archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/base/fs/utils/diskedit/crack.cxx

472 lines
14 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. #include "ulib.hxx"
  2. #include "drive.hxx"
  3. #include "ifssys.hxx"
  4. #include "ntfssa.hxx"
  5. #include "frs.hxx"
  6. #include "attrib.hxx"
  7. #include "mftfile.hxx"
  8. #include "bitfrs.hxx"
  9. #include "ntfsbit.hxx"
  10. #include "upfile.hxx"
  11. #include "upcase.hxx"
  12. #include "rfatsa.hxx"
  13. #include "rcache.hxx"
  14. #include "hmem.hxx"
  15. #include "recordpg.hxx"
  16. #include "crack.hxx"
  17. #include "diskedit.h"
  19. extern "C" {
  20. #include <stdio.h>
  21. }
  23. extern PLOG_IO_DP_DRIVE Drive;
  25. TCHAR Path[MAX_PATH];
  27. VOID
  28. CrackNtfsPath(
  29. IN HWND WindowHandle
  30. )
  31. {
  32. DSTRING path;
  33. NTFS_SA ntfssa;
  34. MESSAGE msg;
  35. NTFS_MFT_FILE mft;
  36. NTFS_BITMAP_FILE bitmap_file;
  37. NTFS_ATTRIBUTE bitmap_attribute;
  38. NTFS_BITMAP volume_bitmap;
  39. NTFS_UPCASE_FILE upcase_file;
  40. NTFS_ATTRIBUTE upcase_attribute;
  41. NTFS_UPCASE_TABLE upcase_table;
  42. NTFS_FILE_RECORD_SEGMENT file_record;
  43. BOOLEAN error;
  44. BOOLEAN system_file;
  45. ULONG file_number;
  46. TCHAR buf[100];
  49. if (!path.Initialize(Path)) {
  50. wsprintf(buf, TEXT("Out of memory"));
  51. MessageBox(WindowHandle, buf, TEXT("DiskEdit"), MB_OK|MB_ICONEXCLAMATION);
  52. return;
  53. }
  55. if (!Drive ||
  56. !ntfssa.Initialize(Drive, &msg) ||
  57. !ntfssa.Read() ||
  58. !mft.Initialize(Drive, ntfssa.QueryMftStartingLcn(),
  59. ntfssa.QueryClusterFactor(),
  60. ntfssa.QueryFrsSize(),
  61. ntfssa.QueryVolumeSectors(), NULL, NULL) ||
  62. !mft.Read() ||
  63. !bitmap_file.Initialize(mft.GetMasterFileTable()) ||
  64. !bitmap_file.Read() ||
  65. !bitmap_file.QueryAttribute(&bitmap_attribute, &error, $DATA) ||
  66. !volume_bitmap.Initialize(ntfssa.QueryVolumeSectors() /
  67. (ULONG) ntfssa.QueryClusterFactor(), FALSE, NULL, 0) ||
  68. !volume_bitmap.Read(&bitmap_attribute) ||
  69. !upcase_file.Initialize(mft.GetMasterFileTable()) ||
  70. !upcase_file.Read() ||
  71. !upcase_file.QueryAttribute(&upcase_attribute, &error, $DATA) ||
  72. !upcase_table.Initialize(&upcase_attribute) ||
  73. !mft.Initialize(Drive, ntfssa.QueryMftStartingLcn(),
  74. ntfssa.QueryClusterFactor(),
  75. ntfssa.QueryFrsSize(),
  76. ntfssa.QueryVolumeSectors(),
  77. &volume_bitmap,
  78. &upcase_table) ||
  79. !mft.Read()) {
  81. swprintf(buf, TEXT("Could not init NTFS data structures"));
  82. MessageBox(WindowHandle, buf, TEXT("DiskEdit"), MB_OK|MB_ICONEXCLAMATION);
  84. return;
  85. }
  86. if (!ntfssa.QueryFrsFromPath(&path, mft.GetMasterFileTable(),
  87. &volume_bitmap, &file_record, &system_file, &error)) {
  88. wsprintf(buf, TEXT("File not found."));
  89. MessageBox(WindowHandle, buf, TEXT("DiskEdit"), MB_OK|MB_ICONINFORMATION);
  91. return;
  92. }
  94. file_number = file_record.QueryFileNumber().GetLowPart();
  96. wsprintf(buf, TEXT("The given path points to file record 0x%X"), file_number);
  98. MessageBox(WindowHandle, buf, TEXT("Path Image"), MB_OK);
  99. }
  101. BOOLEAN
  102. BacktrackFrs(
  103. IN VCN FileNumber,
  104. IN OUT PNTFS_MASTER_FILE_TABLE Mft,
  105. OUT PWCHAR PathBuffer,
  106. IN ULONG BufferLength,
  107. OUT PULONG PathLength
  108. )
  109. /*++
  111. Routine Description:
  113. This function finds a path from the root to a given FRS.
  115. Arguments:
  117. FileNumber -- Supplies the file number of the target FRS.
  118. Mft -- Supplies the volume's Master File Table.
  119. PathBuffer -- Receives a path to the FRS.
  120. BufferLength -- Supplies the length (in characters) of
  121. the client's buffer.
