refFile == null)
{
ReportError("Directory {0} references non-existent file {1}", f, entry.Key);
}
File referencedFile = new File(_context, refFile);
StandardInformation si = referencedFile.StandardInformation;
if (si.CreationTime != entry.Key.CreationTime ||
si.MftChangedTime != entry.Key.MftChangedTime ||
si.ModificationTime != entry.Key.ModificationTime)
{
ReportInfo("Directory entry {0} in {1} is out of date", entry.Key, f);
}
}
}
}
}
}
/// <summary>
/// Writes a diagnostic dump of key NTFS structures.
/// </summary>
/// <param name="writer">The writer to receive the dump.</param>
/// <param name="linePrefix">The indent to apply to the start of each line of output.</param>
public void Dump(TextWriter writer, string linePrefix)
{
writer.WriteLine(linePrefix + "NTFS File System Dump");
writer.WriteLine(linePrefix + "=====================");
////_context.Mft.Dump(writer, linePrefix);
writer.WriteLine(linePrefix);
_context.BiosParameterBlock.Dump(writer, linePrefix);
if (_context.SecurityDescriptors != null)
{
writer.WriteLine(linePrefix);
_context.SecurityDescriptors.Dump(writer, linePrefix);
}
if (_context.ObjectIds != null)
{
writer.WriteLine(linePrefix);
_context.ObjectIds.Dump(writer, linePrefix);
}
if (_context.ReparsePoints != null)
{
writer.WriteLine(linePrefix);
_context.ReparsePoints.Dump(writer, linePrefix);
}
if (_context.Quotas != null)
{
writer.WriteLine(linePrefix);
_context.Quotas.Dump(writer, linePrefix);
}
writer.WriteLine(linePrefix);
GetDirectory(MasterFileTable.RootDirIndex).Dump(writer, linePrefix);
writer.WriteLine(linePrefix);
writer.WriteLine(linePrefix + "FULL FILE LISTING");
foreach (var record in _context.Mft.Records)
{
// Don't go through cache - these are short-lived, and this is (just!) diagnostics
File f = new File(_context, record);
f.Dump(writer, linePrefix);
foreach (var stream in f.AllStreams)
{
if (stream.AttributeType == AttributeType.IndexRoot)
{
try
{
writer.WriteLine(linePrefix + " INDEX (" + stream.Name + ")");
f.GetIndex(stream.Name).Dump(writer, linePrefix + " ");
}
catch (Exception e)
{
writer.WriteLine(linePrefix + "!Exception: " + e);
}
}
}
}
writer.WriteLine(linePrefix);
writer.WriteLine(linePrefix + "DIRECTORY TREE");
writer.WriteLine(linePrefix + @"\ (5)");
DumpDirectory(GetDirectory(MasterFileTable.RootDirIndex), writer, linePrefix); // 5 = Root Dir
}
public Quotas(File file)
{
_ownerIndex = new IndexView <OwnerKey, OwnerRecord>(file.GetIndex("$O"));
_quotaIndex = new IndexView <OwnerRecord, QuotaRecord>(file.GetIndex("$Q"));
}
public ReparsePoints(File file)
{
_file = file;
_index = new IndexView<Key, Data>(file.GetIndex("$R"));
}
public Quotas(File file)
{
_ownerIndex = new IndexView<OwnerKey, OwnerRecord>(file.GetIndex("$O"));
_quotaIndex = new IndexView<OwnerRecord, QuotaRecord>(file.GetIndex("$Q"));
}
private void VerifyDirectories()
{
foreach (FileRecord fr in _context.Mft.Records)
{
if (fr.BaseFile.Value != 0)
{
continue;
}
File f = new File(_context, fr);
foreach (var stream in f.AllStreams)
{
if (stream.AttributeType == AttributeType.IndexRoot && stream.Name == "$I30")
{
IndexView<FileNameRecord, FileRecordReference> dir = new IndexView<FileNameRecord, FileRecordReference>(f.GetIndex("$I30"));
foreach (var entry in dir.Entries)
{
FileRecord refFile = _context.Mft.GetRecord(entry.Value);
// Make sure each referenced file actually exists...
if (refFile == null)
{
ReportError("Directory {0} references non-existent file {1}", f, entry.Key);
}
File referencedFile = new File(_context, refFile);
StandardInformation si = referencedFile.StandardInformation;
if (si.CreationTime != entry.Key.CreationTime || si.MftChangedTime != entry.Key.MftChangedTime
|| si.ModificationTime != entry.Key.ModificationTime)
{
ReportInfo("Directory entry {0} in {1} is out of date", entry.Key, f);
}
}
}
}
}
}
public ObjectIds(File file)
{
_file = file;
_index = new IndexView <IndexKey, ObjectIdRecord>(file.GetIndex("$O"));
}
public ReparsePoints(File file)
{
_file = file;
_index = new IndexView <Key, Data>(file.GetIndex("$R"));
}
public ObjectIds(File file)
{
_file = file;
_index = new IndexView<IndexKey, ObjectIdRecord>(file.GetIndex("$O"));
}
