{
LONGLONG DataRunOffset;
ULONGLONG DataRunLength;
+ ULONGLONG NextVBN = 0;
+ PUCHAR DataRun = (PUCHAR)&Context->Record + Context->Record.NonResident.MappingPairsOffset;
- Context->CacheRun = (PUCHAR)&Context->Record + Context->Record.NonResident.MappingPairsOffset;
+ Context->CacheRun = DataRun;
Context->CacheRunOffset = 0;
Context->CacheRun = DecodeRun(Context->CacheRun, &DataRunOffset, &DataRunLength);
Context->CacheRunLength = DataRunLength;
Context->CacheRunLastLCN = 0;
}
Context->CacheRunCurrentOffset = 0;
+
+ // Convert the data runs to a map control block
+ if (!NT_SUCCESS(ConvertDataRunsToLargeMCB(DataRun, &Context->DataRunsMCB, &NextVBN)))
+ {
+ DPRINT1("Unable to convert data runs to MCB!\n");
+ ExFreePoolWithTag(Context, TAG_NTFS);
+ return NULL;
+ }
}
return Context;
VOID
ReleaseAttributeContext(PNTFS_ATTR_CONTEXT Context)
{
+ if (Context->Record.IsNonResident)
+ {
+ FsRtlUninitializeLargeMcb(&Context->DataRunsMCB);
+ }
+
ExFreePoolWithTag(Context, TAG_NTFS);
}
+/**
+* @name FindAttribute
+* @implemented
+*
+* Searches a file record for an attribute matching the given type and name.
+*
+* @param Offset
+* Optional pointer to a ULONG that will receive the offset of the found attribute
+* from the beginning of the record. Can be set to NULL.
+*/
NTSTATUS
FindAttribute(PDEVICE_EXTENSION Vcb,
PFILE_RECORD_HEADER MftRecord,
ULONG Type,
PCWSTR Name,
ULONG NameLength,
- PNTFS_ATTR_CONTEXT * AttrCtx)
+ PNTFS_ATTR_CONTEXT * AttrCtx,
+ PULONG Offset)
{
BOOLEAN Found;
NTSTATUS Status;
/* Found it, fill up the context and return. */
DPRINT("Found context\n");
*AttrCtx = PrepareAttributeContext(Attribute);
+
+ (*AttrCtx)->FileMFTIndex = MftRecord->MFTRecordNumber;
+
+ if (Offset != NULL)
+ *Offset = Context.Offset;
+
FindCloseAttribute(&Context);
return STATUS_SUCCESS;
}
}
-ULONG
+ULONGLONG
AttributeAllocatedLength(PNTFS_ATTR_RECORD AttrRecord)
{
if (AttrRecord->IsNonResident)
return AttrRecord->Resident.ValueLength;
}
+VOID
+InternalSetResidentAttributeLength(PNTFS_ATTR_CONTEXT AttrContext,
+ PFILE_RECORD_HEADER FileRecord,
+ ULONG AttrOffset,
+ ULONG DataSize)
+{
+ PNTFS_ATTR_RECORD Destination = (PNTFS_ATTR_RECORD)((ULONG_PTR)FileRecord + AttrOffset);
+ ULONG NextAttributeOffset;
+
+ DPRINT("InternalSetResidentAttributeLength( %p, %p, %lu, %lu )\n", AttrContext, FileRecord, AttrOffset, DataSize);
+
+ // update ValueLength Field
+ AttrContext->Record.Resident.ValueLength =
+ Destination->Resident.ValueLength = DataSize;
+
+ // calculate the record length and end marker offset
+ AttrContext->Record.Length =
+ Destination->Length = DataSize + AttrContext->Record.Resident.ValueOffset;
+ NextAttributeOffset = AttrOffset + AttrContext->Record.Length;
+
+ // Ensure NextAttributeOffset is aligned to an 8-byte boundary
+ if (NextAttributeOffset % 8 != 0)
+ {
+ USHORT Padding = 8 - (NextAttributeOffset % 8);
+ NextAttributeOffset += Padding;
+ AttrContext->Record.Length += Padding;
+ Destination->Length += Padding;
+ }
+
+ // advance Destination to the final "attribute" and set the file record end
+ Destination = (PNTFS_ATTR_RECORD)((ULONG_PTR)Destination + Destination->Length);
+ SetFileRecordEnd(FileRecord, Destination, FILE_RECORD_END);
+}
+
+/**
+* @parameter FileRecord
+* Pointer to a file record. Must be a full record at least
+* Fcb->Vcb->NtfsInfo.BytesPerFileRecord bytes large, not just the header.
+*/
+NTSTATUS
+SetAttributeDataLength(PFILE_OBJECT FileObject,
+ PNTFS_FCB Fcb,
+ PNTFS_ATTR_CONTEXT AttrContext,
+ ULONG AttrOffset,
+ PFILE_RECORD_HEADER FileRecord,
+ PLARGE_INTEGER DataSize)
+{
+ NTSTATUS Status = STATUS_SUCCESS;
+ ULONG BytesPerCluster = Fcb->Vcb->NtfsInfo.BytesPerCluster;
+
+ // are we truncating the file?
+ if (DataSize->QuadPart < AttributeDataLength(&AttrContext->Record))
+ {
+ if (!MmCanFileBeTruncated(FileObject->SectionObjectPointer, DataSize))
+ {
+ DPRINT1("Can't truncate a memory-mapped file!\n");
+ return STATUS_USER_MAPPED_FILE;
+ }
+ }
+
+ if (AttrContext->Record.IsNonResident)
+ {
+ ULONGLONG AllocationSize = ROUND_UP(DataSize->QuadPart, BytesPerCluster);
+ PNTFS_ATTR_RECORD DestinationAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)FileRecord + AttrOffset);
+ ULONG ExistingClusters = AttrContext->Record.NonResident.AllocatedSize / BytesPerCluster;
+
+ // do we need to increase the allocation size?
