5 #include <pseh/pseh2.h>
8 #define INIT_SECTION __attribute__((section ("INIT")))
10 #define INIT_SECTION /* Done via alloc_text for MSC */
13 #define CACHEPAGESIZE(pDeviceExt) \
14 ((pDeviceExt)->NtfsInfo.UCHARsPerCluster > PAGE_SIZE ? \
15 (pDeviceExt)->NtfsInfo.UCHARsPerCluster : PAGE_SIZE)
17 #define TAG_NTFS 'SFTN'
19 #define ROUND_UP(N, S) ((((N) + (S) - 1) / (S)) * (S))
20 #define ROUND_DOWN(N, S) ((N) - ((N) % (S)))
22 #define DEVICE_NAME L"\\Ntfs"
25 typedef struct _BIOS_PARAMETERS_BLOCK
27 USHORT BytesPerSector
; // 0x0B
28 UCHAR SectorsPerCluster
; // 0x0D
29 UCHAR Unused0
[7]; // 0x0E, checked when volume is mounted
30 UCHAR MediaId
; // 0x15
31 UCHAR Unused1
[2]; // 0x16
32 USHORT SectorsPerTrack
; // 0x18
34 UCHAR Unused2
[4]; // 0x1C
35 UCHAR Unused3
[4]; // 0x20, checked when volume is mounted
36 } BIOS_PARAMETERS_BLOCK
, *PBIOS_PARAMETERS_BLOCK
;
38 typedef struct _EXTENDED_BIOS_PARAMETERS_BLOCK
40 USHORT Unknown
[2]; // 0x24, always 80 00 80 00
41 ULONGLONG SectorCount
; // 0x28
42 ULONGLONG MftLocation
; // 0x30
43 ULONGLONG MftMirrLocation
; // 0x38
44 CHAR ClustersPerMftRecord
; // 0x40
45 UCHAR Unused4
[3]; // 0x41
46 CHAR ClustersPerIndexRecord
; // 0x44
47 UCHAR Unused5
[3]; // 0x45
48 ULONGLONG SerialNumber
; // 0x48
49 UCHAR Checksum
[4]; // 0x50
50 } EXTENDED_BIOS_PARAMETERS_BLOCK
, *PEXTENDED_BIOS_PARAMETERS_BLOCK
;
52 typedef struct _BOOT_SECTOR
54 UCHAR Jump
[3]; // 0x00
55 UCHAR OEMID
[8]; // 0x03
56 BIOS_PARAMETERS_BLOCK BPB
;
57 EXTENDED_BIOS_PARAMETERS_BLOCK EBPB
;
58 UCHAR BootStrap
[426]; // 0x54
59 USHORT EndSector
; // 0x1FE
60 } BOOT_SECTOR
, *PBOOT_SECTOR
;
63 //typedef struct _BootSector BootSector;
65 typedef struct _NTFS_INFO
68 ULONG SectorsPerCluster
;
69 ULONG BytesPerCluster
;
70 ULONGLONG SectorCount
;
71 ULONGLONG ClusterCount
;
72 ULARGE_INTEGER MftStart
;
73 ULARGE_INTEGER MftMirrStart
;
74 ULONG BytesPerFileRecord
;
75 ULONG BytesPerIndexRecord
;
77 ULONGLONG SerialNumber
;
78 USHORT VolumeLabelLength
;
79 WCHAR VolumeLabel
[MAXIMUM_VOLUME_LABEL_LENGTH
];
84 ULONG MftZoneReservation
;
85 } NTFS_INFO
, *PNTFS_INFO
;
87 #define NTFS_TYPE_CCB '20SF'
88 #define NTFS_TYPE_FCB '30SF'
89 #define NTFS_TYPE_VCB '50SF'
90 #define NTFS_TYPE_IRP_CONTEST '60SF'
91 #define NTFS_TYPE_GLOBAL_DATA '70SF'
97 } NTFSIDENTIFIER
, *PNTFSIDENTIFIER
;
101 NTFSIDENTIFIER Identifier
;
103 ERESOURCE DirResource
;
104 // ERESOURCE FatResource;
106 KSPIN_LOCK FcbListLock
;
107 LIST_ENTRY FcbListHead
;
110 PDEVICE_OBJECT StorageDevice
