Data Structures |
| struct | PBIOS_PARAMETERS_BLOCK |
| struct | PEXTENDED_BIOS_PARAMETERS_BLOCK |
| struct | PBOOT_SECTOR |
| struct | PNTFS_INFO |
| struct | NTFSIDENTIFIER |
| struct | PDEVICE_EXTENSION |
| struct | PNTFS_FCB |
| struct | NTFS_CCB |
| struct | NTFS_GLOBAL_DATA |
| struct | NTFS_RECORD_HEADER |
| struct | FILE_RECORD_HEADER |
| struct | ATTRIBUTE |
| struct | RESIDENT_ATTRIBUTE |
| struct | NONRESIDENT_ATTRIBUTE |
| struct | STANDARD_INFORMATION |
| struct | ATTRIBUTE_LIST |
| struct | FILENAME_ATTRIBUTE |
| struct | VOLINFO_ATTRIBUTE |
| struct | NTFS_IRP_CONTEXT |
Defines |
| #define | CACHEPAGESIZE(pDeviceExt) |
| #define | TAG_NTFS 'SFTN' |
| #define | ROUND_UP(N, S) ((((N) + (S) - 1) / (S)) * (S)) |
| #define | DEVICE_NAME L"\\Ntfs" |
| #define | NTFS_TYPE_CCB '20SF' |
| #define | NTFS_TYPE_FCB '30SF' |
| #define | NTFS_TYPE_VCB '50SF' |
| #define | NTFS_TYPE_IRP_CONTEST '60SF' |
| #define | NTFS_TYPE_GLOBAL_DATA '70SF' |
| #define | FCB_CACHE_INITIALIZED 0x0001 |
| #define | FCB_IS_VOLUME_STREAM 0x0002 |
| #define | FCB_IS_VOLUME 0x0004 |
| #define | MAX_PATH 260 |
| #define | TAG_CCB 'BCCI' |
| #define | NRH_FILE_TYPE 0x454C4946 /* 'FILE' */ |
| #define | FRH_IN_USE 0x0001 /* Record is in use */ |
| #define | FRH_DIRECTORY 0x0002 /* Record is a directory */ |
| #define | FRH_UNKNOWN1 0x0004 /* Don't know */ |
| #define | FRH_UNKNOWN2 0x0008 /* Don't know */ |
Typedefs |
| typedef struct NTFSIDENTIFIER * | PNTFSIDENTIFIER |
| typedef struct DEVICE_EXTENSION * | PDEVICE_EXTENSION |
| typedef struct DEVICE_EXTENSION | NTFS_VCB |
| typedef struct DEVICE_EXTENSION * | PNTFS_VCB |
| typedef struct NTFS_CCB * | PNTFS_CCB |
| typedef struct NTFS_GLOBAL_DATA * | PNTFS_GLOBAL_DATA |
| typedef enum ATTRIBUTE_TYPE * | PATTRIBUTE_TYPE |
| typedef struct NTFS_RECORD_HEADER * | PNTFS_RECORD_HEADER |
| typedef struct FILE_RECORD_HEADER * | PFILE_RECORD_HEADER |
| typedef struct ATTRIBUTE * | PATTRIBUTE |
| typedef struct RESIDENT_ATTRIBUTE * | PRESIDENT_ATTRIBUTE |
typedef struct
NONRESIDENT_ATTRIBUTE * | PNONRESIDENT_ATTRIBUTE |
typedef struct
STANDARD_INFORMATION * | PSTANDARD_INFORMATION |
| typedef struct ATTRIBUTE_LIST * | PATTRIBUTE_LIST |
| typedef struct FILENAME_ATTRIBUTE * | PFILENAME_ATTRIBUTE |
| typedef struct VOLINFO_ATTRIBUTE * | PVOLINFO_ATTRIBUTE |
