[NTFS]
[reactos.git] / drivers / filesystems / ntfs / attrib.c
1 /*
2 * ReactOS kernel
3 * Copyright (C) 2002,2003 ReactOS Team
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
18 *
19 * COPYRIGHT: See COPYING in the top level directory
20 * PROJECT: ReactOS kernel
21 * FILE: drivers/filesystem/ntfs/attrib.c
22 * PURPOSE: NTFS filesystem driver
23 * PROGRAMMERS: Eric Kohl
24 * Valentin Verkhovsky
25 * Hervé Poussineau (hpoussin@reactos.org)
26 * Pierre Schweitzer (pierre@reactos.org)
27 */
28
29 /* INCLUDES *****************************************************************/
30
31 #include "ntfs.h"
32
33 #define NDEBUG
34 #include <debug.h>
35
36 /* FUNCTIONS ****************************************************************/
37
38 /**
39 * @name AddRun
40 * @implemented
41 *
42 * Adds a run of allocated clusters to a non-resident attribute.
43 *
44 * @param Vcb
45 * Pointer to an NTFS_VCB for the destination volume.
46 *
47 * @param AttrContext
48 * Pointer to an NTFS_ATTR_CONTEXT describing the destination attribute.
49 *
50 * @param AttrOffset
51 * Byte offset of the destination attribute relative to its file record.
52 *
53 * @param FileRecord
54 * Pointer to a complete copy of the file record containing the destination attribute. Must be at least
55 * Vcb->NtfsInfo.BytesPerFileRecord bytes long.
56 *
57 * @param NextAssignedCluster
58 * Logical cluster number of the start of the data run being added.
59 *
60 * @param RunLength
61 * How many clusters are in the data run being added. Can't be 0.
62 *
63 * @return
64 * STATUS_SUCCESS on success. STATUS_INVALID_PARAMETER if AttrContext describes a resident attribute.
65 * STATUS_INSUFFICIENT_RESOURCES if ConvertDataRunsToLargeMCB() fails.
66 * STATUS_BUFFER_TOO_SMALL if ConvertLargeMCBToDataRuns() fails.
67 * STATUS_NOT_IMPLEMENTED if we need to migrate the attribute to an attribute list (TODO).
68 *
69 * @remarks
70 * Clusters should have been allocated previously with NtfsAllocateClusters().
71 *
72 *
73 */
74 NTSTATUS
75 AddRun(PNTFS_VCB Vcb,
76 PNTFS_ATTR_CONTEXT AttrContext,
77 ULONG AttrOffset,
78 PFILE_RECORD_HEADER FileRecord,
79 ULONGLONG NextAssignedCluster,
80 ULONG RunLength)
81 {
82 NTSTATUS Status;
83 PUCHAR DataRun = (PUCHAR)&AttrContext->Record + AttrContext->Record.NonResident.MappingPairsOffset;
84 int DataRunMaxLength;
85 PNTFS_ATTR_RECORD DestinationAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)FileRecord + AttrOffset);
86 LARGE_MCB DataRunsMCB;
87 ULONG NextAttributeOffset = AttrOffset + AttrContext->Record.Length;
88 ULONGLONG NextVBN = AttrContext->Record.NonResident.LowestVCN;
89
90 // Allocate some memory for the RunBuffer
91 PUCHAR RunBuffer;
92 ULONG RunBufferOffset = 0;
93
94 if (!AttrContext->Record.IsNonResident)
95 return STATUS_INVALID_PARAMETER;
96
97 RunBuffer = ExAllocatePoolWithTag(NonPagedPool, Vcb->NtfsInfo.BytesPerFileRecord, TAG_NTFS);
98
99 // Convert the data runs to a map control block
100 Status = ConvertDataRunsToLargeMCB(DataRun, &DataRunsMCB, &NextVBN);
101 if (!NT_SUCCESS(Status))
102 {
103 DPRINT1("Unable to convert data runs to MCB (probably ran out of memory)!\n");
104 ExFreePoolWithTag(RunBuffer, TAG_NTFS);
105 return Status;
106 }
107
108 // Add newly-assigned clusters to mcb
109 _SEH2_TRY{
110 if (!FsRtlAddLargeMcbEntry(&DataRunsMCB,
111 NextVBN,
112 NextAssignedCluster,
113 RunLength))
114 {
115 FsRtlUninitializeLargeMcb(&DataRunsMCB);
116 ExFreePoolWithTag(RunBuffer, TAG_NTFS);
117 return STATUS_INSUFFICIENT_RESOURCES;
118 }
119 } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) {
120 FsRtlUninitializeLargeMcb(&DataRunsMCB);
121 ExFreePoolWithTag(RunBuffer, TAG_NTFS);
122 _SEH2_YIELD(return STATUS_INSUFFICIENT_RESOURCES);
123 } _SEH2_END;
124
125
126 // Convert the map control block back to encoded data runs
127 ConvertLargeMCBToDataRuns(&DataRunsMCB, RunBuffer, Vcb->NtfsInfo.BytesPerCluster, &RunBufferOffset);
128
129 // Get the amount of free space between the start of the of the first data run and the attribute end
130 DataRunMaxLength = AttrContext->Record.Length - AttrContext->Record.NonResident.MappingPairsOffset;
131
132 // Do we need to extend the attribute (or convert to attribute list)?