;
111 PFILE_OBJECT StreamFileObject
;
113 struct _NTFS_ATTR_CONTEXT
* MFTContext
;
114 struct _FILE_RECORD_HEADER
* MasterFileTable
;
115 struct _FCB
*VolumeFcb
;
119 } DEVICE_EXTENSION
, *PDEVICE_EXTENSION
, NTFS_VCB
, *PNTFS_VCB
;
123 NTFSIDENTIFIER Identifier
;
125 PFILE_OBJECT PtrFileObject
;
126 LARGE_INTEGER CurrentByteOffset
;
127 /* for DirectoryControl */
129 /* for DirectoryControl */
130 PWCHAR DirectorySearchPattern
;
133 } NTFS_CCB
, *PNTFS_CCB
;
135 #define TAG_CCB 'BCCI'
136 #define TAG_FCB 'BCFI'
140 NTFSIDENTIFIER Identifier
;
142 PDRIVER_OBJECT DriverObject
;
143 PDEVICE_OBJECT DeviceObject
;
144 CACHE_MANAGER_CALLBACKS CacheMgrCallbacks
;
146 FAST_IO_DISPATCH FastIoDispatch
;
147 NPAGED_LOOKASIDE_LIST IrpContextLookasideList
;
148 NPAGED_LOOKASIDE_LIST FcbLookasideList
;
149 } NTFS_GLOBAL_DATA
, *PNTFS_GLOBAL_DATA
;
154 AttributeStandardInformation
= 0x10,
155 AttributeAttributeList
= 0x20,
156 AttributeFileName
= 0x30,
157 AttributeObjectId
= 0x40,
158 AttributeSecurityDescriptor
= 0x50,
159 AttributeVolumeName
= 0x60,
160 AttributeVolumeInformation
= 0x70,
161 AttributeData
= 0x80,
162 AttributeIndexRoot
= 0x90,
163 AttributeIndexAllocation
= 0xA0,
164 AttributeBitmap
= 0xB0,
165 AttributeReparsePoint
= 0xC0,
166 AttributeEAInformation
= 0xD0,
168 AttributePropertySet
= 0xF0,
169 AttributeLoggedUtilityStream
= 0x100,
170 AttributeEnd
= 0xFFFFFFFF
171 } ATTRIBUTE_TYPE
, *PATTRIBUTE_TYPE
;
173 #define NTFS_FILE_MFT 0
174 #define NTFS_FILE_MFTMIRR 1
175 #define NTFS_FILE_LOGFILE 2
176 #define NTFS_FILE_VOLUME 3
177 #define NTFS_FILE_ATTRDEF 4
178 #define NTFS_FILE_ROOT 5
179 #define NTFS_FILE_BITMAP 6
180 #define NTFS_FILE_BOOT 7
181 #define NTFS_FILE_BADCLUS 8
182 #define NTFS_FILE_QUOTA 9
183 #define NTFS_FILE_UPCASE 10
184 #define NTFS_FILE_EXTEND 11
186 #define NTFS_MFT_MASK 0x0000FFFFFFFFFFFFULL
188 #define COLLATION_BINARY 0x00
189 #define COLLATION_FILE_NAME 0x01
190 #define COLLATION_UNICODE_STRING 0x02
191 #define COLLATION_NTOFS_ULONG 0x10
192 #define COLLATION_NTOFS_SID 0x11
193 #define COLLATION_NTOFS_SECURITY_HASH 0x12
194 #define COLLATION_NTOFS_ULONGS 0x13
196 #define INDEX_ROOT_SMALL 0x0
197 #define INDEX_ROOT_LARGE 0x1
199 #define NTFS_INDEX_ENTRY_NODE 1
200 #define NTFS_INDEX_ENTRY_END 2
202 #define NTFS_FILE_NAME_POSIX 0
203 #define NTFS_FILE_NAME_WIN32 1
204 #define NTFS_FILE_NAME_DOS 2
205 #define NTFS_FILE_NAME_WIN32_AND_DOS 3
207 #define NTFS_FILE_TYPE_READ_ONLY 0x1
208 #define NTFS_FILE_TYPE_HIDDEN 0x2
