mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
836 lines
34 KiB
836 lines
34 KiB
/*++
|
|
|
|
Copyright (c) 2000-2001 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
engine.cpp
|
|
|
|
Abstract:
|
|
|
|
The file system dump utility engine.
|
|
|
|
Author:
|
|
|
|
Stefan R. Steiner [ssteiner] 02-18-2000
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
|
|
#include "stdafx.h"
|
|
|
|
#include "direntrs.h"
|
|
#include "extattr.h"
|
|
|
|
#include "engine.h"
|
|
|
|
static VOID
|
|
TimeString(
|
|
IN FILETIME *pFileTime,
|
|
IN BOOL bAddMillisecsToTimestamps,
|
|
OUT LPWSTR pwszTimeStr
|
|
);
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Performs the actual dump of the directory or file.
|
|
|
|
Arguments:
|
|
|
|
Return Value:
|
|
|
|
<Enter return values here>
|
|
|
|
--*/
|
|
DWORD
|
|
CDumpEngine::PerformDump()
|
|
{
|
|
//
|
|
// Perform the actual dump
|
|
//
|
|
DWORD dwRet;
|
|
|
|
//
|
|
// Kind of a hack, set the no data string if we want something other than dashes
|
|
//
|
|
if ( m_pcParams->m_bDumpCommaDelimited )
|
|
FsdEaSetNoDataString( L"" );
|
|
|
|
//
|
|
// Volume state manager manages all state about all volumes that are encountered during
|
|
// the dump.
|
|
//
|
|
CFsdVolumeStateManager cFsdVolStateManager( m_pcParams );
|
|
|
|
//
|
|
// Get information about the volume
|
|
//
|
|
CFsdVolumeState *pcFsdVolState;
|
|
|
|
dwRet = cFsdVolStateManager.GetVolumeState( m_cwsDirFileSpec, &pcFsdVolState );
|
|
assert( dwRet != ERROR_ALREADY_EXISTS );
|
|
if ( dwRet != ERROR_SUCCESS )
|
|
return dwRet;
|
|
|
|
if ( m_pcParams->m_bDumpCommaDelimited )
|
|
{
|
|
m_pcParams->DumpPrintAlways( L"File name,Short Name,Creation date,Last modification date,File size,Attr,DACE,SACE,SDCtl,UNamChkS,DStr,DStrSize,DStrChkS,Prop,RPTag,RPSize,RPChkS,EncrChkS,DACLSize,DACLChkS,SACLSize,SACLChkS,NLnk,ObjectId,OIDChkS,FS,Owner Sid,Group Sid" );
|
|
|
|
//
|
|
// Put the current time into the CSV dump file for easy detection of when
|
|
// dumps are taken
|
|
//
|
|
FILETIME sSysFT, sLocalFT;
|
|
::GetSystemTimeAsFileTime( &sSysFT );
|
|
::FileTimeToLocalFileTime( &sSysFT, &sLocalFT );
|
|
WCHAR wszCurrentTime[32];
|
|
::TimeString( &sLocalFT, FALSE, wszCurrentTime );
|
|
m_pcParams->DumpPrintAlways( L"Dump time: %s", wszCurrentTime );
|
|
}
|
|
else
|
|
{
|
|
// if ( ( m_pcParams->m_eFsDumpType == eFsDumpVolume ) &&
|
|
// ( m_cwsDirFileSpec != pcFsdVolState->GetVolumePath() ) )
|
|
// {
|
|
// m_pcParams->ErrPrint( L"'%s' is not a drive specifier or mountpoint, use -dd instead",
|
|
// m_cwsDirFileSpec.c_str() );
|
|
// return 1;
|
|
// }
|
|
|
|
m_pcParams->DumpPrintAlways( L"\nDumping: '%s' on volume '%s'", m_cwsDirFileSpec.c_str(), pcFsdVolState->GetVolumePath() );
|
|
|
|
if ( m_pcParams->m_bAddMillisecsToTimestamps )
|
|
m_pcParams->DumpPrintAlways(
|
|
L" Creation date Last modification date FileSize Attr FileName ShortName DACE SACE SDCtl UNamChkS DStr DStrSize DStrChkS Prop RPTag RPSize RPChkS EncrChkS DACLSize DACLChkS SACLSize SACLChkS NLnk ObjectId OIDChkS OwnerSid/GroupSid" );
|
|
else
|
|
m_pcParams->DumpPrintAlways( L" Creation date Last mod. date FileSize Attr FileName ShortName DACE SACE SDCtl UNamChkS DStr DStrSize DStrChkS Prop RPTag RPSize RPChkS EncrChkS DACLSize DACLChkS SACLSize SACLChkS NLnk ObjectId OIDChkS OwnerSid/GroupSid" );
|
|
}