133 if (DataRunMaxLength < RunBufferOffset)
134 {
135 PNTFS_ATTR_RECORD NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)FileRecord + NextAttributeOffset);
136 DataRunMaxLength += Vcb->NtfsInfo.BytesPerFileRecord - NextAttributeOffset - (sizeof(ULONG) * 2);
137
138 // Can we move the end of the attribute?
139 if (NextAttribute->Type != AttributeEnd || DataRunMaxLength < RunBufferOffset - 1)
140 {
141 DPRINT1("FIXME: Need to create attribute list! Max Data Run Length available: %d\n", DataRunMaxLength);
142 if (NextAttribute->Type != AttributeEnd)
143 DPRINT1("There's another attribute after this one with type %0xlx\n", NextAttribute->Type);
144 ExFreePoolWithTag(RunBuffer, TAG_NTFS);
145 FsRtlUninitializeLargeMcb(&DataRunsMCB);
146 return STATUS_NOT_IMPLEMENTED;
147 }
148
149 // calculate position of end markers
150 NextAttributeOffset = AttrOffset + AttrContext->Record.NonResident.MappingPairsOffset + RunBufferOffset;
151 NextAttributeOffset = ALIGN_UP_BY(NextAttributeOffset, 8);
152
153 // Write the end markers
154 NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)FileRecord + NextAttributeOffset);
155 NextAttribute->Type = AttributeEnd;
156 NextAttribute->Length = FILE_RECORD_END;
157
158 // Update the length
159 DestinationAttribute->Length = NextAttributeOffset - AttrOffset;
160 AttrContext->Record.Length = DestinationAttribute->Length;
161
162 // We need to increase the FileRecord size
163 FileRecord->BytesInUse = NextAttributeOffset + (sizeof(ULONG) * 2);
164 }
165
166 // NOTE: from this point on the original attribute record will contain invalid data in it's runbuffer
167 // TODO: Elegant fix? Could we free the old Record and allocate a new one without issue?
168
169 // Update HighestVCN
170 DestinationAttribute->NonResident.HighestVCN =
171 AttrContext->Record.NonResident.HighestVCN = max(NextVBN - 1 + RunLength,
172 AttrContext->Record.NonResident.HighestVCN);
173
174 // Write data runs to destination attribute
175 RtlCopyMemory((PVOID)((ULONG_PTR)DestinationAttribute + DestinationAttribute->NonResident.MappingPairsOffset),
176 RunBuffer,
177 RunBufferOffset);
178
179 // Update the file record
180 Status = UpdateFileRecord(Vcb, AttrContext->FileMFTIndex, FileRecord);
181
182 ExFreePoolWithTag(RunBuffer, TAG_NTFS);
183 FsRtlUninitializeLargeMcb(&DataRunsMCB);
184
185 NtfsDumpDataRuns((PUCHAR)((ULONG_PTR)DestinationAttribute + DestinationAttribute->NonResident.MappingPairsOffset), 0);
186
187 return Status;
188 }
189
190 /**
191 * @name ConvertDataRunsToLargeMCB
192 * @implemented
193 *
194 * Converts binary data runs to a map control block.
195 *
196 * @param DataRun
197 * Pointer to the run data
198 *
199 * @param DataRunsMCB
200 * Pointer to an unitialized LARGE_MCB structure.
201 *
202 * @return
203 * STATUS_SUCCESS on success, STATUS_INSUFFICIENT_RESOURCES if we fail to
204 * initialize the mcb or add an entry.
205 *
206 * @remarks
207 * Initializes the LARGE_MCB pointed to by DataRunsMCB. If this function succeeds, you
208 * need to call FsRtlUninitializeLargeMcb() when you're done with DataRunsMCB. This
209 * function will ensure the LargeMCB has been unitialized in case of failure.
210 *
211 */
212 NTSTATUS
213 ConvertDataRunsToLargeMCB(PUCHAR DataRun,
214 PLARGE_MCB DataRunsMCB,
215 PULONGLONG pNextVBN)
216 {
217 LONGLONG DataRunOffset;
218 ULONGLONG DataRunLength;
219 LONGLONG DataRunStartLCN;
220 ULONGLONG LastLCN = 0;
221
222 // Initialize the MCB, potentially catch an exception
223 _SEH2_TRY{
224 FsRtlInitializeLargeMcb(DataRunsMCB, NonPagedPool);
225 } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) {
226 _SEH2_YIELD(return STATUS_INSUFFICIENT_RESOURCES);
227 } _SEH2_END;
228
229 while (*DataRun != 0)
230 {
231 DataRun = DecodeRun(DataRun, &DataRunOffset, &DataRunLength);
232
233 if (DataRunOffset != -1)
234 {
235 // Normal data run.
236 DataRunStartLCN = LastLCN + DataRunOffset;
237 LastLCN = DataRunStartLCN;
238
239 _SEH2_TRY{
240 if (!FsRtlAddLargeMcbEntry(DataRunsMCB,
241 *pNextVBN,
242 DataRunStartLCN,
243 DataRunLength))
244 {
245 FsRtlUninitializeLargeMcb(DataRunsMCB);
246 return STATUS_INSUFFICIENT_RESOURCES;
247 }
248 } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) {
249 FsRtlUninitializeLargeMcb(DataRunsMCB);
250 _SEH2_YIELD(return STATUS_INSUFFICIENT_RESOURCES);
251 } _SEH2_END;
252
253 }
254
255 *pNextVBN += DataRunLength;
256 }
257
258 return STATUS_SUCCESS;
259 }
260
261 /**
262 * @name ConvertLargeMCBToDataRuns
263 * @implemented
264 *
265 * Converts a map control block to a series of encoded data runs (used by non-resident attributes).
