#include <ntifs.h>#include <pseh/pseh2.h>#include <section_attribs.h>#include <pshpack1.h>#include <poppack.h>
Include dependency graph for ntfs.h:
This graph shows which files directly or indirectly include this file:
Go to the source code of this file.
Classes | |
| struct | _BIOS_PARAMETERS_BLOCK |
| struct | _EXTENDED_BIOS_PARAMETERS_BLOCK |
| struct | _BOOT_SECTOR |
| struct | _NTFS_INFO |
| struct | NTFSIDENTIFIER |
| struct | DEVICE_EXTENSION |
| struct | NTFS_CCB |
| struct | NTFS_GLOBAL_DATA |
| struct | NTFS_RECORD_HEADER |
| struct | _FILE_RECORD_HEADER |
| struct | NTFS_ATTR_RECORD |
| struct | NTFS_ATTRIBUTE_LIST_ITEM |
| struct | STANDARD_INFORMATION |
| struct | ATTRIBUTE_LIST |
| struct | FILENAME_ATTRIBUTE |
| struct | INDEX_HEADER_ATTRIBUTE |
| struct | INDEX_ROOT_ATTRIBUTE |
| struct | INDEX_BUFFER |
| struct | INDEX_ENTRY_ATTRIBUTE |
| struct | _B_TREE_KEY |
| struct | _B_TREE_FILENAME_NODE |
| struct | B_TREE |
| struct | VOLINFO_ATTRIBUTE |
| struct | REPARSE_POINT_ATTRIBUTE |
| struct | NTFS_IRP_CONTEXT |
| struct | _NTFS_ATTR_CONTEXT |
| struct | _FCB |
| struct | _FIND_ATTR_CONTXT |
| struct | FIXUP_ARRAY |
Variables | |
| PNTFS_GLOBAL_DATA | NtfsGlobalData |
| DRIVER_DISPATCH | NtfsFsdDispatch |
| FAST_IO_CHECK_IF_POSSIBLE | NtfsFastIoCheckIfPossible |
| FAST_IO_READ | NtfsFastIoRead |
| FAST_IO_WRITE | NtfsFastIoWrite |
| DRIVER_INITIALIZE | DriverEntry |
Macro Definition Documentation
◆ ATTR_RECORD_ALIGNMENT
◆ CACHEPAGESIZE
| #define CACHEPAGESIZE | ( | pDeviceExt | ) |
◆ COLLATION_BINARY
◆ COLLATION_FILE_NAME
◆ COLLATION_NTOFS_SECURITY_HASH
◆ COLLATION_NTOFS_SID
◆ COLLATION_NTOFS_ULONG
◆ COLLATION_NTOFS_ULONGS
◆ COLLATION_UNICODE_STRING
◆ DATA_RUN_ALIGNMENT
◆ DEVICE_NAME
◆ FCB_CACHE_INITIALIZED
◆ FCB_IS_VOLUME
◆ FCB_IS_VOLUME_STREAM
◆ FILE_RECORD_END
◆ FRH_DIRECTORY
◆ FRH_IN_USE
◆ FRH_UNKNOWN1
◆ FRH_UNKNOWN2
◆ INDEX_NODE_LARGE
◆ INDEX_NODE_SMALL
◆ INDEX_ROOT_LARGE
◆ INDEX_ROOT_SMALL
◆ IRPCONTEXT_CANWAIT
◆ IRPCONTEXT_COMPLETE
◆ IRPCONTEXT_QUEUE
◆ MAX_PATH
◆ NRH_FILE_TYPE
◆ NRH_INDX_TYPE
◆ NTFS_FILE_ATTRDEF
◆ NTFS_FILE_BADCLUS
◆ NTFS_FILE_BITMAP
◆ NTFS_FILE_BOOT
◆ NTFS_FILE_EXTEND
◆ NTFS_FILE_FIRST_USER_FILE
◆ NTFS_FILE_LOGFILE
◆ NTFS_FILE_MFT
◆ NTFS_FILE_MFTMIRR
◆ NTFS_FILE_NAME_DOS
◆ NTFS_FILE_NAME_POSIX
◆ NTFS_FILE_NAME_WIN32
◆ NTFS_FILE_NAME_WIN32_AND_DOS
◆ NTFS_FILE_QUOTA
◆ NTFS_FILE_ROOT
◆ NTFS_FILE_TYPE_ARCHIVE
◆ NTFS_FILE_TYPE_COMPRESSED
◆ NTFS_FILE_TYPE_DIRECTORY
◆ NTFS_FILE_TYPE_ENCRYPTED
◆ NTFS_FILE_TYPE_HIDDEN
◆ NTFS_FILE_TYPE_OFFLINE
◆ NTFS_FILE_TYPE_READ_ONLY
◆ NTFS_FILE_TYPE_REPARSE
◆ NTFS_FILE_TYPE_SPARSE
◆ NTFS_FILE_TYPE_SYSTEM
◆ NTFS_FILE_TYPE_TEMPORARY
◆ NTFS_FILE_UPCASE
◆ NTFS_FILE_VOLUME
◆ NTFS_INDEX_ENTRY_END
◆ NTFS_INDEX_ENTRY_NODE
◆ NTFS_MFT_MASK
◆ NTFS_TYPE_CCB
◆ NTFS_TYPE_FCB
◆ NTFS_TYPE_GLOBAL_DATA
◆ NTFS_TYPE_IRP_CONTEXT
◆ NTFS_TYPE_VCB
◆ RA_INDEXED
◆ ROUND_DOWN
◆ ROUND_UP
◆ TAG_ATT_CTXT
◆ TAG_CCB
◆ TAG_FCB
◆ TAG_FILE_REC
◆ TAG_IRP_CTXT
◆ TAG_NTFS
◆ VALUE_OFFSET_ALIGNMENT
◆ VCB_VOLUME_LOCKED
Typedef Documentation
◆ B_TREE_FILENAME_NODE
◆ B_TREE_KEY
| typedef struct _B_TREE_KEY B_TREE_KEY |
◆ BIOS_PARAMETERS_BLOCK
◆ BOOT_SECTOR
| typedef struct _BOOT_SECTOR BOOT_SECTOR |
◆ EXTENDED_BIOS_PARAMETERS_BLOCK
◆ FILE_RECORD_HEADER
◆ FIND_ATTR_CONTXT
| typedef struct _FIND_ATTR_CONTXT FIND_ATTR_CONTXT |
◆ NTFS_ATTR_CONTEXT
◆ NTFS_FCB
◆ NTFS_INFO
| typedef struct _NTFS_INFO NTFS_INFO |
◆ NTFS_VCB
| typedef struct DEVICE_EXTENSION NTFS_VCB |
◆ PATTRIBUTE_LIST
| typedef struct ATTRIBUTE_LIST * PATTRIBUTE_LIST |
◆ PATTRIBUTE_TYPE
| typedef enum ATTRIBUTE_TYPE * PATTRIBUTE_TYPE |
◆ PB_TREE
◆ PB_TREE_FILENAME_NODE
| typedef struct _B_TREE_FILENAME_NODE * PB_TREE_FILENAME_NODE |
◆ PB_TREE_KEY
| typedef struct _B_TREE_KEY * PB_TREE_KEY |
◆ PBIOS_PARAMETERS_BLOCK
◆ PBOOT_SECTOR
| typedef struct _BOOT_SECTOR * PBOOT_SECTOR |
◆ PDEVICE_EXTENSION
| typedef struct DEVICE_EXTENSION * PDEVICE_EXTENSION |
◆ PEXTENDED_BIOS_PARAMETERS_BLOCK
◆ PFILE_RECORD_HEADER
| typedef struct _FILE_RECORD_HEADER * PFILE_RECORD_HEADER |
◆ PFILENAME_ATTRIBUTE
| typedef struct FILENAME_ATTRIBUTE * PFILENAME_ATTRIBUTE |
◆ PFIND_ATTR_CONTXT
| typedef struct _FIND_ATTR_CONTXT * PFIND_ATTR_CONTXT |
◆ PFIXUP_ARRAY
| typedef struct FIXUP_ARRAY * PFIXUP_ARRAY |
◆ PINDEX_BUFFER
| typedef struct INDEX_BUFFER * PINDEX_BUFFER |
◆ PINDEX_ENTRY_ATTRIBUTE
◆ PINDEX_HEADER_ATTRIBUTE
◆ PINDEX_ROOT_ATTRIBUTE
| typedef struct INDEX_ROOT_ATTRIBUTE * PINDEX_ROOT_ATTRIBUTE |
◆ PNTFS_ATTR_CONTEXT
| typedef struct _NTFS_ATTR_CONTEXT * PNTFS_ATTR_CONTEXT |
◆ PNTFS_ATTR_RECORD
| typedef struct NTFS_ATTR_RECORD * PNTFS_ATTR_RECORD |
◆ PNTFS_ATTRIBUTE_LIST_ITEM
◆ PNTFS_CCB
◆ PNTFS_FCB
◆ PNTFS_GLOBAL_DATA
| typedef struct NTFS_GLOBAL_DATA * PNTFS_GLOBAL_DATA |
◆ PNTFS_INFO
| typedef struct _NTFS_INFO * PNTFS_INFO |
◆ PNTFS_IRP_CONTEXT
| typedef struct NTFS_IRP_CONTEXT * PNTFS_IRP_CONTEXT |
◆ PNTFS_RECORD_HEADER
| typedef struct NTFS_RECORD_HEADER * PNTFS_RECORD_HEADER |
◆ PNTFS_VCB
| typedef struct DEVICE_EXTENSION * PNTFS_VCB |
◆ PNTFSIDENTIFIER
| typedef struct NTFSIDENTIFIER * PNTFSIDENTIFIER |
◆ PREPARSE_POINT_ATTRIBUTE
◆ PSTANDARD_INFORMATION
| typedef struct STANDARD_INFORMATION * PSTANDARD_INFORMATION |
◆ PVOLINFO_ATTRIBUTE
| typedef struct VOLINFO_ATTRIBUTE * PVOLINFO_ATTRIBUTE |
Enumeration Type Documentation
◆ ATTRIBUTE_TYPE
Definition at line 159 of file ntfs.h.
160{
161 AttributeStandardInformation = 0x10,
162 AttributeAttributeList = 0x20,
163 AttributeFileName = 0x30,
164 AttributeObjectId = 0x40,
165 AttributeSecurityDescriptor = 0x50,
166 AttributeVolumeName = 0x60,
167 AttributeVolumeInformation = 0x70,
168 AttributeData = 0x80,
169 AttributeIndexRoot = 0x90,
170 AttributeIndexAllocation = 0xA0,
171 AttributeBitmap = 0xB0,
172 AttributeReparsePoint = 0xC0,
173 AttributeEAInformation = 0xD0,
174 AttributeEA = 0xE0,
175 AttributePropertySet = 0xF0,
176 AttributeLoggedUtilityStream = 0x100,
177 AttributeEnd = 0xFFFFFFFF
enum ATTRIBUTE_TYPE * PATTRIBUTE_TYPE
Function Documentation
◆ AddBitmap()
| NTSTATUS AddBitmap | ( | PNTFS_VCB | Vcb, |
| PFILE_RECORD_HEADER | FileRecord, | ||
| PNTFS_ATTR_RECORD | AttributeAddress, | ||
| PCWSTR | Name, | ||
| USHORT | NameLength | ||
| ) |
Definition at line 72 of file attrib.c.
77{
78 ULONG AttributeLength;
79 // Calculate the header length
82 ULONG NameOffset;
83 ULONG ValueOffset;
84 // We'll start out with 8 bytes of bitmap data
86 ULONG BytesAvailable;
87
89 {
92 }
93
94 NameOffset = ResidentHeaderLength;
95
96 // Calculate ValueOffset, which will be aligned to a 4-byte boundary
98
99 // Calculate length of attribute
100 AttributeLength = ValueOffset + ValueLength;
102
103 // Make sure the file record is large enough for the new attribute
105 if (BytesAvailable < AttributeLength)
106 {
109 }
110
111 // Set Attribute fields
112 RtlZeroMemory(AttributeAddress, AttributeLength);
113
115 AttributeAddress->Length = AttributeLength;
116 AttributeAddress->NameLength = NameLength;
117 AttributeAddress->NameOffset = NameOffset;
119
121 AttributeAddress->Resident.ValueOffset = ValueOffset;
122
123 // Set the name
124 RtlCopyMemory((PCHAR)((ULONG_PTR)AttributeAddress + NameOffset), Name, NameLength * sizeof(WCHAR));
125
126 // move the attribute-end and file-record-end markers to the end of the file record
128 SetFileRecordEnd(FileRecord, AttributeAddress, FileRecordEnd);
129
131}
struct NTFS_ATTR_RECORD * PNTFS_ATTR_RECORD
VOID SetFileRecordEnd(PFILE_RECORD_HEADER FileRecord, PNTFS_ATTR_RECORD AttrEnd, ULONG EndMarker)
Definition: mft.c:706
Definition: ntfs.h:125
struct NTFS_ATTR_RECORD::@175::@177 Resident
Definition: apinames.c:49
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _In_ ULONG ValueLength
Definition: wdfregistry.h:275
Referenced by DECLARE_INTERFACE_(), CFontsDialog::InitToolbar(), and UpdateIndexAllocation().
◆ AddData()
| NTSTATUS AddData | ( | PFILE_RECORD_HEADER | FileRecord, |
| PNTFS_ATTR_RECORD | AttributeAddress | ||
| ) |
Definition at line 160 of file attrib.c.
162{
165
167 {
170 }
171
173 AttributeAddress->Length = ResidentHeaderLength;
175 AttributeAddress->Resident.ValueLength = 0;
176 AttributeAddress->Resident.ValueOffset = ResidentHeaderLength;
177
178 // for unnamed $DATA attributes, NameOffset equals header length
179 AttributeAddress->NameOffset = ResidentHeaderLength;
181
182 // move the attribute-end and file-record-end markers to the end of the file record
184 SetFileRecordEnd(FileRecord, AttributeAddress, FileRecordEnd);
185
187}
Referenced by DECLARE_INTERFACE_(), and NtfsCreateFileRecord().
◆ AddFileName()
| NTSTATUS AddFileName | ( | PFILE_RECORD_HEADER | FileRecord, |
| PNTFS_ATTR_RECORD | AttributeAddress, | ||
| PDEVICE_EXTENSION | DeviceExt, | ||
| PFILE_OBJECT | FileObject, | ||
| BOOLEAN | CaseSensitive, | ||
| PULONGLONG | ParentMftIndex | ||
| ) |
Definition at line 230 of file attrib.c.
236{
238 PFILENAME_ATTRIBUTE FileNameAttribute;
239 LARGE_INTEGER SystemTime;
242 UNICODE_STRING Current, Remaining, FilenameNoPath;
244 ULONG FirstEntry;
245
247 {
250 }
251
254
256
257 // set timestamps
258 KeQuerySystemTime(&SystemTime);
263
264 // Is this a directory?
267 else
269
270 // we need to extract the filename from the path
272
274
277
279 {
281
283 {
286 }
287
288 FirstEntry = 0;
290 CurrentMFTIndex,
291 &Current,
292 &FirstEntry,
293 FALSE,
294 CaseSensitive,
295 &CurrentMFTIndex);
297 break;
298
300 {
302 {
305 }
306 break;
307 }
308
309 FsRtlDissectName(Remaining, &Current, &Remaining);
310 }
311
313
314 // set reference to parent directory
315 FileNameAttribute->DirectoryFileReferenceNumber = CurrentMFTIndex;
316 *ParentMftIndex = CurrentMFTIndex;
317
319
320 // The highest 2 bytes should be the sequence number, unless the parent happens to be root
323 else
325
326 DPRINT1("FileNameAttribute->DirectoryFileReferenceNumber: 0x%016I64x\n", FileNameAttribute->DirectoryFileReferenceNumber);
327
330
331 // For now, we're emulating the way Windows behaves when 8.3 name generation is disabled
332 // TODO: add DOS Filename as needed
335 else
337
338 FileRecord->LinkCount++;
339
340 AttributeAddress->Length = ResidentHeaderLength +
343
344 AttributeAddress->Resident.ValueLength = FIELD_OFFSET(FILENAME_ATTRIBUTE, Name) + FilenameNoPath.Length;
345 AttributeAddress->Resident.ValueOffset = ResidentHeaderLength;
347
348 // move the attribute-end and file-record-end markers to the end of the file record
350 SetFileRecordEnd(FileRecord, AttributeAddress, FileRecordEnd);
351
353}
static BOOLEAN NtfsFindMftRecord(PNTFS_VOLUME_INFO Volume, ULONGLONG MFTIndex, PCHAR FileName, ULONGLONG *OutMFTIndex)
Definition: ntfs.c:545
struct FILENAME_ATTRIBUTE * PFILENAME_ATTRIBUTE
BOOLEAN NTAPI RtlIsNameLegalDOS8Dot3(_In_ PUNICODE_STRING Name, _Inout_opt_ POEM_STRING OemName, _Inout_opt_ PBOOLEAN NameContainsSpaces)
VOID NTAPI FsRtlDissectName(IN UNICODE_STRING Name, OUT PUNICODE_STRING FirstPart, OUT PUNICODE_STRING RemainingPart)
Definition: name.c:398
Definition: ntfs.h:359
ULONGLONG DirectoryFileReferenceNumber
Definition: ntfs.h:360
Definition: env_spec_w32.h:368
Definition: typedefs.h:103
Referenced by NtfsCreateDirectory(), and NtfsCreateFileRecord().
◆ AddFixupArray()
| NTSTATUS AddFixupArray | ( | PDEVICE_EXTENSION | Vcb, |
| PNTFS_RECORD_HEADER | Record | ||
| ) |
Definition at line 2603 of file mft.c.
2605{
2606 USHORT *pShortToFixUp;
2610
2612
2613 DPRINT("AddFixupArray(%p, %p)\n fixupArray->USN: %u, ArrayEntryCount: %u\n", Vcb, Record, fixupArray->USN, ArrayEntryCount);
2614
2615 fixupArray->USN++;
2616
2618 {
2620
2623 *pShortToFixUp = fixupArray->USN;
2625 }
2626
2628}
struct FIXUP_ARRAY * PFIXUP_ARRAY
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
Definition: ntfs.h:560
Referenced by CreateIndexBufferFromBTreeNode(), UpdateFileRecord(), and UpdateIndexEntryFileNameSize().
◆ AddIndexAllocation()
| NTSTATUS AddIndexAllocation | ( | PNTFS_VCB | Vcb, |
| PFILE_RECORD_HEADER | FileRecord, | ||
| PNTFS_ATTR_RECORD | AttributeAddress, | ||
| PCWSTR | Name, | ||
| USHORT | NameLength | ||
| ) |
Definition at line 388 of file attrib.c.
393{
394 ULONG RecordLength;
395 ULONG FileRecordEnd;
396 ULONG NameOffset;
397 ULONG DataRunOffset;
398 ULONG BytesAvailable;
399
401 {
404 }
405
406 // Calculate the name offset
408
409 // Calculate the offset to the first data run
411 // The data run offset must be aligned to a 4-byte boundary
413
414 // Calculate the length of the new attribute; the empty data run will consist of a single byte
415 RecordLength = DataRunOffset + 1;
416
417 // The size of the attribute itself must be aligned to an 8 - byte boundary
419
420 // Back up the last 4-bytes of the file record (even though this value doesn't matter)
421 FileRecordEnd = AttributeAddress->Length;
422
423 // Make sure the file record can contain the new attribute
425 if (BytesAvailable < RecordLength)
426 {
429 }
430
431 // Set fields of attribute header
432 RtlZeroMemory(AttributeAddress, RecordLength);
433
435 AttributeAddress->Length = RecordLength;
437 AttributeAddress->NameLength = NameLength;
438 AttributeAddress->NameOffset = NameOffset;
440
441 AttributeAddress->NonResident.MappingPairsOffset = DataRunOffset;
443
444 // Set the name
445 RtlCopyMemory((PCHAR)((ULONG_PTR)AttributeAddress + NameOffset), Name, NameLength * sizeof(WCHAR));
446
447 // move the attribute-end and file-record-end markers to the end of the file record
449 SetFileRecordEnd(FileRecord, AttributeAddress, FileRecordEnd);
450
452}
struct NTFS_ATTR_RECORD::@175::@178 NonResident
Referenced by UpdateIndexAllocation().
◆ AddIndexRoot()
| NTSTATUS AddIndexRoot | ( | PNTFS_VCB | Vcb, |
| PFILE_RECORD_HEADER | FileRecord, | ||
| PNTFS_ATTR_RECORD | AttributeAddress, | ||
| PINDEX_ROOT_ATTRIBUTE | NewIndexRoot, | ||
| ULONG | RootLength, | ||
| PCWSTR | Name, | ||
| USHORT | NameLength | ||
| ) |
Definition at line 495 of file attrib.c.
502{
503 ULONG AttributeLength;
504 // Calculate the header length
506 // Back up the file record's final ULONG (even though it doesn't matter)
508 ULONG NameOffset;
509 ULONG ValueOffset;
510 ULONG BytesAvailable;
511
513 {
516 }
517
518 NameOffset = ResidentHeaderLength;
519
520 // Calculate ValueOffset, which will be aligned to a 4-byte boundary
522
523 // Calculate length of attribute
524 AttributeLength = ValueOffset + RootLength;
526
527 // Make sure the file record is large enough for the new attribute
529 if (BytesAvailable < AttributeLength)
530 {
533 }
534
535 // Set Attribute fields
536 RtlZeroMemory(AttributeAddress, AttributeLength);
537
539 AttributeAddress->Length = AttributeLength;
540 AttributeAddress->NameLength = NameLength;
541 AttributeAddress->NameOffset = NameOffset;
543
544 AttributeAddress->Resident.ValueLength = RootLength;
545 AttributeAddress->Resident.ValueOffset = ValueOffset;
546
547 // Set the name
548 RtlCopyMemory((PCHAR)((ULONG_PTR)AttributeAddress + NameOffset), Name, NameLength * sizeof(WCHAR));
549
550 // Copy the index root attribute
552
553 // move the attribute-end and file-record-end markers to the end of the file record
555 SetFileRecordEnd(FileRecord, AttributeAddress, FileRecordEnd);
556
558}
Referenced by NtfsCreateDirectory().
◆ AddNewMftEntry()
| NTSTATUS AddNewMftEntry | ( | PFILE_RECORD_HEADER | FileRecord, |
| PDEVICE_EXTENSION | DeviceExt, | ||
| PULONGLONG | DestinationIndex, | ||
| BOOLEAN | CanWait | ||
| ) |
Definition at line 2022 of file mft.c.
2026{
2028 ULONGLONG MftIndex;
2030 ULONGLONG BitmapDataSize;
2031 ULONGLONG AttrBytesRead;
2034 ULONG LengthWritten;
2035 PNTFS_ATTR_CONTEXT BitmapContext;
2036 LARGE_INTEGER BitmapBits;
2037 UCHAR SystemReservedBits;
2038
2039 DPRINT1("AddNewMftEntry(%p, %p, %p, %s)\n", FileRecord, DeviceExt, DestinationIndex, CanWait ? "TRUE" : "FALSE");
2040
2041 // First, we have to read the mft's $Bitmap attribute
2042
2043 // Find the attribute
2044 Status = FindAttribute(DeviceExt, DeviceExt->MasterFileTable, AttributeBitmap, L"", 0, &BitmapContext, NULL);
2046 {
2049 }
2050
2051 // Get size of bitmap
2052 BitmapDataSize = AttributeDataLength(BitmapContext->pRecord);
2053
2054 // RtlInitializeBitmap wants a ULONG-aligned pointer, and wants the memory passed to it to be a ULONG-multiple
2055 // Allocate a buffer for the $Bitmap attribute plus enough to ensure we can get a ULONG-aligned pointer
2058 {
2059 ReleaseAttributeContext(BitmapContext);
2061 }
2063
2064 // Get a ULONG-aligned pointer for the bitmap itself
2066
2067 // read $Bitmap attribute
2069
2070 if (AttrBytesRead != BitmapDataSize)
2071 {
2074 ReleaseAttributeContext(BitmapContext);
2076 }
2077
2078 // We need to backup the bits for records 0x10 - 0x17 (3rd byte of bitmap) and mark these records
2079 // as in-use so we don't assign files to those indices. They're reserved for the system (e.g. ChkDsk).
2080 SystemReservedBits = BitmapData[2];
2081 BitmapData[2] = 0xff;
2082
2083 // Calculate bit count
2085 DeviceExt->NtfsInfo.BytesPerFileRecord;
2087 {
2088 DPRINT1("\tFIXME: bitmap sizes beyond 32bits are not yet supported! (Your NTFS volume is too large)\n");
2091 ReleaseAttributeContext(BitmapContext);
2093 }
2094
2095 // convert buffer into bitmap
2097
2098 // set next available bit, preferrably after 23rd bit
2101 {
2103
2105 ReleaseAttributeContext(BitmapContext);
2106
2107 // Couldn't find a free record in the MFT, add some blank records and try again
2110 {
2113 }
2114
2116 }
2117
2119
2120 // update file record with index
2121 FileRecord->MFTRecordNumber = MftIndex;
2122
2123 // [BitmapData should have been updated via RtlFindClearBitsAndSet()]
2124
2125 // Restore the system reserved bits
2126 BitmapData[2] = SystemReservedBits;
2127
2128 // write the bitmap back to the MFT's $Bitmap attribute
2129 Status = WriteAttribute(DeviceExt, BitmapContext, 0, BitmapData, BitmapDataSize, &LengthWritten, FileRecord);
2131 {
2134 ReleaseAttributeContext(BitmapContext);
2136 }
2137
2138 // update the file record (write it to disk)
2140
2142 {
2145 ReleaseAttributeContext(BitmapContext);
2147 }
2148
2149 *DestinationIndex = MftIndex;
2150
2152 ReleaseAttributeContext(BitmapContext);
2153
2155}
Definition: gdiplusheaders.h:379
NTSYSAPI void WINAPI RtlInitializeBitMap(PRTL_BITMAP, PULONG, ULONG)
NTSYSAPI ULONG WINAPI RtlFindClearBitsAndSet(PRTL_BITMAP, ULONG, ULONG)
NTSTATUS UpdateFileRecord(PDEVICE_EXTENSION Vcb, ULONGLONG MftIndex, PFILE_RECORD_HEADER FileRecord)
Definition: mft.c:1931
VOID ReleaseAttributeContext(PNTFS_ATTR_CONTEXT Context)
Definition: mft.c:104
NTSTATUS FindAttribute(PDEVICE_EXTENSION Vcb, PFILE_RECORD_HEADER MftRecord, ULONG Type, PCWSTR Name, ULONG NameLength, PNTFS_ATTR_CONTEXT *AttrCtx, PULONG Offset)
Definition: mft.c:131
ULONG ReadAttribute(PDEVICE_EXTENSION Vcb, PNTFS_ATTR_CONTEXT Context, ULONGLONG Offset, PCHAR Buffer, ULONG Length)
Definition: mft.c:1065
NTSTATUS WriteAttribute(PDEVICE_EXTENSION Vcb, PNTFS_ATTR_CONTEXT Context, ULONGLONG Offset, const PUCHAR Buffer, ULONG Length, PULONG RealLengthWritten, PFILE_RECORD_HEADER FileRecord)
Definition: mft.c:1315
NTSTATUS IncreaseMftSize(PDEVICE_EXTENSION Vcb, BOOLEAN CanWait)
Definition: mft.c:293
NTSTATUS AddNewMftEntry(PFILE_RECORD_HEADER FileRecord, PDEVICE_EXTENSION DeviceExt, PULONGLONG DestinationIndex, BOOLEAN CanWait)
Definition: mft.c:2022
Definition: gdiplusimaging.h:176
Definition: ntfs.h:231
Definition: typedefs.h:89
Referenced by AddNewMftEntry(), NtfsCreateDirectory(), and NtfsCreateFileRecord().
◆ AddRun()
| NTSTATUS AddRun | ( | PNTFS_VCB | Vcb, |
| PNTFS_ATTR_CONTEXT | AttrContext, | ||
| ULONG | AttrOffset, | ||
| PFILE_RECORD_HEADER | FileRecord, | ||
| ULONGLONG | NextAssignedCluster, | ||
| ULONG | RunLength | ||
| ) |
Definition at line 599 of file attrib.c.
605{
607 int DataRunMaxLength;
608 PNTFS_ATTR_RECORD DestinationAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)FileRecord + AttrOffset);
609 ULONG NextAttributeOffset = AttrOffset + AttrContext->pRecord->Length;
610 ULONGLONG NextVBN = 0;
611
612 PUCHAR RunBuffer;
613 ULONG RunBufferSize;
614
615 if (!AttrContext->pRecord->IsNonResident)
617
618 if (AttrContext->pRecord->NonResident.AllocatedSize != 0)
619 NextVBN = AttrContext->pRecord->NonResident.HighestVCN + 1;
620
621 // Add newly-assigned clusters to mcb
622 _SEH2_TRY
623 {
625 NextVBN,
626 NextAssignedCluster,
627 RunLength))
628 {
630 }
631 }
633 {
636 }
637 _SEH2_END;
638
640 if (!RunBuffer)
641 {
644 }
645
646 // Convert the map control block back to encoded data runs
647 ConvertLargeMCBToDataRuns(&AttrContext->DataRunsMCB, RunBuffer, Vcb->NtfsInfo.BytesPerCluster, &RunBufferSize);
648
649 // Get the amount of free space between the start of the of the first data run and the attribute end
650 DataRunMaxLength = AttrContext->pRecord->Length - AttrContext->pRecord->NonResident.MappingPairsOffset;
651
652 // Do we need to extend the attribute (or convert to attribute list)?