+ if (AttrContext->Record.NonResident.AllocatedSize < AllocationSize)
+ {
+ ULONG ClustersNeeded = (AllocationSize / BytesPerCluster) - ExistingClusters;
+ LARGE_INTEGER LastClusterInDataRun;
+ ULONG NextAssignedCluster;
+ ULONG AssignedClusters;
+
+ if (ExistingClusters == 0)
+ {
+ LastClusterInDataRun.QuadPart = 0;
+ }
+ else
+ {
+ if (!FsRtlLookupLargeMcbEntry(&AttrContext->DataRunsMCB,
+ (LONGLONG)AttrContext->Record.NonResident.HighestVCN,
+ (PLONGLONG)&LastClusterInDataRun.QuadPart,
+ NULL,
+ NULL,
+ NULL,
+ NULL))
+ {
+ DPRINT1("Error looking up final large MCB entry!\n");
+
+ // Most likely, HighestVCN went above the largest mapping
+ DPRINT1("Highest VCN of record: %I64u\n", AttrContext->Record.NonResident.HighestVCN);
+ return STATUS_INVALID_PARAMETER;
+ }
+ }
+
+ DPRINT("LastClusterInDataRun: %I64u\n", LastClusterInDataRun.QuadPart);
+ DPRINT("Highest VCN of record: %I64u\n", AttrContext->Record.NonResident.HighestVCN);
+
+ while (ClustersNeeded > 0)
+ {
+ Status = NtfsAllocateClusters(Fcb->Vcb,
+ LastClusterInDataRun.LowPart + 1,
+ ClustersNeeded,
+ &NextAssignedCluster,
+ &AssignedClusters);
+
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("Error: Unable to allocate requested clusters!\n");
+ return Status;
+ }
+
+ // now we need to add the clusters we allocated to the data run
+ Status = AddRun(Fcb->Vcb, AttrContext, AttrOffset, FileRecord, NextAssignedCluster, AssignedClusters);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("Error: Unable to add data run!\n");
+ return Status;
+ }
+
+ ClustersNeeded -= AssignedClusters;
+ LastClusterInDataRun.LowPart = NextAssignedCluster + AssignedClusters - 1;
+ }
+ }
+ else if (AttrContext->Record.NonResident.AllocatedSize > AllocationSize)
+ {
+ // shrink allocation size
+ ULONG ClustersToFree = ExistingClusters - (AllocationSize / BytesPerCluster);
+ Status = FreeClusters(Fcb->Vcb, AttrContext, AttrOffset, FileRecord, ClustersToFree);
+ }
+
+ // TODO: is the file compressed, encrypted, or sparse?
+
+ // NOTE: we need to have acquired the main resource exclusively, as well as(?) the PagingIoResource
+
+ Fcb->RFCB.AllocationSize.QuadPart = AllocationSize;
+ AttrContext->Record.NonResident.AllocatedSize = AllocationSize;
+ AttrContext->Record.NonResident.DataSize = DataSize->QuadPart;
+ AttrContext->Record.NonResident.InitializedSize = DataSize->QuadPart;
+
+ DestinationAttribute->NonResident.AllocatedSize = AllocationSize;
+ DestinationAttribute->NonResident.DataSize = DataSize->QuadPart;
+ DestinationAttribute->NonResident.InitializedSize = DataSize->QuadPart;
+
+ DPRINT("Allocated Size: %I64u\n", DestinationAttribute->NonResident.AllocatedSize);
+ }
+ else
+ {
+ // resident attribute
+
+ // find the next attribute
+ ULONG NextAttributeOffset = AttrOffset + AttrContext->Record.Length;
+ PNTFS_ATTR_RECORD NextAttribute = (PNTFS_ATTR_RECORD)((PCHAR)FileRecord + NextAttributeOffset);
+
+ //NtfsDumpFileAttributes(Fcb->Vcb, FileRecord);
+
+ // Do we need to increase the data length?
+ if (DataSize->QuadPart > AttrContext->Record.Resident.ValueLength)
+ {
+ // There's usually padding at the end of a record. Do we need to extend past it?
+ ULONG MaxValueLength = AttrContext->Record.Length - AttrContext->Record.Resident.ValueOffset;
+ if (MaxValueLength < DataSize->LowPart)
+ {
+ // If this is the last attribute, we could move the end marker to the very end of the file record
+ MaxValueLength += Fcb->Vcb->NtfsInfo.BytesPerFileRecord - NextAttributeOffset - (sizeof(ULONG) * 2);
+
+ if (MaxValueLength < DataSize->LowPart || NextAttribute->Type != AttributeEnd)
+ {
+ // convert attribute to non-resident
+ PNTFS_ATTR_RECORD Destination = (PNTFS_ATTR_RECORD)((ULONG_PTR)FileRecord + AttrOffset);
+ LARGE_INTEGER AttribDataSize;
+ PVOID AttribData;
+ ULONG EndAttributeOffset;
+ ULONG LengthWritten;
+
+ DPRINT1("Converting attribute to non-resident.\n");
+
+ AttribDataSize.QuadPart = AttrContext->Record.Resident.ValueLength;
+
+ // Is there existing data we need to back-up?
+ if (AttribDataSize.QuadPart > 0)
+ {
+ AttribData = ExAllocatePoolWithTag(NonPagedPool, AttribDataSize.QuadPart, TAG_NTFS);
+ if (AttribData == NULL)
+ {
+ DPRINT1("ERROR: Couldn't allocate memory for attribute data. Can't migrate to non-resident!\n");
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
+
+ // read data to temp buffer
+ Status = ReadAttribute(Fcb->Vcb, AttrContext, 0, AttribData, AttribDataSize.QuadPart);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Unable to read attribute before migrating!\n");
+ ExFreePoolWithTag(AttribData, TAG_NTFS);
+ return Status;
+ }
+ }
+
+ // Start by turning this attribute into a 0-length, non-resident attribute, then enlarge it.