266 *
267 * @param DataRunsMCB
268 * Pointer to a LARGE_MCB structure describing the data runs.
269 *
270 * @param RunBuffer
271 * Pointer to the buffer that will receive the encoded data runs.
272 *
273 * @param MaxBufferSize
274 * Size of RunBuffer, in bytes.
275 *
276 * @param UsedBufferSize
277 * Pointer to a ULONG that will receive the size of the data runs in bytes. Can't be NULL.
278 *
279 * @return
280 * STATUS_SUCCESS on success, STATUS_BUFFER_TOO_SMALL if RunBuffer is too small to contain the
281 * complete output.
282 *
283 */
284 NTSTATUS
285 ConvertLargeMCBToDataRuns(PLARGE_MCB DataRunsMCB,
286 PUCHAR RunBuffer,
287 ULONG MaxBufferSize,
288 PULONG UsedBufferSize)
289 {
290 NTSTATUS Status = STATUS_SUCCESS;
291 ULONG RunBufferOffset = 0;
292 LONGLONG DataRunOffset;
293 ULONGLONG LastLCN = 0;
294 LONGLONG Vbn, Lbn, Count;
295 int i;
296
297
298 DPRINT("\t[Vbn, Lbn, Count]\n");
299
300 // convert each mcb entry to a data run
301 for (i = 0; FsRtlGetNextLargeMcbEntry(DataRunsMCB, i, &Vbn, &Lbn, &Count); i++)
302 {
303 UCHAR DataRunOffsetSize = 0;
304 UCHAR DataRunLengthSize = 0;
305 UCHAR ControlByte = 0;
306
307 // [vbn, lbn, count]
308 DPRINT("\t[%I64d, %I64d,%I64d]\n", Vbn, Lbn, Count);
309
310 // TODO: check for holes and convert to sparse runs
311 DataRunOffset = Lbn - LastLCN;
312 LastLCN = Lbn;
313
314 // now we need to determine how to represent DataRunOffset with the minimum number of bytes
315 DPRINT("Determining how many bytes needed to represent %I64x\n", DataRunOffset);
316 DataRunOffsetSize = GetPackedByteCount(DataRunOffset, TRUE);
317 DPRINT("%d bytes needed.\n", DataRunOffsetSize);
318
319 // determine how to represent DataRunLengthSize with the minimum number of bytes
320 DPRINT("Determining how many bytes needed to represent %I64x\n", Count);
321 DataRunLengthSize = GetPackedByteCount(Count, TRUE);
322 DPRINT("%d bytes needed.\n", DataRunLengthSize);
323
324 // ensure the next data run + end marker would be > Max buffer size
325 if (RunBufferOffset + 2 + DataRunLengthSize + DataRunOffsetSize > MaxBufferSize)
326 {
327 Status = STATUS_BUFFER_TOO_SMALL;
328 DPRINT1("FIXME: Ran out of room in buffer for data runs!\n");
329 break;
330 }
331
332 // pack and copy the control byte
333 ControlByte = (DataRunOffsetSize << 4) + DataRunLengthSize;
334 RunBuffer[RunBufferOffset++] = ControlByte;
335
336 // copy DataRunLength
337 RtlCopyMemory(RunBuffer + RunBufferOffset, &Count, DataRunLengthSize);
338 RunBufferOffset += DataRunLengthSize;
339
340 // copy DataRunOffset
341 RtlCopyMemory(RunBuffer + RunBufferOffset, &DataRunOffset, DataRunOffsetSize);
342 RunBufferOffset += DataRunOffsetSize;
343 }
344
345 // End of data runs
346 RunBuffer[RunBufferOffset++] = 0;
347
348 *UsedBufferSize = RunBufferOffset;
349 DPRINT("New Size of DataRuns: %ld\n", *UsedBufferSize);
350
351 return Status;
352 }
353
354 PUCHAR
355 DecodeRun(PUCHAR DataRun,
356 LONGLONG *DataRunOffset,
357 ULONGLONG *DataRunLength)
358 {
359 UCHAR DataRunOffsetSize;
360 UCHAR DataRunLengthSize;
361 CHAR i;
362
363 DataRunOffsetSize = (*DataRun >> 4) & 0xF;
364 DataRunLengthSize = *DataRun & 0xF;
365 *DataRunOffset = 0;
366 *DataRunLength = 0;
367 DataRun++;
368 for (i = 0; i < DataRunLengthSize; i++)
369 {
370 *DataRunLength += ((ULONG64)*DataRun) << (i * 8);
371 DataRun++;
372 }
373
374 /* NTFS 3+ sparse files */
375 if (DataRunOffsetSize == 0)
376 {
377 *DataRunOffset = -1;
378 }
379 else
380 {
381 for (i = 0; i < DataRunOffsetSize - 1; i++)
382 {
383 *DataRunOffset += ((ULONG64)*DataRun) << (i * 8);
384 DataRun++;
385 }
386 /* The last byte contains sign so we must process it different way. */
387 *DataRunOffset = ((LONG64)(CHAR)(*(DataRun++)) << (i * 8)) + *DataRunOffset;