653 if (DataRunMaxLength < RunBufferSize)
654 {
655 PNTFS_ATTR_RECORD NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)FileRecord + NextAttributeOffset);
656 PNTFS_ATTR_RECORD NewRecord;
657
658 // Add free space at the end of the file record to DataRunMaxLength
660
661 // Can we resize the attribute?
662 if (DataRunMaxLength < RunBufferSize)
663 {
664 DPRINT1("FIXME: Need to create attribute list! Max Data Run Length available: %d, RunBufferSize: %d\n", DataRunMaxLength, RunBufferSize);
667 }
668
669 // Are there more attributes after the one we're resizing?
671 {
672 PNTFS_ATTR_RECORD FinalAttribute;
673
674 // Calculate where to move the trailing attributes
675 ULONG_PTR MoveTo = (ULONG_PTR)DestinationAttribute + AttrContext->pRecord->NonResident.MappingPairsOffset + RunBufferSize;
677
679
680 // Move the trailing attributes; FinalAttribute will point to the end marker
682
683 // set the file record end
685 }
686
687 // calculate position of end markers
688 NextAttributeOffset = AttrOffset + AttrContext->pRecord->NonResident.MappingPairsOffset + RunBufferSize;
690
691 // Update the length of the destination attribute
692 DestinationAttribute->Length = NextAttributeOffset - AttrOffset;
693
694 // Create a new copy of the attribute record
696 RtlCopyMemory(NewRecord, AttrContext->pRecord, AttrContext->pRecord->Length);
698
699 // Free the old copy of the attribute record, which won't be large enough
701
702 // Set the attribute context's record to the new copy
703 AttrContext->pRecord = NewRecord;
704
705 // if NextAttribute is the AttributeEnd marker
707 {
708 // End the file record
711 }
712 }
713
714 // Update HighestVCN
715 DestinationAttribute->NonResident.HighestVCN =
716 AttrContext->pRecord->NonResident.HighestVCN = max(NextVBN - 1 + RunLength,
717 AttrContext->pRecord->NonResident.HighestVCN);
718
719 // Write data runs to destination attribute
720 RtlCopyMemory((PVOID)((ULONG_PTR)DestinationAttribute + DestinationAttribute->NonResident.MappingPairsOffset),
721 RunBuffer,
722 RunBufferSize);
723
724 // Update the attribute record in the attribute context
725 RtlCopyMemory((PVOID)((ULONG_PTR)AttrContext->pRecord + AttrContext->pRecord->NonResident.MappingPairsOffset),
726 RunBuffer,
727 RunBufferSize);
728
729 // Update the file record
731
733
734 NtfsDumpDataRuns((PUCHAR)((ULONG_PTR)DestinationAttribute + DestinationAttribute->NonResident.MappingPairsOffset), 0);
735
737}
VOID NtfsDumpDataRuns(PVOID StartOfRun, ULONGLONG CurrentLCN)
Definition: attrib.c:1755
NTSTATUS ConvertLargeMCBToDataRuns(PLARGE_MCB DataRunsMCB, PUCHAR RunBuffer, ULONG MaxBufferSize, PULONG UsedBufferSize)
Definition: attrib.c:896
Definition: nsiface.idl:2307
BOOLEAN NTAPI FsRtlAddLargeMcbEntry(IN PLARGE_MCB Mcb, IN LONGLONG Vbn, IN LONGLONG Lbn, IN LONGLONG SectorCount)
Definition: largemcb.c:288
PNTFS_ATTR_RECORD MoveAttributes(PDEVICE_EXTENSION DeviceExt, PNTFS_ATTR_RECORD FirstAttributeToMove, ULONG FirstAttributeOffset, ULONG_PTR MoveTo)
Definition: mft.c:512
Referenced by SetNonResidentAttributeDataLength().
◆ AddStandardInformation()
| NTSTATUS AddStandardInformation | ( | PFILE_RECORD_HEADER | FileRecord, |
| PNTFS_ATTR_RECORD | AttributeAddress | ||
| ) |
Definition at line 766 of file attrib.c.
768{
770 PSTANDARD_INFORMATION StandardInfo = (PSTANDARD_INFORMATION)((LONG_PTR)AttributeAddress + ResidentHeaderLength);
771 LARGE_INTEGER SystemTime;
773
775 {
778 }
779
784 AttributeAddress->Resident.ValueOffset = ResidentHeaderLength;
786
787 // set dates and times
788 KeQuerySystemTime(&SystemTime);
794
795 // move the attribute-end and file-record-end markers to the end of the file record
797 SetFileRecordEnd(FileRecord, AttributeAddress, FileRecordEnd);
798
800}
struct STANDARD_INFORMATION * PSTANDARD_INFORMATION
Definition: ntfs.h:329
Referenced by NtfsCreateDirectory(), and NtfsCreateFileRecord().
◆ AttributeAllocatedLength()
| ULONGLONG AttributeAllocatedLength | ( | PNTFS_ATTR_RECORD | AttrRecord | ) |
Definition at line 249 of file mft.c.
250{
253 else
255}
Referenced by NtfsGetFileSize(), NtfsGetStreamInformation(), NtfsReadFile(), NtfsSetEndOfFile(), and NtfsWriteFile().
◆ AttributeDataLength()
| ULONGLONG AttributeDataLength | ( | PNTFS_ATTR_RECORD | AttrRecord | ) |
Definition at line 259 of file mft.c.
260{
263 else
265}
Referenced by AddNewMftEntry(), AllocateIndexNode(), BrowseIndexEntries(), FreeClusters(), IncreaseMftSize(), InternalReadNonResidentAttributes(), NtfsAddFilenameToDirectory(), NtfsAllocateClusters(), NtfsGetFileSize(), NtfsGetFreeClusters(), NtfsGetStreamInformation(), NtfsGetVolumeData(), NtfsReadFCBAttribute(), NtfsReadFile(), NtfsSetEndOfFile(), NtfsWriteFile(), PrintAllVCNs(), SetAttributeDataLength(), UpdateFileNameRecord(), UpdateIndexEntryFileNameSize(), and UpdateMftMirror().
◆ CompareFileName()
| BOOLEAN CompareFileName | ( | PUNICODE_STRING | FileName, |
| PINDEX_ENTRY_ATTRIBUTE | IndexEntry, | ||
| BOOLEAN | DirSearch, | ||
| BOOLEAN | CaseSensitive | ||
| ) |
Definition at line 2650 of file mft.c.
2654{
2656 UNICODE_STRING EntryName;
2657
2659 EntryName.Length =
2661
2662 if (DirSearch)
2663 {
2664 UNICODE_STRING IntFileName;
2665 if (!CaseSensitive)
2666 {
2669 }
2670 else
2671 {
2672 IntFileName = *FileName;
2673 }
2674
2676
2678 {
2679 RtlFreeUnicodeString(&IntFileName);
2680 }
2681
2682 return Ret;
2683 }
2684 else
2685 {
2687 }
2688}
ULONG RtlCompareUnicodeString(PUNICODE_STRING s1, PUNICODE_STRING s2, BOOLEAN UpCase)
Definition: string_lib.cpp:31
NTSTATUS RtlUpcaseUnicodeString(PUNICODE_STRING dst, PUNICODE_STRING src, BOOLEAN Alloc)
Definition: string_lib.cpp:46
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
BOOLEAN NTAPI FsRtlIsNameInExpression(IN PUNICODE_STRING Expression, IN PUNICODE_STRING Name, IN BOOLEAN IgnoreCase, IN PWCHAR UpcaseTable OPTIONAL)
Definition: name.c:514
Definition: filecomp.c:348
Referenced by BrowseIndexEntries(), BrowseSubNodeIndexEntries(), and UpdateIndexEntryFileNameSize().
◆ CompareTreeKeys()
| LONG CompareTreeKeys | ( | PB_TREE_KEY | Key1, |
| PB_TREE_KEY | Key2, | ||
| BOOLEAN | CaseSensitive | ||
| ) |
Definition at line 417 of file btree.c.
418{
419 UNICODE_STRING Key1Name, Key2Name;
420 LONG Comparison;
421
422 // Key1 must not be the final key (AKA the dummy key)
424
425 // If Key2 is the "dummy key", key 1 will always come first
427 return -1;
428
432
436
437 // Are the two keys the same length?
440
441 // Is Key1 shorter?
443 {
444 // Truncate KeyName2 to be the same length as KeyName1
446
447 // Compare the names of the same length
448 Comparison = RtlCompareUnicodeString(&Key1Name, &Key2Name, !CaseSensitive);
449
450 // If the truncated names are the same length, the shorter one comes first
451 if (Comparison == 0)
452 return -1;
453 }
454 else
455 {
456 // Key2 is shorter
457 // Truncate KeyName1 to be the same length as KeyName2
459
460 // Compare the names of the same length
461 Comparison = RtlCompareUnicodeString(&Key1Name, &Key2Name, !CaseSensitive);
462
463 // If the truncated names are the same length, the shorter one comes first
464 if (Comparison == 0)
465 return 1;
466 }
467
468 return Comparison;
469}
Referenced by NtfsInsertKey().
◆ ConvertDataRunsToLargeMCB()
| NTSTATUS ConvertDataRunsToLargeMCB | ( | PUCHAR | DataRun, |
| PLARGE_MCB | DataRunsMCB, | ||
| PULONGLONG | pNextVBN | ||
| ) |
Definition at line 825 of file attrib.c.
828{
829 LONGLONG DataRunOffset;
830 ULONGLONG DataRunLength;
831 LONGLONG DataRunStartLCN;
832 ULONGLONG LastLCN = 0;
833
834 // Initialize the MCB, potentially catch an exception
835 _SEH2_TRY{
839 } _SEH2_END;
840
841 while (*DataRun != 0)
842 {
843 DataRun = DecodeRun(DataRun, &DataRunOffset, &DataRunLength);
844
845 if (DataRunOffset != -1)
846 {
847 // Normal data run.
848 DataRunStartLCN = LastLCN + DataRunOffset;
849 LastLCN = DataRunStartLCN;
850
851 _SEH2_TRY{
853 *pNextVBN,
854 DataRunStartLCN,
855 DataRunLength))
856 {
858 }
860 FsRtlUninitializeLargeMcb(DataRunsMCB);
862 } _SEH2_END;
863
864 }
865
866 *pNextVBN += DataRunLength;
867 }
868
870}
PUCHAR DecodeRun(PUCHAR DataRun, LONGLONG *DataRunOffset, ULONGLONG *DataRunLength)
Definition: attrib.c:966
VOID NTAPI FsRtlUninitializeLargeMcb(IN PLARGE_MCB Mcb)
Definition: largemcb.c:1096
VOID NTAPI FsRtlInitializeLargeMcb(IN PLARGE_MCB Mcb, IN POOL_TYPE PoolType)
Definition: largemcb.c:451
Referenced by PrepareAttributeContext().
◆ ConvertLargeMCBToDataRuns()
| NTSTATUS ConvertLargeMCBToDataRuns | ( | PLARGE_MCB | DataRunsMCB, |
| PUCHAR | RunBuffer, | ||
| ULONG | MaxBufferSize, | ||
| PULONG | UsedBufferSize | ||
| ) |
Definition at line 896 of file attrib.c.
900{
902 ULONG RunBufferOffset = 0;
903 LONGLONG DataRunOffset;
904 ULONGLONG LastLCN = 0;
907
908
910
911 // convert each mcb entry to a data run
913 {
914 UCHAR DataRunOffsetSize = 0;
915 UCHAR DataRunLengthSize = 0;
916 UCHAR ControlByte = 0;
917
918 // [vbn, lbn, count]
920
921 // TODO: check for holes and convert to sparse runs
922 DataRunOffset = Lbn - LastLCN;
923 LastLCN = Lbn;
924
925 // now we need to determine how to represent DataRunOffset with the minimum number of bytes
929
930 // determine how to represent DataRunLengthSize with the minimum number of bytes
934
935 // ensure the next data run + end marker would be <= Max buffer size
936 if (RunBufferOffset + 2 + DataRunLengthSize + DataRunOffsetSize > MaxBufferSize)
937 {
940 break;
941 }
942
943 // pack and copy the control byte
944 ControlByte = (DataRunOffsetSize << 4) + DataRunLengthSize;
945 RunBuffer[RunBufferOffset++] = ControlByte;
946
947 // copy DataRunLength
949 RunBufferOffset += DataRunLengthSize;
950
951 // copy DataRunOffset
952 RtlCopyMemory(RunBuffer + RunBufferOffset, &DataRunOffset, DataRunOffsetSize);
953 RunBufferOffset += DataRunOffsetSize;
954 }
955
956 // End of data runs
957 RunBuffer[RunBufferOffset++] = 0;
958
959 *UsedBufferSize = RunBufferOffset;
961
963}
UCHAR GetPackedByteCount(LONGLONG NumberToPack, BOOLEAN IsSigned)
Definition: attrib.c:1846
BOOLEAN NTAPI FsRtlGetNextLargeMcbEntry(IN PLARGE_MCB Mcb, IN ULONG RunIndex, OUT PLONGLONG Vbn, OUT PLONGLONG Lbn, OUT PLONGLONG SectorCount)
Definition: largemcb.c:392
Referenced by AddRun(), FreeClusters(), ReadAttribute(), and WriteAttribute().
◆ CreateBTreeFromIndex()
| NTSTATUS CreateBTreeFromIndex | ( | PDEVICE_EXTENSION | Vcb, |
| PFILE_RECORD_HEADER | FileRecordWithIndex, | ||
| PNTFS_ATTR_CONTEXT | IndexRootContext, | ||
| PINDEX_ROOT_ATTRIBUTE | IndexRoot, | ||
| PB_TREE * | NewTree | ||
| ) |
Definition at line 682 of file btree.c.
688{
689 PINDEX_ENTRY_ATTRIBUTE CurrentNodeEntry;
691 PB_TREE_FILENAME_NODE RootNode = ExAllocatePoolWithTag(NonPagedPool, sizeof(B_TREE_FILENAME_NODE), TAG_NTFS);
696
698
700 {
704 if (CurrentKey)
709 }
710
714
715 // See if the file record has an attribute allocation
717 FileRecordWithIndex,
720 4,
721 &IndexAllocationContext,
722 NULL);
724 IndexAllocationContext = NULL;
725
726 // Setup the Tree
727 RootNode->FirstKey = CurrentKey;
729
730 // Make sure we won't try reading past the attribute-end
731 if (FIELD_OFFSET(INDEX_ROOT_ATTRIBUTE, Header) + IndexRoot->Header.TotalSizeOfEntries > IndexRootContext->pRecord->Resident.ValueLength)
732 {
737 }
738
739 // Start at the first node entry
743
744 // Create a key for each entry in the node
746 {
747 // Allocate memory for the current entry
748 CurrentKey->IndexEntry = ExAllocatePoolWithTag(NonPagedPool, CurrentNodeEntry->Length, TAG_NTFS);
750 {
755 }
756
757 RootNode->KeyCount++;
758
759 // If this isn't the last entry
761 {
762 // Create the next key
764 if (!NextKey)
765 {
770 }
771
773
774 // Add NextKey to the end of the list
775 CurrentKey->NextKey = NextKey;
776
777 // Copy the current entry to its key
779
780 // Does this key have a sub-node?
782 {
783 // Create the child node
785 IndexRoot,
786 IndexAllocationContext,
787 CurrentKey->IndexEntry);
789 {
794 }
795 }
796
797 // Advance to the next entry
798 CurrentOffset += CurrentNodeEntry->Length;
799 CurrentNodeEntry = (PINDEX_ENTRY_ATTRIBUTE)((ULONG_PTR)CurrentNodeEntry + CurrentNodeEntry->Length);
800 CurrentKey = NextKey;
801 }
802 else
803 {
804 // Copy the final entry to its key
807
808 // Does this key have a sub-node?
810 {
811 // Create the child node
813 IndexRoot,
814 IndexAllocationContext,
815 CurrentKey->IndexEntry);
817 {
822 }
823 }
824
825 break;
826 }
827 }
828
829 *NewTree = Tree;
831
832Cleanup:
833 if (IndexAllocationContext)
834 ReleaseAttributeContext(IndexAllocationContext);
835
837}
PB_TREE_FILENAME_NODE CreateBTreeNodeFromIndexNode(PDEVICE_EXTENSION Vcb, PINDEX_ROOT_ATTRIBUTE IndexRoot, PNTFS_ATTR_CONTEXT IndexAllocationAttributeCtx, PINDEX_ENTRY_ATTRIBUTE NodeEntry)
Definition: btree.c:499
Definition: Header.h:9
struct INDEX_ENTRY_ATTRIBUTE * PINDEX_ENTRY_ATTRIBUTE
Definition: ntfs.h:454
Definition: ntfs.h:409
Definition: ntfs.h:392
Definition: ntfs.h:445
Definition: ntfs.h:435
Referenced by NtfsAddFilenameToDirectory().
◆ CreateEmptyBTree()
Definition at line 348 of file btree.c.
349{
351 PB_TREE_FILENAME_NODE RootNode = ExAllocatePoolWithTag(NonPagedPool, sizeof(B_TREE_FILENAME_NODE), TAG_NTFS);
352 PB_TREE_KEY DummyKey;
353
355
357 {
364 }
365
366 // Create the dummy key
368 if (!DummyKey)
369 {
374 }
375
378
379 // Setup the Tree
380 RootNode->FirstKey = DummyKey;
381 RootNode->KeyCount = 1;
384
385 *NewTree = Tree;
386
387 // Memory will be freed when DestroyBTree() is called
388
390}
Referenced by NtfsCreateDirectory().
◆ CreateIndexRootFromBTree()
| NTSTATUS CreateIndexRootFromBTree | ( | PDEVICE_EXTENSION | DeviceExt, |
| PB_TREE | Tree, | ||
| ULONG | MaxIndexSize, | ||
| PINDEX_ROOT_ATTRIBUTE * | IndexRoot, | ||
| ULONG * | Length | ||
| ) |
Definition at line 910 of file btree.c.
915{
917 PB_TREE_KEY CurrentKey;
918 PINDEX_ENTRY_ATTRIBUTE CurrentNodeEntry;
920 DeviceExt->NtfsInfo.BytesPerFileRecord,
921 TAG_NTFS);
922
923 DPRINT("CreateIndexRootFromBTree(%p, %p, 0x%lx, %p, %p)\n", DeviceExt, Tree, MaxIndexSize, IndexRoot, Length);
924
925#ifndef NDEBUG
927#endif
928
929 if (!NewIndexRoot)
930 {
933 }
934
935 // Setup the new index root
936 RtlZeroMemory(NewIndexRoot, DeviceExt->NtfsInfo.BytesPerFileRecord);
937
940 NewIndexRoot->SizeOfEntry = DeviceExt->NtfsInfo.BytesPerIndexRecord;
941 // If Bytes per index record is less than cluster size, clusters per index record becomes sectors per index
943 NewIndexRoot->ClustersPerIndexRecord = NewIndexRoot->SizeOfEntry / DeviceExt->NtfsInfo.BytesPerSector;
944 else
945 NewIndexRoot->ClustersPerIndexRecord = NewIndexRoot->SizeOfEntry / DeviceExt->NtfsInfo.BytesPerCluster;
946
947 // Setup the Index node header
950
951 // Start summing the total size of this node's entries
953
954 // Setup each Node Entry
955 CurrentKey = Tree->RootNode->FirstKey;
960 {
961 // Would adding the current entry to the index increase the index size beyond the limit we've set?
962 ULONG IndexSize = NewIndexRoot->Header.TotalSizeOfEntries - NewIndexRoot->Header.FirstEntryOffset + CurrentKey->IndexEntry->Length;
963 if (IndexSize > MaxIndexSize)
964 {
968 }
969
971
972 // Copy the index entry
974
976 CurrentNodeEntry->KeyLength,
977 CurrentNodeEntry->Length);
978
979 // Does the current key have any sub-nodes?
982
983 // Add Length of Current Entry to Total Size of Entries
985
986 // Go to the next node entry
987 CurrentNodeEntry = (PINDEX_ENTRY_ATTRIBUTE)((ULONG_PTR)CurrentNodeEntry + CurrentNodeEntry->Length);
988
989 CurrentKey = CurrentKey->NextKey;
990 }
991
993
994 *IndexRoot = NewIndexRoot;
996
998}
Definition: ntfs.h:383
Referenced by NtfsAddFilenameToDirectory(), and NtfsCreateDirectory().
◆ DecodeRun()
Definition at line 966 of file attrib.c.
969{
970 UCHAR DataRunOffsetSize;
971 UCHAR DataRunLengthSize;
973
974 DataRunOffsetSize = (*DataRun >> 4) & 0xF;
975 DataRunLengthSize = *DataRun & 0xF;
976 *DataRunOffset = 0;
977 *DataRunLength = 0;
978 DataRun++;
980 {
982 DataRun++;
983 }
984
985 /* NTFS 3+ sparse files */
986 if (DataRunOffsetSize == 0)
987 {
988 *DataRunOffset = -1;
989 }
990 else
991 {
993 {
995 DataRun++;
996 }
997 /* The last byte contains sign so we must process it different way. */
999 }
1000
1005
1006 return DataRun;
1007}
Referenced by ConvertDataRunsToLargeMCB(), FindRun(), GetLastClusterInDataRun(), NtfsDumpDataRuns(), PrepareAttributeContext(), PrintAttributeInfo(), ReadAttribute(), and WriteAttribute().
◆ DemoteBTreeRoot()
Definition at line 1089 of file btree.c.
1090{
1091 PB_TREE_FILENAME_NODE NewSubNode, NewIndexRoot;
1092 PB_TREE_KEY DummyKey;
1093
1095
1096#ifndef NDEBUG
1098#endif
1099
1100 // Create a new node that will hold the keys currently in index root
1102 if (!NewSubNode)
1103 {
1106 }
1108
1109 // Copy the applicable data from the old index root node
1113
1114 // Create a new dummy key, and make the new node it's child
1116 if (!DummyKey)
1117 {
1121 }
1122
1123 // Make the new node a child of the dummy key
1124 DummyKey->LesserChild = NewSubNode;
1125
1126 // Create a new index root node
1128 if (!NewIndexRoot)
1129 {
1134 }
1136
1138
1139 // Insert the dummy key into the new node
1140 NewIndexRoot->FirstKey = DummyKey;
1141 NewIndexRoot->KeyCount = 1;
1143
1144 // Make the new node the Tree's root node
1145 Tree->RootNode = NewIndexRoot;
1146
1147#ifndef NDEBUG
1149#endif
1150
1152}
Referenced by NtfsAddFilenameToDirectory().
◆ DestroyBTree()
Definition at line 1542 of file btree.c.
1543{
1546}
Referenced by CreateBTreeFromIndex(), NtfsAddFilenameToDirectory(), and NtfsCreateDirectory().
◆ DestroyBTreeNode()
| VOID DestroyBTreeNode | ( | PB_TREE_FILENAME_NODE | Node | ) |
Definition at line 1511 of file btree.c.
1512{
1513 PB_TREE_KEY NextKey;
1517 {
1518 NT_ASSERT(CurrentKey);
1519 NextKey = CurrentKey->NextKey;
1520 DestroyBTreeKey(CurrentKey);
1521 CurrentKey = NextKey;
1522 }
1523
1525
1527}
Definition: dlist.c:348
Referenced by CreateBTreeNodeFromIndexNode(), DestroyBTree(), and DestroyBTreeKey().
◆ DumpBTree()
Definition at line 1622 of file btree.c.
1623{
1626}
VOID DumpBTreeNode(PB_TREE Tree, PB_TREE_FILENAME_NODE Node, ULONG Number, ULONG Depth)
Definition: btree.c:1583
Referenced by CreateIndexRootFromBTree(), DemoteBTreeRoot(), NtfsAddFilenameToDirectory(), NtfsInsertKey(), and UpdateIndexAllocation().
◆ DumpBTreeKey()
| VOID DumpBTreeKey | ( | PB_TREE | Tree, |
| PB_TREE_KEY | Key, | ||
| ULONG | Number, | ||
| ULONG | Depth | ||
| ) |
Definition at line 1549 of file btree.c.
1550{
1555
1557 {
1563 }
1564 else
1565 {
1567 }
1568
1569 // Is there a child node?
1571 {
1574 else
1575 {
1576 // This will be an assert once nodes with arbitrary depth are debugged
1577 DPRINT1("DRIVER ERROR: No Key->LesserChild despite Key->IndexEntry->Flags indicating this is a node!\n");
1578 }
1579 }
1580}
_In_opt_ PENTER_STATE_SYSTEM_HANDLER _In_opt_ PVOID _In_ LONG _In_opt_ LONG volatile * Number
Definition: ntpoapi.h:207
Definition: find_test.cpp:52
_In_opt_ PALLOCATE_FUNCTION _In_opt_ PFREE_FUNCTION _In_ ULONG _In_ SIZE_T _In_ ULONG _In_ USHORT Depth
Definition: exfuncs.h:819
Referenced by DumpBTreeNode().
◆ DumpBTreeNode()
| VOID DumpBTreeNode | ( | PB_TREE | Tree, |
| PB_TREE_FILENAME_NODE | Node, | ||
| ULONG | Number, | ||
| ULONG | Depth | ||
| ) |
Definition at line 1583 of file btree.c.
1587{
1588 PB_TREE_KEY CurrentKey;
1592 DbgPrint("Node #%d, Depth %d, has %d key%s", Number, Depth, Node->KeyCount, Node->KeyCount == 1 ? "" : "s");
1593
1598 else
1600
1601 CurrentKey = Node->FirstKey;
1603 {
1605 CurrentKey = CurrentKey->NextKey;
1606 }
1607}
VOID DumpBTreeKey(PB_TREE Tree, PB_TREE_KEY Key, ULONG Number, ULONG Depth)
Definition: btree.c:1549
Referenced by DumpBTree(), DumpBTreeKey(), and SplitBTreeNode().
◆ EnumerAttribute()
| VOID EnumerAttribute | ( | PFILE_RECORD_HEADER | file, |
| PDEVICE_EXTENSION | Vcb, | ||
| PDEVICE_OBJECT | DeviceObject | ||
| ) |
◆ FindAttribute()
| NTSTATUS FindAttribute | ( | PDEVICE_EXTENSION | Vcb, |
| PFILE_RECORD_HEADER | MftRecord, | ||
| ULONG | Type, | ||
| PCWSTR | Name, | ||
| ULONG | NameLength, | ||
| PNTFS_ATTR_CONTEXT * | AttrCtx, | ||
| PULONG | Offset | ||
| ) |
Definition at line 131 of file mft.c.
138{
142 PNTFS_ATTR_RECORD Attribute;
143 PNTFS_ATTRIBUTE_LIST_ITEM AttrListItem;
144
145 DPRINT("FindAttribute(%p, %p, 0x%x, %S, %lu, %p, %p)\n", Vcb, MftRecord, Type, Name, NameLength, AttrCtx, Offset);
146
150 {
152 {
153 if (NameLength != 0)
154 {
155 PWCHAR AttrName;
156
159 if (RtlCompareMemory(AttrName, Name, NameLength * sizeof(WCHAR)) == (NameLength * sizeof(WCHAR)))
160 {
162 }
163 }
164 else
165 {
167 }
168
170 {
171 /* Found it, fill up the context and return. */
173 *AttrCtx = PrepareAttributeContext(Attribute);
174
175 (*AttrCtx)->FileMFTIndex = MftRecord->MFTRecordNumber;
176
179
182 }
183 }
184
186 }
187
188 /* No attribute found, check if it is referenced in another file record */
191 {
193 {
194 if (NameLength != 0)
195 {
196 PWCHAR AttrName;
197
200 if (RtlCompareMemory(AttrName, Name, NameLength * sizeof(WCHAR)) == (NameLength * sizeof(WCHAR)))
201 {
203 }
204 }
205 else
206 {
208 }
209
211 {
212 /* Get the MFT Index of attribute */
213 ULONGLONG MftIndex;
214 PFILE_RECORD_HEADER RemoteHdr;
215
217 RemoteHdr = ExAllocateFromNPagedLookasideList(&Vcb->FileRecLookasideList);
218
220 {
223 }
224
225 /* Check we are not reading ourselves */
227 {
229 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, RemoteHdr);
232 }
233 /* Read the new file record */
236 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, RemoteHdr);
239 }
240 }
242 }
245}
NTSTATUS FindFirstAttribute(PFIND_ATTR_CONTXT Context, PDEVICE_EXTENSION Vcb, PFILE_RECORD_HEADER FileRecord, BOOLEAN OnlyResident, PNTFS_ATTR_RECORD *Attribute)
Definition: attrib.c:1383
NTSTATUS FindFirstAttributeListItem(PFIND_ATTR_CONTXT Context, PNTFS_ATTRIBUTE_LIST_ITEM *Item)
Definition: attrib.c:1307
NTSTATUS FindNextAttribute(PFIND_ATTR_CONTXT Context, PNTFS_ATTR_RECORD *Attribute)
Definition: attrib.c:1431
NTSTATUS FindNextAttributeListItem(PFIND_ATTR_CONTXT Context, PNTFS_ATTRIBUTE_LIST_ITEM *Item)
Definition: attrib.c:1321
NTSTATUS ReadFileRecord(PDEVICE_EXTENSION Vcb, ULONGLONG index, PFILE_RECORD_HEADER file)
Definition: mft.c:1631
PNTFS_ATTR_CONTEXT PrepareAttributeContext(PNTFS_ATTR_RECORD AttrRecord)
Definition: mft.c:41
Definition: compobj.c:4795
Definition: ntfs.h:308
Definition: ntfs.h:251
Definition: ntfs.h:547
Referenced by AddNewMftEntry(), AllocateIndexNode(), BrowseIndexEntries(), CreateBTreeFromIndex(), tinyxml2::XMLElement::FindAttribute(), FindAttribute(), FreeClusters(), GetVolumeBitmap(), IncreaseMftSize(), NtfsAddFilenameToDirectory(), NtfsAllocateClusters(), NtfsCreateFile(), NtfsDirFindFile(), NtfsFindMftRecord(), NtfsGetFileSize(), NtfsGetFreeClusters(), NtfsGetVolumeData(), NtfsReadFCBAttribute(), NtfsReadFile(), NtfsSetEndOfFile(), NtfsWriteFile(), tinyxml2::XMLElement::QueryBoolAttribute(), tinyxml2::XMLElement::QueryDoubleAttribute(), tinyxml2::XMLElement::QueryFloatAttribute(), tinyxml2::XMLElement::QueryIntAttribute(), tinyxml2::XMLElement::QueryUnsignedAttribute(), UpdateFileNameRecord(), UpdateIndexAllocation(), UpdateIndexEntryFileNameSize(), UpdateMftMirror(), and WriteAttribute().
