2002-06-25 22:23:06 +00:00
|
|
|
/*
|
|
|
|
|
* ReactOS kernel
|
2014-11-02 21:50:40 +00:00
|
|
|
* Copyright (C) 2002, 2014 ReactOS Team
|
2002-06-25 22:23:06 +00:00
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
2008-03-08 21:45:51 +00:00
|
|
|
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
|
2002-06-25 22:23:06 +00:00
|
|
|
*
|
|
|
|
|
* COPYRIGHT: See COPYING in the top level directory
|
|
|
|
|
* PROJECT: ReactOS kernel
|
2008-02-10 11:20:29 +00:00
|
|
|
* FILE: drivers/filesystem/ntfs/create.c
|
2002-06-25 22:23:06 +00:00
|
|
|
* PURPOSE: NTFS filesystem driver
|
2014-11-02 21:50:40 +00:00
|
|
|
* PROGRAMMERS: Eric Kohl
|
|
|
|
|
* Pierre Schweitzer (pierre@reactos.org)
|
2002-06-25 22:23:06 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/* INCLUDES *****************************************************************/
|
|
|
|
|
|
2005-07-20 02:52:52 +00:00
|
|
|
#include "ntfs.h"
|
2002-06-25 22:23:06 +00:00
|
|
|
|
2004-06-05 08:28:37 +00:00
|
|
|
#define NDEBUG
|
2002-06-25 22:23:06 +00:00
|
|
|
#include <debug.h>
|
|
|
|
|
|
2015-05-31 21:28:52 +00:00
|
|
|
static PCWSTR MftIdToName[] = {
|
|
|
|
|
L"$MFT",
|
|
|
|
|
L"$MFTMirr",
|
|
|
|
|
L"$LogFile",
|
|
|
|
|
L"$Volume",
|
|
|
|
|
L"AttrDef",
|
|
|
|
|
L".",
|
|
|
|
|
L"$Bitmap",
|
|
|
|
|
L"$Boot",
|
|
|
|
|
L"$BadClus",
|
|
|
|
|
L"$Quota",
|
|
|
|
|
L"$UpCase",
|
|
|
|
|
L"$Extended",
|
|
|
|
|
};
|
|
|
|
|
|
2002-06-25 22:23:06 +00:00
|
|
|
/* FUNCTIONS ****************************************************************/
|
|
|
|
|
|
2013-06-16 12:15:06 +00:00
|
|
|
static
|
|
|
|
|
NTSTATUS
|
2002-06-25 22:23:06 +00:00
|
|
|
NtfsMakeAbsoluteFilename(PFILE_OBJECT pFileObject,
|
2013-06-16 12:15:06 +00:00
|
|
|
PWSTR pRelativeFileName,
|
|
|
|
|
PWSTR *pAbsoluteFilename)
|
2002-06-25 22:23:06 +00:00
|
|
|
{
|
2013-06-16 12:15:06 +00:00
|
|
|
PWSTR rcName;
|
|
|
|
|
PNTFS_FCB Fcb;
|
2002-06-25 22:23:06 +00:00
|
|
|
|
2013-06-16 12:15:06 +00:00
|
|
|
DPRINT("try related for %S\n", pRelativeFileName);
|
|
|
|
|
Fcb = pFileObject->FsContext;
|
|
|
|
|
ASSERT(Fcb);
|
2002-06-25 22:23:06 +00:00
|
|
|
|
2015-02-14 15:35:35 +00:00
|
|
|
if (Fcb->Flags & FCB_IS_VOLUME)
|
|
|
|
|
{
|
|
|
|
|
/* This is likely to be an opening by ID, return ourselves */
|
|
|
|
|
if (pRelativeFileName[0] == L'\\')
|
|
|
|
|
{
|
|
|
|
|
*pAbsoluteFilename = NULL;
|
|
|
|
|
return STATUS_SUCCESS;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-16 12:15:06 +00:00
|
|
|
/* verify related object is a directory and target name
|
|
|
|
|
don't start with \. */
|
|
|
|
|
if (NtfsFCBIsDirectory(Fcb) == FALSE ||
|
|
|
|
|
pRelativeFileName[0] == L'\\')
|
2002-06-25 22:23:06 +00:00
|
|
|
{
|
2013-06-16 12:15:06 +00:00
|
|
|
return STATUS_INVALID_PARAMETER;
|
2002-06-25 22:23:06 +00:00
|
|
|
}
|
|
|
|
|
|
2013-06-16 12:15:06 +00:00
|
|
|
/* construct absolute path name */
|
|
|
|
|
ASSERT(wcslen (Fcb->PathName) + 1 + wcslen (pRelativeFileName) + 1 <= MAX_PATH);
|
|
|
|
|
rcName = ExAllocatePoolWithTag(NonPagedPool, MAX_PATH * sizeof(WCHAR), TAG_NTFS);
|
|
|
|
|
if (!rcName)
|
2002-06-25 22:23:06 +00:00
|
|
|
{
|
2013-06-16 12:15:06 +00:00
|
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
2002-06-25 22:23:06 +00:00
|
|
|
}
|
|
|
|
|
|
2013-06-16 12:15:06 +00:00
|
|
|
wcscpy(rcName, Fcb->PathName);
|
|
|
|
|
if (!NtfsFCBIsRoot(Fcb))
|
|
|
|
|
wcscat (rcName, L"\\");
|
|
|
|
|
wcscat (rcName, pRelativeFileName);
|
|
|
|
|
*pAbsoluteFilename = rcName;
|
2002-06-25 22:23:06 +00:00
|
|
|
|
2013-06-16 12:15:06 +00:00
|
|
|
return STATUS_SUCCESS;
|
2002-06-25 22:23:06 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2015-02-14 15:35:35 +00:00
|
|
|
static
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NtfsMoonWalkID(PDEVICE_EXTENSION DeviceExt,
|
|
|
|
|
ULONGLONG Id,
|
|
|
|
|
PUNICODE_STRING OutPath)
|
|
|
|
|
{
|
|
|
|
|
NTSTATUS Status;
|
|
|
|
|
PFILE_RECORD_HEADER MftRecord;
|
|
|
|
|
PFILENAME_ATTRIBUTE FileName;
|
|
|
|
|
WCHAR FullPath[MAX_PATH];
|
|
|
|
|
ULONG WritePosition = MAX_PATH - 1;
|
|
|
|
|
|
2019-06-15 16:24:27 +00:00
|
|
|
DPRINT("NtfsMoonWalkID(%p, %I64x, %p)\n", DeviceExt, Id, OutPath);
|
2015-02-14 15:35:35 +00:00
|
|
|
|
|
|
|
|
RtlZeroMemory(FullPath, sizeof(FullPath));
|
2017-12-31 13:14:24 +00:00
|
|
|
MftRecord = ExAllocateFromNPagedLookasideList(&DeviceExt->FileRecLookasideList);
|
2015-02-14 15:35:35 +00:00
|
|
|
if (MftRecord == NULL)
|
|
|
|
|
{
|
|
|
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
while (TRUE)
|
|
|
|
|
{
|
|
|
|
|
Status = ReadFileRecord(DeviceExt, Id, MftRecord);
|
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
ASSERT(MftRecord->Ntfs.Type == NRH_FILE_TYPE);
|
2015-02-14 15:41:44 +00:00
|
|
|
if (!(MftRecord->Flags & FRH_IN_USE))
|
|
|
|
|
{
|
|
|
|
|
Status = STATUS_OBJECT_PATH_NOT_FOUND;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2015-02-14 15:35:35 +00:00
|
|
|
|
[NTFS]
Totally rewrite the way MFT records attributes are handled.