388 }
389
390 DPRINT("DataRunOffsetSize: %x\n", DataRunOffsetSize);
391 DPRINT("DataRunLengthSize: %x\n", DataRunLengthSize);
392 DPRINT("DataRunOffset: %x\n", *DataRunOffset);
393 DPRINT("DataRunLength: %x\n", *DataRunLength);
394
395 return DataRun;
396 }
397
398 BOOLEAN
399 FindRun(PNTFS_ATTR_RECORD NresAttr,
400 ULONGLONG vcn,
401 PULONGLONG lcn,
402 PULONGLONG count)
403 {
404 if (vcn < NresAttr->NonResident.LowestVCN || vcn > NresAttr->NonResident.HighestVCN)
405 return FALSE;
406
407 DecodeRun((PUCHAR)((ULONG_PTR)NresAttr + NresAttr->NonResident.MappingPairsOffset), (PLONGLONG)lcn, count);
408
409 return TRUE;
410 }
411
412 static
413 NTSTATUS
414 InternalReadNonResidentAttributes(PFIND_ATTR_CONTXT Context)
415 {
416 ULONGLONG ListSize;
417 PNTFS_ATTR_RECORD Attribute;
418 PNTFS_ATTR_CONTEXT ListContext;
419
420 DPRINT("InternalReadNonResidentAttributes(%p)\n", Context);
421
422 Attribute = Context->CurrAttr;
423 ASSERT(Attribute->Type == AttributeAttributeList);
424
425 if (Context->OnlyResident)
426 {
427 Context->NonResidentStart = NULL;
428 Context->NonResidentEnd = NULL;
429 return STATUS_SUCCESS;
430 }
431
432 if (Context->NonResidentStart != NULL)
433 {
434 return STATUS_FILE_CORRUPT_ERROR;
435 }
436
437 ListContext = PrepareAttributeContext(Attribute);
438 ListSize = AttributeDataLength(&ListContext->Record);
439 if (ListSize > 0xFFFFFFFF)
440 {
441 ReleaseAttributeContext(ListContext);
442 return STATUS_BUFFER_OVERFLOW;
443 }
444
445 Context->NonResidentStart = ExAllocatePoolWithTag(NonPagedPool, (ULONG)ListSize, TAG_NTFS);
446 if (Context->NonResidentStart == NULL)
447 {
448 ReleaseAttributeContext(ListContext);
449 return STATUS_INSUFFICIENT_RESOURCES;
450 }
451
452 if (ReadAttribute(Context->Vcb, ListContext, 0, (PCHAR)Context->NonResidentStart, (ULONG)ListSize) != ListSize)
453 {
454 ExFreePoolWithTag(Context->NonResidentStart, TAG_NTFS);
455 Context->NonResidentStart = NULL;
456 ReleaseAttributeContext(ListContext);
457 return STATUS_FILE_CORRUPT_ERROR;
458 }
459
460 ReleaseAttributeContext(ListContext);
461 Context->NonResidentEnd = (PNTFS_ATTR_RECORD)((PCHAR)Context->NonResidentStart + ListSize);
462 return STATUS_SUCCESS;
463 }
464
465 static
466 PNTFS_ATTR_RECORD
467 InternalGetNextAttribute(PFIND_ATTR_CONTXT Context)
468 {
469 PNTFS_ATTR_RECORD NextAttribute;
470
471 if (Context->CurrAttr == (PVOID)-1)
472 {
473 return NULL;
474 }
475
476 if (Context->CurrAttr >= Context->FirstAttr &&
477 Context->CurrAttr < Context->LastAttr)
478 {
479 if (Context->CurrAttr->Length == 0)
480 {
481 DPRINT1("Broken length!\n");
482 Context->CurrAttr = (PVOID)-1;
483 return NULL;
484 }
485
486 NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)Context->CurrAttr + Context->CurrAttr->Length);
487
488 if (NextAttribute > Context->LastAttr || NextAttribute < Context->FirstAttr)
489 {
490 DPRINT1("Broken length: 0x%lx!\n", Context->CurrAttr->Length);
491 Context->CurrAttr = (PVOID)-1;
492 return NULL;
493 }
494
495 Context->Offset += ((ULONG_PTR)NextAttribute - (ULONG_PTR)Context->CurrAttr);
496 Context->CurrAttr = NextAttribute;
497
498 if (Context->CurrAttr < Context->LastAttr &&
499 Context->CurrAttr->Type != AttributeEnd)
500 {
501 return Context->CurrAttr;
502 }
503 }
504
505 if (Context->NonResidentStart == NULL)
506 {
507 Context->CurrAttr = (PVOID)-1;
508 return NULL;
509 }
510
511 if (Context->CurrAttr < Context->NonResidentStart ||
512 Context->CurrAttr >= Context->NonResidentEnd)
513 {
514 Context->CurrAttr = Context->NonResidentStart;
515 }
516 else if (Context->CurrAttr->Length != 0)
517 {
518 NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)Context->CurrAttr + Context->CurrAttr->Length);
