archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/inetsrv/query/apps/usndump/usndump.cxx

347 lines
12 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation 1997-1998
  5. //
  6. // File: usndump.cxx
  7. //
  8. // Contents: Usn dump utility. Needs admin privileges to run.
  9. //
  10. // History: 05-Jul-97 SitaramR Created
  11. //
  12. //----------------------------------------------------------------------------
  14. #include <pch.cxx>
  15. #pragma hdrstop
  17. void Usage()
  18. {
  19. printf( "Needs admin privileges to run, usage: usndump <drive_letter>, e.g. usndump c\n" );
  20. }
  22. DECLARE_INFOLEVEL(ci)
  24. //+---------------------------------------------------------------------------
  25. //
  26. // Function: PrintUsnRecords
  27. //
  28. // Purpose: Prints usn records from buffer
  29. //
  30. // History: 05-Jul-97 SitaramR Created
  31. // 21-May-98 KLam Added SourceInfo as output
  32. //
  33. //----------------------------------------------------------------------------
  35. void PrintUsnRecords( IO_STATUS_BLOCK *iosb, void *pBuffer )
  36. {
  37. USN usnNextStart;
  38. USN_RECORD * pUsnRec;
  40. ULONG_PTR dwByteCount = iosb->Information;
  41. if ( dwByteCount != 0 )
  42. {
  43. usnNextStart = *(USN *)pBuffer;
  44. pUsnRec = (USN_RECORD *)((PCHAR)pBuffer + sizeof(USN));
  45. dwByteCount -= sizeof(USN);
  46. }
  48. while ( dwByteCount != 0 )
  49. {
  50. if ( pUsnRec->MajorVersion != 2 || pUsnRec->MinorVersion != 0 )
  51. {
  52. printf( "Unrecognized USN version, Major=%u, Minor=%u\n",
  53. pUsnRec->MajorVersion, pUsnRec->MinorVersion );
  54. break;
  55. }
  57. if ( 0 != pUsnRec->SourceInfo )
  58. printf( "FileId=%#I64x, ParentFileId=%#I64x, Usn=%#I64x, Reason=%#x, SourceInfo=%#x, FileAttr=%#x, FileName=%.*ws\n",
  59. pUsnRec->FileReferenceNumber,
  60. pUsnRec->ParentFileReferenceNumber,
  61. pUsnRec->Usn,
  62. pUsnRec->Reason,
  63. pUsnRec->SourceInfo,
  64. pUsnRec->FileAttributes,
  65. pUsnRec->FileNameLength / sizeof WCHAR ,
  66. &pUsnRec->FileName );
  67. else
  68. printf( "FileId=%#I64x, ParentFileId=%#I64x, Usn=%#I64x, Reason=%#x, FileAttr=%#x, FileName=%.*ws\n",
  69. pUsnRec->FileReferenceNumber,
  70. pUsnRec->ParentFileReferenceNumber,
  71. pUsnRec->Usn,
  72. pUsnRec->Reason,
  73. pUsnRec->FileAttributes,
  74. pUsnRec->FileNameLength / sizeof WCHAR,
  75. &pUsnRec->FileName );
  77. if ( pUsnRec->RecordLength <= dwByteCount )
  78. {
  79. dwByteCount -= pUsnRec->RecordLength;
  80. pUsnRec = (USN_RECORD *) ((PCHAR) pUsnRec + pUsnRec->RecordLength );
  81. }
  82. else
  83. {
  84. printf( "***--- Usn read fsctl returned bogus dwByteCount 0x%x ---***\n", dwByteCount );
  86. THROW( CException( STATUS_UNSUCCESSFUL ) );
  87. }
  88. }
  89. }
  91. //+---------------------------------------------------------------------------
  92. //
  93. // Function: main
  94. //
  95. // Purpose: Main dump routine
  96. //
  97. // History: 05-Jul-97 SitaramR Created
  98. //
  99. //----------------------------------------------------------------------------
  101. int __cdecl main( int argc, char * argv[] )
  102. {
  103. if ( argc != 2 )
  104. {
  105. Usage();
  106. return 0;
  107. }
  109. WCHAR wcDriveLetter = argv[1][0];
  111. TRY
  112. {
  113. //
  114. // Looking at a file?