Up to now, we were having really similar loops, only looking at the resident part of the attribute list, not really caring about how the loop was going.
This was leading to some issues:
- In case the attribute we were looking for was stored in the non-resident part of the attribute list, we would miss it (excepted in the case of FindAttribute() which was properly browsing the whole attribute list).
- In the specific case of FindAttribute(), one would have been able to setup a broken MFT record with the resident attribute list pointing on the non resident attribute list which itself would point to the resident attribute list. In such case, the driver would loop forever caught on the loop, allocating tones of memory. It was possible to trigger this by user space, from a non-privileged user, just by browsing the right directory entry.
- In the case of the other loops (non FindAttribute()), another issue (other than missing attributes) was present, one would have been able to setup a broken MFT record with an attribute of null-length. This would have caused the driver to loop forever on the attribute list. This could be triggered from usermode too. And could be triggered by a non-privileged user.
This commit introduces a new set of functions for attributes browsing: FindFirstAttribute(), FindNextAttribute(), FindCloseAttribute(). It allows safely browsing attributes and handles broken cases. It also performs reading of the attribute list when present and makes sure there's only one read. This method should be the only one to use to browse the attributes.
The whole NTFS code base has been converted to use this newly set of functions. This really simplifies the implementation of FindAttribute(), and prevent unsafe code duplication.
CORE-10037 #resolve #comment Fixed with r68829
svn path=/trunk/; revision=68829
2015-08-26 18:20:04 +00:00
|
|
|
FileName = GetBestFileNameFromRecord(DeviceExt, MftRecord);
|
2015-05-26 07:10:45 +00:00
|
|
|
if (FileName == NULL)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("$FILE_NAME attribute not found for %I64x\n", Id);
|
|
|
|
|
Status = STATUS_OBJECT_PATH_NOT_FOUND;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-14 15:35:35 +00:00
|
|
|
WritePosition -= FileName->NameLength;
|
|
|
|
|
ASSERT(WritePosition < MAX_PATH);
|
|
|
|
|
RtlCopyMemory(FullPath + WritePosition, FileName->Name, FileName->NameLength * sizeof(WCHAR));
|
|
|
|
|
WritePosition -= 1;
|
|
|
|
|
ASSERT(WritePosition < MAX_PATH);
|
|
|
|
|
FullPath[WritePosition] = L'\\';
|
|
|
|
|
|
|
|
|
|
Id = FileName->DirectoryFileReferenceNumber & NTFS_MFT_MASK;
|
|
|
|
|
if (Id == NTFS_FILE_ROOT)
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-31 13:14:24 +00:00
|
|
|
ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, MftRecord);
|
2015-02-14 15:35:35 +00:00
|
|
|
|
2015-02-14 15:41:44 +00:00
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
return Status;
|
|
|
|
|
|
2015-02-14 15:35:35 +00:00
|
|
|
OutPath->Length = (MAX_PATH - WritePosition - 1) * sizeof(WCHAR);
|
|
|
|
|
OutPath->MaximumLength = (MAX_PATH - WritePosition) * sizeof(WCHAR);
|
|
|
|
|
OutPath->Buffer = ExAllocatePoolWithTag(NonPagedPool, OutPath->MaximumLength, TAG_NTFS);
|
|
|
|
|
if (OutPath->Buffer == NULL)
|
|
|
|
|
{
|
|
|
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
|
|
|
}
|
|
|
|
|
RtlCopyMemory(OutPath->Buffer, FullPath + WritePosition, OutPath->MaximumLength);
|
|
|
|
|
|
|
|
|
|
return Status;
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-31 21:28:52 +00:00
|
|
|
static
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NtfsOpenFileById(PDEVICE_EXTENSION DeviceExt,
|
|
|
|
|
PFILE_OBJECT FileObject,
|
|
|
|
|
ULONGLONG MftId,
|
|
|
|
|
PNTFS_FCB * FoundFCB)
|
|
|
|
|
{
|
|
|
|
|
NTSTATUS Status;
|
|
|
|
|
PNTFS_FCB FCB;
|
|
|
|
|
PFILE_RECORD_HEADER MftRecord;
|
|
|
|
|
|
2019-06-15 16:24:27 +00:00
|
|
|
DPRINT("NtfsOpenFileById(%p, %p, %I64x, %p)\n", DeviceExt, FileObject, MftId, FoundFCB);
|
2015-05-31 21:28:52 +00:00
|
|
|
|
2017-07-18 19:59:36 +00:00
|
|
|
ASSERT(MftId < NTFS_FILE_FIRST_USER_FILE);
|
2015-05-31 21:28:52 +00:00
|
|
|
if (MftId > 0xb) /* No entries are used yet beyond this */
|
|
|
|
|
{
|
|
|
|
|
return STATUS_OBJECT_NAME_NOT_FOUND;
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-31 13:14:24 +00:00
|
|
|
MftRecord = ExAllocateFromNPagedLookasideList(&DeviceExt->FileRecLookasideList);
|
2015-05-31 21:28:52 +00:00
|
|
|
if (MftRecord == NULL)
|
|
|
|
|
{
|
|
|
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Status = ReadFileRecord(DeviceExt, MftId, MftRecord);
|
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
2017-12-31 13:14:24 +00:00
|
|
|
ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, MftRecord);
|
2015-05-31 21:28:52 +00:00
|
|
|
return Status;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!(MftRecord->Flags & FRH_IN_USE))
|
|
|
|
|
{
|
2017-12-31 13:14:24 +00:00
|
|
|
ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, MftRecord);
|
2015-05-31 21:28:52 +00:00
|
|
|
return STATUS_OBJECT_PATH_NOT_FOUND;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