  122. PathLength -- Receives the length (in characters) of
  123. the path.
  125. Return Value:
  127. TRUE upon successful completion. The returned path may
  128. not be NULL-terminated.
  130. --*/
  131. {
  132. NTFS_FILE_RECORD_SEGMENT CurrentFrs;
  133. NTFS_ATTRIBUTE FileNameAttribute;
  134. VCN ParentFileNumber;
  135. PCFILE_NAME FileName;
  136. ULONG i;
  137. BOOLEAN Error;
  139. if( FileNumber == ROOT_FILE_NAME_INDEX_NUMBER ) {
  141. // This is the root; return a NULL path.
  142. //
  143. *PathLength = 0;
  144. return TRUE;
  145. }
  147. // Initialize the FRS and extract a name (any name will do).
  148. //
  149. if( !CurrentFrs.Initialize( FileNumber, Mft ) ||
  150. !CurrentFrs.Read() ||
  151. !CurrentFrs.QueryAttribute( &FileNameAttribute, &Error, $FILE_NAME ) ||
  152. !FileNameAttribute.IsResident() ) {
  154. return FALSE;
  155. }
  157. FileName = (PCFILE_NAME)FileNameAttribute.GetResidentValue();
  159. ParentFileNumber.Set( FileName->ParentDirectory.LowPart,
  160. (LONG)FileName->ParentDirectory.HighPart );
  162. // Now recurse into this file's parent.
  163. //
  164. if( !BacktrackFrs( ParentFileNumber,
  165. Mft,
  166. PathBuffer,
  167. BufferLength,
  168. PathLength ) ) {
  170. return FALSE;
  171. }
  173. // Add this file's name to the path.
  174. //
  175. if( *PathLength + FileName->FileNameLength + 1 > BufferLength ) {
  177. // Buffer is too small.
  178. //
  179. return FALSE;
  180. }
  182. PathBuffer[*PathLength] = '\\';
  184. for( i = 0; i < FileName->FileNameLength; i++ ) {
  186. PathBuffer[*PathLength+1+i] = FileName->FileName[i];
  187. }
  189. *PathLength += 1 + FileName->FileNameLength;
  191. return TRUE;
  193. }
  195. BOOLEAN
  196. BacktrackFrsFromScratch(
  197. IN HWND WindowHandle,
  198. IN VCN FileNumber
  199. )
  200. /*++
  202. Routine Description:
  204. This function finds a path from the root to a given
  205. FRS; it sets up the MFT and its helper objects as
  206. needed.
  208. Arguments:
  210. WindowHandle -- Supplies a handle to the parent window.
  211. FileNumber -- Supplies the file number of the target FRS.
  213. Return Value:
  215. TRUE upon successful completion. The returned path may
  216. not be NULL-terminated.
  218. --*/
  219. {
  220. WCHAR WPath[MAX_PATH];
  222. NTFS_SA ntfssa;
  223. MESSAGE msg;
  224. NTFS_MFT_FILE mft;
  225. NTFS_BITMAP_FILE bitmap_file;
  226. NTFS_ATTRIBUTE bitmap_attribute;
  227. NTFS_BITMAP volume_bitmap;
  228. NTFS_UPCASE_FILE upcase_file;
  229. NTFS_ATTRIBUTE upcase_attribute;
  230. NTFS_UPCASE_TABLE upcase_table;
  231. BOOLEAN error;
  232. ULONG BufferLength, PathLength, i;
  234. BufferLength = sizeof(WPath);
  236. if (!Drive ||
  237. !ntfssa.Initialize(Drive, &msg) ||
  238. !ntfssa.Read() ||
  239. !mft.Initialize(Drive, ntfssa.QueryMftStartingLcn(),
  240. ntfssa.QueryClusterFactor(),
  241. ntfssa.QueryFrsSize(),