519 Context->Offset += ((ULONG_PTR)NextAttribute - (ULONG_PTR)Context->CurrAttr);
520 Context->CurrAttr = NextAttribute;
521 }
522 else
523 {
524 DPRINT1("Broken length!\n");
525 Context->CurrAttr = (PVOID)-1;
526 return NULL;
527 }
528
529 if (Context->CurrAttr < Context->NonResidentEnd &&
530 Context->CurrAttr->Type != AttributeEnd)
531 {
532 return Context->CurrAttr;
533 }
534
535 Context->CurrAttr = (PVOID)-1;
536 return NULL;
537 }
538
539 NTSTATUS
540 FindFirstAttribute(PFIND_ATTR_CONTXT Context,
541 PDEVICE_EXTENSION Vcb,
542 PFILE_RECORD_HEADER FileRecord,
543 BOOLEAN OnlyResident,
544 PNTFS_ATTR_RECORD * Attribute)
545 {
546 NTSTATUS Status;
547
548 DPRINT("FindFistAttribute(%p, %p, %p, %p, %u, %p)\n", Context, Vcb, FileRecord, OnlyResident, Attribute);
549
550 Context->Vcb = Vcb;
551 Context->OnlyResident = OnlyResident;
552 Context->FirstAttr = (PNTFS_ATTR_RECORD)((ULONG_PTR)FileRecord + FileRecord->AttributeOffset);
553 Context->CurrAttr = Context->FirstAttr;
554 Context->LastAttr = (PNTFS_ATTR_RECORD)((ULONG_PTR)FileRecord + FileRecord->BytesInUse);
555 Context->NonResidentStart = NULL;
556 Context->NonResidentEnd = NULL;
557 Context->Offset = FileRecord->AttributeOffset;
558
559 if (Context->FirstAttr->Type == AttributeEnd)
560 {
561 Context->CurrAttr = (PVOID)-1;
562 return STATUS_END_OF_FILE;
563 }
564 else if (Context->FirstAttr->Type == AttributeAttributeList)
565 {
566 Status = InternalReadNonResidentAttributes(Context);
567 if (!NT_SUCCESS(Status))
568 {
569 return Status;
570 }
571
572 *Attribute = InternalGetNextAttribute(Context);
573 if (*Attribute == NULL)
574 {
575 return STATUS_END_OF_FILE;
576 }
577 }
578 else
579 {
580 *Attribute = Context->CurrAttr;
581 Context->Offset = (UCHAR*)Context->CurrAttr - (UCHAR*)FileRecord;
582 }
583
584 return STATUS_SUCCESS;
585 }
586
587 NTSTATUS
588 FindNextAttribute(PFIND_ATTR_CONTXT Context,
589 PNTFS_ATTR_RECORD * Attribute)
590 {
591 NTSTATUS Status;
592
593 DPRINT("FindNextAttribute(%p, %p)\n", Context, Attribute);
594
595 *Attribute = InternalGetNextAttribute(Context);
596 if (*Attribute == NULL)
597 {
598 return STATUS_END_OF_FILE;
599 }
600
601 if (Context->CurrAttr->Type != AttributeAttributeList)
602 {
603 return STATUS_SUCCESS;
604 }
605
606 Status = InternalReadNonResidentAttributes(Context);
607 if (!NT_SUCCESS(Status))
608 {
609 return Status;
610 }
611
612 *Attribute = InternalGetNextAttribute(Context);
613 if (*Attribute == NULL)
614 {
615 return STATUS_END_OF_FILE;
616 }
617
618 return STATUS_SUCCESS;
619 }
620
621 VOID
622 FindCloseAttribute(PFIND_ATTR_CONTXT Context)
623 {
624 if (Context->NonResidentStart != NULL)
625 {
626 ExFreePoolWithTag(Context->NonResidentStart, TAG_NTFS);
627 Context->NonResidentStart = NULL;
628 }
629 }
630
631 static
632 VOID
633 NtfsDumpFileNameAttribute(PNTFS_ATTR_RECORD Attribute)
634 {
635 PFILENAME_ATTRIBUTE FileNameAttr;
636
637 DbgPrint(" $FILE_NAME ");
638
639 // DbgPrint(" Length %lu Offset %hu ", Attribute->Resident.ValueLength, Attribute->Resident.ValueOffset);
640
641 FileNameAttr = (PFILENAME_ATTRIBUTE)((ULONG_PTR)Attribute + Attribute->Resident.ValueOffset);
642 DbgPrint(" (%x) '%.*S' ", FileNameAttr->NameType, FileNameAttr->NameLength, FileNameAttr->Name);
643 DbgPrint(" '%x' \n", FileNameAttr->FileAttributes);
644 DbgPrint(" AllocatedSize: %I64u\nDataSize: %I64u\n", FileNameAttr->AllocatedSize, FileNameAttr->DataSize);
645 }
646
647
648 static
649 VOID
650 NtfsDumpStandardInformationAttribute(PNTFS_ATTR_RECORD Attribute)
651 {
652 PSTANDARD_INFORMATION StandardInfoAttr;
653
654 DbgPrint(" $STANDARD_INFORMATION ");
655