FCB = NtfsGrabFCBFromTable(DeviceExt, MftIdToName[MftId]);
|
|
|
|
|
if (FCB == NULL)
|
|
|
|
|
{
|
|
|
|
|
UNICODE_STRING Name;
|
|
|
|
|
|
|
|
|
|
RtlInitUnicodeString(&Name, MftIdToName[MftId]);
|
2015-06-28 13:14:07 +00:00
|
|
|
Status = NtfsMakeFCBFromDirEntry(DeviceExt, NULL, &Name, NULL, MftRecord, MftId, &FCB);
|
2015-05-31 21:28:52 +00:00
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
2017-12-31 13:14:24 +00:00
|
|
|
ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, MftRecord);
|
2015-05-31 21:28:52 +00:00
|
|
|
return Status;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ASSERT(FCB != NULL);
|
|
|
|
|
|
2017-12-31 13:14:24 +00:00
|
|
|
ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, MftRecord);
|
2015-05-31 21:28:52 +00:00
|
|
|
|
|
|
|
|
Status = NtfsAttachFCBToFileObject(DeviceExt,
|
|
|
|
|
FCB,
|
|
|
|
|
FileObject);
|
|
|
|
|
*FoundFCB = FCB;
|
|
|
|
|
|
|
|
|
|
return Status;
|
|
|
|
|
}
|
|
|
|
|
|
2002-06-25 22:23:06 +00:00
|
|
|
/*
|
|
|
|
|
* FUNCTION: Opens a file
|
|
|
|
|
*/
|
2013-06-16 12:15:06 +00:00
|
|
|
static
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NtfsOpenFile(PDEVICE_EXTENSION DeviceExt,
|
|
|
|
|
PFILE_OBJECT FileObject,
|
2014-10-11 18:00:46 +00:00
|
|
|
PWSTR FileName,
|
2017-06-24 04:36:28 +00:00
|
|
|
BOOLEAN CaseSensitive,
|
2014-10-11 18:00:46 +00:00
|
|
|
PNTFS_FCB * FoundFCB)
|
2002-06-25 22:23:06 +00:00
|
|
|
{
|
2013-06-16 12:15:06 +00:00
|
|
|
PNTFS_FCB ParentFcb;
|
|
|
|
|
PNTFS_FCB Fcb;
|
|
|
|
|
NTSTATUS Status;
|
|
|
|
|
PWSTR AbsFileName = NULL;
|
2002-06-25 22:23:06 +00:00
|
|
|
|
2019-06-15 16:24:27 +00:00
|
|
|
DPRINT("NtfsOpenFile(%p, %p, %S, %s, %p)\n",
|
2017-06-24 04:36:28 +00:00
|
|
|
DeviceExt,
|
|
|
|
|
FileObject,
|
|
|
|
|
FileName,
|
|
|
|
|
CaseSensitive ? "TRUE" : "FALSE",
|
|
|
|
|
FoundFCB);
|
2014-10-11 18:00:46 +00:00
|
|
|
|
|
|
|
|
*FoundFCB = NULL;
|
2002-06-25 22:23:06 +00:00
|
|
|
|
2015-02-14 15:35:35 +00:00
|
|
|
if (FileObject->RelatedFileObject)
|
2002-06-25 22:23:06 +00:00
|
|
|
{
|
2015-02-14 15:35:35 +00:00
|
|
|
DPRINT("Converting relative filename to absolute filename\n");
|
2002-06-25 22:23:06 +00:00
|
|
|
|
2015-02-14 15:35:35 +00:00
|
|
|
Status = NtfsMakeAbsoluteFilename(FileObject->RelatedFileObject,
|
|
|
|
|
FileName,
|
|
|
|
|
&AbsFileName);
|
|
|
|
|
if (AbsFileName) FileName = AbsFileName;
|
|
|
|
|
if (!NT_SUCCESS(Status))
|
2014-12-14 21:18:47 +00:00
|
|
|
{
|
2015-02-14 15:35:35 +00:00
|
|
|
return Status;
|
2014-12-14 21:18:47 +00:00
|
|
|
}
|
|
|
|
|
}
|
2015-02-14 15:35:35 +00:00
|
|
|
|
2016-11-13 15:31:39 +00:00
|
|
|
//FIXME: Get canonical path name (remove .'s, ..'s and extra separators)
|
2015-02-14 15:35:35 +00:00
|
|
|
|
|
|
|
|
DPRINT("PathName to open: %S\n", FileName);
|
|
|
|
|
|
|
|
|
|
/* try first to find an existing FCB in memory */
|
|
|
|
|
DPRINT("Checking for existing FCB in memory\n");
|
|
|
|
|
Fcb = NtfsGrabFCBFromTable(DeviceExt,
|
|
|
|
|
FileName);
|
|
|
|
|
if (Fcb == NULL)
|
2002-06-25 22:23:06 +00:00
|
|
|
{
|
2015-02-14 15:35:35 +00:00
|
|
|
DPRINT("No existing FCB found, making a new one if file exists.\n");
|
|
|
|
|
Status = NtfsGetFCBForFile(DeviceExt,
|
|
|
|
|
&ParentFcb,
|
|
|
|
|
&Fcb,
|
2017-06-24 04:36:28 +00:00
|
|
|
FileName,
|
|
|
|
|
CaseSensitive);
|
2015-02-14 15:35:35 +00:00
|
|
|
if (ParentFcb != NULL)
|
2013-06-16 12:15:06 +00:00
|
|
|
{
|
2015-02-14 15:35:35 +00:00
|
|
|
NtfsReleaseFCB(DeviceExt,
|
|
|
|
|
ParentFcb);
|
2013-06-16 12:15:06 +00:00
|
|
|
}
|
|
|
|
|
|
2017-07-05 22:10:22 +00:00
|
|
|
if (!NT_SUCCESS(Status))
|
2015-02-14 15:35:35 +00:00
|
|
|
{
|
|
|
|
|
DPRINT("Could not make a new FCB, status: %x\n", Status);
|
2013-06-16 12:15:06 +00:00
|
|
|
|
2015-02-14 15:35:35 +00:00
|
|
|
if (AbsFileName)
|
2017-07-04 22:34:17 +00:00
|
|
|
ExFreePoolWithTag(AbsFileName, TAG_NTFS);
|
2013-06-16 12:15:06 +00:00
|
|
|
|
2015-02-14 15:35:35 +00:00
|
|
|
return Status;
|
2013-06-16 12:15:06 +00:00
|
|
|
}
|
2002-06-25 22:23:06 +00:00
|
|
|
}
|
|
|
|
|
|
2013-06-16 12:15:06 +00:00
|
|
|
DPRINT("Attaching FCB to fileObject\n");
|
|
|
|
|
Status = NtfsAttachFCBToFileObject(DeviceExt,
|
|
|
|
|
Fcb,
|
|
|
|
|
FileObject);
|
2002-06-25 22:23:06 +00:00
|
|
|
|
2013-06-16 12:15:06 +00:00
|
|
|
if (AbsFileName)
|
|
|
|
|
ExFreePool(AbsFileName);
|
2002-06-25 22:23:06 +00:00
|
|
|
|
2014-10-11 18:00:46 +00:00
|
|
|
*FoundFCB = Fcb;
|
|
|
|
|
|
2013-06-16 12:15:06 +00:00
|
|
|
return Status;
|
2002-06-25 22:23:06 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* FUNCTION: Opens a file
|
|
|
|
|
*/
|
2013-06-16 12:15:06 +00:00
|
|
|
static
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NtfsCreateFile(PDEVICE_OBJECT DeviceObject,
|
2017-06-23 17:30:13 +00:00
|
|
|
PNTFS_IRP_CONTEXT IrpContext)
|
2002-06-25 22:23:06 +00:00
|
|
|
{
|
2013-06-16 12:15:06 +00:00
|
|
|
PDEVICE_EXTENSION DeviceExt;
|
|
|
|
|
PIO_STACK_LOCATION Stack;
|
|
|
|
|
PFILE_OBJECT FileObject;
|
|
|
|
|
ULONG RequestedDisposition;
|
2014-09-25 20:21:34 +00:00
|
|
|
ULONG RequestedOptions;
|
2015-05-31 21:28:52 +00:00
