/*
* ReactOS kernel
- * Copyright (C) 2002 ReactOS Team
+ * Copyright (C) 2002, 2014 ReactOS Team
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* PROJECT: ReactOS kernel
* FILE: drivers/filesystem/ntfs/mft.c
* PURPOSE: NTFS filesystem driver
- * PROGRAMMER: Eric Kohl
- * Updated by Valentin Verkhovsky 2003/09/12
+ * PROGRAMMERS: Eric Kohl
+ * Valentin Verkhovsky
+ * Pierre Schweitzer (pierre@reactos.org)
+ * Hervé Poussineau (hpoussin@reactos.org)
+ * Trevor Thompson
*/
/* INCLUDES *****************************************************************/
#include "ntfs.h"
+#include <ntintsafe.h>
#define NDEBUG
#include <debug.h>
{
PNTFS_ATTR_CONTEXT Context;
- Context = ExAllocatePoolWithTag(NonPagedPool,
- FIELD_OFFSET(NTFS_ATTR_CONTEXT, Record) + AttrRecord->Length,
- TAG_NTFS);
- RtlCopyMemory(&Context->Record, AttrRecord, AttrRecord->Length);
+ Context = ExAllocateFromNPagedLookasideList(&NtfsGlobalData->AttrCtxtLookasideList);
+ if(!Context)
+ {
+ DPRINT1("Error: Unable to allocate memory for context!\n");
+ return NULL;
+ }
+
+ // Allocate memory for a copy of the attribute
+ Context->pRecord = ExAllocatePoolWithTag(NonPagedPool, AttrRecord->Length, TAG_NTFS);
+ if(!Context->pRecord)
+ {
+ DPRINT1("Error: Unable to allocate memory for attribute record!\n");
+ ExFreeToNPagedLookasideList(&NtfsGlobalData->AttrCtxtLookasideList, Context);
+ return NULL;
+ }
+
+ // Copy the attribute
+ RtlCopyMemory(Context->pRecord, AttrRecord, AttrRecord->Length);
+
if (AttrRecord->IsNonResident)
{
LONGLONG DataRunOffset;
ULONGLONG DataRunLength;
+ ULONGLONG NextVBN = 0;
+ PUCHAR DataRun = (PUCHAR)((ULONG_PTR)Context->pRecord + Context->pRecord->NonResident.MappingPairsOffset);
- Context->CacheRun = (PUCHAR)&Context->Record + Context->Record.NonResident.MappingPairsOffset;
+ Context->CacheRun = DataRun;
Context->CacheRunOffset = 0;
Context->CacheRun = DecodeRun(Context->CacheRun, &DataRunOffset, &DataRunLength);
Context->CacheRunLength = DataRunLength;
Context->CacheRunLastLCN = 0;
}
Context->CacheRunCurrentOffset = 0;
+
+ // Convert the data runs to a map control block
+ if (!NT_SUCCESS(ConvertDataRunsToLargeMCB(DataRun, &Context->DataRunsMCB, &NextVBN)))
+ {
+ DPRINT1("Unable to convert data runs to MCB!\n");
+ ExFreePoolWithTag(Context->pRecord, TAG_NTFS);
+ ExFreeToNPagedLookasideList(&NtfsGlobalData->AttrCtxtLookasideList, Context);
+ return NULL;
+ }
}
return Context;
VOID
ReleaseAttributeContext(PNTFS_ATTR_CONTEXT Context)
{
- ExFreePoolWithTag(Context, TAG_NTFS);
-}
-
-
-PNTFS_ATTR_CONTEXT
-FindAttributeHelper(PDEVICE_EXTENSION Vcb,
- PNTFS_ATTR_RECORD AttrRecord,
- PNTFS_ATTR_RECORD AttrRecordEnd,
- ULONG Type,
- PCWSTR Name,
- ULONG NameLength)
-{
- DPRINT1("FindAttributeHelper(%p, %p, %p, 0x%x, %S, %u)\n", Vcb, AttrRecord, AttrRecordEnd, Type, Name, NameLength);
-
- while (AttrRecord < AttrRecordEnd)
+ if (Context->pRecord)
{
- DPRINT("AttrRecord->Type = 0x%x\n", AttrRecord->Type);
-
- if (AttrRecord->Type == AttributeEnd)
- break;
-
- if (AttrRecord->Type == AttributeAttributeList)
+ if (Context->pRecord->IsNonResident)
{
- PNTFS_ATTR_CONTEXT Context;
- PNTFS_ATTR_CONTEXT ListContext;
- PVOID ListBuffer;
- ULONGLONG ListSize;
- PNTFS_ATTR_RECORD ListAttrRecord;
- PNTFS_ATTR_RECORD ListAttrRecordEnd;
-
- // Do not handle non-resident yet
- ASSERT(!(AttrRecord->IsNonResident & 1));
-
- ListContext = PrepareAttributeContext(AttrRecord);
-
- ListSize = AttributeDataLength(&ListContext->Record);
- if(ListSize <= 0xFFFFFFFF)
- ListBuffer = ExAllocatePoolWithTag(NonPagedPool, (ULONG)ListSize, TAG_NTFS);
- else
- ListBuffer = NULL;
+ FsRtlUninitializeLargeMcb(&Context->DataRunsMCB);
+ }
- if(!ListBuffer)
- {
- DPRINT("Failed to allocate memory: %x\n", (ULONG)ListSize);
- continue;
- }
+ ExFreePoolWithTag(Context->pRecord, TAG_NTFS);
+ }
- ListAttrRecord = (PNTFS_ATTR_RECORD)ListBuffer;
- ListAttrRecordEnd = (PNTFS_ATTR_RECORD)((PCHAR)ListBuffer + ListSize);
+ ExFreeToNPagedLookasideList(&NtfsGlobalData->AttrCtxtLookasideList, Context);
+}
- if (ReadAttribute(Vcb, ListContext, 0, ListBuffer, (ULONG)ListSize) == ListSize)
- {
- Context = FindAttributeHelper(Vcb, ListAttrRecord, ListAttrRecordEnd,
- Type, Name, NameLength);
- ReleaseAttributeContext(ListContext);
- ExFreePoolWithTag(ListBuffer, TAG_NTFS);
+/**
+* @name FindAttribute
+* @implemented
+*
+* Searches a file record for an attribute matching the given type and name.
+*
+* @param Offset
+* Optional pointer to a ULONG that will receive the offset of the found attribute
+* from the beginning of the record. Can be set to NULL.
+*/
+NTSTATUS
+FindAttribute(PDEVICE_EXTENSION Vcb,
+ PFILE_RECORD_HEADER MftRecord,
+ ULONG Type,
+ PCWSTR Name,
+ ULONG NameLength,
+ PNTFS_ATTR_CONTEXT * AttrCtx,
+ PULONG Offset)
+{
+ BOOLEAN Found;
+ NTSTATUS Status;
+ FIND_ATTR_CONTXT Context;
+ PNTFS_ATTR_RECORD Attribute;
- if (Context != NULL)
- {
- DPRINT("Found context = %p\n", Context);
- return Context;
- }
- }
- }
+ DPRINT("FindAttribute(%p, %p, 0x%x, %S, %lu, %p, %p)\n", Vcb, MftRecord, Type, Name, NameLength, AttrCtx, Offset);
- if (AttrRecord->Type == Type)
+ Found = FALSE;
+ Status = FindFirstAttribute(&Context, Vcb, MftRecord, FALSE, &Attribute);
+ while (NT_SUCCESS(Status))
+ {
+ if (Attribute->Type == Type && Attribute->NameLength == NameLength)
{
- if (AttrRecord->NameLength == NameLength)
+ if (NameLength != 0)
{
PWCHAR AttrName;
- AttrName = (PWCHAR)((PCHAR)AttrRecord + AttrRecord->NameOffset);
- DPRINT("%s, %s\n", AttrName, Name);
- if (RtlCompareMemory(AttrName, Name, NameLength << 1) == (NameLength << 1))
+ AttrName = (PWCHAR)((PCHAR)Attribute + Attribute->NameOffset);
+ DPRINT("%.*S, %.*S\n", Attribute->NameLength, AttrName, NameLength, Name);
+ if (RtlCompareMemory(AttrName, Name, NameLength * sizeof(WCHAR)) == (NameLength * sizeof(WCHAR)))
{
- /* Found it, fill up the context and return. */
- DPRINT("Found context\n");
- return PrepareAttributeContext(AttrRecord);
+ Found = TRUE;
}
}
- }
-
- if (AttrRecord->Length == 0)
- {
- DPRINT("Null length attribute record\n");
- return NULL;
- }
- AttrRecord = (PNTFS_ATTR_RECORD)((PCHAR)AttrRecord + AttrRecord->Length);
- }
-
- DPRINT("Ended\n");
- return NULL;
-}
+ else
+ {
+ Found = TRUE;
+ }
+ if (Found)
+ {
+ /* Found it, fill up the context and return. */
+ DPRINT("Found context\n");
+ *AttrCtx = PrepareAttributeContext(Attribute);
-NTSTATUS
-FindAttribute(PDEVICE_EXTENSION Vcb,
- PFILE_RECORD_HEADER MftRecord,
- ULONG Type,
- PCWSTR Name,
- ULONG NameLength,
- PNTFS_ATTR_CONTEXT * AttrCtx)
-{
- PNTFS_ATTR_RECORD AttrRecord;
- PNTFS_ATTR_RECORD AttrRecordEnd;
+ (*AttrCtx)->FileMFTIndex = MftRecord->MFTRecordNumber;
- DPRINT1("FindAttribute(%p, %p, %u, %S, %u, %p)\n", Vcb, MftRecord, Type, Name, NameLength, AttrCtx);
+ if (Offset != NULL)
+ *Offset = Context.Offset;
- AttrRecord = (PNTFS_ATTR_RECORD)((PCHAR)MftRecord + MftRecord->AttributeOffset);
- AttrRecordEnd = (PNTFS_ATTR_RECORD)((PCHAR)MftRecord + Vcb->NtfsInfo.BytesPerFileRecord);
+ FindCloseAttribute(&Context);
+ return STATUS_SUCCESS;
+ }
+ }
- *AttrCtx = FindAttributeHelper(Vcb, AttrRecord, AttrRecordEnd, Type, Name, NameLength);
- if (*AttrCtx == NULL)
- {
- return STATUS_OBJECT_NAME_NOT_FOUND;
+ Status = FindNextAttribute(&Context, &Attribute);
}
- return STATUS_SUCCESS;
+ FindCloseAttribute(&Context);
+ return STATUS_OBJECT_NAME_NOT_FOUND;
}
-ULONG
+ULONGLONG
AttributeAllocatedLength(PNTFS_ATTR_RECORD AttrRecord)
{
if (AttrRecord->IsNonResident)
return AttrRecord->NonResident.AllocatedSize;
else
- return AttrRecord->Resident.ValueLength;
+ return ALIGN_UP_BY(AttrRecord->Resident.ValueLength, ATTR_RECORD_ALIGNMENT);
}
return AttrRecord->Resident.ValueLength;
}
-
-ULONG
-ReadAttribute(PDEVICE_EXTENSION Vcb,
- PNTFS_ATTR_CONTEXT Context,
- ULONGLONG Offset,
- PCHAR Buffer,
- ULONG Length)
+/**
+* @name IncreaseMftSize
+* @implemented
+*
+* Increases the size of the master file table on a volume, increasing the space available for file records.
+*
+* @param Vcb
+* Pointer to the VCB (DEVICE_EXTENSION) of the target volume.
+*
+*
+* @param CanWait
+* Boolean indicating if the function is allowed to wait for exclusive access to the master file table.
+* This will only be relevant if the MFT doesn't have any free file records and needs to be enlarged.
+*
+* @return
+* STATUS_SUCCESS on success.
+* STATUS_INSUFFICIENT_RESOURCES if an allocation fails.
+* STATUS_INVALID_PARAMETER if there was an error reading the Mft's bitmap.
+* STATUS_CANT_WAIT if CanWait was FALSE and the function could not get immediate, exclusive access to the MFT.
+*
+* @remarks
+* Increases the size of the Master File Table by 64 records. Bitmap entries for the new records are cleared,
+* and the bitmap is also enlarged if needed. Mimicking Windows' behavior when enlarging the mft is still TODO.
+* This function will wait for exlusive access to the volume fcb.
+*/
+NTSTATUS
+IncreaseMftSize(PDEVICE_EXTENSION Vcb, BOOLEAN CanWait)
{
- ULONGLONG LastLCN;
- PUCHAR DataRun;
- LONGLONG DataRunOffset;
- ULONGLONG DataRunLength;
- LONGLONG DataRunStartLCN;
- ULONGLONG CurrentOffset;
- ULONG ReadLength;
- ULONG AlreadyRead;
+ PNTFS_ATTR_CONTEXT BitmapContext;
+ LARGE_INTEGER BitmapSize;
+ LARGE_INTEGER DataSize;
+ LONGLONG BitmapSizeDifference;
+ ULONG NewRecords = ATTR_RECORD_ALIGNMENT * 8; // Allocate one new record for every bit of every byte we'll be adding to the bitmap
+ ULONG DataSizeDifference = Vcb->NtfsInfo.BytesPerFileRecord * NewRecords;
+ ULONG BitmapOffset;
+ PUCHAR BitmapBuffer;
+ ULONGLONG BitmapBytes;
+ ULONGLONG NewBitmapSize;
+ ULONGLONG FirstNewMftIndex;
+ ULONG BytesRead;
+ ULONG LengthWritten;
+ PFILE_RECORD_HEADER BlankFileRecord;
+ ULONG i;
NTSTATUS Status;
- if (!Context->Record.IsNonResident)
+ DPRINT1("IncreaseMftSize(%p, %s)\n", Vcb, CanWait ? "TRUE" : "FALSE");
+
+ // We need exclusive access to the mft while we change its size
+ if (!ExAcquireResourceExclusiveLite(&(Vcb->DirResource), CanWait))
{
- if (Offset > Context->Record.Resident.ValueLength)
- return 0;
- if (Offset + Length > Context->Record.Resident.ValueLength)
- Length = (ULONG)(Context->Record.Resident.ValueLength - Offset);
- RtlCopyMemory(Buffer, (PCHAR)&Context->Record + Context->Record.Resident.ValueOffset + Offset, Length);
- return Length;
+ return STATUS_CANT_WAIT;
}
- /*
- * Non-resident attribute
- */
-
- /*
- * I. Find the corresponding start data run.
- */
+ // Create a blank file record that will be used later
+ BlankFileRecord = NtfsCreateEmptyFileRecord(Vcb);
+ if (!BlankFileRecord)
+ {
+ DPRINT1("Error: Unable to create empty file record!\n");
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
- AlreadyRead = 0;
+ // Clear the flags (file record is not in use)
+ BlankFileRecord->Flags = 0;
- // FIXME: Cache seems to be non-working. Disable it for now
- //if(Context->CacheRunOffset <= Offset && Offset < Context->CacheRunOffset + Context->CacheRunLength * Volume->ClusterSize)
- if (0)
+ // Find the bitmap attribute of master file table
+ Status = FindAttribute(Vcb, Vcb->MasterFileTable, AttributeBitmap, L"", 0, &BitmapContext, NULL);
+ if (!NT_SUCCESS(Status))
{
- DataRun = Context->CacheRun;
- LastLCN = Context->CacheRunLastLCN;
- DataRunStartLCN = Context->CacheRunStartLCN;
- DataRunLength = Context->CacheRunLength;
- CurrentOffset = Context->CacheRunCurrentOffset;
+ DPRINT1("ERROR: Couldn't find $BITMAP attribute of Mft!\n");
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, BlankFileRecord);
+ ExReleaseResourceLite(&(Vcb->DirResource));
+ return Status;
}
- else
+
+ // Get size of Bitmap Attribute
+ BitmapSize.QuadPart = AttributeDataLength(BitmapContext->pRecord);
+
+ // Calculate the new mft size
+ DataSize.QuadPart = AttributeDataLength(Vcb->MFTContext->pRecord) + DataSizeDifference;
+
+ // Find the index of the first Mft entry that will be created
+ FirstNewMftIndex = AttributeDataLength(Vcb->MFTContext->pRecord) / Vcb->NtfsInfo.BytesPerFileRecord;
+
+ // Determine how many bytes will make up the bitmap
+ BitmapBytes = DataSize.QuadPart / Vcb->NtfsInfo.BytesPerFileRecord / 8;
+ if ((DataSize.QuadPart / Vcb->NtfsInfo.BytesPerFileRecord) % 8 != 0)
+ BitmapBytes++;
+
+ // Windows will always keep the number of bytes in a bitmap as a multiple of 8, so no bytes are wasted on slack
+ BitmapBytes = ALIGN_UP_BY(BitmapBytes, ATTR_RECORD_ALIGNMENT);
+
+ // Determine how much we need to adjust the bitmap size (it's possible we don't)
+ BitmapSizeDifference = BitmapBytes - BitmapSize.QuadPart;
+ NewBitmapSize = max(BitmapSize.QuadPart + BitmapSizeDifference, BitmapSize.QuadPart);
+
+ // Allocate memory for the bitmap
+ BitmapBuffer = ExAllocatePoolWithTag(NonPagedPool, NewBitmapSize, TAG_NTFS);
+ if (!BitmapBuffer)
{
- LastLCN = 0;
- DataRun = (PUCHAR)&Context->Record + Context->Record.NonResident.MappingPairsOffset;
- CurrentOffset = 0;
+ DPRINT1("ERROR: Unable to allocate memory for bitmap attribute!\n");
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, BlankFileRecord);
+ ExReleaseResourceLite(&(Vcb->DirResource));
+ ReleaseAttributeContext(BitmapContext);
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
- while (1)
- {
- DataRun = DecodeRun(DataRun, &DataRunOffset, &DataRunLength);
- if (DataRunOffset != -1)
- {
- /* Normal data run. */
- DataRunStartLCN = LastLCN + DataRunOffset;
- LastLCN = DataRunStartLCN;
- }
- else
- {
- /* Sparse data run. */
- DataRunStartLCN = -1;
- }
+ // Zero the bytes we'll be adding
+ RtlZeroMemory(BitmapBuffer, NewBitmapSize);
- if (Offset >= CurrentOffset &&
- Offset < CurrentOffset + (DataRunLength * Vcb->NtfsInfo.BytesPerCluster))
- {
- break;
- }
+ // Read the bitmap attribute
+ BytesRead = ReadAttribute(Vcb,
+ BitmapContext,
+ 0,
+ (PCHAR)BitmapBuffer,
+ BitmapSize.LowPart);
+ if (BytesRead != BitmapSize.LowPart)
+ {
+ DPRINT1("ERROR: Bytes read != Bitmap size!\n");
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, BlankFileRecord);
+ ExReleaseResourceLite(&(Vcb->DirResource));
+ ExFreePoolWithTag(BitmapBuffer, TAG_NTFS);
+ ReleaseAttributeContext(BitmapContext);
+ return STATUS_INVALID_PARAMETER;
+ }
- if (*DataRun == 0)
- {
- return AlreadyRead;
- }
+ // Increase the mft size
+ Status = SetNonResidentAttributeDataLength(Vcb, Vcb->MFTContext, Vcb->MftDataOffset, Vcb->MasterFileTable, &DataSize);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Failed to set size of $MFT data attribute!\n");
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, BlankFileRecord);
+ ExReleaseResourceLite(&(Vcb->DirResource));
+ ExFreePoolWithTag(BitmapBuffer, TAG_NTFS);
+ ReleaseAttributeContext(BitmapContext);
+ return Status;
+ }
+
+ // We'll need to find the bitmap again, because its offset will have changed after resizing the data attribute
+ ReleaseAttributeContext(BitmapContext);
+ Status = FindAttribute(Vcb, Vcb->MasterFileTable, AttributeBitmap, L"", 0, &BitmapContext, &BitmapOffset);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Couldn't find $BITMAP attribute of Mft!\n");
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, BlankFileRecord);
+ ExReleaseResourceLite(&(Vcb->DirResource));
+ return Status;
+ }
- CurrentOffset += DataRunLength * Vcb->NtfsInfo.BytesPerCluster;
+ // If the bitmap grew
+ if (BitmapSizeDifference > 0)
+ {
+ // Set the new bitmap size
+ BitmapSize.QuadPart = NewBitmapSize;
+ if (BitmapContext->pRecord->IsNonResident)
+ Status = SetNonResidentAttributeDataLength(Vcb, BitmapContext, BitmapOffset, Vcb->MasterFileTable, &BitmapSize);
+ else
+ Status = SetResidentAttributeDataLength(Vcb, BitmapContext, BitmapOffset, Vcb->MasterFileTable, &BitmapSize);
+
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Failed to set size of bitmap attribute!\n");
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, BlankFileRecord);
+ ExReleaseResourceLite(&(Vcb->DirResource));
+ ExFreePoolWithTag(BitmapBuffer, TAG_NTFS);
+ ReleaseAttributeContext(BitmapContext);
+ return Status;
}
}
- /*
- * II. Go through the run list and read the data
- */
+ NtfsDumpFileAttributes(Vcb, Vcb->MasterFileTable);
- ReadLength = (ULONG)min(DataRunLength * Vcb->NtfsInfo.BytesPerCluster - (Offset - CurrentOffset), Length);
- if (DataRunStartLCN == -1)
- RtlZeroMemory(Buffer, ReadLength);
- Status = NtfsReadDisk(Vcb->StorageDevice,
- DataRunStartLCN * Vcb->NtfsInfo.BytesPerCluster + Offset - CurrentOffset,
- ReadLength,
- (PVOID)Buffer,
- FALSE);
- if (NT_SUCCESS(Status))
+ // Update the file record with the new attribute sizes
+ Status = UpdateFileRecord(Vcb, Vcb->VolumeFcb->MFTIndex, Vcb->MasterFileTable);
+ if (!NT_SUCCESS(Status))
{
- Length -= ReadLength;
- Buffer += ReadLength;
- AlreadyRead += ReadLength;
+ DPRINT1("ERROR: Failed to update $MFT file record!\n");
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, BlankFileRecord);
+ ExReleaseResourceLite(&(Vcb->DirResource));
+ ExFreePoolWithTag(BitmapBuffer, TAG_NTFS);
+ ReleaseAttributeContext(BitmapContext);
+ return Status;
+ }
- if (ReadLength == DataRunLength * Vcb->NtfsInfo.BytesPerCluster - (Offset - CurrentOffset))
- {
- CurrentOffset += DataRunLength * Vcb->NtfsInfo.BytesPerCluster;
- DataRun = DecodeRun(DataRun, &DataRunOffset, &DataRunLength);
- if (DataRunLength != (ULONGLONG)-1)
- {
- DataRunStartLCN = LastLCN + DataRunOffset;
- LastLCN = DataRunStartLCN;
- }
- else
- DataRunStartLCN = -1;
+ // Write out the new bitmap
+ Status = WriteAttribute(Vcb, BitmapContext, 0, BitmapBuffer, NewBitmapSize, &LengthWritten, Vcb->MasterFileTable);
+ if (!NT_SUCCESS(Status))
+ {
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, BlankFileRecord);
+ ExReleaseResourceLite(&(Vcb->DirResource));
+ ExFreePoolWithTag(BitmapBuffer, TAG_NTFS);
+ ReleaseAttributeContext(BitmapContext);
+ DPRINT1("ERROR: Couldn't write to bitmap attribute of $MFT!\n");
+ return Status;
+ }
- if (*DataRun == 0)
- return AlreadyRead;
+ // Create blank records for the new file record entries.