◆ FindCloseAttribute()
| VOID FindCloseAttribute | ( | PFIND_ATTR_CONTXT | Context | ) |
Definition at line 1465 of file attrib.c.
1466{
1468 {
1471 }
1472}
Referenced by FindAttribute(), GetFileNameFromRecord(), GetNfsVolumeData(), GetStandardInformationFromRecord(), NtfsDumpFileAttributes(), NtfsGetStreamInformation(), NtfsReadFile(), and NtfsWriteFile().
◆ FindFirstAttribute()
| NTSTATUS FindFirstAttribute | ( | PFIND_ATTR_CONTXT | Context, |
| PDEVICE_EXTENSION | Vcb, | ||
| PFILE_RECORD_HEADER | FileRecord, | ||
| BOOLEAN | OnlyResident, | ||
| PNTFS_ATTR_RECORD * | Attribute | ||
| ) |
Definition at line 1383 of file attrib.c.
1388{
1390
1391 DPRINT("FindFistAttribute(%p, %p, %p, %p, %u, %p)\n", Context, Vcb, FileRecord, OnlyResident, Attribute);
1392
1394 Context->OnlyResident = OnlyResident;
1401
1403 {
1406 }
1408 {
1411 {
1413 }
1414
1417 {
1419 }
1420 }
1421 else
1422 {
1423 *Attribute = Context->CurrAttr;
1425 }
1426
1428}
static NTSTATUS InternalReadNonResidentAttributes(PFIND_ATTR_CONTXT Context)
Definition: attrib.c:1214
static PNTFS_ATTR_RECORD InternalGetNextAttribute(PFIND_ATTR_CONTXT Context)
Definition: attrib.c:1334
Referenced by FindAttribute(), GetFileNameFromRecord(), GetNfsVolumeData(), GetStandardInformationFromRecord(), NtfsDumpFileAttributes(), NtfsGetStreamInformation(), NtfsReadFile(), and NtfsWriteFile().
◆ FindFirstAttributeListItem()
| NTSTATUS FindFirstAttributeListItem | ( | PFIND_ATTR_CONTXT | Context, |
| PNTFS_ATTRIBUTE_LIST_ITEM * | Item | ||
| ) |
Definition at line 1307 of file attrib.c.
1309{
1311 {
1313 }
1314
1318}
Referenced by FindAttribute().
◆ FindNextAttribute()
| NTSTATUS FindNextAttribute | ( | PFIND_ATTR_CONTXT | Context, |
| PNTFS_ATTR_RECORD * | Attribute | ||
| ) |
Definition at line 1431 of file attrib.c.
1433{
1435
1437
1440 {
1442 }
1443
1445 {
1447 }
1448
1451 {
1453 }
1454
1457 {
1459 }
1460
1462}
Referenced by FindAttribute(), GetFileNameFromRecord(), GetNfsVolumeData(), GetStandardInformationFromRecord(), NtfsDumpFileAttributes(), NtfsGetStreamInformation(), NtfsReadFile(), and NtfsWriteFile().
◆ FindNextAttributeListItem()
| NTSTATUS FindNextAttributeListItem | ( | PFIND_ATTR_CONTXT | Context, |
| PNTFS_ATTRIBUTE_LIST_ITEM * | Item | ||
| ) |
Definition at line 1321 of file attrib.c.
1323{
1326 {
1328 }
1330}
static PNTFS_ATTRIBUTE_LIST_ITEM InternalGetNextAttributeListItem(PFIND_ATTR_CONTXT Context)
Definition: attrib.c:1267
Referenced by FindAttribute().
◆ FixupUpdateSequenceArray()
| NTSTATUS FixupUpdateSequenceArray | ( | PDEVICE_EXTENSION | Vcb, |
| PNTFS_RECORD_HEADER | Record | ||
| ) |
Definition at line 1965 of file mft.c.
1967{
1968 USHORT *USA;
1969 USHORT USANumber;
1970 USHORT USACount;
1971 USHORT *Block;
1972
1974 USANumber = *(USA++);
1977
1978 DPRINT("FixupUpdateSequenceArray(%p, %p)\nUSANumber: %u\tUSACount: %u\n", Vcb, Record, USANumber, USACount);
1979
1980 while (USACount)
1981 {
1982 if (*Block != USANumber)
1983 {
1986 }
1987 *Block = *(USA++);
1989 USACount--;
1990 }
1991
1993}
Referenced by BrowseSubNodeIndexEntries(), CreateBTreeNodeFromIndexNode(), PrintAllVCNs(), ReadFileRecord(), UpdateFileRecord(), and UpdateIndexEntryFileNameSize().
◆ FreeClusters()
| NTSTATUS FreeClusters | ( | PNTFS_VCB | Vcb, |
| PNTFS_ATTR_CONTEXT | AttrContext, | ||
| ULONG | AttrOffset, | ||
| PFILE_RECORD_HEADER | FileRecord, | ||
| ULONG | ClustersToFree | ||
| ) |
Definition at line 1057 of file attrib.c.
1062{
1064 ULONG ClustersLeftToFree = ClustersToFree;
1065
1066 PNTFS_ATTR_RECORD DestinationAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)FileRecord + AttrOffset);
1067 ULONG NextAttributeOffset = AttrOffset + AttrContext->pRecord->Length;
1068 PNTFS_ATTR_RECORD NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)FileRecord + NextAttributeOffset);
1069
1070 PUCHAR RunBuffer;
1071 ULONG RunBufferSize = 0;
1072
1073 PFILE_RECORD_HEADER BitmapRecord;
1074 PNTFS_ATTR_CONTEXT DataContext;
1075 ULONGLONG BitmapDataSize;
1078 ULONG LengthWritten;
1079
1080 if (!AttrContext->pRecord->IsNonResident)
1081 {
1083 }
1084
1085 // Read the $Bitmap file
1086 BitmapRecord = ExAllocateFromNPagedLookasideList(&Vcb->FileRecLookasideList);
1088 {
1091 }
1092
1095 {
1097 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, BitmapRecord);
1098 return 0;
1099 }
1100
1103 {
1105 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, BitmapRecord);
1106 return 0;
1107 }
1108
1109 BitmapDataSize = AttributeDataLength(DataContext->pRecord);
1112 BitmapData = ExAllocatePoolWithTag(NonPagedPool, ROUND_UP(BitmapDataSize, Vcb->NtfsInfo.BytesPerSector), TAG_NTFS);
1114 {
1116 ReleaseAttributeContext(DataContext);
1117 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, BitmapRecord);
1118 return 0;
1119 }
1120
1122
1124
1125 // free clusters in $BITMAP file
1126 while (ClustersLeftToFree > 0)
1127 {
1129
1131 {
1133 DPRINT1("DRIVER ERROR: FreeClusters called to free %lu clusters, which is %lu more clusters than are assigned to attribute!",
1134 ClustersToFree,
1135 ClustersLeftToFree);
1136 break;
1137 }
1138
1140 {
1141 // deallocate this cluster
1143 }
1144 FsRtlTruncateLargeMcb(&AttrContext->DataRunsMCB, AttrContext->pRecord->NonResident.HighestVCN);
1145
1146 // decrement HighestVCN, but don't let it go below 0
1147 AttrContext->pRecord->NonResident.HighestVCN = min(AttrContext->pRecord->NonResident.HighestVCN, AttrContext->pRecord->NonResident.HighestVCN - 1);
1148 ClustersLeftToFree--;
1149 }
1150
1151 // update $BITMAP file on disk
1152 Status = WriteAttribute(Vcb, DataContext, 0, BitmapData, (ULONG)BitmapDataSize, &LengthWritten, FileRecord);
1154 {
1155 ReleaseAttributeContext(DataContext);
1157 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, BitmapRecord);
1159 }
1160
1161 ReleaseAttributeContext(DataContext);
1163 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, BitmapRecord);
1164
1165 // Save updated data runs to file record
1166
1167 // Allocate some memory for a new RunBuffer
1169 if (!RunBuffer)
1170 {
1173 }
1174
1175 // Convert the map control block back to encoded data runs
1176 ConvertLargeMCBToDataRuns(&AttrContext->DataRunsMCB, RunBuffer, Vcb->NtfsInfo.BytesPerCluster, &RunBufferSize);
1177
1178 // Update HighestVCN
1179 DestinationAttribute->NonResident.HighestVCN = AttrContext->pRecord->NonResident.HighestVCN;
1180
1181 // Write data runs to destination attribute
1182 RtlCopyMemory((PVOID)((ULONG_PTR)DestinationAttribute + DestinationAttribute->NonResident.MappingPairsOffset),
1183 RunBuffer,
1184 RunBufferSize);
1185
1186 // Is DestinationAttribute the last attribute in the file record?
1188 {
1189 // update attribute length
1190 DestinationAttribute->Length = ALIGN_UP_BY(AttrContext->pRecord->NonResident.MappingPairsOffset + RunBufferSize,
1191 ATTR_RECORD_ALIGNMENT);
1192
1194
1195 AttrContext->pRecord->Length = DestinationAttribute->Length;
1196
1197 // write end markers
1198 NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)DestinationAttribute + DestinationAttribute->Length);
1200 }
1201
1202 // Update the file record
1204
1206
1207 NtfsDumpDataRuns((PUCHAR)((ULONG_PTR)DestinationAttribute + DestinationAttribute->NonResident.MappingPairsOffset), 0);
1208
1210}
NTSYSAPI void WINAPI RtlClearBits(PRTL_BITMAP, ULONG, ULONG)
VOID NTAPI FsRtlTruncateLargeMcb(IN PLARGE_MCB Mcb, IN LONGLONG Vbn)
Definition: largemcb.c:1059
BOOLEAN NTAPI FsRtlLookupLastLargeMcbEntry(IN PLARGE_MCB Mcb, OUT PLONGLONG Vbn, OUT PLONGLONG Lbn)
Definition: largemcb.c:718
Referenced by FatExamineFatEntries(), GetDiskFreeSpaceW(), HandleNotify(), NtfsAllocateClusters(), NtfsGetFreeClusters(), and SetNonResidentAttributeDataLength().
◆ GetAllocationOffsetFromVCN()
| ULONGLONG GetAllocationOffsetFromVCN | ( | PDEVICE_EXTENSION | DeviceExt, |
| ULONG | IndexBufferSize, | ||
| ULONGLONG | Vcn | ||
| ) |
Definition at line 1630 of file btree.c.
1633{
1634 if (IndexBufferSize < DeviceExt->NtfsInfo.BytesPerCluster)
1635 return Vcn * DeviceExt->NtfsInfo.BytesPerSector;
1636
1637 return Vcn * DeviceExt->NtfsInfo.BytesPerCluster;
1638}
Referenced by CreateBTreeNodeFromIndexNode(), and UpdateIndexNode().
◆ GetBestFileNameFromRecord()
| PFILENAME_ATTRIBUTE GetBestFileNameFromRecord | ( | PDEVICE_EXTENSION | Vcb, |
| PFILE_RECORD_HEADER | FileRecord | ||
| ) |
Definition at line 1985 of file attrib.c.
1987{
1989
1992 {
1995 {
1997 }
1998 }
1999
2001}
PFILENAME_ATTRIBUTE GetFileNameFromRecord(PDEVICE_EXTENSION Vcb, PFILE_RECORD_HEADER FileRecord, UCHAR NameType)
Definition: attrib.c:1809
Referenced by NtfsGetBothDirectoryInformation(), NtfsGetDirectoryInformation(), NtfsGetFullDirectoryInformation(), NtfsGetNamesInformation(), NtfsMakeFCBFromDirEntry(), NtfsMoonWalkID(), NtfsSetEndOfFile(), and NtfsWriteFile().
◆ GetFileNameAttributeLength()
| ULONG GetFileNameAttributeLength | ( | PFILENAME_ATTRIBUTE | FileNameAttribute | ) |
Definition at line 1978 of file attrib.c.
1979{
1980 ULONG Length = FIELD_OFFSET(FILENAME_ATTRIBUTE, Name) + (FileNameAttribute->NameLength * sizeof(WCHAR));
1982}
Referenced by CreateBTreeKeyFromFilename().
◆ GetFileNameFromRecord()
| PFILENAME_ATTRIBUTE GetFileNameFromRecord | ( | PDEVICE_EXTENSION | Vcb, |
| PFILE_RECORD_HEADER | FileRecord, | ||
| UCHAR | NameType | ||
| ) |
Definition at line 1809 of file attrib.c.
1812{
1814 PNTFS_ATTR_RECORD Attribute;
1817
1820 {
1822 {
1827 {
1830 }
1831 }
1832
1834 }
1835
1838}
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn UINT32 *TableIdx UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 NameType
Definition: acpixf.h:658
Referenced by GetBestFileNameFromRecord(), NtfsGetBothDirectoryInformation(), and NtfsMakeRootFCB().
◆ GetIndexEntryVCN()
| ULONGLONG GetIndexEntryVCN | ( | PINDEX_ENTRY_ATTRIBUTE | IndexEntry | ) |
Definition at line 1641 of file btree.c.
1642{
1643 PULONGLONG Destination = (PULONGLONG)((ULONG_PTR)IndexEntry + IndexEntry->Length - sizeof(ULONGLONG));
1644
1646
1648}
Referenced by BrowseIndexEntries(), BrowseSubNodeIndexEntries(), and SplitBTreeNode().
◆ GetLastClusterInDataRun()
| NTSTATUS GetLastClusterInDataRun | ( | PDEVICE_EXTENSION | Vcb, |
| PNTFS_ATTR_RECORD | Attribute, | ||
| PULONGLONG | LastCluster | ||
| ) |
Definition at line 1908 of file attrib.c.
1909{
1910 LONGLONG DataRunOffset;
1911 ULONGLONG DataRunLength;
1912 LONGLONG DataRunStartLCN;
1913
1914 ULONGLONG LastLCN = 0;
1916
1919
1920 while (1)
1921 {
1922 DataRun = DecodeRun(DataRun, &DataRunOffset, &DataRunLength);
1923
1924 if (DataRunOffset != -1)
1925 {
1926 // Normal data run.
1927 DataRunStartLCN = LastLCN + DataRunOffset;
1928 LastLCN = DataRunStartLCN;
1929 *LastCluster = LastLCN + DataRunLength - 1;
1930 }
1931
1932 if (*DataRun == 0)
1933 break;
1934 }
1935
1937}
◆ GetPackedByteCount()
GetPackedByteCount Returns the minimum number of bytes needed to represent the value of a 64-bit number. Used to encode data runs.
Definition at line 1846 of file attrib.c.
1848{
1849 if (!IsSigned)
1850 {
1851 if (NumberToPack >= 0x0100000000000000)
1852 return 8;
1853 if (NumberToPack >= 0x0001000000000000)
1854 return 7;
1855 if (NumberToPack >= 0x0000010000000000)
1856 return 6;
1857 if (NumberToPack >= 0x0000000100000000)
1858 return 5;
1859 if (NumberToPack >= 0x0000000001000000)
1860 return 4;
1861 if (NumberToPack >= 0x0000000000010000)
1862 return 3;
1863 if (NumberToPack >= 0x0000000000000100)
1864 return 2;
1865 return 1;
1866 }
1867
1868 if (NumberToPack > 0)
1869 {
1870 // we have to make sure the number that gets encoded won't be interpreted as negative
1871 if (NumberToPack >= 0x0080000000000000)
1872 return 8;
1873 if (NumberToPack >= 0x0000800000000000)
1874 return 7;
1875 if (NumberToPack >= 0x0000008000000000)
1876 return 6;
1877 if (NumberToPack >= 0x0000000080000000)
1878 return 5;
1879 if (NumberToPack >= 0x0000000000800000)
1880 return 4;
1881 if (NumberToPack >= 0x0000000000008000)
1882 return 3;
1883 if (NumberToPack >= 0x0000000000000080)
1884 return 2;
1885 }
1886 else
1887 {
1888 // negative number
1889 if (NumberToPack <= 0xff80000000000000)
1890 return 8;
1891 if (NumberToPack <= 0xffff800000000000)
1892 return 7;
1893 if (NumberToPack <= 0xffffff8000000000)
1894 return 6;
1895 if (NumberToPack <= 0xffffffff80000000)
1896 return 5;
1897 if (NumberToPack <= 0xffffffffff800000)
1898 return 4;
1899 if (NumberToPack <= 0xffffffffffff8000)
1900 return 3;
1901 if (NumberToPack <= 0xffffffffffffff80)
1902 return 2;
1903 }
1904 return 1;
1905}
Referenced by ConvertLargeMCBToDataRuns().
◆ GetSizeOfIndexEntries()
| ULONG GetSizeOfIndexEntries | ( | PB_TREE_FILENAME_NODE | Node | ) |
Definition at line 855 of file btree.c.
856{
857 // Start summing the total size of this node's entries
858 ULONG NodeSize = 0;
859
860 // Walk through the list of Node Entries
864 {
866
867 // Add the length of the current node
869 CurrentKey = CurrentKey->NextKey;
870 }
871
872 return NodeSize;
873}
Referenced by NtfsAddFilenameToDirectory(), and NtfsInsertKey().
◆ GetStandardInformationFromRecord()
| PSTANDARD_INFORMATION GetStandardInformationFromRecord | ( | PDEVICE_EXTENSION | Vcb, |
| PFILE_RECORD_HEADER | FileRecord | ||
| ) |
Definition at line 1940 of file attrib.c.
1942{
1945 PNTFS_ATTR_RECORD Attribute;
1946 PSTANDARD_INFORMATION StdInfo;
1947
1950 {
1952 {
1955 return StdInfo;
1956 }
1957
1959 }
1960
1963}
Referenced by NtfsGetBothDirectoryInformation(), NtfsGetDirectoryInformation(), NtfsGetFullDirectoryInformation(), and NtfsMakeFCBFromDirEntry().
◆ InternalSetResidentAttributeLength()
| NTSTATUS InternalSetResidentAttributeLength | ( | PDEVICE_EXTENSION | DeviceExt, |
| PNTFS_ATTR_CONTEXT | AttrContext, | ||
| PFILE_RECORD_HEADER | FileRecord, | ||
| ULONG | AttrOffset, | ||
| ULONG | DataSize | ||
| ) |
Definition at line 542 of file mft.c.
547{
549 PNTFS_ATTR_RECORD NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)Destination + Destination->Length);
550 PNTFS_ATTR_RECORD FinalAttribute;
552 ULONG NextAttributeOffset;
553
554 DPRINT1("InternalSetResidentAttributeLength( %p, %p, %p, %lu, %lu )\n", DeviceExt, AttrContext, FileRecord, AttrOffset, DataSize);
555
556 ASSERT(!AttrContext->pRecord->IsNonResident);
557
558 // Update ValueLength Field
560
561 // Calculate the record length and end marker offset
562 Destination->Length = ALIGN_UP_BY(DataSize + AttrContext->pRecord->Resident.ValueOffset, ATTR_RECORD_ALIGNMENT);
564
565 // Ensure NextAttributeOffset is aligned to an 8-byte boundary
567
568 // Will the new attribute be larger than the old one?
570 {
571 // Free the old copy of the attribute in the context, as it will be the wrong length
573
574 // Create a new copy of the attribute record for the context
576 if (!AttrContext->pRecord)
577 {
580 }
581 RtlZeroMemory((PVOID)((ULONG_PTR)AttrContext->pRecord + OldAttributeLength), Destination->Length - OldAttributeLength);
583 }
584
585 // Are there attributes after this one that need to be moved?
587 {
588 // Move the attributes after this one
589 FinalAttribute = MoveAttributes(DeviceExt, NextAttribute, NextAttributeOffset, (ULONG_PTR)Destination + Destination->Length);
590 }
591 else
592 {
593 // advance to the final "attribute," adjust for the changed length of the attribute we're resizing
594 FinalAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)NextAttribute - OldAttributeLength + Destination->Length);
595 }
596
597 // Update pRecord's length
599 AttrContext->pRecord->Resident.ValueLength = DataSize;
600
601 // set the file record end
603
604 //NtfsDumpFileRecord(DeviceExt, FileRecord);
605
607}
_In_ NDIS_STATUS _In_ ULONG _In_ USHORT _In_opt_ PVOID _In_ ULONG DataSize
Definition: ndis.h:4755
Referenced by NtfsAddFilenameToDirectory(), and SetResidentAttributeDataLength().
◆ MoveAttributes()
| PNTFS_ATTR_RECORD MoveAttributes | ( | PDEVICE_EXTENSION | DeviceExt, |
| PNTFS_ATTR_RECORD | FirstAttributeToMove, | ||
| ULONG | FirstAttributeOffset, | ||
| ULONG_PTR | MoveTo | ||
| ) |
Definition at line 512 of file mft.c.
516{
517 // Get the size of all attributes after this one
518 ULONG MemBlockSize = 0;
519 PNTFS_ATTR_RECORD CurrentAttribute = FirstAttributeToMove;
520 ULONG CurrentOffset = FirstAttributeOffset;
521 PNTFS_ATTR_RECORD FinalAttribute;
522
523 while (CurrentAttribute->Type != AttributeEnd && CurrentOffset < DeviceExt->NtfsInfo.BytesPerFileRecord)
524 {
525 CurrentOffset += CurrentAttribute->Length;
526 MemBlockSize += CurrentAttribute->Length;
528 }
529
530 FinalAttribute = (PNTFS_ATTR_RECORD)(MoveTo + MemBlockSize);
532
534
535 // Move the attributes after this one
537
538 return FinalAttribute;
539}
Referenced by AddRun(), and InternalSetResidentAttributeLength().
◆ NtfsAcqLazyWrite()
◆ NtfsAcqReadAhead()
◆ NtfsAddFCBToTable()
Definition at line 209 of file fcb.c.
Referenced by NtfsMakeFCBFromDirEntry(), and NtfsMakeRootFCB().
◆ NtfsAddFilenameToDirectory()
| NTSTATUS NtfsAddFilenameToDirectory | ( | PDEVICE_EXTENSION | DeviceExt, |
| ULONGLONG | DirectoryMftIndex, | ||
| ULONGLONG | FileReferenceNumber, | ||
| PFILENAME_ATTRIBUTE | FilenameAttribute, | ||
| BOOLEAN | CaseSensitive | ||
| ) |
Definition at line 2192 of file mft.c.
2197{
2199 PFILE_RECORD_HEADER ParentFileRecord;
2200 PNTFS_ATTR_CONTEXT IndexRootContext;
2201 PINDEX_ROOT_ATTRIBUTE I30IndexRoot;
2202 ULONG IndexRootOffset;
2203 ULONGLONG I30IndexRootLength;
2204 ULONG LengthWritten;
2205 PINDEX_ROOT_ATTRIBUTE NewIndexRoot;
2206 ULONG AttributeLength;
2207 PNTFS_ATTR_RECORD NextAttribute;
2208 PB_TREE NewTree;
2209 ULONG BtreeIndexLength;
2210 ULONG MaxIndexRootSize;
2211 PB_TREE_KEY NewLeftKey;
2212 PB_TREE_FILENAME_NODE NewRightHandNode;
2213 LARGE_INTEGER MinIndexRootSize;
2214 ULONG NewMaxIndexRootSize;
2215 ULONG NodeSize;
2216
2217 // Allocate memory for the parent directory
2218 ParentFileRecord = ExAllocateFromNPagedLookasideList(&DeviceExt->FileRecLookasideList);
2219 if (!ParentFileRecord)
2220 {
2223 }
2224
2225 // Open the parent directory
2228 {
2229 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
2231 DirectoryMftIndex);
2233 }
2234
2235#ifndef NDEBUG
2237 NtfsDumpFileRecord(DeviceExt, ParentFileRecord);
2238#endif
2239
2240 // Find the index root attribute for the directory
2242 ParentFileRecord,
2243 AttributeIndexRoot,
2245 4,
2246 &IndexRootContext,
2247 &IndexRootOffset);
2249 {
2250 DPRINT1("ERROR: Couldn't find $I30 $INDEX_ROOT attribute for parent directory with MFT #: %I64u!\n",
2251 DirectoryMftIndex);
2252 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
2254 }
2255
2256 // Find the maximum index size given what the file record can hold
2257 // First, find the max index size assuming index root is the last attribute
2258 MaxIndexRootSize = DeviceExt->NtfsInfo.BytesPerFileRecord // Start with the size of a file record
2259 - IndexRootOffset // Subtract the length of everything that comes before index root
2260 - IndexRootContext->pRecord->Resident.ValueOffset // Subtract the length of the attribute header for index root
2263
2264 // Are there attributes after this one?
2265 NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)ParentFileRecord + IndexRootOffset + IndexRootContext->pRecord->Length);
2267 {
2268 // Find the length of all attributes after this one, not counting the end marker
2269 ULONG LengthOfAttributes = 0;
2270 PNTFS_ATTR_RECORD CurrentAttribute = NextAttribute;
2272 {
2273 LengthOfAttributes += CurrentAttribute->Length;
2274 CurrentAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)CurrentAttribute + CurrentAttribute->Length);
2275 }
2276
2277 // Leave room for the existing attributes
2278 MaxIndexRootSize -= LengthOfAttributes;
2279 }
2280
2281 // Allocate memory for the index root data
2282 I30IndexRootLength = AttributeDataLength(IndexRootContext->pRecord);
2284 if (!I30IndexRoot)
2285 {
2287 ReleaseAttributeContext(IndexRootContext);
2288 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
2290 }
2291
2292 // Read the Index Root
2293 Status = ReadAttribute(DeviceExt, IndexRootContext, 0, (PCHAR)I30IndexRoot, I30IndexRootLength);
2295 {
2297 ReleaseAttributeContext(IndexRootContext);
2299 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
2301 }
2302
2303 // Convert the index to a B*Tree
2305 ParentFileRecord,
2306 IndexRootContext,
2307 I30IndexRoot,
2308 &NewTree);
2310 {
2312 ReleaseAttributeContext(IndexRootContext);
2314 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
2316 }
2317
2318#ifndef NDEBUG
2319 DumpBTree(NewTree);
2320#endif
2321
2322 // Insert the key for the file we're adding
2324 FileReferenceNumber,
2325 FilenameAttribute,
2326 NewTree->RootNode,
2327 CaseSensitive,
2328 MaxIndexRootSize,
2329 I30IndexRoot->SizeOfEntry,
2330 &NewLeftKey,
2331 &NewRightHandNode);
2333 {
2335 DestroyBTree(NewTree);
2336 ReleaseAttributeContext(IndexRootContext);
2338 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
2340 }
2341
2342#ifndef NDEBUG
2343 DumpBTree(NewTree);
2344#endif
2345
2346 // The root node can't be split
2349
2350 // Convert B*Tree back to Index
2351
2352 // Updating the index allocation can change the size available for the index root,
2353 // And if the index root is demoted, the index allocation will need to be updated again,
2354 // which may change the size available for index root... etc.
2355 // My solution is to decrease index root to the size it would be if it was demoted,
2356 // then UpdateIndexAllocation will have an accurate representation of the maximum space
2357 // it can use in the file record. There's still a chance that the act of allocating an
2358 // index node after demoting the index root will increase the size of the file record beyond
2359 // it's limit, but if that happens, an attribute-list will most definitely be needed.
2360 // This a bit hacky, but it seems to be functional.
2361
2362 // Calculate the minimum size of the index root attribute, considering one dummy key and one VCN
2364 + 0x18; // Size of dummy key with a VCN for a subnode
2366
2367 // Temporarily shrink the index root to it's minimal size
2368 AttributeLength = MinIndexRootSize.LowPart;
2370
2371
2372 // FIXME: IndexRoot will probably be invalid until we're finished. If we fail before we finish, the directory will probably be toast.
