archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/inetsrv/query/apps/usndump/usndump.cxx

347 lines
12 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation 1997-1998
  5. //
  6. // File: usndump.cxx
  7. //
  8. // Contents: Usn dump utility. Needs admin privileges to run.
  9. //
  10. // History: 05-Jul-97 SitaramR Created
  11. //
  12. //----------------------------------------------------------------------------
  14. #include <pch.cxx>
  15. #pragma hdrstop
  17. void Usage()
  18. {
  19. printf( "usage: usndump <drive_letter>, e.g. usndump c\n" );
  20. printf( " requires administrative privileges to run\n" );
  21. }
  23. DECLARE_INFOLEVEL(ci)
  25. //+---------------------------------------------------------------------------
  26. //
  27. // Function: PrintUsnRecords
  28. //
  29. // Purpose: Prints usn records from buffer
  30. //
  31. // History: 05-Jul-97 SitaramR Created
  32. // 21-May-98 KLam Added SourceInfo as output
  33. //
  34. //----------------------------------------------------------------------------
  36. void PrintUsnRecords( IO_STATUS_BLOCK *iosb, void *pBuffer )
  37. {
  38. USN usnNextStart;
  39. USN_RECORD * pUsnRec;
  41. ULONG_PTR dwByteCount = iosb->Information;
  42. if ( dwByteCount != 0 )
  43. {
  44. usnNextStart = *(USN *)pBuffer;
  45. pUsnRec = (USN_RECORD *)((PCHAR)pBuffer + sizeof(USN));
  46. dwByteCount -= sizeof(USN);
  47. }
  49. while ( dwByteCount != 0 )
  50. {
  51. if ( pUsnRec->MajorVersion != 2 || pUsnRec->MinorVersion != 0 )
  52. {
  53. printf( "Unrecognized USN version, Major=%u, Minor=%u\n",
  54. pUsnRec->MajorVersion, pUsnRec->MinorVersion );
  55. break;
  56. }
  58. if ( 0 != pUsnRec->SourceInfo )
  59. printf( "FileId=%#I64x, ParentFileId=%#I64x, Usn=%#I64x, Reason=%#x, SourceInfo=%#x, FileAttr=%#x, FileName=%.*ws\n",
  60. pUsnRec->FileReferenceNumber,
  61. pUsnRec->ParentFileReferenceNumber,
  62. pUsnRec->Usn,
  63. pUsnRec->Reason,
  64. pUsnRec->SourceInfo,
  65. pUsnRec->FileAttributes,
  66. pUsnRec->FileNameLength / sizeof WCHAR ,
  67. &pUsnRec->FileName );
  68. else
  69. printf( "FileId=%#I64x, ParentFileId=%#I64x, Usn=%#I64x, Reason=%#x, FileAttr=%#x, FileName=%.*ws\n",
  70. pUsnRec->FileReferenceNumber,
  71. pUsnRec->ParentFileReferenceNumber,
  72. pUsnRec->Usn,
  73. pUsnRec->Reason,
  74. pUsnRec->FileAttributes,
  75. pUsnRec->FileNameLength / sizeof WCHAR,
  76. &pUsnRec->FileName );
  78. if ( pUsnRec->RecordLength <= dwByteCount )
  79. {
  80. dwByteCount -= pUsnRec->RecordLength;
  81. pUsnRec = (USN_RECORD *) ((PCHAR) pUsnRec + pUsnRec->RecordLength );
  82. }
  83. else
  84. {
  85. printf( "***--- Usn read fsctl returned bogus dwByteCount 0x%x ---***\n", dwByteCount );
  87. THROW( CException( STATUS_UNSUCCESSFUL ) );
  88. }
  89. }
  90. }
  92. //+---------------------------------------------------------------------------
  93. //
  94. // Function: main
  95. //
  96. // Purpose: Main dump routine
  97. //
  98. // History: 05-Jul-97 SitaramR Created
  99. //
  100. //----------------------------------------------------------------------------
  102. int __cdecl main( int argc, char * argv[] )
  103. {
  104. if ( argc != 2 )
  105. {
  106. Usage();
  107. return 0;
  108. }
  110. WCHAR wcDriveLetter = argv[1][0];
  112. TRY
  113. {
  114. //
  115. // Looking at a file?
