public DuplicatedInformation(byte[] buffer, int offset)
{
CreationTime = StandardInformationRecord.ReadDateTime(buffer, offset + 0x00);
ModificationTime = StandardInformationRecord.ReadDateTime(buffer, offset + 0x08);
MftModificationTime = StandardInformationRecord.ReadDateTime(buffer, offset + 0x10);
LastAccessTime = StandardInformationRecord.ReadDateTime(buffer, offset + 0x18);
AllocatedLength = LittleEndianConverter.ToUInt64(buffer, offset + 0x20);
FileSize = LittleEndianConverter.ToUInt64(buffer, offset + 0x28);
FileAttributes = (FileAttributes)LittleEndianConverter.ToUInt32(buffer, offset + 0x30);
PackedEASize = LittleEndianConverter.ToUInt16(buffer, offset + 0x34);
}
public FileRecord CreateFile(List <FileNameRecord> fileNameRecords, uint transactionID)
{
if (fileNameRecords.Count == 0)
{
throw new ArgumentException();
}
bool isDirectory = fileNameRecords[0].IsDirectory;
MftSegmentReference segmentReference = AllocateFileRecordSegment(transactionID);
FileRecordSegment fileRecordSegment = new FileRecordSegment(segmentReference.SegmentNumber, segmentReference.SequenceNumber);
// UpdateFileRecord() expects the base segment to be present on disk
byte[] redoData = fileRecordSegment.GetBytes(m_volume.BytesPerFileRecordSegment, m_volume.MinorVersion, false);
ulong streamOffset = (ulong)(fileRecordSegment.SegmentNumber * m_volume.BytesPerFileRecordSegment);
m_volume.LogClient.WriteLogRecord(m_mftRecord.BaseSegmentReference, m_mftRecord.DataRecord, streamOffset, NTFSLogOperation.InitializeFileRecordSegment, redoData, NTFSLogOperation.DeallocateFileRecordSegment, new byte[0], transactionID);
UpdateFileRecordSegment(fileRecordSegment);
fileRecordSegment.ReferenceCount = (ushort)fileNameRecords.Count; // Each FileNameRecord is about to be indexed
fileRecordSegment.IsInUse = true;
fileRecordSegment.IsDirectory = isDirectory;
FileRecord fileRecord = new FileRecord(fileRecordSegment);
StandardInformationRecord standardInformation = (StandardInformationRecord)fileRecord.CreateAttributeRecord(AttributeType.StandardInformation, String.Empty);
standardInformation.CreationTime = fileNameRecords[0].CreationTime;
standardInformation.ModificationTime = fileNameRecords[0].ModificationTime;
standardInformation.MftModificationTime = fileNameRecords[0].MftModificationTime;
standardInformation.LastAccessTime = fileNameRecords[0].LastAccessTime;
standardInformation.FileAttributes = 0;
foreach (FileNameRecord fileNameRecord in fileNameRecords)
{
FileNameAttributeRecord fileNameAttribute = (FileNameAttributeRecord)fileRecord.CreateAttributeRecord(AttributeType.FileName, String.Empty);
fileNameAttribute.IsIndexed = true;
fileNameAttribute.Record = fileNameRecord;
}
if (isDirectory)
{
string indexName = IndexHelper.GetIndexName(AttributeType.FileName);
IndexRootRecord indexRoot = (IndexRootRecord)fileRecord.CreateAttributeRecord(AttributeType.IndexRoot, indexName);
IndexHelper.InitializeIndexRoot(indexRoot, AttributeType.FileName, m_volume.BytesPerIndexRecord, m_volume.BytesPerCluster);
}
else
{
fileRecord.CreateAttributeRecord(AttributeType.Data, String.Empty);
}
UpdateFileRecord(fileRecord, transactionID);
return(fileRecord);
}
public FileNameRecord(byte[] buffer, int offset)
{
ParentDirectory = new MftSegmentReference(buffer, offset + 0x00);
CreationTime = StandardInformationRecord.ReadDateTime(buffer, offset + 0x08);
ModificationTime = StandardInformationRecord.ReadDateTime(buffer, offset + 0x10);
MftModificationTime = StandardInformationRecord.ReadDateTime(buffer, offset + 0x18);
LastAccessTime = StandardInformationRecord.ReadDateTime(buffer, offset + 0x20);