|
|
|
PNTFS_FCB Fcb = NULL;
|
2013-06-16 12:15:06 +00:00
|
|
|
// PWSTR FileName;
|
|
|
|
|
NTSTATUS Status;
|
2015-02-14 15:35:35 +00:00
|
|
|
UNICODE_STRING FullPath;
|
2017-06-23 17:30:13 +00:00
|
|
|
PIRP Irp = IrpContext->Irp;
|
2013-06-16 12:15:06 +00:00
|
|
|
|
2019-06-15 16:24:27 +00:00
|
|
|
DPRINT("NtfsCreateFile(%p, %p) called\n", DeviceObject, IrpContext);
|
2013-06-16 12:15:06 +00:00
|
|
|
|
|
|
|
|
DeviceExt = DeviceObject->DeviceExtension;
|
|
|
|
|
ASSERT(DeviceExt);
|
2017-07-05 22:10:22 +00:00
|
|
|
Stack = IoGetCurrentIrpStackLocation(Irp);
|
2013-06-16 12:15:06 +00:00
|
|
|
ASSERT(Stack);
|
|
|
|
|
|
|
|
|
|
RequestedDisposition = ((Stack->Parameters.Create.Options >> 24) & 0xff);
|
2014-09-25 20:21:34 +00:00
|
|
|
RequestedOptions = Stack->Parameters.Create.Options & FILE_VALID_OPTION_FLAGS;
|
2002-06-25 22:23:06 +00:00
|
|
|
// PagingFileCreate = (Stack->Flags & SL_OPEN_PAGING_FILE) ? TRUE : FALSE;
|
2014-09-25 20:21:34 +00:00
|
|
|
if (RequestedOptions & FILE_DIRECTORY_FILE &&
|
|
|
|
|
RequestedDisposition == FILE_SUPERSEDE)
|
|
|
|
|
{
|
|
|
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
|
}
|
2002-06-25 22:23:06 +00:00
|
|
|
|
2016-02-22 22:20:54 +00:00
|
|
|
/* Deny create if the volume is locked */
|
|
|
|
|
if (DeviceExt->Flags & VCB_VOLUME_LOCKED)
|
|
|
|
|
{
|
|
|
|
|
return STATUS_ACCESS_DENIED;
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-16 12:15:06 +00:00
|
|
|
FileObject = Stack->FileObject;
|
2002-06-25 22:23:06 +00:00
|
|
|
|
2015-02-14 15:35:35 +00:00
|
|
|
if ((RequestedOptions & FILE_OPEN_BY_FILE_ID) == FILE_OPEN_BY_FILE_ID)
|
2014-12-14 21:18:47 +00:00
|
|
|
{
|
2015-05-26 07:10:45 +00:00
|
|
|
ULONGLONG MFTId;
|
|
|
|
|
|
2015-02-14 15:35:35 +00:00
|
|
|
if (FileObject->FileName.Length != sizeof(ULONGLONG))
|
|
|
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
|
|
2015-05-26 07:10:45 +00:00
|
|
|
MFTId = (*(PULONGLONG)FileObject->FileName.Buffer) & NTFS_MFT_MASK;
|
2017-07-18 19:59:36 +00:00
|
|
|
if (MFTId < NTFS_FILE_FIRST_USER_FILE)
|
2015-05-26 07:10:45 +00:00
|
|
|
{
|
2015-05-31 21:28:52 +00:00
|
|
|
Status = NtfsOpenFileById(DeviceExt, FileObject, MFTId, &Fcb);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
Status = NtfsMoonWalkID(DeviceExt, MFTId, &FullPath);
|
2015-05-26 07:10:45 +00:00
|
|
|
}
|
|
|
|
|
|
2015-02-14 15:35:35 +00:00
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
return Status;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
DPRINT1("Open by ID: %I64x -> %wZ\n", (*(PULONGLONG)FileObject->FileName.Buffer) & NTFS_MFT_MASK, &FullPath);
|
2014-12-14 21:18:47 +00:00
|
|
|
}
|
|
|
|
|
|
2014-09-25 20:21:34 +00:00
|
|
|
/* This a open operation for the volume itself */
|
|
|
|
|
if (FileObject->FileName.Length == 0 &&
|
|
|
|
|
(FileObject->RelatedFileObject == NULL || FileObject->RelatedFileObject->FsContext2 != NULL))
|
|
|
|
|
{
|
|
|
|
|
if (RequestedDisposition != FILE_OPEN &&
|
|
|
|
|
RequestedDisposition != FILE_OPEN_IF)
|
|
|
|
|
{
|
|
|
|
|
return STATUS_ACCESS_DENIED;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (RequestedOptions & FILE_DIRECTORY_FILE)
|
|
|
|
|
{
|
|
|
|
|
return STATUS_NOT_A_DIRECTORY;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
NtfsAttachFCBToFileObject(DeviceExt, DeviceExt->VolumeFcb, FileObject);
|
|
|
|
|
DeviceExt->VolumeFcb->RefCount++;
|
|
|
|
|
|
|
|
|
|
Irp->IoStatus.Information = FILE_OPENED;
|
|
|
|
|
return STATUS_SUCCESS;
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-31 21:28:52 +00:00
|
|
|
if (Fcb == NULL)
|
2015-02-14 15:35:35 +00:00
|
|
|
{
|
2015-05-31 21:28:52 +00:00
|
|
|
Status = NtfsOpenFile(DeviceExt,
|
|
|
|
|
FileObject,
|
|
|
|
|
((RequestedOptions & FILE_OPEN_BY_FILE_ID) ? FullPath.Buffer : FileObject->FileName.Buffer),
|
2017-06-28 18:22:42 +00:00
|
|
|
BooleanFlagOn(Stack->Flags, SL_CASE_SENSITIVE),
|
2015-05-31 21:28:52 +00:00
|
|
|
&Fcb);
|
|
|
|
|
|
|
|
|
|
if (RequestedOptions & FILE_OPEN_BY_FILE_ID)
|
|
|
|
|
{
|
|
|
|
|
ExFreePoolWithTag(FullPath.Buffer, TAG_NTFS);
|
|
|
|
|
}
|
2015-02-14 15:35:35 +00:00
|
|
|
}
|
|
|
|
|
|
2014-10-12 11:48:42 +00:00
|
|
|
if (NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
if (RequestedDisposition == FILE_CREATE)
|
|
|
|
|
{
|
|
|
|
|
Irp->IoStatus.Information = FILE_EXISTS;
|
|
|
|
|
NtfsCloseFile(DeviceExt, FileObject);
|
|
|
|
|
return STATUS_OBJECT_NAME_COLLISION;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (RequestedOptions & FILE_NON_DIRECTORY_FILE &&
|
|
|
|
|
NtfsFCBIsDirectory(Fcb))
|
|
|
|
|
{
|
|
|
|
|
NtfsCloseFile(DeviceExt, FileObject);
|
|
|
|
|
return STATUS_FILE_IS_A_DIRECTORY;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (RequestedOptions & FILE_DIRECTORY_FILE &&
|
|
|
|
|
!NtfsFCBIsDirectory(Fcb))
|
|
|
|
|
{
|
|
|
|
|
NtfsCloseFile(DeviceExt, FileObject);
|
|
|
|
|
return STATUS_NOT_A_DIRECTORY;
|
|
|
|
|
}
|
2014-10-13 17:57:25 +00:00
|
|
|
|
2014-12-07 20:59:45 +00:00
|
|
|
/*
|
2014-12-07 14:05:47 +00:00
|
|
|
* If it is a reparse point & FILE_OPEN_REPARSE_POINT, then allow opening it
|
|
|
|
|
* as a normal file.