656 // DbgPrint(" Length %lu Offset %hu ", Attribute->Resident.ValueLength, Attribute->Resident.ValueOffset);
657
658 StandardInfoAttr = (PSTANDARD_INFORMATION)((ULONG_PTR)Attribute + Attribute->Resident.ValueOffset);
659 DbgPrint(" '%x' ", StandardInfoAttr->FileAttribute);
660 }
661
662
663 static
664 VOID
665 NtfsDumpVolumeNameAttribute(PNTFS_ATTR_RECORD Attribute)
666 {
667 PWCHAR VolumeName;
668
669 DbgPrint(" $VOLUME_NAME ");
670
671 // DbgPrint(" Length %lu Offset %hu ", Attribute->Resident.ValueLength, Attribute->Resident.ValueOffset);
672
673 VolumeName = (PWCHAR)((ULONG_PTR)Attribute + Attribute->Resident.ValueOffset);
674 DbgPrint(" '%.*S' ", Attribute->Resident.ValueLength / sizeof(WCHAR), VolumeName);
675 }
676
677
678 static
679 VOID
680 NtfsDumpVolumeInformationAttribute(PNTFS_ATTR_RECORD Attribute)
681 {
682 PVOLINFO_ATTRIBUTE VolInfoAttr;
683
684 DbgPrint(" $VOLUME_INFORMATION ");
685
686 // DbgPrint(" Length %lu Offset %hu ", Attribute->Resident.ValueLength, Attribute->Resident.ValueOffset);
687
688 VolInfoAttr = (PVOLINFO_ATTRIBUTE)((ULONG_PTR)Attribute + Attribute->Resident.ValueOffset);
689 DbgPrint(" NTFS Version %u.%u Flags 0x%04hx ",
690 VolInfoAttr->MajorVersion,
691 VolInfoAttr->MinorVersion,
692 VolInfoAttr->Flags);
693 }
694
695
696 static
697 VOID
698 NtfsDumpIndexRootAttribute(PNTFS_ATTR_RECORD Attribute)
699 {
700 PINDEX_ROOT_ATTRIBUTE IndexRootAttr;
701
702 IndexRootAttr = (PINDEX_ROOT_ATTRIBUTE)((ULONG_PTR)Attribute + Attribute->Resident.ValueOffset);
703
704 if (IndexRootAttr->AttributeType == AttributeFileName)
705 ASSERT(IndexRootAttr->CollationRule == COLLATION_FILE_NAME);
706
707 DbgPrint(" $INDEX_ROOT (%uB, %u) ", IndexRootAttr->SizeOfEntry, IndexRootAttr->ClustersPerIndexRecord);
708
709 if (IndexRootAttr->Header.Flags == INDEX_ROOT_SMALL)
710 {
711 DbgPrint(" (small) ");
712 }
713 else
714 {
715 ASSERT(IndexRootAttr->Header.Flags == INDEX_ROOT_LARGE);
716 DbgPrint(" (large) ");
717 }
718 }
719
720
721 static
722 VOID
723 NtfsDumpAttribute(PDEVICE_EXTENSION Vcb,
724 PNTFS_ATTR_RECORD Attribute)
725 {
726 UNICODE_STRING Name;
727
728 ULONGLONG lcn = 0;
729 ULONGLONG runcount = 0;
730
731 switch (Attribute->Type)
732 {
733 case AttributeFileName:
734 NtfsDumpFileNameAttribute(Attribute);
735 break;
736
737 case AttributeStandardInformation:
738 NtfsDumpStandardInformationAttribute(Attribute);
739 break;
740
741 case AttributeObjectId:
742 DbgPrint(" $OBJECT_ID ");
743 break;
744
745 case AttributeSecurityDescriptor:
746 DbgPrint(" $SECURITY_DESCRIPTOR ");
747 break;
748
749 case AttributeVolumeName:
750 NtfsDumpVolumeNameAttribute(Attribute);
751 break;
752
753 case AttributeVolumeInformation:
754 NtfsDumpVolumeInformationAttribute(Attribute);
755 break;
756
757 case AttributeData:
758 DbgPrint(" $DATA ");
759 //DataBuf = ExAllocatePool(NonPagedPool,AttributeLengthAllocated(Attribute));
760 break;
761
762 case AttributeIndexRoot:
763 NtfsDumpIndexRootAttribute(Attribute);
764 break;
765
766 case AttributeIndexAllocation:
767 DbgPrint(" $INDEX_ALLOCATION ");
768 break;
769
770 case AttributeBitmap:
771 DbgPrint(" $BITMAP ");
772 break;
773
774 case AttributeReparsePoint:
775 DbgPrint(" $REPARSE_POINT ");
776 break;
777
778 case AttributeEAInformation:
779 DbgPrint(" $EA_INFORMATION ");
780 break;
781
782 case AttributeEA:
783 DbgPrint(" $EA ");
784 break;
785
786 case AttributePropertySet:
787 DbgPrint(" $PROPERTY_SET ");
788 break;
789
790 case AttributeLoggedUtilityStream:
791 DbgPrint(" $LOGGED_UTILITY_STREAM ");
792 break;
793
794 default:
795 DbgPrint(" Attribute %lx ",
796 Attribute->Type);
797 break;
798 }
799
800 if (Attribute->Type != AttributeAttributeList)
801 {
802 if (Attribute->NameLength != 0)
803 {