|
|
|
|
|
|
////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Get the file info for the root dir or file
|
|
// Bug # 157915
|
|
//
|
|
////////////////////////////////////////////////////////////////////
|
|
bool bRootIsADir = true;
|
|
CBsString cwsDirFileSpecWithoutSlash( m_cwsDirFileSpec );
|
|
if ( cwsDirFileSpecWithoutSlash.Right( 1 ) == L"\\" )
|
|
cwsDirFileSpecWithoutSlash = cwsDirFileSpecWithoutSlash.Left( cwsDirFileSpecWithoutSlash.GetLength() - 1 );
|
|
try
|
|
{
|
|
CDirectoryEntries cRootEntry(
|
|
m_pcParams,
|
|
cwsDirFileSpecWithoutSlash
|
|
);
|
|
|
|
//
|
|
// Only one entry should be returned in either the directory list or file list
|
|
//
|
|
SDirectoryEntry *psDirEntry;
|
|
|
|
//
|
|
// See if it is file entry
|
|
//
|
|
CDirectoryEntriesIterator *pListIter;
|
|
pListIter = cRootEntry.GetFileListIterator();
|
|
if ( pListIter->GetNext( psDirEntry ) )
|
|
{
|
|
bRootIsADir = false;
|
|
++m_ullNumFiles;
|
|
m_ullNumBytesTotalUnnamedStream += ( ( ( ULONGLONG )psDirEntry->m_sFindData.nFileSizeHigh ) << 32 ) |
|
|
psDirEntry->m_sFindData.nFileSizeLow;
|
|
|
|
if ( psDirEntry->m_sFindData.dwFileAttributes & FILE_ATTRIBUTE_ENCRYPTED )
|
|
++m_ullNumEncryptedFiles;
|
|
|
|
PrintEntry( pcFsdVolState, cwsDirFileSpecWithoutSlash,
|
|
cwsDirFileSpecWithoutSlash.GetLength(), psDirEntry, TRUE );
|
|
|
|
ASSERT( pListIter->GetNext( psDirEntry ) == false );
|
|
}
|
|
delete pListIter;
|
|
|
|
//
|
|
// See if it is a directory entry
|
|
//
|
|
pListIter = cRootEntry.GetDirListIterator();
|
|
if ( pListIter->GetNext( psDirEntry ) )
|
|
{
|
|
ASSERT( bRootIsADir );
|
|
// It is
|
|
++m_ullNumDirs;
|
|
PrintEntry( pcFsdVolState, cwsDirFileSpecWithoutSlash,
|
|
cwsDirFileSpecWithoutSlash.GetLength(), psDirEntry, TRUE );
|
|
|
|
ASSERT( pListIter->GetNext( psDirEntry ) == false );
|
|
}
|
|
delete pListIter;
|
|
}
|
|
catch ( DWORD dwRet )
|
|
{
|
|
if ( dwRet == ERROR_INVALID_NAME || dwRet == ERROR_BAD_NET_NAME )
|
|
{
|
|
//
|
|
// Must be working with the root of the drive letter name space which
|
|
// means we do things slightly differently.
|
|
//
|
|
SDirectoryEntry sDirEntry;
|
|
::memset( &sDirEntry.m_sFindData, 0x00, sizeof( sDirEntry.m_sFindData ) );
|
|
PrintEntry( pcFsdVolState, m_cwsDirFileSpec,
|
|
m_cwsDirFileSpec.GetLength(), &sDirEntry, TRUE );
|
|
}
|
|
else
|
|
m_pcParams->ErrPrint( L"PerformDump: Unexpected error trying to process '%s', dwRet: %d",
|
|
m_cwsDirFileSpec.c_str(), dwRet );
|
|
}
|
|
catch ( ... )
|
|
{
|
|
m_pcParams->ErrPrint( L"ProcessDir() Caught an unexpected exception processing file: '%s', Last dwRet: %d",
|
|
m_cwsDirFileSpec.c_str(), ::GetLastError() );
|
|
}
|
|
|
|
//
|
|
// Now traverse into the volume/directory if necessary
|
|
//
|
|
if ( m_pcParams->m_eFsDumpType != eFsDumpFile )
|
|
{
|
|
if ( bRootIsADir )
|
|
{
|
|
dwRet = ProcessDir(
|
|
&cFsdVolStateManager,
|
|
pcFsdVolState,
|
|
m_cwsDirFileSpec,
|
|
m_cwsDirFileSpec.GetLength(),
|
|
::wcslen( pcFsdVolState->GetVolumePath() ) );
|
|
}
|
|
|
|
//
|
|
// Print out some stats about the dump
|
|
//
|
|
m_pcParams->DumpPrint( L"\nSTATISTICS for '%s':", m_cwsDirFileSpec.c_str() );
|
|
if ( m_pcParams->m_bHex )
|
|
{
|
|
m_pcParams->DumpPrint( L" Number of directories (including mountpoints): %16I64x(hex)", m_ullNumDirs );
|
|
m_pcParams->DumpPrint( L" Number of files: %16I64x(hex)", m_ullNumFiles );