+ for (i = 0; i < NewRecords; i++)
+ {
+ Status = UpdateFileRecord(Vcb, FirstNewMftIndex + i, BlankFileRecord);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Failed to write blank file record!\n");
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, BlankFileRecord);
+ ExReleaseResourceLite(&(Vcb->DirResource));
+ ExFreePoolWithTag(BitmapBuffer, TAG_NTFS);
+ ReleaseAttributeContext(BitmapContext);
+ return Status;
}
+ }
- while (Length > 0)
- {
- ReadLength = (ULONG)min(DataRunLength * Vcb->NtfsInfo.BytesPerCluster, Length);
- if (DataRunStartLCN == -1)
- RtlZeroMemory(Buffer, ReadLength);
- else
- {
- Status = NtfsReadDisk(Vcb->StorageDevice,
- DataRunStartLCN * Vcb->NtfsInfo.BytesPerCluster,
- ReadLength,
- (PVOID)Buffer,
- FALSE);
- if (!NT_SUCCESS(Status))
- break;
- }
+ // Update the mft mirror
+ Status = UpdateMftMirror(Vcb);
- Length -= ReadLength;
- Buffer += ReadLength;
- AlreadyRead += ReadLength;
+ // Cleanup
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, BlankFileRecord);
+ ExReleaseResourceLite(&(Vcb->DirResource));
+ ExFreePoolWithTag(BitmapBuffer, TAG_NTFS);
+ ReleaseAttributeContext(BitmapContext);
- /* We finished this request, but there still data in this data run. */
- if (Length == 0 && ReadLength != DataRunLength * Vcb->NtfsInfo.BytesPerCluster)
- break;
+ return Status;
+}
- /*
- * Go to next run in the list.
- */
+/**
+* @name MoveAttributes
+* @implemented
+*
+* Moves a block of attributes to a new location in the file Record. The attribute at FirstAttributeToMove
+* and every attribute after that will be moved to MoveTo.
+*
+* @param DeviceExt
+* Pointer to the DEVICE_EXTENSION (VCB) of the target volume.
+*
+* @param FirstAttributeToMove
+* Pointer to the first NTFS_ATTR_RECORD that needs to be moved. This pointer must reside within a file record.
+*
+* @param FirstAttributeOffset
+* Offset of FirstAttributeToMove relative to the beginning of the file record.
+*
+* @param MoveTo
+* ULONG_PTR with the memory location that will be the new location of the first attribute being moved.
+*
+* @return
+* The new location of the final attribute (i.e. AttributeEnd marker).
+*/
+PNTFS_ATTR_RECORD
+MoveAttributes(PDEVICE_EXTENSION DeviceExt,
+ PNTFS_ATTR_RECORD FirstAttributeToMove,
+ ULONG FirstAttributeOffset,
+ ULONG_PTR MoveTo)
+{
+ // Get the size of all attributes after this one
+ ULONG MemBlockSize = 0;
+ PNTFS_ATTR_RECORD CurrentAttribute = FirstAttributeToMove;
+ ULONG CurrentOffset = FirstAttributeOffset;
+ PNTFS_ATTR_RECORD FinalAttribute;
- if (*DataRun == 0)
- break;
- CurrentOffset += DataRunLength * Vcb->NtfsInfo.BytesPerCluster;
- DataRun = DecodeRun(DataRun, &DataRunOffset, &DataRunLength);
- if (DataRunOffset != -1)
- {
- /* Normal data run. */
- DataRunStartLCN = LastLCN + DataRunOffset;
- LastLCN = DataRunStartLCN;
- }
- else
- {
- /* Sparse data run. */
- DataRunStartLCN = -1;
- }
- } /* while */
+ while (CurrentAttribute->Type != AttributeEnd && CurrentOffset < DeviceExt->NtfsInfo.BytesPerFileRecord)
+ {
+ CurrentOffset += CurrentAttribute->Length;
+ MemBlockSize += CurrentAttribute->Length;
+ CurrentAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)CurrentAttribute + CurrentAttribute->Length);
+ }
- } /* if Disk */
+ FinalAttribute = (PNTFS_ATTR_RECORD)(MoveTo + MemBlockSize);
+ MemBlockSize += sizeof(ULONG) * 2; // Add the AttributeEnd and file record end
- Context->CacheRun = DataRun;
- Context->CacheRunOffset = Offset + AlreadyRead;
- Context->CacheRunStartLCN = DataRunStartLCN;
- Context->CacheRunLength = DataRunLength;
- Context->CacheRunLastLCN = LastLCN;
- Context->CacheRunCurrentOffset = CurrentOffset;
+ ASSERT(MemBlockSize % ATTR_RECORD_ALIGNMENT == 0);
- return AlreadyRead;
-}
+ // Move the attributes after this one
+ RtlMoveMemory((PCHAR)MoveTo, FirstAttributeToMove, MemBlockSize);
+ return FinalAttribute;
+}
NTSTATUS
-ReadFileRecord(PDEVICE_EXTENSION Vcb,
- ULONGLONG index,
- PFILE_RECORD_HEADER file)
+InternalSetResidentAttributeLength(PDEVICE_EXTENSION DeviceExt,
+ PNTFS_ATTR_CONTEXT AttrContext,
+ PFILE_RECORD_HEADER FileRecord,
+ ULONG AttrOffset,
+ ULONG DataSize)
{
- ULONGLONG BytesRead;
+ PNTFS_ATTR_RECORD Destination = (PNTFS_ATTR_RECORD)((ULONG_PTR)FileRecord + AttrOffset);
+ PNTFS_ATTR_RECORD NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)Destination + Destination->Length);
+ PNTFS_ATTR_RECORD FinalAttribute;
+ ULONG OldAttributeLength = Destination->Length;
+ ULONG NextAttributeOffset;
- DPRINT1("ReadFileRecord(%p, %I64x, %p)\n", Vcb, index, file);
+ DPRINT1("InternalSetResidentAttributeLength( %p, %p, %p, %lu, %lu )\n", DeviceExt, AttrContext, FileRecord, AttrOffset, DataSize);
- BytesRead = ReadAttribute(Vcb, Vcb->MFTContext, index * Vcb->NtfsInfo.BytesPerFileRecord, (PCHAR)file, Vcb->NtfsInfo.BytesPerFileRecord);
- if (BytesRead != Vcb->NtfsInfo.BytesPerFileRecord)
+ ASSERT(!AttrContext->pRecord->IsNonResident);
+
+ // Update ValueLength Field
+ Destination->Resident.ValueLength = DataSize;
+
+ // Calculate the record length and end marker offset
+ Destination->Length = ALIGN_UP_BY(DataSize + AttrContext->pRecord->Resident.ValueOffset, ATTR_RECORD_ALIGNMENT);
+ NextAttributeOffset = AttrOffset + Destination->Length;
+
+ // Ensure NextAttributeOffset is aligned to an 8-byte boundary
+ ASSERT(NextAttributeOffset % ATTR_RECORD_ALIGNMENT == 0);
+
+ // Will the new attribute be larger than the old one?
+ if (Destination->Length > OldAttributeLength)
+ {
+ // Free the old copy of the attribute in the context, as it will be the wrong length
+ ExFreePoolWithTag(AttrContext->pRecord, TAG_NTFS);
+
+ // Create a new copy of the attribute record for the context
+ AttrContext->pRecord = ExAllocatePoolWithTag(NonPagedPool, Destination->Length, TAG_NTFS);
+ if (!AttrContext->pRecord)
+ {
+ DPRINT1("Unable to allocate memory for attribute!\n");
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
+ RtlZeroMemory((PVOID)((ULONG_PTR)AttrContext->pRecord + OldAttributeLength), Destination->Length - OldAttributeLength);
+ RtlCopyMemory(AttrContext->pRecord, Destination, OldAttributeLength);
+ }
+
+ // Are there attributes after this one that need to be moved?
+ if (NextAttribute->Type != AttributeEnd)
+ {
+ // Move the attributes after this one
+ FinalAttribute = MoveAttributes(DeviceExt, NextAttribute, NextAttributeOffset, (ULONG_PTR)Destination + Destination->Length);
+ }
+ else
+ {
+ // advance to the final "attribute," adjust for the changed length of the attribute we're resizing
+ FinalAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)NextAttribute - OldAttributeLength + Destination->Length);
+ }
+
+ // Update pRecord's length
+ AttrContext->pRecord->Length = Destination->Length;
+ AttrContext->pRecord->Resident.ValueLength = DataSize;
+
+ // set the file record end
+ SetFileRecordEnd(FileRecord, FinalAttribute, FILE_RECORD_END);
+
+ //NtfsDumpFileRecord(DeviceExt, FileRecord);
+
+ return STATUS_SUCCESS;
+}
+
+/**
+* @parameter FileRecord
+* Pointer to a file record. Must be a full record at least
+* Fcb->Vcb->NtfsInfo.BytesPerFileRecord bytes large, not just the header.
+*/
+NTSTATUS
+SetAttributeDataLength(PFILE_OBJECT FileObject,
+ PNTFS_FCB Fcb,
+ PNTFS_ATTR_CONTEXT AttrContext,
+ ULONG AttrOffset,
+ PFILE_RECORD_HEADER FileRecord,
+ PLARGE_INTEGER DataSize)
+{
+ NTSTATUS Status = STATUS_SUCCESS;
+
+ DPRINT1("SetAttributeDataLength(%p, %p, %p, %lu, %p, %I64u)\n",
+ FileObject,
+ Fcb,
+ AttrContext,
+ AttrOffset,
+ FileRecord,
+ DataSize->QuadPart);
+
+ // are we truncating the file?
+ if (DataSize->QuadPart < AttributeDataLength(AttrContext->pRecord))
+ {
+ if (!MmCanFileBeTruncated(FileObject->SectionObjectPointer, DataSize))
+ {
+ DPRINT1("Can't truncate a memory-mapped file!\n");
+ return STATUS_USER_MAPPED_FILE;
+ }
+ }
+
+ if (AttrContext->pRecord->IsNonResident)
+ {
+ Status = SetNonResidentAttributeDataLength(Fcb->Vcb,
+ AttrContext,
+ AttrOffset,
+ FileRecord,
+ DataSize);
+ }
+ else
+ {
+ // resident attribute
+ Status = SetResidentAttributeDataLength(Fcb->Vcb,
+ AttrContext,
+ AttrOffset,
+ FileRecord,
+ DataSize);
+ }
+
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Failed to set size of attribute!\n");
+ return Status;
+ }
+
+ //NtfsDumpFileAttributes(Fcb->Vcb, FileRecord);
+
+ // write the updated file record back to disk
+ Status = UpdateFileRecord(Fcb->Vcb, Fcb->MFTIndex, FileRecord);
+
+ if (NT_SUCCESS(Status))
+ {
+ if (AttrContext->pRecord->IsNonResident)
+ Fcb->RFCB.AllocationSize.QuadPart = AttrContext->pRecord->NonResident.AllocatedSize;
+ else
+ Fcb->RFCB.AllocationSize = *DataSize;
+ Fcb->RFCB.FileSize = *DataSize;
+ Fcb->RFCB.ValidDataLength = *DataSize;
+ CcSetFileSizes(FileObject, (PCC_FILE_SIZES)&Fcb->RFCB.AllocationSize);
+ }
+
+ return STATUS_SUCCESS;
+}
+
+/**
+* @name SetFileRecordEnd
+* @implemented
+*
+* This small function sets a new endpoint for the file record. It set's the final
+* AttrEnd->Type to AttributeEnd and recalculates the bytes used by the file record.
+*
+* @param FileRecord
+* Pointer to the file record whose endpoint (length) will be set.
+*
+* @param AttrEnd
+* Pointer to section of memory that will receive the AttributeEnd marker. This must point
+* to memory allocated for the FileRecord. Must be aligned to an 8-byte boundary (relative to FileRecord).
+*
+* @param EndMarker
+* This value will be written after AttributeEnd but isn't critical at all. When Windows resizes
+* a file record, it preserves the final ULONG that previously ended the record, even though this
+* value is (to my knowledge) never used. We emulate this behavior.
+*
+*/
+VOID
+SetFileRecordEnd(PFILE_RECORD_HEADER FileRecord,
+ PNTFS_ATTR_RECORD AttrEnd,
+ ULONG EndMarker)
+{
+ // Ensure AttrEnd is aligned on an 8-byte boundary, relative to FileRecord
+ ASSERT(((ULONG_PTR)AttrEnd - (ULONG_PTR)FileRecord) % ATTR_RECORD_ALIGNMENT == 0);
+
+ // mark the end of attributes
+ AttrEnd->Type = AttributeEnd;
+
+ // Restore the "file-record-end marker." The value is never checked but this behavior is consistent with Win2k3.
+ AttrEnd->Length = EndMarker;
+
+ // recalculate bytes in use
+ FileRecord->BytesInUse = (ULONG_PTR)AttrEnd - (ULONG_PTR)FileRecord + sizeof(ULONG) * 2;
+}
+
+/**
+* @name SetNonResidentAttributeDataLength
+* @implemented
+*
+* Called by SetAttributeDataLength() to set the size of a non-resident attribute. Doesn't update the file record.
+*
+* @param Vcb
+* Pointer to a DEVICE_EXTENSION describing the target disk.
+*
+* @param AttrContext
+* PNTFS_ATTR_CONTEXT describing the location of the attribute whose size is being set.
+*
+* @param AttrOffset
+* Offset, from the beginning of the record, of the attribute being sized.
+*
+* @param FileRecord
+* Pointer to a file record containing the attribute to be resized. Must be a complete file record,
+* not just the header.
+*
+* @param DataSize
+* Pointer to a LARGE_INTEGER describing the new size of the attribute's data.
+*
+* @return
+* STATUS_SUCCESS on success;
+* STATUS_INSUFFICIENT_RESOURCES if an allocation fails.
+* STATUS_INVALID_PARAMETER if we can't find the last cluster in the data run.
+*
+* @remarks
+* Called by SetAttributeDataLength() and IncreaseMftSize(). Use SetAttributeDataLength() unless you have a good
+* reason to use this. Doesn't update the file record on disk. Doesn't inform the cache controller of changes with
+* any associated files. Synchronization is the callers responsibility.
+*/
+NTSTATUS
+SetNonResidentAttributeDataLength(PDEVICE_EXTENSION Vcb,
+ PNTFS_ATTR_CONTEXT AttrContext,
+ ULONG AttrOffset,
+ PFILE_RECORD_HEADER FileRecord,
+ PLARGE_INTEGER DataSize)
+{
+ NTSTATUS Status = STATUS_SUCCESS;
+ ULONG BytesPerCluster = Vcb->NtfsInfo.BytesPerCluster;
+ ULONGLONG AllocationSize = ROUND_UP(DataSize->QuadPart, BytesPerCluster);
+ PNTFS_ATTR_RECORD DestinationAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)FileRecord + AttrOffset);
+ ULONG ExistingClusters = AttrContext->pRecord->NonResident.AllocatedSize / BytesPerCluster;
+
+ ASSERT(AttrContext->pRecord->IsNonResident);
+
+ // do we need to increase the allocation size?