2373 // The potential for catastrophic data-loss exists!!! :)
2374
2375 // Update the length of the attribute in the file record of the parent directory
2377 IndexRootContext,
2378 ParentFileRecord,
2379 IndexRootOffset,
2380 AttributeLength);
2382 {
2384 DestroyBTree(NewTree);
2385 ReleaseAttributeContext(IndexRootContext);
2387 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
2389 }
2390
2391 // Update the index allocation
2392 Status = UpdateIndexAllocation(DeviceExt, NewTree, I30IndexRoot->SizeOfEntry, ParentFileRecord);
2394 {
2396 DestroyBTree(NewTree);
2397 ReleaseAttributeContext(IndexRootContext);
2399 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
2401 }
2402
2403#ifndef NDEBUG
2405 DumpBTree(NewTree);
2406#endif
2407
2408 // Find the maximum index root size given what the file record can hold
2409 // First, find the max index size assuming index root is the last attribute
2410 NewMaxIndexRootSize =
2411 DeviceExt->NtfsInfo.BytesPerFileRecord // Start with the size of a file record
2412 - IndexRootOffset // Subtract the length of everything that comes before index root
2413 - IndexRootContext->pRecord->Resident.ValueOffset // Subtract the length of the attribute header for index root
2416
2417 // Are there attributes after this one?
2418 NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)ParentFileRecord + IndexRootOffset + IndexRootContext->pRecord->Length);
2420 {
2421 // Find the length of all attributes after this one, not counting the end marker
2422 ULONG LengthOfAttributes = 0;
2423 PNTFS_ATTR_RECORD CurrentAttribute = NextAttribute;
2425 {
2426 LengthOfAttributes += CurrentAttribute->Length;
2427 CurrentAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)CurrentAttribute + CurrentAttribute->Length);
2428 }
2429
2430 // Leave room for the existing attributes
2431 NewMaxIndexRootSize -= LengthOfAttributes;
2432 }
2433
2434 // The index allocation and index bitmap may have grown, leaving less room for the index root,
2435 // so now we need to double-check that index root isn't too large
2437 if (NodeSize > NewMaxIndexRootSize)
2438 {
2439 DPRINT1("Demoting index root.\nNodeSize: 0x%lx\nNewMaxIndexRootSize: 0x%lx\n", NodeSize, NewMaxIndexRootSize);
2440
2443 {
2445 DestroyBTree(NewTree);
2446 ReleaseAttributeContext(IndexRootContext);
2448 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
2450 }
2451
2452 // We need to update the index allocation once more
2453 Status = UpdateIndexAllocation(DeviceExt, NewTree, I30IndexRoot->SizeOfEntry, ParentFileRecord);
2455 {
2457 DestroyBTree(NewTree);
2458 ReleaseAttributeContext(IndexRootContext);
2460 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
2462 }
2463
2464 // re-recalculate max size of index root
2465 NewMaxIndexRootSize =
2466 // Find the maximum index size given what the file record can hold
2467 // First, find the max index size assuming index root is the last attribute
2468 DeviceExt->NtfsInfo.BytesPerFileRecord // Start with the size of a file record
2469 - IndexRootOffset // Subtract the length of everything that comes before index root
2470 - IndexRootContext->pRecord->Resident.ValueOffset // Subtract the length of the attribute header for index root
2473
2474 // Are there attributes after this one?
2475 NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)ParentFileRecord + IndexRootOffset + IndexRootContext->pRecord->Length);
2477 {
2478 // Find the length of all attributes after this one, not counting the end marker
2479 ULONG LengthOfAttributes = 0;
2480 PNTFS_ATTR_RECORD CurrentAttribute = NextAttribute;
2482 {
2483 LengthOfAttributes += CurrentAttribute->Length;
2484 CurrentAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)CurrentAttribute + CurrentAttribute->Length);
2485 }
2486
2487 // Leave room for the existing attributes
2488 NewMaxIndexRootSize -= LengthOfAttributes;
2489 }
2490
2491
2492 }
2493
2494 // Create the Index Root from the B*Tree
2495 Status = CreateIndexRootFromBTree(DeviceExt, NewTree, NewMaxIndexRootSize, &NewIndexRoot, &BtreeIndexLength);
2497 {
2499 DestroyBTree(NewTree);
2500 ReleaseAttributeContext(IndexRootContext);
2502 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
2504 }
2505
2506 // We're done with the B-Tree now
2507 DestroyBTree(NewTree);
2508
2509 // Write back the new index root attribute to the parent directory file record
2510
2511 // First, we need to resize the attribute.
2512 // CreateIndexRootFromBTree() should have verified that the index root fits within MaxIndexSize.
2513 // We can't set the size as we normally would, because $INDEX_ROOT must always be resident.
2514 AttributeLength = NewIndexRoot->Header.AllocatedSize + FIELD_OFFSET(INDEX_ROOT_ATTRIBUTE, Header);
2515
2516 if (AttributeLength != IndexRootContext->pRecord->Resident.ValueLength)
2517 {
2518 // Update the length of the attribute in the file record of the parent directory
2520 IndexRootContext,
2521 ParentFileRecord,
2522 IndexRootOffset,
2523 AttributeLength);
2525 {
2527 ReleaseAttributeContext(IndexRootContext);
2529 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
2532 }
2533
2534 }
2535
2537
2540 {
2541 DPRINT1("ERROR: Failed to update file record of directory with index: %llx\n", DirectoryMftIndex);
2542 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
2544 ReleaseAttributeContext(IndexRootContext);
2547 }
2548
2549 // Write the new index root to disk
2551 IndexRootContext,
2552 0,
2553 (PUCHAR)NewIndexRoot,
2554 AttributeLength,
2555 &LengthWritten,
2556 ParentFileRecord);
2558 {
2561 ReleaseAttributeContext(IndexRootContext);
2563 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
2565 }
2566
2567 // re-read the parent file record, so we can dump it
2570 {
2572 }
2573 else
2574 {
2575#ifndef NDEBUG
2577
2578 Status = CreateBTreeFromIndex(DeviceExt, ParentFileRecord, IndexRootContext, NewIndexRoot, &NewTree);
2580 {
2583 }
2584
2585 DumpBTree(NewTree);
2586
2587 DestroyBTree(NewTree);
2588
2589 NtfsDumpFileRecord(DeviceExt, ParentFileRecord);
2590#endif
2591 }
2592
2593 // Cleanup
2595 ReleaseAttributeContext(IndexRootContext);
2597 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
2598
2600}
NTSTATUS CreateBTreeFromIndex(PDEVICE_EXTENSION Vcb, PFILE_RECORD_HEADER FileRecordWithIndex, PNTFS_ATTR_CONTEXT IndexRootContext, PINDEX_ROOT_ATTRIBUTE IndexRoot, PB_TREE *NewTree)
Definition: btree.c:682
NTSTATUS NtfsInsertKey(PB_TREE Tree, ULONGLONG FileReference, PFILENAME_ATTRIBUTE FileNameAttribute, PB_TREE_FILENAME_NODE Node, BOOLEAN CaseSensitive, ULONG MaxIndexRootSize, ULONG IndexRecordSize, PB_TREE_KEY *MedianKey, PB_TREE_FILENAME_NODE *NewRightHandSibling)
Definition: btree.c:1691
NTSTATUS UpdateIndexAllocation(PDEVICE_EXTENSION DeviceExt, PB_TREE Tree, ULONG IndexBufferSize, PFILE_RECORD_HEADER FileRecord)
Definition: btree.c:1182
NTSTATUS CreateIndexRootFromBTree(PDEVICE_EXTENSION DeviceExt, PB_TREE Tree, ULONG MaxIndexSize, PINDEX_ROOT_ATTRIBUTE *IndexRoot, ULONG *Length)
Definition: btree.c:910
VOID NtfsDumpFileRecord(PDEVICE_EXTENSION Vcb, PFILE_RECORD_HEADER FileRecord)
Definition: mft.c:3334
NTSTATUS InternalSetResidentAttributeLength(PDEVICE_EXTENSION DeviceExt, PNTFS_ATTR_CONTEXT AttrContext, PFILE_RECORD_HEADER FileRecord, ULONG AttrOffset, ULONG DataSize)
Definition: mft.c:542
Referenced by NtfsCreateDirectory(), and NtfsCreateFileRecord().
◆ NtfsAllocateClusters()
| NTSTATUS NtfsAllocateClusters | ( | PDEVICE_EXTENSION | DeviceExt, |
| ULONG | FirstDesiredCluster, | ||
| ULONG | DesiredClusters, | ||
| PULONG | FirstAssignedCluster, | ||
| PULONG | AssignedClusters | ||
| ) |
NtfsAllocateClusters Allocates a run of clusters. The run allocated might be smaller than DesiredClusters.
Definition at line 105 of file volinfo.c.
110{
112 PFILE_RECORD_HEADER BitmapRecord;
113 PNTFS_ATTR_CONTEXT DataContext;
114 ULONGLONG BitmapDataSize;
118 ULONG AssignedRun;
119 ULONG LengthWritten;
120
121 DPRINT("NtfsAllocateClusters(%p, %lu, %lu, %p, %p)\n", DeviceExt, FirstDesiredCluster, DesiredClusters, FirstAssignedCluster, AssignedClusters);
122
123 BitmapRecord = ExAllocateFromNPagedLookasideList(&DeviceExt->FileRecLookasideList);
125 {
127 }
128
131 {
132 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, BitmapRecord);
134 }
135
138 {
139 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, BitmapRecord);
141 }
142
143 BitmapDataSize = AttributeDataLength(DataContext->pRecord);
144 BitmapDataSize = min(BitmapDataSize, 0xffffffff);
145 ASSERT((BitmapDataSize * 8) >= DeviceExt->NtfsInfo.ClusterCount);
146 BitmapData = ExAllocatePoolWithTag(NonPagedPool, ROUND_UP(BitmapDataSize, DeviceExt->NtfsInfo.BytesPerSector), TAG_NTFS);
148 {
149 ReleaseAttributeContext(DataContext);
150 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, BitmapRecord);
152 }
153
156 DPRINT("Diff in size: %I64d B\n", ((BitmapDataSize * 8) - DeviceExt->NtfsInfo.ClusterCount) * DeviceExt->NtfsInfo.SectorsPerCluster * DeviceExt->NtfsInfo.BytesPerSector);
157
159
162
164 {
165 ReleaseAttributeContext(DataContext);
166
168 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, BitmapRecord);
170 }
171
172 // TODO: Observe MFT reservation zone
173
174 // Can we get one contiguous run?
176
177 if (AssignedRun != 0xFFFFFFFF)
178 {
179 *FirstAssignedCluster = AssignedRun;
180 *AssignedClusters = DesiredClusters;
181 }
182 else
183 {
184 // we can't get one contiguous run
185 *AssignedClusters = RtlFindNextForwardRunClear(&Bitmap, FirstDesiredCluster, FirstAssignedCluster);
186
187 if (*AssignedClusters == 0)
188 {
189 // we couldn't find any runs starting at DesiredFirstCluster
191 }
192
193 }
194
195 Status = WriteAttribute(DeviceExt, DataContext, 0, BitmapData, (ULONG)BitmapDataSize, &LengthWritten, BitmapRecord);
196
197 ReleaseAttributeContext(DataContext);
198
200 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, BitmapRecord);
201
203}
NTSTATUS FreeClusters(PNTFS_VCB Vcb, PNTFS_ATTR_CONTEXT AttrContext, ULONG AttrOffset, PFILE_RECORD_HEADER FileRecord, ULONG ClustersToFree)
Definition: attrib.c:1057
NTSYSAPI ULONG WINAPI RtlFindLongestRunClear(PCRTL_BITMAP, PULONG)
NTSYSAPI ULONG WINAPI RtlNumberOfClearBits(PCRTL_BITMAP)
NTSYSAPI ULONG WINAPI RtlFindNextForwardRunClear(PCRTL_BITMAP, ULONG, PULONG)
Referenced by SetNonResidentAttributeDataLength().
◆ NtfsAllocateIrpContext()
| PNTFS_IRP_CONTEXT NtfsAllocateIrpContext | ( | PDEVICE_OBJECT | DeviceObject, |
| PIRP | Irp | ||
| ) |
Definition at line 66 of file misc.c.
68{
69 PNTFS_IRP_CONTEXT IrpContext;
70
72
73 IrpContext = (PNTFS_IRP_CONTEXT)ExAllocateFromNPagedLookasideList(&NtfsGlobalData->IrpContextLookasideList);
76
78
90
97 {
99 }
100
101 return IrpContext;
102}
static PIO_STACK_LOCATION IoGetCurrentIrpStackLocation(PIRP Irp)
Definition: Bus_PDO_EvalMethod.c:150
struct NTFS_IRP_CONTEXT * PNTFS_IRP_CONTEXT
NPAGED_LOOKASIDE_LIST IrpContextLookasideList
Definition: ntfs.h:152
Definition: ntfs.h:479
#define IRP_MJ_FILE_SYSTEM_CONTROL
#define IRP_MJ_SHUTDOWN
#define IRP_MJ_CLEANUP
Referenced by NtfsFsdDispatch().
◆ NtfsAttachFCBToFileObject()
| NTSTATUS NtfsAttachFCBToFileObject | ( | PNTFS_VCB | Vcb, |
| PNTFS_FCB | Fcb, | ||
| PFILE_OBJECT | FileObject | ||
| ) |
Definition at line 464 of file fcb.c.
467{
468 PNTFS_CCB newCCB;
469
472 {
474 }
475
477
480
483 FileObject->FsContext2 = newCCB;
486
488 {
489 _SEH2_TRY
490 {
493 FALSE,
495 Fcb);
496 }
498 {
502 }
503 _SEH2_END;
504
506 }
507
508 //DPRINT("file open: fcb:%x file size: %d\n", Fcb, Fcb->Entry.DataLengthL);
509
511}
VOID NTAPI CcInitializeCacheMap(IN PFILE_OBJECT FileObject, IN PCC_FILE_SIZES FileSizes, IN BOOLEAN PinAccess, IN PCACHE_MANAGER_CALLBACKS Callbacks, IN PVOID LazyWriteContext)
Definition: fssup.c:195
Definition: ntfs.h:130
Definition: cctypes.h:14
Referenced by NtfsCreateFile(), NtfsOpenFile(), and NtfsOpenFileById().
◆ NtfsCleanup()
| NTSTATUS NtfsCleanup | ( | PNTFS_IRP_CONTEXT | IrpContext | ) |
Definition at line 89 of file cleanup.c.
90{
91 PDEVICE_EXTENSION DeviceExtension;
95
97
100 {
104 }
105
107 DeviceExtension = DeviceObject->DeviceExtension;
108
111 {
113 }
114
115 Status = NtfsCleanupFile(DeviceExtension, FileObject, BooleanFlagOn(IrpContext->Flags, IRPCONTEXT_CANWAIT));
116
117 ExReleaseResourceLite(&DeviceExtension->DirResource);
118
120 {
122 }
123
126}
NTSTATUS NtfsCleanupFile(PDEVICE_EXTENSION DeviceExt, PFILE_OBJECT FileObject, BOOLEAN CanWait)
Definition: cleanup.c:40
FORCEINLINE NTSTATUS NtfsMarkIrpContextForQueue(PNTFS_IRP_CONTEXT IrpContext)
Definition: ntfs.h:569
#define ExAcquireResourceExclusiveLite(res, wait)
Definition: env_spec_w32.h:615
VOID FASTCALL ExReleaseResourceLite(IN PERESOURCE Resource)
Definition: resource.c:1822
Definition: beep.c:22
Definition: env_spec_w32.h:413
Referenced by NtfsDispatch().
◆ NtfsClose()
| NTSTATUS NtfsClose | ( | PNTFS_IRP_CONTEXT | IrpContext | ) |
Definition at line 84 of file close.c.
85{
86 PDEVICE_EXTENSION DeviceExtension;
90
92
95 {
99 }
100
102 DeviceExtension = DeviceObject->DeviceExtension;
103
106 {
108 }
109
111
112 ExReleaseResourceLite(&DeviceExtension->DirResource);
113
115 {
117 }
118
121}
NTSTATUS NtfsCloseFile(PDEVICE_EXTENSION DeviceExt, PFILE_OBJECT FileObject)
Definition: close.c:40
◆ NtfsCloseFile()
| NTSTATUS NtfsCloseFile | ( | PDEVICE_EXTENSION | DeviceExt, |
| PFILE_OBJECT | FileObject | ||
| ) |
Definition at line 40 of file close.c.
42{
45
47 DeviceExt,
48 FileObject);
49
52
55 {
57 }
58
62 DeviceExt->OpenHandleCount--;
63
65 {
66 // This a FO, that was created outside from FSD.
67 // Some FO's are created with IoCreateStreamFileObject() insid from FSD.
68 // This FO's don't have a FileName.
70 }
71
73 {
75 }
76
78
80}
struct NTFS_CCB * PNTFS_CCB
struct _FCB * PNTFS_FCB
Definition: cdstruc.h:902
Referenced by NtfsClose(), and NtfsCreateFile().
◆ NtfsCreate()
| NTSTATUS NtfsCreate | ( | PNTFS_IRP_CONTEXT | IrpContext | ) |
Definition at line 622 of file create.c.
623{
624 PDEVICE_EXTENSION DeviceExt;
627
630 {
631 /* DeviceObject represents FileSystem instead of logical volume */
635 }
636
637 DeviceExt = DeviceObject->DeviceExtension;
638
640 {
642 }
643
644 ExAcquireResourceExclusiveLite(&DeviceExt->DirResource,
645 TRUE);
647 IrpContext);
648 ExReleaseResourceLite(&DeviceExt->DirResource);
649
651}
static NTSTATUS NtfsCreateFile(PDEVICE_OBJECT DeviceObject, PNTFS_IRP_CONTEXT IrpContext)
Definition: create.c:328
Referenced by NtfsDispatch().
◆ NtfsCreateDirectory()
| NTSTATUS NtfsCreateDirectory | ( | PDEVICE_EXTENSION | DeviceExt, |
| PFILE_OBJECT | FileObject, | ||
| BOOLEAN | CaseSensitive, | ||
| BOOLEAN | CanWait | ||
| ) |
Definition at line 681 of file create.c.
685{
686
688 PFILE_RECORD_HEADER FileRecord;
689 PNTFS_ATTR_RECORD NextAttribute;
690 PFILENAME_ATTRIBUTE FilenameAttribute;
691 ULONGLONG ParentMftIndex;
692 ULONGLONG FileMftIndex;
694 PINDEX_ROOT_ATTRIBUTE NewIndexRoot;
695 ULONG MaxIndexRootSize;
696 ULONG RootLength;
697
699 DeviceExt,
700 FileObject,
701 CaseSensitive ? "TRUE" : "FALSE",
702 CanWait ? "TRUE" : "FALSE");
703
704 // Start with an empty file record
705 FileRecord = NtfsCreateEmptyFileRecord(DeviceExt);
706 if (!FileRecord)
707 {
710 }
711
712 // Set the directory flag
714
715 // find where the first attribute will be added
717
718 // add first attribute, $STANDARD_INFORMATION
719 AddStandardInformation(FileRecord, NextAttribute);
720
721 // advance NextAttribute pointer to the next attribute
722 NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)NextAttribute + (ULONG_PTR)NextAttribute->Length);
723
724 // Add the $FILE_NAME attribute
726
727 // save a pointer to the filename attribute
728 FilenameAttribute = (PFILENAME_ATTRIBUTE)((ULONG_PTR)NextAttribute + NextAttribute->Resident.ValueOffset);
729
730 // advance NextAttribute pointer to the next attribute
731 NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)NextAttribute + (ULONG_PTR)NextAttribute->Length);
732
733 // Create an empty b-tree to represent our new index
736 {
738 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, FileRecord);
740 }
741
742 // Calculate maximum size of index root
743 MaxIndexRootSize = DeviceExt->NtfsInfo.BytesPerFileRecord
746
747 // Create a new index record from the tree
749 Tree,
750 MaxIndexRootSize,
751 &NewIndexRoot,
752 &RootLength);
754 {
757 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, FileRecord);
759 }
760
761 // We're done with the B-Tree
763
764 // add the $INDEX_ROOT attribute
765 Status = AddIndexRoot(DeviceExt, FileRecord, NextAttribute, NewIndexRoot, RootLength, L"$I30", 4);
767 {
770 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, FileRecord);
772 }
773
774
775#ifndef NDEBUG
776 NtfsDumpFileRecord(DeviceExt, FileRecord);
777#endif
778
779 // Now that we've built the file record in memory, we need to store it in the MFT.
782 {
783 // The highest 2 bytes should be the sequence number, unless the parent happens to be root
786 else
788
790
791 // Add the filename attribute to the filename-index of the parent directory
793 ParentMftIndex,
794 FileMftIndex,
795 FilenameAttribute,
796 CaseSensitive);
797 }
798
800 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, FileRecord);
801
803}
NTSTATUS AddIndexRoot(PNTFS_VCB Vcb, PFILE_RECORD_HEADER FileRecord, PNTFS_ATTR_RECORD AttributeAddress, PINDEX_ROOT_ATTRIBUTE NewIndexRoot, ULONG RootLength, PCWSTR Name, USHORT NameLength)
Definition: attrib.c:495
NTSTATUS AddFileName(PFILE_RECORD_HEADER FileRecord, PNTFS_ATTR_RECORD AttributeAddress, PDEVICE_EXTENSION DeviceExt, PFILE_OBJECT FileObject, BOOLEAN CaseSensitive, PULONGLONG ParentMftIndex)
Definition: attrib.c:230
NTSTATUS AddStandardInformation(PFILE_RECORD_HEADER FileRecord, PNTFS_ATTR_RECORD AttributeAddress)
Definition: attrib.c:766
PFILE_RECORD_HEADER NtfsCreateEmptyFileRecord(PDEVICE_EXTENSION DeviceExt)
Definition: create.c:818
NTSTATUS NtfsAddFilenameToDirectory(PDEVICE_EXTENSION DeviceExt, ULONGLONG DirectoryMftIndex, ULONGLONG FileReferenceNumber, PFILENAME_ATTRIBUTE FilenameAttribute, BOOLEAN CaseSensitive)
Definition: mft.c:2192
Referenced by NtfsCreateFile().
◆ NtfsCreateEmptyFileRecord()
| PFILE_RECORD_HEADER NtfsCreateEmptyFileRecord | ( | PDEVICE_EXTENSION | DeviceExt | ) |
Definition at line 818 of file create.c.
819{
820 PFILE_RECORD_HEADER FileRecord;
821 PNTFS_ATTR_RECORD NextAttribute;
822
824
825 // allocate memory for file record
826 FileRecord = ExAllocateFromNPagedLookasideList(&DeviceExt->FileRecLookasideList);
827 if (!FileRecord)
828 {
831 }
832
833 RtlZeroMemory(FileRecord, DeviceExt->NtfsInfo.BytesPerFileRecord);
834
836
837 // calculate USA offset and count
839
840 // size of USA (in ULONG's) will be 1 (for USA number) + 1 for every sector the file record uses
841 FileRecord->BytesAllocated = DeviceExt->NtfsInfo.BytesPerFileRecord;
842 FileRecord->Ntfs.UsaCount = (FileRecord->BytesAllocated / DeviceExt->NtfsInfo.BytesPerSector) + 1;
843
844 // setup other file record fields
845 FileRecord->SequenceNumber = 1;
850
851 // find where the first attribute will be added
853
854 // mark the (temporary) end of the file-record
857
858 return FileRecord;
859}
Referenced by IncreaseMftSize(), NtfsCreateDirectory(), and NtfsCreateFileRecord().
◆ NtfsCreateFCB()
Definition at line 67 of file fcb.c.
70{
72
75
78 {
80 }
81
83
86
88
90 {
93 {
95 }
96 else
97 {
99 }
100 }
101
103 {
105 }
106 else
107 {
109 }
110
112
114
116}
#define UNICODE_NULL
_CRTIMP wchar_t *__cdecl wcscpy(_Out_writes_z_(_String_length_(_Source)+1) wchar_t *_Dest, _In_z_ const wchar_t *_Source)
Referenced by NtfsGetVolumeData(), NtfsMakeFCBFromDirEntry(), NtfsMakeRootFCB(), and NtfsMountVolume().
◆ NtfsCreateFileRecord()
| NTSTATUS NtfsCreateFileRecord | ( | PDEVICE_EXTENSION | DeviceExt, |
| PFILE_OBJECT | FileObject, | ||
| BOOLEAN | CaseSensitive, | ||
| BOOLEAN | CanWait | ||
| ) |
Definition at line 886 of file create.c.
890{
892 PFILE_RECORD_HEADER FileRecord;
893 PNTFS_ATTR_RECORD NextAttribute;
894 PFILENAME_ATTRIBUTE FilenameAttribute;
895 ULONGLONG ParentMftIndex;
896 ULONGLONG FileMftIndex;
897
899 DeviceExt,
900 FileObject,
901 CaseSensitive ? "TRUE" : "FALSE",
902 CanWait ? "TRUE" : "FALSE");
903
904 // allocate memory for file record
905 FileRecord = NtfsCreateEmptyFileRecord(DeviceExt);
906 if (!FileRecord)
907 {
910 }
911
912 // find where the first attribute will be added
914
915 // add first attribute, $STANDARD_INFORMATION
916 AddStandardInformation(FileRecord, NextAttribute);
917
918 // advance NextAttribute pointer to the next attribute
919 NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)NextAttribute + (ULONG_PTR)NextAttribute->Length);
920
921 // Add the $FILE_NAME attribute
923
924 // save a pointer to the filename attribute
925 FilenameAttribute = (PFILENAME_ATTRIBUTE)((ULONG_PTR)NextAttribute + NextAttribute->Resident.ValueOffset);
926
927 // advance NextAttribute pointer to the next attribute
928 NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)NextAttribute + (ULONG_PTR)NextAttribute->Length);
929
930 // add the $DATA attribute
931 AddData(FileRecord, NextAttribute);
932
933#ifndef NDEBUG
934 // dump file record in memory (for debugging)
935 NtfsDumpFileRecord(DeviceExt, FileRecord);
936#endif
937
938 // Now that we've built the file record in memory, we need to store it in the MFT.
941 {
942 // The highest 2 bytes should be the sequence number, unless the parent happens to be root
945 else
947
949
950 // Add the filename attribute to the filename-index of the parent directory
952 ParentMftIndex,
953 FileMftIndex,
954 FilenameAttribute,
955 CaseSensitive);
956 }
957
958 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, FileRecord);
959
961}
NTSTATUS AddData(PFILE_RECORD_HEADER FileRecord, PNTFS_ATTR_RECORD AttributeAddress)
Definition: attrib.c:160
Referenced by NtfsCreateFile().
◆ NtfsDestroyFCB()
◆ NtfsDeviceControl()
| NTSTATUS NtfsDeviceControl | ( | PNTFS_IRP_CONTEXT | IrpContext | ) |
Definition at line 36 of file devctl.c.
37{
38 PDEVICE_EXTENSION DeviceExt;
40
43
44 /* Lower driver will complete - we don't have to */
45 IrpContext->Flags &= ~IRPCONTEXT_COMPLETE;
46
48}
Definition: Bus_PDO_EvalMethod.c:105
Referenced by NtfsDispatch().
◆ NtfsDeviceIoControl()
| NTSTATUS NtfsDeviceIoControl | ( | IN PDEVICE_OBJECT | DeviceObject, |
| IN ULONG | ControlCode, | ||
| IN PVOID | InputBuffer, | ||
| IN ULONG | InputBufferSize, | ||
| IN OUT PVOID | OutputBuffer, | ||
| IN OUT PULONG | OutputBufferSize, | ||
| IN BOOLEAN | Override | ||
| ) |
Definition at line 326 of file blockdev.c.
333{
339
341
344 DeviceObject,
345 InputBuffer,
346 InputBufferSize,
347 OutputBuffer,
348 (OutputBufferSize) ? *OutputBufferSize : 0,
349 FALSE,
350 &Event,
351 &IoStatus);
353 {
356 }
357
358 if (Override)
359 {
362 }
363
367 {
370 }
371
372 if (OutputBufferSize)
373 {
374 *OutputBufferSize = IoStatus.Information;
375 }
376
378}
#define KeWaitForSingleObject(pEvt, foo, a, b, c)
Definition: env_spec_w32.h:478
__in UCHAR __in POWER_STATE __in_opt PVOID __in PIO_STATUS_BLOCK IoStatus
Definition: mxum.h:159
PIRP NTAPI IoBuildDeviceIoControlRequest(IN ULONG IoControlCode, IN PDEVICE_OBJECT DeviceObject, IN PVOID InputBuffer, IN ULONG InputBufferLength, IN PVOID OutputBuffer, IN ULONG OutputBufferLength, IN BOOLEAN InternalDeviceIoControl, IN PKEVENT Event, IN PIO_STATUS_BLOCK IoStatusBlock)
Definition: irp.c:881
Definition: filtergraph.c:51
Definition: Bus_PDO_EvalMethod.c:93
Definition: env_spec_w32.h:870
Definition: ketypes.h:811
_Must_inspect_result_ _In_ WDFIOTARGET _In_opt_ WDFREQUEST _In_opt_ PWDF_MEMORY_DESCRIPTOR OutputBuffer
Definition: wdfiotarget.h:863
_Must_inspect_result_ _In_ WDFIOTARGET _In_opt_ WDFREQUEST _In_opt_ PWDF_MEMORY_DESCRIPTOR InputBuffer
Definition: wdfiotarget.h:953
__drv_aliasesMem FORCEINLINE PIO_STACK_LOCATION IoGetNextIrpStackLocation(_In_ PIRP Irp)
Definition: iofuncs.h:2695
Referenced by NtfsGetVolumeData(), and NtfsHasFileSystem().