|
2014-12-07 20:59:45 +00:00
|
|
|
* Otherwise, attempt to read reparse data and hand them to the Io manager
|
|
|
|
|
* with status reparse to force a reparse.
|
2014-12-07 14:05:47 +00:00
|
|
|
*/
|
|
|
|
|
if (NtfsFCBIsReparsePoint(Fcb) &&
|
|
|
|
|
((RequestedOptions & FILE_OPEN_REPARSE_POINT) != FILE_OPEN_REPARSE_POINT))
|
|
|
|
|
{
|
2014-12-08 19:55:56 +00:00
|
|
|
PREPARSE_DATA_BUFFER ReparseData = NULL;
|
|
|
|
|
|
|
|
|
|
Status = NtfsReadFCBAttribute(DeviceExt, Fcb,
|
|
|
|
|
AttributeReparsePoint, L"", 0,
|
|
|
|
|
(PVOID *)&Irp->Tail.Overlay.AuxiliaryBuffer);
|
|
|
|
|
if (NT_SUCCESS(Status))
|
2014-12-07 20:59:45 +00:00
|
|
|
{
|
2014-12-08 19:55:56 +00:00
|
|
|
ReparseData = (PREPARSE_DATA_BUFFER)Irp->Tail.Overlay.AuxiliaryBuffer;
|
|
|
|
|
if (ReparseData->ReparseTag == IO_REPARSE_TAG_MOUNT_POINT)
|
2014-12-07 20:59:45 +00:00
|
|
|
{
|
2014-12-08 19:55:56 +00:00
|
|
|
Status = STATUS_REPARSE;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
Status = STATUS_NOT_IMPLEMENTED;
|
|
|
|
|
ExFreePoolWithTag(ReparseData, TAG_NTFS);
|
2014-12-07 20:59:45 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-12-08 19:55:56 +00:00
|
|
|
Irp->IoStatus.Information = ((Status == STATUS_REPARSE) ? ReparseData->ReparseTag : 0);
|
2014-12-08 07:35:45 +00:00
|
|
|
|
2014-12-07 14:05:47 +00:00
|
|
|
NtfsCloseFile(DeviceExt, FileObject);
|
2014-12-07 20:59:45 +00:00
|
|
|
return Status;
|
2014-12-07 14:05:47 +00:00
|
|
|
}
|
|
|
|
|
|
2014-10-13 17:57:25 +00:00
|
|
|
if (RequestedDisposition == FILE_OVERWRITE ||
|
|
|
|
|
RequestedDisposition == FILE_OVERWRITE_IF ||
|
|
|
|
|
RequestedDisposition == FILE_SUPERSEDE)
|
|
|
|
|
{
|
2016-06-26 21:06:02 +00:00
|
|
|
PFILE_RECORD_HEADER fileRecord = NULL;
|
|
|
|
|
PNTFS_ATTR_CONTEXT dataContext = NULL;
|
|
|
|
|
ULONG DataAttributeOffset;
|
|
|
|
|
LARGE_INTEGER Zero;
|
|
|
|
|
Zero.QuadPart = 0;
|
|
|
|
|
|
2017-05-27 19:32:43 +00:00
|
|
|
if (!NtfsGlobalData->EnableWriteSupport)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("NTFS write-support is EXPERIMENTAL and is disabled by default!\n");
|
|
|
|
|
NtfsCloseFile(DeviceExt, FileObject);
|
|
|
|
|
return STATUS_ACCESS_DENIED;
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-26 21:06:02 +00:00
|
|
|
// TODO: check for appropriate access
|
2021-06-11 12:29:21 +00:00
|
|
|
|
2016-06-26 21:06:02 +00:00
|
|
|
ExAcquireResourceExclusiveLite(&(Fcb->MainResource), TRUE);
|
|
|
|
|
|
2017-12-31 13:14:24 +00:00
|
|
|
fileRecord = ExAllocateFromNPagedLookasideList(&Fcb->Vcb->FileRecLookasideList);
|
2016-06-26 21:06:02 +00:00
|
|
|
if (fileRecord)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
Status = ReadFileRecord(Fcb->Vcb,
|
|
|
|
|
Fcb->MFTIndex,
|
|
|
|
|
fileRecord);
|
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
goto DoneOverwriting;
|
|
|
|
|
|
|
|
|
|
// find the data attribute and set it's length to 0 (TODO: Handle Alternate Data Streams)
|
|
|
|
|
Status = FindAttribute(Fcb->Vcb, fileRecord, AttributeData, L"", 0, &dataContext, &DataAttributeOffset);
|
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
goto DoneOverwriting;
|
|
|
|
|
|
|
|
|
|
Status = SetAttributeDataLength(FileObject, Fcb, dataContext, DataAttributeOffset, fileRecord, &Zero);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
Status = STATUS_NO_MEMORY;
|
2021-06-11 12:29:21 +00:00
|
|
|
}
|
|
|
|
|
|
2016-06-26 21:06:02 +00:00
|
|
|
DoneOverwriting:
|
|
|
|
|
if (fileRecord)
|
2017-12-31 13:14:24 +00:00
|
|
|
ExFreeToNPagedLookasideList(&Fcb->Vcb->FileRecLookasideList, fileRecord);
|
2016-06-26 21:06:02 +00:00
|
|
|
if (dataContext)
|
|
|
|
|
ReleaseAttributeContext(dataContext);
|
|
|
|
|
|
|
|
|
|
ExReleaseResourceLite(&(Fcb->MainResource));
|
|
|
|
|
|
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
NtfsCloseFile(DeviceExt, FileObject);
|
|
|
|
|
return Status;
|
2021-06-11 12:29:21 +00:00
|
|
|
}
|
2016-06-26 21:06:02 +00:00
|
|
|
|
|
|
|
|
if (RequestedDisposition == FILE_SUPERSEDE)
|
|
|
|
|
{
|
|
|
|
|
Irp->IoStatus.Information = FILE_SUPERSEDED;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
Irp->IoStatus.Information = FILE_OVERWRITTEN;
|
|
|
|
|
}
|
2014-10-13 17:57:25 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2016-05-01 16:21:53 +00:00
|
|
|
/* HUGLY HACK: Can't create new files yet... */
|
2014-10-13 17:57:25 +00:00
|
|
|
if (RequestedDisposition == FILE_CREATE ||
|
|
|
|
|
RequestedDisposition == FILE_OPEN_IF ||
|
|
|
|
|
RequestedDisposition == FILE_OVERWRITE_IF ||
|
|
|
|
|
RequestedDisposition == FILE_SUPERSEDE)
|
2017-05-27 19:32:43 +00:00
|
|
|
{
|
|
|
|
|
if (!NtfsGlobalData->EnableWriteSupport)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("NTFS write-support is EXPERIMENTAL and is disabled by default!\n");
|
|
|
|
|
NtfsCloseFile(DeviceExt, FileObject);
|
|
|
|
|
return STATUS_ACCESS_DENIED;
|
|
|
|
|
}
|
|
|
|
|
|
2017-08-27 14:37:17 +00:00
|
|
|
// Was the user trying to create a directory?