  115. //
  117. if ( strlen(argv[1]) > 2 )
  118. {
  119. int ccUnicodeStr = strlen( argv[1] ) + 1;
  120. WCHAR * pUnicodeStr = new WCHAR[ccUnicodeStr];
  121. if ( !MultiByteToWideChar( CP_ACP, 0, argv[1], -1, pUnicodeStr, ccUnicodeStr ) )
  122. {
  123. printf("MultiByteToWideChar failed.\n");
  124. delete [] pUnicodeStr;
  125. return 0;
  126. }
  127. CFunnyPath funnyPath( pUnicodeStr );
  128. delete [] pUnicodeStr;
  130. HANDLE hFile = CreateFile( funnyPath.GetPath(),
  131. GENERIC_READ,
  132. FILE_SHARE_READ,
  133. NULL,
  134. OPEN_EXISTING,
  135. FILE_FLAG_BACKUP_SEMANTICS,
  136. NULL );
  138. if ( INVALID_HANDLE_VALUE == hFile && ERROR_ACCESS_DENIED == GetLastError() )
  139. hFile = CreateFile( funnyPath.GetPath(),
  140. GENERIC_READ,
  141. FILE_SHARE_READ | FILE_SHARE_WRITE,
  142. NULL,
  143. OPEN_EXISTING,
  144. 0,
  145. NULL );
  147. if ( hFile == INVALID_HANDLE_VALUE )
  148. {
  149. printf( "***--- Usn file open failed 0x%x, check for admin privileges ---***\n", GetLastError() );
  151. THROW( CException( HRESULT_FROM_WIN32( GetLastError() ) ) );
  152. }
  154. NTSTATUS status;
  156. SHandle xFile( hFile );
  158. IO_STATUS_BLOCK iosb;
  159. ULONGLONG readBuffer[100];
  161. for ( unsigned i = 0; i < sizeof(readBuffer)/sizeof(readBuffer[0]); i++ )
  162. readBuffer[i] = 0xFFFFFFFFFFFFFFFFi64;
  164. USN_RECORD *pUsnRec;
  165. status = NtFsControlFile( hFile,
  166. NULL,
  167. NULL,
  168. NULL,
  169. &iosb,
  170. FSCTL_READ_FILE_USN_DATA,
  171. NULL,
  172. NULL,
  173. &readBuffer,
  174. sizeof(readBuffer) );
  176. if ( !NT_SUCCESS(status) || !NT_SUCCESS(iosb.Status) )
  177. {
  178. printf( "***--- Error 0x%x / 0x%x returned from READ_FILE_USN_DATA ---***\n", status, iosb.Status );
  179. return 0;
  180. }
  182. pUsnRec = (USN_RECORD *) &readBuffer;
  184. if ( pUsnRec->MajorVersion != 2 || pUsnRec->MinorVersion != 0 )
  185. printf( "Unrecognized USN version, Major=%u, Minor=%u\n",
  186. pUsnRec->MajorVersion, pUsnRec->MinorVersion );
  187. else
  188. printf( "FileId=%#I64x, ParentFileId=%#I64x, Usn=%#I64x, FileAttr=%#x, FileName=%.*ws\n",
  189. pUsnRec->FileReferenceNumber,
  190. pUsnRec->ParentFileReferenceNumber,
  191. (ULONG)(pUsnRec->Usn>>32),
  192. (ULONG)pUsnRec->Usn,
  193. pUsnRec->FileAttributes,
  194. pUsnRec->FileNameLength / sizeof(WCHAR),
  195. &pUsnRec->FileName );
  196. }
  197. else
  198. {
  199. //
  200. // Create the volume handle that will be used for usn fsctls
  201. //
  203. WCHAR wszVolumePath[] = L"\\\\.\\a:";
  204. wszVolumePath[4] = wcDriveLetter;
  205. HANDLE hVolume = CreateFile( wszVolumePath,
  206. GENERIC_READ | GENERIC_WRITE,
  207. FILE_SHARE_READ | FILE_SHARE_WRITE,
  208. NULL,
  209. OPEN_EXISTING,
  210. 0,
  211. NULL );
  213. if ( hVolume == INVALID_HANDLE_VALUE )
  214. {
  215. printf( "***--- Usn volume open failed 0x%x, check for admin privileges ---***\n", GetLastError() );
  217. THROW( CException( HRESULT_FROM_WIN32( GetLastError() ) ) );