◆ NtfsDirectoryControl()
| NTSTATUS NtfsDirectoryControl | ( | PNTFS_IRP_CONTEXT | IrpContext | ) |
Definition at line 590 of file dirctl.c.
591{
593
595
597 {
600 break;
601
605 break;
606
607 default:
609 break;
610 }
611
613 {
615 }
616
618
620}
Referenced by NtfsDispatch().
◆ NtfsDumpData()
Definition at line 3297 of file mft.c.
3298{
3300
3301 // dump binary data, 8 bytes at a time
3303 {
3304 // display current offset, in hex
3306
3307 // display hex value of each of the next 8 bytes
3311 }
3312}
Definition: bufpool.h:45
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250
◆ NtfsDumpDataRuns()
Definition at line 1755 of file attrib.c.
1757{
1758 PUCHAR DataRun = StartOfRun;
1759 LONGLONG DataRunOffset;
1760 ULONGLONG DataRunLength;
1761
1762 if (CurrentLCN == 0)
1763 {
1765 NtfsDumpDataRunData(StartOfRun);
1767 }
1768
1769 DataRun = DecodeRun(DataRun, &DataRunOffset, &DataRunLength);
1770
1771 if (DataRunOffset != -1)
1772 CurrentLCN += DataRunOffset;
1773
1775 if (DataRunOffset < 99999)
1778 if (CurrentLCN < 99999)
1781
1782 if (*DataRun == 0)
1784 else
1785 NtfsDumpDataRuns(DataRun, CurrentLCN);
1786}
Referenced by AddRun(), FreeClusters(), and NtfsDumpDataRuns().
◆ NtfsDumpFileAttributes()
| VOID NtfsDumpFileAttributes | ( | PDEVICE_EXTENSION | Vcb, |
| PFILE_RECORD_HEADER | FileRecord | ||
| ) |
Definition at line 1790 of file attrib.c.
1792{
1795 PNTFS_ATTR_RECORD Attribute;
1796
1799 {
1801
1803 }
1804
1806}
static VOID NtfsDumpAttribute(PDEVICE_EXTENSION Vcb, PNTFS_ATTR_RECORD Attribute)
Definition: attrib.c:1617
Referenced by IncreaseMftSize(), NtfsDumpFileRecord(), NtfsGetBothDirectoryInformation(), NtfsGetDirectoryInformation(), NtfsGetFullDirectoryInformation(), NtfsGetNamesInformation(), and NtfsGetVolumeData().
◆ NtfsDumpFileRecord()
| VOID NtfsDumpFileRecord | ( | PDEVICE_EXTENSION | Vcb, |
| PFILE_RECORD_HEADER | FileRecord | ||
| ) |
Definition at line 3334 of file mft.c.
3336{
3338
3339 // dump binary data, 8 bytes at a time
3341 {
3342 // display current offset, in hex
3344
3345 // display hex value of each of the next 8 bytes
3349 }
3350
3352}
VOID NtfsDumpFileAttributes(PDEVICE_EXTENSION Vcb, PFILE_RECORD_HEADER FileRecord)
Definition: attrib.c:1790
Referenced by NtfsAddFilenameToDirectory(), NtfsCreateDirectory(), and NtfsCreateFileRecord().
◆ NtfsFCBInitializeCache()
Definition at line 265 of file fcb.c.
267{
270 PNTFS_CCB newCCB;
271
273
276 {
278 }
279
281
284
287 FileObject->FsContext2 = newCCB;
291
293 _SEH2_TRY
294 {
297 FALSE,
299 Fcb);
300 }
302 {
308 }
309 _SEH2_END;
310
313
315}
PFILE_OBJECT NTAPI IoCreateStreamFileObject(IN PFILE_OBJECT FileObject, IN PDEVICE_OBJECT DeviceObject)
Definition: file.c:3187
Referenced by NtfsMakeFCBFromDirEntry(), and NtfsMakeRootFCB().
◆ NtfsFCBIsCompressed()
Definition at line 146 of file fcb.c.
147{
149}
Referenced by NtfsQueryDirectory(), NtfsReadFile(), and NtfsWriteFile().
◆ NtfsFCBIsDirectory()
Definition at line 132 of file fcb.c.
133{
135}
Referenced by NtfsCreateFile(), NtfsGetFCBForFile(), NtfsGetStandardInformation(), NtfsMakeAbsoluteFilename(), and NtfsReleaseFCB().
◆ NtfsFCBIsEncrypted()
◆ NtfsFCBIsReparsePoint()
◆ NtfsFCBIsRoot()
Definition at line 158 of file fcb.c.
159{
161}
_Check_return_ _CRTIMP int __cdecl wcscmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)
Referenced by NtfsMakeAbsoluteFilename(), and NtfsMakeFCBFromDirEntry().
◆ NtfsFileFlagsToAttributes()
Definition at line 105 of file misc.c.
107{
108 *FileAttributes = NtfsAttributes;
110 {
111 *FileAttributes = NtfsAttributes & ~NTFS_FILE_TYPE_DIRECTORY;
113 }
114
115 if (NtfsAttributes == 0)
117}
_Must_inspect_result_ _In_opt_ PFLT_INSTANCE _Out_ PHANDLE _In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Out_ PIO_STATUS_BLOCK _In_opt_ PLARGE_INTEGER _In_ ULONG FileAttributes
Definition: fltkernel.h:1236
Referenced by NtfsGetBasicInformation(), NtfsGetBothDirectoryInformation(), NtfsGetDirectoryInformation(), NtfsGetFullDirectoryInformation(), and NtfsGetNetworkOpenInformation().
◆ NtfsFileSystemControl()
| NTSTATUS NtfsFileSystemControl | ( | PNTFS_IRP_CONTEXT | IrpContext | ) |
Definition at line 963 of file fsctl.c.
964{
968
970
974
976 {
980 break;
981
984 break;
985
989 break;
990
994 break;
995
996 default:
999 break;
1000 }
1001
1003}
static NTSTATUS NtfsVerifyVolume(PDEVICE_OBJECT DeviceObject, PIRP Irp)
Definition: fsctl.c:582
static NTSTATUS NtfsMountVolume(PDEVICE_OBJECT DeviceObject, PIRP Irp)
Definition: fsctl.c:416
static NTSTATUS NtfsUserFsRequest(PDEVICE_OBJECT DeviceObject, PIRP Irp)
Definition: fsctl.c:900
Referenced by NtfsDispatch().
◆ NtfsFindFileAt()
| NTSTATUS NtfsFindFileAt | ( | PDEVICE_EXTENSION | Vcb, |
| PUNICODE_STRING | SearchPattern, | ||
| PULONG | FirstEntry, | ||
| PFILE_RECORD_HEADER * | FileRecord, | ||
| PULONGLONG | MFTIndex, | ||
| ULONGLONG | CurrentMFTIndex, | ||
| BOOLEAN | CaseSensitive | ||
| ) |
Definition at line 3355 of file mft.c.
3362{
3364
3366 Vcb,
3367 SearchPattern,
3368 *FirstEntry,
3369 FileRecord,
3370 MFTIndex,
3371 CurrentMFTIndex,
3372 (CaseSensitive ? "TRUE" : "FALSE"));
3373
3374 Status = NtfsFindMftRecord(Vcb, CurrentMFTIndex, SearchPattern, FirstEntry, TRUE, CaseSensitive, &CurrentMFTIndex);
3376 {
3379 }
3380
3381 *FileRecord = ExAllocateFromNPagedLookasideList(&Vcb->FileRecLookasideList);
3383 {
3386 }
3387
3390 {
3392 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, *FileRecord);
3394 }
3395
3396 *MFTIndex = CurrentMFTIndex;
3397
3399}
NTSTATUS NtfsFindMftRecord(PDEVICE_EXTENSION Vcb, ULONGLONG MFTIndex, PUNICODE_STRING FileName, PULONG FirstEntry, BOOLEAN DirSearch, BOOLEAN CaseSensitive, ULONGLONG *OutMFTIndex)
Definition: mft.c:3146
Referenced by NtfsQueryDirectory().
◆ NtfsFindMftRecord()
| NTSTATUS NtfsFindMftRecord | ( | PDEVICE_EXTENSION | Vcb, |
| ULONGLONG | MFTIndex, | ||
| PUNICODE_STRING | FileName, | ||
| PULONG | FirstEntry, | ||
| BOOLEAN | DirSearch, | ||
| BOOLEAN | CaseSensitive, | ||
| ULONGLONG * | OutMFTIndex | ||
| ) |
Definition at line 3146 of file mft.c.
3153{
3154 PFILE_RECORD_HEADER MftRecord;
3155 PNTFS_ATTR_CONTEXT IndexRootCtx;
3156 PINDEX_ROOT_ATTRIBUTE IndexRoot;
3157 PCHAR IndexRecord;
3158 PINDEX_ENTRY_ATTRIBUTE IndexEntry, IndexEntryEnd;
3160 ULONG CurrentEntry = 0;
3161
3163 Vcb,
3164 MFTIndex,
3165 FileName,
3166 *FirstEntry,
3167 DirSearch ? "TRUE" : "FALSE",
3168 CaseSensitive ? "TRUE" : "FALSE",
3169 OutMFTIndex);
3170
3171 MftRecord = ExAllocateFromNPagedLookasideList(&Vcb->FileRecLookasideList);
3173 {
3175 }
3176
3179 {
3180 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MftRecord);
3182 }
3183
3187 {
3188 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MftRecord);
3190 }
3191
3192 IndexRecord = ExAllocatePoolWithTag(NonPagedPool, Vcb->NtfsInfo.BytesPerIndexRecord, TAG_NTFS);
3194 {
3195 ReleaseAttributeContext(IndexRootCtx);
3196 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MftRecord);
3198 }
3199
3201 IndexRoot = (PINDEX_ROOT_ATTRIBUTE)IndexRecord;
3202 IndexEntry = (PINDEX_ENTRY_ATTRIBUTE)((PCHAR)&IndexRoot->Header + IndexRoot->Header.FirstEntryOffset);
3203 /* Index root is always resident. */
3205 ReleaseAttributeContext(IndexRootCtx);
3206
3207 DPRINT("IndexRecordSize: %x IndexBlockSize: %x\n", Vcb->NtfsInfo.BytesPerIndexRecord, IndexRoot->SizeOfEntry);
3208
3210 MftRecord,
3211 (PINDEX_ROOT_ATTRIBUTE)IndexRecord,
3212 IndexRoot->SizeOfEntry,
3213 IndexEntry,
3214 IndexEntryEnd,
3215 FileName,
3216 FirstEntry,
3217 &CurrentEntry,
3218 DirSearch,
3219 CaseSensitive,
3220 OutMFTIndex);
3221
3223 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MftRecord);
3224
3226}
struct INDEX_ROOT_ATTRIBUTE * PINDEX_ROOT_ATTRIBUTE
NTSTATUS BrowseIndexEntries(PDEVICE_EXTENSION Vcb, PFILE_RECORD_HEADER MftRecord, PINDEX_ROOT_ATTRIBUTE IndexRecord, ULONG IndexBlockSize, PINDEX_ENTRY_ATTRIBUTE FirstEntry, PINDEX_ENTRY_ATTRIBUTE LastEntry, PUNICODE_STRING FileName, PULONG StartEntry, PULONG CurrentEntry, BOOLEAN DirSearch, BOOLEAN CaseSensitive, ULONGLONG *OutMFTIndex)
Definition: mft.c:2984
Referenced by NtfsFindFileAt(), and NtfsLookupFileAt().
◆ NtfsFsdDispatch()
| NTSTATUS NTAPI NtfsFsdDispatch | ( | PDEVICE_OBJECT | DeviceObject, |
| PIRP | Irp | ||
| ) |
Definition at line 185 of file dispatch.c.
187{
190
192
195 {
199 }
200 else
201 {
203 }
204
206}
PNTFS_IRP_CONTEXT NtfsAllocateIrpContext(PDEVICE_OBJECT DeviceObject, PIRP Irp)
Definition: misc.c:66
◆ NtfsGetFCBForFile()
| NTSTATUS NtfsGetFCBForFile | ( | PNTFS_VCB | Vcb, |
| PNTFS_FCB * | pParentFCB, | ||
| PNTFS_FCB * | pFCB, | ||
| PCWSTR | pFileName, | ||
| BOOLEAN | CaseSensitive | ||
| ) |
Definition at line 603 of file fcb.c.
608{
612 PCWSTR currentElement;
614 PNTFS_FCB parentFCB;
615
617 Vcb,
618 pParentFCB,
619 pFCB,
620 pFileName,
621 CaseSensitive ? "TRUE" : "FALSE");
622
623 /* Dummy code */
624// FCB = NtfsOpenRootFCB(Vcb);
625// *pFCB = FCB;
626// *pParentFCB = NULL;
627
628#if 1
629 /* Trivial case, open of the root directory on volume */
631 {
633
635 *pFCB = FCB;
636 *pParentFCB = NULL;
637
639 }
640 else
641 {
642 currentElement = pFileName + 1;
645 }
646
647 parentFCB = NULL;
648
649 /* Parse filename and check each path element for existence and access */
651 {
652 /* Skip blank directory levels */
654 {
655 currentElement++;
656 continue;
657 }
658
661
662 /* Descend to next directory level */
663 if (parentFCB)
664 {
666 parentFCB = NULL;
667 }
668
669 /* fail if element in FCB is not a directory */
671 {
673
675 FCB = 0;
676 *pParentFCB = NULL;
677 *pFCB = NULL;
678
680 }
681
682 parentFCB = FCB;
683
684 /* Extract next directory level into dirName */
685 NtfsWSubString(pathName,
686 pFileName,
687 NtfsGetNextPathElement(currentElement) - pFileName);
689
692 {
693 NtfsWSubString(elementName,
694 currentElement,
695 NtfsGetNextPathElement(currentElement) - currentElement);
697
700 {
701 *pParentFCB = parentFCB;
702 *pFCB = NULL;
703 currentElement = NtfsGetNextPathElement(currentElement);
705 {
707 }
708 else
709 {
711 }
712 }
714 {
716 *pParentFCB = NULL;
717 *pFCB = NULL;
718
720 }
721 }
722
723 currentElement = NtfsGetNextPathElement(currentElement);
724 }
725
726 *pParentFCB = parentFCB;
727 *pFCB = FCB;
728#endif
729
731}
struct _FCB FCB
static VOID NtfsWSubString(PWCHAR pTarget, PCWSTR pSource, size_t pLength)
Definition: fcb.c:57
PNTFS_FCB NtfsGrabFCBFromTable(PNTFS_VCB Vcb, PCWSTR FileName)
Definition: fcb.c:222
static NTSTATUS NtfsDirFindFile(PNTFS_VCB Vcb, PNTFS_FCB DirectoryFcb, PWSTR FileToFind, BOOLEAN CaseSensitive, PNTFS_FCB *FoundFCB)
Definition: fcb.c:515
Referenced by NtfsOpenFile().
◆ NtfsGetFileSize()
| ULONGLONG NtfsGetFileSize | ( | PDEVICE_EXTENSION | DeviceExt, |
| PFILE_RECORD_HEADER | FileRecord, | ||
| PCWSTR | Stream, | ||
| ULONG | StreamLength, | ||
| PULONGLONG | AllocatedSize | ||
| ) |
Definition at line 38 of file dirctl.c.
43{
47 PNTFS_ATTR_CONTEXT DataContext;
48
49 Status = FindAttribute(DeviceExt, FileRecord, AttributeData, Stream, StreamLength, &DataContext, NULL);
51 {
54 ReleaseAttributeContext(DataContext);
55 }
56
58
60}
ULONGLONG AttributeAllocatedLength(PNTFS_ATTR_RECORD AttrRecord)
Definition: mft.c:249
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4533
Referenced by NtfsGetBothDirectoryInformation(), NtfsGetDirectoryInformation(), NtfsGetFullDirectoryInformation(), NtfsMakeFCBFromDirEntry(), and NtfsSetEndOfFile().
◆ NtfsGetFreeClusters()
| ULONGLONG NtfsGetFreeClusters | ( | PDEVICE_EXTENSION | DeviceExt | ) |
Definition at line 37 of file volinfo.c.
38{
40 PFILE_RECORD_HEADER BitmapRecord;
41 PNTFS_ATTR_CONTEXT DataContext;
42 ULONGLONG BitmapDataSize;
47
49
50 BitmapRecord = ExAllocateFromNPagedLookasideList(&DeviceExt->FileRecLookasideList);
52 {
53 return 0;
54 }
55
58 {
59 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, BitmapRecord);
60 return 0;
61 }
62
65 {
66 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, BitmapRecord);
67 return 0;
68 }
69
70 BitmapDataSize = AttributeDataLength(DataContext->pRecord);
71 ASSERT((BitmapDataSize * 8) >= DeviceExt->NtfsInfo.ClusterCount);
72 BitmapData = ExAllocatePoolWithTag(NonPagedPool, ROUND_UP(BitmapDataSize, DeviceExt->NtfsInfo.BytesPerSector), TAG_NTFS);
74 {
75 ReleaseAttributeContext(DataContext);
76 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, BitmapRecord);
77 return 0;
78 }
79
80 /* FIXME: Totally underoptimized! */
82 {
83 ReadAttribute(DeviceExt, DataContext, Read, (PCHAR)((ULONG_PTR)BitmapData + Read), DeviceExt->NtfsInfo.BytesPerSector);
84 }
85 ReleaseAttributeContext(DataContext);
86
89 DPRINT1("Diff in size: %I64d B\n", ((BitmapDataSize * 8) - DeviceExt->NtfsInfo.ClusterCount) * DeviceExt->NtfsInfo.SectorsPerCluster * DeviceExt->NtfsInfo.BytesPerSector);
90
93
95 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, BitmapRecord);
96
98}
Referenced by GetNfsVolumeData(), and NtfsGetFsSizeInformation().
◆ NtfsGetUserBuffer()
Definition at line 120 of file misc.c.
122{
124 {
125 return MmGetSystemAddressForMdlSafe(Irp->MdlAddress, (Paging ? HighPagePriority : NormalPagePriority));
126 }
127 else
128 {
130 }
131}
#define MmGetSystemAddressForMdlSafe(_Mdl, _Priority)
Referenced by GetVolumeBitmap(), NtfsQueryDirectory(), NtfsRead(), and NtfsWrite().
◆ NtfsGrabFCB()
Definition at line 165 of file fcb.c.
Referenced by NtfsMakeRootFCB().
◆ NtfsGrabFCBFromTable()
Definition at line 222 of file fcb.c.
224{
225 KIRQL oldIrql;
227 PLIST_ENTRY current_entry;
228
230
232 {
238 }
239
240 current_entry = Vcb->FcbListHead.Flink;
242 {
244
247 {
251 }
252
253 //FIXME: need to compare against short name in FCB here
254
255 current_entry = current_entry->Flink;
256 }
257
259
261}
_Check_return_ _CRTIMP int __cdecl _wcsicmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)
Definition: typedefs.h:120
Referenced by NtfsGetFCBForFile(), NtfsOpenFile(), NtfsOpenFileById(), and NtfsOpenRootFCB().
◆ NtfsInitializeFunctionPointers()
| VOID NTAPI NtfsInitializeFunctionPointers | ( | PDRIVER_OBJECT | DriverObject | ) |
Definition at line 170 of file ntfs.c.
171{
184
185 return;
186}
#define IRP_MJ_SET_VOLUME_INFORMATION
Referenced by DriverEntry().
◆ NtfsInsertKey()
| NTSTATUS NtfsInsertKey | ( | PB_TREE | Tree, |
| ULONGLONG | FileReference, | ||
| PFILENAME_ATTRIBUTE | FileNameAttribute, | ||
| PB_TREE_FILENAME_NODE | Node, | ||
| BOOLEAN | CaseSensitive, | ||
| ULONG | MaxIndexRootSize, | ||
| ULONG | IndexRecordSize, | ||
| PB_TREE_KEY * | MedianKey, | ||
| PB_TREE_FILENAME_NODE * | NewRightHandSibling | ||
| ) |
Definition at line 1691 of file btree.c.
1700{
1701 PB_TREE_KEY NewKey, CurrentKey, PreviousKey;
1703 ULONG NodeSize;
1704 ULONG AllocatedNodeSize;
1705 ULONG MaxNodeSizeWithoutHeader;
1707
1708 *MedianKey = NULL;
1709 *NewRightHandSibling = NULL;
1710
1712 Tree,
1713 FileReference,
1714 FileNameAttribute,
1715 Node,
1716 CaseSensitive ? "TRUE" : "FALSE",
1717 MaxIndexRootSize,
1718 IndexRecordSize,
1719 MedianKey,
1720 NewRightHandSibling);
1721
1722 // Create the key for the filename attribute
1723 NewKey = CreateBTreeKeyFromFilename(FileReference, FileNameAttribute);
1724 if (!NewKey)
1726
1727 // Find where to insert the key
1728 CurrentKey = Node->FirstKey;
1729 PreviousKey = NULL;
1731 {
1732 // Should the New Key go before the current key?
1734
1735 if (Comparison == 0)
1736 {
1737 DPRINT1("\t\tComparison == 0: %.*S\n", NewKey->IndexEntry->FileName.NameLength, NewKey->IndexEntry->FileName.Name);
1738 DPRINT1("\t\tComparison == 0: %.*S\n", CurrentKey->IndexEntry->FileName.NameLength, CurrentKey->IndexEntry->FileName.Name);
1739 }
1740 ASSERT(Comparison != 0);
1741
1742 // Is NewKey < CurrentKey?
1743 if (Comparison < 0)
1744 {
1745 // Does CurrentKey have a sub-node?
1747 {
1748 PB_TREE_KEY NewLeftKey;
1749 PB_TREE_FILENAME_NODE NewChild;
1750
1751 // Insert the key into the child node
1753 FileReference,
1754 FileNameAttribute,
1755 CurrentKey->LesserChild,
1756 CaseSensitive,
1757 MaxIndexRootSize,
1758 IndexRecordSize,
1759 &NewLeftKey,
1760 &NewChild);
1762 {
1766 }
1767
1768 // Did the child node get split?
1769 if (NewLeftKey)
1770 {
1772
1773 // Insert the new left key to the left of the current key
1774 NewLeftKey->NextKey = CurrentKey;
1775
1776 // Is CurrentKey the first key?
1777 if (!PreviousKey)
1778 Node->FirstKey = NewLeftKey;
1779 else
1780 PreviousKey->NextKey = NewLeftKey;
1781
1782 // CurrentKey->LesserChild will be the right-hand sibling
1783 CurrentKey->LesserChild = NewChild;
1784
1785 Node->KeyCount++;
1787
1788#ifndef NDEBUG
1790#endif
1791 }
1792 }
1793 else
1794 {
1795 // Insert New Key before Current Key
1796 NewKey->NextKey = CurrentKey;
1797
1798 // Increase KeyCount and mark node as dirty
1799 Node->KeyCount++;
1801
1802 // was CurrentKey the first key?
1804 Node->FirstKey = NewKey;
1805 else
1806 PreviousKey->NextKey = NewKey;
1807 }
1808 break;
1809 }
1810
1811 PreviousKey = CurrentKey;
1812 CurrentKey = CurrentKey->NextKey;
1813 }
1814
1815 // Determine how much space the index entries will need
1817
1818 // Is Node not the root node?
1820 {
1821 // Calculate maximum size of index entries without any headers
1823
1824 // TODO: Replace magic with math
1825 MaxNodeSizeWithoutHeader = AllocatedNodeSize - 0x28;
1826
1827 // Has the node grown larger than its allocated size?
1828 if (NodeSize > MaxNodeSizeWithoutHeader)
1829 {
1831
1834 {
1837 }
1838
1840 }
1841 }
1842
1843 // NewEntry and NewKey will be destroyed later by DestroyBTree()
1844
1846}
LONG CompareTreeKeys(PB_TREE_KEY Key1, PB_TREE_KEY Key2, BOOLEAN CaseSensitive)
Definition: btree.c:417
NTSTATUS SplitBTreeNode(PB_TREE Tree, PB_TREE_FILENAME_NODE Node, PB_TREE_KEY *MedianKey, PB_TREE_FILENAME_NODE *NewRightHandSibling, BOOLEAN CaseSensitive)
Definition: btree.c:1883
PB_TREE_KEY CreateBTreeKeyFromFilename(ULONGLONG FileReference, PFILENAME_ATTRIBUTE FileNameAttribute)
Definition: btree.c:1461
Definition: ntfs.h:402
Referenced by NtfsAddFilenameToDirectory(), and NtfsInsertKey().
◆ NtfsIsIrpTopLevel()
Definition at line 43 of file misc.c.
Referenced by NtfsDispatch().
◆ NtfsLockUserBuffer()
Definition at line 158 of file misc.c.
161{
163
165 {
167 }
168
170
172 {
174 }
175
176 _SEH2_TRY
177 {
179 }
181 {
185 }
186 _SEH2_END;
187
189}
VOID NTAPI MmProbeAndLockPages(IN PMDL Mdl, IN KPROCESSOR_MODE AccessMode, IN LOCK_OPERATION Operation)
Definition: mdlsup.c:931
Referenced by NtfsWrite().
◆ NtfsLookupFile()
| NTSTATUS NtfsLookupFile | ( | PDEVICE_EXTENSION | Vcb, |
| PUNICODE_STRING | PathName, | ||
| BOOLEAN | CaseSensitive, | ||
| PFILE_RECORD_HEADER * | FileRecord, | ||
| PULONGLONG | MFTIndex | ||
| ) |
Definition at line 3287 of file mft.c.
3292{
3294}
NTSTATUS NtfsLookupFileAt(PDEVICE_EXTENSION Vcb, PUNICODE_STRING PathName, BOOLEAN CaseSensitive, PFILE_RECORD_HEADER *FileRecord, PULONGLONG MFTIndex, ULONGLONG CurrentMFTIndex)
Definition: mft.c:3229
◆ NtfsLookupFileAt()
| NTSTATUS NtfsLookupFileAt | ( | PDEVICE_EXTENSION | Vcb, |
| PUNICODE_STRING | PathName, | ||
| BOOLEAN | CaseSensitive, | ||
| PFILE_RECORD_HEADER * | FileRecord, | ||
| PULONGLONG | MFTIndex, | ||
| ULONGLONG | CurrentMFTIndex | ||
| ) |
Definition at line 3229 of file mft.c.
3235{
3236 UNICODE_STRING Current, Remaining;
3238 ULONG FirstEntry = 0;
3239
3241 Vcb,
3242 PathName,
3243 CaseSensitive ? "TRUE" : "FALSE",
3244 FileRecord,
3245 MFTIndex,
3246 CurrentMFTIndex);
3247
3248 FsRtlDissectName(*PathName, &Current, &Remaining);
3249
3251 {
3253
3254 Status = NtfsFindMftRecord(Vcb, CurrentMFTIndex, &Current, &FirstEntry, FALSE, CaseSensitive, &CurrentMFTIndex);
3256 {
3258 }
3259
3261 break;
3262
3263 FsRtlDissectName(Current, &Current, &Remaining);
3264 }
3265
3266 *FileRecord = ExAllocateFromNPagedLookasideList(&Vcb->FileRecLookasideList);
3268 {
3271 }
3272
3275 {
3277 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, *FileRecord);
3279 }
3280
3281 *MFTIndex = CurrentMFTIndex;
3282
3284}
Referenced by NtfsDirFindFile(), and NtfsLookupFile().
◆ NtfsMakeFCBFromDirEntry()
| NTSTATUS NtfsMakeFCBFromDirEntry | ( | PNTFS_VCB | Vcb, |
| PNTFS_FCB | DirectoryFCB, | ||
| PUNICODE_STRING | Name, | ||
| PCWSTR | Stream, | ||
| PFILE_RECORD_HEADER | Record, | ||
| ULONGLONG | MFTIndex, | ||
| PNTFS_FCB * | fileFCB | ||
| ) |
Definition at line 389 of file fcb.c.
396{
399 PSTANDARD_INFORMATION StdInfo;
400 PNTFS_FCB rcFCB;
402
403 DPRINT("NtfsMakeFCBFromDirEntry(%p, %p, %wZ, %p, %p, %p)\n", Vcb, DirectoryFCB, Name, Stream, Record, fileFCB);
404
407 {
409 }
410
412 {
415 {
417 }
418
421 {
423 }
425 }
426 else
427 {
430 }
431
432 Size = NtfsGetFileSize(Vcb, Record, (Stream ? Stream : L""), (Stream ? wcslen(Stream) : 0), &AllocatedSize);
433
435 if (!rcFCB)
436 {
438 }
439
445
448 {
450 }
451
453 rcFCB->RefCount = 1;
454 rcFCB->MFTIndex = MFTIndex;
457 *fileFCB = rcFCB;
458
460}
PSTANDARD_INFORMATION GetStandardInformationFromRecord(PDEVICE_EXTENSION Vcb, PFILE_RECORD_HEADER FileRecord)
Definition: attrib.c:1940
PFILENAME_ATTRIBUTE GetBestFileNameFromRecord(PDEVICE_EXTENSION Vcb, PFILE_RECORD_HEADER FileRecord)
Definition: attrib.c:1985
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
ULONGLONG NtfsGetFileSize(PDEVICE_EXTENSION DeviceExt, PFILE_RECORD_HEADER FileRecord, PCWSTR Stream, ULONG StreamLength, PULONGLONG AllocatedSize)
Definition: dirctl.c:38
NTSTATUS NtfsFCBInitializeCache(PNTFS_VCB Vcb, PNTFS_FCB Fcb)
Definition: fcb.c:265
PNTFS_FCB NtfsCreateFCB(PCWSTR FileName, PCWSTR Stream, PNTFS_VCB Vcb)
Definition: fcb.c:67
_CRTIMP wchar_t *__cdecl wcscat(_Inout_updates_z_(_String_length_(_Dest)+_String_length_(_Source)+1) wchar_t *_Dest, _In_z_ const wchar_t *_Source)
LARGE_INTEGER ValidDataLength
Definition: env_spec_w32.h:757
ActualNumberDriverObjects * sizeof(PDRIVER_OBJECT)) PDRIVER_OBJECT *DriverObjectList
Referenced by NtfsDirFindFile(), and NtfsOpenFileById().