+
+ // Zero out the NonResident structure
+ RtlZeroMemory(&AttrContext->Record.NonResident.LowestVCN,
+ FIELD_OFFSET(NTFS_ATTR_RECORD, NonResident.CompressedSize) - FIELD_OFFSET(NTFS_ATTR_RECORD, NonResident.LowestVCN));
+ RtlZeroMemory(&Destination->NonResident.LowestVCN,
+ FIELD_OFFSET(NTFS_ATTR_RECORD, NonResident.CompressedSize) - FIELD_OFFSET(NTFS_ATTR_RECORD, NonResident.LowestVCN));
+
+ // update the mapping pairs offset, which will be 0x40 + length in bytes of the name
+ AttrContext->Record.NonResident.MappingPairsOffset = Destination->NonResident.MappingPairsOffset = 0x40 + (Destination->NameLength * 2);
+
+ // mark the attribute as non-resident
+ AttrContext->Record.IsNonResident = Destination->IsNonResident = 1;
+
+ // update the end of the file record
+ // calculate position of end markers (1 byte for empty data run)
+ EndAttributeOffset = AttrOffset + AttrContext->Record.NonResident.MappingPairsOffset + 1;
+ EndAttributeOffset = ALIGN_UP_BY(EndAttributeOffset, 8);
+
+ // Update the length
+ Destination->Length = EndAttributeOffset - AttrOffset;
+ AttrContext->Record.Length = Destination->Length;
+
+ // Update the file record end
+ SetFileRecordEnd(FileRecord,
+ (PNTFS_ATTR_RECORD)((ULONG_PTR)FileRecord + EndAttributeOffset),
+ FILE_RECORD_END);
+
+ // update file record on disk
+ Status = UpdateFileRecord(Fcb->Vcb, AttrContext->FileMFTIndex, FileRecord);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Couldn't update file record to continue migration!\n");
+ if (AttribDataSize.QuadPart > 0)
+ ExFreePoolWithTag(AttribData, TAG_NTFS);
+ return Status;
+ }
+
+ // Initialize the MCB, potentially catch an exception
+ _SEH2_TRY{
+ FsRtlInitializeLargeMcb(&AttrContext->DataRunsMCB, NonPagedPool);
+ } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) {
+ _SEH2_YIELD(return _SEH2_GetExceptionCode());
+ } _SEH2_END;
+
+ // Now we can treat the attribute as non-resident and enlarge it normally
+ Status = SetAttributeDataLength(FileObject, Fcb, AttrContext, AttrOffset, FileRecord, DataSize);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Unable to migrate resident attribute!\n");
+ if (AttribDataSize.QuadPart > 0)
+ ExFreePoolWithTag(AttribData, TAG_NTFS);
+ return Status;
+ }
+
+ // restore the back-up attribute, if we made one
+ if (AttribDataSize.QuadPart > 0)
+ {
+ Status = WriteAttribute(Fcb->Vcb, AttrContext, 0, AttribData, AttribDataSize.QuadPart, &LengthWritten);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Unable to write attribute data to non-resident clusters during migration!\n");
+ // TODO: Reverse migration so no data is lost
+ ExFreePoolWithTag(AttribData, TAG_NTFS);
+ return Status;
+ }
+
+ ExFreePoolWithTag(AttribData, TAG_NTFS);
+ }
+ }
+ }
+ }
+ else if (DataSize->LowPart < AttrContext->Record.Resident.ValueLength)
+ {
+ // we need to decrease the length
+ if (NextAttribute->Type != AttributeEnd)
+ {
+ DPRINT1("FIXME: Don't know how to decrease length of resident attribute unless it's the final attribute!\n");
+ return STATUS_NOT_IMPLEMENTED;
+ }
+ }
+
+ // set the new length of the resident attribute (if we didn't migrate it)
+ if(!AttrContext->Record.IsNonResident)
+ InternalSetResidentAttributeLength(AttrContext, FileRecord, AttrOffset, DataSize->LowPart);
+ }
+
+ //NtfsDumpFileAttributes(Fcb->Vcb, FileRecord);
+
+ // write the updated file record back to disk
+ Status = UpdateFileRecord(Fcb->Vcb, Fcb->MFTIndex, FileRecord);
+
+ if (NT_SUCCESS(Status))
+ {
+ Fcb->RFCB.FileSize = *DataSize;
+ Fcb->RFCB.ValidDataLength = *DataSize;
+ CcSetFileSizes(FileObject, (PCC_FILE_SIZES)&Fcb->RFCB.AllocationSize);
+ }
+
+ return STATUS_SUCCESS;
+}
+
+/**
+* @name SetFileRecordEnd
+* @implemented
+*
+* This small function sets a new endpoint for the file record. It set's the final
+* AttrEnd->Type to AttributeEnd and recalculates the bytes used by the file record.
+*
+* @param FileRecord
+* Pointer to the file record whose endpoint (length) will be set.
+*
+* @param AttrEnd
+* Pointer to section of memory that will receive the AttributeEnd marker. This must point
+* to memory allocated for the FileRecord. Must be aligned to an 8-byte boundary (relative to FileRecord).
+*
+* @param EndMarker
+* This value will be written after AttributeEnd but isn't critical at all. When Windows resizes
+* a file record, it preserves the final ULONG that previously ended the record, even though this
+* value is (to my knowledge) never used. We emulate this behavior.
+*
+*/
+VOID
+SetFileRecordEnd(PFILE_RECORD_HEADER FileRecord,
+ PNTFS_ATTR_RECORD AttrEnd,
+ ULONG EndMarker)
+{
+ // mark the end of attributes
+ AttrEnd->Type = AttributeEnd;
+
+ // Restore the "file-record-end marker." The value is never checked but this behavior is consistent with Win2k3.