|
2017-08-25 17:16:04 +00:00
|
|
|
if (RequestedOptions & FILE_DIRECTORY_FILE)
|
|
|
|
|
{
|
2017-08-27 14:37:17 +00:00
|
|
|
// Create the directory on disk
|
|
|
|
|
Status = NtfsCreateDirectory(DeviceExt,
|
|
|
|
|
FileObject,
|
|
|
|
|
BooleanFlagOn(Stack->Flags, SL_CASE_SENSITIVE),
|
|
|
|
|
BooleanFlagOn(IrpContext->Flags, IRPCONTEXT_CANWAIT));
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
// Create the file record on disk
|
|
|
|
|
Status = NtfsCreateFileRecord(DeviceExt,
|
|
|
|
|
FileObject,
|
|
|
|
|
BooleanFlagOn(Stack->Flags, SL_CASE_SENSITIVE),
|
|
|
|
|
BooleanFlagOn(IrpContext->Flags, IRPCONTEXT_CANWAIT));
|
2017-08-25 17:16:04 +00:00
|
|
|
}
|
|
|
|
|
|
2017-06-09 03:14:30 +00:00
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("ERROR: Couldn't create file record!\n");
|
|
|
|
|
return Status;
|
|
|
|
|
}
|
2017-04-16 00:17:07 +00:00
|
|
|
|
2017-08-27 14:37:17 +00:00
|
|
|
// Before we open the file/directory we just created, we need to change the disposition (upper 8 bits of ULONG)
|
2017-07-27 11:35:50 +00:00
|
|
|
// from create to open, since we already created the file
|
|
|
|
|
Stack->Parameters.Create.Options = (ULONG)FILE_OPEN << 24 | RequestedOptions;
|
|
|
|
|
|
|
|
|
|
// Now we should be able to open the file using NtfsCreateFile()
|
|
|
|
|
Status = NtfsCreateFile(DeviceObject, IrpContext);
|
|
|
|
|
if (NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
// We need to change Irp->IoStatus.Information to reflect creation
|
|
|
|
|
Irp->IoStatus.Information = FILE_CREATED;
|
|
|
|
|
}
|
|
|
|
|
return Status;
|
2014-10-13 17:57:25 +00:00
|
|
|
}
|
2014-10-12 11:48:42 +00:00
|
|
|
}
|
|
|
|
|
|
2016-02-22 22:20:54 +00:00
|
|
|
if (NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
Fcb->OpenHandleCount++;
|
|
|
|
|
DeviceExt->OpenHandleCount++;
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-16 12:15:06 +00:00
|
|
|
/*
|
|
|
|
|
* If the directory containing the file to open doesn't exist then
|
|
|
|
|
* fail immediately
|
|
|
|
|
*/
|
|
|
|
|
Irp->IoStatus.Information = (NT_SUCCESS(Status)) ? FILE_OPENED : 0;
|
2002-06-25 22:23:06 +00:00
|
|
|
|
2013-06-16 12:15:06 +00:00
|
|
|
return Status;
|
2002-06-25 22:23:06 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2013-06-16 12:15:06 +00:00
|
|
|
NTSTATUS
|
2015-05-25 11:58:23 +00:00
|
|
|
NtfsCreate(PNTFS_IRP_CONTEXT IrpContext)
|
2002-06-25 22:23:06 +00:00
|
|
|
{
|
2013-06-16 12:15:06 +00:00
|
|
|
PDEVICE_EXTENSION DeviceExt;
|
|
|
|
|
NTSTATUS Status;
|
2015-05-25 11:58:23 +00:00
|
|
|
PDEVICE_OBJECT DeviceObject;
|
2002-06-25 22:23:06 +00:00
|
|
|
|
2015-05-25 11:58:23 +00:00
|
|
|
DeviceObject = IrpContext->DeviceObject;
|
2013-06-16 12:15:06 +00:00
|
|
|
if (DeviceObject == NtfsGlobalData->DeviceObject)
|
2002-06-25 22:23:06 +00:00
|
|
|
{
|
2013-06-16 12:15:06 +00:00
|
|
|
/* DeviceObject represents FileSystem instead of logical volume */
|
|
|
|
|
DPRINT("Opening file system\n");
|
2015-05-25 11:58:23 +00:00
|
|
|
IrpContext->Irp->IoStatus.Information = FILE_OPENED;
|
|
|
|
|
return STATUS_SUCCESS;
|
2002-06-25 22:23:06 +00:00
|
|
|
}
|
|
|
|
|
|
2013-06-16 12:15:06 +00:00
|
|
|
DeviceExt = DeviceObject->DeviceExtension;
|
2002-06-25 22:23:06 +00:00
|
|
|
|
2015-05-25 16:52:15 +00:00
|
|
|
if (!(IrpContext->Flags & IRPCONTEXT_CANWAIT))
|
|
|
|
|
{
|
|
|
|
|
return NtfsMarkIrpContextForQueue(IrpContext);
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-16 12:15:06 +00:00
|
|
|
ExAcquireResourceExclusiveLite(&DeviceExt->DirResource,
|
|
|
|
|
TRUE);
|
|
|
|
|
Status = NtfsCreateFile(DeviceObject,
|
2017-06-23 17:30:13 +00:00
|
|
|
IrpContext);
|
2013-06-16 12:15:06 +00:00
|
|
|
ExReleaseResourceLite(&DeviceExt->DirResource);
|
2002-06-25 22:23:06 +00:00
|
|
|
|
2013-06-16 12:15:06 +00:00
|
|
|
return Status;
|
2002-06-25 22:23:06 +00:00
|
|
|
}
|
|
|
|
|
|
2017-04-16 00:17:07 +00:00
|
|
|
/**
|
2017-08-27 14:37:17 +00:00
|
|
|
* @name NtfsCreateDirectory()
|
2017-04-16 00:17:07 +00:00
|
|
|
* @implemented
|
|
|
|
|
*
|
2017-08-27 14:37:17 +00:00
|
|
|
* Creates a file record for a new directory and saves it to the MFT. Adds the filename attribute of the
|
|
|
|
|
* created directory to the parent directory's index.