| typedef struct NTFS_IRP_CONTEXT * | PNTFS_IRP_CONTEXT |
Enumerations |
| enum | ATTRIBUTE_TYPE {
AttributeStandardInformation = 0x10,
AttributeAttributeList = 0x20,
AttributeFileName = 0x30,
AttributeObjectId = 0x40,
AttributeSecurityDescriptor = 0x50,
AttributeVolumeName = 0x60,
AttributeVolumeInformation = 0x70,
AttributeData = 0x80,
AttributeIndexRoot = 0x90,
AttributeIndexAllocation = 0xA0,
AttributeBitmap = 0xB0,
AttributeReparsePoint = 0xC0,
AttributeEAInformation = 0xD0,
AttributeEA = 0xE0,
AttributePropertySet = 0xF0,
AttributeLoggedUtilityStream = 0x100
} |
Functions |
| BOOLEAN | FindRun (PNONRESIDENT_ATTRIBUTE NresAttr, ULONGLONG vcn, PULONGLONG lcn, PULONGLONG count) |
| VOID | NtfsDumpFileAttributes (PFILE_RECORD_HEADER FileRecord) |
| NTSTATUS | NtfsReadSectors (IN PDEVICE_OBJECT DeviceObject, IN ULONG DiskSector, IN ULONG SectorCount, IN ULONG SectorSize, IN OUT PUCHAR Buffer, IN BOOLEAN Override) |
| NTSTATUS | NtfsDeviceIoControl (IN PDEVICE_OBJECT DeviceObject, IN ULONG ControlCode, IN PVOID InputBuffer, IN ULONG InputBufferSize, IN OUT PVOID OutputBuffer, IN OUT PULONG OutputBufferSize, IN BOOLEAN Override) |
| NTSTATUS NTAPI | NtfsFsdClose (PDEVICE_OBJECT DeviceObject, PIRP Irp) |
| NTSTATUS NTAPI | NtfsFsdCreate (PDEVICE_OBJECT DeviceObject, PIRP Irp) |
| NTSTATUS NTAPI | NtfsFsdDirectoryControl (PDEVICE_OBJECT DeviceObject, PIRP Irp) |
| NTSTATUS NTAPI | NtfsFsdDispatch (PDEVICE_OBJECT DeviceObject, PIRP Irp) |
| BOOLEAN NTAPI | NtfsAcqLazyWrite (PVOID Context, BOOLEAN Wait) |
| VOID NTAPI | NtfsRelLazyWrite (PVOID Context) |
| BOOLEAN NTAPI | NtfsAcqReadAhead (PVOID Context, BOOLEAN Wait) |
| VOID NTAPI | NtfsRelReadAhead (PVOID Context) |
| PNTFS_FCB | NtfsCreateFCB (PCWSTR FileName, PNTFS_VCB Vcb) |
| VOID | NtfsDestroyFCB (PNTFS_FCB Fcb) |
| BOOLEAN | NtfsFCBIsDirectory (PNTFS_FCB Fcb) |
| BOOLEAN | NtfsFCBIsRoot (PNTFS_FCB Fcb) |
| VOID | NtfsGrabFCB (PNTFS_VCB Vcb, PNTFS_FCB Fcb) |
| VOID | NtfsReleaseFCB (PNTFS_VCB Vcb, PNTFS_FCB Fcb) |
| VOID | NtfsAddFCBToTable (PNTFS_VCB Vcb, PNTFS_FCB Fcb) |
| PNTFS_FCB | NtfsGrabFCBFromTable (PNTFS_VCB Vcb, PCWSTR FileName) |
| NTSTATUS | NtfsFCBInitializeCache (PNTFS_VCB Vcb, PNTFS_FCB Fcb) |
| PNTFS_FCB | NtfsMakeRootFCB (PNTFS_VCB Vcb) |
| PNTFS_FCB | NtfsOpenRootFCB (PNTFS_VCB Vcb) |