  116. //
  118. if ( strlen(argv[1]) > 2 )
  119. {
  120. int ccUnicodeStr = strlen( argv[1] ) + 1;
  121. WCHAR * pUnicodeStr = new WCHAR[ccUnicodeStr];
  122. if ( !MultiByteToWideChar( CP_ACP, 0, argv[1], -1, pUnicodeStr, ccUnicodeStr ) )
  123. {
  124. printf("MultiByteToWideChar failed.\n");
  125. delete [] pUnicodeStr;
  126. return 0;
  127. }
  128. CFunnyPath funnyPath( pUnicodeStr );
  129. delete [] pUnicodeStr;
  131. HANDLE hFile = CreateFile( funnyPath.GetPath(),
  132. GENERIC_READ,
  133. FILE_SHARE_READ,
  134. NULL,
  135. OPEN_EXISTING,
  136. FILE_FLAG_BACKUP_SEMANTICS,
  137. NULL );
  139. if ( INVALID_HANDLE_VALUE == hFile && ERROR_ACCESS_DENIED == GetLastError() )
  140. hFile = CreateFile( funnyPath.GetPath(),
  141. GENERIC_READ,
  142. FILE_SHARE_READ | FILE_SHARE_WRITE,
  143. NULL,
  144. OPEN_EXISTING,
  145. 0,
  146. NULL );
  148. if ( hFile == INVALID_HANDLE_VALUE )
  149. {
  150. printf( "***--- Usn file open failed 0x%x, check for admin privileges ---***\n", GetLastError() );
  152. THROW( CException( HRESULT_FROM_WIN32( GetLastError() ) ) );
  153. }
  155. NTSTATUS status;
  157. SHandle xFile( hFile );
  159. IO_STATUS_BLOCK iosb;
  160. ULONGLONG readBuffer[100];
  162. for ( unsigned i = 0; i < sizeof(readBuffer)/sizeof(readBuffer[0]); i++ )
  163. readBuffer[i] = 0xFFFFFFFFFFFFFFFFi64;
  165. USN_RECORD *pUsnRec;
  166. status = NtFsControlFile( hFile,
  167. NULL,
  168. NULL,
  169. NULL,
  170. &iosb,
  171. FSCTL_READ_FILE_USN_DATA,
  172. NULL,
  173. NULL,
  174. &readBuffer,
  175. sizeof(readBuffer) );
  177. if ( !NT_SUCCESS(status) || !NT_SUCCESS(iosb.Status) )
  178. {
  179. printf( "***--- Error 0x%x / 0x%x returned from READ_FILE_USN_DATA ---***\n", status, iosb.Status );
  180. return 0;
  181. }
  183. pUsnRec = (USN_RECORD *) &readBuffer;
  185. if ( pUsnRec->MajorVersion != 2 || pUsnRec->MinorVersion != 0 )
  186. printf( "Unrecognized USN version, Major=%u, Minor=%u\n",
  187. pUsnRec->MajorVersion, pUsnRec->MinorVersion );
  188. else
  189. printf( "FileId=%#I64x, ParentFileId=%#I64x, Usn=%#I64x, FileAttr=%#x, FileName=%.*ws\n",
  190. pUsnRec->FileReferenceNumber,
  191. pUsnRec->ParentFileReferenceNumber,
  192. pUsnRec->Usn,
  193. pUsnRec->FileAttributes,
  194. pUsnRec->FileNameLength / sizeof(WCHAR),
  195. &pUsnRec->FileName );
  196. }
  197. else
  198. {
  199. //
  200. // Create the volume handle that will be used for usn fsctls
  201. //
  203. WCHAR wszVolumePath[] = L"\\\\.\\a:";
  204. wszVolumePath[4] = wcDriveLetter;
  205. HANDLE hVolume = CreateFile( wszVolumePath,
  206. GENERIC_READ | GENERIC_WRITE,
  207. FILE_SHARE_READ | FILE_SHARE_WRITE,
  208. NULL,
  209. OPEN_EXISTING,
  210. 0,
  211. NULL );
  213. if ( hVolume == INVALID_HANDLE_VALUE )
  214. {
  215. printf( "***--- Usn volume open failed 0x%x, check for admin privileges ---***\n", GetLastError() );
  217. THROW( CException( HRESULT_FROM_WIN32( GetLastError() ) ) );