804 Name.Length = Attribute->NameLength * sizeof(WCHAR);
805 Name.MaximumLength = Name.Length;
806 Name.Buffer = (PWCHAR)((ULONG_PTR)Attribute + Attribute->NameOffset);
807
808 DbgPrint("'%wZ' ", &Name);
809 }
810
811 DbgPrint("(%s)\n",
812 Attribute->IsNonResident ? "non-resident" : "resident");
813
814 if (Attribute->IsNonResident)
815 {
816 FindRun(Attribute,0,&lcn, &runcount);
817
818 DbgPrint(" AllocatedSize %I64u DataSize %I64u InitilizedSize %I64u\n",
819 Attribute->NonResident.AllocatedSize, Attribute->NonResident.DataSize, Attribute->NonResident.InitializedSize);
820 DbgPrint(" logical clusters: %I64u - %I64u\n",
821 lcn, lcn + runcount - 1);
822 }
823 else
824 DbgPrint(" %u bytes of data\n", Attribute->Resident.ValueLength);
825 }
826 }
827
828
829 VOID NtfsDumpDataRunData(PUCHAR DataRun)
830 {
831 UCHAR DataRunOffsetSize;
832 UCHAR DataRunLengthSize;
833 CHAR i;
834
835 DbgPrint("%02x ", *DataRun);
836
837 if (*DataRun == 0)
838 return;
839
840 DataRunOffsetSize = (*DataRun >> 4) & 0xF;
841 DataRunLengthSize = *DataRun & 0xF;
842
843 DataRun++;
844 for (i = 0; i < DataRunLengthSize; i++)
845 {
846 DbgPrint("%02x ", *DataRun);
847 DataRun++;
848 }
849
850 for (i = 0; i < DataRunOffsetSize; i++)
851 {
852 DbgPrint("%02x ", *DataRun);
853 DataRun++;
854 }
855
856 NtfsDumpDataRunData(DataRun);
857 }
858
859
860 VOID
861 NtfsDumpDataRuns(PVOID StartOfRun,
862 ULONGLONG CurrentLCN)
863 {
864 PUCHAR DataRun = StartOfRun;
865 LONGLONG DataRunOffset;
866 ULONGLONG DataRunLength;
867
868 if (CurrentLCN == 0)
869 {
870 DPRINT1("Dumping data runs.\n\tData:\n\t\t");
871 NtfsDumpDataRunData(StartOfRun);
872 DbgPrint("\n\tRuns:\n\t\tOff\t\tLCN\t\tLength\n");
873 }
874
875 DataRun = DecodeRun(DataRun, &DataRunOffset, &DataRunLength);
876
877 if (DataRunOffset != -1)
878 CurrentLCN += DataRunOffset;
879
880 DbgPrint("\t\t%I64d\t", DataRunOffset);
881 if (DataRunOffset < 99999)
882 DbgPrint("\t");
883 DbgPrint("%I64u\t", CurrentLCN);
884 if (CurrentLCN < 99999)
885 DbgPrint("\t");
886 DbgPrint("%I64u\n", DataRunLength);
887
888 if (*DataRun == 0)
889 DbgPrint("\t\t00\n");
890 else
891 NtfsDumpDataRuns(DataRun, CurrentLCN);
892 }
893
894
895 VOID
896 NtfsDumpFileAttributes(PDEVICE_EXTENSION Vcb,
897 PFILE_RECORD_HEADER FileRecord)
898 {
899 NTSTATUS Status;
900 FIND_ATTR_CONTXT Context;
901 PNTFS_ATTR_RECORD Attribute;
902
903 Status = FindFirstAttribute(&Context, Vcb, FileRecord, FALSE, &Attribute);
904 while (NT_SUCCESS(Status))
905 {
906 NtfsDumpAttribute(Vcb, Attribute);
907
908 Status = FindNextAttribute(&Context, &Attribute);
909 }
910
911 FindCloseAttribute(&Context);
912 }
913
914 PFILENAME_ATTRIBUTE
915 GetFileNameFromRecord(PDEVICE_EXTENSION Vcb,
916 PFILE_RECORD_HEADER FileRecord,
917 UCHAR NameType)
918 {
919 FIND_ATTR_CONTXT Context;
920 PNTFS_ATTR_RECORD Attribute;
921 PFILENAME_ATTRIBUTE Name;
922 NTSTATUS Status;
923
924 Status = FindFirstAttribute(&Context, Vcb, FileRecord, FALSE, &Attribute);
925 while (NT_SUCCESS(Status))
926 {
927 if (Attribute->Type == AttributeFileName)
928 {
929 Name = (PFILENAME_ATTRIBUTE)((ULONG_PTR)Attribute + Attribute->Resident.ValueOffset);
930 if (Name->NameType == NameType ||
931 (Name->NameType == NTFS_FILE_NAME_WIN32_AND_DOS && NameType == NTFS_FILE_NAME_WIN32) ||
932 (Name->NameType == NTFS_FILE_NAME_WIN32_AND_DOS && NameType == NTFS_FILE_NAME_DOS))
933 {
934 FindCloseAttribute(&Context);
935 return Name;
936 }
937 }
938
939 Status = FindNextAttribute(&Context, &Attribute);
940 }
941
942 FindCloseAttribute(&Context);
943 return NULL;
944 }
945
946 /**
947 * GetPackedByteCount
948 * Returns the minimum number of bytes needed to represent the value of a
949 * 64-bit number. Used to encode data runs.