| NTSTATUS | NtfsAttachFCBToFileObject (PNTFS_VCB Vcb, PNTFS_FCB Fcb, PFILE_OBJECT FileObject) |
| NTSTATUS | NtfsGetFCBForFile (PNTFS_VCB Vcb, PNTFS_FCB *pParentFCB, PNTFS_FCB *pFCB, const PWSTR pFileName) |
| NTSTATUS NTAPI | NtfsFsdQueryInformation (PDEVICE_OBJECT DeviceObject, PIRP Irp) |
| NTSTATUS NTAPI | NtfsFsdFileSystemControl (PDEVICE_OBJECT DeviceObject, PIRP Irp) |
| NTSTATUS | NtfsOpenMft (PDEVICE_EXTENSION Vcb) |
| VOID | ReadAttribute (PATTRIBUTE attr, PVOID buffer, PDEVICE_EXTENSION Vcb, PDEVICE_OBJECT DeviceObject) |
| ULONG | AttributeDataLength (PATTRIBUTE attr) |
| ULONG | AttributeAllocatedLength (PATTRIBUTE Attribute) |
| NTSTATUS | ReadFileRecord (PDEVICE_EXTENSION Vcb, ULONG index, PFILE_RECORD_HEADER file, PFILE_RECORD_HEADER Mft) |
| PATTRIBUTE | FindAttribute (PFILE_RECORD_HEADER file, ATTRIBUTE_TYPE type, PWSTR name) |
| ULONG | AttributeLengthAllocated (PATTRIBUTE attr) |
| VOID | ReadVCN (PDEVICE_EXTENSION Vcb, PFILE_RECORD_HEADER file, ATTRIBUTE_TYPE type, ULONGLONG vcn, ULONG count, PVOID buffer) |
| VOID | FixupUpdateSequenceArray (PFILE_RECORD_HEADER file) |
| VOID | ReadExternalAttribute (PDEVICE_EXTENSION Vcb, PNONRESIDENT_ATTRIBUTE NresAttr, ULONGLONG vcn, ULONG count, PVOID buffer) |
| NTSTATUS | ReadLCN (PDEVICE_EXTENSION Vcb, ULONGLONG lcn, ULONG count, PVOID buffer) |
| VOID | EnumerAttribute (PFILE_RECORD_HEADER file, PDEVICE_EXTENSION Vcb, PDEVICE_OBJECT DeviceObject) |
| BOOLEAN | NtfsIsIrpTopLevel (PIRP Irp) |
| PNTFS_IRP_CONTEXT | NtfsAllocateIrpContext (PDEVICE_OBJECT DeviceObject, PIRP Irp) |
| NTSTATUS NTAPI | NtfsFsdRead (PDEVICE_OBJECT DeviceObject, PIRP Irp) |
| NTSTATUS NTAPI | NtfsFsdWrite (PDEVICE_OBJECT DeviceObject, PIRP Irp) |
| NTSTATUS | NtfsQueryVolumeInformation (PNTFS_IRP_CONTEXT IrpContext) |
| NTSTATUS | NtfsSetVolumeInformation (PNTFS_IRP_CONTEXT IrpContext) |
| VOID NTAPI | NtfsInitializeFunctionPointers (PDRIVER_OBJECT DriverObject) |
Variables |
| PNTFS_GLOBAL_DATA | NtfsGlobalData |
| DRIVER_DISPATCH | NtfsFsdClose |
| DRIVER_DISPATCH | NtfsFsdCreate |
| DRIVER_DISPATCH | NtfsFsdDirectoryControl |
| DRIVER_DISPATCH | NtfsFsdDispatch |
| DRIVER_DISPATCH | NtfsFsdQueryInformation |
| DRIVER_DISPATCH | NtfsFsdFileSystemControl |
| DRIVER_DISPATCH | NtfsFsdRead |
| DRIVER_DISPATCH | NtfsFsdWrite |
| DRIVER_INITIALIZE | DriverEntry |
1.7.6.1