◆ NtfsMakeRootFCB()
Definition at line 319 of file fcb.c.
320{
322 PFILE_RECORD_HEADER MftRecord;
324
325 MftRecord = ExAllocateFromNPagedLookasideList(&Vcb->FileRecLookasideList);
327 {
329 }
330
332 {
333 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MftRecord);
335 }
336
339 {
340 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MftRecord);
342 }
343
346 {
347 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MftRecord);
349 }
350
362
366
367 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MftRecord);
368
370}
Referenced by NtfsOpenRootFCB().
◆ NtfsMarkIrpContextForQueue()
| FORCEINLINE NTSTATUS NtfsMarkIrpContextForQueue | ( | PNTFS_IRP_CONTEXT | IrpContext | ) |
Definition at line 569 of file ntfs.h.
Referenced by NtfsCleanup(), NtfsClose(), NtfsCreate(), NtfsDirectoryControl(), NtfsQueryInformation(), NtfsQueryVolumeInformation(), and NtfsSetInformation().
◆ NtfsOpenRootFCB()
Definition at line 374 of file fcb.c.
375{
377
380 {
382 }
383
385}
Referenced by NtfsGetFCBForFile().
◆ NtfsQueryInformation()
| NTSTATUS NtfsQueryInformation | ( | PNTFS_IRP_CONTEXT | IrpContext | ) |
Definition at line 420 of file finfo.c.
421{
426 PVOID SystemBuffer;
431
433
440
441 SystemBuffer = Irp->AssociatedIrp.SystemBuffer;
443
446 {
448 }
449
451 {
454 DeviceObject,
455 SystemBuffer,
456 &BufferLength);
457 break;
458
461 SystemBuffer,
462 &BufferLength);
463 break;
464
467 Fcb,
468 DeviceObject,
469 SystemBuffer,
470 &BufferLength);
471 break;
472
475 Fcb,
476 DeviceObject,
477 SystemBuffer,
478 &BufferLength);
479 break;
480
483 SystemBuffer,
484 &BufferLength);
485 break;
486
489 DeviceObject->DeviceExtension,
490 SystemBuffer,
491 &BufferLength);
492 break;
493
496 DeviceObject->DeviceExtension,
497 SystemBuffer,
498 &BufferLength);
499 break;
500
505 break;
506
507 default:
510 }
511
513
515 Irp->IoStatus.Information =
517 else
518 Irp->IoStatus.Information = 0;
519
521}
#define ExAcquireResourceSharedLite(res, wait)
Definition: env_spec_w32.h:621
static OUT PIO_STATUS_BLOCK OUT PVOID IN ULONG IN FILE_INFORMATION_CLASS FileInformationClass
Definition: pipe.c:75
static NTSTATUS NtfsGetNameInformation(PFILE_OBJECT FileObject, PNTFS_FCB Fcb, PDEVICE_OBJECT DeviceObject, PFILE_NAME_INFORMATION NameInfo, PULONG BufferLength)
Definition: finfo.c:130
static NTSTATUS NtfsGetStreamInformation(PNTFS_FCB Fcb, PDEVICE_EXTENSION DeviceExt, PFILE_STREAM_INFORMATION StreamInfo, PULONG BufferLength)
Definition: finfo.c:226
static NTSTATUS NtfsGetPositionInformation(PFILE_OBJECT FileObject, PFILE_POSITION_INFORMATION PositionInfo, PULONG BufferLength)
Definition: finfo.c:75
const PCSTR GetInfoClassName(FILE_INFORMATION_CLASS infoClass)
Definition: finfo.c:296
static NTSTATUS NtfsGetStandardInformation(PNTFS_FCB Fcb, PDEVICE_OBJECT DeviceObject, PFILE_STANDARD_INFORMATION StandardInfo, PULONG BufferLength)
Definition: finfo.c:42
static NTSTATUS NtfsGetNetworkOpenInformation(PNTFS_FCB Fcb, PDEVICE_EXTENSION DeviceExt, PFILE_NETWORK_OPEN_INFORMATION NetworkInfo, PULONG BufferLength)
Definition: finfo.c:198
static NTSTATUS NtfsGetInternalInformation(PNTFS_FCB Fcb, PFILE_INTERNAL_INFORMATION InternalInfo, PULONG BufferLength)
Definition: finfo.c:177
static NTSTATUS NtfsGetBasicInformation(PFILE_OBJECT FileObject, PNTFS_FCB Fcb, PDEVICE_OBJECT DeviceObject, PFILE_BASIC_INFORMATION BasicInfo, PULONG BufferLength)
Definition: finfo.c:97
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3771
Referenced by NtfsDispatch().
◆ NtfsQueryVolumeInformation()
| NTSTATUS NtfsQueryVolumeInformation | ( | PNTFS_IRP_CONTEXT | IrpContext | ) |
Definition at line 343 of file volinfo.c.
344{
350 PVOID SystemBuffer;
352 PDEVICE_EXTENSION DeviceExt;
353
355
356 ASSERT(IrpContext);
357
360 DeviceExt = DeviceObject->DeviceExtension;
362
365 {
367 }
368
371 SystemBuffer = Irp->AssociatedIrp.SystemBuffer;
373
376
378 {
381 SystemBuffer,
382 &BufferLength);
383 break;
384
387 SystemBuffer,
388 &BufferLength);
389 break;
390
393 SystemBuffer,
394 &BufferLength);
395 break;
396
399 SystemBuffer,
400 &BufferLength);
401 break;
402
403 default:
405 }
406
407 ExReleaseResourceLite(&DeviceExt->DirResource);
408
410 Irp->IoStatus.Information =
412 else
413 Irp->IoStatus.Information = 0;
414
416}
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ ULONG _In_ FS_INFORMATION_CLASS FsInformationClass
Definition: fltkernel.h:1330
enum _FSINFOCLASS FS_INFORMATION_CLASS
static NTSTATUS NtfsGetFsDeviceInformation(PDEVICE_OBJECT DeviceObject, PFILE_FS_DEVICE_INFORMATION FsDeviceInfo, PULONG BufferLength)
Definition: volinfo.c:318
static NTSTATUS NtfsGetFsVolumeInformation(PDEVICE_OBJECT DeviceObject, PFILE_FS_VOLUME_INFORMATION FsVolumeInfo, PULONG BufferLength)
Definition: volinfo.c:207
static NTSTATUS NtfsGetFsAttributeInformation(PDEVICE_EXTENSION DeviceExt, PFILE_FS_ATTRIBUTE_INFORMATION FsAttributeInfo, PULONG BufferLength)
Definition: volinfo.c:253
static NTSTATUS NtfsGetFsSizeInformation(PDEVICE_OBJECT DeviceObject, PFILE_FS_SIZE_INFORMATION FsSizeInfo, PULONG BufferLength)
Definition: volinfo.c:288
Referenced by NtfsDispatch().
◆ NtfsRead()
| NTSTATUS NtfsRead | ( | PNTFS_IRP_CONTEXT | IrpContext | ) |
Definition at line 216 of file rw.c.
217{
218 PDEVICE_EXTENSION DeviceExt;
224 ULONG ReturnedReadLength = 0;
228
230
235
236 DeviceExt = DeviceObject->DeviceExtension;
240
242 FileObject,
243 Buffer,
244 ReadLength,
245 ReadOffset.u.LowPart,
246 Irp->Flags,
247 &ReturnedReadLength);
249 {
251 {
252 FileObject->CurrentByteOffset.QuadPart =
253 ReadOffset.QuadPart + ReturnedReadLength;
254 }
255
256 Irp->IoStatus.Information = ReturnedReadLength;
257 }
258 else
259 {
260 Irp->IoStatus.Information = 0;
261 }
262
264}
static NTSTATUS NtfsReadFile(PDEVICE_EXTENSION DeviceExt, PFILE_OBJECT FileObject, PUCHAR Buffer, ULONG Length, ULONG ReadOffset, ULONG IrpFlags, PULONG LengthRead)
Definition: rw.c:43
_Must_inspect_result_ _In_ WDFUSBPIPE _In_ WDFREQUEST _In_opt_ WDFMEMORY _In_opt_ PWDFMEMORY_OFFSET ReadOffset
Definition: wdfusb.h:2003
#define IRP_PAGING_IO
◆ NtfsReadDisk()
| NTSTATUS NtfsReadDisk | ( | IN PDEVICE_OBJECT | DeviceObject, |
| IN LONGLONG | StartingOffset, | ||
| IN ULONG | Length, | ||
| IN ULONG | SectorSize, | ||
| IN OUT PUCHAR | Buffer, | ||
| IN BOOLEAN | Override | ||
| ) |
Definition at line 37 of file blockdev.c.
43{
50 ULONGLONG RealReadOffset;
51 ULONG RealLength;
54
55 DPRINT("NtfsReadDisk(%p, %I64x, %lu, %lu, %p, %d)\n", DeviceObject, StartingOffset, Length, SectorSize, Buffer, Override);
56
59 FALSE);
60
62 RealLength = Length;
63
65 {
68
71 {
74 }
75 AllocatedBuffer = TRUE;
76 }
77
78 Offset.QuadPart = RealReadOffset;
79
82 DeviceObject,
83 ReadBuffer,
84 RealLength,
85 &Offset,
86 &Event,
87 &IoStatus);
89 {
91
92 if (AllocatedBuffer)
93 {
95 }
96
98 }
99
100 if (Override)
101 {
104 }
105
108
111 {
116 }
117
118 if (AllocatedBuffer)
119 {
121 {
123 }
124
126 }
127
129
131}
PIRP NTAPI IoBuildSynchronousFsdRequest(IN ULONG MajorFunction, IN PDEVICE_OBJECT DeviceObject, IN PVOID Buffer, IN ULONG Length, IN PLARGE_INTEGER StartingOffset, IN PKEVENT Event, IN PIO_STATUS_BLOCK IoStatusBlock)
Definition: irp.c:1069
Referenced by NtfsReadSectors(), NtfsWriteDisk(), and ReadAttribute().
◆ NtfsReadFCBAttribute()
| NTSTATUS NtfsReadFCBAttribute | ( | PNTFS_VCB | Vcb, |
| PNTFS_FCB | pFCB, | ||
| ULONG | Type, | ||
| PCWSTR | Name, | ||
| ULONG | NameLength, | ||
| PVOID * | Data | ||
| ) |
Definition at line 735 of file fcb.c.
741{
743 PFILE_RECORD_HEADER FileRecord;
744 PNTFS_ATTR_CONTEXT AttrCtxt;
745 ULONGLONG AttrLength;
746
747 FileRecord = ExAllocateFromNPagedLookasideList(&Vcb->FileRecLookasideList);
749 {
751 }
752
755 {
756 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, FileRecord);
758 }
759
762 {
763 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, FileRecord);
765 }
766
767 AttrLength = AttributeDataLength(AttrCtxt->pRecord);
770 {
771 ReleaseAttributeContext(AttrCtxt);
772 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, FileRecord);
774 }
775
777
778 ReleaseAttributeContext(AttrCtxt);
779 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, FileRecord);
780
782}
Definition: sort_test.cpp:77
Referenced by NtfsCreateFile().
◆ NtfsReadSectors()
| NTSTATUS NtfsReadSectors | ( | IN PDEVICE_OBJECT | DeviceObject, |
| IN ULONG | DiskSector, | ||
| IN ULONG | SectorCount, | ||
| IN ULONG | SectorSize, | ||
| IN OUT PUCHAR | Buffer, | ||
| IN BOOLEAN | Override | ||
| ) |
Definition at line 308 of file blockdev.c.
314{
316 ULONG BlockSize;
317
320
322}
NTSTATUS NtfsReadDisk(IN PDEVICE_OBJECT DeviceObject, IN LONGLONG StartingOffset, IN ULONG Length, IN ULONG SectorSize, IN OUT PUCHAR Buffer, IN BOOLEAN Override)
Definition: blockdev.c:37
Referenced by NtfsGetVolumeData(), NtfsHasFileSystem(), and ReadLCN().
◆ NtfsReleaseFCB()
Definition at line 182 of file fcb.c.
184{
185 KIRQL oldIrql;
186
188 Fcb,
191
195 {
200 }
201 else
202 {
204 }
205}
BOOLEAN NTAPI CcUninitializeCacheMap(IN PFILE_OBJECT FileObject, IN OPTIONAL PLARGE_INTEGER TruncateSize, IN OPTIONAL PCACHE_UNINITIALIZE_EVENT UninitializeEvent)
Definition: fssup.c:286
Referenced by NtfsCloseFile(), NtfsGetFCBForFile(), and NtfsOpenFile().
◆ NtfsRelLazyWrite()
Definition at line 51 of file fastio.c.
Referenced by DriverEntry().
◆ NtfsRelReadAhead()
Definition at line 72 of file fastio.c.
Referenced by DriverEntry().
◆ NtfsSetEndOfFile()
| NTSTATUS NtfsSetEndOfFile | ( | PNTFS_FCB | Fcb, |
| PFILE_OBJECT | FileObject, | ||
| PDEVICE_EXTENSION | DeviceExt, | ||
| ULONG | IrpFlags, | ||
| BOOLEAN | CaseSensitive, | ||
| PLARGE_INTEGER | NewFileSize | ||
| ) |
Definition at line 563 of file finfo.c.
569{
570 LARGE_INTEGER CurrentFileSize;
571 PFILE_RECORD_HEADER FileRecord;
572 PNTFS_ATTR_CONTEXT DataContext;
573 ULONG AttributeOffset;
576 PFILENAME_ATTRIBUTE FileNameAttribute;
577 ULONGLONG ParentMFTId;
579
580
581 // Allocate non-paged memory for the file record
582 FileRecord = ExAllocateFromNPagedLookasideList(&DeviceExt->FileRecLookasideList);
584 {
587 }
588
589 // read the file record
593 {
594 // We couldn't get the file's record. Free the memory and return the error
596 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, FileRecord);
598 }
599
601
603
604 // Are we trying to decrease the file size?
606 {
607 // Is the file mapped?
609 NewFileSize))
610 {
612 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, FileRecord);
614 }
615 }
616
617 // Find the attribute with the data stream for our file
620 FileRecord,
621 AttributeData,
624 &DataContext,
625 &AttributeOffset);
626
627 // Did we fail to find the attribute?
629 {
631 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, FileRecord);
633 }
634
635 // Get the size of the data attribute
637
638 // Are we enlarging the attribute?
640 {
641 // is increasing the stream size not allowed?
643 (IrpFlags & IRP_PAGING_IO))
644 {
645 // TODO - just fail for now
646 ReleaseAttributeContext(DataContext);
647 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, FileRecord);
649 }
650 }
651
652 // set the attribute data length
653 Status = SetAttributeDataLength(FileObject, Fcb, DataContext, AttributeOffset, FileRecord, NewFileSize);
655 {
656 ReleaseAttributeContext(DataContext);
657 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, FileRecord);
659 }
660
661 // now we need to update this file's size in every directory index entry that references it
662 // TODO: expand to work with every filename / hardlink stored in the file record.
665 {
667 ReleaseAttributeContext(DataContext);
668 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, FileRecord);
670 }
671
673
677
679
681 ParentMFTId,
682 &FileName,
683 FALSE,
685 AllocationSize,
686 CaseSensitive);
687
688 ReleaseAttributeContext(DataContext);
689 ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, FileRecord);
690
692}
NTSTATUS UpdateFileNameRecord(PDEVICE_EXTENSION Vcb, ULONGLONG ParentMFTIndex, PUNICODE_STRING FileName, BOOLEAN DirSearch, ULONGLONG NewDataSize, ULONGLONG NewAllocationSize, BOOLEAN CaseSensitive)
Definition: mft.c:1660
NTSTATUS SetAttributeDataLength(PFILE_OBJECT FileObject, PNTFS_FCB Fcb, PNTFS_ATTR_CONTEXT AttrContext, ULONG AttrOffset, PFILE_RECORD_HEADER FileRecord, PLARGE_INTEGER DataSize)
Definition: mft.c:615
BOOLEAN NTAPI MmCanFileBeTruncated(_In_ PSECTION_OBJECT_POINTERS SectionObjectPointer, _In_opt_ PLARGE_INTEGER NewFileSize)
Definition: section.c:4255
Referenced by NtfsSetInformation().
◆ NtfsSetInformation()
| NTSTATUS NtfsSetInformation | ( | PNTFS_IRP_CONTEXT | IrpContext | ) |
Definition at line 719 of file finfo.c.
720{
723 PDEVICE_EXTENSION DeviceExt;
726 PVOID SystemBuffer;
731
733
737 DeviceExt = DeviceObject->DeviceExtension;
741
742 SystemBuffer = Irp->AssociatedIrp.SystemBuffer;
744
747 {
749 }
750
752 {
753 PFILE_END_OF_FILE_INFORMATION EndOfFileInfo;
754
755 /* TODO: Allocation size is not actually the same as file end for NTFS,
756 however, few applications are likely to make the distinction. */
760 EndOfFileInfo = (PFILE_END_OF_FILE_INFORMATION)SystemBuffer;
762 FileObject,
763 DeviceExt,
766 &EndOfFileInfo->EndOfFile);
767 break;
768
769 // TODO: all other information classes
770
771 default:
772 DPRINT1("FIXME: Unimplemented information class: %s\n", GetInfoClassName(FileInformationClass));
774 }
775
777
779 Irp->IoStatus.Information =
781 else
782 Irp->IoStatus.Information = 0;
783
785}
struct _FILE_END_OF_FILE_INFORMATION * PFILE_END_OF_FILE_INFORMATION
NTSTATUS NtfsSetEndOfFile(PNTFS_FCB Fcb, PFILE_OBJECT FileObject, PDEVICE_EXTENSION DeviceExt, ULONG IrpFlags, BOOLEAN CaseSensitive, PLARGE_INTEGER NewFileSize)
Definition: finfo.c:563
Definition: nt_native.h:976
Referenced by NtfsDispatch().
◆ NtfsSetVolumeInformation()
| NTSTATUS NtfsSetVolumeInformation | ( | PNTFS_IRP_CONTEXT | IrpContext | ) |
Definition at line 420 of file volinfo.c.
Referenced by NtfsDispatch().
◆ NtfsWrite()
| NTSTATUS NtfsWrite | ( | PNTFS_IRP_CONTEXT | IrpContext | ) |
Definition at line 537 of file rw.c.
538{
545 ULONG ReturnedWriteLength = 0;
550 ULONG BytesPerSector;
551
553 ASSERT(IrpContext);
554
555 // get the I/O request packet
557
558 // This request is not allowed on the main device object
560 {
562
563 Irp->IoStatus.Information = 0;
565 }
566
567 // get the File control block
570
572 DPRINT("NTFS Version: %d.%d\n", Fcb->Vcb->NtfsInfo.MajorVersion, Fcb->Vcb->NtfsInfo.MinorVersion);
573
574 // setup some more locals
577 DeviceExt = DeviceObject->DeviceExtension;
578 BytesPerSector = DeviceExt->StorageDevice->SectorSize;
580
581 // get the file offset we'll be writing to
584 ByteOffset.u.HighPart == -1)
585 {
587 }
588
590 Length, BytesPerSector);
591
593 {
594 // TODO: Support large files
597 }
598
599 // Is this a non-cached write? A non-buffered write?
602 {
603 // non-cached and non-buffered writes must be sector aligned
605 {
608 }
609 }
610
612 {
614
616
617 // FIXME: Doesn't accurately detect when a user passes NULL to WriteFile() for the buffer
619 {
620 // FIXME: Update last write time
622 }
623
625 }
626
627 // get the Resource
629 {
630 Resource = &DeviceExt->DirResource;
631 }
633 {
635 }
636 else
637 {
639 }
640
641 // acquire exclusive access to the Resource
642 if (!ExAcquireResourceExclusiveLite(Resource, BooleanFlagOn(IrpContext->Flags, IRPCONTEXT_CANWAIT)))
643 {
645 }
646
647 /* From VfatWrite(). Todo: Handle file locks
648 if (!(IrpContext->Irp->Flags & IRP_PAGING_IO) &&
649 FsRtlAreThereCurrentFileLocks(&Fcb->FileLock))
650 {
651 if (!FsRtlCheckLockForWriteAccess(&Fcb->FileLock, IrpContext->Irp))
652 {
653 Status = STATUS_FILE_LOCK_CONFLICT;
654 goto ByeBye;
655 }
656 }*/
657
658 // Is this an async request to a file?
660 {
662
665 }
666
667 // get the buffer of data the user is trying to write
670
671 // lock the buffer
673
674 // were we unable to lock the buffer?
676 {
678
681 }
682
683 DPRINT("Existing File Size(Fcb->RFCB.FileSize.QuadPart): %I64u\n", Fcb->RFCB.FileSize.QuadPart);
685
686 // TODO: handle HighPart of ByteOffset (large files)
687
688 // write the file
690 FileObject,
691 Buffer,
692 Length,
693 ByteOffset.LowPart,
696 &ReturnedWriteLength);
697
699
700 // was the write successful?
702 {
703 // TODO: Update timestamps
704
706 {
707 // advance the file pointer
709 }
710
712 }
713 else
714 {
716 }
717
718 Irp->IoStatus.Information = ReturnedWriteLength;
719
720 // Note: We leave the user buffer that we locked alone, it's up to the I/O manager to unlock and free it
721
723
725}
_Acquires_exclusive_lock_ Resource _Acquires_shared_lock_ Resource _Inout_ PERESOURCE Resource
Definition: cdprocs.h:843
NTSTATUS NtfsLockUserBuffer(IN PIRP Irp, IN ULONG Length, IN LOCK_OPERATION Operation)
Definition: misc.c:158
NTSTATUS NtfsWriteFile(PDEVICE_EXTENSION DeviceExt, PFILE_OBJECT FileObject, const PUCHAR Buffer, ULONG Length, ULONG WriteOffset, ULONG IrpFlags, BOOLEAN CaseSensitive, PULONG LengthWritten)
Definition: rw.c:311
IN PDCB IN PCCB IN VBO IN OUT PULONG OUT PDIRENT OUT PBCB OUT PVBO ByteOffset
Definition: fatprocs.h:731
union _IO_STACK_LOCATION::@1564 Parameters
struct _IO_STACK_LOCATION::@3978::@3983 Write
#define IRP_NOCACHE
Referenced by NtfsDispatch().
◆ NtfsWriteDisk()
| NTSTATUS NtfsWriteDisk | ( | IN PDEVICE_OBJECT | DeviceObject, |
| IN LONGLONG | StartingOffset, | ||
| IN ULONG | Length, | ||
| IN ULONG | SectorSize, | ||
| IN const PUCHAR | Buffer | ||
| ) |
Definition at line 163 of file blockdev.c.
168{
174 ULONGLONG RealWriteOffset;
175 ULONG RealLength;
178
179 DPRINT("NtfsWriteDisk(%p, %I64x, %lu, %lu, %p)\n", DeviceObject, StartingOffset, Length, SectorSize, Buffer);
180
183
185 RealLength = Length;
186
187 // Does the write need to be adjusted to be sector-aligned?
189 {
190 ULONGLONG relativeOffset;
191
192 // We need to do a read-modify-write. We'll start be copying the entire
193 // contents of every sector that will be overwritten.
194 // TODO: Optimize (read no more than necessary)
195
198
199 // Would the end of our sector-aligned write fall short of the requested write?
201 {
202 RealLength += SectorSize;
203 }
204
205 // Did we underestimate the memory required somehow?
207 {
211
212 RealLength += SectorSize;
213 }
214
215 // Allocate a buffer to copy the existing data to
217
218 // Did we fail to allocate it?
220 {
222
224 }
225
226 // Read the sectors we'll be overwriting into TempBuffer
227 Status = NtfsReadDisk(DeviceObject, RealWriteOffset, RealLength, SectorSize, TempBuffer, FALSE);
228
229 // Did we fail the read?
231 {
232 RtlSecureZeroMemory(TempBuffer, RealLength);
235 }
236
237 // Calculate where the new data should be written to, relative to the start of TempBuffer
238 relativeOffset = StartingOffset - RealWriteOffset;
239
240 // Modify the tempbuffer with the data being read
242
243 AllocatedBuffer = TRUE;
244 }
245
246 // set the destination offset
247 Offset.QuadPart = RealWriteOffset;
248
249 // setup the notification event for the write
251 NotificationEvent,
252 FALSE);
253
255
256 // Build an IRP requesting the lower-level [disk] driver to perform the write
257 // TODO: Forward the existing IRP instead
259 DeviceObject,
260 // if we allocated a temp buffer, use that instead of the Buffer parameter
261 ((AllocatedBuffer) ? TempBuffer : Buffer),
262 RealLength,
263 &Offset,
264 &Event,
265 &IoStatus);
266 // Did we fail to build the IRP?
268 {
270
271 if (AllocatedBuffer)
272 {
273 RtlSecureZeroMemory(TempBuffer, RealLength);
275 }
276
278 }
279
280 // Call the next-lower driver to perform the write
283
284 // Wait until the next-lower driver has completed the IRP
287 {
292 }
293
294 if (AllocatedBuffer)
295 {
296 // zero the buffer before freeing it, so private user data can't be snooped
297 RtlSecureZeroMemory(TempBuffer, RealLength);
298
300 }
301
303
305}
FORCEINLINE PVOID RtlSecureZeroMemory(_Out_writes_bytes_all_(Size) PVOID Pointer, _In_ SIZE_T Size)
Definition: rtlfuncs.h:3125
Referenced by WriteAttribute().
◆ PrepareAttributeContext()
| PNTFS_ATTR_CONTEXT PrepareAttributeContext | ( | PNTFS_ATTR_RECORD | AttrRecord | ) |
Definition at line 41 of file mft.c.
42{
44
47 {
50 }
51
52 // Allocate memory for a copy of the attribute
55 {
59 }
60
61 // Copy the attribute
63
65 {
66 LONGLONG DataRunOffset;
67 ULONGLONG DataRunLength;
68 ULONGLONG NextVBN = 0;
69 PUCHAR DataRun = (PUCHAR)((ULONG_PTR)Context->pRecord + Context->pRecord->NonResident.MappingPairsOffset);
70
71 Context->CacheRun = DataRun;
72 Context->CacheRunOffset = 0;
74 Context->CacheRunLength = DataRunLength;
75 if (DataRunOffset != -1)
76 {
77 /* Normal run. */
78 Context->CacheRunStartLCN =
79 Context->CacheRunLastLCN = DataRunOffset;
80 }
81 else
82 {
83 /* Sparse run. */
84 Context->CacheRunStartLCN = -1;
85 Context->CacheRunLastLCN = 0;
86 }
87 Context->CacheRunCurrentOffset = 0;
88
89 // Convert the data runs to a map control block
91 {
96 }
97 }
98
100}
NTSTATUS ConvertDataRunsToLargeMCB(PUCHAR DataRun, PLARGE_MCB DataRunsMCB, PULONGLONG pNextVBN)
Definition: attrib.c:825
NPAGED_LOOKASIDE_LIST AttrCtxtLookasideList
Definition: ntfs.h:154
Referenced by FindAttribute(), and InternalReadNonResidentAttributes().
◆ ReadAttribute()
| ULONG ReadAttribute | ( | PDEVICE_EXTENSION | Vcb, |
| PNTFS_ATTR_CONTEXT | Context, | ||
| ULONGLONG | Offset, | ||
| PCHAR | Buffer, | ||
| ULONG | Length | ||
| ) |
Definition at line 1065 of file mft.c.
1070{
1071 ULONGLONG LastLCN;
1072 PUCHAR DataRun;
1073 LONGLONG DataRunOffset;
1074 ULONGLONG DataRunLength;
1075 LONGLONG DataRunStartLCN;
1076 ULONGLONG CurrentOffset;
1078 ULONG AlreadyRead;
1080
1081 //TEMPTEMP
1082 PUCHAR TempBuffer;
1083
1085 {
1086 // We need to truncate Offset to a ULONG for pointer arithmetic
1087 // The check below should ensure that Offset is well within the range of 32 bits
1089
1090 // Ensure that offset isn't beyond the end of the attribute
1092 return 0;
1095
1096 RtlCopyMemory(Buffer, (PVOID)((ULONG_PTR)Context->pRecord + Context->pRecord->Resident.ValueOffset + LittleOffset), Length);
1098 }
1099
1100 /*
1101 * Non-resident attribute
1102 */
1103
1104 /*
1105 * I. Find the corresponding start data run.