+ if (AttrContext->pRecord->NonResident.AllocatedSize < AllocationSize)
+ {
+ ULONG ClustersNeeded = (AllocationSize / BytesPerCluster) - ExistingClusters;
+ LARGE_INTEGER LastClusterInDataRun;
+ ULONG NextAssignedCluster;
+ ULONG AssignedClusters;
+
+ if (ExistingClusters == 0)
+ {
+ LastClusterInDataRun.QuadPart = 0;
+ }
+ else
+ {
+ if (!FsRtlLookupLargeMcbEntry(&AttrContext->DataRunsMCB,
+ (LONGLONG)AttrContext->pRecord->NonResident.HighestVCN,
+ (PLONGLONG)&LastClusterInDataRun.QuadPart,
+ NULL,
+ NULL,
+ NULL,
+ NULL))
+ {
+ DPRINT1("Error looking up final large MCB entry!\n");
+
+ // Most likely, HighestVCN went above the largest mapping
+ DPRINT1("Highest VCN of record: %I64u\n", AttrContext->pRecord->NonResident.HighestVCN);
+ return STATUS_INVALID_PARAMETER;
+ }
+ }
+
+ DPRINT("LastClusterInDataRun: %I64u\n", LastClusterInDataRun.QuadPart);
+ DPRINT("Highest VCN of record: %I64u\n", AttrContext->pRecord->NonResident.HighestVCN);
+
+ while (ClustersNeeded > 0)
+ {
+ Status = NtfsAllocateClusters(Vcb,
+ LastClusterInDataRun.LowPart + 1,
+ ClustersNeeded,
+ &NextAssignedCluster,
+ &AssignedClusters);
+
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("Error: Unable to allocate requested clusters!\n");
+ return Status;
+ }
+
+ // now we need to add the clusters we allocated to the data run
+ Status = AddRun(Vcb, AttrContext, AttrOffset, FileRecord, NextAssignedCluster, AssignedClusters);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("Error: Unable to add data run!\n");
+ return Status;
+ }
+
+ ClustersNeeded -= AssignedClusters;
+ LastClusterInDataRun.LowPart = NextAssignedCluster + AssignedClusters - 1;
+ }
+ }
+ else if (AttrContext->pRecord->NonResident.AllocatedSize > AllocationSize)
+ {
+ // shrink allocation size
+ ULONG ClustersToFree = ExistingClusters - (AllocationSize / BytesPerCluster);
+ Status = FreeClusters(Vcb, AttrContext, AttrOffset, FileRecord, ClustersToFree);
+ }
+
+ // TODO: is the file compressed, encrypted, or sparse?
+
+ AttrContext->pRecord->NonResident.AllocatedSize = AllocationSize;
+ AttrContext->pRecord->NonResident.DataSize = DataSize->QuadPart;
+ AttrContext->pRecord->NonResident.InitializedSize = DataSize->QuadPart;
+
+ DestinationAttribute->NonResident.AllocatedSize = AllocationSize;
+ DestinationAttribute->NonResident.DataSize = DataSize->QuadPart;
+ DestinationAttribute->NonResident.InitializedSize = DataSize->QuadPart;
+
+ // HighestVCN seems to be set incorrectly somewhere. Apply a hack-fix to reset it.
+ // HACKHACK FIXME: Fix for sparse files; this math won't work in that case.
+ AttrContext->pRecord->NonResident.HighestVCN = ((ULONGLONG)AllocationSize / Vcb->NtfsInfo.BytesPerCluster) - 1;
+ DestinationAttribute->NonResident.HighestVCN = AttrContext->pRecord->NonResident.HighestVCN;
+
+ DPRINT("Allocated Size: %I64u\n", DestinationAttribute->NonResident.AllocatedSize);
+
+ return Status;
+}
+
+/**
+* @name SetResidentAttributeDataLength
+* @implemented
+*
+* Called by SetAttributeDataLength() to set the size of a non-resident attribute. Doesn't update the file record.
+*
+* @param Vcb
+* Pointer to a DEVICE_EXTENSION describing the target disk.
+*
+* @param AttrContext
+* PNTFS_ATTR_CONTEXT describing the location of the attribute whose size is being set.
+*
+* @param AttrOffset
+* Offset, from the beginning of the record, of the attribute being sized.
+*
+* @param FileRecord
+* Pointer to a file record containing the attribute to be resized. Must be a complete file record,
+* not just the header.
+*
+* @param DataSize
+* Pointer to a LARGE_INTEGER describing the new size of the attribute's data.
+*
+* @return
+* STATUS_SUCCESS on success;
+* STATUS_INSUFFICIENT_RESOURCES if an allocation fails.
+* STATUS_INVALID_PARAMETER if AttrContext describes a non-resident attribute.
+* STATUS_NOT_IMPLEMENTED if requested to decrease the size of an attribute that isn't the
+* last attribute listed in the file record.
+*
+* @remarks
+* Called by SetAttributeDataLength() and IncreaseMftSize(). Use SetAttributeDataLength() unless you have a good
+* reason to use this. Doesn't update the file record on disk. Doesn't inform the cache controller of changes with
+* any associated files. Synchronization is the callers responsibility.
+*/
+NTSTATUS
+SetResidentAttributeDataLength(PDEVICE_EXTENSION Vcb,
+ PNTFS_ATTR_CONTEXT AttrContext,
+ ULONG AttrOffset,
+ PFILE_RECORD_HEADER FileRecord,
+ PLARGE_INTEGER DataSize)
+{
+ NTSTATUS Status;
+
+ // find the next attribute
+ ULONG NextAttributeOffset = AttrOffset + AttrContext->pRecord->Length;
+ PNTFS_ATTR_RECORD NextAttribute = (PNTFS_ATTR_RECORD)((PCHAR)FileRecord + NextAttributeOffset);
+
+ ASSERT(!AttrContext->pRecord->IsNonResident);
+
+ //NtfsDumpFileAttributes(Vcb, FileRecord);
+
+ // Do we need to increase the data length?
+ if (DataSize->QuadPart > AttrContext->pRecord->Resident.ValueLength)
+ {
+ // There's usually padding at the end of a record. Do we need to extend past it?
+ ULONG MaxValueLength = AttrContext->pRecord->Length - AttrContext->pRecord->Resident.ValueOffset;
+ if (MaxValueLength < DataSize->LowPart)
+ {
+ // If this is the last attribute, we could move the end marker to the very end of the file record
+ MaxValueLength += Vcb->NtfsInfo.BytesPerFileRecord - NextAttributeOffset - (sizeof(ULONG) * 2);
+
+ if (MaxValueLength < DataSize->LowPart || NextAttribute->Type != AttributeEnd)
+ {
+ // convert attribute to non-resident
+ PNTFS_ATTR_RECORD Destination = (PNTFS_ATTR_RECORD)((ULONG_PTR)FileRecord + AttrOffset);
+ PNTFS_ATTR_RECORD NewRecord;
+ LARGE_INTEGER AttribDataSize;
+ PVOID AttribData;
+ ULONG NewRecordLength;
+ ULONG EndAttributeOffset;
+ ULONG LengthWritten;
+
+ DPRINT1("Converting attribute to non-resident.\n");
+
+ AttribDataSize.QuadPart = AttrContext->pRecord->Resident.ValueLength;
+
+ // Is there existing data we need to back-up?
+ if (AttribDataSize.QuadPart > 0)
+ {
+ AttribData = ExAllocatePoolWithTag(NonPagedPool, AttribDataSize.QuadPart, TAG_NTFS);
+ if (AttribData == NULL)
+ {
+ DPRINT1("ERROR: Couldn't allocate memory for attribute data. Can't migrate to non-resident!\n");
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
+
+ // read data to temp buffer
+ Status = ReadAttribute(Vcb, AttrContext, 0, AttribData, AttribDataSize.QuadPart);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Unable to read attribute before migrating!\n");
+ ExFreePoolWithTag(AttribData, TAG_NTFS);
+ return Status;
+ }
+ }
+
+ // Start by turning this attribute into a 0-length, non-resident attribute, then enlarge it.
+
+ // The size of a 0-length, non-resident attribute will be 0x41 + the size of the attribute name, aligned to an 8-byte boundary
+ NewRecordLength = ALIGN_UP_BY(0x41 + (AttrContext->pRecord->NameLength * sizeof(WCHAR)), ATTR_RECORD_ALIGNMENT);
+
+ // Create a new attribute record that will store the 0-length, non-resident attribute
+ NewRecord = ExAllocatePoolWithTag(NonPagedPool, NewRecordLength, TAG_NTFS);
+
+ // Zero out the NonResident structure
+ RtlZeroMemory(NewRecord, NewRecordLength);
+
+ // Copy the data that's common to both non-resident and resident attributes
+ RtlCopyMemory(NewRecord, AttrContext->pRecord, FIELD_OFFSET(NTFS_ATTR_RECORD, Resident.ValueLength));
+
+ // if there's a name
+ if (AttrContext->pRecord->NameLength != 0)
+ {
+ // copy the name
+ // An attribute name will be located at offset 0x18 for a resident attribute, 0x40 for non-resident
+ RtlCopyMemory((PCHAR)((ULONG_PTR)NewRecord + 0x40),
+ (PCHAR)((ULONG_PTR)AttrContext->pRecord + 0x18),
+ AttrContext->pRecord->NameLength * sizeof(WCHAR));
+ }
+
+ // update the mapping pairs offset, which will be 0x40 (size of a non-resident header) + length in bytes of the name
+ NewRecord->NonResident.MappingPairsOffset = 0x40 + (AttrContext->pRecord->NameLength * sizeof(WCHAR));
+
+ // update the end of the file record
+ // calculate position of end markers (1 byte for empty data run)
+ EndAttributeOffset = AttrOffset + NewRecord->NonResident.MappingPairsOffset + 1;
+ EndAttributeOffset = ALIGN_UP_BY(EndAttributeOffset, ATTR_RECORD_ALIGNMENT);
+
+ // Update the length
+ NewRecord->Length = EndAttributeOffset - AttrOffset;
+
+ ASSERT(NewRecord->Length == NewRecordLength);
+
+ // Copy the new attribute record into the file record
+ RtlCopyMemory(Destination, NewRecord, NewRecord->Length);
+
+ // Update the file record end
+ SetFileRecordEnd(FileRecord,
+ (PNTFS_ATTR_RECORD)((ULONG_PTR)FileRecord + EndAttributeOffset),
+ FILE_RECORD_END);
+
+ // Initialize the MCB, potentially catch an exception
+ _SEH2_TRY
+ {
+ FsRtlInitializeLargeMcb(&AttrContext->DataRunsMCB, NonPagedPool);
+ }
+ _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+ {
+ DPRINT1("Unable to create LargeMcb!\n");
+ if (AttribDataSize.QuadPart > 0)
+ ExFreePoolWithTag(AttribData, TAG_NTFS);
+ ExFreePoolWithTag(NewRecord, TAG_NTFS);
+ _SEH2_YIELD(return _SEH2_GetExceptionCode());
+ } _SEH2_END;
+
+ // Mark the attribute as non-resident (we wait until after we know the LargeMcb was initialized)
+ NewRecord->IsNonResident = Destination->IsNonResident = 1;
+
+ // Update file record on disk
+ Status = UpdateFileRecord(Vcb, AttrContext->FileMFTIndex, FileRecord);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Couldn't update file record to continue migration!\n");
+ if (AttribDataSize.QuadPart > 0)
+ ExFreePoolWithTag(AttribData, TAG_NTFS);
+ ExFreePoolWithTag(NewRecord, TAG_NTFS);
+ return Status;
+ }
+
+ // Now we need to free the old copy of the attribute record in the context and replace it with the new one
+ ExFreePoolWithTag(AttrContext->pRecord, TAG_NTFS);
+ AttrContext->pRecord = NewRecord;
+
+ // Now we can treat the attribute as non-resident and enlarge it normally
+ Status = SetNonResidentAttributeDataLength(Vcb, AttrContext, AttrOffset, FileRecord, DataSize);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Unable to migrate resident attribute!\n");
+ if (AttribDataSize.QuadPart > 0)
+ ExFreePoolWithTag(AttribData, TAG_NTFS);
+ return Status;
+ }
+
+ // restore the back-up attribute, if we made one
+ if (AttribDataSize.QuadPart > 0)
+ {
+ Status = WriteAttribute(Vcb, AttrContext, 0, AttribData, AttribDataSize.QuadPart, &LengthWritten, FileRecord);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Unable to write attribute data to non-resident clusters during migration!\n");
+ // TODO: Reverse migration so no data is lost
+ ExFreePoolWithTag(AttribData, TAG_NTFS);
+ return Status;
+ }
+
+ ExFreePoolWithTag(AttribData, TAG_NTFS);
+ }
+ }
+ }
+ }
+
+ // set the new length of the resident attribute (if we didn't migrate it)
+ if (!AttrContext->pRecord->IsNonResident)
+ return InternalSetResidentAttributeLength(Vcb, AttrContext, FileRecord, AttrOffset, DataSize->LowPart);
+
+ return STATUS_SUCCESS;
+}
+
+ULONG
+ReadAttribute(PDEVICE_EXTENSION Vcb,
+ PNTFS_ATTR_CONTEXT Context,
+ ULONGLONG Offset,
+ PCHAR Buffer,
+ ULONG Length)
+{
+ ULONGLONG LastLCN;
+ PUCHAR DataRun;
+ LONGLONG DataRunOffset;
+ ULONGLONG DataRunLength;
+ LONGLONG DataRunStartLCN;
+ ULONGLONG CurrentOffset;
+ ULONG ReadLength;
+ ULONG AlreadyRead;
+ NTSTATUS Status;
+
+ //TEMPTEMP
+ PUCHAR TempBuffer;
+
+ if (!Context->pRecord->IsNonResident)
+ {
+ // We need to truncate Offset to a ULONG for pointer arithmetic
+ // The check below should ensure that Offset is well within the range of 32 bits
+ ULONG LittleOffset = (ULONG)Offset;
+
+ // Ensure that offset isn't beyond the end of the attribute
+ if (Offset > Context->pRecord->Resident.ValueLength)
+ return 0;
+ if (Offset + Length > Context->pRecord->Resident.ValueLength)
+ Length = (ULONG)(Context->pRecord->Resident.ValueLength - Offset);
+
+ RtlCopyMemory(Buffer, (PVOID)((ULONG_PTR)Context->pRecord + Context->pRecord->Resident.ValueOffset + LittleOffset), Length);
+ return Length;
+ }
+
+ /*
+ * Non-resident attribute
+ */
+
+ /*
+ * I. Find the corresponding start data run.
+ */
+
+ AlreadyRead = 0;
+
+ // FIXME: Cache seems to be non-working. Disable it for now
+ //if(Context->CacheRunOffset <= Offset && Offset < Context->CacheRunOffset + Context->CacheRunLength * Volume->ClusterSize)
+ if (0)
+ {
+ DataRun = Context->CacheRun;
+ LastLCN = Context->CacheRunLastLCN;
+ DataRunStartLCN = Context->CacheRunStartLCN;
+ DataRunLength = Context->CacheRunLength;
+ CurrentOffset = Context->CacheRunCurrentOffset;
+ }
+ else
+ {
+ //TEMPTEMP
+ ULONG UsedBufferSize;
+ TempBuffer = ExAllocatePoolWithTag(NonPagedPool, Vcb->NtfsInfo.BytesPerFileRecord, TAG_NTFS);
+ if (TempBuffer == NULL)
+ {
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
+
+ LastLCN = 0;
+ CurrentOffset = 0;
+
+ // This will be rewritten in the next iteration to just use the DataRuns MCB directly
+ ConvertLargeMCBToDataRuns(&Context->DataRunsMCB,
+ TempBuffer,
+ Vcb->NtfsInfo.BytesPerFileRecord,
+ &UsedBufferSize);
+
+ DataRun = TempBuffer;
+
+ while (1)
+ {
+ DataRun = DecodeRun(DataRun, &DataRunOffset, &DataRunLength);
+ if (DataRunOffset != -1)
+ {
+ /* Normal data run. */
+ DataRunStartLCN = LastLCN + DataRunOffset;
+ LastLCN = DataRunStartLCN;
+ }
+ else
+ {
+ /* Sparse data run. */
+ DataRunStartLCN = -1;
+ }
+
+ if (Offset >= CurrentOffset &&
+ Offset < CurrentOffset + (DataRunLength * Vcb->NtfsInfo.BytesPerCluster))
+ {
+ break;
+ }
+
+ if (*DataRun == 0)
+ {
+ ExFreePoolWithTag(TempBuffer, TAG_NTFS);
+ return AlreadyRead;
+ }
+
+ CurrentOffset += DataRunLength * Vcb->NtfsInfo.BytesPerCluster;
+ }
+ }
+
+ /*
+ * II. Go through the run list and read the data
+ */
+
+ ReadLength = (ULONG)min(DataRunLength * Vcb->NtfsInfo.BytesPerCluster - (Offset - CurrentOffset), Length);
+ if (DataRunStartLCN == -1)
+ {
+ RtlZeroMemory(Buffer, ReadLength);
+ Status = STATUS_SUCCESS;
+ }
+ else
+ {
+ Status = NtfsReadDisk(Vcb->StorageDevice,
+ DataRunStartLCN * Vcb->NtfsInfo.BytesPerCluster + Offset - CurrentOffset,
+ ReadLength,
+ Vcb->NtfsInfo.BytesPerSector,
+ (PVOID)Buffer,
+ FALSE);
+ }
+ if (NT_SUCCESS(Status))
+ {
+ Length -= ReadLength;
+ Buffer += ReadLength;
+ AlreadyRead += ReadLength;
+
+ if (ReadLength == DataRunLength * Vcb->NtfsInfo.BytesPerCluster - (Offset - CurrentOffset))
+ {
+ CurrentOffset += DataRunLength * Vcb->NtfsInfo.BytesPerCluster;
+ DataRun = DecodeRun(DataRun, &DataRunOffset, &DataRunLength);
+ if (DataRunOffset != (ULONGLONG)-1)
+ {
+ DataRunStartLCN = LastLCN + DataRunOffset;
+ LastLCN = DataRunStartLCN;
+ }
+ else
+ DataRunStartLCN = -1;
+ }
+
+ while (Length > 0)
+ {
+ ReadLength = (ULONG)min(DataRunLength * Vcb->NtfsInfo.BytesPerCluster, Length);
+ if (DataRunStartLCN == -1)
+ RtlZeroMemory(Buffer, ReadLength);
+ else
+ {
+ Status = NtfsReadDisk(Vcb->StorageDevice,
+ DataRunStartLCN * Vcb->NtfsInfo.BytesPerCluster,
+ ReadLength,
+ Vcb->NtfsInfo.BytesPerSector,
+ (PVOID)Buffer,
+ FALSE);
+ if (!NT_SUCCESS(Status))
+ break;
+ }
+
+ Length -= ReadLength;
+ Buffer += ReadLength;
+ AlreadyRead += ReadLength;
+
+ /* We finished this request, but there still data in this data run. */
+ if (Length == 0 && ReadLength != DataRunLength * Vcb->NtfsInfo.BytesPerCluster)
+ break;
+
+ /*
+ * Go to next run in the list.
+ */
+
+ if (*DataRun == 0)
+ break;
+ CurrentOffset += DataRunLength * Vcb->NtfsInfo.BytesPerCluster;
+ DataRun = DecodeRun(DataRun, &DataRunOffset, &DataRunLength);
+ if (DataRunOffset != -1)
+ {
+ /* Normal data run. */
+ DataRunStartLCN = LastLCN + DataRunOffset;
+ LastLCN = DataRunStartLCN;
+ }
+ else
+ {
+ /* Sparse data run. */
+ DataRunStartLCN = -1;
+ }
+ } /* while */
+
+ } /* if Disk */
+
+ // TEMPTEMP
+ if (Context->pRecord->IsNonResident)
+ ExFreePoolWithTag(TempBuffer, TAG_NTFS);
+
+ Context->CacheRun = DataRun;
+ Context->CacheRunOffset = Offset + AlreadyRead;
+ Context->CacheRunStartLCN = DataRunStartLCN;
+ Context->CacheRunLength = DataRunLength;
+ Context->CacheRunLastLCN = LastLCN;
+ Context->CacheRunCurrentOffset = CurrentOffset;
+
+ return AlreadyRead;
+}
+
+
+/**
+* @name WriteAttribute
+* @implemented
+*
+* Writes an NTFS attribute to the disk. It presently borrows a lot of code from ReadAttribute(),
+* and it still needs more documentation / cleaning up.