|
|
m_pcParams->DumpPrint( L" Number of mountpoints: %16I64x(hex)", m_ullNumMountpoints );
|
|
m_pcParams->DumpPrint( L" Number of reparse points (excluding mountpoints): %16I64x(hex)", m_ullNumReparsePoints );
|
|
m_pcParams->DumpPrint( L" Number of hard-linked files: %16I64x(hex)", m_ullNumHardLinks );
|
|
m_pcParams->DumpPrint( L" Number of discrete DACL ACEs: %16I64x(hex)", m_ullNumDiscreteDACEs );
|
|
m_pcParams->DumpPrint( L" Number of discrete SACL ACEs: %16I64x(hex)", m_ullNumDiscreteSACEs );
|
|
m_pcParams->DumpPrint( L" Number of encrypted files: %16I64x(hex)", m_ullNumEncryptedFiles );
|
|
m_pcParams->DumpPrint( L" Number of files with object ids: %16I64x(hex)", m_ullNumFilesWithObjectIds );
|
|
if ( m_pcParams->m_bUseExcludeProcessor )
|
|
m_pcParams->DumpPrint( L" Number of files excluded due to exclusion rules: %16I64x(hex)", m_ullNumFilesExcluded );
|
|
m_pcParams->DumpPrint( L" Total bytes of checksummed data: %16I64x(hex)", m_ullNumBytesChecksummed );
|
|
m_pcParams->DumpPrint( L" Total bytes of unnamed stream data: %16I64x(hex)", m_ullNumBytesTotalUnnamedStream );
|
|
m_pcParams->DumpPrint( L" Total bytes of named data stream data: %16I64x(hex)", m_ullNumBytesTotalNamedDataStream );
|
|
}
|
|
else
|
|
{
|
|
m_pcParams->DumpPrint( L" Number of directories (including mountpoints): %16I64u", m_ullNumDirs );
|
|
m_pcParams->DumpPrint( L" Number of files: %16I64u", m_ullNumFiles );
|
|
m_pcParams->DumpPrint( L" Number of mountpoints: %16I64u", m_ullNumMountpoints );
|
|
m_pcParams->DumpPrint( L" Number of reparse points (excluding mountpoints): %16I64u", m_ullNumReparsePoints );
|
|
m_pcParams->DumpPrint( L" Number of hard-linked files: %16I64u", m_ullNumHardLinks );
|
|
m_pcParams->DumpPrint( L" Number of discrete DACL ACEs: %16I64u", m_ullNumDiscreteDACEs );
|
|
m_pcParams->DumpPrint( L" Number of discrete SACL ACEs: %16I64u", m_ullNumDiscreteSACEs );
|
|
m_pcParams->DumpPrint( L" Number of encrypted files: %16I64u", m_ullNumEncryptedFiles );
|
|
m_pcParams->DumpPrint( L" Number of files with object ids: %16I64u", m_ullNumFilesWithObjectIds );
|
|
if ( m_pcParams->m_bUseExcludeProcessor )
|
|
m_pcParams->DumpPrint( L" Number of files excluded due to exclusion rules: %16I64u", m_ullNumFilesExcluded );
|
|
m_pcParams->DumpPrint( L" Total bytes of checksummed data: %16I64u", m_ullNumBytesChecksummed );
|
|
m_pcParams->DumpPrint( L" Total bytes of unnamed stream data: %16I64u", m_ullNumBytesTotalUnnamedStream );
|
|
m_pcParams->DumpPrint( L" Total bytes of named data stream data: %16I64u", m_ullNumBytesTotalNamedDataStream );
|
|
}
|
|
|
|
if ( m_pcParams->m_bUseExcludeProcessor )
|
|
{
|
|
//
|
|
// Print out exclusion information
|
|
//
|
|
cFsdVolStateManager.PrintExclusionInformation();
|
|
}
|
|
cFsdVolStateManager.PrintHardLinkInfo();
|
|
}
|
|
|
|
return dwRet;
|
|
}
|
|
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Traverses into a directory and dumps all the information about the dir.
|
|
NOTE: This is a recursive function.
|
|
|
|
Arguments:
|
|
|
|
cwsDirPath - The directory path or file to dump information about
|
|
|
|
Return Value:
|
|
|
|
<Enter return values here>
|
|
|
|
--*/
|
|
DWORD
|
|
CDumpEngine::ProcessDir(
|
|
IN CFsdVolumeStateManager *pcFsdVolStateManager,
|
|
IN CFsdVolumeState *pcFsdVolState,
|
|