|
2017-04-16 00:17:07 +00:00
|
|
|
*
|
|
|
|
|
* @param DeviceExt
|
|
|
|
|
* Points to the target disk's DEVICE_EXTENSION
|
|
|
|
|
*
|
|
|
|
|
* @param FileObject
|
2017-08-27 14:37:17 +00:00
|
|
|
* Pointer to a FILE_OBJECT describing the directory to be created
|
|
|
|
|
*
|
|
|
|
|
* @param CaseSensitive
|
|
|
|
|
* Boolean indicating if the function should operate in case-sensitive mode. This will be TRUE
|
|
|
|
|
* if an application created the folder with the FILE_FLAG_POSIX_SEMANTICS flag.
|
2017-04-16 00:17:07 +00:00
|
|
|
*
|
2017-06-23 17:30:13 +00:00
|
|
|
* @param CanWait
|
|
|
|
|
* Boolean indicating if the function is allowed to wait for exclusive access to the master file table.
|
|
|
|
|
* This will only be relevant if the MFT doesn't have any free file records and needs to be enlarged.
|
2017-08-27 14:37:17 +00:00
|
|
|
*
|
2017-04-16 00:17:07 +00:00
|
|
|
* @return
|
2017-08-27 14:37:17 +00:00
|
|
|
* STATUS_SUCCESS on success.
|
2017-04-16 00:17:07 +00:00
|
|
|
* STATUS_INSUFFICIENT_RESOURCES if unable to allocate memory for the file record.
|
2017-08-27 14:37:17 +00:00
|
|
|
* STATUS_CANT_WAIT if CanWait was FALSE and the function needed to resize the MFT but
|
2017-06-23 17:30:13 +00:00
|
|
|
* couldn't get immediate, exclusive access to it.
|
2017-04-16 00:17:07 +00:00
|
|
|
*/
|
|
|
|
|
NTSTATUS
|
2017-08-27 14:37:17 +00:00
|
|
|
NtfsCreateDirectory(PDEVICE_EXTENSION DeviceExt,
|
|
|
|
|
PFILE_OBJECT FileObject,
|
|
|
|
|
BOOLEAN CaseSensitive,
|
|
|
|
|
BOOLEAN CanWait)
|
2017-04-16 00:17:07 +00:00
|
|
|
{
|
2017-08-27 14:37:17 +00:00
|
|
|
|
2017-04-16 00:17:07 +00:00
|
|
|
NTSTATUS Status = STATUS_SUCCESS;
|
|
|
|
|
PFILE_RECORD_HEADER FileRecord;
|
|
|
|
|
PNTFS_ATTR_RECORD NextAttribute;
|
2017-06-09 03:14:30 +00:00
|
|
|
PFILENAME_ATTRIBUTE FilenameAttribute;
|
|
|
|
|
ULONGLONG ParentMftIndex;
|
|
|
|
|
ULONGLONG FileMftIndex;
|
2017-08-27 14:37:17 +00:00
|
|
|
PB_TREE Tree;
|
|
|
|
|
PINDEX_ROOT_ATTRIBUTE NewIndexRoot;
|
2017-08-27 14:43:35 +00:00
|
|
|
ULONG MaxIndexRootSize;
|
2017-08-27 14:37:17 +00:00
|
|
|
ULONG RootLength;
|
2017-04-16 00:17:07 +00:00
|
|
|
|
2019-06-15 16:24:27 +00:00
|
|
|
DPRINT("NtfsCreateFileRecord(%p, %p, %s, %s)\n",
|
2017-06-25 02:38:15 +00:00
|
|
|
DeviceExt,
|
|
|
|
|
FileObject,
|
|
|
|
|
CaseSensitive ? "TRUE" : "FALSE",
|
|
|
|
|
CanWait ? "TRUE" : "FALSE");
|
2017-06-16 06:00:09 +00:00
|
|
|
|
2017-08-27 14:37:17 +00:00
|
|
|
// Start with an empty file record
|
|
|
|
|
FileRecord = NtfsCreateEmptyFileRecord(DeviceExt);
|
|
|
|
|
if (!FileRecord)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("ERROR: Unable to allocate memory for file record!\n");
|
|
|
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Set the directory flag
|
|
|
|
|
FileRecord->Flags |= FRH_DIRECTORY;
|
|
|
|
|
|
|
|
|
|
// find where the first attribute will be added
|
|
|
|
|
NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)FileRecord + FileRecord->AttributeOffset);
|
|
|
|
|
|
|
|
|
|
// add first attribute, $STANDARD_INFORMATION
|
|
|
|
|
AddStandardInformation(FileRecord, NextAttribute);
|
|
|
|
|
|
|
|
|
|
// advance NextAttribute pointer to the next attribute
|
|
|
|
|
NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)NextAttribute + (ULONG_PTR)NextAttribute->Length);
|
|
|
|
|
|
|
|
|
|
// Add the $FILE_NAME attribute
|
|
|
|
|
AddFileName(FileRecord, NextAttribute, DeviceExt, FileObject, CaseSensitive, &ParentMftIndex);
|
|
|
|
|
|
|
|
|
|
// save a pointer to the filename attribute
|
|
|
|
|
FilenameAttribute = (PFILENAME_ATTRIBUTE)((ULONG_PTR)NextAttribute + NextAttribute->Resident.ValueOffset);
|
|
|
|
|
|
|
|
|
|
// advance NextAttribute pointer to the next attribute
|
|
|
|
|
NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)NextAttribute + (ULONG_PTR)NextAttribute->Length);
|
|
|
|
|
|
|
|
|
|
// Create an empty b-tree to represent our new index
|
|
|
|
|
Status = CreateEmptyBTree(&Tree);
|
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("ERROR: Failed to create empty B-Tree!\n");
|
2017-12-31 13:14:24 +00:00
|
|
|
ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, FileRecord);
|
2017-08-27 14:37:17 +00:00
|
|
|
return Status;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Calculate maximum size of index root
|
2021-06-11 12:29:21 +00:00
|
|
|
MaxIndexRootSize = DeviceExt->NtfsInfo.BytesPerFileRecord
|
2017-08-27 14:43:35 +00:00
|
|
|
- ((ULONG_PTR)NextAttribute - (ULONG_PTR)FileRecord)
|
|
|
|
|
- sizeof(ULONG) * 2;
|
2017-08-27 14:37:17 +00:00
|
|
|
|
|
|
|
|
// Create a new index record from the tree
|
|
|
|
|
Status = CreateIndexRootFromBTree(DeviceExt,
|
|
|
|
|
Tree,
|
|
|
|
|
MaxIndexRootSize,
|
|
|
|
|
&NewIndexRoot,
|
|
|
|
|
&RootLength);
|
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("ERROR: Unable to create empty index root!\n");
|
|
|
|
|
DestroyBTree(Tree);
|
2017-12-31 13:14:24 +00:00
|
|
|
ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, FileRecord);
|
2017-08-27 14:37:17 +00:00
|
|
|
return Status;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// We're done with the B-Tree
|
|
|
|
|
DestroyBTree(Tree);
|
|
|
|
|
|
|
|
|
|
// add the $INDEX_ROOT attribute
|
|
|
|
|
Status = AddIndexRoot(DeviceExt, FileRecord, NextAttribute, NewIndexRoot, RootLength, L"$I30", 4);
|
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("ERROR: Failed to add index root to new file record!\n");
|
2017-12-31 09:27:31 +00:00
|
|
|
ExFreePoolWithTag(NewIndexRoot, TAG_NTFS);
|
2017-12-31 13:14:24 +00:00
|
|
|
ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, FileRecord);
|
2017-08-27 14:37:17 +00:00
|
|
|
return Status;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#ifndef NDEBUG
|
|
|
|
|
NtfsDumpFileRecord(DeviceExt, FileRecord);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
// Now that we've built the file record in memory, we need to store it in the MFT.
