public SecurityDescriptors(File file) { _file = file; _hashIndex = new IndexView <HashIndexKey, HashIndexData>(file.GetIndex("$SDH")); _idIndex = new IndexView <IdIndexKey, IdIndexData>(file.GetIndex("$SII")); foreach (KeyValuePair <IdIndexKey, IdIndexData> entry in _idIndex.Entries) { if (entry.Key.Id > _nextId) { _nextId = entry.Key.Id; } long end = entry.Value.SdsOffset + entry.Value.SdsLength; if (end > _nextSpace) { _nextSpace = end; } } if (_nextId == 0) { _nextId = 256; } else { _nextId++; } _nextSpace = Utilities.RoundUp(_nextSpace, 16); }
private void VerifyDirectories() { foreach (FileRecord fr in _context.Mft.Records) { if (fr.BaseFile.Value != 0) { continue; } File f = new File(_context, fr); foreach (NtfsStream stream in f.AllStreams) { if (stream.AttributeType == AttributeType.IndexRoot && stream.Name == "$I30") { IndexView <FileNameRecord, FileRecordReference> dir = new IndexView <FileNameRecord, FileRecordReference>(f.GetIndex("$I30")); foreach (KeyValuePair <FileNameRecord, FileRecordReference> entry in dir.Entries) { FileRecord refFile = _context.Mft.GetRecord(entry.Value); // Make sure each referenced file actually exists... if (refFile == null) { ReportError("Directory {0} references non-existent file {1}", f, entry.Key); } File referencedFile = new File(_context, refFile); StandardInformation si = referencedFile.StandardInformation; if (si.CreationTime != entry.Key.CreationTime || si.MftChangedTime != entry.Key.MftChangedTime || si.ModificationTime != entry.Key.ModificationTime) { ReportInfo("Directory entry {0} in {1} is out of date", entry.Key, f); } } } } } }
/// <summary> /// Writes a diagnostic dump of key NTFS structures. /// </summary> /// <param name="writer">The writer to receive the dump.</param> /// <param name="linePrefix">The indent to apply to the start of each line of output.</param> public void Dump(TextWriter writer, string linePrefix) { writer.WriteLine(linePrefix + "NTFS File System Dump"); writer.WriteLine(linePrefix + "====================="); ////_context.Mft.Dump(writer, linePrefix); writer.WriteLine(linePrefix); _context.BiosParameterBlock.Dump(writer, linePrefix); if (_context.SecurityDescriptors != null) { writer.WriteLine(linePrefix); _context.SecurityDescriptors.Dump(writer, linePrefix); } if (_context.ObjectIds != null) { writer.WriteLine(linePrefix); _context.ObjectIds.Dump(writer, linePrefix); } if (_context.ReparsePoints != null) { writer.WriteLine(linePrefix); _context.ReparsePoints.Dump(writer, linePrefix); } if (_context.Quotas != null) { writer.WriteLine(linePrefix); _context.Quotas.Dump(writer, linePrefix); } writer.WriteLine(linePrefix); GetDirectory(MasterFileTable.RootDirIndex).Dump(writer, linePrefix); writer.WriteLine(linePrefix); writer.WriteLine(linePrefix + "FULL FILE LISTING"); foreach (var record in _context.Mft.Records) { // Don't go through cache - these are short-lived, and this is (just!) diagnostics File f = new File(_context, record); f.Dump(writer, linePrefix); foreach (var stream in f.AllStreams) { if (stream.AttributeType == AttributeType.IndexRoot) { try { writer.WriteLine(linePrefix + " INDEX (" + stream.Name + ")"); f.GetIndex(stream.Name).Dump(writer, linePrefix + " "); } catch (Exception e) { writer.WriteLine(linePrefix + "!Exception: " + e); } } } } writer.WriteLine(linePrefix); writer.WriteLine(linePrefix + "DIRECTORY TREE"); writer.WriteLine(linePrefix + @"\ (5)"); DumpDirectory(GetDirectory(MasterFileTable.RootDirIndex), writer, linePrefix); // 5 = Root Dir }
public Quotas(File file) { _ownerIndex = new IndexView <OwnerKey, OwnerRecord>(file.GetIndex("$O")); _quotaIndex = new IndexView <OwnerRecord, QuotaRecord>(file.GetIndex("$Q")); }
public ReparsePoints(File file) { _file = file; _index = new IndexView<Key, Data>(file.GetIndex("$R")); }
public Quotas(File file) { _ownerIndex = new IndexView<OwnerKey, OwnerRecord>(file.GetIndex("$O")); _quotaIndex = new IndexView<OwnerRecord, QuotaRecord>(file.GetIndex("$Q")); }
private void VerifyDirectories() { foreach (FileRecord fr in _context.Mft.Records) { if (fr.BaseFile.Value != 0) { continue; } File f = new File(_context, fr); foreach (var stream in f.AllStreams) { if (stream.AttributeType == AttributeType.IndexRoot && stream.Name == "$I30") { IndexView<FileNameRecord, FileRecordReference> dir = new IndexView<FileNameRecord, FileRecordReference>(f.GetIndex("$I30")); foreach (var entry in dir.Entries) { FileRecord refFile = _context.Mft.GetRecord(entry.Value); // Make sure each referenced file actually exists... if (refFile == null) { ReportError("Directory {0} references non-existent file {1}", f, entry.Key); } File referencedFile = new File(_context, refFile); StandardInformation si = referencedFile.StandardInformation; if (si.CreationTime != entry.Key.CreationTime || si.MftChangedTime != entry.Key.MftChangedTime || si.ModificationTime != entry.Key.ModificationTime) { ReportInfo("Directory entry {0} in {1} is out of date", entry.Key, f); } } } } } }
public ObjectIds(File file) { _file = file; _index = new IndexView <IndexKey, ObjectIdRecord>(file.GetIndex("$O")); }
public ReparsePoints(File file) { _file = file; _index = new IndexView <Key, Data>(file.GetIndex("$R")); }
public ObjectIds(File file) { _file = file; _index = new IndexView<IndexKey, ObjectIdRecord>(file.GetIndex("$O")); }