+*
+* @param Vcb
+* Volume Control Block indicating which volume to write the attribute to
+*
+* @param Context
+* Pointer to an NTFS_ATTR_CONTEXT that has information about the attribute
+*
+* @param Offset
+* Offset, in bytes, from the beginning of the attribute indicating where to start
+* writing data
+*
+* @param Buffer
+* The data that's being written to the device
+*
+* @param Length
+* How much data will be written, in bytes
+*
+* @param RealLengthWritten
+* Pointer to a ULONG which will receive how much data was written, in bytes
+*
+* @param FileRecord
+* Optional pointer to a FILE_RECORD_HEADER that contains a copy of the file record
+* being written to. Can be NULL, in which case the file record will be read from disk.
+* If not-null, WriteAttribute() will skip reading from disk, and FileRecord
+* will be updated with the newly-written attribute before the function returns.
+*
+* @return
+* STATUS_SUCCESS if successful, an error code otherwise. STATUS_NOT_IMPLEMENTED if
+* writing to a sparse file.
+*
+* @remarks Note that in this context the word "attribute" isn't referring read-only, hidden,
+* etc. - the file's data is actually stored in an attribute in NTFS parlance.
+*
+*/
+
+NTSTATUS
+WriteAttribute(PDEVICE_EXTENSION Vcb,
+ PNTFS_ATTR_CONTEXT Context,
+ ULONGLONG Offset,
+ const PUCHAR Buffer,
+ ULONG Length,
+ PULONG RealLengthWritten,
+ PFILE_RECORD_HEADER FileRecord)
+{
+ ULONGLONG LastLCN;
+ PUCHAR DataRun;
+ LONGLONG DataRunOffset;
+ ULONGLONG DataRunLength;
+ LONGLONG DataRunStartLCN;
+ ULONGLONG CurrentOffset;
+ ULONG WriteLength;
+ NTSTATUS Status;
+ PUCHAR SourceBuffer = Buffer;
+ LONGLONG StartingOffset;
+ BOOLEAN FileRecordAllocated = FALSE;
+
+ //TEMPTEMP
+ PUCHAR TempBuffer;
+
+
+ DPRINT("WriteAttribute(%p, %p, %I64u, %p, %lu, %p, %p)\n", Vcb, Context, Offset, Buffer, Length, RealLengthWritten, FileRecord);
+
+ *RealLengthWritten = 0;
+
+ // is this a resident attribute?
+ if (!Context->pRecord->IsNonResident)
+ {
+ ULONG AttributeOffset;
+ PNTFS_ATTR_CONTEXT FoundContext;
+ PNTFS_ATTR_RECORD Destination;
+
+ // Ensure requested data is within the bounds of the attribute
+ ASSERT(Offset + Length <= Context->pRecord->Resident.ValueLength);
+
+ if (Offset + Length > Context->pRecord->Resident.ValueLength)
+ {
+ DPRINT1("DRIVER ERROR: Attribute is too small!\n");
+ return STATUS_INVALID_PARAMETER;
+ }
+
+ // Do we need to read the file record?
+ if (FileRecord == NULL)
+ {
+ FileRecord = ExAllocateFromNPagedLookasideList(&Vcb->FileRecLookasideList);
+ if (!FileRecord)
+ {
+ DPRINT1("Error: Couldn't allocate file record!\n");
+ return STATUS_NO_MEMORY;
+ }
+
+ FileRecordAllocated = TRUE;
+
+ // read the file record
+ ReadFileRecord(Vcb, Context->FileMFTIndex, FileRecord);
+ }
+
+ // find where to write the attribute data to
+ Status = FindAttribute(Vcb, FileRecord,
+ Context->pRecord->Type,
+ (PCWSTR)((ULONG_PTR)Context->pRecord + Context->pRecord->NameOffset),
+ Context->pRecord->NameLength,
+ &FoundContext,
+ &AttributeOffset);
+
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Couldn't find matching attribute!\n");
+ if(FileRecordAllocated)
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, FileRecord);
+ return Status;
+ }
+
+ Destination = (PNTFS_ATTR_RECORD)((ULONG_PTR)FileRecord + AttributeOffset);
+
+ DPRINT("Offset: %I64u, AttributeOffset: %u, ValueOffset: %u\n", Offset, AttributeOffset, Context->pRecord->Resident.ValueLength);
+
+ // Will we be writing past the end of the allocated file record?
+ if (Offset + Length + AttributeOffset + Context->pRecord->Resident.ValueOffset > Vcb->NtfsInfo.BytesPerFileRecord)
+ {
+ DPRINT1("DRIVER ERROR: Data being written extends past end of file record!\n");
+ ReleaseAttributeContext(FoundContext);
+ if (FileRecordAllocated)
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, FileRecord);
+ return STATUS_INVALID_PARAMETER;
+ }
+
+ // copy the data being written into the file record. We cast Offset to ULONG, which is safe because it's range has been verified.
+ RtlCopyMemory((PCHAR)((ULONG_PTR)Destination + Context->pRecord->Resident.ValueOffset + (ULONG)Offset), Buffer, Length);
+
+ Status = UpdateFileRecord(Vcb, Context->FileMFTIndex, FileRecord);
+
+ // Update the context's copy of the resident attribute
+ ASSERT(Context->pRecord->Length == Destination->Length);
+ RtlCopyMemory((PVOID)Context->pRecord, Destination, Context->pRecord->Length);
+
+ ReleaseAttributeContext(FoundContext);
+ if (FileRecordAllocated)
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, FileRecord);
+
+ if (NT_SUCCESS(Status))
+ *RealLengthWritten = Length;
+
+ return Status;
+ }
+
+ // This is a non-resident attribute.
+
+ // I. Find the corresponding start data run.
+
+ // FIXME: Cache seems to be non-working. Disable it for now
+ //if(Context->CacheRunOffset <= Offset && Offset < Context->CacheRunOffset + Context->CacheRunLength * Volume->ClusterSize)
+ /*if (0)
+ {
+ DataRun = Context->CacheRun;
+ LastLCN = Context->CacheRunLastLCN;
+ DataRunStartLCN = Context->CacheRunStartLCN;
+ DataRunLength = Context->CacheRunLength;
+ CurrentOffset = Context->CacheRunCurrentOffset;
+ }
+ else*/
+ {
+ ULONG UsedBufferSize;
+ LastLCN = 0;
+ CurrentOffset = 0;
+
+ // This will be rewritten in the next iteration to just use the DataRuns MCB directly
+ TempBuffer = ExAllocatePoolWithTag(NonPagedPool, Vcb->NtfsInfo.BytesPerFileRecord, TAG_NTFS);
+ if (TempBuffer == NULL)
+ {
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
+
+ ConvertLargeMCBToDataRuns(&Context->DataRunsMCB,
+ TempBuffer,
+ Vcb->NtfsInfo.BytesPerFileRecord,
+ &UsedBufferSize);
+
+ DataRun = TempBuffer;
+
+ while (1)
+ {
+ DataRun = DecodeRun(DataRun, &DataRunOffset, &DataRunLength);
+ if (DataRunOffset != -1)
+ {
+ // Normal data run.
+ // DPRINT1("Writing to normal data run, LastLCN %I64u DataRunOffset %I64d\n", LastLCN, DataRunOffset);
+ DataRunStartLCN = LastLCN + DataRunOffset;
+ LastLCN = DataRunStartLCN;
+ }
+ else
+ {
+ // Sparse data run. We can't support writing to sparse files yet
+ // (it may require increasing the allocation size).
+ DataRunStartLCN = -1;
+ DPRINT1("FIXME: Writing to sparse files is not supported yet!\n");
+ Status = STATUS_NOT_IMPLEMENTED;
+ goto Cleanup;
+ }
+
+ // Have we reached the data run we're trying to write to?
+ if (Offset >= CurrentOffset &&
+ Offset < CurrentOffset + (DataRunLength * Vcb->NtfsInfo.BytesPerCluster))
+ {
+ break;
+ }
+
+ if (*DataRun == 0)
+ {
+ // We reached the last assigned cluster
+ // TODO: assign new clusters to the end of the file.
+ // (Presently, this code will rarely be reached, the write will usually have already failed by now)
+ // [We can reach here by creating a new file record when the MFT isn't large enough]
+ DPRINT1("FIXME: Master File Table needs to be enlarged.\n");
+ Status = STATUS_END_OF_FILE;
+ goto Cleanup;
+ }
+
+ CurrentOffset += DataRunLength * Vcb->NtfsInfo.BytesPerCluster;
+ }
+ }
+
+ // II. Go through the run list and write the data
+
+ /* REVIEWME -- As adapted from NtfsReadAttribute():
+ We seem to be making a special case for the first applicable data run, but I'm not sure why.
+ Does it have something to do with (not) caching? Is this strategy equally applicable to writing? */
+
+ WriteLength = (ULONG)min(DataRunLength * Vcb->NtfsInfo.BytesPerCluster - (Offset - CurrentOffset), Length);
+
+ StartingOffset = DataRunStartLCN * Vcb->NtfsInfo.BytesPerCluster + Offset - CurrentOffset;
+
+ // Write the data to the disk
+ Status = NtfsWriteDisk(Vcb->StorageDevice,
+ StartingOffset,
+ WriteLength,
+ Vcb->NtfsInfo.BytesPerSector,
+ (PVOID)SourceBuffer);
+
+ // Did the write fail?
+ if (!NT_SUCCESS(Status))
+ {
+ Context->CacheRun = DataRun;
+ Context->CacheRunOffset = Offset;
+ Context->CacheRunStartLCN = DataRunStartLCN;
+ Context->CacheRunLength = DataRunLength;
+ Context->CacheRunLastLCN = LastLCN;
+ Context->CacheRunCurrentOffset = CurrentOffset;
+
+ goto Cleanup;
+ }
+
+ Length -= WriteLength;
+ SourceBuffer += WriteLength;
+ *RealLengthWritten += WriteLength;
+
+ // Did we write to the end of the data run?
+ if (WriteLength == DataRunLength * Vcb->NtfsInfo.BytesPerCluster - (Offset - CurrentOffset))
+ {
+ // Advance to the next data run
+ CurrentOffset += DataRunLength * Vcb->NtfsInfo.BytesPerCluster;
+ DataRun = DecodeRun(DataRun, &DataRunOffset, &DataRunLength);
+
+ if (DataRunOffset != (ULONGLONG)-1)
+ {
+ DataRunStartLCN = LastLCN + DataRunOffset;
+ LastLCN = DataRunStartLCN;
+ }
+ else
+ DataRunStartLCN = -1;
+ }
+
+ // Do we have more data to write?
+ while (Length > 0)
+ {
+ // Make sure we don't write past the end of the current data run
+ WriteLength = (ULONG)min(DataRunLength * Vcb->NtfsInfo.BytesPerCluster, Length);
+
+ // Are we dealing with a sparse data run?
+ if (DataRunStartLCN == -1)
+ {
+ DPRINT1("FIXME: Don't know how to write to sparse files yet! (DataRunStartLCN == -1)\n");
+ Status = STATUS_NOT_IMPLEMENTED;
+ goto Cleanup;
+ }
+ else
+ {
+ // write the data to the disk
+ Status = NtfsWriteDisk(Vcb->StorageDevice,
+ DataRunStartLCN * Vcb->NtfsInfo.BytesPerCluster,
+ WriteLength,
+ Vcb->NtfsInfo.BytesPerSector,
+ (PVOID)SourceBuffer);
+ if (!NT_SUCCESS(Status))
+ break;
+ }
+
+ Length -= WriteLength;
+ SourceBuffer += WriteLength;
+ *RealLengthWritten += WriteLength;
+
+ // We finished this request, but there's still data in this data run.
+ if (Length == 0 && WriteLength != DataRunLength * Vcb->NtfsInfo.BytesPerCluster)
+ break;
+
+ // Go to next run in the list.
+
+ if (*DataRun == 0)
+ {
+ // that was the last run
+ if (Length > 0)
+ {
+ // Failed sanity check.
+ DPRINT1("Encountered EOF before expected!\n");
+ Status = STATUS_END_OF_FILE;
+ goto Cleanup;
+ }
+
+ break;
+ }
+
+ // Advance to the next data run
+ CurrentOffset += DataRunLength * Vcb->NtfsInfo.BytesPerCluster;
+ DataRun = DecodeRun(DataRun, &DataRunOffset, &DataRunLength);
+ if (DataRunOffset != -1)
+ {
+ // Normal data run.
+ DataRunStartLCN = LastLCN + DataRunOffset;
+ LastLCN = DataRunStartLCN;
+ }
+ else
+ {
+ // Sparse data run.
+ DataRunStartLCN = -1;
+ }
+ } // end while (Length > 0) [more data to write]
+
+ Context->CacheRun = DataRun;
+ Context->CacheRunOffset = Offset + *RealLengthWritten;
+ Context->CacheRunStartLCN = DataRunStartLCN;
+ Context->CacheRunLength = DataRunLength;
+ Context->CacheRunLastLCN = LastLCN;
+ Context->CacheRunCurrentOffset = CurrentOffset;
+
+Cleanup:
+ // TEMPTEMP
+ if (Context->pRecord->IsNonResident)
+ ExFreePoolWithTag(TempBuffer, TAG_NTFS);
+
+ return Status;
+}
+
+NTSTATUS
+ReadFileRecord(PDEVICE_EXTENSION Vcb,
+ ULONGLONG index,
+ PFILE_RECORD_HEADER file)
+{
+ ULONGLONG BytesRead;
+
+ DPRINT("ReadFileRecord(%p, %I64x, %p)\n", Vcb, index, file);
+
+ BytesRead = ReadAttribute(Vcb, Vcb->MFTContext, index * Vcb->NtfsInfo.BytesPerFileRecord, (PCHAR)file, Vcb->NtfsInfo.BytesPerFileRecord);
+ if (BytesRead != Vcb->NtfsInfo.BytesPerFileRecord)
+ {
+ DPRINT1("ReadFileRecord failed: %I64u read, %lu expected\n", BytesRead, Vcb->NtfsInfo.BytesPerFileRecord);
+ return STATUS_PARTIAL_COPY;
+ }
+
+ /* Apply update sequence array fixups. */
+ DPRINT("Sequence number: %u\n", file->SequenceNumber);
+ return FixupUpdateSequenceArray(Vcb, &file->Ntfs);
+}
+
+
+/**
+* Searches a file's parent directory (given the parent's index in the mft)
+* for the given file. Upon finding an index entry for that file, updates
+* Data Size and Allocated Size values in the $FILE_NAME attribute of that entry.
+*
+* (Most of this code was copied from NtfsFindMftRecord)
+*/
+NTSTATUS
+UpdateFileNameRecord(PDEVICE_EXTENSION Vcb,
+ ULONGLONG ParentMFTIndex,
+ PUNICODE_STRING FileName,
+ BOOLEAN DirSearch,
+ ULONGLONG NewDataSize,
+ ULONGLONG NewAllocationSize,
+ BOOLEAN CaseSensitive)
+{
+ PFILE_RECORD_HEADER MftRecord;
+ PNTFS_ATTR_CONTEXT IndexRootCtx;
+ PINDEX_ROOT_ATTRIBUTE IndexRoot;
+ PCHAR IndexRecord;
+ PINDEX_ENTRY_ATTRIBUTE IndexEntry, IndexEntryEnd;
+ NTSTATUS Status;
+ ULONG CurrentEntry = 0;
+
+ DPRINT("UpdateFileNameRecord(%p, %I64d, %wZ, %s, %I64u, %I64u, %s)\n",
+ Vcb,
+ ParentMFTIndex,
+ FileName,
+ DirSearch ? "TRUE" : "FALSE",
+ NewDataSize,
+ NewAllocationSize,
+ CaseSensitive ? "TRUE" : "FALSE");
+
+ MftRecord = ExAllocateFromNPagedLookasideList(&Vcb->FileRecLookasideList);
+ if (MftRecord == NULL)
+ {
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
+
+ Status = ReadFileRecord(Vcb, ParentMFTIndex, MftRecord);
+ if (!NT_SUCCESS(Status))
+ {
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MftRecord);
+ return Status;
+ }
+
+ ASSERT(MftRecord->Ntfs.Type == NRH_FILE_TYPE);
+ Status = FindAttribute(Vcb, MftRecord, AttributeIndexRoot, L"$I30", 4, &IndexRootCtx, NULL);
+ if (!NT_SUCCESS(Status))
+ {
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MftRecord);
+ return Status;
+ }
+
+ IndexRecord = ExAllocatePoolWithTag(NonPagedPool, Vcb->NtfsInfo.BytesPerIndexRecord, TAG_NTFS);
+ if (IndexRecord == NULL)
+ {
+ ReleaseAttributeContext(IndexRootCtx);
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MftRecord);
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
+
+ Status = ReadAttribute(Vcb, IndexRootCtx, 0, IndexRecord, AttributeDataLength(IndexRootCtx->pRecord));
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Failed to read Index Root!\n");
+ ExFreePoolWithTag(IndexRecord, TAG_NTFS);
+ ReleaseAttributeContext(IndexRootCtx);
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MftRecord);
+ return Status;
+ }
+
+ IndexRoot = (PINDEX_ROOT_ATTRIBUTE)IndexRecord;
+ IndexEntry = (PINDEX_ENTRY_ATTRIBUTE)((PCHAR)&IndexRoot->Header + IndexRoot->Header.FirstEntryOffset);
+ // Index root is always resident.
+ IndexEntryEnd = (PINDEX_ENTRY_ATTRIBUTE)(IndexRecord + IndexRoot->Header.TotalSizeOfEntries);
+
+ DPRINT("IndexRecordSize: %x IndexBlockSize: %x\n", Vcb->NtfsInfo.BytesPerIndexRecord, IndexRoot->SizeOfEntry);
+
+ Status = UpdateIndexEntryFileNameSize(Vcb,
+ MftRecord,
+ IndexRecord,
+ IndexRoot->SizeOfEntry,
+ IndexEntry,
+ IndexEntryEnd,
+ FileName,
+ &CurrentEntry,
+ &CurrentEntry,
+ DirSearch,
+ NewDataSize,
+ NewAllocationSize,
+ CaseSensitive);
+
+ if (Status == STATUS_PENDING)
+ {
+ // we need to write the index root attribute back to disk
+ ULONG LengthWritten;
+ Status = WriteAttribute(Vcb, IndexRootCtx, 0, (PUCHAR)IndexRecord, AttributeDataLength(IndexRootCtx->pRecord), &LengthWritten, MftRecord);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Couldn't update Index Root!\n");
+ }
+
+ }
+
+ ReleaseAttributeContext(IndexRootCtx);
+ ExFreePoolWithTag(IndexRecord, TAG_NTFS);
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MftRecord);
+
+ return Status;
+}
+
+/**
+* Recursively searches directory index and applies the size update to the $FILE_NAME attribute of the
+* proper index entry.