  242. ntfssa.QueryVolumeSectors(), NULL, NULL) ||
  243. !mft.Read() ||
  244. !bitmap_file.Initialize(mft.GetMasterFileTable()) ||
  245. !bitmap_file.Read() ||
  246. !bitmap_file.QueryAttribute(&bitmap_attribute, &error, $DATA) ||
  247. !volume_bitmap.Initialize(Drive->QuerySectors()/
  248. (ULONG) ntfssa.QueryClusterFactor(), FALSE, NULL, 0) ||
  249. !volume_bitmap.Read(&bitmap_attribute) ||
  250. !upcase_file.Initialize(mft.GetMasterFileTable()) ||
  251. !upcase_file.Read() ||
  252. !upcase_file.QueryAttribute(&upcase_attribute, &error, $DATA) ||
  253. !upcase_table.Initialize(&upcase_attribute) ||
  254. !mft.Initialize(Drive, ntfssa.QueryMftStartingLcn(),
  255. ntfssa.QueryClusterFactor(),
  256. ntfssa.QueryFrsSize(),
  257. ntfssa.QueryVolumeSectors(),
  258. &volume_bitmap,
  259. &upcase_table) ||
  260. !mft.Read() ||
  261. !bitmap_file.Initialize(mft.GetMasterFileTable()) ||
  262. !bitmap_file.Read() ||
  263. !bitmap_file.QueryAttribute(&bitmap_attribute, &error, $DATA) ||
  264. !volume_bitmap.Initialize(Drive->QuerySectors()/
  265. (ULONG) ntfssa.QueryClusterFactor(), FALSE, NULL, 0) ||
  266. !volume_bitmap.Read(&bitmap_attribute) ||
  267. !upcase_file.Initialize(mft.GetMasterFileTable()) ||
  268. !upcase_file.Read() ||
  269. !upcase_file.QueryAttribute(&upcase_attribute, &error, $DATA) ||
  270. !upcase_table.Initialize(&upcase_attribute) ||
  271. !BacktrackFrs( FileNumber, mft.GetMasterFileTable(), WPath,
  272. BufferLength, &PathLength ) ) {
  274. return FALSE;
  275. }
  277. MessageBox(WindowHandle, WPath, TEXT("Path Image"), MB_OK);
  279. return TRUE;
  280. }
  284. VOID
  285. CrackFatPath(
  286. IN HWND WindowHandle
  287. )
  288. {
  289. DSTRING path;
  290. REAL_FAT_SA fatsa;
  291. MESSAGE msg;
  292. ULONG cluster_number;
  293. TCHAR buf[100];
  295. if (!path.Initialize(Path) ||
  296. !Drive ||
  297. !fatsa.Initialize(Drive, &msg) ||
  298. !fatsa.FAT_SA::Read()) {
  300. return;
  301. }
  303. cluster_number = fatsa.QueryFileStartingCluster(&path);
  305. wsprintf(buf, TEXT("The given path points to cluster 0x%X"), cluster_number);
  307. MessageBox(WindowHandle, buf, TEXT("Path Image"), MB_OK);
  308. }
  310. VOID
  311. CrackLsn(
  312. IN HWND WindowHandle
  313. )
  314. {
  315. extern LSN Lsn;
  316. TCHAR buf[100];
  317. LONGLONG FileOffset;
  319. (void)GetLogPageSize(Drive);
  321. LfsTruncateLsnToLogPage(Drive, Lsn, &FileOffset);
  323. wsprintf(buf, TEXT("page at %x, offset %x, seq %x"), (ULONG)FileOffset,
  324. LfsLsnToPageOffset(Drive, Lsn) , LfsLsnToSeqNumber(Drive, Lsn));
  325. MessageBox(WindowHandle, buf, TEXT("LSN"), MB_OK);
  326. }
  328. //
  329. // CrackNextLsn -- given an LSN in the Lsn variable, find the
  330. // LSN following that one in the log file. This involves
  331. // reading the log record for the given lsn to find it's
  332. // size, and figuring the page and offset of the following
  333. // lsn from that.