1106 */
1107
1108 AlreadyRead = 0;
1109
1110 // FIXME: Cache seems to be non-working. Disable it for now
1111 //if(Context->CacheRunOffset <= Offset && Offset < Context->CacheRunOffset + Context->CacheRunLength * Volume->ClusterSize)
1112 if (0)
1113 {
1114 DataRun = Context->CacheRun;
1115 LastLCN = Context->CacheRunLastLCN;
1116 DataRunStartLCN = Context->CacheRunStartLCN;
1117 DataRunLength = Context->CacheRunLength;
1118 CurrentOffset = Context->CacheRunCurrentOffset;
1119 }
1120 else
1121 {
1122 //TEMPTEMP
1123 ULONG UsedBufferSize;
1126 {
1128 }
1129
1130 LastLCN = 0;
1131 CurrentOffset = 0;
1132
1133 // This will be rewritten in the next iteration to just use the DataRuns MCB directly
1135 TempBuffer,
1136 Vcb->NtfsInfo.BytesPerFileRecord,
1137 &UsedBufferSize);
1138
1139 DataRun = TempBuffer;
1140
1141 while (1)
1142 {
1143 DataRun = DecodeRun(DataRun, &DataRunOffset, &DataRunLength);
1144 if (DataRunOffset != -1)
1145 {
1146 /* Normal data run. */
1147 DataRunStartLCN = LastLCN + DataRunOffset;
1148 LastLCN = DataRunStartLCN;
1149 }
1150 else
1151 {
1152 /* Sparse data run. */
1153 DataRunStartLCN = -1;
1154 }
1155
1158 {
1159 break;
1160 }
1161
1162 if (*DataRun == 0)
1163 {
1165 return AlreadyRead;
1166 }
1167
1168 CurrentOffset += DataRunLength * Vcb->NtfsInfo.BytesPerCluster;
1169 }
1170 }
1171
1172 /*
1173 * II. Go through the run list and read the data
1174 */
1175
1176 ReadLength = (ULONG)min(DataRunLength * Vcb->NtfsInfo.BytesPerCluster - (Offset - CurrentOffset), Length);
1177 if (DataRunStartLCN == -1)
1178 {
1181 }
1182 else
1183 {
1186 ReadLength,
1187 Vcb->NtfsInfo.BytesPerSector,
1189 FALSE);
1190 }
1192 {
1195 AlreadyRead += ReadLength;
1196
1198 {
1199 CurrentOffset += DataRunLength * Vcb->NtfsInfo.BytesPerCluster;
1200 DataRun = DecodeRun(DataRun, &DataRunOffset, &DataRunLength);
1202 {
1203 DataRunStartLCN = LastLCN + DataRunOffset;
1204 LastLCN = DataRunStartLCN;
1205 }
1206 else
1207 DataRunStartLCN = -1;
1208 }
1209
1211 {
1213 if (DataRunStartLCN == -1)
1215 else
1216 {
1218 DataRunStartLCN * Vcb->NtfsInfo.BytesPerCluster,
1219 ReadLength,
1220 Vcb->NtfsInfo.BytesPerSector,
1222 FALSE);
1224 break;
1225 }
1226
1229 AlreadyRead += ReadLength;
1230
1231 /* We finished this request, but there still data in this data run. */
1233 break;
1234
1235 /*
1236 * Go to next run in the list.
1237 */
1238
1239 if (*DataRun == 0)
1240 break;
1241 CurrentOffset += DataRunLength * Vcb->NtfsInfo.BytesPerCluster;
1242 DataRun = DecodeRun(DataRun, &DataRunOffset, &DataRunLength);
1243 if (DataRunOffset != -1)
1244 {
1245 /* Normal data run. */
1246 DataRunStartLCN = LastLCN + DataRunOffset;
1247 LastLCN = DataRunStartLCN;
1248 }
1249 else
1250 {
1251 /* Sparse data run. */
1252 DataRunStartLCN = -1;
1253 }
1254 } /* while */
1255
1256 } /* if Disk */
1257
1258 // TEMPTEMP
1261
1262 Context->CacheRun = DataRun;
1264 Context->CacheRunStartLCN = DataRunStartLCN;
1265 Context->CacheRunLength = DataRunLength;
1266 Context->CacheRunLastLCN = LastLCN;
1267 Context->CacheRunCurrentOffset = CurrentOffset;
1268
1269 return AlreadyRead;
1270}
Referenced by AddNewMftEntry(), AllocateIndexNode(), BrowseIndexEntries(), BrowseSubNodeIndexEntries(), CreateBTreeNodeFromIndexNode(), FreeClusters(), GetVolumeBitmap(), IncreaseMftSize(), InternalReadNonResidentAttributes(), NtfsAddFilenameToDirectory(), NtfsAllocateClusters(), NtfsFindMftRecord(), NtfsGetFreeClusters(), NtfsReadFCBAttribute(), NtfsReadFile(), PrintAllVCNs(), ReadFileRecord(), SetResidentAttributeDataLength(), UpdateFileNameRecord(), UpdateIndexEntryFileNameSize(), and UpdateMftMirror().
◆ ReadFileRecord()
| NTSTATUS ReadFileRecord | ( | PDEVICE_EXTENSION | Vcb, |
| ULONGLONG | index, | ||
| PFILE_RECORD_HEADER | file | ||
| ) |
Definition at line 1631 of file mft.c.
1634{
1636
1638
1639 BytesRead = ReadAttribute(Vcb, Vcb->MFTContext, index * Vcb->NtfsInfo.BytesPerFileRecord, (PCHAR)file, Vcb->NtfsInfo.BytesPerFileRecord);
1641 {
1642 DPRINT1("ReadFileRecord failed: %I64u read, %lu expected\n", BytesRead, Vcb->NtfsInfo.BytesPerFileRecord);
1644 }
1645
1646 /* Apply update sequence array fixups. */
1649}
NTSTATUS FixupUpdateSequenceArray(PDEVICE_EXTENSION Vcb, PNTFS_RECORD_HEADER Record)
Definition: mft.c:1965
_Must_inspect_result_ _In_ WDFIOTARGET _In_opt_ WDFREQUEST _In_opt_ PWDF_MEMORY_DESCRIPTOR _In_opt_ PLONGLONG _In_opt_ PWDF_REQUEST_SEND_OPTIONS _Out_opt_ PULONG_PTR BytesRead
Definition: wdfiotarget.h:870
Referenced by FindAttribute(), FreeClusters(), GetNtfsFileRecord(), GetVolumeBitmap(), NtfsAddFilenameToDirectory(), NtfsAllocateClusters(), NtfsCreateFile(), NtfsFindFileAt(), NtfsFindMftRecord(), NtfsGetFreeClusters(), NtfsGetStreamInformation(), NtfsGetVolumeData(), NtfsLookupFileAt(), NtfsMakeRootFCB(), NtfsMoonWalkID(), NtfsOpenFileById(), NtfsReadFCBAttribute(), NtfsReadFile(), NtfsSetEndOfFile(), NtfsWriteFile(), UpdateFileNameRecord(), UpdateMftMirror(), and WriteAttribute().
◆ ReadLCN()
| NTSTATUS ReadLCN | ( | PDEVICE_EXTENSION | Vcb, |
| ULONGLONG | lcn, | ||
| ULONG | count, | ||
| PVOID | buffer | ||
| ) |
Definition at line 2631 of file mft.c.
2635{
2636 LARGE_INTEGER DiskSector;
2637
2638 DiskSector.QuadPart = lcn;
2639
2643 Vcb->NtfsInfo.BytesPerSector,
2644 buffer,
2645 FALSE);
2646}
NTSTATUS NtfsReadSectors(IN PDEVICE_OBJECT DeviceObject, IN ULONG DiskSector, IN ULONG SectorCount, IN ULONG SectorSize, IN OUT PUCHAR Buffer, IN BOOLEAN Override)
Definition: blockdev.c:308
struct _LARGE_INTEGER::@2295 u
◆ ReadVCN()
| VOID ReadVCN | ( | PDEVICE_EXTENSION | Vcb, |
| PFILE_RECORD_HEADER | file, | ||
| ATTRIBUTE_TYPE | type, | ||
| ULONGLONG | vcn, | ||
| ULONG | count, | ||
| PVOID | buffer | ||
| ) |
◆ ReleaseAttributeContext()
| VOID ReleaseAttributeContext | ( | PNTFS_ATTR_CONTEXT | Context | ) |
Definition at line 104 of file mft.c.
105{
107 {
109 {
111 }
112
114 }
115
117}
Referenced by AddNewMftEntry(), AllocateIndexNode(), BrowseIndexEntries(), CreateBTreeFromIndex(), FreeClusters(), GetVolumeBitmap(), IncreaseMftSize(), InternalReadNonResidentAttributes(), NtfsAddFilenameToDirectory(), NtfsAllocateClusters(), NtfsCreateFile(), NtfsDirFindFile(), NtfsFindMftRecord(), NtfsGetFileSize(), NtfsGetFreeClusters(), NtfsGetVolumeData(), NtfsReadFCBAttribute(), NtfsReadFile(), NtfsSetEndOfFile(), NtfsWriteFile(), UpdateFileNameRecord(), UpdateIndexAllocation(), UpdateIndexEntryFileNameSize(), UpdateMftMirror(), and WriteAttribute().
◆ SetAttributeDataLength()
| NTSTATUS SetAttributeDataLength | ( | PFILE_OBJECT | FileObject, |
| PNTFS_FCB | Fcb, | ||
| PNTFS_ATTR_CONTEXT | AttrContext, | ||
| ULONG | AttrOffset, | ||
| PFILE_RECORD_HEADER | FileRecord, | ||
| PLARGE_INTEGER | DataSize | ||
| ) |
@parameter FileRecord Pointer to a file record. Must be a full record at least Fcb->Vcb->NtfsInfo.BytesPerFileRecord bytes large, not just the header.
Definition at line 615 of file mft.c.
621{
623
625 FileObject,
626 Fcb,
627 AttrContext,
628 AttrOffset,
629 FileRecord,
630 DataSize->QuadPart);
631
632 // are we truncating the file?
634 {
636 {
639 }
640 }
641
642 if (AttrContext->pRecord->IsNonResident)
643 {
645 AttrContext,
646 AttrOffset,
647 FileRecord,
648 DataSize);
649 }
650 else
651 {
652 // resident attribute
654 AttrContext,
655 AttrOffset,
656 FileRecord,
657 DataSize);
658 }
659
661 {
664 }
665
666 //NtfsDumpFileAttributes(Fcb->Vcb, FileRecord);
667
668 // write the updated file record back to disk
670
672 {
673 if (AttrContext->pRecord->IsNonResident)
675 else
680 }
681
683}
VOID NTAPI CcSetFileSizes(IN PFILE_OBJECT FileObject, IN PCC_FILE_SIZES FileSizes)
Definition: fssup.c:356
NTSTATUS SetNonResidentAttributeDataLength(PDEVICE_EXTENSION Vcb, PNTFS_ATTR_CONTEXT AttrContext, ULONG AttrOffset, PFILE_RECORD_HEADER FileRecord, PLARGE_INTEGER DataSize)
Definition: mft.c:756
NTSTATUS SetResidentAttributeDataLength(PDEVICE_EXTENSION Vcb, PNTFS_ATTR_CONTEXT AttrContext, ULONG AttrOffset, PFILE_RECORD_HEADER FileRecord, PLARGE_INTEGER DataSize)
Definition: mft.c:891
Referenced by NtfsCreateFile(), NtfsSetEndOfFile(), and NtfsWriteFile().
◆ SetFileRecordEnd()
| VOID SetFileRecordEnd | ( | PFILE_RECORD_HEADER | FileRecord, |
| PNTFS_ATTR_RECORD | AttrEnd, | ||
| ULONG | EndMarker | ||
| ) |
Definition at line 706 of file mft.c.
709{
710 // Ensure AttrEnd is aligned on an 8-byte boundary, relative to FileRecord
712
713 // mark the end of attributes
715
716 // Restore the "file-record-end marker." The value is never checked but this behavior is consistent with Win2k3.
717 AttrEnd->Length = EndMarker;
718
719 // recalculate bytes in use
721}
Referenced by AddBitmap(), AddData(), AddFileName(), AddIndexAllocation(), AddIndexRoot(), AddRun(), AddStandardInformation(), FreeClusters(), InternalSetResidentAttributeLength(), and SetResidentAttributeDataLength().
◆ SetNonResidentAttributeDataLength()
| NTSTATUS SetNonResidentAttributeDataLength | ( | PDEVICE_EXTENSION | Vcb, |
| PNTFS_ATTR_CONTEXT | AttrContext, | ||
| ULONG | AttrOffset, | ||
| PFILE_RECORD_HEADER | FileRecord, | ||
| PLARGE_INTEGER | DataSize | ||
| ) |
Definition at line 756 of file mft.c.
761{
765 PNTFS_ATTR_RECORD DestinationAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)FileRecord + AttrOffset);
766 ULONG ExistingClusters = AttrContext->pRecord->NonResident.AllocatedSize / BytesPerCluster;
767
768 ASSERT(AttrContext->pRecord->IsNonResident);
769
770 // do we need to increase the allocation size?
772 {
774 LARGE_INTEGER LastClusterInDataRun;
775 ULONG NextAssignedCluster;
776 ULONG AssignedClusters;
777
778 if (ExistingClusters == 0)
779 {
780 LastClusterInDataRun.QuadPart = 0;
781 }
782 else
783 {
785 (LONGLONG)AttrContext->pRecord->NonResident.HighestVCN,
787 NULL,
788 NULL,
789 NULL,
790 NULL))
791 {
793
794 // Most likely, HighestVCN went above the largest mapping
797 }
798 }
799
802
803 while (ClustersNeeded > 0)
804 {
806 LastClusterInDataRun.LowPart + 1,
807 ClustersNeeded,
808 &NextAssignedCluster,
809 &AssignedClusters);
810
812 {
815 }
816
817 // now we need to add the clusters we allocated to the data run
818 Status = AddRun(Vcb, AttrContext, AttrOffset, FileRecord, NextAssignedCluster, AssignedClusters);
820 {
823 }
824
825 ClustersNeeded -= AssignedClusters;
826 LastClusterInDataRun.LowPart = NextAssignedCluster + AssignedClusters - 1;
827 }
828 }
830 {
831 // shrink allocation size
834 }
835
836 // TODO: is the file compressed, encrypted, or sparse?
837
838 AttrContext->pRecord->NonResident.AllocatedSize = AllocationSize;
839 AttrContext->pRecord->NonResident.DataSize = DataSize->QuadPart;
840 AttrContext->pRecord->NonResident.InitializedSize = DataSize->QuadPart;
841
845
846 // HighestVCN seems to be set incorrectly somewhere. Apply a hack-fix to reset it.
847 // HACKHACK FIXME: Fix for sparse files; this math won't work in that case.
848 AttrContext->pRecord->NonResident.HighestVCN = ((ULONGLONG)AllocationSize / Vcb->NtfsInfo.BytesPerCluster) - 1;
849 DestinationAttribute->NonResident.HighestVCN = AttrContext->pRecord->NonResident.HighestVCN;
850
852
854}
NTSTATUS AddRun(PNTFS_VCB Vcb, PNTFS_ATTR_CONTEXT AttrContext, ULONG AttrOffset, PFILE_RECORD_HEADER FileRecord, ULONGLONG NextAssignedCluster, ULONG RunLength)
Definition: attrib.c:599
NTSTATUS NtfsAllocateClusters(PDEVICE_EXTENSION DeviceExt, ULONG FirstDesiredCluster, ULONG DesiredClusters, PULONG FirstAssignedCluster, PULONG AssignedClusters)
Definition: volinfo.c:105
BOOLEAN NTAPI FsRtlLookupLargeMcbEntry(IN PLARGE_MCB Mcb, IN LONGLONG Vbn, OUT PLONGLONG Lbn OPTIONAL, OUT PLONGLONG SectorCountFromLbn OPTIONAL, OUT PLONGLONG StartingLbn OPTIONAL, OUT PLONGLONG SectorCountFromStartingLbn OPTIONAL, OUT PULONG Index OPTIONAL)
Definition: largemcb.c:560
Referenced by AllocateIndexNode(), IncreaseMftSize(), SetAttributeDataLength(), and SetResidentAttributeDataLength().
◆ SetResidentAttributeDataLength()
| NTSTATUS SetResidentAttributeDataLength | ( | PDEVICE_EXTENSION | Vcb, |
| PNTFS_ATTR_CONTEXT | AttrContext, | ||
| ULONG | AttrOffset, | ||
| PFILE_RECORD_HEADER | FileRecord, | ||
| PLARGE_INTEGER | DataSize | ||
| ) |
Definition at line 891 of file mft.c.
896{
898
899 // find the next attribute
900 ULONG NextAttributeOffset = AttrOffset + AttrContext->pRecord->Length;
902
903 ASSERT(!AttrContext->pRecord->IsNonResident);
904
905 //NtfsDumpFileAttributes(Vcb, FileRecord);
906
907 // Do we need to increase the data length?
909 {
910 // There's usually padding at the end of a record. Do we need to extend past it?
911 ULONG MaxValueLength = AttrContext->pRecord->Length - AttrContext->pRecord->Resident.ValueOffset;
912 if (MaxValueLength < DataSize->LowPart)
913 {
914 // If this is the last attribute, we could move the end marker to the very end of the file record
916
918 {
919 // convert attribute to non-resident
921 PNTFS_ATTR_RECORD NewRecord;
922 LARGE_INTEGER AttribDataSize;
923 PVOID AttribData;
924 ULONG NewRecordLength;
925 ULONG EndAttributeOffset;
926 ULONG LengthWritten;
927
929
930 AttribDataSize.QuadPart = AttrContext->pRecord->Resident.ValueLength;
931
932 // Is there existing data we need to back-up?
934 {
937 {
938 DPRINT1("ERROR: Couldn't allocate memory for attribute data. Can't migrate to non-resident!\n");
940 }
941
942 // read data to temp buffer
945 {
949 }
950 }
951
952 // Start by turning this attribute into a 0-length, non-resident attribute, then enlarge it.
953
954 // The size of a 0-length, non-resident attribute will be 0x41 + the size of the attribute name, aligned to an 8-byte boundary
955 NewRecordLength = ALIGN_UP_BY(0x41 + (AttrContext->pRecord->NameLength * sizeof(WCHAR)), ATTR_RECORD_ALIGNMENT);
956
957 // Create a new attribute record that will store the 0-length, non-resident attribute
959
960 // Zero out the NonResident structure
961 RtlZeroMemory(NewRecord, NewRecordLength);
962
963 // Copy the data that's common to both non-resident and resident attributes
964 RtlCopyMemory(NewRecord, AttrContext->pRecord, FIELD_OFFSET(NTFS_ATTR_RECORD, Resident.ValueLength));
965
966 // if there's a name
967 if (AttrContext->pRecord->NameLength != 0)
968 {
969 // copy the name
970 // An attribute name will be located at offset 0x18 for a resident attribute, 0x40 for non-resident
974 }
975
976 // update the mapping pairs offset, which will be 0x40 (size of a non-resident header) + length in bytes of the name
977 NewRecord->NonResident.MappingPairsOffset = 0x40 + (AttrContext->pRecord->NameLength * sizeof(WCHAR));
978
979 // update the end of the file record
980 // calculate position of end markers (1 byte for empty data run)
981 EndAttributeOffset = AttrOffset + NewRecord->NonResident.MappingPairsOffset + 1;
983
984 // Update the length
985 NewRecord->Length = EndAttributeOffset - AttrOffset;
986
988
989 // Copy the new attribute record into the file record
991
992 // Update the file record end
993 SetFileRecordEnd(FileRecord,
995 FILE_RECORD_END);
996
997 // Initialize the MCB, potentially catch an exception
998 _SEH2_TRY
999 {
1001 }
1003 {
1009 } _SEH2_END;
1010
1011 // Mark the attribute as non-resident (we wait until after we know the LargeMcb was initialized)
1013
1014 // Update file record on disk
1017 {
1023 }
1024
1025 // Now we need to free the old copy of the attribute record in the context and replace it with the new one
1027 AttrContext->pRecord = NewRecord;
1028
1029 // Now we can treat the attribute as non-resident and enlarge it normally
1030 Status = SetNonResidentAttributeDataLength(Vcb, AttrContext, AttrOffset, FileRecord, DataSize);
1032 {
1037 }
1038
1039 // restore the back-up attribute, if we made one
1041 {
1042 Status = WriteAttribute(Vcb, AttrContext, 0, AttribData, AttribDataSize.QuadPart, &LengthWritten, FileRecord);
1044 {
1046 // TODO: Reverse migration so no data is lost
1049 }
1050
1052 }
1053 }
1054 }
1055 }
1056
1057 // set the new length of the resident attribute (if we didn't migrate it)
1058 if (!AttrContext->pRecord->IsNonResident)
1059 return InternalSetResidentAttributeLength(Vcb, AttrContext, FileRecord, AttrOffset, DataSize->LowPart);
1060
1062}
Referenced by AllocateIndexNode(), IncreaseMftSize(), and SetAttributeDataLength().
◆ SplitBTreeNode()
| NTSTATUS SplitBTreeNode | ( | PB_TREE | Tree, |
| PB_TREE_FILENAME_NODE | Node, | ||
| PB_TREE_KEY * | MedianKey, | ||
| PB_TREE_FILENAME_NODE * | NewRightHandSibling, | ||
| BOOLEAN | CaseSensitive | ||
| ) |
Definition at line 1883 of file btree.c.
1888{
1889 ULONG MedianKeyIndex;
1890 PB_TREE_KEY LastKeyBeforeMedian, FirstKeyAfterMedian;
1891 ULONG KeyCount;
1892 ULONG HalfSize;
1893 ULONG SizeSum;
1895
1897 Tree,
1898 Node,
1899 MedianKey,
1900 NewRightHandSibling,
1901 CaseSensitive ? "TRUE" : "FALSE");
1902
1903#ifndef NDEBUG
1905#endif
1906
1907 // Create the right hand sibling
1908 *NewRightHandSibling = ExAllocatePoolWithTag(NonPagedPool, sizeof(B_TREE_FILENAME_NODE), TAG_NTFS);
1910 {
1913 }
1915 (*NewRightHandSibling)->DiskNeedsUpdating = TRUE;
1916
1917
1918 // Find the last key before the median
1919
1920 // This is roughly how NTFS-3G calculates median, and it's not congruent with what Windows does:
1921 /*
1922 // find the median key index
1923 MedianKeyIndex = (Node->KeyCount + 1) / 2;
1924 MedianKeyIndex--;
1925
1926 LastKeyBeforeMedian = Node->FirstKey;
1927 for (i = 0; i < MedianKeyIndex - 1; i++)
1928 LastKeyBeforeMedian = LastKeyBeforeMedian->NextKey;*/
1929
1930 // The method we'll use is a little bit closer to how Windows determines the median but it's not identical.
1931 // What Windows does is actually more complicated than this, I think because Windows allocates more slack space to Odd-numbered
1932 // Index Records, leaving less room for index entries in these records (I haven't discovered why this is done).
1933 // (Neither Windows nor chkdsk complain if we choose a different median than Windows would have chosen, as our median will be in the ballpark)
1934
1935 // Use size to locate the median key / index
1936 LastKeyBeforeMedian = Node->FirstKey;
1937 MedianKeyIndex = 0;
1938 HalfSize = 2016; // half the allocated size after subtracting the first index entry offset (TODO: MATH)
1939 SizeSum = 0;
1941 {
1943
1944 if (SizeSum > HalfSize)
1945 break;
1946
1947 MedianKeyIndex++;
1948 LastKeyBeforeMedian = LastKeyBeforeMedian->NextKey;
1949 }
1950
1951 // Now we can get the median key and the key that follows it
1952 *MedianKey = LastKeyBeforeMedian->NextKey;
1953 FirstKeyAfterMedian = (*MedianKey)->NextKey;
1954
1956 DPRINT1("\t\tMedian: %.*S\n", (*MedianKey)->IndexEntry->FileName.NameLength, (*MedianKey)->IndexEntry->FileName.Name);
1957
1958 // "Node" will be the left hand sibling after the split, containing all keys prior to the median key
1959
1960 // We need to create a dummy pointer at the end of the LHS. The dummy's child will be the median's child.
1961 LastKeyBeforeMedian->NextKey = CreateDummyKey(BooleanFlagOn((*MedianKey)->IndexEntry->Flags, NTFS_INDEX_ENTRY_NODE));
1963 {
1965 LastKeyBeforeMedian->NextKey = *MedianKey;
1968 }
1969
1970 // Did the median key have a child node?
1972 {
1973 // Set the child of the new dummy key
1974 LastKeyBeforeMedian->NextKey->LesserChild = (*MedianKey)->LesserChild;
1975
1976 // Give the dummy key's index entry the same sub-node VCN the median
1977 SetIndexEntryVCN(LastKeyBeforeMedian->NextKey->IndexEntry, GetIndexEntryVCN((*MedianKey)->IndexEntry));
1978 }
1979 else
1980 {
1981 // Median key didn't have a child node, but it will. Create a new index entry large enough to store a VCN.
1984 TAG_NTFS);
1985 if (!NewIndexEntry)
1986 {
1988 LastKeyBeforeMedian->NextKey = *MedianKey;
1991 }
1992
1993 // Copy the old index entry to the new one
1994 RtlCopyMemory(NewIndexEntry, (*MedianKey)->IndexEntry, (*MedianKey)->IndexEntry->Length);
1995
1996 // Use the new index entry after freeing the old one
1998 (*MedianKey)->IndexEntry = NewIndexEntry;
1999
2000 // Update the length for the VCN
2002
2003 // Set the node flag
2004 (*MedianKey)->IndexEntry->Flags |= NTFS_INDEX_ENTRY_NODE;
2005 }
2006
2007 // "Node" will become the child of the median key
2008 (*MedianKey)->LesserChild = Node;
2010
2011 // Update Node's KeyCount (remember to add 1 for the new dummy key)
2012 Node->KeyCount = MedianKeyIndex + 2;
2013
2016
2017 // everything to the right of MedianKey becomes the right hand sibling of Node
2018 (*NewRightHandSibling)->FirstKey = FirstKeyAfterMedian;
2019 (*NewRightHandSibling)->KeyCount = CountBTreeKeys(FirstKeyAfterMedian);
2020
2021#ifndef NDEBUG
2024
2027#endif
2028
2030}
ULONGLONG GetIndexEntryVCN(PINDEX_ENTRY_ATTRIBUTE IndexEntry)
Definition: btree.c:1641
VOID SetIndexEntryVCN(PINDEX_ENTRY_ATTRIBUTE IndexEntry, ULONGLONG VCN)
Definition: btree.c:1172
Referenced by NtfsInsertKey().
◆ UpdateFileNameRecord()
| NTSTATUS UpdateFileNameRecord | ( | PDEVICE_EXTENSION | Vcb, |
| ULONGLONG | ParentMFTIndex, | ||
| PUNICODE_STRING | FileName, | ||
| BOOLEAN | DirSearch, | ||
| ULONGLONG | NewDataSize, | ||
| ULONGLONG | NewAllocationSize, | ||
| BOOLEAN | CaseSensitive | ||
| ) |
Searches a file's parent directory (given the parent's index in the mft) for the given file. Upon finding an index entry for that file, updates Data Size and Allocated Size values in the $FILE_NAME attribute of that entry.
(Most of this code was copied from NtfsFindMftRecord)
Definition at line 1660 of file mft.c.
1667{
1668 PFILE_RECORD_HEADER MftRecord;
1669 PNTFS_ATTR_CONTEXT IndexRootCtx;
1670 PINDEX_ROOT_ATTRIBUTE IndexRoot;
1671 PCHAR IndexRecord;
1672 PINDEX_ENTRY_ATTRIBUTE IndexEntry, IndexEntryEnd;
1674 ULONG CurrentEntry = 0;
1675
1677 Vcb,
1678 ParentMFTIndex,
1679 FileName,
1680 DirSearch ? "TRUE" : "FALSE",
1681 NewDataSize,
1682 NewAllocationSize,
1683 CaseSensitive ? "TRUE" : "FALSE");
1684
1685 MftRecord = ExAllocateFromNPagedLookasideList(&Vcb->FileRecLookasideList);
1687 {
1689 }
1690
1693 {
1694 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MftRecord);
1696 }
1697
1701 {
1702 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MftRecord);
1704 }
1705
1706 IndexRecord = ExAllocatePoolWithTag(NonPagedPool, Vcb->NtfsInfo.BytesPerIndexRecord, TAG_NTFS);
1708 {
1709 ReleaseAttributeContext(IndexRootCtx);
1710 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MftRecord);
1712 }
1713
1714 Status = ReadAttribute(Vcb, IndexRootCtx, 0, IndexRecord, AttributeDataLength(IndexRootCtx->pRecord));
1716 {
1719 ReleaseAttributeContext(IndexRootCtx);
1720 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MftRecord);
1722 }
1723
1724 IndexRoot = (PINDEX_ROOT_ATTRIBUTE)IndexRecord;
1725 IndexEntry = (PINDEX_ENTRY_ATTRIBUTE)((PCHAR)&IndexRoot->Header + IndexRoot->Header.FirstEntryOffset);
1726 // Index root is always resident.