209 #define NTFS_FILE_TYPE_SYSTEM 0x4
210 #define NTFS_FILE_TYPE_ARCHIVE 0x20
211 #define NTFS_FILE_TYPE_REPARSE 0x400
212 #define NTFS_FILE_TYPE_COMPRESSED 0x800
213 #define NTFS_FILE_TYPE_DIRECTORY 0x10000000
217 ULONG Type
; /* Magic number 'FILE' */
218 USHORT UsaOffset
; /* Offset to the update sequence */
219 USHORT UsaCount
; /* Size in words of Update Sequence Number & Array (S) */
220 ULONGLONG Lsn
; /* $LogFile Sequence Number (LSN) */
221 } NTFS_RECORD_HEADER
, *PNTFS_RECORD_HEADER
;
223 /* NTFS_RECORD_HEADER.Type */
224 #define NRH_FILE_TYPE 0x454C4946 /* 'FILE' */
225 #define NRH_INDX_TYPE 0x58444E49 /* 'INDX' */
228 typedef struct _FILE_RECORD_HEADER
230 NTFS_RECORD_HEADER Ntfs
;
231 USHORT SequenceNumber
; /* Sequence number */
232 USHORT LinkCount
; /* Hard link count */
233 USHORT AttributeOffset
; /* Offset to the first Attribute */
234 USHORT Flags
; /* Flags */
235 ULONG BytesInUse
; /* Real size of the FILE record */
236 ULONG BytesAllocated
; /* Allocated size of the FILE record */
237 ULONGLONG BaseFileRecord
; /* File reference to the base FILE record */
238 USHORT NextAttributeNumber
; /* Next Attribute Id */
239 USHORT Pading
; /* Align to 4 UCHAR boundary (XP) */
240 ULONG MFTRecordNumber
; /* Number of this MFT Record (XP) */
241 } FILE_RECORD_HEADER
, *PFILE_RECORD_HEADER
;
243 /* Flags in FILE_RECORD_HEADER */
245 #define FRH_IN_USE 0x0001 /* Record is in use */
246 #define FRH_DIRECTORY 0x0002 /* Record is a directory */
247 #define FRH_UNKNOWN1 0x0004 /* Don't know */
248 #define FRH_UNKNOWN2 0x0008 /* Don't know */
261 // Resident attributes
269 // Non-resident attributes
273 ULONGLONG HighestVCN
;
274 USHORT MappingPairsOffset
;
275 USHORT CompressionUnit
;
277 LONGLONG AllocatedSize
;
279 LONGLONG InitializedSize
;
280 LONGLONG CompressedSize
;
283 } NTFS_ATTR_RECORD
, *PNTFS_ATTR_RECORD
;
287 ULONGLONG CreationTime
;
288 ULONGLONG ChangeTime
;
289 ULONGLONG LastWriteTime
;
290 ULONGLONG LastAccessTime
;
292 ULONG AlignmentOrReserved
[3];
296 ULONGLONG QuotaCharge
;
299 } STANDARD_INFORMATION
, *PSTANDARD_INFORMATION
;
304 ATTRIBUTE_TYPE AttributeType
;
308 ULONGLONG StartVcn
; // LowVcn
309 ULONGLONG FileReferenceNumber
;
310 USHORT AttributeNumber
;
311 USHORT AlignmentOrReserved
[3];
312 } ATTRIBUTE_LIST
, *PATTRIBUTE_LIST
;
317 ULONGLONG DirectoryFileReferenceNumber
;
318 ULONGLONG CreationTime
;
319 ULONGLONG ChangeTime
;
320 ULONGLONG LastWriteTime
;
321 ULONGLONG LastAccessTime
;