IN const CBsString& cwsDirPath,
|
|
IN INT cDirFileSpecLength,
|
|
IN INT cVolMountPointOffset
|
|
)
|
|
{
|
|
DWORD dwRet = ERROR_SUCCESS;
|
|
|
|
try
|
|
{
|
|
if ( !m_pcParams->m_bDumpCommaDelimited )
|
|
{
|
|
if ( cwsDirPath.GetLength() == cDirFileSpecLength )
|
|
{
|
|
//
|
|
// This is the root of the directory
|
|
//
|
|
m_pcParams->DumpPrintAlways( L"'.\\' - %s", ( pcFsdVolState != NULL ) ? pcFsdVolState->GetFileSystemName() : L"???" );
|
|
}
|
|
else
|
|
{
|
|
m_pcParams->DumpPrintAlways( L"'%s' - %s", cwsDirPath.c_str() + cDirFileSpecLength,
|
|
( pcFsdVolState != NULL ) ? pcFsdVolState->GetFileSystemName() : L"???" );
|
|
}
|
|
}
|
|
|
|
//
|
|
// Get the directory entries for the directory/file
|
|
//
|
|
CDirectoryEntries cDirEntries(
|
|
m_pcParams,
|
|
cwsDirPath + L"*"
|
|
);
|
|
|
|
SDirectoryEntry *psDirEntry;
|
|
|
|
//
|
|
// First dump out the sub-directory entries
|
|
//
|
|
CDirectoryEntriesIterator *pDirListIter;
|
|
pDirListIter = cDirEntries.GetDirListIterator();
|
|
while ( pDirListIter->GetNext( psDirEntry ) )
|
|
{
|
|
++m_ullNumDirs;
|
|
if ( psDirEntry->m_sFindData.dwFileAttributes & FILE_ATTRIBUTE_REPARSE_POINT )
|
|
{
|
|
++m_ullNumMountpoints;
|
|
}
|
|
PrintEntry( pcFsdVolState, cwsDirPath, cDirFileSpecLength, psDirEntry );
|
|
}
|
|
|
|
//
|
|
// Next dump out the non-sub-directory entries
|
|
//
|
|
CDirectoryEntriesIterator *pFileListIter;
|
|
pFileListIter = cDirEntries.GetFileListIterator();
|
|
while ( pFileListIter->GetNext( psDirEntry ) )
|
|
{
|
|
++m_ullNumFiles;
|
|
m_ullNumBytesTotalUnnamedStream += ( ( ( ULONGLONG )psDirEntry->m_sFindData.nFileSizeHigh ) << 32 ) |
|
|
psDirEntry->m_sFindData.nFileSizeLow;
|
|
|
|
if ( psDirEntry->m_sFindData.dwFileAttributes & FILE_ATTRIBUTE_REPARSE_POINT )
|
|
++m_ullNumReparsePoints;
|
|
if ( psDirEntry->m_sFindData.dwFileAttributes & FILE_ATTRIBUTE_ENCRYPTED )
|
|
++m_ullNumEncryptedFiles;
|
|
|
|
//
|
|
// Check to see if we should exclude the file
|
|
//
|
|
if ( pcFsdVolState->IsExcludedFile( cwsDirPath, cVolMountPointOffset, psDirEntry->GetFileName() ) )
|
|
++m_ullNumFilesExcluded;
|
|
else
|
|
PrintEntry( pcFsdVolState, cwsDirPath, cDirFileSpecLength, psDirEntry );
|
|
}
|
|
delete pFileListIter;
|
|
|
|
if ( m_pcParams->m_eFsDumpType == eFsDumpVolume
|
|
|| m_pcParams->m_eFsDumpType == eFsDumpDirTraverse )
|
|
{
|
|
//
|
|
// Now traverse into each sub-directory
|
|
//
|
|
pDirListIter->Reset();
|
|
CBsString cwsTraversePath;
|
|
while ( pDirListIter->GetNext( psDirEntry ) )
|
|
{
|
|
if ( m_pcParams->m_bDontTraverseMountpoints
|
|
&& psDirEntry->m_sFindData.dwFileAttributes & FILE_ATTRIBUTE_REPARSE_POINT )
|
|
continue;
|
|
cwsTraversePath = cwsDirPath + psDirEntry->GetFileName();
|
|
cwsTraversePath += L'\\';
|
|
|
|
//
|
|
// Now go into recursion mode
|
|
//
|
|
if ( psDirEntry->m_sFindData.dwFileAttributes & FILE_ATTRIBUTE_REPARSE_POINT )
|
|
{
|
|
//
|
|
// Traversing into another volume, get it's state
|
|
//
|
|
CFsdVolumeState *pcNewFsdVolState;
|
|
DWORD dwRet;
|
|
|
|
dwRet = pcFsdVolStateManager->GetVolumeState( cwsTraversePath, &pcNewFsdVolState );
|
|
if ( dwRet == ERROR_ALREADY_EXISTS )
|
|
{
|
|
//
|
|
// Mountpoint cycle, stop traversing. Need to print the fully qualified
|
|
// path if the traversal mountpoint is the same as the mountpoint
|
|
// we started with, otherwise we AV.