1728
1729 DPRINT("IndexRecordSize: %x IndexBlockSize: %x\n", Vcb->NtfsInfo.BytesPerIndexRecord, IndexRoot->SizeOfEntry);
1730
1732 MftRecord,
1733 IndexRecord,
1734 IndexRoot->SizeOfEntry,
1735 IndexEntry,
1736 IndexEntryEnd,
1737 FileName,
1738 &CurrentEntry,
1739 &CurrentEntry,
1740 DirSearch,
1741 NewDataSize,
1742 NewAllocationSize,
1743 CaseSensitive);
1744
1746 {
1747 // we need to write the index root attribute back to disk
1748 ULONG LengthWritten;
1749 Status = WriteAttribute(Vcb, IndexRootCtx, 0, (PUCHAR)IndexRecord, AttributeDataLength(IndexRootCtx->pRecord), &LengthWritten, MftRecord);
1751 {
1753 }
1754
1755 }
1756
1757 ReleaseAttributeContext(IndexRootCtx);
1759 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MftRecord);
1760
1762}
NTSTATUS UpdateIndexEntryFileNameSize(PDEVICE_EXTENSION Vcb, PFILE_RECORD_HEADER MftRecord, PCHAR IndexRecord, ULONG IndexBlockSize, PINDEX_ENTRY_ATTRIBUTE FirstEntry, PINDEX_ENTRY_ATTRIBUTE LastEntry, PUNICODE_STRING FileName, PULONG StartEntry, PULONG CurrentEntry, BOOLEAN DirSearch, ULONGLONG NewDataSize, ULONGLONG NewAllocatedSize, BOOLEAN CaseSensitive)
Definition: mft.c:1770
Referenced by NtfsSetEndOfFile(), and NtfsWriteFile().
◆ UpdateFileRecord()
| NTSTATUS UpdateFileRecord | ( | PDEVICE_EXTENSION | Vcb, |
| ULONGLONG | MftIndex, | ||
| PFILE_RECORD_HEADER | FileRecord | ||
| ) |
Definition at line 1931 of file mft.c.
1934{
1937
1939
1940 // Add the fixup array to prepare the data for writing to disk
1942
1943 // write the file record to the master file table
1945 Vcb->MFTContext,
1946 MftIndex * Vcb->NtfsInfo.BytesPerFileRecord,
1948 Vcb->NtfsInfo.BytesPerFileRecord,
1949 &BytesWritten,
1950 FileRecord);
1951
1953 {
1954 DPRINT1("UpdateFileRecord failed: %lu written, %lu expected\n", BytesWritten, Vcb->NtfsInfo.BytesPerFileRecord);
1955 }
1956
1957 // remove the fixup array (so the file record pointer can still be used)
1959
1961}
NTSTATUS AddFixupArray(PDEVICE_EXTENSION Vcb, PNTFS_RECORD_HEADER Record)
Definition: mft.c:2603
_Must_inspect_result_ _In_ WDFIOTARGET _In_opt_ WDFREQUEST _In_opt_ PWDF_MEMORY_DESCRIPTOR _In_opt_ PLONGLONG _In_opt_ PWDF_REQUEST_SEND_OPTIONS _Out_opt_ PULONG_PTR BytesWritten
Definition: wdfiotarget.h:960
Referenced by AddNewMftEntry(), AddRun(), AllocateIndexNode(), FreeClusters(), IncreaseMftSize(), NtfsAddFilenameToDirectory(), SetAttributeDataLength(), SetResidentAttributeDataLength(), and WriteAttribute().
◆ UpdateIndexAllocation()
| NTSTATUS UpdateIndexAllocation | ( | PDEVICE_EXTENSION | DeviceExt, |
| PB_TREE | Tree, | ||
| ULONG | IndexBufferSize, | ||
| PFILE_RECORD_HEADER | FileRecord | ||
| ) |
Definition at line 1182 of file btree.c.
1186{
1187 // Find the index allocation and bitmap
1188 PNTFS_ATTR_CONTEXT IndexAllocationContext;
1189 PB_TREE_KEY CurrentKey;
1193 ULONG IndexAllocationOffset;
1194
1196
1197 Status = FindAttribute(DeviceExt, FileRecord, AttributeIndexAllocation, L"$I30", 4, &IndexAllocationContext, &IndexAllocationOffset);
1199 {
1200 HasIndexAllocation = TRUE;
1201
1202#ifndef NDEBUG
1203 PrintAllVCNs(DeviceExt,
1204 IndexAllocationContext,
1205 IndexBufferSize);
1206#endif
1207 }
1208 // Walk through the root node and update all the sub-nodes
1209 CurrentKey = Tree->RootNode->FirstKey;
1211 {
1213 {
1214 if (!HasIndexAllocation)
1215 {
1216 // We need to add an index allocation to the file record
1217 PNTFS_ATTR_RECORD EndMarker = (PNTFS_ATTR_RECORD)((ULONG_PTR)FileRecord + FileRecord->BytesInUse - (sizeof(ULONG) * 2));
1219
1220 // Add index allocation to the very end of the file record
1222 FileRecord,
1223 EndMarker,
1225 4);
1227 {
1230 }
1231
1232 // Find the new attribute
1233 Status = FindAttribute(DeviceExt, FileRecord, AttributeIndexAllocation, L"$I30", 4, &IndexAllocationContext, &IndexAllocationOffset);
1235 {
1238 }
1239
1240 // Advance end marker
1242
1243 // Add index bitmap to the very end of the file record
1245 FileRecord,
1246 EndMarker,
1248 4);
1250 {
1252 ReleaseAttributeContext(IndexAllocationContext);
1254 }
1255
1256 HasIndexAllocation = TRUE;
1257 }
1258
1259 // Is the Index Entry large enough to store the VCN?
1261 {
1262 // Allocate memory for the larger index entry
1265 TAG_NTFS);
1266 if (!NewEntry)
1267 {
1269 if (HasIndexAllocation)
1270 ReleaseAttributeContext(IndexAllocationContext);
1272 }
1273
1274 // Copy the old entry to the new one
1276
1278
1279 // Free the old memory
1281
1282 CurrentKey->IndexEntry = NewEntry;
1284 }
1285
1286 // Update the sub-node
1287 Status = UpdateIndexNode(DeviceExt, FileRecord, CurrentKey->LesserChild, IndexBufferSize, IndexAllocationContext, IndexAllocationOffset);
1289 {
1291 ReleaseAttributeContext(IndexAllocationContext);
1293 }
1294
1295 // Update the VCN stored in the index entry of CurrentKey
1297 }
1298 CurrentKey = CurrentKey->NextKey;
1299 }
1300
1301#ifndef NDEBUG
1303#endif
1304
1305 if (HasIndexAllocation)
1306 {
1307#ifndef NDEBUG
1308 PrintAllVCNs(DeviceExt,
1309 IndexAllocationContext,
1310 IndexBufferSize);
1311#endif
1312 ReleaseAttributeContext(IndexAllocationContext);
1313 }
1314
1316}
VOID PrintAllVCNs(PDEVICE_EXTENSION Vcb, PNTFS_ATTR_CONTEXT IndexAllocationContext, ULONG NodeSize)
Definition: btree.c:38
NTSTATUS UpdateIndexNode(PDEVICE_EXTENSION DeviceExt, PFILE_RECORD_HEADER FileRecord, PB_TREE_FILENAME_NODE Node, ULONG IndexBufferSize, PNTFS_ATTR_CONTEXT IndexAllocationContext, ULONG IndexAllocationOffset)
Definition: btree.c:1319
NTSTATUS AddBitmap(PNTFS_VCB Vcb, PFILE_RECORD_HEADER FileRecord, PNTFS_ATTR_RECORD AttributeAddress, PCWSTR Name, USHORT NameLength)
Definition: attrib.c:72
NTSTATUS AddIndexAllocation(PNTFS_VCB Vcb, PFILE_RECORD_HEADER FileRecord, PNTFS_ATTR_RECORD AttributeAddress, PCWSTR Name, USHORT NameLength)
Definition: attrib.c:388
Referenced by NtfsAddFilenameToDirectory().
◆ UpdateIndexEntryFileNameSize()
| NTSTATUS UpdateIndexEntryFileNameSize | ( | PDEVICE_EXTENSION | Vcb, |
| PFILE_RECORD_HEADER | MftRecord, | ||
| PCHAR | IndexRecord, | ||
| ULONG | IndexBlockSize, | ||
| PINDEX_ENTRY_ATTRIBUTE | FirstEntry, | ||
| PINDEX_ENTRY_ATTRIBUTE | LastEntry, | ||
| PUNICODE_STRING | FileName, | ||
| PULONG | StartEntry, | ||
| PULONG | CurrentEntry, | ||
| BOOLEAN | DirSearch, | ||
| ULONGLONG | NewDataSize, | ||
| ULONGLONG | NewAllocatedSize, | ||
| BOOLEAN | CaseSensitive | ||
| ) |
Recursively searches directory index and applies the size update to the $FILE_NAME attribute of the proper index entry. (Heavily based on BrowseIndexEntries)
Definition at line 1770 of file mft.c.
1783{
1785 ULONG RecordOffset;
1786 PINDEX_ENTRY_ATTRIBUTE IndexEntry;
1787 PNTFS_ATTR_CONTEXT IndexAllocationCtx;
1788 ULONGLONG IndexAllocationSize;
1789 PINDEX_BUFFER IndexBuffer;
1790
1792 Vcb,
1793 MftRecord,
1794 IndexRecord,
1795 IndexBlockSize,
1796 FirstEntry,
1797 LastEntry,
1798 FileName,
1799 *StartEntry,
1800 *CurrentEntry,
1801 DirSearch ? "TRUE" : "FALSE",
1802 NewDataSize,
1803 NewAllocatedSize,
1804 CaseSensitive ? "TRUE" : "FALSE");
1805
1806 // find the index entry responsible for the file we're trying to update
1807 IndexEntry = FirstEntry;
1808 while (IndexEntry < LastEntry &&
1810 {
1812 *CurrentEntry >= *StartEntry &&
1815 {
1816 *StartEntry = *CurrentEntry;
1819 // indicate that the caller will still need to write the structure to the disk
1821 }
1822
1823 (*CurrentEntry) += 1;
1826 }
1827
1828 /* If we're already browsing a subnode */
1830 {
1832 }
1833
1834 /* If there's no subnode */
1836 {
1838 }
1839
1840 Status = FindAttribute(Vcb, MftRecord, AttributeIndexAllocation, L"$I30", 4, &IndexAllocationCtx, NULL);
1842 {
1845 }
1846
1847 IndexAllocationSize = AttributeDataLength(IndexAllocationCtx->pRecord);
1849 for (RecordOffset = 0; RecordOffset < IndexAllocationSize; RecordOffset += IndexBlockSize)
1850 {
1854 {
1855 break;
1856 }
1857
1858 IndexBuffer = (PINDEX_BUFFER)IndexRecord;
1860 ASSERT(IndexBuffer->Header.AllocatedSize + FIELD_OFFSET(INDEX_BUFFER, Header) == IndexBlockSize);
1861 FirstEntry = (PINDEX_ENTRY_ATTRIBUTE)((ULONG_PTR)&IndexBuffer->Header + IndexBuffer->Header.FirstEntryOffset);
1862 LastEntry = (PINDEX_ENTRY_ATTRIBUTE)((ULONG_PTR)&IndexBuffer->Header + IndexBuffer->Header.TotalSizeOfEntries);
1864
1866 NULL,
1867 NULL,
1868 0,
1869 FirstEntry,
1870 LastEntry,
1871 FileName,
1872 StartEntry,
1873 CurrentEntry,
1874 DirSearch,
1875 NewDataSize,
1876 NewAllocatedSize,
1877 CaseSensitive);
1879 {
1880 // write the index record back to disk
1881 ULONG Written;
1882
1883 // first we need to update the fixup values for the index block
1886 {
1888 break;
1889 }
1890
1891 Status = WriteAttribute(Vcb, IndexAllocationCtx, RecordOffset, (const PUCHAR)IndexRecord, IndexBlockSize, &Written, MftRecord);
1893 {
1895 break;
1896 }
1897
1899 break;
1900 }
1902 {
1903 break;
1904 }
1905 }
1906
1907 ReleaseAttributeContext(IndexAllocationCtx);
1909}
struct INDEX_BUFFER * PINDEX_BUFFER
BOOLEAN CompareFileName(PUNICODE_STRING FileName, PINDEX_ENTRY_ATTRIBUTE IndexEntry, BOOLEAN DirSearch, BOOLEAN CaseSensitive)
Definition: mft.c:2650
struct INDEX_ENTRY_ATTRIBUTE::@763::@764 Directory
union INDEX_ENTRY_ATTRIBUTE::@763 Data
Referenced by UpdateFileNameRecord(), and UpdateIndexEntryFileNameSize().
◆ UpdateIndexNode()
| NTSTATUS UpdateIndexNode | ( | PDEVICE_EXTENSION | DeviceExt, |
| PFILE_RECORD_HEADER | FileRecord, | ||
| PB_TREE_FILENAME_NODE | Node, | ||
| ULONG | IndexBufferSize, | ||
| PNTFS_ATTR_CONTEXT | IndexAllocationContext, | ||
| ULONG | IndexAllocationOffset | ||
| ) |
Definition at line 1319 of file btree.c.
1325{
1330
1331
1333 DeviceExt,
1334 FileRecord,
1335 Node,
1336 IndexBufferSize,
1337 IndexAllocationContext,
1338 IndexAllocationOffset,
1339 Node->VCN);
1340
1341 // Walk through the node and look for children to update
1343 {
1344 ASSERT(CurrentKey);
1345
1346 // If there's a child node
1348 {
1349 HasChildren = TRUE;
1350
1351 // Update the child node on disk
1352 Status = UpdateIndexNode(DeviceExt, FileRecord, CurrentKey->LesserChild, IndexBufferSize, IndexAllocationContext, IndexAllocationOffset);
1354 {
1357 }
1358
1359 // Is the Index Entry large enough to store the VCN?
1361 {
1362 // Allocate memory for the larger index entry
1365 TAG_NTFS);
1366 if (!NewEntry)
1367 {
1370 }
1371
1372 // Copy the old entry to the new one
1374
1376
1377 // Free the old memory
1379
1380 CurrentKey->IndexEntry = NewEntry;
1381 }
1382
1383 // Update the VCN stored in the index entry of CurrentKey
1385
1387 }
1388
1389 CurrentKey = CurrentKey->NextKey;
1390 }
1391
1392
1393 // Do we need to write this node to disk?
1395 {
1396 ULONGLONG NodeOffset;
1397 ULONG LengthWritten;
1398 PINDEX_BUFFER IndexBuffer;
1399
1400 // Does the node need to be assigned a VCN?
1402 {
1403 // Allocate the node
1405 FileRecord,
1406 IndexBufferSize,
1407 IndexAllocationContext,
1408 IndexAllocationOffset,
1409 &Node->VCN);
1411 {
1414 }
1415
1417 }
1418
1419 // Allocate memory for an index buffer
1421 if (!IndexBuffer)
1422 {
1425 }
1426
1427 // Create the index buffer we'll be writing to disk to represent this node
1428 Status = CreateIndexBufferFromBTreeNode(DeviceExt, Node, IndexBufferSize, HasChildren, IndexBuffer);
1430 {
1434 }
1435
1436 // Get Offset of index buffer in index allocation
1438
1439 // Write the buffer to the index allocation
1440 Status = WriteAttribute(DeviceExt, IndexAllocationContext, NodeOffset, (const PUCHAR)IndexBuffer, IndexBufferSize, &LengthWritten, FileRecord);
1442 {
1447 else
1449 }
1450
1452
1453 // Free the index buffer
1455 }
1456
1458}
NTSTATUS AllocateIndexNode(PDEVICE_EXTENSION DeviceExt, PFILE_RECORD_HEADER FileRecord, ULONG IndexBufferSize, PNTFS_ATTR_CONTEXT IndexAllocationCtx, ULONG IndexAllocationOffset, PULONGLONG NewVCN)
Definition: btree.c:117
ULONGLONG GetAllocationOffsetFromVCN(PDEVICE_EXTENSION DeviceExt, ULONG IndexBufferSize, ULONGLONG Vcn)
Definition: btree.c:1630
NTSTATUS CreateIndexBufferFromBTreeNode(PDEVICE_EXTENSION DeviceExt, PB_TREE_FILENAME_NODE Node, ULONG BufferSize, BOOLEAN HasChildren, PINDEX_BUFFER IndexBuffer)
Definition: btree.c:1001
Referenced by UpdateIndexAllocation(), and UpdateIndexNode().
◆ UpdateMftMirror()
Definition at line 2714 of file mft.c.
2715{
2716 PFILE_RECORD_HEADER MirrorFileRecord;
2717 PNTFS_ATTR_CONTEXT MirrDataContext;
2718 PNTFS_ATTR_CONTEXT MftDataContext;
2719 PCHAR DataBuffer;
2723 ULONG LengthWritten;
2724
2725 // Allocate memory for the Mft mirror file record
2726 MirrorFileRecord = ExAllocateFromNPagedLookasideList(&Vcb->FileRecLookasideList);
2727 if (!MirrorFileRecord)
2728 {
2731 }
2732
2733 // Read the Mft Mirror file record
2736 {
2738 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MirrorFileRecord);
2740 }
2741
2742 // Find the $DATA attribute of $MFTMirr
2745 {
2747 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MirrorFileRecord);
2749 }
2750
2751 // Find the $DATA attribute of $MFT
2752 Status = FindAttribute(Vcb, Vcb->MasterFileTable, AttributeData, L"", 0, &MftDataContext, NULL);
2754 {
2756 ReleaseAttributeContext(MirrDataContext);
2757 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MirrorFileRecord);
2759 }
2760
2761 // Get the size of the mirror's $DATA attribute
2763
2765
2766 // Create buffer for the mirror's $DATA attribute
2768 if (!DataBuffer)
2769 {
2771 ReleaseAttributeContext(MftDataContext);
2772 ReleaseAttributeContext(MirrDataContext);
2773 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MirrorFileRecord);
2775 }
2776
2778
2779 // Back up the first several entries of the Mft's $DATA Attribute
2782 {
2784 ReleaseAttributeContext(MftDataContext);
2785 ReleaseAttributeContext(MirrDataContext);
2787 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MirrorFileRecord);
2789 }
2790
2791 // Write the mirror's $DATA attribute
2793 MirrDataContext,
2794 0,
2795 (PUCHAR)DataBuffer,
2796 DataLength,
2797 &LengthWritten,
2798 MirrorFileRecord);
2800 {
2802 }
2803
2804 // Cleanup
2805 ReleaseAttributeContext(MftDataContext);
2806 ReleaseAttributeContext(MirrDataContext);
2808 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MirrorFileRecord);
2809
2811}
_In_ ULONG _In_opt_ WDFREQUEST _In_opt_ PVOID _In_ size_t _In_ PVOID _In_ size_t _Out_ size_t * DataLength
Definition: cdrom.h:1444
Referenced by IncreaseMftSize().
◆ WriteAttribute()
| NTSTATUS WriteAttribute | ( | PDEVICE_EXTENSION | Vcb, |
| PNTFS_ATTR_CONTEXT | Context, | ||
| ULONGLONG | Offset, | ||
| const PUCHAR | Buffer, | ||
| ULONG | Length, | ||
| PULONG | LengthWritten, | ||
| PFILE_RECORD_HEADER | FileRecord | ||
| ) |
Definition at line 1315 of file mft.c.
1322{
1323 ULONGLONG LastLCN;
1324 PUCHAR DataRun;
1325 LONGLONG DataRunOffset;
1326 ULONGLONG DataRunLength;
1327 LONGLONG DataRunStartLCN;
1328 ULONGLONG CurrentOffset;
1334
1335 //TEMPTEMP
1336 PUCHAR TempBuffer;
1337
1338
1339 DPRINT("WriteAttribute(%p, %p, %I64u, %p, %lu, %p, %p)\n", Vcb, Context, Offset, Buffer, Length, RealLengthWritten, FileRecord);
1340
1341 *RealLengthWritten = 0;
1342
1343 // is this a resident attribute?
1345 {
1346 ULONG AttributeOffset;
1347 PNTFS_ATTR_CONTEXT FoundContext;
1349
1350 // Ensure requested data is within the bounds of the attribute
1352
1354 {
1357 }
1358
1359 // Do we need to read the file record?
1361 {
1362 FileRecord = ExAllocateFromNPagedLookasideList(&Vcb->FileRecLookasideList);
1363 if (!FileRecord)
1364 {
1367 }
1368
1369 FileRecordAllocated = TRUE;
1370
1371 // read the file record
1373 }
1374
1375 // find where to write the attribute data to
1377 Context->pRecord->Type,
1379 Context->pRecord->NameLength,
1380 &FoundContext,
1381 &AttributeOffset);
1382
1384 {
1386 if(FileRecordAllocated)
1387 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, FileRecord);
1389 }
1390
1392
1393 DPRINT("Offset: %I64u, AttributeOffset: %u, ValueOffset: %u\n", Offset, AttributeOffset, Context->pRecord->Resident.ValueLength);
1394
1395 // Will we be writing past the end of the allocated file record?
1396 if (Offset + Length + AttributeOffset + Context->pRecord->Resident.ValueOffset > Vcb->NtfsInfo.BytesPerFileRecord)
1397 {
1399 ReleaseAttributeContext(FoundContext);
1400 if (FileRecordAllocated)
1401 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, FileRecord);
1403 }
1404
1405 // copy the data being written into the file record. We cast Offset to ULONG, which is safe because it's range has been verified.
1406 RtlCopyMemory((PCHAR)((ULONG_PTR)Destination + Context->pRecord->Resident.ValueOffset + (ULONG)Offset), Buffer, Length);
1407
1409
1410 // Update the context's copy of the resident attribute
1413
1414 ReleaseAttributeContext(FoundContext);
1415 if (FileRecordAllocated)
1416 ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, FileRecord);
1417
1419 *RealLengthWritten = Length;
1420
1422 }
1423
1424 // This is a non-resident attribute.
1425
1426 // I. Find the corresponding start data run.
1427
1428 // FIXME: Cache seems to be non-working. Disable it for now
1429 //if(Context->CacheRunOffset <= Offset && Offset < Context->CacheRunOffset + Context->CacheRunLength * Volume->ClusterSize)
1430 /*if (0)
1431 {
1432 DataRun = Context->CacheRun;
1433 LastLCN = Context->CacheRunLastLCN;
1434 DataRunStartLCN = Context->CacheRunStartLCN;
1435 DataRunLength = Context->CacheRunLength;
1436 CurrentOffset = Context->CacheRunCurrentOffset;
1437 }
1438 else*/
1439 {
1440 ULONG UsedBufferSize;
1441 LastLCN = 0;
1442 CurrentOffset = 0;
1443
1444 // This will be rewritten in the next iteration to just use the DataRuns MCB directly
1447 {
1449 }
1450
1452 TempBuffer,
1453 Vcb->NtfsInfo.BytesPerFileRecord,
1454 &UsedBufferSize);
1455
1456 DataRun = TempBuffer;
1457
1458 while (1)
1459 {
1460 DataRun = DecodeRun(DataRun, &DataRunOffset, &DataRunLength);
1461 if (DataRunOffset != -1)
1462 {
1463 // Normal data run.
1464 // DPRINT1("Writing to normal data run, LastLCN %I64u DataRunOffset %I64d\n", LastLCN, DataRunOffset);
1465 DataRunStartLCN = LastLCN + DataRunOffset;
1466 LastLCN = DataRunStartLCN;
1467 }
1468 else
1469 {
1470 // Sparse data run. We can't support writing to sparse files yet
1471 // (it may require increasing the allocation size).
1472 DataRunStartLCN = -1;
1476 }
1477
1478 // Have we reached the data run we're trying to write to?
1481 {
1482 break;
1483 }
1484
1485 if (*DataRun == 0)
1486 {
1487 // We reached the last assigned cluster
1488 // TODO: assign new clusters to the end of the file.
1489 // (Presently, this code will rarely be reached, the write will usually have already failed by now)
1490 // [We can reach here by creating a new file record when the MFT isn't large enough]
1494 }
1495
1496 CurrentOffset += DataRunLength * Vcb->NtfsInfo.BytesPerCluster;
1497 }
1498 }
1499
1500 // II. Go through the run list and write the data
1501
1502 /* REVIEWME -- As adapted from NtfsReadAttribute():
1503 We seem to be making a special case for the first applicable data run, but I'm not sure why.
1504 Does it have something to do with (not) caching? Is this strategy equally applicable to writing? */
1505
1506 WriteLength = (ULONG)min(DataRunLength * Vcb->NtfsInfo.BytesPerCluster - (Offset - CurrentOffset), Length);
1507
1509
1510 // Write the data to the disk
1512 StartingOffset,
1513 WriteLength,
1514 Vcb->NtfsInfo.BytesPerSector,
1515 (PVOID)SourceBuffer);
1516
1517 // Did the write fail?
1519 {
1520 Context->CacheRun = DataRun;
1522 Context->CacheRunStartLCN = DataRunStartLCN;
1523 Context->CacheRunLength = DataRunLength;
1524 Context->CacheRunLastLCN = LastLCN;
1525 Context->CacheRunCurrentOffset = CurrentOffset;
1526
1528 }
1529
1531 SourceBuffer += WriteLength;
1532 *RealLengthWritten += WriteLength;
1533
1534 // Did we write to the end of the data run?
1536 {
1537 // Advance to the next data run
1538 CurrentOffset += DataRunLength * Vcb->NtfsInfo.BytesPerCluster;
1539 DataRun = DecodeRun(DataRun, &DataRunOffset, &DataRunLength);
1540
1542 {
1543 DataRunStartLCN = LastLCN + DataRunOffset;
1544 LastLCN = DataRunStartLCN;
1545 }
1546 else
1547 DataRunStartLCN = -1;
1548 }
1549
1550 // Do we have more data to write?
1552 {
1553 // Make sure we don't write past the end of the current data run
1555
1556 // Are we dealing with a sparse data run?
1557 if (DataRunStartLCN == -1)
1558 {
1562 }
1563 else
1564 {
1565 // write the data to the disk
1567 DataRunStartLCN * Vcb->NtfsInfo.BytesPerCluster,
1568 WriteLength,
1569 Vcb->NtfsInfo.BytesPerSector,
1570 (PVOID)SourceBuffer);
1572 break;
1573 }
1574
1576 SourceBuffer += WriteLength;
1577 *RealLengthWritten += WriteLength;
1578
1579 // We finished this request, but there's still data in this data run.
1581 break;
1582
1583 // Go to next run in the list.
1584
1585 if (*DataRun == 0)
1586 {
1587 // that was the last run
1589 {
1590 // Failed sanity check.
1594 }
1595
1596 break;
1597 }
1598
1599 // Advance to the next data run
1600 CurrentOffset += DataRunLength * Vcb->NtfsInfo.BytesPerCluster;
1601 DataRun = DecodeRun(DataRun, &DataRunOffset, &DataRunLength);
1602 if (DataRunOffset != -1)
1603 {
1604 // Normal data run.
1605 DataRunStartLCN = LastLCN + DataRunOffset;
1606 LastLCN = DataRunStartLCN;
1607 }
1608 else
1609 {
1610 // Sparse data run.
1611 DataRunStartLCN = -1;
1612 }
1613 } // end while (Length > 0) [more data to write]
1614
1615 Context->CacheRun = DataRun;
1617 Context->CacheRunStartLCN = DataRunStartLCN;
1618 Context->CacheRunLength = DataRunLength;
1619 Context->CacheRunLastLCN = LastLCN;
1620 Context->CacheRunCurrentOffset = CurrentOffset;
1621
1622Cleanup:
1623 // TEMPTEMP
1626
1628}
NTSTATUS NtfsWriteDisk(IN PDEVICE_OBJECT DeviceObject, IN LONGLONG StartingOffset, IN ULONG Length, IN ULONG SectorSize, IN const PUCHAR Buffer)
Definition: blockdev.c:163
Referenced by AddNewMftEntry(), AllocateIndexNode(), FreeClusters(), IncreaseMftSize(), NtfsAddFilenameToDirectory(), NtfsAllocateClusters(), NtfsWriteFile(), SetResidentAttributeDataLength(), UpdateFileNameRecord(), UpdateFileRecord(), UpdateIndexEntryFileNameSize(), UpdateIndexNode(), and UpdateMftMirror().
Variable Documentation
◆ DriverEntry
◆ NtfsFastIoCheckIfPossible
| FAST_IO_CHECK_IF_POSSIBLE NtfsFastIoCheckIfPossible |
Definition at line 914 of file ntfs.h.
Referenced by DriverEntry().
◆ NtfsFastIoRead
| FAST_IO_READ NtfsFastIoRead |
Definition at line 915 of file ntfs.h.
Referenced by DriverEntry().
◆ NtfsFastIoWrite
| FAST_IO_WRITE NtfsFastIoWrite |
Definition at line 916 of file ntfs.h.
Referenced by DriverEntry().
◆ NtfsFsdDispatch
| DRIVER_DISPATCH NtfsFsdDispatch |
Definition at line 892 of file ntfs.h.
Referenced by NtfsInitializeFunctionPointers().
◆ NtfsGlobalData
|
extern |
Definition at line 36 of file ntfs.c.
Referenced by AddNewMftEntry(), DriverEntry(), NtfsAllocateIrpContext(), NtfsAttachFCBToFileObject(), NtfsCleanup(), NtfsClose(), NtfsCreate(), NtfsCreateFCB(), NtfsCreateFile(), NtfsDestroyFCB(), NtfsDispatch(), NtfsFCBInitializeCache(), NtfsMountVolume(), NtfsWrite(), PrepareAttributeContext(), and ReleaseAttributeContext().