322 ULONGLONG AllocatedSize
;
324 ULONG FileAttributes
;
330 USHORT AlignmentOrReserved
;
337 } FILENAME_ATTRIBUTE
, *PFILENAME_ATTRIBUTE
;
341 ULONG FirstEntryOffset
;
342 ULONG TotalSizeOfEntries
;
346 } INDEX_HEADER_ATTRIBUTE
, *PINDEX_HEADER_ATTRIBUTE
;
353 UCHAR ClustersPerIndexRecord
;
355 INDEX_HEADER_ATTRIBUTE Header
;
356 } INDEX_ROOT_ATTRIBUTE
, *PINDEX_ROOT_ATTRIBUTE
;
360 NTFS_RECORD_HEADER Ntfs
;
362 INDEX_HEADER_ATTRIBUTE Header
;
363 } INDEX_BUFFER
, *PINDEX_BUFFER
;
371 ULONGLONG IndexedFile
;
384 FILENAME_ATTRIBUTE FileName
;
385 } INDEX_ENTRY_ATTRIBUTE
, *PINDEX_ENTRY_ATTRIBUTE
;
394 } VOLINFO_ATTRIBUTE
, *PVOLINFO_ATTRIBUTE
;
401 } REPARSE_POINT_ATTRIBUTE
, *PREPARSE_POINT_ATTRIBUTE
;
403 #define IRPCONTEXT_CANWAIT 0x1
404 #define IRPCONTEXT_COMPLETE 0x2
405 #define IRPCONTEXT_QUEUE 0x4
409 NTFSIDENTIFIER Identifier
;
411 PIO_STACK_LOCATION Stack
;
414 WORK_QUEUE_ITEM WorkQueueItem
;
417 PDEVICE_OBJECT DeviceObject
;
418 PFILE_OBJECT FileObject
;
419 NTSTATUS SavedExceptionCode
;
421 } NTFS_IRP_CONTEXT
, *PNTFS_IRP_CONTEXT
;
423 typedef struct _NTFS_ATTR_CONTEXT
426 ULONGLONG CacheRunOffset
;
427 LONGLONG CacheRunStartLCN
;
428 ULONGLONG CacheRunLength
;
429 LONGLONG CacheRunLastLCN
;
430 ULONGLONG CacheRunCurrentOffset
;
431 NTFS_ATTR_RECORD Record
;
432 } NTFS_ATTR_CONTEXT
, *PNTFS_ATTR_CONTEXT
;
434 #define FCB_CACHE_INITIALIZED 0x0001
435 #define FCB_IS_VOLUME_STREAM 0x0002
436 #define FCB_IS_VOLUME 0x0004
441 NTFSIDENTIFIER Identifier
;
443 FSRTL_COMMON_FCB_HEADER RFCB
;
444 SECTION_OBJECT_POINTERS SectionObjectPointers
;
446 PFILE_OBJECT FileObject
;
449 WCHAR Stream
[MAX_PATH
];
450 WCHAR
*ObjectName
; /* point on filename (250 chars max) in PathName */
451 WCHAR PathName
[MAX_PATH
]; /* path+filename 260 max */
453 ERESOURCE PagingIoResource
;
454 ERESOURCE MainResource
;
456 LIST_ENTRY FcbListEntry
;
457 struct _FCB
* ParentFcb
;
467 FILENAME_ATTRIBUTE Entry
;
469 } NTFS_FCB
, *PNTFS_FCB
;
471 typedef struct _FIND_ATTR_CONTXT
473 PDEVICE_EXTENSION Vcb
;
474 BOOLEAN OnlyResident
;
475 PNTFS_ATTR_RECORD FirstAttr
;
476 PNTFS_ATTR_RECORD CurrAttr
;
477 PNTFS_ATTR_RECORD LastAttr
;
478 PNTFS_ATTR_RECORD NonResidentStart
;
479 PNTFS_ATTR_RECORD NonResidentEnd
;
480 } FIND_ATTR_CONTXT
, *PFIND_ATTR_CONTXT
;
482 extern PNTFS_GLOBAL_DATA NtfsGlobalData
;
486 NtfsMarkIrpContextForQueue(PNTFS_IRP_CONTEXT IrpContext
)
488 PULONG Flags
= &IrpContext
->Flags
;
490 *Flags
&= ~IRPCONTEXT_COMPLETE
;
491 *Flags
|= IRPCONTEXT_QUEUE
;