AllocatedSize = LittleEndianConverter.ToUInt64(buffer, offset + 0x28);
RealSize = LittleEndianConverter.ToUInt64(buffer, offset + 0x30);
byte fnLen = ByteReader.ReadByte(buffer, offset + 0x40);
Namespace = (FilenameNamespace)ByteReader.ReadByte(buffer, offset + 0x41);
FileName = Encoding.Unicode.GetString(buffer, offset + 0x42, fnLen * 2);
}
public byte[] GetBytes()
{
byte[] buffer = new byte[Length];
StandardInformationRecord.WriteDateTime(buffer, 0x00, CreationTime);
StandardInformationRecord.WriteDateTime(buffer, 0x08, ModificationTime);
StandardInformationRecord.WriteDateTime(buffer, 0x10, MftModificationTime);
StandardInformationRecord.WriteDateTime(buffer, 0x18, LastAccessTime);
LittleEndianWriter.WriteUInt64(buffer, 0x20, AllocatedLength);
LittleEndianWriter.WriteUInt64(buffer, 0x28, FileSize);
LittleEndianWriter.WriteUInt32(buffer, 0x30, (uint)FileAttributes);
LittleEndianWriter.WriteUInt16(buffer, 0x34, PackedEASize);
return(buffer);
}
public FileNameRecord(byte[] buffer, int offset)
{
ParentDirectory = new MftSegmentReference(buffer, offset + 0x00);
CreationTime = StandardInformationRecord.ReadDateTime(buffer, offset + 0x08);
ModificationTime = StandardInformationRecord.ReadDateTime(buffer, offset + 0x10);
MftModificationTime = StandardInformationRecord.ReadDateTime(buffer, offset + 0x18);
LastAccessTime = StandardInformationRecord.ReadDateTime(buffer, offset + 0x20);
AllocatedLength = LittleEndianConverter.ToUInt64(buffer, offset + 0x28);
FileSize = LittleEndianConverter.ToUInt64(buffer, offset + 0x30);
FileAttributes = (FileAttributes)LittleEndianConverter.ToUInt32(buffer, offset + 0x38);
PackedEASize = LittleEndianConverter.ToUInt16(buffer, offset + 0x3C);
byte fileNameLength = ByteReader.ReadByte(buffer, offset + 0x40);
Flags = (FileNameFlags)ByteReader.ReadByte(buffer, offset + 0x41);
FileName = Encoding.Unicode.GetString(buffer, offset + 0x42, fileNameLength * 2);
}
public byte[] GetBytes()
{
byte[] buffer = new byte[FixedLength + FileName.Length * 2];
ParentDirectory.WriteBytes(buffer, 0x00);
StandardInformationRecord.WriteDateTime(buffer, 0x08, CreationTime);
StandardInformationRecord.WriteDateTime(buffer, 0x10, ModificationTime);
StandardInformationRecord.WriteDateTime(buffer, 0x18, MftModificationTime);
StandardInformationRecord.WriteDateTime(buffer, 0x20, LastAccessTime);
LittleEndianWriter.WriteUInt64(buffer, 0x28, AllocatedSize);
LittleEndianWriter.WriteUInt64(buffer, 0x30, RealSize);
ByteWriter.WriteByte(buffer, 0x40, (byte)FileName.Length);
ByteWriter.WriteByte(buffer, 0x41, (byte)Namespace);
ByteWriter.WriteBytes(buffer, 0x42, Encoding.Unicode.GetBytes(FileName));
return(buffer);
}
private static FileRecordSegment CreateSystemReservedSegment(long segmentNumber)
{
FileRecordSegment baseRecordSegment = new FileRecordSegment(segmentNumber, (ushort)segmentNumber);
baseRecordSegment.IsInUse = true;
baseRecordSegment.UpdateSequenceNumber = 1;
DateTime creationTime = DateTime.Now;
StandardInformationRecord standardInformation = (StandardInformationRecord)baseRecordSegment.CreateAttributeRecord(AttributeType.StandardInformation, String.Empty);
standardInformation.CreationTime = creationTime;
standardInformation.ModificationTime = creationTime;
standardInformation.MftModificationTime = creationTime;
standardInformation.LastAccessTime = creationTime;
standardInformation.FileAttributes = FileAttributes.System | FileAttributes.Hidden;
baseRecordSegment.CreateAttributeRecord(AttributeType.Data, String.Empty);
return(baseRecordSegment);
}
public FileRecord CreateFile(List <FileNameRecord> fileNameRecords)
{
if (fileNameRecords.Count == 0)
{
throw new ArgumentException();
}