+ AttrEnd->Length = EndMarker;
+
+ // recalculate bytes in use
+ FileRecord->BytesInUse = (ULONG_PTR)AttrEnd - (ULONG_PTR)FileRecord + sizeof(ULONG) * 2;
+}
ULONG
ReadAttribute(PDEVICE_EXTENSION Vcb,
ULONG ReadLength;
ULONG AlreadyRead;
NTSTATUS Status;
+
+ //TEMPTEMP
+ PUCHAR TempBuffer;
if (!Context->Record.IsNonResident)
{
}
else
{
+ //TEMPTEMP
+ ULONG UsedBufferSize;
+ TempBuffer = ExAllocatePoolWithTag(NonPagedPool, Vcb->NtfsInfo.BytesPerFileRecord, TAG_NTFS);
+
LastLCN = 0;
- DataRun = (PUCHAR)&Context->Record + Context->Record.NonResident.MappingPairsOffset;
CurrentOffset = 0;
+ // This will be rewritten in the next iteration to just use the DataRuns MCB directly
+ ConvertLargeMCBToDataRuns(&Context->DataRunsMCB,
+ TempBuffer,
+ Vcb->NtfsInfo.BytesPerFileRecord,
+ &UsedBufferSize);
+
+ DataRun = TempBuffer;
+
while (1)
{
DataRun = DecodeRun(DataRun, &DataRunOffset, &DataRunLength);
} /* if Disk */
+ // TEMPTEMP
+ if (Context->Record.IsNonResident)
+ ExFreePoolWithTag(TempBuffer, TAG_NTFS);
+
Context->CacheRun = DataRun;
Context->CacheRunOffset = Offset + AlreadyRead;
Context->CacheRunStartLCN = DataRunStartLCN;
NTSTATUS Status;
PUCHAR SourceBuffer = Buffer;
LONGLONG StartingOffset;
+
+ //TEMPTEMP
+ PUCHAR TempBuffer;
+
- DPRINT("WriteAttribute(%p, %p, %I64U, %p, %lu)\n", Vcb, Context, Offset, Buffer, Length);
+ DPRINT("WriteAttribute(%p, %p, %I64u, %p, %lu, %p)\n", Vcb, Context, Offset, Buffer, Length, RealLengthWritten);
+
+ *RealLengthWritten = 0;
// is this a resident attribute?
if (!Context->Record.IsNonResident)
{
- DPRINT1("FIXME: Writing to resident NTFS records (small files) is not supported at this time.\n");
- // (TODO: This should be really easy to implement)
+ ULONG AttributeOffset;
+ PNTFS_ATTR_CONTEXT FoundContext;
+ PFILE_RECORD_HEADER FileRecord;
- /* LeftOver code from ReadAttribute(), may be helpful:
- if (Offset > Context->Record.Resident.ValueLength)
- return 0;
if (Offset + Length > Context->Record.Resident.ValueLength)
- Length = (ULONG)(Context->Record.Resident.ValueLength - Offset);
- RtlCopyMemory(Buffer, (PCHAR)&Context->Record + Context->Record.Resident.ValueOffset + Offset, Length);
- return Length;*/
+ {
+ DPRINT1("DRIVER ERROR: Attribute is too small!\n");
+ return STATUS_INVALID_PARAMETER;
+ }
+
+ FileRecord = ExAllocatePoolWithTag(NonPagedPool, Vcb->NtfsInfo.BytesPerFileRecord, TAG_NTFS);
+
+ if (!FileRecord)
+ {
+ DPRINT1("Error: Couldn't allocate file record!\n");
+ return STATUS_NO_MEMORY;
+ }
+
+ // read the file record
+ ReadFileRecord(Vcb, Context->FileMFTIndex, FileRecord);
+
+ // find where to write the attribute data to
+ Status = FindAttribute(Vcb, FileRecord,
+ Context->Record.Type,
+ (PCWSTR)((PCHAR)&Context->Record + Context->Record.NameOffset),
+ Context->Record.NameLength,
+ &FoundContext,
+ &AttributeOffset);
+
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Couldn't find matching attribute!\n");
+ ExFreePoolWithTag(FileRecord, TAG_NTFS);
+ return Status;
+ }
+
+ DPRINT("Offset: %I64u, AttributeOffset: %u, ValueOffset: %u\n", Offset, AttributeOffset, Context->Record.Resident.ValueLength);
+ Offset += AttributeOffset + Context->Record.Resident.ValueOffset;
+
+ if (Offset + Length > Vcb->NtfsInfo.BytesPerFileRecord)
+ {
+ DPRINT1("DRIVER ERROR: Data being written extends past end of file record!\n");
+ ReleaseAttributeContext(FoundContext);
+ ExFreePoolWithTag(FileRecord, TAG_NTFS);
+ return STATUS_INVALID_PARAMETER;
+ }
+
+ // copy the data being written into the file record
+ RtlCopyMemory((PCHAR)FileRecord + Offset, Buffer, Length);
+
+ Status = UpdateFileRecord(Vcb, Context->FileMFTIndex, FileRecord);
+
+ ReleaseAttributeContext(FoundContext);
+ ExFreePoolWithTag(FileRecord, TAG_NTFS);
+
+ if (NT_SUCCESS(Status))
+ *RealLengthWritten = Length;
- return STATUS_NOT_IMPLEMENTED; // until we implement it
+ return Status;
}
// This is a non-resident attribute.
// I. Find the corresponding start data run.