+* (Heavily based on BrowseIndexEntries)
+*/
+NTSTATUS
+UpdateIndexEntryFileNameSize(PDEVICE_EXTENSION Vcb,
+ PFILE_RECORD_HEADER MftRecord,
+ PCHAR IndexRecord,
+ ULONG IndexBlockSize,
+ PINDEX_ENTRY_ATTRIBUTE FirstEntry,
+ PINDEX_ENTRY_ATTRIBUTE LastEntry,
+ PUNICODE_STRING FileName,
+ PULONG StartEntry,
+ PULONG CurrentEntry,
+ BOOLEAN DirSearch,
+ ULONGLONG NewDataSize,
+ ULONGLONG NewAllocatedSize,
+ BOOLEAN CaseSensitive)
+{
+ NTSTATUS Status;
+ ULONG RecordOffset;
+ PINDEX_ENTRY_ATTRIBUTE IndexEntry;
+ PNTFS_ATTR_CONTEXT IndexAllocationCtx;
+ ULONGLONG IndexAllocationSize;
+ PINDEX_BUFFER IndexBuffer;
+
+ DPRINT("UpdateIndexEntrySize(%p, %p, %p, %lu, %p, %p, %wZ, %lu, %lu, %s, %I64u, %I64u, %s)\n",
+ Vcb,
+ MftRecord,
+ IndexRecord,
+ IndexBlockSize,
+ FirstEntry,
+ LastEntry,
+ FileName,
+ *StartEntry,
+ *CurrentEntry,
+ DirSearch ? "TRUE" : "FALSE",
+ NewDataSize,
+ NewAllocatedSize,
+ CaseSensitive ? "TRUE" : "FALSE");
+
+ // find the index entry responsible for the file we're trying to update
+ IndexEntry = FirstEntry;
+ while (IndexEntry < LastEntry &&
+ !(IndexEntry->Flags & NTFS_INDEX_ENTRY_END))
+ {
+ if ((IndexEntry->Data.Directory.IndexedFile & NTFS_MFT_MASK) > NTFS_FILE_FIRST_USER_FILE &&
+ *CurrentEntry >= *StartEntry &&
+ IndexEntry->FileName.NameType != NTFS_FILE_NAME_DOS &&
+ CompareFileName(FileName, IndexEntry, DirSearch, CaseSensitive))
+ {
+ *StartEntry = *CurrentEntry;
+ IndexEntry->FileName.DataSize = NewDataSize;
+ IndexEntry->FileName.AllocatedSize = NewAllocatedSize;
+ // indicate that the caller will still need to write the structure to the disk
+ return STATUS_PENDING;
+ }
+
+ (*CurrentEntry) += 1;
+ ASSERT(IndexEntry->Length >= sizeof(INDEX_ENTRY_ATTRIBUTE));
+ IndexEntry = (PINDEX_ENTRY_ATTRIBUTE)((PCHAR)IndexEntry + IndexEntry->Length);
+ }
+
+ /* If we're already browsing a subnode */
+ if (IndexRecord == NULL)
{
- DPRINT1("ReadFileRecord failed: %u read, %u expected\n", BytesRead, Vcb->NtfsInfo.BytesPerFileRecord);
- return STATUS_PARTIAL_COPY;
+ return STATUS_OBJECT_PATH_NOT_FOUND;
}
- /* Apply update sequence array fixups. */
- return FixupUpdateSequenceArray(Vcb, &file->Ntfs);
+ /* If there's no subnode */
+ if (!(IndexEntry->Flags & NTFS_INDEX_ENTRY_NODE))
+ {
+ return STATUS_OBJECT_PATH_NOT_FOUND;
+ }
+
+ Status = FindAttribute(Vcb, MftRecord, AttributeIndexAllocation, L"$I30", 4, &IndexAllocationCtx, NULL);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT("Corrupted filesystem!\n");
+ return Status;
+ }
+
+ IndexAllocationSize = AttributeDataLength(IndexAllocationCtx->pRecord);
+ Status = STATUS_OBJECT_PATH_NOT_FOUND;
+ for (RecordOffset = 0; RecordOffset < IndexAllocationSize; RecordOffset += IndexBlockSize)
+ {
+ ReadAttribute(Vcb, IndexAllocationCtx, RecordOffset, IndexRecord, IndexBlockSize);
+ Status = FixupUpdateSequenceArray(Vcb, &((PFILE_RECORD_HEADER)IndexRecord)->Ntfs);
+ if (!NT_SUCCESS(Status))
+ {
+ break;
+ }
+
+ IndexBuffer = (PINDEX_BUFFER)IndexRecord;
+ ASSERT(IndexBuffer->Ntfs.Type == NRH_INDX_TYPE);
+ ASSERT(IndexBuffer->Header.AllocatedSize + FIELD_OFFSET(INDEX_BUFFER, Header) == IndexBlockSize);
+ FirstEntry = (PINDEX_ENTRY_ATTRIBUTE)((ULONG_PTR)&IndexBuffer->Header + IndexBuffer->Header.FirstEntryOffset);
+ LastEntry = (PINDEX_ENTRY_ATTRIBUTE)((ULONG_PTR)&IndexBuffer->Header + IndexBuffer->Header.TotalSizeOfEntries);
+ ASSERT(LastEntry <= (PINDEX_ENTRY_ATTRIBUTE)((ULONG_PTR)IndexBuffer + IndexBlockSize));
+
+ Status = UpdateIndexEntryFileNameSize(NULL,
+ NULL,
+ NULL,
+ 0,
+ FirstEntry,
+ LastEntry,
+ FileName,
+ StartEntry,
+ CurrentEntry,
+ DirSearch,
+ NewDataSize,
+ NewAllocatedSize,
+ CaseSensitive);
+ if (Status == STATUS_PENDING)
+ {
+ // write the index record back to disk
+ ULONG Written;
+
+ // first we need to update the fixup values for the index block
+ Status = AddFixupArray(Vcb, &((PFILE_RECORD_HEADER)IndexRecord)->Ntfs);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("Error: Failed to update fixup sequence array!\n");
+ break;
+ }
+
+ Status = WriteAttribute(Vcb, IndexAllocationCtx, RecordOffset, (const PUCHAR)IndexRecord, IndexBlockSize, &Written, MftRecord);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR Performing write!\n");
+ break;
+ }
+
+ Status = STATUS_SUCCESS;
+ break;
+ }
+ if (NT_SUCCESS(Status))
+ {
+ break;
+ }
+ }
+
+ ReleaseAttributeContext(IndexAllocationCtx);
+ return Status;
+}
+
+/**
+* @name UpdateFileRecord
+* @implemented
+*
+* Writes a file record to the master file table, at a given index.
+*
+* @param Vcb
+* Pointer to the DEVICE_EXTENSION of the target drive being written to.
+*
+* @param MftIndex
+* Target index in the master file table to store the file record.
+*
+* @param FileRecord
+* Pointer to the complete file record which will be written to the master file table.
+*
+* @return
+* STATUS_SUCCESSFUL on success. An error passed from WriteAttribute() otherwise.
+*
+*/
+NTSTATUS
+UpdateFileRecord(PDEVICE_EXTENSION Vcb,
+ ULONGLONG MftIndex,
+ PFILE_RECORD_HEADER FileRecord)
+{
+ ULONG BytesWritten;
+ NTSTATUS Status = STATUS_SUCCESS;
+
+ DPRINT("UpdateFileRecord(%p, 0x%I64x, %p)\n", Vcb, MftIndex, FileRecord);
+
+ // Add the fixup array to prepare the data for writing to disk
+ AddFixupArray(Vcb, &FileRecord->Ntfs);
+
+ // write the file record to the master file table
+ Status = WriteAttribute(Vcb,
+ Vcb->MFTContext,
+ MftIndex * Vcb->NtfsInfo.BytesPerFileRecord,
+ (const PUCHAR)FileRecord,
+ Vcb->NtfsInfo.BytesPerFileRecord,
+ &BytesWritten,
+ FileRecord);
+
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("UpdateFileRecord failed: %lu written, %lu expected\n", BytesWritten, Vcb->NtfsInfo.BytesPerFileRecord);
+ }
+
+ // remove the fixup array (so the file record pointer can still be used)
+ FixupUpdateSequenceArray(Vcb, &FileRecord->Ntfs);
+
+ return Status;
+}
+
+
+NTSTATUS
+FixupUpdateSequenceArray(PDEVICE_EXTENSION Vcb,
+ PNTFS_RECORD_HEADER Record)
+{
+ USHORT *USA;
+ USHORT USANumber;
+ USHORT USACount;
+ USHORT *Block;
+
+ USA = (USHORT*)((PCHAR)Record + Record->UsaOffset);
+ USANumber = *(USA++);
+ USACount = Record->UsaCount - 1; /* Exclude the USA Number. */
+ Block = (USHORT*)((PCHAR)Record + Vcb->NtfsInfo.BytesPerSector - 2);
+
+ DPRINT("FixupUpdateSequenceArray(%p, %p)\nUSANumber: %u\tUSACount: %u\n", Vcb, Record, USANumber, USACount);
+
+ while (USACount)
+ {
+ if (*Block != USANumber)
+ {
+ DPRINT1("Mismatch with USA: %u read, %u expected\n" , *Block, USANumber);
+ return STATUS_UNSUCCESSFUL;
+ }
+ *Block = *(USA++);
+ Block = (USHORT*)((PCHAR)Block + Vcb->NtfsInfo.BytesPerSector);
+ USACount--;
+ }
+
+ return STATUS_SUCCESS;
+}
+
+/**
+* @name AddNewMftEntry
+* @implemented
+*
+* Adds a file record to the master file table of a given device.
+*
+* @param FileRecord
+* Pointer to a complete file record which will be saved to disk.
+*
+* @param DeviceExt
+* Pointer to the DEVICE_EXTENSION of the target drive.
+*
+* @param DestinationIndex
+* Pointer to a ULONGLONG which will receive the MFT index where the file record was stored.
+*
+* @param CanWait
+* Boolean indicating if the function is allowed to wait for exclusive access to the master file table.
+* This will only be relevant if the MFT doesn't have any free file records and needs to be enlarged.
+*
+* @return
+* STATUS_SUCCESS on success.
+* STATUS_OBJECT_NAME_NOT_FOUND if we can't find the MFT's $Bitmap or if we weren't able
+* to read the attribute.
+* STATUS_INSUFFICIENT_RESOURCES if we can't allocate enough memory for a copy of $Bitmap.
+* STATUS_CANT_WAIT if CanWait was FALSE and the function could not get immediate, exclusive access to the MFT.
+*/
+NTSTATUS
+AddNewMftEntry(PFILE_RECORD_HEADER FileRecord,
+ PDEVICE_EXTENSION DeviceExt,
+ PULONGLONG DestinationIndex,
+ BOOLEAN CanWait)
+{
+ NTSTATUS Status = STATUS_SUCCESS;
+ ULONGLONG MftIndex;
+ RTL_BITMAP Bitmap;
+ ULONGLONG BitmapDataSize;
+ ULONGLONG AttrBytesRead;
+ PUCHAR BitmapData;
+ PUCHAR BitmapBuffer;
+ ULONG LengthWritten;
+ PNTFS_ATTR_CONTEXT BitmapContext;
+ LARGE_INTEGER BitmapBits;
+ UCHAR SystemReservedBits;
+
+ DPRINT1("AddNewMftEntry(%p, %p, %p, %s)\n", FileRecord, DeviceExt, DestinationIndex, CanWait ? "TRUE" : "FALSE");
+
+ // First, we have to read the mft's $Bitmap attribute
+
+ // Find the attribute
+ Status = FindAttribute(DeviceExt, DeviceExt->MasterFileTable, AttributeBitmap, L"", 0, &BitmapContext, NULL);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Couldn't find $Bitmap attribute of master file table!\n");
+ return Status;
+ }
+
+ // Get size of bitmap
+ BitmapDataSize = AttributeDataLength(BitmapContext->pRecord);
+
+ // RtlInitializeBitmap wants a ULONG-aligned pointer, and wants the memory passed to it to be a ULONG-multiple
+ // Allocate a buffer for the $Bitmap attribute plus enough to ensure we can get a ULONG-aligned pointer
+ BitmapBuffer = ExAllocatePoolWithTag(NonPagedPool, BitmapDataSize + sizeof(ULONG), TAG_NTFS);
+ if (!BitmapBuffer)
+ {
+ ReleaseAttributeContext(BitmapContext);
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
+ RtlZeroMemory(BitmapBuffer, BitmapDataSize + sizeof(ULONG));
+
+ // Get a ULONG-aligned pointer for the bitmap itself
+ BitmapData = (PUCHAR)ALIGN_UP_BY((ULONG_PTR)BitmapBuffer, sizeof(ULONG));
+
+ // read $Bitmap attribute
+ AttrBytesRead = ReadAttribute(DeviceExt, BitmapContext, 0, (PCHAR)BitmapData, BitmapDataSize);
+
+ if (AttrBytesRead != BitmapDataSize)
+ {
+ DPRINT1("ERROR: Unable to read $Bitmap attribute of master file table!\n");
+ ExFreePoolWithTag(BitmapBuffer, TAG_NTFS);
+ ReleaseAttributeContext(BitmapContext);
+ return STATUS_OBJECT_NAME_NOT_FOUND;
+ }
+
+ // We need to backup the bits for records 0x10 - 0x17 (3rd byte of bitmap) and mark these records
+ // as in-use so we don't assign files to those indices. They're reserved for the system (e.g. ChkDsk).
+ SystemReservedBits = BitmapData[2];
+ BitmapData[2] = 0xff;
+
+ // Calculate bit count
+ BitmapBits.QuadPart = AttributeDataLength(DeviceExt->MFTContext->pRecord) /
+ DeviceExt->NtfsInfo.BytesPerFileRecord;
+ if (BitmapBits.HighPart != 0)
+ {
+ DPRINT1("\tFIXME: bitmap sizes beyond 32bits are not yet supported! (Your NTFS volume is too large)\n");
+ NtfsGlobalData->EnableWriteSupport = FALSE;
+ ExFreePoolWithTag(BitmapBuffer, TAG_NTFS);
+ ReleaseAttributeContext(BitmapContext);
+ return STATUS_NOT_IMPLEMENTED;
+ }
+
+ // convert buffer into bitmap
+ RtlInitializeBitMap(&Bitmap, (PULONG)BitmapData, BitmapBits.LowPart);
+
+ // set next available bit, preferrably after 23rd bit
+ MftIndex = RtlFindClearBitsAndSet(&Bitmap, 1, 24);
+ if ((LONG)MftIndex == -1)
+ {
+ DPRINT1("Couldn't find free space in MFT for file record, increasing MFT size.\n");
+
+ ExFreePoolWithTag(BitmapBuffer, TAG_NTFS);
+ ReleaseAttributeContext(BitmapContext);
+
+ // Couldn't find a free record in the MFT, add some blank records and try again
+ Status = IncreaseMftSize(DeviceExt, CanWait);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Couldn't find space in MFT for file or increase MFT size!\n");
+ return Status;
+ }
+
+ return AddNewMftEntry(FileRecord, DeviceExt, DestinationIndex, CanWait);
+ }
+
+ DPRINT1("Creating file record at MFT index: %I64u\n", MftIndex);
+
+ // update file record with index
+ FileRecord->MFTRecordNumber = MftIndex;
+
+ // [BitmapData should have been updated via RtlFindClearBitsAndSet()]
+
+ // Restore the system reserved bits
+ BitmapData[2] = SystemReservedBits;
+
+ // write the bitmap back to the MFT's $Bitmap attribute
+ Status = WriteAttribute(DeviceExt, BitmapContext, 0, BitmapData, BitmapDataSize, &LengthWritten, FileRecord);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR encountered when writing $Bitmap attribute!\n");
+ ExFreePoolWithTag(BitmapBuffer, TAG_NTFS);
+ ReleaseAttributeContext(BitmapContext);
+ return Status;
+ }
+
+ // update the file record (write it to disk)
+ Status = UpdateFileRecord(DeviceExt, MftIndex, FileRecord);
+
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Unable to write file record!\n");
+ ExFreePoolWithTag(BitmapBuffer, TAG_NTFS);
+ ReleaseAttributeContext(BitmapContext);
+ return Status;
+ }
+
+ *DestinationIndex = MftIndex;
+
+ ExFreePoolWithTag(BitmapBuffer, TAG_NTFS);
+ ReleaseAttributeContext(BitmapContext);
+
+ return Status;
}
+/**
+* @name NtfsAddFilenameToDirectory
+* @implemented
+*
+* Adds a $FILE_NAME attribute to a given directory index.
+*
+* @param DeviceExt
+* Points to the target disk's DEVICE_EXTENSION.
+*
+* @param DirectoryMftIndex
+* Mft index of the parent directory which will receive the file.
+*
+* @param FileReferenceNumber
+* File reference of the file to be added to the directory. This is a combination of the
+* Mft index and sequence number.
+*
+* @param FilenameAttribute
+* Pointer to the FILENAME_ATTRIBUTE of the file being added to the directory.
+*
+* @param CaseSensitive
+* Boolean indicating if the function should operate in case-sensitive mode. This will be TRUE
+* if an application created the file with the FILE_FLAG_POSIX_SEMANTICS flag.
+*
+* @return
+* STATUS_SUCCESS on success.
+* STATUS_INSUFFICIENT_RESOURCES if an allocation fails.
+* STATUS_NOT_IMPLEMENTED if target address isn't at the end of the given file record.
+*
+* @remarks
+* WIP - Can only support a few files in a directory.
+* One FILENAME_ATTRIBUTE is added to the directory's index for each link to that file. So, each
+* file which contains one FILENAME_ATTRIBUTE for a long name and another for the 8.3 name, will
+* get both attributes added to its parent directory.
+*/
+NTSTATUS
+NtfsAddFilenameToDirectory(PDEVICE_EXTENSION DeviceExt,
+ ULONGLONG DirectoryMftIndex,
+ ULONGLONG FileReferenceNumber,
+ PFILENAME_ATTRIBUTE FilenameAttribute,
+ BOOLEAN CaseSensitive)
+{
+ NTSTATUS Status = STATUS_SUCCESS;
+ PFILE_RECORD_HEADER ParentFileRecord;
+ PNTFS_ATTR_CONTEXT IndexRootContext;
+ PINDEX_ROOT_ATTRIBUTE I30IndexRoot;
+ ULONG IndexRootOffset;
+ ULONGLONG I30IndexRootLength;
+ ULONG LengthWritten;
+ PINDEX_ROOT_ATTRIBUTE NewIndexRoot;
+ ULONG AttributeLength;
+ PNTFS_ATTR_RECORD NextAttribute;
+ PB_TREE NewTree;
+ ULONG BtreeIndexLength;
+ ULONG MaxIndexRootSize;
+ PB_TREE_KEY NewLeftKey;
+ PB_TREE_FILENAME_NODE NewRightHandNode;
+ LARGE_INTEGER MinIndexRootSize;
+ ULONG NewMaxIndexRootSize;
+ ULONG NodeSize;
+
+ // Allocate memory for the parent directory
+ ParentFileRecord = ExAllocateFromNPagedLookasideList(&DeviceExt->FileRecLookasideList);
+ if (!ParentFileRecord)
+ {
+ DPRINT1("ERROR: Couldn't allocate memory for file record!\n");
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
+
+ // Open the parent directory
+ Status = ReadFileRecord(DeviceExt, DirectoryMftIndex, ParentFileRecord);
+ if (!NT_SUCCESS(Status))
+ {
+ ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
+ DPRINT1("ERROR: Couldn't read parent directory with index %I64u\n",
+ DirectoryMftIndex);
+ return Status;
+ }
+
+#ifndef NDEBUG
+ DPRINT1("Dumping old parent file record:\n");
+ NtfsDumpFileRecord(DeviceExt, ParentFileRecord);
+#endif
+
+ // Find the index root attribute for the directory
+ Status = FindAttribute(DeviceExt,
+ ParentFileRecord,
+ AttributeIndexRoot,
+ L"$I30",
+ 4,
+ &IndexRootContext,
+ &IndexRootOffset);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Couldn't find $I30 $INDEX_ROOT attribute for parent directory with MFT #: %I64u!\n",
+ DirectoryMftIndex);
+ ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
+ return Status;
+ }
+
+ // Find the maximum index size given what the file record can hold
+ // First, find the max index size assuming index root is the last attribute
+ MaxIndexRootSize = DeviceExt->NtfsInfo.BytesPerFileRecord // Start with the size of a file record
+ - IndexRootOffset // Subtract the length of everything that comes before index root
+ - IndexRootContext->pRecord->Resident.ValueOffset // Subtract the length of the attribute header for index root
+ - sizeof(INDEX_ROOT_ATTRIBUTE) // Subtract the length of the index root header
+ - (sizeof(ULONG) * 2); // Subtract the length of the file record end marker and padding
+
+ // Are there attributes after this one?
+ NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)ParentFileRecord + IndexRootOffset + IndexRootContext->pRecord->Length);
+ if (NextAttribute->Type != AttributeEnd)
+ {
+ // Find the length of all attributes after this one, not counting the end marker
+ ULONG LengthOfAttributes = 0;
+ PNTFS_ATTR_RECORD CurrentAttribute = NextAttribute;
+ while (CurrentAttribute->Type != AttributeEnd)
+ {
+ LengthOfAttributes += CurrentAttribute->Length;
+ CurrentAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)CurrentAttribute + CurrentAttribute->Length);
+ }
+
+ // Leave room for the existing attributes
+ MaxIndexRootSize -= LengthOfAttributes;
+ }
+
+ // Allocate memory for the index root data
+ I30IndexRootLength = AttributeDataLength(IndexRootContext->pRecord);
+ I30IndexRoot = ExAllocatePoolWithTag(NonPagedPool, I30IndexRootLength, TAG_NTFS);
+ if (!I30IndexRoot)
+ {
+ DPRINT1("ERROR: Couldn't allocate memory for index root attribute!\n");
+ ReleaseAttributeContext(IndexRootContext);
+ ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
+
+ // Read the Index Root
+ Status = ReadAttribute(DeviceExt, IndexRootContext, 0, (PCHAR)I30IndexRoot, I30IndexRootLength);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Couln't read index root attribute for Mft index #%I64u\n", DirectoryMftIndex);
+ ReleaseAttributeContext(IndexRootContext);
+ ExFreePoolWithTag(I30IndexRoot, TAG_NTFS);
+ ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
+ return Status;
+ }
+
+ // Convert the index to a B*Tree
+ Status = CreateBTreeFromIndex(DeviceExt,
+ ParentFileRecord,
+ IndexRootContext,
+ I30IndexRoot,
+ &NewTree);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Failed to create B-Tree from Index!\n");
+ ReleaseAttributeContext(IndexRootContext);
+ ExFreePoolWithTag(I30IndexRoot, TAG_NTFS);
+ ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
+ return Status;
+ }
+
+#ifndef NDEBUG
+ DumpBTree(NewTree);
+#endif
+
+ // Insert the key for the file we're adding
+ Status = NtfsInsertKey(NewTree,
+ FileReferenceNumber,
+ FilenameAttribute,
+ NewTree->RootNode,
+ CaseSensitive,
+ MaxIndexRootSize,
+ I30IndexRoot->SizeOfEntry,
+ &NewLeftKey,
+ &NewRightHandNode);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Failed to insert key into B-Tree!\n");
+ DestroyBTree(NewTree);
+ ReleaseAttributeContext(IndexRootContext);
+ ExFreePoolWithTag(I30IndexRoot, TAG_NTFS);
+ ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
+ return Status;
+ }
+
+#ifndef NDEBUG
+ DumpBTree(NewTree);
+#endif
+
+ // The root node can't be split
+ ASSERT(NewLeftKey == NULL);
+ ASSERT(NewRightHandNode == NULL);
+
+ // Convert B*Tree back to Index
+
+ // Updating the index allocation can change the size available for the index root,
+ // And if the index root is demoted, the index allocation will need to be updated again,
+ // which may change the size available for index root... etc.
+ // My solution is to decrease index root to the size it would be if it was demoted,
+ // then UpdateIndexAllocation will have an accurate representation of the maximum space
+ // it can use in the file record. There's still a chance that the act of allocating an
+ // index node after demoting the index root will increase the size of the file record beyond
+ // it's limit, but if that happens, an attribute-list will most definitely be needed.
+ // This a bit hacky, but it seems to be functional.
+
+ // Calculate the minimum size of the index root attribute, considering one dummy key and one VCN
+ MinIndexRootSize.QuadPart = sizeof(INDEX_ROOT_ATTRIBUTE) // size of the index root headers
+ + 0x18; // Size of dummy key with a VCN for a subnode
+ ASSERT(MinIndexRootSize.QuadPart % ATTR_RECORD_ALIGNMENT == 0);
+
+ // Temporarily shrink the index root to it's minimal size
+ AttributeLength = MinIndexRootSize.LowPart;
+ AttributeLength += sizeof(INDEX_ROOT_ATTRIBUTE);
+
+
+ // FIXME: IndexRoot will probably be invalid until we're finished. If we fail before we finish, the directory will probably be toast.
+ // The potential for catastrophic data-loss exists!!! :)
+
+ // Update the length of the attribute in the file record of the parent directory
+ Status = InternalSetResidentAttributeLength(DeviceExt,
+ IndexRootContext,
+ ParentFileRecord,
+ IndexRootOffset,
+ AttributeLength);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Unable to set length of index root!\n");
+ DestroyBTree(NewTree);
+ ReleaseAttributeContext(IndexRootContext);
+ ExFreePoolWithTag(I30IndexRoot, TAG_NTFS);
+ ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
+ return Status;
+ }
+
+ // Update the index allocation
+ Status = UpdateIndexAllocation(DeviceExt, NewTree, I30IndexRoot->SizeOfEntry, ParentFileRecord);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Failed to update index allocation from B-Tree!\n");
+ DestroyBTree(NewTree);
+ ReleaseAttributeContext(IndexRootContext);
+ ExFreePoolWithTag(I30IndexRoot, TAG_NTFS);
+ ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
+ return Status;
+ }
+
+#ifndef NDEBUG
+ DPRINT1("Index Allocation updated\n");
+ DumpBTree(NewTree);
+#endif
+
+ // Find the maximum index root size given what the file record can hold
+ // First, find the max index size assuming index root is the last attribute
+ NewMaxIndexRootSize =
+ DeviceExt->NtfsInfo.BytesPerFileRecord // Start with the size of a file record
+ - IndexRootOffset // Subtract the length of everything that comes before index root
+ - IndexRootContext->pRecord->Resident.ValueOffset // Subtract the length of the attribute header for index root
+ - sizeof(INDEX_ROOT_ATTRIBUTE) // Subtract the length of the index root header
+ - (sizeof(ULONG) * 2); // Subtract the length of the file record end marker and padding
+
+ // Are there attributes after this one?
+ NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)ParentFileRecord + IndexRootOffset + IndexRootContext->pRecord->Length);
+ if (NextAttribute->Type != AttributeEnd)
+ {
+ // Find the length of all attributes after this one, not counting the end marker
+ ULONG LengthOfAttributes = 0;
+ PNTFS_ATTR_RECORD CurrentAttribute = NextAttribute;
+ while (CurrentAttribute->Type != AttributeEnd)
+ {
+ LengthOfAttributes += CurrentAttribute->Length;
+ CurrentAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)CurrentAttribute + CurrentAttribute->Length);
+ }
+
+ // Leave room for the existing attributes
+ NewMaxIndexRootSize -= LengthOfAttributes;
+ }
+
+ // The index allocation and index bitmap may have grown, leaving less room for the index root,
+ // so now we need to double-check that index root isn't too large
+ NodeSize = GetSizeOfIndexEntries(NewTree->RootNode);
+ if (NodeSize > NewMaxIndexRootSize)
+ {
+ DPRINT1("Demoting index root.\nNodeSize: 0x%lx\nNewMaxIndexRootSize: 0x%lx\n", NodeSize, NewMaxIndexRootSize);
+
+ Status = DemoteBTreeRoot(NewTree);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Failed to demote index root!\n");
+ DestroyBTree(NewTree);
+ ReleaseAttributeContext(IndexRootContext);
+ ExFreePoolWithTag(I30IndexRoot, TAG_NTFS);
+ ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
+ return Status;
+ }
+
+ // We need to update the index allocation once more
+ Status = UpdateIndexAllocation(DeviceExt, NewTree, I30IndexRoot->SizeOfEntry, ParentFileRecord);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Failed to update index allocation from B-Tree!\n");
+ DestroyBTree(NewTree);
+ ReleaseAttributeContext(IndexRootContext);
+ ExFreePoolWithTag(I30IndexRoot, TAG_NTFS);
+ ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
+ return Status;
+ }
+
+ // re-recalculate max size of index root
+ NewMaxIndexRootSize =
+ // Find the maximum index size given what the file record can hold
+ // First, find the max index size assuming index root is the last attribute
+ DeviceExt->NtfsInfo.BytesPerFileRecord // Start with the size of a file record
+ - IndexRootOffset // Subtract the length of everything that comes before index root
+ - IndexRootContext->pRecord->Resident.ValueOffset // Subtract the length of the attribute header for index root
+ - sizeof(INDEX_ROOT_ATTRIBUTE) // Subtract the length of the index root header
+ - (sizeof(ULONG) * 2); // Subtract the length of the file record end marker and padding
+
+ // Are there attributes after this one?
+ NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)ParentFileRecord + IndexRootOffset + IndexRootContext->pRecord->Length);
+ if (NextAttribute->Type != AttributeEnd)
+ {
+ // Find the length of all attributes after this one, not counting the end marker
+ ULONG LengthOfAttributes = 0;
+ PNTFS_ATTR_RECORD CurrentAttribute = NextAttribute;
+ while (CurrentAttribute->Type != AttributeEnd)
+ {
+ LengthOfAttributes += CurrentAttribute->Length;
+ CurrentAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)CurrentAttribute + CurrentAttribute->Length);
+ }
+
+ // Leave room for the existing attributes
+ NewMaxIndexRootSize -= LengthOfAttributes;
+ }
+
+
+ }
+
+ // Create the Index Root from the B*Tree
+ Status = CreateIndexRootFromBTree(DeviceExt, NewTree, NewMaxIndexRootSize, &NewIndexRoot, &BtreeIndexLength);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Failed to create Index root from B-Tree!\n");
+ DestroyBTree(NewTree);
+ ReleaseAttributeContext(IndexRootContext);
+ ExFreePoolWithTag(I30IndexRoot, TAG_NTFS);
+ ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
+ return Status;
+ }
+
+ // We're done with the B-Tree now
+ DestroyBTree(NewTree);
+
+ // Write back the new index root attribute to the parent directory file record
+
+ // First, we need to resize the attribute.
+ // CreateIndexRootFromBTree() should have verified that the index root fits within MaxIndexSize.
+ // We can't set the size as we normally would, because $INDEX_ROOT must always be resident.
+ AttributeLength = NewIndexRoot->Header.AllocatedSize + FIELD_OFFSET(INDEX_ROOT_ATTRIBUTE, Header);
+
+ if (AttributeLength != IndexRootContext->pRecord->Resident.ValueLength)
+ {
+ // Update the length of the attribute in the file record of the parent directory
+ Status = InternalSetResidentAttributeLength(DeviceExt,
+ IndexRootContext,
+ ParentFileRecord,
+ IndexRootOffset,
+ AttributeLength);
+ if (!NT_SUCCESS(Status))
+ {
+ ExFreePoolWithTag(NewIndexRoot, TAG_NTFS);
+ ReleaseAttributeContext(IndexRootContext);
+ ExFreePoolWithTag(I30IndexRoot, TAG_NTFS);
+ ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
+ DPRINT1("ERROR: Unable to set resident attribute length!\n");
+ return Status;
+ }
+
+ }
+
+ NT_ASSERT(ParentFileRecord->BytesInUse <= DeviceExt->NtfsInfo.BytesPerFileRecord);
+
+ Status = UpdateFileRecord(DeviceExt, DirectoryMftIndex, ParentFileRecord);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Failed to update file record of directory with index: %llx\n", DirectoryMftIndex);
+ ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
+ ExFreePoolWithTag(NewIndexRoot, TAG_NTFS);
+ ReleaseAttributeContext(IndexRootContext);
+ ExFreePoolWithTag(I30IndexRoot, TAG_NTFS);
+ return Status;
+ }
+
+ // Write the new index root to disk
+ Status = WriteAttribute(DeviceExt,
+ IndexRootContext,
+ 0,
+ (PUCHAR)NewIndexRoot,
+ AttributeLength,
+ &LengthWritten,
+ ParentFileRecord);
+ if (!NT_SUCCESS(Status) || LengthWritten != AttributeLength)
+ {
+ DPRINT1("ERROR: Unable to write new index root attribute to parent directory!\n");
+ ExFreePoolWithTag(NewIndexRoot, TAG_NTFS);
+ ReleaseAttributeContext(IndexRootContext);
+ ExFreePoolWithTag(I30IndexRoot, TAG_NTFS);
+ ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
+ return Status;
+ }
+
+ // re-read the parent file record, so we can dump it
+ Status = ReadFileRecord(DeviceExt, DirectoryMftIndex, ParentFileRecord);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Couldn't read parent directory after messing with it!\n");
+ }
+ else
+ {
+#ifndef NDEBUG
+ DPRINT1("Dumping new B-Tree:\n");
+
+ Status = CreateBTreeFromIndex(DeviceExt, ParentFileRecord, IndexRootContext, NewIndexRoot, &NewTree);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Couldn't re-create b-tree\n");
+ return Status;
+ }
+
+ DumpBTree(NewTree);
+
+ DestroyBTree(NewTree);
+
+ NtfsDumpFileRecord(DeviceExt, ParentFileRecord);
+#endif
+ }
+
+ // Cleanup
+ ExFreePoolWithTag(NewIndexRoot, TAG_NTFS);
+ ReleaseAttributeContext(IndexRootContext);
+ ExFreePoolWithTag(I30IndexRoot, TAG_NTFS);
+ ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, ParentFileRecord);
+
+ return Status;
+}
-NTSTATUS
-FixupUpdateSequenceArray(PDEVICE_EXTENSION Vcb,
- PNTFS_RECORD_HEADER Record)
+NTSTATUS
+AddFixupArray(PDEVICE_EXTENSION Vcb,
+ PNTFS_RECORD_HEADER Record)
{
- USHORT *USA;
- USHORT USANumber;
- USHORT USACount;
- USHORT *Block;
+ USHORT *pShortToFixUp;
+ ULONG ArrayEntryCount = Record->UsaCount - 1;
+ ULONG Offset = Vcb->NtfsInfo.BytesPerSector - 2;
+ ULONG i;
- USA = (USHORT*)((PCHAR)Record + Record->UsaOffset);
- USANumber = *(USA++);
- USACount = Record->UsaCount - 1; /* Exclude the USA Number. */
- Block = (USHORT*)((PCHAR)Record + Vcb->NtfsInfo.BytesPerSector - 2);
+ PFIXUP_ARRAY fixupArray = (PFIXUP_ARRAY)((UCHAR*)Record + Record->UsaOffset);
- while (USACount)
+ DPRINT("AddFixupArray(%p, %p)\n fixupArray->USN: %u, ArrayEntryCount: %u\n", Vcb, Record, fixupArray->USN, ArrayEntryCount);
+
+ fixupArray->USN++;
+
+ for (i = 0; i < ArrayEntryCount; i++)
{
- if (*Block != USANumber)
- {
- DPRINT1("Mismatch with USA: %u read, %u expected\n" , *Block, USANumber);
- return STATUS_UNSUCCESSFUL;
- }
- *Block = *(USA++);
- Block = (USHORT*)((PCHAR)Block + Vcb->NtfsInfo.BytesPerSector);
- USACount--;
+ DPRINT("USN: %u\tOffset: %u\n", fixupArray->USN, Offset);
+
+ pShortToFixUp = (USHORT*)((PCHAR)Record + Offset);
+ fixupArray->Array[i] = *pShortToFixUp;
+ *pShortToFixUp = fixupArray->USN;
+ Offset += Vcb->NtfsInfo.BytesPerSector;
}
return STATUS_SUCCESS;
}
-
NTSTATUS
ReadLCN(PDEVICE_EXTENSION Vcb,
ULONGLONG lcn,
BOOLEAN
CompareFileName(PUNICODE_STRING FileName,
PINDEX_ENTRY_ATTRIBUTE IndexEntry,
- BOOLEAN DirSearch)
+ BOOLEAN DirSearch,
+ BOOLEAN CaseSensitive)
{
+ BOOLEAN Ret, Alloc = FALSE;
UNICODE_STRING EntryName;
EntryName.Buffer = IndexEntry->FileName.Name;
EntryName.Length =
- EntryName.MaximumLength = IndexEntry->FileName.NameLength;
+ EntryName.MaximumLength = IndexEntry->FileName.NameLength * sizeof(WCHAR);
if (DirSearch)
{
- return FsRtlIsNameInExpression(FileName, &EntryName, (IndexEntry->FileName.NameType != NTFS_FILE_NAME_POSIX), NULL);
+ UNICODE_STRING IntFileName;
+ if (!CaseSensitive)
+ {
+ NT_VERIFY(NT_SUCCESS(RtlUpcaseUnicodeString(&IntFileName, FileName, TRUE)));
+ Alloc = TRUE;
+ }
+ else
+ {
+ IntFileName = *FileName;
+ }
+
+ Ret = FsRtlIsNameInExpression(&IntFileName, &EntryName, !CaseSensitive, NULL);
+
+ if (Alloc)
+ {
+ RtlFreeUnicodeString(&IntFileName);
+ }
+
+ return Ret;
}
else
{
- return (RtlCompareUnicodeString(FileName, &EntryName, (IndexEntry->FileName.NameType != NTFS_FILE_NAME_POSIX)) == TRUE);
+ return (RtlCompareUnicodeString(FileName, &EntryName, !CaseSensitive) == 0);
+ }
+}
+
+/**
+* @name UpdateMftMirror
+* @implemented
+*
+* Backs-up the first ~4 master file table entries to the $MFTMirr file.
+*
+* @param Vcb
+* Pointer to an NTFS_VCB for the volume whose Mft mirror is being updated.
+*
+* @return
+
+* STATUS_SUCCESS on success.
+* STATUS_INSUFFICIENT_RESOURCES if an allocation failed.
+* STATUS_UNSUCCESSFUL if we couldn't read the master file table.
+*
+* @remarks
+* NTFS maintains up-to-date copies of the first several mft entries in the $MFTMirr file. Usually, the first 4 file
+* records from the mft are stored. The exact number of entries is determined by the size of $MFTMirr's $DATA.
+* If $MFTMirr is not up-to-date, chkdsk will reject every change it can find prior to when $MFTMirr was last updated.
+* Therefore, it's recommended to call this function if the volume changes considerably. For instance, IncreaseMftSize()
+* relies on this function to keep chkdsk from deleting the mft entries it creates. Note that under most instances, creating
+* or deleting a file will not affect the first ~four mft entries, and so will not require updating the mft mirror.