|
|
//
|
|
INT cVolStateSpecLength;
|
|
cVolStateSpecLength = ( ::wcslen( pcNewFsdVolState->GetVolumePath() ) <= (size_t)cDirFileSpecLength )
|
|
? 0 : cDirFileSpecLength;
|
|
m_pcParams->DumpPrint( L"'%s' - Not traversing, already traversed through '%s' mountpoint",
|
|
cwsTraversePath.c_str() + cDirFileSpecLength, pcNewFsdVolState->GetVolumePath() + cVolStateSpecLength );
|
|
}
|
|
else if ( dwRet == ERROR_SUCCESS )
|
|
{
|
|
ProcessDir(
|
|
pcFsdVolStateManager,
|
|
pcNewFsdVolState,
|
|
cwsTraversePath,
|
|
cDirFileSpecLength,
|
|
::wcslen( pcNewFsdVolState->GetVolumePath() ) );
|
|
}
|
|
else
|
|
{
|
|
//
|
|
// Error message already printed out
|
|
//
|
|
}
|
|
}
|
|
else
|
|
{
|
|
ProcessDir(
|
|
pcFsdVolStateManager,
|
|
pcFsdVolState,
|
|
cwsTraversePath,
|
|
cDirFileSpecLength,
|
|
cVolMountPointOffset );
|
|
}
|
|
}
|
|
}
|
|
|
|
delete pDirListIter;
|
|
}
|
|
catch ( DWORD dwRet )
|
|
{
|
|
m_pcParams->ErrPrint( L"ProcessDir: Error trying to process '%s' directory, dwRet: %d", cwsDirPath.c_str(), dwRet );
|
|
}
|
|
catch ( ... )
|
|
{
|
|
m_pcParams->ErrPrint( L"ProcessDir() Caught an unexpected exception processing dir: '%s', Last dwRet: %d",
|
|
cwsDirPath.c_str(), ::GetLastError() );
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
//
|
|
// printf style format strings which format each line
|
|
//
|
|
#define DIR_STR L"<DIR>"
|
|
#define JUNCTION_STR L"<JUNCTION>"
|
|
#define FMT_DIR_STR_HEX L" %s %s %-16s %04x %-32s %-12s %4d %4d %04x -------- %4d %8I64x %s %4d %s %6hx %s %s %8hx %s %8hx %s %4d %36s %s %%s/%s"
|
|
#define FMT_DIR_STR L" %s %s %-16s %04x %-32s %-12s %4d %4d %04x -------- %4d %8I64d %s %4d %s %6hu %s %s %8hd %s %8hd %s %4d %36s %s %s/%s"
|
|
#define FMT_FILE_STR_HEX L" %s %s %16I64x %04x %-32s %-12s %4d %4d %04x %s %4d %8I64x %s %4d %s %6hx %s %s %8hx %s %8hx %s %4d %36s %s %s/%s"
|
|
#define FMT_FILE_STR L" %s %s %16I64d %04x %-32s %-12s %4d %4d %04x %s %4d %8I64d %s %4d %s %6hu %s %s %8hd %s %8hd %s %4d %36s %s %s/%s"
|
|
#define BLANKTIMESTAMPWITHOUTMS L" "
|
|
#define BLANKTIMESTAMPWITHMS L" "
|
|
|
|
#define FMT_CSV_DIR_STR L"\"'%s%s\\'\",%s,%s,%s,%s,0x%04x,%d,%d,0x%04x,,%d,%I64d,%s,%d,%s,%hu,%s,%s,%hd,%s,%hd,%s,%d,%s,%s,%s,%s,%s"
|
|
#define FMT_CSV_FILE_STR L"\"'%s%s'\",%s,%s,%s,%I64d,0x%04x,%d,%d,0x%04x,%s,%d,%I64d,%s,%d,%s,%hu,%s,%s,%hd,%s,%hd,%s,%d,%s,%s,%s,%s,%s"
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Prints out all the information about one directory entry.
|
|
|
|
Arguments:
|
|
|
|
cwsDirPath - The path leading up to the entry
|
|
|
|
psDirEntry - The directory entry information
|
|
|
|
Return Value:
|
|
|
|
NONE
|
|
|
|
--*/
|
|
VOID
|
|
CDumpEngine::PrintEntry(
|
|
IN CFsdVolumeState *pcFsdVolState,
|
|
IN const CBsString& cwsDirPath,
|
|
IN INT cDirFileSpecLength,
|
|
IN SDirectoryEntry *psDirEntry,
|
|
IN BOOL bSingleEntryOutput
|
|
)
|
|
{
|
|
WIN32_FILE_ATTRIBUTE_DATA *pFD = &psDirEntry->m_sFindData;
|
|
LPWSTR pwszFmtStr;
|
|
WCHAR wszCreationTime[32];
|
|
WCHAR wszLastWriteTime[32];
|
|
|
|
//
|
|
// Get the additional information about the file/dir
|
|
//
|
|
SFileExtendedInfo sExtendedInfo;
|
|
::GetExtendedFileInfo( m_pcParams, pcFsdVolState, cwsDirPath, bSingleEntryOutput, psDirEntry, &sExtendedInfo );
|
|
|
|
//
|
|
// Convert the timestamps into formatted strings
|
|
//
|
|
if ( pFD->dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY
|
|
&& m_pcParams->m_bDontShowDirectoryTimestamps )
|
|
{
|
|
if ( m_pcParams->m_bDumpCommaDelimited )
|
|
{
|
|