- *RealLengthWritten = 0;
-
// FIXME: Cache seems to be non-working. Disable it for now
//if(Context->CacheRunOffset <= Offset && Offset < Context->CacheRunOffset + Context->CacheRunLength * Volume->ClusterSize)
/*if (0)
}
else*/
{
+ ULONG UsedBufferSize;
LastLCN = 0;
- DataRun = (PUCHAR)&Context->Record + Context->Record.NonResident.MappingPairsOffset;
- CurrentOffset = 0;
+ CurrentOffset = 0;
+
+ // This will be rewritten in the next iteration to just use the DataRuns MCB directly
+ TempBuffer = ExAllocatePoolWithTag(NonPagedPool, Vcb->NtfsInfo.BytesPerFileRecord, TAG_NTFS);
+
+ ConvertLargeMCBToDataRuns(&Context->DataRunsMCB,
+ TempBuffer,
+ Vcb->NtfsInfo.BytesPerFileRecord,
+ &UsedBufferSize);
+
+ DataRun = TempBuffer;
while (1)
{
{
// We reached the last assigned cluster
// TODO: assign new clusters to the end of the file.
- // (Presently, this code will never be reached, the write should have already failed by now)
+ // (Presently, this code will rarely be reached, the write will usually have already failed by now)
+ // [We can reach here by creating a new file record when the MFT isn't large enough]
+ DPRINT1("FIXME: Master File Table needs to be enlarged.\n");
return STATUS_END_OF_FILE;
}
}
else
DataRunStartLCN = -1;
-
- if (*DataRun == 0)
- {
- if (Length == 0)
- return STATUS_SUCCESS;
-
- // This code shouldn't execute, because we should have extended the allocation size
- // or failed the request by now. It's just a sanity check.
- DPRINT1("Encountered EOF before expected!\n");
- return STATUS_END_OF_FILE;
- }
}
// Do we have more data to write?
Length -= WriteLength;
SourceBuffer += WriteLength;
- RealLengthWritten += WriteLength;
+ *RealLengthWritten += WriteLength;
// We finished this request, but there's still data in this data run.
if (Length == 0 && WriteLength != DataRunLength * Vcb->NtfsInfo.BytesPerCluster)
}
} // end while (Length > 0) [more data to write]
+ // TEMPTEMP
+ if(Context->Record.IsNonResident)
+ ExFreePoolWithTag(TempBuffer, TAG_NTFS);
+
Context->CacheRun = DataRun;
Context->CacheRunOffset = Offset + *RealLengthWritten;
Context->CacheRunStartLCN = DataRunStartLCN;
}
/* Apply update sequence array fixups. */
+ DPRINT("Sequence number: %u\n", file->SequenceNumber);
return FixupUpdateSequenceArray(Vcb, &file->Ntfs);
}
-NTSTATUS
+/**
+* Searches a file's parent directory (given the parent's index in the mft)
+* for the given file. Upon finding an index entry for that file, updates
+* Data Size and Allocated Size values in the $FILE_NAME attribute of that entry.
+*
+* (Most of this code was copied from NtfsFindMftRecord)
+*/
+NTSTATUS
+UpdateFileNameRecord(PDEVICE_EXTENSION Vcb,
+ ULONGLONG ParentMFTIndex,
+ PUNICODE_STRING FileName,
+ BOOLEAN DirSearch,
+ ULONGLONG NewDataSize,
+ ULONGLONG NewAllocationSize)
+{
+ PFILE_RECORD_HEADER MftRecord;
+ PNTFS_ATTR_CONTEXT IndexRootCtx;
+ PINDEX_ROOT_ATTRIBUTE IndexRoot;
+ PCHAR IndexRecord;
+ PINDEX_ENTRY_ATTRIBUTE IndexEntry, IndexEntryEnd;
+ NTSTATUS Status;
+ ULONG CurrentEntry = 0;
+
+ DPRINT("UpdateFileNameRecord(%p, %I64d, %wZ, %u, %I64u, %I64u)\n", Vcb, ParentMFTIndex, FileName, DirSearch, NewDataSize, NewAllocationSize);
+
+ MftRecord = ExAllocatePoolWithTag(NonPagedPool,
+ Vcb->NtfsInfo.BytesPerFileRecord,
+ TAG_NTFS);
+ if (MftRecord == NULL)
+ {
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
+
+ Status = ReadFileRecord(Vcb, ParentMFTIndex, MftRecord);
+ if (!NT_SUCCESS(Status))
+ {
+ ExFreePoolWithTag(MftRecord, TAG_NTFS);
+ return Status;
+ }
+
+ ASSERT(MftRecord->Ntfs.Type == NRH_FILE_TYPE);
+ Status = FindAttribute(Vcb, MftRecord, AttributeIndexRoot, L"$I30", 4, &IndexRootCtx, NULL);
+ if (!NT_SUCCESS(Status))
+ {
+ ExFreePoolWithTag(MftRecord, TAG_NTFS);
+ return Status;
+ }
+
+ IndexRecord = ExAllocatePoolWithTag(NonPagedPool, Vcb->NtfsInfo.BytesPerIndexRecord, TAG_NTFS);
+ if (IndexRecord == NULL)
+ {
+ ReleaseAttributeContext(IndexRootCtx);
+ ExFreePoolWithTag(MftRecord, TAG_NTFS);
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
+
+ ReadAttribute(Vcb, IndexRootCtx, 0, IndexRecord, Vcb->NtfsInfo.BytesPerIndexRecord);
+ IndexRoot = (PINDEX_ROOT_ATTRIBUTE)IndexRecord;
+ IndexEntry = (PINDEX_ENTRY_ATTRIBUTE)((PCHAR)&IndexRoot->Header + IndexRoot->Header.FirstEntryOffset);
+ // Index root is always resident.
