private static UsnJrnl[] GetInstances(string volume, int recordnumber)
{
// Get VolumeBootRecord object for logical addressing
VolumeBootRecord VBR = VolumeBootRecord.Get(volume);
// Get FileRecord for C:\$Extend\$UsnJrnl
FileRecord record = FileRecord.Get(volume, recordnumber, true);
// Get the $J Data attribute (contains UsnJrnl records)
NonResident J = UsnJrnl.GetJStream(record);
// Instatiate a List of UsnJrnl entries
List <UsnJrnl> usnList = new List <UsnJrnl>();
for (int i = 0; i < J.DataRun.Length; i++)
{
if (!(J.DataRun[i].Sparse))
{
long clusterCount = J.DataRun[i].ClusterLength;
byte[] fragmentBytes = Helper.readDrive(volume, (J.DataRun[i].StartCluster * VBR.BytesPerCluster), (clusterCount * VBR.BytesPerCluster));
byte[] clusterBytes = new byte[VBR.BytesPerCluster];
for (int j = 0; j < clusterCount; j++)
{
Array.Copy(fragmentBytes, (int)(j * VBR.BytesPerCluster), clusterBytes, 0, clusterBytes.Length);
int offset = 0;
do
{
if (clusterBytes[offset] == 0)
{
break;
}
try
{
UsnJrnl usn = new UsnJrnl(clusterBytes, volume, ref offset);
if (usn.Version > USN40Version)
{
break;
}
usnList.Add(usn);
}
catch
{
break;
}
} while (offset >= 0 && offset < clusterBytes.Length);
}
}
}
// Return usnList as a UsnJrnl[]
return(usnList.ToArray());
}
/// <summary>
///
/// </summary>
/// <returns></returns>
public UsnJrnl GetUsnJrnl()
{
foreach (FileRecordAttribute attr in this.Attribute)
{
StandardInformation SI = attr as StandardInformation;
if (SI != null)
{
return(UsnJrnl.Get(this.VolumePath, SI.UpdateSequenceNumber));
}
}
throw new Exception("No $STANDARD_INFORMATION Attirbute found");
}
/// <summary>
///
/// </summary>
/// <param name="path"></param>
/// <returns></returns>
public static UsnJrnl[] GetTestInstances(string path)
{
byte[] bytes = FileRecord.GetContentBytes(path, "$J");
string volume = Helper.GetVolumeFromPath(path);
VolumeBootRecord VBR = VolumeBootRecord.Get(volume);
List <UsnJrnl> usnList = new List <UsnJrnl>();
for (int i = 0; i < bytes.Length; i += VBR.BytesPerCluster)
{
int clusteroffset = i;
do
{
// Break if there are no more UsnJrnl entries in cluster
if (bytes[clusteroffset] == 0)
{
break;
}
try
{
UsnJrnl usn = new UsnJrnl(bytes, volume, ref clusteroffset);
if (usn.Version > USN40Version)
{
break;
}
usnList.Add(usn);
}
catch
{
break;
}
} while (clusteroffset >= 0 && clusteroffset < bytes.Length);
}
return(usnList.ToArray());
}
private static UsnJrnl Get(string volume, int recordnumber, long usn)
{
// Check for valid Volume name
Helper.getVolumeName(ref volume);
// Set up FileStream to read volume
FileStream streamToRead = Helper.getFileStream(volume);
// Get VolumeBootRecord object for logical addressing
VolumeBootRecord VBR = VolumeBootRecord.Get(streamToRead);
FileRecord record = FileRecord.Get(volume, recordnumber, true);
// Get the $J Data attribute (contains UsnJrnl details
NonResident J = UsnJrnl.GetJStream(record);
// Determine the length of the initial sparse pages
long SparseLength = J.DataRun[0].ClusterLength * VBR.BytesPerCluster;
if (usn > SparseLength)
{
// Subtract length of sparse data from desired usn offset
long usnOffset = usn - SparseLength;
// Iterate through each data run
for (int i = 1; i < J.DataRun.Length; i++)
{
// Determine length of current DataRun
long dataRunLength = J.DataRun[i].ClusterLength * VBR.BytesPerCluster;
// Check if usnOffset resides in current DataRun
if (dataRunLength <= usnOffset)
{
// If not, subtract length of DataRun from usnOffset
usnOffset -= dataRunLength;
}
// If usnOffset resides within DataRun, parse associated UsnJrnl Entry
else
{
// Read DataRun from disk
byte[] fragmentBytes = Helper.readDrive(streamToRead, (J.DataRun[i].StartCluster * VBR.BytesPerCluster), (J.DataRun[i].ClusterLength * VBR.BytesPerCluster));
// Instatiate a byte array that is the size of a single cluster
byte[] clusterBytes = new byte[VBR.BytesPerCluster];
// Iterate through the clusters in the DataRun
for (int j = 0; j < J.DataRun[i].ClusterLength; j++)
{
// If usnOffset is not in current cluster, then subtract cluster size from offset and iterate
if (VBR.BytesPerCluster <= usnOffset)
{
usnOffset -= VBR.BytesPerCluster;
}
// Else if usnOffset is in current cluster
else
{
// Copy current cluster bytes to clusterBytes variable
Array.Copy(fragmentBytes, (int)(j * VBR.BytesPerCluster), clusterBytes, 0, clusterBytes.Length);
// Parse desired UsnJrnl entry from cluster
int offset = (int)usnOffset;
return(new UsnJrnl(clusterBytes, volume, ref offset));
}
}
}
}
return(null);
}
else
{
throw new Exception("UsnJrnl entry has has been overwritten");
}
}