  334. //
  335. BOOLEAN
  336. CrackNextLsn(
  337. IN HWND WindowHandle
  338. )
  339. {
  340. extern LSN Lsn;
  341. TCHAR buf[100];
  342. NTFS_SA ntfssa;
  343. NTFS_MFT_FILE mft;
  344. ULONG PageOffset;
  345. LONGLONG FileOffset;
  346. MESSAGE msg;
  347. BOOLEAN error;
  348. NTFS_FILE_RECORD_SEGMENT frs;
  349. NTFS_ATTRIBUTE attrib;
  351. LFS_RECORD_HEADER RecordHeader;
  352. ULONG bytes_read;
  353. ULONG RecordLength;
  354. ULONG PageSize;
  355. ULONGLONG NextLsn;
  356. ULONG SeqNumber;
  358. if (0 == (PageSize = GetLogPageSize(Drive))) {
  359. return FALSE;
  360. }
  362. if (!Drive)
  363. return FALSE;
  364. if (!ntfssa.Initialize(Drive, &msg))
  365. return FALSE;
  366. if (!ntfssa.Read())
  367. return FALSE;
  368. if (!mft.Initialize(Drive, ntfssa.QueryMftStartingLcn(),
  369. ntfssa.QueryClusterFactor(), ntfssa.QueryFrsSize(),
  370. ntfssa.QueryVolumeSectors(), NULL, NULL))
  371. return FALSE;
  372. if (!mft.Read())
  373. return FALSE;
  374. if (!frs.Initialize((VCN)LOG_FILE_NUMBER, &mft))
  375. return FALSE;
  376. if (!frs.Read())
  377. return FALSE;
  378. if (!frs.QueryAttribute(&attrib, &error, $DATA, NULL)) {
  379. return FALSE;
  380. }
  382. LfsTruncateLsnToLogPage(Drive, Lsn, &FileOffset);
  383. PageOffset = LfsLsnToPageOffset(Drive, Lsn);
  384. SeqNumber = (ULONG)LfsLsnToSeqNumber(Drive, Lsn);
  386. if (!attrib.Read((PVOID)&RecordHeader, ULONG(PageOffset | FileOffset),
  387. LFS_RECORD_HEADER_SIZE, &bytes_read))
  388. return FALSE;
  390. if (bytes_read != LFS_RECORD_HEADER_SIZE) {
  391. return FALSE;
  392. }
  394. RecordLength = LFS_RECORD_HEADER_SIZE + RecordHeader.ClientDataLength;
  396. if (PageOffset + RecordLength < PageSize &&
  397. PageSize - (PageOffset + RecordLength) >= LFS_RECORD_HEADER_SIZE) {
  399. //
  400. // the current record ends on this page, and the next record begins
  401. // immediately after
  402. //
  404. PageOffset += RecordLength;
  406. } else if (PageSize - (PageOffset+RecordLength) < LFS_RECORD_HEADER_SIZE) {
  408. //
  409. // The next record header will not fit on this page... it
  410. // will begin on the next page immediately following the page
  411. // header
  412. //
  414. FileOffset += PageSize;
  415. PageOffset = LFS_PACKED_RECORD_PAGE_HEADER_SIZE;
  417. } else {
  418. //
  419. // the next log record starts on a following page
  420. //
  422. ULONG left;
  423. ULONG page_capacity;
  425. left = PageSize - (PageOffset + RecordLength);
  426. page_capacity = PageSize - LFS_PACKED_RECORD_PAGE_HEADER_SIZE;
  427. PageOffset += (left / page_capacity + 1) * PageSize;
  428. FileOffset = left % page_capacity + LFS_PACKED_RECORD_PAGE_HEADER_SIZE;
  429. }
  431. // create lsn from FileOffset + PageOffset
  433. NextLsn = LfsFileOffsetToLsn(Drive, FileOffset | PageOffset, SeqNumber);
  435. wsprintf(buf, TEXT("Next LSN %x:%x, at %x + %x"), ((PLSN)&NextLsn)->HighPart,
  436. ((PLSN)&NextLsn)->LowPart, (ULONG)FileOffset, (ULONG)PageOffset);
  437. MessageBox(WindowHandle, buf, TEXT("LSN"), MB_OK);
  439. return TRUE;
  440. }
  442. DISK_TYPE_TABLE TypeCodeNameTab[] = {
  443. { $UNUSED, TEXT("$UNUSED") },
  444. { $STANDARD_INFORMATION, TEXT("$STANDARD_INFORMATION") },
  445. { $ATTRIBUTE_LIST, TEXT("$ATTRIBUTE_LIST") },
  446. { $FILE_NAME, TEXT("$FILE_NAME") },
  447. { $OBJECT_ID, TEXT("$OBJECT_ID") },
  448. { $SECURITY_DESCRIPTOR, TEXT("$SECURITY_DESCRIPTOR") },
  449. { $VOLUME_NAME, TEXT("$VOLUME_NAME") },
  450. { $VOLUME_INFORMATION, TEXT("$VOLUME_INFORMATION") },
  451. { $DATA, TEXT("$DATA") },
  452. { $INDEX_ROOT, TEXT("$INDEX_ROOT") },
  453. { $INDEX_ALLOCATION, TEXT("$INDEX_ALLOCATION") },
  454. { $BITMAP, TEXT("$BITMAP") },
  455. { $SYMBOLIC_LINK, TEXT("$SYMBOLIC_LINK") },
  456. { $EA_INFORMATION, TEXT("$EA_INFORMATION") },
  457. { $EA_DATA, TEXT("$EA_DATA") },
  458. { $END, TEXT("$END") }
  459. };
  461. PTCHAR
  462. GetNtfsAttributeTypeCodeName(
  463. IN ULONG Code
  464. )
  465. {
  466. for (INT i = 0; $END != TypeCodeNameTab[i].Code; ++i) {
  467. if (Code == TypeCodeNameTab[i].Code) {
  468. return TypeCodeNameTab[i].Name;
  469. }
  470. }
  471. return NULL;
  472. }