+ IndexEntryEnd = (PINDEX_ENTRY_ATTRIBUTE)(IndexRecord + IndexRoot->Header.TotalSizeOfEntries);
+
+ DPRINT("IndexRecordSize: %x IndexBlockSize: %x\n", Vcb->NtfsInfo.BytesPerIndexRecord, IndexRoot->SizeOfEntry);
+
+ Status = UpdateIndexEntryFileNameSize(Vcb,
+ MftRecord,
+ IndexRecord,
+ IndexRoot->SizeOfEntry,
+ IndexEntry,
+ IndexEntryEnd,
+ FileName,
+ &CurrentEntry,
+ &CurrentEntry,
+ DirSearch,
+ NewDataSize,
+ NewAllocationSize);
+
+ ReleaseAttributeContext(IndexRootCtx);
+ ExFreePoolWithTag(IndexRecord, TAG_NTFS);
+ ExFreePoolWithTag(MftRecord, TAG_NTFS);
+
+ return Status;
+}
+
+/**
+* Recursively searches directory index and applies the size update to the $FILE_NAME attribute of the
+* proper index entry.
+* (Heavily based on BrowseIndexEntries)
+*/
+NTSTATUS
+UpdateIndexEntryFileNameSize(PDEVICE_EXTENSION Vcb,
+ PFILE_RECORD_HEADER MftRecord,
+ PCHAR IndexRecord,
+ ULONG IndexBlockSize,
+ PINDEX_ENTRY_ATTRIBUTE FirstEntry,
+ PINDEX_ENTRY_ATTRIBUTE LastEntry,
+ PUNICODE_STRING FileName,
+ PULONG StartEntry,
+ PULONG CurrentEntry,
+ BOOLEAN DirSearch,
+ ULONGLONG NewDataSize,
+ ULONGLONG NewAllocatedSize)
+{
+ NTSTATUS Status;
+ ULONG RecordOffset;
+ PINDEX_ENTRY_ATTRIBUTE IndexEntry;
+ PNTFS_ATTR_CONTEXT IndexAllocationCtx;
+ ULONGLONG IndexAllocationSize;
+ PINDEX_BUFFER IndexBuffer;
+
+ DPRINT("UpdateIndexEntrySize(%p, %p, %p, %u, %p, %p, %wZ, %u, %u, %u, %I64u, %I64u)\n", Vcb, MftRecord, IndexRecord, IndexBlockSize, FirstEntry, LastEntry, FileName, *StartEntry, *CurrentEntry, DirSearch, NewDataSize, NewAllocatedSize);
+
+ // find the index entry responsible for the file we're trying to update
+ IndexEntry = FirstEntry;
+ while (IndexEntry < LastEntry &&
+ !(IndexEntry->Flags & NTFS_INDEX_ENTRY_END))
+ {
+ if ((IndexEntry->Data.Directory.IndexedFile & NTFS_MFT_MASK) > 0x10 &&
+ *CurrentEntry >= *StartEntry &&
+ IndexEntry->FileName.NameType != NTFS_FILE_NAME_DOS &&
+ CompareFileName(FileName, IndexEntry, DirSearch))
+ {
+ *StartEntry = *CurrentEntry;
+ IndexEntry->FileName.DataSize = NewDataSize;
+ IndexEntry->FileName.AllocatedSize = NewAllocatedSize;
+ // indicate that the caller will still need to write the structure to the disk
+ return STATUS_PENDING;
+ }
+
+ (*CurrentEntry) += 1;
+ ASSERT(IndexEntry->Length >= sizeof(INDEX_ENTRY_ATTRIBUTE));
+ IndexEntry = (PINDEX_ENTRY_ATTRIBUTE)((PCHAR)IndexEntry + IndexEntry->Length);
+ }
+
+ /* If we're already browsing a subnode */
+ if (IndexRecord == NULL)
+ {
+ return STATUS_OBJECT_PATH_NOT_FOUND;
+ }
+
+ /* If there's no subnode */
+ if (!(IndexEntry->Flags & NTFS_INDEX_ENTRY_NODE))
+ {
+ return STATUS_OBJECT_PATH_NOT_FOUND;
+ }
+
+ Status = FindAttribute(Vcb, MftRecord, AttributeIndexAllocation, L"$I30", 4, &IndexAllocationCtx, NULL);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT("Corrupted filesystem!\n");
+ return Status;
+ }
+
+ IndexAllocationSize = AttributeDataLength(&IndexAllocationCtx->Record);
+ Status = STATUS_OBJECT_PATH_NOT_FOUND;
+ for (RecordOffset = 0; RecordOffset < IndexAllocationSize; RecordOffset += IndexBlockSize)
+ {
+ ReadAttribute(Vcb, IndexAllocationCtx, RecordOffset, IndexRecord, IndexBlockSize);
+ Status = FixupUpdateSequenceArray(Vcb, &((PFILE_RECORD_HEADER)IndexRecord)->Ntfs);
+ if (!NT_SUCCESS(Status))
+ {
+ break;
+ }
+
+ IndexBuffer = (PINDEX_BUFFER)IndexRecord;
+ ASSERT(IndexBuffer->Ntfs.Type == NRH_INDX_TYPE);
+ ASSERT(IndexBuffer->Header.AllocatedSize + FIELD_OFFSET(INDEX_BUFFER, Header) == IndexBlockSize);
+ FirstEntry = (PINDEX_ENTRY_ATTRIBUTE)((ULONG_PTR)&IndexBuffer->Header + IndexBuffer->Header.FirstEntryOffset);
+ LastEntry = (PINDEX_ENTRY_ATTRIBUTE)((ULONG_PTR)&IndexBuffer->Header + IndexBuffer->Header.TotalSizeOfEntries);
+ ASSERT(LastEntry <= (PINDEX_ENTRY_ATTRIBUTE)((ULONG_PTR)IndexBuffer + IndexBlockSize));
+
+ Status = UpdateIndexEntryFileNameSize(NULL, NULL, NULL, 0, FirstEntry, LastEntry, FileName, StartEntry, CurrentEntry, DirSearch, NewDataSize, NewAllocatedSize);
+ if (Status == STATUS_PENDING)
+ {
+ // write the index record back to disk
+ ULONG Written;
+
+ // first we need to update the fixup values for the index block
+ Status = AddFixupArray(Vcb, &((PFILE_RECORD_HEADER)IndexRecord)->Ntfs);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("Error: Failed to update fixup sequence array!\n");
+ break;
+ }
+
+ Status = WriteAttribute(Vcb, IndexAllocationCtx, RecordOffset, (const PUCHAR)IndexRecord, IndexBlockSize, &Written);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR Performing write!\n");
+ break;
+ }
+
+ Status = STATUS_SUCCESS;
+ break;
+ }
+ if (NT_SUCCESS(Status))
+ {
+ break;
+ }
+ }
+
+ ReleaseAttributeContext(IndexAllocationCtx);
+ return Status;
+}
+
+/**
+* @name UpdateFileRecord
+* @implemented
+*
+* Writes a file record to the master file table, at a given index.