wszCreationTime[0] = L'\0';
|
|
wszLastWriteTime[0] = L'\0';
|
|
}
|
|
else if ( m_pcParams->m_bAddMillisecsToTimestamps )
|
|
{
|
|
::wcscpy( wszCreationTime, BLANKTIMESTAMPWITHMS );
|
|
::wcscpy( wszLastWriteTime, BLANKTIMESTAMPWITHMS );
|
|
}
|
|
else
|
|
{
|
|
::wcscpy( wszCreationTime, BLANKTIMESTAMPWITHOUTMS );
|
|
::wcscpy( wszLastWriteTime, BLANKTIMESTAMPWITHOUTMS );
|
|
}
|
|
}
|
|
else
|
|
{
|
|
TimeString( &psDirEntry->m_sFindData.ftCreationTime,
|
|
m_pcParams->m_bAddMillisecsToTimestamps,
|
|
wszCreationTime );
|
|
TimeString( &psDirEntry->m_sFindData.ftLastWriteTime,
|
|
m_pcParams->m_bAddMillisecsToTimestamps,
|
|
wszLastWriteTime );
|
|
}
|
|
|
|
//
|
|
// Mask out the requested file attribute bits
|
|
//
|
|
pFD->dwFileAttributes &= ~m_pcParams->m_dwFileAttributesMask;
|
|
|
|
m_ullNumBytesChecksummed += sExtendedInfo.ullTotalBytesChecksummed;
|
|
m_ullNumBytesTotalNamedDataStream += sExtendedInfo.ullTotalBytesNamedDataStream;
|
|
if ( sExtendedInfo.lNumberOfLinks > 1 )
|
|
++m_ullNumHardLinks;
|
|
if ( sExtendedInfo.lNumDACEs != -1 )
|
|
m_ullNumDiscreteDACEs += sExtendedInfo.lNumDACEs;
|
|
if ( sExtendedInfo.lNumSACEs != -1 )
|
|
m_ullNumDiscreteSACEs += sExtendedInfo.lNumSACEs;
|
|
if ( !sExtendedInfo.cwsObjectId.IsEmpty() )
|
|
++m_ullNumFilesWithObjectIds;
|
|
|
|
WCHAR wszReparsePointTag[32];
|
|
|
|
if ( sExtendedInfo.ulReparsePointTag == 0 )
|
|
{
|
|
if ( m_pcParams->m_bDumpCommaDelimited )
|
|
wszReparsePointTag[0] = L'\0';
|
|
else
|
|
::memcpy( wszReparsePointTag, L"--------", sizeof( WCHAR ) * 9 );
|
|
}
|
|
else
|
|
{
|
|
wsprintf( wszReparsePointTag, m_pcParams->m_pwszULongHexFmt, sExtendedInfo.ulReparsePointTag );
|
|
}
|
|
|
|
if ( pFD->dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
|
|
{
|
|
LPWSTR pwszDirType;
|
|
if ( pFD->dwFileAttributes & FILE_ATTRIBUTE_REPARSE_POINT )
|
|
pwszDirType = JUNCTION_STR;
|
|
else
|
|
pwszDirType = DIR_STR;
|
|
if ( m_pcParams->m_bDumpCommaDelimited )
|
|
{
|
|
//
|
|
// If single file output mode, then processing the root directory
|
|
//
|
|
if ( bSingleEntryOutput )
|
|
psDirEntry->m_cwsFileName = L".";
|
|
|
|
CBsString cwsFixedShortName;
|
|
if ( !psDirEntry->GetShortName().IsEmpty() )
|
|
{
|
|
cwsFixedShortName = L"\"'" + psDirEntry->GetShortName() + L"'\"";
|
|
}
|
|
|
|
m_pcParams->DumpPrintAlways( FMT_CSV_DIR_STR,
|
|
cwsDirPath.c_str() + cDirFileSpecLength,
|
|
LPCWSTR( psDirEntry->GetFileName() ),
|
|
LPCWSTR( cwsFixedShortName ),
|
|
wszCreationTime,
|
|
wszLastWriteTime,
|
|
pwszDirType,
|
|
pFD->dwFileAttributes,
|
|
sExtendedInfo.lNumDACEs,
|
|
sExtendedInfo.lNumSACEs,
|
|
sExtendedInfo.wSecurityDescriptorControl,
|
|
sExtendedInfo.lNumNamedDataStreams,
|
|
sExtendedInfo.ullTotalBytesNamedDataStream,
|
|
sExtendedInfo.cwsNamedDataStreamChecksum.c_str(),
|
|
sExtendedInfo.lNumPropertyStreams,
|
|
wszReparsePointTag,
|
|
sExtendedInfo.wReparsePointDataSize,
|
|
sExtendedInfo.cwsReparsePointDataChecksum.c_str(),
|
|
sExtendedInfo.cwsEncryptedRawDataChecksum.c_str(),
|
|
sExtendedInfo.wDACLSize,
|
|
sExtendedInfo.cwsDACLChecksum.c_str(),
|
|
sExtendedInfo.wSACLSize,
|
|
sExtendedInfo.cwsSACLChecksum.c_str(),
|
|
sExtendedInfo.lNumberOfLinks,
|
|
sExtendedInfo.cwsObjectId.c_str(),
|
|
sExtendedInfo.cwsObjectIdExtendedDataChecksum.c_str(),
|
|
pcFsdVolState->GetFileSystemName(),
|
|
sExtendedInfo.cwsOwnerSid.c_str(),
|
|
sExtendedInfo.cwsGroupSid.c_str() );
|
|
}
|
|
else
|
|
{
|
|
//
|
|
// If single file output mode, then processing the root directory