bool isDirectory = fileNameRecords[0].IsDirectory;
MftSegmentReference segmentReference = AllocateFileRecordSegment();
FileRecordSegment fileRecordSegment = new FileRecordSegment(segmentReference.SegmentNumber, segmentReference.SequenceNumber);
fileRecordSegment.ReferenceCount = (ushort)fileNameRecords.Count; // Each FileNameRecord is about to be indexed
fileRecordSegment.IsInUse = true;
fileRecordSegment.IsDirectory = isDirectory;
FileRecord fileRecord = new FileRecord(fileRecordSegment);
StandardInformationRecord standardInformation = (StandardInformationRecord)fileRecord.CreateAttributeRecord(AttributeType.StandardInformation, String.Empty);
standardInformation.CreationTime = fileNameRecords[0].CreationTime;
standardInformation.ModificationTime = fileNameRecords[0].ModificationTime;
standardInformation.MftModificationTime = fileNameRecords[0].MftModificationTime;
standardInformation.LastAccessTime = fileNameRecords[0].LastAccessTime;
standardInformation.FileAttributes = 0;
foreach (FileNameRecord fileNameRecord in fileNameRecords)
{
FileNameAttributeRecord fileNameAttribute = (FileNameAttributeRecord)fileRecord.CreateAttributeRecord(AttributeType.FileName, String.Empty);
fileNameAttribute.IsIndexed = true;
fileNameAttribute.Record = fileNameRecord;
}
if (isDirectory)
{
string indexName = IndexHelper.GetIndexName(AttributeType.FileName);
IndexRootRecord indexRoot = (IndexRootRecord)fileRecord.CreateAttributeRecord(AttributeType.IndexRoot, indexName);
IndexHelper.InitializeIndexRoot(indexRoot, AttributeType.FileName, m_volume.BytesPerIndexRecord, m_volume.BytesPerCluster);
}
else
{
fileRecord.CreateAttributeRecord(AttributeType.Data, String.Empty);
}
UpdateFileRecord(fileRecord);
return(fileRecord);
}
private static FileRecordSegment CreateBaseRecordSegment(long segmentNumber, ushort sequenceNumber, FileNameRecord fileNameRecord)
{
FileRecordSegment baseRecordSegment = new FileRecordSegment(segmentNumber, sequenceNumber);
baseRecordSegment.IsInUse = true;
baseRecordSegment.UpdateSequenceNumber = 1;
StandardInformationRecord standardInformation = (StandardInformationRecord)baseRecordSegment.CreateAttributeRecord(AttributeType.StandardInformation, String.Empty);
standardInformation.CreationTime = fileNameRecord.CreationTime;
standardInformation.ModificationTime = fileNameRecord.ModificationTime;
standardInformation.MftModificationTime = fileNameRecord.MftModificationTime;
standardInformation.LastAccessTime = fileNameRecord.LastAccessTime;
standardInformation.FileAttributes = fileNameRecord.FileAttributes;
FileNameAttributeRecord fileNameAttribute = (FileNameAttributeRecord)baseRecordSegment.CreateAttributeRecord(AttributeType.FileName, String.Empty);
fileNameAttribute.IsIndexed = true;
fileNameAttribute.Record = fileNameRecord;
return(baseRecordSegment);
}
public byte[] GetBytes()
{
byte[] buffer = new byte[this.Length];
ParentDirectory.WriteBytes(buffer, 0x00);
StandardInformationRecord.WriteDateTime(buffer, 0x08, CreationTime);
StandardInformationRecord.WriteDateTime(buffer, 0x10, ModificationTime);
StandardInformationRecord.WriteDateTime(buffer, 0x18, MftModificationTime);
StandardInformationRecord.WriteDateTime(buffer, 0x20, LastAccessTime);
LittleEndianWriter.WriteUInt64(buffer, 0x28, AllocatedLength);
LittleEndianWriter.WriteUInt64(buffer, 0x30, FileSize);
LittleEndianWriter.WriteUInt32(buffer, 0x38, (uint)FileAttributes);
LittleEndianWriter.WriteUInt16(buffer, 0x3C, PackedEASize);
ByteWriter.WriteByte(buffer, 0x40, (byte)FileName.Length);
ByteWriter.WriteByte(buffer, 0x41, (byte)Flags);
ByteWriter.WriteBytes(buffer, 0x42, Encoding.Unicode.GetBytes(FileName));
return(buffer);
}