493 return STATUS_PENDING
;
499 //NtfsDumpAttribute(PATTRIBUTE Attribute);
502 DecodeRun(PUCHAR DataRun
,
503 LONGLONG
*DataRunOffset
,
504 ULONGLONG
*DataRunLength
);
507 NtfsDumpFileAttributes(PDEVICE_EXTENSION Vcb
,
508 PFILE_RECORD_HEADER FileRecord
);
510 PSTANDARD_INFORMATION
511 GetStandardInformationFromRecord(PDEVICE_EXTENSION Vcb
,
512 PFILE_RECORD_HEADER FileRecord
);
515 GetFileNameFromRecord(PDEVICE_EXTENSION Vcb
,
516 PFILE_RECORD_HEADER FileRecord
,
520 GetBestFileNameFromRecord(PDEVICE_EXTENSION Vcb
,
521 PFILE_RECORD_HEADER FileRecord
);
524 FindFirstAttribute(PFIND_ATTR_CONTXT Context
,
525 PDEVICE_EXTENSION Vcb
,
526 PFILE_RECORD_HEADER FileRecord
,
527 BOOLEAN OnlyResident
,
528 PNTFS_ATTR_RECORD
* Attribute
);
531 FindNextAttribute(PFIND_ATTR_CONTXT Context
,
532 PNTFS_ATTR_RECORD
* Attribute
);
535 FindCloseAttribute(PFIND_ATTR_CONTXT Context
);
540 NtfsReadDisk(IN PDEVICE_OBJECT DeviceObject
,
541 IN LONGLONG StartingOffset
,
544 IN OUT PUCHAR Buffer
,
545 IN BOOLEAN Override
);
548 NtfsReadSectors(IN PDEVICE_OBJECT DeviceObject
,
550 IN ULONG SectorCount
,
552 IN OUT PUCHAR Buffer
,
553 IN BOOLEAN Override
);
556 NtfsDeviceIoControl(IN PDEVICE_OBJECT DeviceObject
,
557 IN ULONG ControlCode
,
558 IN PVOID InputBuffer
,
559 IN ULONG InputBufferSize
,
560 IN OUT PVOID OutputBuffer
,
561 IN OUT PULONG OutputBufferSize
,
562 IN BOOLEAN Override
);
568 NtfsCloseFile(PDEVICE_EXTENSION DeviceExt
,
569 PFILE_OBJECT FileObject
);
572 NtfsClose(PNTFS_IRP_CONTEXT IrpContext
);
578 NtfsCreate(PNTFS_IRP_CONTEXT IrpContext
);
584 NtfsDeviceControl(PNTFS_IRP_CONTEXT IrpContext
);
590 NtfsGetFileSize(PDEVICE_EXTENSION DeviceExt
,
591 PFILE_RECORD_HEADER FileRecord
,
594 PULONGLONG AllocatedSize
);
597 NtfsDirectoryControl(PNTFS_IRP_CONTEXT IrpContext
);
602 DRIVER_DISPATCH NtfsFsdDispatch
;
604 NtfsFsdDispatch(PDEVICE_OBJECT DeviceObject
,
611 NtfsAcqLazyWrite(PVOID Context
,
615 NtfsRelLazyWrite(PVOID Context
);
618 NtfsAcqReadAhead(PVOID Context
,
622 NtfsRelReadAhead(PVOID Context
);
624 FAST_IO_CHECK_IF_POSSIBLE NtfsFastIoCheckIfPossible
;
625 FAST_IO_READ NtfsFastIoRead
;
626 FAST_IO_WRITE NtfsFastIoWrite
;
632 NtfsCreateFCB(PCWSTR FileName
,
637 NtfsDestroyFCB(PNTFS_FCB Fcb
);
640 NtfsFCBIsDirectory(PNTFS_FCB Fcb
);
643 NtfsFCBIsReparsePoint(PNTFS_FCB Fcb
);
646 NtfsFCBIsRoot(PNTFS_FCB Fcb
);
649 NtfsGrabFCB(PNTFS_VCB Vcb
,
653 NtfsReleaseFCB(PNTFS_VCB Vcb
,
657 NtfsAddFCBToTable(PNTFS_VCB Vcb
,
661 NtfsGrabFCBFromTable(PNTFS_VCB Vcb
,