+*/
+NTSTATUS
+UpdateMftMirror(PNTFS_VCB Vcb)
+{
+ PFILE_RECORD_HEADER MirrorFileRecord;
+ PNTFS_ATTR_CONTEXT MirrDataContext;
+ PNTFS_ATTR_CONTEXT MftDataContext;
+ PCHAR DataBuffer;
+ ULONGLONG DataLength;
+ NTSTATUS Status;
+ ULONG BytesRead;
+ ULONG LengthWritten;
+
+ // Allocate memory for the Mft mirror file record
+ MirrorFileRecord = ExAllocateFromNPagedLookasideList(&Vcb->FileRecLookasideList);
+ if (!MirrorFileRecord)
+ {
+ DPRINT1("Error: Failed to allocate memory for $MFTMirr!\n");
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
+
+ // Read the Mft Mirror file record
+ Status = ReadFileRecord(Vcb, NTFS_FILE_MFTMIRR, MirrorFileRecord);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Failed to read $MFTMirr!\n");
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MirrorFileRecord);
+ return Status;
+ }
+
+ // Find the $DATA attribute of $MFTMirr
+ Status = FindAttribute(Vcb, MirrorFileRecord, AttributeData, L"", 0, &MirrDataContext, NULL);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Couldn't find $DATA attribute!\n");
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MirrorFileRecord);
+ return Status;
+ }
+
+ // Find the $DATA attribute of $MFT
+ Status = FindAttribute(Vcb, Vcb->MasterFileTable, AttributeData, L"", 0, &MftDataContext, NULL);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Couldn't find $DATA attribute!\n");
+ ReleaseAttributeContext(MirrDataContext);
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MirrorFileRecord);
+ return Status;
+ }
+
+ // Get the size of the mirror's $DATA attribute
+ DataLength = AttributeDataLength(MirrDataContext->pRecord);
+
+ ASSERT(DataLength % Vcb->NtfsInfo.BytesPerFileRecord == 0);
+
+ // Create buffer for the mirror's $DATA attribute
+ DataBuffer = ExAllocatePoolWithTag(NonPagedPool, DataLength, TAG_NTFS);
+ if (!DataBuffer)
+ {
+ DPRINT1("Error: Couldn't allocate memory for $DATA buffer!\n");
+ ReleaseAttributeContext(MftDataContext);
+ ReleaseAttributeContext(MirrDataContext);
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MirrorFileRecord);
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
+
+ ASSERT(DataLength < ULONG_MAX);
+
+ // Back up the first several entries of the Mft's $DATA Attribute
+ BytesRead = ReadAttribute(Vcb, MftDataContext, 0, DataBuffer, (ULONG)DataLength);
+ if (BytesRead != (ULONG)DataLength)
+ {
+ DPRINT1("Error: Failed to read $DATA for $MFTMirr!\n");
+ ReleaseAttributeContext(MftDataContext);
+ ReleaseAttributeContext(MirrDataContext);
+ ExFreePoolWithTag(DataBuffer, TAG_NTFS);
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MirrorFileRecord);
+ return STATUS_UNSUCCESSFUL;
+ }
+
+ // Write the mirror's $DATA attribute
+ Status = WriteAttribute(Vcb,
+ MirrDataContext,
+ 0,
+ (PUCHAR)DataBuffer,
+ DataLength,
+ &LengthWritten,
+ MirrorFileRecord);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Failed to write $DATA attribute of $MFTMirr!\n");
}
+
+ // Cleanup
+ ReleaseAttributeContext(MftDataContext);
+ ReleaseAttributeContext(MirrDataContext);
+ ExFreePoolWithTag(DataBuffer, TAG_NTFS);
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MirrorFileRecord);
+
+ return Status;
}
+#if 0
+static
+VOID
+DumpIndexEntry(PINDEX_ENTRY_ATTRIBUTE IndexEntry)
+{
+ DPRINT1("Entry: %p\n", IndexEntry);
+ DPRINT1("\tData.Directory.IndexedFile: %I64x\n", IndexEntry->Data.Directory.IndexedFile);
+ DPRINT1("\tLength: %u\n", IndexEntry->Length);
+ DPRINT1("\tKeyLength: %u\n", IndexEntry->KeyLength);
+ DPRINT1("\tFlags: %x\n", IndexEntry->Flags);
+ DPRINT1("\tReserved: %x\n", IndexEntry->Reserved);
+ DPRINT1("\t\tDirectoryFileReferenceNumber: %I64x\n", IndexEntry->FileName.DirectoryFileReferenceNumber);
+ DPRINT1("\t\tCreationTime: %I64u\n", IndexEntry->FileName.CreationTime);
+ DPRINT1("\t\tChangeTime: %I64u\n", IndexEntry->FileName.ChangeTime);
+ DPRINT1("\t\tLastWriteTime: %I64u\n", IndexEntry->FileName.LastWriteTime);
+ DPRINT1("\t\tLastAccessTime: %I64u\n", IndexEntry->FileName.LastAccessTime);
+ DPRINT1("\t\tAllocatedSize: %I64u\n", IndexEntry->FileName.AllocatedSize);
+ DPRINT1("\t\tDataSize: %I64u\n", IndexEntry->FileName.DataSize);
+ DPRINT1("\t\tFileAttributes: %x\n", IndexEntry->FileName.FileAttributes);
+ DPRINT1("\t\tNameLength: %u\n", IndexEntry->FileName.NameLength);
+ DPRINT1("\t\tNameType: %x\n", IndexEntry->FileName.NameType);
+ DPRINT1("\t\tName: %.*S\n", IndexEntry->FileName.NameLength, IndexEntry->FileName.Name);
+}
+#endif
NTSTATUS
-NtfsFindMftRecord(PDEVICE_EXTENSION Vcb,
- ULONGLONG MFTIndex,
- PUNICODE_STRING FileName,
- PULONG FirstEntry,
- BOOLEAN DirSearch,
- ULONGLONG *OutMFTIndex)
+BrowseSubNodeIndexEntries(PNTFS_VCB Vcb,
+ PFILE_RECORD_HEADER MftRecord,
+ ULONG IndexBlockSize,
+ PUNICODE_STRING FileName,
+ PNTFS_ATTR_CONTEXT IndexAllocationContext,
+ PRTL_BITMAP Bitmap,
+ ULONGLONG VCN,
+ PULONG StartEntry,
+ PULONG CurrentEntry,
+ BOOLEAN DirSearch,
+ BOOLEAN CaseSensitive,
+ ULONGLONG *OutMFTIndex)
{
- PFILE_RECORD_HEADER MftRecord;
- //ULONG Magic;
- PNTFS_ATTR_CONTEXT IndexRootCtx;
- PNTFS_ATTR_CONTEXT IndexBitmapCtx;
- PNTFS_ATTR_CONTEXT IndexAllocationCtx;
- PINDEX_ROOT_ATTRIBUTE IndexRoot;
- PINDEX_BUFFER IndexBuffer;
- ULONGLONG BitmapDataSize;
- ULONGLONG IndexAllocationSize;
- PCHAR BitmapData;
- PCHAR IndexRecord;
- PINDEX_ENTRY_ATTRIBUTE IndexEntry, IndexEntryEnd;
- ULONG RecordOffset;
- ULONG IndexBlockSize;
+ PINDEX_BUFFER IndexRecord;
+ ULONGLONG Offset;
+ ULONG BytesRead;
+ PINDEX_ENTRY_ATTRIBUTE FirstEntry;
+ PINDEX_ENTRY_ATTRIBUTE LastEntry;
+ PINDEX_ENTRY_ATTRIBUTE IndexEntry;
+ ULONG NodeNumber;
NTSTATUS Status;
- ULONG CurrentEntry = 0;
- DPRINT1("NtfsFindMftRecord(%p, %I64d, %wZ, %p, %u, %p)\n", Vcb, MFTIndex, FileName, FirstEntry, DirSearch, OutMFTIndex);
+ DPRINT("BrowseSubNodeIndexEntries(%p, %p, %lu, %wZ, %p, %p, %I64d, %lu, %lu, %s, %s, %p)\n",
+ Vcb,
+ MftRecord,
+ IndexBlockSize,
+ FileName,
+ IndexAllocationContext,
+ Bitmap,
+ VCN,
+ *StartEntry,
+ *CurrentEntry,
+ "FALSE",
+ DirSearch ? "TRUE" : "FALSE",
+ CaseSensitive ? "TRUE" : "FALSE",
+ OutMFTIndex);
+
+ // Calculate node number as VCN / Clusters per index record
+ NodeNumber = VCN / (Vcb->NtfsInfo.BytesPerIndexRecord / Vcb->NtfsInfo.BytesPerCluster);
+
+ // Is the bit for this node clear in the bitmap?
+ if (!RtlCheckBit(Bitmap, NodeNumber))
+ {
+ DPRINT1("File system corruption detected, node with VCN %I64u is being reused or is marked as deleted.\n", VCN);
+ return STATUS_DATA_ERROR;
+ }
+
+ // Clear the bit for this node so it can't be recursively referenced
+ RtlClearBits(Bitmap, NodeNumber, 1);
- MftRecord = ExAllocatePoolWithTag(NonPagedPool,
- Vcb->NtfsInfo.BytesPerFileRecord,
- TAG_NTFS);
- if (MftRecord == NULL)
+ // Allocate memory for the index record
+ IndexRecord = ExAllocatePoolWithTag(NonPagedPool, IndexBlockSize, TAG_NTFS);
+ if (!IndexRecord)
{
+ DPRINT1("Unable to allocate memory for index record!\n");
return STATUS_INSUFFICIENT_RESOURCES;
}
- if (NT_SUCCESS(ReadFileRecord(Vcb, MFTIndex, MftRecord)))
+ // Calculate offset of index record
+ Offset = VCN * Vcb->NtfsInfo.BytesPerCluster;
+
+ // Read the index record
+ BytesRead = ReadAttribute(Vcb, IndexAllocationContext, Offset, (PCHAR)IndexRecord, IndexBlockSize);
+ if (BytesRead != IndexBlockSize)
{
- //Magic = MftRecord->Magic;
+ DPRINT1("Unable to read index record!\n");
+ ExFreePoolWithTag(IndexRecord, TAG_NTFS);
+ return STATUS_UNSUCCESSFUL;
+ }
- Status = FindAttribute(Vcb, MftRecord, AttributeIndexRoot, L"$I30", 4, &IndexRootCtx);
- if (!NT_SUCCESS(Status))
+ // Assert that we're dealing with an index record here
+ ASSERT(IndexRecord->Ntfs.Type == NRH_INDX_TYPE);
+
+ // Apply the fixup array to the index record
+ Status = FixupUpdateSequenceArray(Vcb, &((PFILE_RECORD_HEADER)IndexRecord)->Ntfs);
+ if (!NT_SUCCESS(Status))
+ {
+ ExFreePoolWithTag(IndexRecord, TAG_NTFS);
+ DPRINT1("Failed to apply fixup array!\n");
+ return Status;
+ }
+
+ ASSERT(IndexRecord->Header.AllocatedSize + FIELD_OFFSET(INDEX_BUFFER, Header) == IndexBlockSize);
+ FirstEntry = (PINDEX_ENTRY_ATTRIBUTE)((ULONG_PTR)&IndexRecord->Header + IndexRecord->Header.FirstEntryOffset);
+ LastEntry = (PINDEX_ENTRY_ATTRIBUTE)((ULONG_PTR)&IndexRecord->Header + IndexRecord->Header.TotalSizeOfEntries);
+ ASSERT(LastEntry <= (PINDEX_ENTRY_ATTRIBUTE)((ULONG_PTR)IndexRecord + IndexBlockSize));
+
+ // Loop through all Index Entries of index, starting with FirstEntry
+ IndexEntry = FirstEntry;
+ while (IndexEntry <= LastEntry)
+ {
+ // Does IndexEntry have a sub-node?
+ if (IndexEntry->Flags & NTFS_INDEX_ENTRY_NODE)
{
- ExFreePoolWithTag(MftRecord, TAG_NTFS);
- return Status;
+ if (!(IndexRecord->Header.Flags & INDEX_NODE_LARGE) || !IndexAllocationContext)
+ {
+ DPRINT1("Filesystem corruption detected!\n");
+ }
+ else
+ {
+ Status = BrowseSubNodeIndexEntries(Vcb,
+ MftRecord,
+ IndexBlockSize,
+ FileName,
+ IndexAllocationContext,
+ Bitmap,
+ GetIndexEntryVCN(IndexEntry),
+ StartEntry,
+ CurrentEntry,
+ DirSearch,
+ CaseSensitive,
+ OutMFTIndex);
+ if (NT_SUCCESS(Status))
+ {
+ ExFreePoolWithTag(IndexRecord, TAG_NTFS);
+ return Status;
+ }
+ }
}
- IndexRecord = ExAllocatePoolWithTag(NonPagedPool, Vcb->NtfsInfo.BytesPerIndexRecord, TAG_NTFS);
- if (IndexRecord == NULL)
+ // Are we done?
+ if (IndexEntry->Flags & NTFS_INDEX_ENTRY_END)
+ break;
+
+ // If we've found a file whose index is greater than or equal to StartEntry that matches the search criteria
+ if ((IndexEntry->Data.Directory.IndexedFile & NTFS_MFT_MASK) >= NTFS_FILE_FIRST_USER_FILE &&
+ *CurrentEntry >= *StartEntry &&
+ IndexEntry->FileName.NameType != NTFS_FILE_NAME_DOS &&
+ CompareFileName(FileName, IndexEntry, DirSearch, CaseSensitive))
{
- ExFreePoolWithTag(MftRecord, TAG_NTFS);
- return STATUS_INSUFFICIENT_RESOURCES;
+ *StartEntry = *CurrentEntry;
+ *OutMFTIndex = (IndexEntry->Data.Directory.IndexedFile & NTFS_MFT_MASK);
+ ExFreePoolWithTag(IndexRecord, TAG_NTFS);
+ return STATUS_SUCCESS;
}
- ReadAttribute(Vcb, IndexRootCtx, 0, IndexRecord, Vcb->NtfsInfo.BytesPerIndexRecord);
- IndexRoot = (PINDEX_ROOT_ATTRIBUTE)IndexRecord;
- IndexEntry = (PINDEX_ENTRY_ATTRIBUTE)((PCHAR)&IndexRoot->Header + IndexRoot->Header.FirstEntryOffset);
- /* Index root is always resident. */
- IndexEntryEnd = (PINDEX_ENTRY_ATTRIBUTE)(IndexRecord + IndexRootCtx->Record.Resident.ValueLength);
- ReleaseAttributeContext(IndexRootCtx);
+ // Advance to the next index entry
+ (*CurrentEntry) += 1;
+ ASSERT(IndexEntry->Length >= sizeof(INDEX_ENTRY_ATTRIBUTE));
+ IndexEntry = (PINDEX_ENTRY_ATTRIBUTE)((PCHAR)IndexEntry + IndexEntry->Length);
+ }
- DPRINT("IndexRecordSize: %x IndexBlockSize: %x\n", Vcb->NtfsInfo.BytesPerIndexRecord, IndexRoot->SizeOfEntry);
+ ExFreePoolWithTag(IndexRecord, TAG_NTFS);
- while (IndexEntry < IndexEntryEnd &&
- !(IndexEntry->Flags & NTFS_INDEX_ENTRY_END))
+ return STATUS_OBJECT_PATH_NOT_FOUND;
+}
+
+NTSTATUS
+BrowseIndexEntries(PDEVICE_EXTENSION Vcb,
+ PFILE_RECORD_HEADER MftRecord,
+ PINDEX_ROOT_ATTRIBUTE IndexRecord,
+ ULONG IndexBlockSize,
+ PINDEX_ENTRY_ATTRIBUTE FirstEntry,
+ PINDEX_ENTRY_ATTRIBUTE LastEntry,
+ PUNICODE_STRING FileName,
+ PULONG StartEntry,
+ PULONG CurrentEntry,
+ BOOLEAN DirSearch,
+ BOOLEAN CaseSensitive,
+ ULONGLONG *OutMFTIndex)
+{
+ NTSTATUS Status;
+ PINDEX_ENTRY_ATTRIBUTE IndexEntry;
+ PNTFS_ATTR_CONTEXT IndexAllocationContext;
+ PNTFS_ATTR_CONTEXT BitmapContext;
+ PCHAR *BitmapMem;
+ ULONG *BitmapPtr;
+ RTL_BITMAP Bitmap;
+
+ DPRINT("BrowseIndexEntries(%p, %p, %p, %lu, %p, %p, %wZ, %lu, %lu, %s, %s, %p)\n",
+ Vcb,
+ MftRecord,
+ IndexRecord,
+ IndexBlockSize,
+ FirstEntry,
+ LastEntry,
+ FileName,
+ *StartEntry,
+ *CurrentEntry,
+ DirSearch ? "TRUE" : "FALSE",
+ CaseSensitive ? "TRUE" : "FALSE",
+ OutMFTIndex);
+
+ // Find the $I30 index allocation, if there is one
+ Status = FindAttribute(Vcb, MftRecord, AttributeIndexAllocation, L"$I30", 4, &IndexAllocationContext, NULL);
+ if (NT_SUCCESS(Status))
+ {
+ ULONGLONG BitmapLength;
+ // Find the bitmap attribute for the index
+ Status = FindAttribute(Vcb, MftRecord, AttributeBitmap, L"$I30", 4, &BitmapContext, NULL);
+ if (!NT_SUCCESS(Status))
{
- if ((IndexEntry->Data.Directory.IndexedFile & NTFS_MFT_MASK) > 0x10 &&
- CurrentEntry >= *FirstEntry &&
- CompareFileName(FileName, IndexEntry, DirSearch))
- {
- *OutMFTIndex = (IndexEntry->Data.Directory.IndexedFile & NTFS_MFT_MASK);
- *FirstEntry = CurrentEntry;
- ExFreePoolWithTag(IndexRecord, TAG_NTFS);
- ExFreePoolWithTag(MftRecord, TAG_NTFS);
- return STATUS_SUCCESS;
- }
+ DPRINT1("Potential file system corruption detected!\n");
+ ReleaseAttributeContext(IndexAllocationContext);
+ return Status;
+ }
- ++CurrentEntry;
- IndexEntry = (PINDEX_ENTRY_ATTRIBUTE)((PCHAR)IndexEntry + IndexEntry->Length);
+ // Get the length of the bitmap attribute
+ BitmapLength = AttributeDataLength(BitmapContext->pRecord);
+
+ // Allocate memory for the bitmap, including some padding; RtlInitializeBitmap() wants a pointer
+ // that's ULONG-aligned, and it wants the size of the memory allocated for it to be a ULONG-multiple.
+ BitmapMem = ExAllocatePoolWithTag(NonPagedPool, BitmapLength + sizeof(ULONG), TAG_NTFS);
+ if (!BitmapMem)
+ {
+ DPRINT1("Error: failed to allocate bitmap!");
+ ReleaseAttributeContext(BitmapContext);
+ ReleaseAttributeContext(IndexAllocationContext);
+ return STATUS_INSUFFICIENT_RESOURCES;
}
- if (IndexRoot->Header.Flags & INDEX_ROOT_LARGE)
+ RtlZeroMemory(BitmapMem, BitmapLength + sizeof(ULONG));
+
+ // RtlInitializeBitmap() wants a pointer that's ULONG-aligned.
+ BitmapPtr = (PULONG)ALIGN_UP_BY((ULONG_PTR)BitmapMem, sizeof(ULONG));
+
+ // Read the existing bitmap data
+ Status = ReadAttribute(Vcb, BitmapContext, 0, (PCHAR)BitmapPtr, BitmapLength);
+ if (!NT_SUCCESS(Status))
{
- DPRINT("Large Index!\n");
+ DPRINT1("ERROR: Failed to read bitmap attribute!\n");
+ ExFreePoolWithTag(BitmapMem, TAG_NTFS);
+ ReleaseAttributeContext(BitmapContext);
+ ReleaseAttributeContext(IndexAllocationContext);
+ return Status;
+ }
- IndexBlockSize = IndexRoot->SizeOfEntry;
+ // Initialize bitmap
+ RtlInitializeBitMap(&Bitmap, BitmapPtr, BitmapLength * 8);
+ }
+ else
+ {
+ // Couldn't find an index allocation
+ IndexAllocationContext = NULL;
+ }
+
- Status = FindAttribute(Vcb, MftRecord, AttributeBitmap, L"$I30", 4, &IndexBitmapCtx);
- if (!NT_SUCCESS(Status))
+ // Loop through all Index Entries of index, starting with FirstEntry
+ IndexEntry = FirstEntry;
+ while (IndexEntry <= LastEntry)
+ {
+ // Does IndexEntry have a sub-node?