  218. }
  220. SWin32Handle xHandleVolume( hVolume );
  222. IO_STATUS_BLOCK iosb;
  224. //
  225. // Get the Journal ID
  226. //
  229. USN_JOURNAL_DATA UsnJournalInfo;
  231. NTSTATUS status = NtFsControlFile( hVolume,
  232. NULL,
  233. NULL,
  234. NULL,
  235. &iosb,
  236. FSCTL_QUERY_USN_JOURNAL,
  237. 0,
  238. 0,
  239. &UsnJournalInfo,
  240. sizeof(UsnJournalInfo) );
  241. if ( status == STATUS_PENDING )
  242. {
  243. printf( "***--- Status_pending returned for synchronous read fsctl ---***\n" );
  244. return 0;
  245. }
  247. if ( !NT_SUCCESS(status) || !NT_SUCCESS(iosb.Status) )
  248. {
  249. printf( "***--- Error 0x%x / 0x%x returned from QUERY_USN_JOURNAL ---***\n", status, iosb.Status );
  250. return 0;
  251. }
  253. READ_USN_JOURNAL_DATA usnData = {0, MAXULONG, 0, 0, 0, UsnJournalInfo.UsnJournalID};
  254. ULONGLONG readBuffer[2048];
  256. status = NtFsControlFile( hVolume,
  257. NULL,
  258. NULL,
  259. NULL,
  260. &iosb,
  261. FSCTL_READ_USN_JOURNAL,
  262. &usnData,
  263. sizeof(usnData),
  264. &readBuffer,
  265. sizeof(readBuffer) );
  267. if ( status == STATUS_PENDING )
  268. {
  269. printf( "***--- Status_pending returned for synchronous read fsctl ---***\n" );
  270. return 0;
  271. }
  273. if ( NT_SUCCESS( status ) )
  274. {
  275. status = iosb.Status;
  277. if ( STATUS_KEY_DELETED == status ||
  278. STATUS_JOURNAL_ENTRY_DELETED == status )
  279. {
  280. printf( "***--- Status key deleted, rerun ---***\n" );
  281. return 0;
  282. }
  284. PrintUsnRecords( &iosb, readBuffer );
  286. //
  287. // Read usn records until the end of usn journal
  288. //
  290. USN usnStart = 0;
  291. while ( NT_SUCCESS( status ) )
  292. {
  293. ULONG_PTR dwByteCount = iosb.Information;
  295. if ( dwByteCount <= sizeof(USN) )
  296. return 0;
  297. else
  298. {
  299. usnStart = *(USN *)&readBuffer;
  300. usnData.StartUsn = usnStart;
  301. status = NtFsControlFile( hVolume,
  302. NULL,
  303. NULL,
  304. NULL,
  305. &iosb,
  306. FSCTL_READ_USN_JOURNAL,
  307. &usnData,
  308. sizeof(usnData),
  309. &readBuffer,
  310. sizeof(readBuffer) );
  312. if ( NT_SUCCESS( status ) )
  313. status = iosb.Status;
  314. else
  315. {
  316. printf( "***--- Error 0x%x returned from read fsctl ---***\n", status );
  317. return 0;
  318. }
  320. if ( STATUS_KEY_DELETED == status ||
  321. STATUS_JOURNAL_ENTRY_DELETED == status )
  322. {
  323. printf( "***--- Status key deleted, rerun usndump ---***\n" );
  324. return 0;
  325. }
  327. PrintUsnRecords( &iosb, readBuffer );
  328. }
  329. }
  331. return 0;
  332. }
  333. else
  334. printf( "***--- Usn read fsctl returned 0x%x, check if usn journal has created on that volume ---***\n",
  335. status );
  336. }
  338. return 0;
  339. }
  340. CATCH( CException, e )
  341. {
  342. printf( "***--- Caught exception 0x%x ---***\n", e.GetErrorCode() );
  343. }
  344. END_CATCH
  346. return 0;
  347. }