|
|
//
|
|
if ( bSingleEntryOutput )
|
|
psDirEntry->m_cwsFileName = L".";
|
|
|
|
//
|
|
// Print with quotes around the file name
|
|
//
|
|
WCHAR wszNameWithQuotes[ MAX_PATH + 2 ];
|
|
wszNameWithQuotes[ 0 ] = L'\'';
|
|
::wcscpy( wszNameWithQuotes + 1, psDirEntry->GetFileName() );
|
|
::wcscat( wszNameWithQuotes, L"\\\'" );
|
|
|
|
if ( m_pcParams->m_bHex )
|
|
pwszFmtStr = FMT_DIR_STR_HEX;
|
|
else
|
|
pwszFmtStr = FMT_DIR_STR;
|
|
m_pcParams->DumpPrintAlways( pwszFmtStr,
|
|
wszCreationTime,
|
|
wszLastWriteTime,
|
|
pwszDirType,
|
|
pFD->dwFileAttributes,
|
|
wszNameWithQuotes,
|
|
LPCWSTR( psDirEntry->GetShortName() ),
|
|
sExtendedInfo.lNumDACEs,
|
|
sExtendedInfo.lNumSACEs,
|
|
sExtendedInfo.wSecurityDescriptorControl,
|
|
sExtendedInfo.lNumNamedDataStreams,
|
|
sExtendedInfo.ullTotalBytesNamedDataStream,
|
|
sExtendedInfo.cwsNamedDataStreamChecksum.c_str(),
|
|
sExtendedInfo.lNumPropertyStreams,
|
|
wszReparsePointTag,
|
|
sExtendedInfo.wReparsePointDataSize,
|
|
sExtendedInfo.cwsReparsePointDataChecksum.c_str(),
|
|
sExtendedInfo.cwsEncryptedRawDataChecksum.c_str(),
|
|
sExtendedInfo.wDACLSize,
|
|
sExtendedInfo.cwsDACLChecksum.c_str(),
|
|
sExtendedInfo.wSACLSize,
|
|
sExtendedInfo.cwsSACLChecksum.c_str(),
|
|
sExtendedInfo.lNumberOfLinks,
|
|
sExtendedInfo.cwsObjectId.c_str(),
|
|
sExtendedInfo.cwsObjectIdExtendedDataChecksum.c_str(),
|
|
sExtendedInfo.cwsOwnerSid.c_str(),
|
|
sExtendedInfo.cwsGroupSid.c_str() );
|
|
}
|
|
}
|
|
else
|
|
{
|
|
ULONGLONG ullFileSize = ( ( (ULONGLONG)pFD->nFileSizeHigh ) << 32 ) + pFD->nFileSizeLow;
|
|
|
|
if ( m_pcParams->m_bDumpCommaDelimited )
|
|
{
|
|
CBsString cwsFixedShortName;
|
|
if ( !psDirEntry->GetShortName().IsEmpty() )
|
|
{
|
|
cwsFixedShortName = L"\"'" + psDirEntry->GetShortName() + L"'\"";
|
|
}
|
|
|
|
m_pcParams->DumpPrintAlways( FMT_CSV_FILE_STR,
|
|
cwsDirPath.c_str() + cDirFileSpecLength,
|
|
LPCWSTR( psDirEntry->GetFileName() ),
|
|
LPCWSTR( cwsFixedShortName ),
|
|
wszCreationTime,
|
|
wszLastWriteTime,
|
|
ullFileSize,
|
|
pFD->dwFileAttributes,
|
|
sExtendedInfo.lNumDACEs,
|
|
sExtendedInfo.lNumSACEs,
|
|
sExtendedInfo.wSecurityDescriptorControl,
|
|
sExtendedInfo.cwsUnnamedStreamChecksum.c_str(),
|
|
sExtendedInfo.lNumNamedDataStreams,
|
|
sExtendedInfo.ullTotalBytesNamedDataStream,
|
|
sExtendedInfo.cwsNamedDataStreamChecksum.c_str(),
|
|
sExtendedInfo.lNumPropertyStreams,
|
|
wszReparsePointTag,
|
|
sExtendedInfo.wReparsePointDataSize,
|
|
sExtendedInfo.cwsReparsePointDataChecksum.c_str(),
|
|
sExtendedInfo.cwsEncryptedRawDataChecksum.c_str(),
|
|
sExtendedInfo.wDACLSize,
|
|
sExtendedInfo.cwsDACLChecksum.c_str(),
|
|
sExtendedInfo.wSACLSize,
|
|
sExtendedInfo.cwsSACLChecksum.c_str(),
|
|
sExtendedInfo.lNumberOfLinks,
|
|
sExtendedInfo.cwsObjectId.c_str(),
|
|
sExtendedInfo.cwsObjectIdExtendedDataChecksum.c_str(),
|
|
pcFsdVolState->GetFileSystemName(),
|
|
sExtendedInfo.cwsOwnerSid.c_str(),
|
|
sExtendedInfo.cwsGroupSid.c_str() );
|
|
}
|
|
else
|
|
{
|
|
//
|
|
// Print with quotes around the file name
|
|
//
|
|
WCHAR wszNameWithQuotes[ MAX_PATH + 2 ];
|
|
wszNameWithQuotes[ 0 ] = L'\'';
|
|
::wcscpy( wszNameWithQuotes + 1, psDirEntry->GetFileName() );
|
|
::wcscat( wszNameWithQuotes, L"\'" );
|
|
|
|
if ( m_pcParams->m_bHex )
|
|
pwszFmtStr = FMT_FILE_STR_HEX;
|
|
else
|
|
pwszFmtStr = FMT_FILE_STR;
|
|
|
|
m_pcParams->DumpPrintAlways( pwszFmtStr,
|
|
wszCreationTime,
|
|
wszLastWriteTime,
|
|
ullFileSize,
|
|
pFD->dwFileAttributes,
|
|
