internal PartitionManager(IntPtr rawHandle, DiskGeometry geometry)
{
lock (typeof(PartitionManager)) {
if (null != Singleton)
{
throw new InvalidOperationException("Singleton rule violation.");
}
Singleton = this;
}
_geometry = geometry ?? throw new ArgumentNullException();
_rawHandle = rawHandle;
}
public static unsafe int Main(string[] args)
{
InstallExceptionHandlers();
using (PartitionDataDisposableBatch mainBatch = PartitionDataDisposableBatch.CreateNew()) {
DisplayVersion();
IntPtr handle = IntPtr.Zero;
int nativeError;
DiskGeometry geometry = new DiskGeometry();
try {
handle = Natives.CreateFile2(@"\\.\PhysicalDrive0", 0x80000000 /* GENERIC_READ */,
0x02 /* FILE_SHARE_WRITE */, 3 /* OPEN_EXISTING */, IntPtr.Zero);
nativeError = Marshal.GetLastWin32Error();
if ((IntPtr.Zero == handle) || (0 != nativeError))
{
Console.WriteLine("Physical drive opening failed. Error 0x{0:X8}", nativeError);
return(1);
}
geometry.Acquire(handle);
_partitionManager = new PartitionManager(handle, geometry);
_partitionManager.Discover();
InterpretActivePartitions();
if (FeaturesContext.InvariantChecksEnabled)
{
NtfsMFTFileRecord.AssertMFTRecordCachingInvariance(_partitionManager);
}
// TODO : Configure TrackedPartitionIndex from command line arguments.
foreach (GenericPartition partition in _partitionManager.EnumeratePartitions())
{
if (!partition.ShouldCapture)
{
continue;
}
NtfsPartition ntfsPartition = partition as NtfsPartition;
NtfsPartition.Current = ntfsPartition;
// Basic functionnality tests. Don't remove.
//ntfsPartition.CountFiles();
//ntfsPartition.MonitorBadClusters();
//ntfsPartition.ReadBitmap();
// Dump bad clusters.
ntfsPartition.DumpBadClusters();
// Dump UsnJournal
PrototypeUsnJournal();
new NtfsUsnJournalReader(ntfsPartition).Run();
// Dump LogFile
// new NtfsLogFileReader(ntfsPartition).Run();
// Locate file.
// string fileName = @"TEMP\AsciiTes.txt";
string fileName = @"$Extend\$UsnJrnl";
NtfsIndexEntryHeader *fileDescriptor = ntfsPartition.FindFile(fileName);
if (null == fileDescriptor)
{
throw new System.IO.FileNotFoundException(fileName);
}
IPartitionClusterData fileData = null;
NtfsFileRecord * usnJournalFileRecord =
ntfsPartition.GetFileRecord(fileDescriptor->FileReference, ref fileData);
if ((null == usnJournalFileRecord) || (null == fileData))
{
throw new ApplicationException();
}
try {
usnJournalFileRecord->EnumerateRecordAttributes(
delegate(NtfsAttribute * attribute, Stream dataStream) {
attribute->Dump();
return(true);
});
// For debugging purpose.
// fileRecord->BinaryDumpContent();
// TODO : Do something with the file.
}
finally {
if (null != fileData)
{
fileData.Dispose();
}
}
}
return(0);
}
finally {
if (IntPtr.Zero == handle)
{
Natives.CloseHandle(handle);
handle = IntPtr.Zero;
}
}
}
}