665 NtfsFCBInitializeCache(PNTFS_VCB Vcb
,
669 NtfsMakeRootFCB(PNTFS_VCB Vcb
);
672 NtfsOpenRootFCB(PNTFS_VCB Vcb
);
675 NtfsAttachFCBToFileObject(PNTFS_VCB Vcb
,
677 PFILE_OBJECT FileObject
);
680 NtfsGetFCBForFile(PNTFS_VCB Vcb
,
681 PNTFS_FCB
*pParentFCB
,
683 const PWSTR pFileName
);
686 NtfsReadFCBAttribute(PNTFS_VCB Vcb
,
694 NtfsMakeFCBFromDirEntry(PNTFS_VCB Vcb
,
695 PNTFS_FCB DirectoryFCB
,
696 PUNICODE_STRING Name
,
698 PFILE_RECORD_HEADER Record
,
700 PNTFS_FCB
* fileFCB
);
706 NtfsQueryInformation(PNTFS_IRP_CONTEXT IrpContext
);
712 NtfsFileSystemControl(PNTFS_IRP_CONTEXT IrpContext
);
717 PrepareAttributeContext(PNTFS_ATTR_RECORD AttrRecord
);
720 ReleaseAttributeContext(PNTFS_ATTR_CONTEXT Context
);
723 ReadAttribute(PDEVICE_EXTENSION Vcb
,
724 PNTFS_ATTR_CONTEXT Context
,
730 AttributeDataLength(PNTFS_ATTR_RECORD AttrRecord
);
733 AttributeAllocatedLength(PNTFS_ATTR_RECORD AttrRecord
);
736 ReadFileRecord(PDEVICE_EXTENSION Vcb
,
738 PFILE_RECORD_HEADER file
);
741 FindAttribute(PDEVICE_EXTENSION Vcb
,
742 PFILE_RECORD_HEADER MftRecord
,
746 PNTFS_ATTR_CONTEXT
* AttrCtx
);
749 ReadVCN(PDEVICE_EXTENSION Vcb
,
750 PFILE_RECORD_HEADER file
,
757 FixupUpdateSequenceArray(PDEVICE_EXTENSION Vcb
,
758 PNTFS_RECORD_HEADER Record
);
761 ReadLCN(PDEVICE_EXTENSION Vcb
,
767 EnumerAttribute(PFILE_RECORD_HEADER file
,
768 PDEVICE_EXTENSION Vcb
,
769 PDEVICE_OBJECT DeviceObject
);
772 NtfsLookupFile(PDEVICE_EXTENSION Vcb
,
773 PUNICODE_STRING PathName
,
774 PFILE_RECORD_HEADER
*FileRecord
,
775 PULONGLONG MFTIndex
);
778 NtfsLookupFileAt(PDEVICE_EXTENSION Vcb
,
779 PUNICODE_STRING PathName
,
780 PFILE_RECORD_HEADER
*FileRecord
,
782 ULONGLONG CurrentMFTIndex
);
785 NtfsFindFileAt(PDEVICE_EXTENSION Vcb
,
786 PUNICODE_STRING SearchPattern
,
788 PFILE_RECORD_HEADER
*FileRecord
,
790 ULONGLONG CurrentMFTIndex
);
795 NtfsIsIrpTopLevel(PIRP Irp
);
798 NtfsAllocateIrpContext(PDEVICE_OBJECT DeviceObject
,
802 NtfsGetUserBuffer(PIRP Irp
,
807 wstrcmpjoki(PWSTR s1
, PWSTR s2
);
810 CdfsSwapString(PWCHAR Out
,
816 NtfsFileFlagsToAttributes(ULONG NtfsAttributes
,
817 PULONG FileAttributes
);
823 NtfsRead(PNTFS_IRP_CONTEXT IrpContext
);
826 NtfsWrite(PNTFS_IRP_CONTEXT IrpContext
);
832 NtfsGetFreeClusters(PDEVICE_EXTENSION DeviceExt
);
835 NtfsQueryVolumeInformation(PNTFS_IRP_CONTEXT IrpContext
);
838 NtfsSetVolumeInformation(PNTFS_IRP_CONTEXT IrpContext
);
843 DRIVER_INITIALIZE DriverEntry
;
847 NtfsInitializeFunctionPointers(PDRIVER_OBJECT DriverObject
);