+*
+* @param Vcb
+* Pointer to the DEVICE_EXTENSION of the target drive being written to.
+*
+* @param MftIndex
+* Target index in the master file table to store the file record.
+*
+* @param FileRecord
+* Pointer to the complete file record which will be written to the master file table.
+*
+* @return
+* STATUS_SUCCESSFUL on success. An error passed from WriteAttribute() otherwise.
+*
+*/
+NTSTATUS
+UpdateFileRecord(PDEVICE_EXTENSION Vcb,
+ ULONGLONG MftIndex,
+ PFILE_RECORD_HEADER FileRecord)
+{
+ ULONG BytesWritten;
+ NTSTATUS Status = STATUS_SUCCESS;
+
+ DPRINT("UpdateFileRecord(%p, 0x%I64x, %p)\n", Vcb, MftIndex, FileRecord);
+
+ // Add the fixup array to prepare the data for writing to disk
+ AddFixupArray(Vcb, &FileRecord->Ntfs);
+
+ // write the file record to the master file table
+ Status = WriteAttribute(Vcb, Vcb->MFTContext, MftIndex * Vcb->NtfsInfo.BytesPerFileRecord, (const PUCHAR)FileRecord, Vcb->NtfsInfo.BytesPerFileRecord, &BytesWritten);
+
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("UpdateFileRecord failed: %lu written, %lu expected\n", BytesWritten, Vcb->NtfsInfo.BytesPerFileRecord);
+ }
+
+ // remove the fixup array (so the file record pointer can still be used)
+ FixupUpdateSequenceArray(Vcb, &FileRecord->Ntfs);
+
+ return Status;
+}
+
+
+NTSTATUS
FixupUpdateSequenceArray(PDEVICE_EXTENSION Vcb,
PNTFS_RECORD_HEADER Record)
{
USACount = Record->UsaCount - 1; /* Exclude the USA Number. */
Block = (USHORT*)((PCHAR)Record + Vcb->NtfsInfo.BytesPerSector - 2);
+ DPRINT("FixupUpdateSequenceArray(%p, %p)\nUSANumber: %u\tUSACount: %u\n", Vcb, Record, USANumber, USACount);
+
while (USACount)
{
if (*Block != USANumber)
return STATUS_SUCCESS;
}
+/**
+* @name AddNewMftEntry
+* @implemented
+*
+* Adds a file record to the master file table of a given device.
+*
+* @param FileRecord
+* Pointer to a complete file record which will be saved to disk.
+*
+* @param DeviceExt
+* Pointer to the DEVICE_EXTENSION of the target drive.
+*
+* @return
+* STATUS_SUCCESS on success.
+* STATUS_OBJECT_NAME_NOT_FOUND if we can't find the MFT's $Bitmap or if we weren't able
+* to read the attribute.
+* STATUS_INSUFFICIENT_RESOURCES if we can't allocate enough memory for a copy of $Bitmap.
+* STATUS_NOT_IMPLEMENTED if we need to increase the size of the MFT.
+*
+*/
+NTSTATUS
+AddNewMftEntry(PFILE_RECORD_HEADER FileRecord,
+ PDEVICE_EXTENSION DeviceExt)
+{
+ NTSTATUS Status = STATUS_SUCCESS;
+ ULONGLONG MftIndex;
+ RTL_BITMAP Bitmap;
+ ULONGLONG BitmapDataSize;
+ ULONGLONG AttrBytesRead;
+ PVOID BitmapData;
+ ULONG LengthWritten;
+
+ // First, we have to read the mft's $Bitmap attribute
+ PNTFS_ATTR_CONTEXT BitmapContext;
+ Status = FindAttribute(DeviceExt, DeviceExt->MasterFileTable, AttributeBitmap, L"", 0, &BitmapContext, NULL);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Couldn't find $Bitmap attribute of master file table!\n");
+ return Status;
+ }
+
+ // allocate a buffer for the $Bitmap attribute
+ BitmapDataSize = AttributeDataLength(&BitmapContext->Record);
+ BitmapData = ExAllocatePoolWithTag(NonPagedPool, BitmapDataSize, TAG_NTFS);
+ if (!BitmapData)
+ {
+ ReleaseAttributeContext(BitmapContext);
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
+
+ // read $Bitmap attribute
+ AttrBytesRead = ReadAttribute(DeviceExt, BitmapContext, 0, BitmapData, BitmapDataSize);
+
+ if (AttrBytesRead == 0)
+ {
+ DPRINT1("ERROR: Unable to read $Bitmap attribute of master file table!\n");
+ ExFreePoolWithTag(BitmapData, TAG_NTFS);
+ ReleaseAttributeContext(BitmapContext);
+ return STATUS_OBJECT_NAME_NOT_FOUND;
+ }
+
+ // convert buffer into bitmap
+ RtlInitializeBitMap(&Bitmap, (PULONG)BitmapData, BitmapDataSize * 8);
+
+ // set next available bit, preferrably after 23rd bit
+ MftIndex = RtlFindClearBitsAndSet(&Bitmap, 1, 24);
+ if ((LONG)MftIndex == -1)
+ {
