private Dictionary <int, Win32Api.UsnEntry> GetUsnRecordsDictionary()
{
PrivilegesManager pm = new PrivilegesManager();
pm.Grant();
Dictionary <int, Win32Api.UsnEntry> uEntries = new Dictionary <int, Win32Api.UsnEntry>();
using (usnJ = new NtfsUsnJournal(/*brd.SystemDrive.MountPoint*/ brd /*.Snapshot.MountPoint*/)){
Logger.Append(Severity.DEBUG, "Reading USN journal " + journalId + " for '" + brd.SystemDrive.MountPoint
+ "' from seq " + prevTransactionId + " to seq " + transactionId
+ " (changed entries from " + Utilities.Utils.GetLocalDateTimeFromUnixTime(refTimeStamp).ToString()
+ " to " + Utilities.Utils.GetLocalDateTimeFromUnixTime(brd.Snapshot.TimeStamp).ToLocalTime().ToString() + ")");
Win32Api.USN_JOURNAL_DATA stateJd = new Win32Api.USN_JOURNAL_DATA();
stateJd.UsnJournalID = journalId;
stateJd.NextUsn = prevTransactionId;
Win32Api.USN_JOURNAL_DATA newState = new Win32Api.USN_JOURNAL_DATA(); // unused, as we maintain our own state
List <Win32Api.UsnEntry> changedUsnEntries = new List <Win32Api.UsnEntry>();
usnJ.GetUsnJournalState(ref newState);
NtfsUsnJournal.UsnJournalReturnCode retCode = usnJ.GetUsnJournalEntries(stateJd, refTimeStamp, 0xFFFFFFFF, out changedUsnEntries, out newState);
if (retCode != NtfsUsnJournal.UsnJournalReturnCode.USN_JOURNAL_SUCCESS)
{
throw new Exception(retCode.ToString());
}
int entryId = 0;
foreach (Win32Api.UsnEntry ue in changedUsnEntries)
{
if (ue != null && ue.Reason > 0)
{
entryId = (int)(ue.FileReferenceNumber);
//if(ue.Name.StartsWith("grut"))
//Console.WriteLine ("|--------| USN seq="+ue.USN+", item "+entryId+" ("+ue.Name+") "+((NtfsUsnJournal.UsnReasonCode)ue.Reason).ToString());
if (!uEntries.ContainsKey(entryId))
{
uEntries[entryId] = ue;
}
else // cumulate reason flags
// ignore created+deleted (temporary or short-lived (between 2 backups) items
{
if (
((Win32Api.UsnReasonCode)ue.Reason).HasFlag(Win32Api.UsnReasonCode.USN_REASON_FILE_DELETE) &&
((Win32Api.UsnReasonCode)uEntries[entryId].Reason).HasFlag(Win32Api.UsnReasonCode.USN_REASON_FILE_CREATE)
)
{
Console.WriteLine("*** item " + ue.Name + " CREATED+DELETED");
continue;
}
// file ID reused (file delete + new create) : totally replace previous entry
else if (
((Win32Api.UsnReasonCode)ue.Reason).HasFlag(Win32Api.UsnReasonCode.USN_REASON_FILE_CREATE) &&
((Win32Api.UsnReasonCode)uEntries[entryId].Reason).HasFlag(Win32Api.UsnReasonCode.USN_REASON_FILE_DELETE)
)
{
uEntries[entryId] = ue;
}
// cumulate flags
else if (!((Win32Api.UsnReasonCode)uEntries[entryId].Reason).HasFlag(((Win32Api.UsnReasonCode)ue.Reason)))
{
Win32Api.UsnReasonCode newReason = ((Win32Api.UsnReasonCode)uEntries[entryId].Reason) | ((Win32Api.UsnReasonCode)ue.Reason);
uEntries[entryId] = ue;
uEntries[entryId].Reason = (uint)newReason;
}
// only keep the last rename operation
/*if(((NtfsUsnJournal.UsnReasonCode)ue.Reason).HasFlag(NtfsUsnJournal.UsnReasonCode.USN_REASON_RENAME_NEW_NAME) ){
* Console.WriteLine ("*** item "+ue.Name+" RENAMED (reasons="+((NtfsUsnJournal.UsnReasonCode)ue.Reason).ToString());
* NtfsUsnJournal.UsnReasonCode newReason = ((NtfsUsnJournal.UsnReasonCode)entries[entryId].Reason) ;
* if(!((NtfsUsnJournal.UsnReasonCode)entries[entryId].Reason).HasFlag(NtfsUsnJournal.UsnReasonCode.USN_REASON_RENAME_NEW_NAME) )
* newReason |= NtfsUsnJournal.UsnReasonCode.USN_REASON_RENAME_NEW_NAME;
* entries[entryId] = ue;
* entries[entryId].Reason = (uint)newReason;
* }*/
}
}
}
Logger.Append(Severity.TRIVIA, "Done reading USN journal " + journalId + " for '" + brd.SystemDrive.MountPoint);
} //end using
return(uEntries);
}
private void FillListBoxWithFolders(NtfsUsnJournal.UsnJournalReturnCode rtnCode, List <Win32Api.UsnEntry> folders)
{
FunctionElapsedTime.Content = string.Format("'List Folders'->{0} elapsed time {1}(ms) {2} folders",
"GetNtfsVolumeFolders()", NtfsUsnJournal.ElapsedTime.Milliseconds.ToString(), folders.Count);
if (rtnCode == NtfsUsnJournal.UsnJournalReturnCode.USN_JOURNAL_SUCCESS)
{
if (folders.Count > 0)
{
_entryDetail = UsnEntryDetail.EntryDetail.File;
resultsLb.ItemsSource = folders;
}
}
else
{