950 */
951 UCHAR
952 GetPackedByteCount(LONGLONG NumberToPack,
953 BOOLEAN IsSigned)
954 {
955 int bytes = 0;
956 if (!IsSigned)
957 {
958 if (NumberToPack >= 0x0100000000000000)
959 return 8;
960 if (NumberToPack >= 0x0001000000000000)
961 return 7;
962 if (NumberToPack >= 0x0000010000000000)
963 return 6;
964 if (NumberToPack >= 0x0000000100000000)
965 return 5;
966 if (NumberToPack >= 0x0000000001000000)
967 return 4;
968 if (NumberToPack >= 0x0000000000010000)
969 return 3;
970 if (NumberToPack >= 0x0000000000000100)
971 return 2;
972 return 1;
973 }
974
975 if (NumberToPack > 0)
976 {
977 // we have to make sure the number that gets encoded won't be interpreted as negative
978 if (NumberToPack >= 0x0080000000000000)
979 return 8;
980 if (NumberToPack >= 0x0000800000000000)
981 return 7;
982 if (NumberToPack >= 0x0000008000000000)
983 return 6;
984 if (NumberToPack >= 0x0000000080000000)
985 return 5;
986 if (NumberToPack >= 0x0000000000800000)
987 return 4;
988 if (NumberToPack >= 0x0000000000008000)
989 return 3;
990 if (NumberToPack >= 0x0000000000000080)
991 return 2;
992 return 1;
993 }
994 else
995 {
996 // negative number
997 if (NumberToPack <= 0xff80000000000000)
998 return 8;
999 if (NumberToPack <= 0xffff800000000000)
1000 return 7;
1001 if (NumberToPack <= 0xffffff8000000000)
1002 return 6;
1003 if (NumberToPack <= 0xffffffff80000000)
1004 return 5;
1005 if (NumberToPack <= 0xffffffffff800000)
1006 return 4;
1007 if (NumberToPack <= 0xffffffffffff8000)
1008 return 3;
1009 if (NumberToPack <= 0xffffffffffffff80)
1010 return 2;
1011 return 1;
1012 }
1013 return bytes;
1014 }
1015
1016 NTSTATUS
1017 GetLastClusterInDataRun(PDEVICE_EXTENSION Vcb, PNTFS_ATTR_RECORD Attribute, PULONGLONG LastCluster)
1018 {
1019 LONGLONG DataRunOffset;
1020 ULONGLONG DataRunLength;
1021 LONGLONG DataRunStartLCN;
1022
1023 ULONGLONG LastLCN = 0;
1024 PUCHAR DataRun = (PUCHAR)Attribute + Attribute->NonResident.MappingPairsOffset;
1025
1026 if (!Attribute->IsNonResident)
1027 return STATUS_INVALID_PARAMETER;
1028
1029 while (1)
1030 {
1031 DataRun = DecodeRun(DataRun, &DataRunOffset, &DataRunLength);
1032
1033 if (DataRunOffset != -1)
1034 {
1035 // Normal data run.
1036 DataRunStartLCN = LastLCN + DataRunOffset;
1037 LastLCN = DataRunStartLCN;
1038 *LastCluster = LastLCN + DataRunLength - 1;
1039 }
1040
1041 if (*DataRun == 0)
1042 break;
1043 }
1044
1045 return STATUS_SUCCESS;
1046 }
1047
1048 PSTANDARD_INFORMATION
1049 GetStandardInformationFromRecord(PDEVICE_EXTENSION Vcb,
1050 PFILE_RECORD_HEADER FileRecord)
1051 {
1052 NTSTATUS Status;
1053 FIND_ATTR_CONTXT Context;
1054 PNTFS_ATTR_RECORD Attribute;
1055 PSTANDARD_INFORMATION StdInfo;
1056
1057 Status = FindFirstAttribute(&Context, Vcb, FileRecord, FALSE, &Attribute);
1058 while (NT_SUCCESS(Status))
1059 {
1060 if (Attribute->Type == AttributeStandardInformation)
1061 {
1062 StdInfo = (PSTANDARD_INFORMATION)((ULONG_PTR)Attribute + Attribute->Resident.ValueOffset);
1063 FindCloseAttribute(&Context);
1064 return StdInfo;
1065 }
1066
1067 Status = FindNextAttribute(&Context, &Attribute);
1068 }
1069
1070 FindCloseAttribute(&Context);
1071 return NULL;
1072 }
1073
1074 PFILENAME_ATTRIBUTE
1075 GetBestFileNameFromRecord(PDEVICE_EXTENSION Vcb,
1076 PFILE_RECORD_HEADER FileRecord)
1077 {
1078 PFILENAME_ATTRIBUTE FileName;
1079
1080 FileName = GetFileNameFromRecord(Vcb, FileRecord, NTFS_FILE_NAME_POSIX);
1081 if (FileName == NULL)
1082 {
1083 FileName = GetFileNameFromRecord(Vcb, FileRecord, NTFS_FILE_NAME_WIN32);
1084 if (FileName == NULL)
1085 {
1086 FileName = GetFileNameFromRecord(Vcb, FileRecord, NTFS_FILE_NAME_DOS);
1087 }
1088 }
1089
1090 return FileName;
1091 }
1092
1093 /* EOF */