  218. }
  220. SWin32Handle xHandleVolume( hVolume );
  222. IO_STATUS_BLOCK iosb;
  224. //
  225. // Get the Journal ID
  226. //
  229. USN_JOURNAL_DATA UsnJournalInfo;
  231. NTSTATUS status = NtFsControlFile( hVolume,
  232. NULL,
  233. NULL,
  234. NULL,
  235. &iosb,
  236. FSCTL_QUERY_USN_JOURNAL,
  237. 0,
  238. 0,
  239. &UsnJournalInfo,
  240. sizeof(UsnJournalInfo) );
  241. if ( status == STATUS_PENDING )
  242. {
  243. printf( "***--- Status_pending returned for synchronous read fsctl ---***\n" );
  244. return 0;
  245. }
  247. if ( !NT_SUCCESS(status) || !NT_SUCCESS(iosb.Status) )
  248. {
  249. printf( "***--- Error 0x%x / 0x%x returned from QUERY_USN_JOURNAL ---***\n", status, iosb.Status );
  250. return 0;
  251. }
  253. READ_USN_JOURNAL_DATA usnData = {0, MAXULONG, 0, 0, 0, UsnJournalInfo.UsnJournalID};
  254. ULONGLONG readBuffer[2048];
  256. status = NtFsControlFile( hVolume,
  257. NULL,
  258. NULL,
  259. NULL,
  260. &iosb,
  261. FSCTL_READ_USN_JOURNAL,
  262. &usnData,
  263. sizeof(usnData),
  264. &readBuffer,
  265. sizeof(readBuffer) );
  267. if ( status == STATUS_PENDING )
  268. {
  269. printf( "***--- Status_pending returned for synchronous read fsctl ---***\n" );
  270. return 0;
  271. }
  273. if ( NT_SUCCESS( status ) )
  274. {
  275. status = iosb.Status;
  277. if ( STATUS_KEY_DELETED == status ||
  278. STATUS_JOURNAL_ENTRY_DELETED == status )
  279. {
  280. printf( "***--- Status key deleted, rerun ---***\n" );
  281. return 0;
  282. }
  284. PrintUsnRecords( &iosb, readBuffer );
  286. //
  287. // Read usn records until the end of usn journal
  288. //
  290. USN usnStart = 0;
  291. while ( NT_SUCCESS( status ) )
  292. {
  293. ULONG_PTR dwByteCount = iosb.Information;
  295. if ( dwByteCount <= sizeof(USN) )
  296. return 0;
  297. else
  298. {
  299. usnStart = *(USN *)&readBuffer;
  300. usnData.StartUsn = usnStart;
  301. status = NtFsControlFile( hVolume,
  302. NULL,
  303. NULL,
  304. NULL,
  305. &iosb,
  306. FSCTL_READ_USN_JOURNAL,
  307. &usnData,
  308. sizeof(usnData),
  309. &readBuffer,
  310. sizeof(readBuffer) );
  312. if ( NT_SUCCESS( status ) )
  313. status = iosb.Status;
  314. else
  315. {
  316. printf( "***--- Error 0x%x returned from read fsctl ---***\n", status );
  317. return 0;
  318. }
  320. if ( STATUS_KEY_DELETED == status ||
  321. STATUS_JOURNAL_ENTRY_DELETED == status )
  322. {
  323. printf( "***--- Status key deleted, rerun usndump ---***\n" );
  324. return 0;
  325. }
  327. PrintUsnRecords( &iosb, readBuffer );
  328. }
  329. }
  331. return 0;
  332. }
  333. else
  334. printf( "***--- Usn read fsctl returned 0x%x, check if usn journal has created on that volume ---***\n",
  335. status );
  336. }
  338. return 0;
  339. }
  340. CATCH( CException, e )
  341. {
  342. printf( "***--- Caught exception 0x%x ---***\n", e.GetErrorCode() );
  343. }
  344. END_CATCH
  346. return 0;
  347. }