ListBoxItem lbItem = new ListBoxItem();
lbItem.Content = string.Format("'List Folders'->{0} returned error code: {1}", "GetNtfsVolumeFolders()", rtnCode.ToString());
lbItem.Foreground = Brushes.Red;
resultsLb.Items.Add(lbItem);
}
Cursor = Cursors.Arrow;
}
private void FillListBoxWithUsnEntries(NtfsUsnJournal.UsnJournalReturnCode rtnCode, List <Win32Api.UsnEntry> usnEntries, Win32Api.USN_JOURNAL_DATA newUsnState)
{
FunctionElapsedTime.Content = string.Format("'View Changes'->{0} elapsed time {1}(ms)",
"GetUsnJournalEntries()", NtfsUsnJournal.ElapsedTime.Milliseconds.ToString());
if (rtnCode == NtfsUsnJournal.UsnJournalReturnCode.USN_JOURNAL_SUCCESS)
{
if (usnEntries.Count > 0)
{
_entryDetail = UsnEntryDetail.EntryDetail.UsnEntry;
resultsLb.ItemsSource = usnEntries;
UpdateUsnStateDialog updateUsnStateDlg = new UpdateUsnStateDialog(this);
updateUsnStateDlg.Owner = this;
bool?bRtn = updateUsnStateDlg.ShowDialog();
if (bRtn != null && bRtn.Value)
{
_usnCurrentJournalState = newUsnState;
}
}
else
{
ListBoxItem lbItem = new ListBoxItem();
lbItem.Content = string.Format("'View Changes'-> No Journal entries found");
lbItem.Foreground = Brushes.Red;
resultsLb.Items.Add(lbItem);
}
}
else
{
ListBoxItem lbItem = new ListBoxItem();
lbItem.Content = string.Format("'View Changes'->{0} returned error code: {1}", "GetUsnJournalEntries()", rtnCode.ToString());
lbItem.Foreground = Brushes.Red;
resultsLb.Items.Add(lbItem);
}
Cursor = Cursors.Arrow;
}
private void SaveUsnState_Click(object sender, RoutedEventArgs e)
{
_usnEntryDetail.Visibility = Visibility.Hidden;
resultsLb.ItemsSource = null;
resultsLb.Items.Clear();
Win32Api.USN_JOURNAL_DATA journalState = new Win32Api.USN_JOURNAL_DATA();
NtfsUsnJournal.UsnJournalReturnCode rtn = _usnJournal.GetUsnJournalState(ref journalState);
FunctionElapsedTime.Content = string.Format("Save State->{0} elapsed time {1}(ms)",
"GetUsnJournalState()", NtfsUsnJournal.ElapsedTime.Milliseconds.ToString());
if (rtn == NtfsUsnJournal.UsnJournalReturnCode.USN_JOURNAL_SUCCESS)
{
_usnCurrentJournalState = journalState;
ListBoxItem lbItem = new ListBoxItem();
lbItem.Foreground = Brushes.Black;
lbItem.Content = FormatUsnJournalState(journalState);
resultsLb.Items.Add(lbItem);
}
else
{
ListBoxItem lbItem = new ListBoxItem();
lbItem.Content = string.Format("Save State->{0} returned error code: {1}", "GetUsnJournalState()", rtn.ToString());
lbItem.Foreground = Brushes.Red;
resultsLb.Items.Add(lbItem);
}
}
private void CreateUsnJournal_Click(object sender, RoutedEventArgs e)
{
_usnEntryDetail.Visibility = Visibility.Hidden;
resultsLb.ItemsSource = null;
resultsLb.Items.Clear();
NtfsUsnJournal.UsnJournalReturnCode rtn = _usnJournal.CreateUsnJournal(1000 * 1024, 16 * 1024);
FunctionElapsedTime.Content = string.Format("Create->{0} elapsed time {1}(ms)",
"CreateUsnJournal()", NtfsUsnJournal.ElapsedTime.Milliseconds.ToString());
if (rtn == NtfsUsnJournal.UsnJournalReturnCode.USN_JOURNAL_SUCCESS)
{
ListBoxItem lbItem = new ListBoxItem();
lbItem.Foreground = Brushes.Black;
lbItem.Content = string.Format("USN Journal Successfully created, CreateUsnJournal() returned: {0}", rtn.ToString());
resultsLb.Items.Add(lbItem);
}
else
{
ListBoxItem lbItem = new ListBoxItem();
lbItem.Content = string.Format("Create->{0} returned error code: {1}", "GetUsnJournalState()", rtn.ToString());
lbItem.Foreground = Brushes.Red;
resultsLb.Items.Add(lbItem);
}
}
private void btnQueryUsnJournal_Click(object sender, EventArgs e)
{
lbResults.DataSource = null;
lbResults.Items.Clear();
USN_JOURNAL_DATA journalState = new USN_JOURNAL_DATA();
NtfsUsnJournal.UsnJournalReturnCode rtn = _usnJournal.GetUsnJournalState(ref journalState);
lblElapsedTime.Visible = true;
lblElapsedTime.Text = string.Format("执行用时:{0}ms", NtfsUsnJournal.ElapsedTime.Milliseconds.ToString());
lblListCount.Text = string.Empty;
if (rtn == NtfsUsnJournal.UsnJournalReturnCode.USN_JOURNAL_SUCCESS)
{
lbResults.Items.AddRange(FormatUsnJournalState(journalState));
}
else
{
lbResults.Items.Add(string.Format("{0} 执行失败!错误码: {1}。", "GetUsnJournalState()", rtn.ToString()));
}
}
