internal static PartitionDataDisposableBatch CreateNew(bool detached = false)
{
PartitionDataDisposableBatch result = new PartitionDataDisposableBatch();
result._detached = detached;
if (!detached)
{
_threadStack.Push(result);
}
return(result);
}
public void Dispose()
{
PartitionDataDisposableBatch candidate = _threadStack.Peek();
if (!object.ReferenceEquals(candidate, this))
{
throw new ApplicationException();
}
_threadStack.Pop();
_disposing = true;
foreach (IPartitionClusterData item in _storage.Keys)
{
item.Dispose();
}
_storage = null;
_inUse = false;
}
public static unsafe int Main(string[] args)
{
InstallExceptionHandlers();
using (PartitionDataDisposableBatch mainBatch = PartitionDataDisposableBatch.CreateNew()) {
DisplayVersion();
IntPtr handle = IntPtr.Zero;
int nativeError;
DiskGeometry geometry = new DiskGeometry();
try {
handle = Natives.CreateFile2(@"\\.\PhysicalDrive0", 0x80000000 /* GENERIC_READ */,
0x02 /* FILE_SHARE_WRITE */, 3 /* OPEN_EXISTING */, IntPtr.Zero);
nativeError = Marshal.GetLastWin32Error();
if ((IntPtr.Zero == handle) || (0 != nativeError))
{
Console.WriteLine("Physical drive opening failed. Error 0x{0:X8}", nativeError);
return(1);
}
geometry.Acquire(handle);
_partitionManager = new PartitionManager(handle, geometry);
_partitionManager.Discover();
InterpretActivePartitions();
if (FeaturesContext.InvariantChecksEnabled)
{
NtfsMFTFileRecord.AssertMFTRecordCachingInvariance(_partitionManager);
}
// TODO : Configure TrackedPartitionIndex from command line arguments.
foreach (GenericPartition partition in _partitionManager.EnumeratePartitions())
{
if (!partition.ShouldCapture)
{
continue;
}
NtfsPartition ntfsPartition = partition as NtfsPartition;
NtfsPartition.Current = ntfsPartition;
// Basic functionnality tests. Don't remove.
//ntfsPartition.CountFiles();
//ntfsPartition.MonitorBadClusters();
//ntfsPartition.ReadBitmap();
// Dump bad clusters.
ntfsPartition.DumpBadClusters();
// Dump UsnJournal
PrototypeUsnJournal();
new NtfsUsnJournalReader(ntfsPartition).Run();
// Dump LogFile
// new NtfsLogFileReader(ntfsPartition).Run();
// Locate file.
// string fileName = @"TEMP\AsciiTes.txt";
string fileName = @"$Extend\$UsnJrnl";
NtfsIndexEntryHeader *fileDescriptor = ntfsPartition.FindFile(fileName);
if (null == fileDescriptor)
{
throw new System.IO.FileNotFoundException(fileName);
}
IPartitionClusterData fileData = null;
NtfsFileRecord * usnJournalFileRecord =
ntfsPartition.GetFileRecord(fileDescriptor->FileReference, ref fileData);
if ((null == usnJournalFileRecord) || (null == fileData))
{
throw new ApplicationException();
}
try {
usnJournalFileRecord->EnumerateRecordAttributes(
delegate(NtfsAttribute * attribute, Stream dataStream) {
attribute->Dump();
return(true);
});
// For debugging purpose.
// fileRecord->BinaryDumpContent();
// TODO : Do something with the file.
}
finally {
if (null != fileData)
{
fileData.Dispose();
}
}
}
return(0);
}
finally {
if (IntPtr.Zero == handle)
{
Natives.CloseHandle(handle);
handle = IntPtr.Zero;
}
}
}
}