+ DPRINT1("ERROR: Couldn't find free space in MFT for file record!\n");
+
+ ExFreePoolWithTag(BitmapData, TAG_NTFS);
+ ReleaseAttributeContext(BitmapContext);
+
+ // TODO: increase mft size
+ return STATUS_NOT_IMPLEMENTED;
+ }
+
+ DPRINT1("Creating file record at MFT index: %I64u\n", MftIndex);
+
+ // update file record with index
+ FileRecord->MFTRecordNumber = MftIndex;
+
+ // [BitmapData should have been updated via RtlFindClearBitsAndSet()]
+
+ // write the bitmap back to the MFT's $Bitmap attribute
+ Status = WriteAttribute(DeviceExt, BitmapContext, 0, BitmapData, BitmapDataSize, &LengthWritten);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR encountered when writing $Bitmap attribute!\n");
+ ExFreePoolWithTag(BitmapData, TAG_NTFS);
+ ReleaseAttributeContext(BitmapContext);
+ return Status;
+ }
+
+ // update the file record (write it to disk)
+ Status = UpdateFileRecord(DeviceExt, MftIndex, FileRecord);
+
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("ERROR: Unable to write file record!\n");
+ ExFreePoolWithTag(BitmapData, TAG_NTFS);
+ ReleaseAttributeContext(BitmapContext);
+ return Status;
+ }
+
+ ExFreePoolWithTag(BitmapData, TAG_NTFS);
+ ReleaseAttributeContext(BitmapContext);
+
+ return Status;
+}
+
+NTSTATUS
+AddFixupArray(PDEVICE_EXTENSION Vcb,
+ PNTFS_RECORD_HEADER Record)
+{
+ USHORT *pShortToFixUp;
+ unsigned int ArrayEntryCount = Record->UsaCount - 1;
+ unsigned int Offset = Vcb->NtfsInfo.BytesPerSector - 2;
+ int i;
+
+ PFIXUP_ARRAY fixupArray = (PFIXUP_ARRAY)((UCHAR*)Record + Record->UsaOffset);
+
+ DPRINT("AddFixupArray(%p, %p)\n fixupArray->USN: %u, ArrayEntryCount: %u\n", Vcb, Record, fixupArray->USN, ArrayEntryCount);
+
+ fixupArray->USN++;
+
+ for (i = 0; i < ArrayEntryCount; i++)
+ {
+ DPRINT("USN: %u\tOffset: %u\n", fixupArray->USN, Offset);
+
+ pShortToFixUp = (USHORT*)((PCHAR)Record + Offset);
+ fixupArray->Array[i] = *pShortToFixUp;
+ *pShortToFixUp = fixupArray->USN;
+ Offset += Vcb->NtfsInfo.BytesPerSector;
+ }
+
+ return STATUS_SUCCESS;
+}
NTSTATUS
ReadLCN(PDEVICE_EXTENSION Vcb,
return STATUS_OBJECT_PATH_NOT_FOUND;
}
- Status = FindAttribute(Vcb, MftRecord, AttributeIndexAllocation, L"$I30", 4, &IndexAllocationCtx);
+ Status = FindAttribute(Vcb, MftRecord, AttributeIndexAllocation, L"$I30", 4, &IndexAllocationCtx, NULL);
if (!NT_SUCCESS(Status))
{
DPRINT("Corrupted filesystem!\n");
}
ASSERT(MftRecord->Ntfs.Type == NRH_FILE_TYPE);
- Status = FindAttribute(Vcb, MftRecord, AttributeIndexRoot, L"$I30", 4, &IndexRootCtx);
+ Status = FindAttribute(Vcb, MftRecord, AttributeIndexRoot, L"$I30", 4, &IndexRootCtx, NULL);
if (!NT_SUCCESS(Status))
{
ExFreePoolWithTag(MftRecord, TAG_NTFS);
return NtfsLookupFileAt(Vcb, PathName, FileRecord, MFTIndex, NTFS_FILE_ROOT);
}
+/**
+* @name NtfsDumpFileRecord
+* @implemented
+*
+* Provides diagnostic information about a file record. Prints a hex dump
+* of the entire record (based on the size reported by FileRecord->ByesInUse),
+* then prints a dump of each attribute.
+*
+* @param Vcb
+* Pointer to a DEVICE_EXTENSION describing the volume.
+*
+* @param FileRecord
+* Pointer to the file record to be analyzed.
+*
+* @remarks
+* FileRecord must be a complete file record at least FileRecord->BytesAllocated
+* in size, and not just the header.
+*
+*/
+VOID
+NtfsDumpFileRecord(PDEVICE_EXTENSION Vcb,
+ PFILE_RECORD_HEADER FileRecord)
+{
+ ULONG i, j;
+
+ // dump binary data, 8 bytes at a time
+ for (i = 0; i < FileRecord->BytesInUse; i += 8)
+ {
+ // display current offset, in hex
+ DbgPrint("\t%03x\t", i);
+
+ // display hex value of each of the next 8 bytes
+ for (j = 0; j < 8; j++)
+ DbgPrint("%02x ", *(PUCHAR)((ULONG_PTR)FileRecord + i + j));
+ DbgPrint("\n");
+ }
+
+ NtfsDumpFileAttributes(Vcb, FileRecord);
+}
+
NTSTATUS
NtfsFindFileAt(PDEVICE_EXTENSION Vcb,
PUNICODE_STRING SearchPattern,
projects / reactos.git / blobdiff