+ if (IndexEntry->Flags & NTFS_INDEX_ENTRY_NODE)
+ {
+ if (!(IndexRecord->Header.Flags & INDEX_ROOT_LARGE) || !IndexAllocationContext)
{
- DPRINT1("Corrupted filesystem!\n");
- ExFreePoolWithTag(MftRecord, TAG_NTFS);
- return Status;
+ DPRINT1("Filesystem corruption detected!\n");
}
- BitmapDataSize = AttributeDataLength(&IndexBitmapCtx->Record);
- DPRINT("BitmapDataSize: %x\n", (ULONG)BitmapDataSize);
- if(BitmapDataSize <= 0xFFFFFFFF)
- BitmapData = ExAllocatePoolWithTag(NonPagedPool, (ULONG)BitmapDataSize, TAG_NTFS);
else
- BitmapData = NULL;
-
- if (BitmapData == NULL)
- {
- ExFreePoolWithTag(IndexRecord, TAG_NTFS);
- ExFreePoolWithTag(MftRecord, TAG_NTFS);
- return STATUS_INSUFFICIENT_RESOURCES;
- }
- ReadAttribute(Vcb, IndexBitmapCtx, 0, BitmapData, (ULONG)BitmapDataSize);
- ReleaseAttributeContext(IndexBitmapCtx);
-
- Status = FindAttribute(Vcb, MftRecord, AttributeIndexAllocation, L"$I30", 4, &IndexAllocationCtx);
- if (!NT_SUCCESS(Status))
{
- DPRINT("Corrupted filesystem!\n");
- ExFreePoolWithTag(BitmapData, TAG_NTFS);
- ExFreePoolWithTag(IndexRecord, TAG_NTFS);
- ExFreePoolWithTag(MftRecord, TAG_NTFS);
- return Status;
+ Status = BrowseSubNodeIndexEntries(Vcb,
+ MftRecord,
+ IndexBlockSize,
+ FileName,
+ IndexAllocationContext,
+ &Bitmap,
+ GetIndexEntryVCN(IndexEntry),
+ StartEntry,
+ CurrentEntry,
+ DirSearch,
+ CaseSensitive,
+ OutMFTIndex);
+ if (NT_SUCCESS(Status))
+ {
+ ExFreePoolWithTag(BitmapMem, TAG_NTFS);
+ ReleaseAttributeContext(BitmapContext);
+ ReleaseAttributeContext(IndexAllocationContext);
+ return Status;
+ }
}
- IndexAllocationSize = AttributeDataLength(&IndexAllocationCtx->Record);
+ }
- RecordOffset = 0;
+ // Are we done?
+ if (IndexEntry->Flags & NTFS_INDEX_ENTRY_END)
+ break;
- for (;;)
+ // If we've found a file whose index is greater than or equal to StartEntry that matches the search criteria
+ if ((IndexEntry->Data.Directory.IndexedFile & NTFS_MFT_MASK) >= NTFS_FILE_FIRST_USER_FILE &&
+ *CurrentEntry >= *StartEntry &&
+ IndexEntry->FileName.NameType != NTFS_FILE_NAME_DOS &&
+ CompareFileName(FileName, IndexEntry, DirSearch, CaseSensitive))
+ {
+ *StartEntry = *CurrentEntry;
+ *OutMFTIndex = (IndexEntry->Data.Directory.IndexedFile & NTFS_MFT_MASK);
+ if (IndexAllocationContext)
{
- DPRINT("RecordOffset: %x IndexAllocationSize: %x\n", RecordOffset, IndexAllocationSize);
- for (; RecordOffset < IndexAllocationSize;)
- {
- UCHAR Bit = 1 << ((RecordOffset / IndexBlockSize) & 7);
- ULONG Byte = (RecordOffset / IndexBlockSize) >> 3;
- if ((BitmapData[Byte] & Bit))
- break;
- RecordOffset += IndexBlockSize;
- }
-
- if (RecordOffset >= IndexAllocationSize)
- {
- break;
- }
+ ExFreePoolWithTag(BitmapMem, TAG_NTFS);
+ ReleaseAttributeContext(BitmapContext);
+ ReleaseAttributeContext(IndexAllocationContext);
+ }
+ return STATUS_SUCCESS;
+ }
- ReadAttribute(Vcb, IndexAllocationCtx, RecordOffset, IndexRecord, IndexBlockSize);
+ // Advance to the next index entry
+ (*CurrentEntry) += 1;
+ ASSERT(IndexEntry->Length >= sizeof(INDEX_ENTRY_ATTRIBUTE));
+ IndexEntry = (PINDEX_ENTRY_ATTRIBUTE)((PCHAR)IndexEntry + IndexEntry->Length);
+ }
- if (!NT_SUCCESS(FixupUpdateSequenceArray(Vcb, &((PFILE_RECORD_HEADER)IndexRecord)->Ntfs)))
- {
- break;
- }
+ if (IndexAllocationContext)
+ {
+ ExFreePoolWithTag(BitmapMem, TAG_NTFS);
+ ReleaseAttributeContext(BitmapContext);
+ ReleaseAttributeContext(IndexAllocationContext);
+ }
- IndexBuffer = (PINDEX_BUFFER)IndexRecord;
- ASSERT(IndexBuffer->Ntfs.Type == 'XDNI');
- ASSERT(IndexBuffer->Header.AllocatedSize + 0x18 == IndexBlockSize);
- IndexEntry = (PINDEX_ENTRY_ATTRIBUTE)(&IndexBuffer->Header + IndexBuffer->Header.FirstEntryOffset);
- IndexEntryEnd = (PINDEX_ENTRY_ATTRIBUTE)(&IndexBuffer->Header + IndexBuffer->Header.TotalSizeOfEntries);
- //ASSERT(IndexEntryEnd <= (PINDEX_ENTRY_ATTRIBUTE)((ULONG_PTR)IndexBuffer + IndexBlockSize)); FIXME: Why doesn't it work?
+ return STATUS_OBJECT_PATH_NOT_FOUND;
+}
- while (IndexEntry < IndexEntryEnd &&
- !(IndexEntry->Flags & NTFS_INDEX_ENTRY_END))
- {
- if ((IndexEntry->Data.Directory.IndexedFile & NTFS_MFT_MASK) > 0x10 &&
- CurrentEntry >= *FirstEntry &&
- CompareFileName(FileName, IndexEntry, DirSearch))
- {
- DPRINT("File found\n");
- *OutMFTIndex = (IndexEntry->Data.Directory.IndexedFile & NTFS_MFT_MASK);
- *FirstEntry = CurrentEntry;
- ExFreePoolWithTag(BitmapData, TAG_NTFS);
- ExFreePoolWithTag(IndexRecord, TAG_NTFS);
- ExFreePoolWithTag(MftRecord, TAG_NTFS);
- ReleaseAttributeContext(IndexAllocationCtx);
- return STATUS_SUCCESS;
- }
+NTSTATUS
+NtfsFindMftRecord(PDEVICE_EXTENSION Vcb,
+ ULONGLONG MFTIndex,
+ PUNICODE_STRING FileName,
+ PULONG FirstEntry,
+ BOOLEAN DirSearch,
+ BOOLEAN CaseSensitive,
+ ULONGLONG *OutMFTIndex)
+{
+ PFILE_RECORD_HEADER MftRecord;
+ PNTFS_ATTR_CONTEXT IndexRootCtx;
+ PINDEX_ROOT_ATTRIBUTE IndexRoot;
+ PCHAR IndexRecord;
+ PINDEX_ENTRY_ATTRIBUTE IndexEntry, IndexEntryEnd;
+ NTSTATUS Status;
+ ULONG CurrentEntry = 0;
- ++CurrentEntry;
- IndexEntry = (PINDEX_ENTRY_ATTRIBUTE)((PCHAR)IndexEntry + IndexEntry->Length);
- }
+ DPRINT("NtfsFindMftRecord(%p, %I64d, %wZ, %lu, %s, %s, %p)\n",
+ Vcb,
+ MFTIndex,
+ FileName,
+ *FirstEntry,
+ DirSearch ? "TRUE" : "FALSE",
+ CaseSensitive ? "TRUE" : "FALSE",
+ OutMFTIndex);
- RecordOffset += IndexBlockSize;
- }
+ MftRecord = ExAllocateFromNPagedLookasideList(&Vcb->FileRecLookasideList);
+ if (MftRecord == NULL)
+ {
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
- ReleaseAttributeContext(IndexAllocationCtx);
- ExFreePoolWithTag(BitmapData, TAG_NTFS);
- }
+ Status = ReadFileRecord(Vcb, MFTIndex, MftRecord);
+ if (!NT_SUCCESS(Status))
+ {
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MftRecord);
+ return Status;
+ }
- ExFreePoolWithTag(IndexRecord, TAG_NTFS);
+ ASSERT(MftRecord->Ntfs.Type == NRH_FILE_TYPE);
+ Status = FindAttribute(Vcb, MftRecord, AttributeIndexRoot, L"$I30", 4, &IndexRootCtx, NULL);
+ if (!NT_SUCCESS(Status))
+ {
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MftRecord);
+ return Status;
}
- else
+
+ IndexRecord = ExAllocatePoolWithTag(NonPagedPool, Vcb->NtfsInfo.BytesPerIndexRecord, TAG_NTFS);
+ if (IndexRecord == NULL)
{
- DPRINT("Can't read MFT record\n");
+ ReleaseAttributeContext(IndexRootCtx);
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MftRecord);
+ return STATUS_INSUFFICIENT_RESOURCES;
}
- ExFreePoolWithTag(MftRecord, TAG_NTFS);
- return STATUS_OBJECT_PATH_NOT_FOUND;
+ ReadAttribute(Vcb, IndexRootCtx, 0, IndexRecord, Vcb->NtfsInfo.BytesPerIndexRecord);
+ IndexRoot = (PINDEX_ROOT_ATTRIBUTE)IndexRecord;
+ IndexEntry = (PINDEX_ENTRY_ATTRIBUTE)((PCHAR)&IndexRoot->Header + IndexRoot->Header.FirstEntryOffset);
+ /* Index root is always resident. */
+ IndexEntryEnd = (PINDEX_ENTRY_ATTRIBUTE)(IndexRecord + IndexRoot->Header.TotalSizeOfEntries);
+ ReleaseAttributeContext(IndexRootCtx);
+
+ DPRINT("IndexRecordSize: %x IndexBlockSize: %x\n", Vcb->NtfsInfo.BytesPerIndexRecord, IndexRoot->SizeOfEntry);
+
+ Status = BrowseIndexEntries(Vcb,
+ MftRecord,
+ (PINDEX_ROOT_ATTRIBUTE)IndexRecord,
+ IndexRoot->SizeOfEntry,
+ IndexEntry,
+ IndexEntryEnd,
+ FileName,
+ FirstEntry,
+ &CurrentEntry,
+ DirSearch,
+ CaseSensitive,
+ OutMFTIndex);
+
+ ExFreePoolWithTag(IndexRecord, TAG_NTFS);
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, MftRecord);
+
+ return Status;
}
NTSTATUS
NtfsLookupFileAt(PDEVICE_EXTENSION Vcb,
PUNICODE_STRING PathName,
+ BOOLEAN CaseSensitive,
PFILE_RECORD_HEADER *FileRecord,
- PNTFS_ATTR_CONTEXT *DataContext,
PULONGLONG MFTIndex,
ULONGLONG CurrentMFTIndex)
{
NTSTATUS Status;
ULONG FirstEntry = 0;
- DPRINT1("NtfsLookupFileAt(%p, %wZ, %p, %p, %I64x)\n", Vcb, PathName, FileRecord, DataContext, CurrentMFTIndex);
+ DPRINT("NtfsLookupFileAt(%p, %wZ, %s, %p, %p, %I64x)\n",
+ Vcb,
+ PathName,
+ CaseSensitive ? "TRUE" : "FALSE",
+ FileRecord,
+ MFTIndex,
+ CurrentMFTIndex);
FsRtlDissectName(*PathName, &Current, &Remaining);
while (Current.Length != 0)
{
- DPRINT1("Current: %wZ\n", &Current);
+ DPRINT("Current: %wZ\n", &Current);
- Status = NtfsFindMftRecord(Vcb, CurrentMFTIndex, &Current, &FirstEntry, FALSE, &CurrentMFTIndex);
+ Status = NtfsFindMftRecord(Vcb, CurrentMFTIndex, &Current, &FirstEntry, FALSE, CaseSensitive, &CurrentMFTIndex);
if (!NT_SUCCESS(Status))
{
return Status;
}
if (Remaining.Length == 0)
- return STATUS_OBJECT_PATH_NOT_FOUND;
+ break;
FsRtlDissectName(Current, &Current, &Remaining);
}
- *FileRecord = ExAllocatePoolWithTag(NonPagedPool, Vcb->NtfsInfo.BytesPerFileRecord, TAG_NTFS);
+ *FileRecord = ExAllocateFromNPagedLookasideList(&Vcb->FileRecLookasideList);
if (*FileRecord == NULL)
{
DPRINT("NtfsLookupFileAt: Can't allocate MFT record\n");
if (!NT_SUCCESS(Status))
{
DPRINT("NtfsLookupFileAt: Can't read MFT record\n");
- ExFreePoolWithTag(*FileRecord, TAG_NTFS);
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, *FileRecord);
return Status;
}
- if (!((*FileRecord)->Flags & FRH_DIRECTORY))
- {
- Status = FindAttribute(Vcb, *FileRecord, AttributeData, L"", 0, DataContext);
- if (!NT_SUCCESS(Status))
- {
- DPRINT("NtfsLookupFileAt: Can't find data attribute\n");
- ExFreePoolWithTag(*FileRecord, TAG_NTFS);
- return Status;
- }
- }
- else
- {
- *DataContext = NULL;
- }
-
*MFTIndex = CurrentMFTIndex;
return STATUS_SUCCESS;
NTSTATUS
NtfsLookupFile(PDEVICE_EXTENSION Vcb,
PUNICODE_STRING PathName,
+ BOOLEAN CaseSensitive,
PFILE_RECORD_HEADER *FileRecord,
- PNTFS_ATTR_CONTEXT *DataContext,
PULONGLONG MFTIndex)
{
- return NtfsLookupFileAt(Vcb, PathName, FileRecord, DataContext, MFTIndex, NTFS_FILE_ROOT);
+ return NtfsLookupFileAt(Vcb, PathName, CaseSensitive, FileRecord, MFTIndex, NTFS_FILE_ROOT);
+}
+
+void
+NtfsDumpData(ULONG_PTR Buffer, ULONG Length)
+{
+ ULONG i, j;
+
+ // dump binary data, 8 bytes at a time
+ for (i = 0; i < Length; i += 8)
+ {
+ // display current offset, in hex
+ DbgPrint("\t%03x\t", i);
+
+ // display hex value of each of the next 8 bytes
+ for (j = 0; j < 8; j++)
+ DbgPrint("%02x ", *(PUCHAR)(Buffer + i + j));
+ DbgPrint("\n");
+ }
+}
+
+/**
+* @name NtfsDumpFileRecord
+* @implemented
+*
+* Provides diagnostic information about a file record. Prints a hex dump
+* of the entire record (based on the size reported by FileRecord->ByesInUse),
+* then prints a dump of each attribute.
+*
+* @param Vcb
+* Pointer to a DEVICE_EXTENSION describing the volume.
+*
+* @param FileRecord
+* Pointer to the file record to be analyzed.
+*
+* @remarks
+* FileRecord must be a complete file record at least FileRecord->BytesAllocated
+* in size, and not just the header.
+*
+*/
+VOID
+NtfsDumpFileRecord(PDEVICE_EXTENSION Vcb,
+ PFILE_RECORD_HEADER FileRecord)
+{
+ ULONG i, j;
+
+ // dump binary data, 8 bytes at a time
+ for (i = 0; i < FileRecord->BytesInUse; i += 8)
+ {
+ // display current offset, in hex
+ DbgPrint("\t%03x\t", i);
+
+ // display hex value of each of the next 8 bytes
+ for (j = 0; j < 8; j++)
+ DbgPrint("%02x ", *(PUCHAR)((ULONG_PTR)FileRecord + i + j));
+ DbgPrint("\n");
+ }
+
+ NtfsDumpFileAttributes(Vcb, FileRecord);
}
NTSTATUS
PUNICODE_STRING SearchPattern,
PULONG FirstEntry,
PFILE_RECORD_HEADER *FileRecord,
- PNTFS_ATTR_CONTEXT *DataContext,
PULONGLONG MFTIndex,
- ULONGLONG CurrentMFTIndex)
+ ULONGLONG CurrentMFTIndex,
+ BOOLEAN CaseSensitive)
{
NTSTATUS Status;
- DPRINT1("NtfsFindFileAt(%p, %wZ, %p, %p, %p, %p, %I64x)\n", Vcb, SearchPattern, FirstEntry, FileRecord, DataContext, MFTIndex, CurrentMFTIndex);
+ DPRINT("NtfsFindFileAt(%p, %wZ, %lu, %p, %p, %I64x, %s)\n",
+ Vcb,
+ SearchPattern,
+ *FirstEntry,
+ FileRecord,
+ MFTIndex,
+ CurrentMFTIndex,
+ (CaseSensitive ? "TRUE" : "FALSE"));
- Status = NtfsFindMftRecord(Vcb, CurrentMFTIndex, SearchPattern, FirstEntry, TRUE, &CurrentMFTIndex);
+ Status = NtfsFindMftRecord(Vcb, CurrentMFTIndex, SearchPattern, FirstEntry, TRUE, CaseSensitive, &CurrentMFTIndex);
if (!NT_SUCCESS(Status))
{
+ DPRINT("NtfsFindFileAt: NtfsFindMftRecord() failed with status 0x%08lx\n", Status);
return Status;
}
- *FileRecord = ExAllocatePoolWithTag(NonPagedPool, Vcb->NtfsInfo.BytesPerFileRecord, TAG_NTFS);
+ *FileRecord = ExAllocateFromNPagedLookasideList(&Vcb->FileRecLookasideList);
if (*FileRecord == NULL)
{
DPRINT("NtfsFindFileAt: Can't allocate MFT record\n");
if (!NT_SUCCESS(Status))
{
DPRINT("NtfsFindFileAt: Can't read MFT record\n");
- ExFreePoolWithTag(*FileRecord, TAG_NTFS);
+ ExFreeToNPagedLookasideList(&Vcb->FileRecLookasideList, *FileRecord);
return Status;
}
- if (!((*FileRecord)->Flags & FRH_DIRECTORY))
- {
- Status = FindAttribute(Vcb, *FileRecord, AttributeData, L"", 0, DataContext);
- if (!NT_SUCCESS(Status))
- {
- DPRINT("NtfsFindFileAt: Can't find data attribute\n");
- ExFreePoolWithTag(*FileRecord, TAG_NTFS);
- return Status;
- }
- }
- else
- {
- *DataContext = NULL;
- }
-
*MFTIndex = CurrentMFTIndex;
return STATUS_SUCCESS;