Exemplo n.º 1
0
 public NTFSVolume(string drive, Win32Api.USN_JOURNAL_DATA lastusn)
 {
     var rootpath = new DriveInfo(drive);
     _Root_Handle = NTFS_Volume.NTFS_Functions.GetRootHandle(rootpath);
     _Root = new Volume.NTFS_File(new Win32Api.UsnEntry(rootpath.Name.Replace("\\", "")));
     Lookup = new Dictionary<ulong, Journal.Volume.NTFS_File>();
     _Current_JournalState = lastusn;
 }
Exemplo n.º 2
0
 public Raw_Array_Wrapper(int sizeinbytes)
 {
     Size = sizeinbytes;
     Ptr  = Marshal.AllocHGlobal(Size);
     Win32Api.ZeroMemory(Ptr, Size);
 }
Exemplo n.º 3
0
 private void Add(Win32Api.UsnEntry u)
 {
     Lookup.Add(u.FileReferenceNumber, new Journal.Volume.NTFS_File(u));
 }
Exemplo n.º 4
0
 private void Update(Journal.Volume.NTFS_File original, Win32Api.UsnEntry usnEntry)
 {
     original.Entry.Reason = usnEntry.Reason;
     Debug.WriteLine("Marking '" + original.Name + "' as dirty ");
     //return;
     //// original.Entry.Reason = usnEntry;
     //uint value = usnEntry.Reason &
     //    (Win32Api.USN_REASON_DATA_OVERWRITE |
     //    Win32Api.USN_REASON_DATA_EXTEND |
     //    Win32Api.USN_REASON_DATA_TRUNCATION |
     //    Win32Api.USN_REASON_NAMED_DATA_OVERWRITE |
     //    Win32Api.USN_REASON_NAMED_DATA_EXTEND |
     //    Win32Api.USN_REASON_NAMED_DATA_TRUNCATION |
     //    Win32Api.USN_REASON_FILE_DELETE);
     //var sb = new StringBuilder();
     //if(0 != value)
     //{
     //    sb.AppendFormat("\n     -FILE DELETE");
     //}
     //value = usnEntry.Reason & Win32Api.USN_REASON_EA_CHANGE;
     //if(0 != value)
     //{
     //    sb.AppendFormat("\n     -EA CHANGE");
     //}
     //value = usnEntry.Reason & Win32Api.USN_REASON_SECURITY_CHANGE;
     //if(0 != value)
     //{
     //    sb.AppendFormat("\n     -SECURITY CHANGE");
     //}
     //value = usnEntry.Reason & Win32Api.USN_REASON_RENAME_OLD_NAME;
     //if(0 != value)
     //{
     //    sb.AppendFormat("\n     -RENAME OLD NAME");
     //}
     //value = usnEntry.Reason & Win32Api.USN_REASON_RENAME_NEW_NAME;
     //if(0 != value)
     //{
     //    sb.AppendFormat("\n     -RENAME NEW NAME");
     //}
     //value = usnEntry.Reason & Win32Api.USN_REASON_INDEXABLE_CHANGE;
     //if(0 != value)
     //{
     //    sb.AppendFormat("\n     -INDEXABLE CHANGE");
     //}
     //value = usnEntry.Reason & Win32Api.USN_REASON_BASIC_INFO_CHANGE;
     //if(0 != value)
     //{
     //    sb.AppendFormat("\n     -BASIC INFO CHANGE");
     //}
     //value = usnEntry.Reason & Win32Api.USN_REASON_HARD_LINK_CHANGE;
     //if(0 != value)
     //{
     //    sb.AppendFormat("\n     -HARD LINK CHANGE");
     //}
     //value = usnEntry.Reason & Win32Api.USN_REASON_COMPRESSION_CHANGE;
     //if(0 != value)
     //{
     //    sb.AppendFormat("\n     -COMPRESSION CHANGE");
     //}
     //value = usnEntry.Reason & Win32Api.USN_REASON_ENCRYPTION_CHANGE;
     //if(0 != value)
     //{
     //    sb.AppendFormat("\n     -ENCRYPTION CHANGE");
     //}
     //value = usnEntry.Reason & Win32Api.USN_REASON_OBJECT_ID_CHANGE;
     //if(0 != value)
     //{
     //    sb.AppendFormat("\n     -OBJECT ID CHANGE");
     //}
     //value = usnEntry.Reason & Win32Api.USN_REASON_REPARSE_POINT_CHANGE;
     //if(0 != value)
     //{
     //    sb.AppendFormat("\n     -REPARSE POINT CHANGE");
     //}
     //value = usnEntry.Reason & Win32Api.USN_REASON_STREAM_CHANGE;
     //if(0 != value)
     //{
     //    sb.AppendFormat("\n     -STREAM CHANGE");
     //}
     //value = usnEntry.Reason & Win32Api.USN_REASON_CLOSE;
     //if(0 != value)
     //{
     //    sb.AppendFormat("\n     -CLOSE");
     //}
     //Debug.WriteLine("Changes " + sb.ToString());
 }
Exemplo n.º 5
0
        public List<Journal.Volume.NTFS_File> Update(Win32Api.USN_JOURNAL_DATA last)
        {
            var files = new List<Journal.Volume.NTFS_File>();
            var changes = NTFS_Volume.NTFS_Functions.Get_Changes(_Root_Handle, last);
            foreach(var item in changes)
            {
                Journal.Volume.NTFS_File found = null;
                Lookup.TryGetValue(item.FileReferenceNumber, out found);
                if(found != null)
                    Update((Journal.Volume.NTFS_File)found, item);

            }
            return files;
        }