wszNameWithQuotes,
|
|
LPCWSTR( psDirEntry->GetShortName() ),
|
|
sExtendedInfo.lNumDACEs,
|
|
sExtendedInfo.lNumSACEs,
|
|
sExtendedInfo.wSecurityDescriptorControl,
|
|
sExtendedInfo.cwsUnnamedStreamChecksum.c_str(),
|
|
sExtendedInfo.lNumNamedDataStreams,
|
|
sExtendedInfo.ullTotalBytesNamedDataStream,
|
|
sExtendedInfo.cwsNamedDataStreamChecksum.c_str(),
|
|
sExtendedInfo.lNumPropertyStreams,
|
|
wszReparsePointTag,
|
|
sExtendedInfo.wReparsePointDataSize,
|
|
sExtendedInfo.cwsReparsePointDataChecksum.c_str(),
|
|
sExtendedInfo.cwsEncryptedRawDataChecksum.c_str(),
|
|
sExtendedInfo.wDACLSize,
|
|
sExtendedInfo.cwsDACLChecksum.c_str(),
|
|
sExtendedInfo.wSACLSize,
|
|
sExtendedInfo.cwsSACLChecksum.c_str(),
|
|
sExtendedInfo.lNumberOfLinks,
|
|
sExtendedInfo.cwsObjectId.c_str(),
|
|
sExtendedInfo.cwsObjectIdExtendedDataChecksum.c_str(),
|
|
sExtendedInfo.cwsOwnerSid.c_str(),
|
|
sExtendedInfo.cwsGroupSid.c_str() );
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Formats dates into a common string format.
|
|
|
|
Arguments:
|
|
|
|
Return Value:
|
|
|
|
<Enter return values here>
|
|
|
|
--*/
|
|
static VOID
|
|
TimeString(
|
|
IN FILETIME *pFileTime,
|
|
IN BOOL bAddMillisecsToTimestamps,
|
|
OUT LPWSTR pwszTimeStr
|
|
)
|
|
{
|
|
SYSTEMTIME szTime;
|
|
|
|
::FileTimeToSystemTime( pFileTime, &szTime );
|
|
if ( bAddMillisecsToTimestamps )
|
|
{
|
|
wsprintf( pwszTimeStr,
|
|
L"%02d/%02d/%02d %02d:%02d:%02d.%03d",
|
|
szTime.wMonth,
|
|
szTime.wDay,
|
|
szTime.wYear,
|
|
szTime.wHour,
|
|
szTime.wMinute,
|
|
szTime.wSecond,
|
|
szTime.wMilliseconds );
|
|
}
|
|
else
|
|
{
|
|
wsprintf( pwszTimeStr,
|
|
L"%02d/%02d/%02d %02d:%02d:%02d",
|
|
szTime.wMonth,
|
|
szTime.wDay,
|
|
szTime.wYear,
|
|
szTime.wHour,
|
|
szTime.wMinute,
|
|
szTime.wSecond );
|
|
}
|
|
}
|
|
|
|
LPCSTR
|
|
CDumpEngine::GetHeaderInformation()
|
|
{
|
|
LPSTR pszHeaderInfo =
|
|
"Creation date - Creation date of the file/dir\n"
|
|
"Last mod. date - Last modification date of the file/dir\n"
|
|
"FileSize - Size of the unnamed data stream if a file\n"
|
|
"Attr - File attributes with Archive and Normal bits masked by\n"
|
|
" default (hex)\n"
|
|
"FileName - Name of the file in single quotes\n"
|
|
"ShortName - The classic 8.3 file name. If <->, FileName is in\n"
|
|
" classic format\n"
|
|
"DACE - Number of discretionary ACL entries\n"
|
|
"SACE - Number of system ACL entries\n"
|
|
"SDCtl - Security Descripter control word (hex)\n"
|
|
"UNamChkS - Data checksum of the unnamed data stream (hex)\n"
|
|
"DStr - Number of named data streams\n"
|
|
"DStrSize - Size of all of the named data streams\n"
|
|
"DStrChkS - Data checksum of all named data streams including their\n"
|
|
" names (hex)\n"
|
|
"Prop - Number of property data streams\n"
|
|
"RPTag - Reparse point tag value (hex)\n"
|
|
"RPSize - Size of reparse point data\n"
|
|
"RPChkS - Checksum of the reparse point data (hex)\n"
|
|
"EncrChkS - Raw encrypted data checksum (hex)\n"
|
|
"DACLSize - Size of the complete discretionary ACL\n"
|
|
"DACLChkS - Checksum of the complete discretionary ACL (hex)\n"
|
|
"SACLSize - Size of the complete system ACL\n"
|
|
"SACLChkS - Checksum of the complete system ACL (hex)\n"
|
|
"NLnk - Number of hard links\n"
|
|
"ObjectId - Object Id GUID on the file if it has one\n"
|
|
"OIDChkS - Object Id extended data checksum\n"
|
|
"FS - Type of file system (in CSV format only)\n"
|
|
"OwnerSid/GroupSid - The owner and group sid values\n";
|
|
|
|
return pszHeaderInfo;
|
|
}
|
|
|