|
|
|
|
|
Status = AddNewMftEntry(FileRecord, DeviceExt, &FileMftIndex, CanWait);
|
|
|
|
|
if (NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
// The highest 2 bytes should be the sequence number, unless the parent happens to be root
|
|
|
|
|
if (FileMftIndex == NTFS_FILE_ROOT)
|
|
|
|
|
FileMftIndex = FileMftIndex + ((ULONGLONG)NTFS_FILE_ROOT << 48);
|
|
|
|
|
else
|
|
|
|
|
FileMftIndex = FileMftIndex + ((ULONGLONG)FileRecord->SequenceNumber << 48);
|
|
|
|
|
|
|
|
|
|
DPRINT1("New File Reference: 0x%016I64x\n", FileMftIndex);
|
|
|
|
|
|
|
|
|
|
// Add the filename attribute to the filename-index of the parent directory
|
|
|
|
|
Status = NtfsAddFilenameToDirectory(DeviceExt,
|
|
|
|
|
ParentMftIndex,
|
|
|
|
|
FileMftIndex,
|
|
|
|
|
FilenameAttribute,
|
|
|
|
|
CaseSensitive);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ExFreePoolWithTag(NewIndexRoot, TAG_NTFS);
|
2017-12-31 13:14:24 +00:00
|
|
|
ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, FileRecord);
|
2017-08-27 14:37:17 +00:00
|
|
|
|
|
|
|
|
return Status;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @name NtfsCreateEmptyFileRecord
|
|
|
|
|
* @implemented
|
|
|
|
|
*
|
|
|
|
|
* Creates a new, empty file record, with no attributes.
|
|
|
|
|
*
|
|
|
|
|
* @param DeviceExt
|
|
|
|
|
* Pointer to the DEVICE_EXTENSION of the target volume the file record will be stored on.
|
2021-06-11 12:29:21 +00:00
|
|
|
*
|
2017-08-27 14:37:17 +00:00
|
|
|
* @return
|
|
|
|
|
* A pointer to the newly-created FILE_RECORD_HEADER if the function succeeds, NULL otherwise.
|
|
|
|
|
*/
|
|
|
|
|
PFILE_RECORD_HEADER
|
|
|
|
|
NtfsCreateEmptyFileRecord(PDEVICE_EXTENSION DeviceExt)
|
|
|
|
|
{
|
|
|
|
|
PFILE_RECORD_HEADER FileRecord;
|
|
|
|
|
PNTFS_ATTR_RECORD NextAttribute;
|
|
|
|
|
|
2019-06-15 16:24:27 +00:00
|
|
|
DPRINT("NtfsCreateEmptyFileRecord(%p)\n", DeviceExt);
|
2017-08-27 14:37:17 +00:00
|
|
|
|
2017-04-16 00:17:07 +00:00
|
|
|
// allocate memory for file record
|
2017-12-31 13:14:24 +00:00
|
|
|
FileRecord = ExAllocateFromNPagedLookasideList(&DeviceExt->FileRecLookasideList);
|
2017-04-16 00:17:07 +00:00
|
|
|
if (!FileRecord)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("ERROR: Unable to allocate memory for file record!\n");
|
2017-08-27 14:37:17 +00:00
|
|
|
return NULL;
|
2017-04-16 00:17:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
RtlZeroMemory(FileRecord, DeviceExt->NtfsInfo.BytesPerFileRecord);
|
|
|
|
|
|
|
|
|
|
FileRecord->Ntfs.Type = NRH_FILE_TYPE;
|
|
|
|
|
|
|
|
|
|
// calculate USA offset and count
|
|
|
|
|
FileRecord->Ntfs.UsaOffset = FIELD_OFFSET(FILE_RECORD_HEADER, MFTRecordNumber) + sizeof(ULONG);
|
|
|
|
|
|
|
|
|
|
// size of USA (in ULONG's) will be 1 (for USA number) + 1 for every sector the file record uses
|
|
|
|
|
FileRecord->BytesAllocated = DeviceExt->NtfsInfo.BytesPerFileRecord;
|
|
|
|
|
FileRecord->Ntfs.UsaCount = (FileRecord->BytesAllocated / DeviceExt->NtfsInfo.BytesPerSector) + 1;
|
|
|
|
|
|
|
|
|
|
// setup other file record fields
|
|
|
|
|
FileRecord->SequenceNumber = 1;
|
|
|
|
|
FileRecord->AttributeOffset = FileRecord->Ntfs.UsaOffset + (2 * FileRecord->Ntfs.UsaCount);
|
2017-07-05 16:29:16 +00:00
|
|
|
FileRecord->AttributeOffset = ALIGN_UP_BY(FileRecord->AttributeOffset, ATTR_RECORD_ALIGNMENT);
|
2017-04-16 00:17:07 +00:00
|
|
|
FileRecord->Flags = FRH_IN_USE;
|
|
|
|
|
FileRecord->BytesInUse = FileRecord->AttributeOffset + sizeof(ULONG) * 2;
|
2017-08-27 14:37:17 +00:00
|
|
|
|
2017-04-16 00:17:07 +00:00
|
|
|
// find where the first attribute will be added
|
|
|
|
|
NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)FileRecord + FileRecord->AttributeOffset);
|
|
|
|
|
|
|
|
|
|
// mark the (temporary) end of the file-record
|
|
|
|
|
NextAttribute->Type = AttributeEnd;
|
|
|
|
|
NextAttribute->Length = FILE_RECORD_END;
|
|
|
|
|
|
2017-08-27 14:37:17 +00:00
|
|
|
return FileRecord;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @name NtfsCreateFileRecord()
|
|
|
|
|
* @implemented
|
|
|
|
|
*
|
|
|
|
|
* Creates a file record and saves it to the MFT. Adds the filename attribute of the
|
|
|
|
|
* created file to the parent directory's index.
|
|
|
|
|
*
|
|
|
|
|
* @param DeviceExt
|
|
|
|
|
* Points to the target disk's DEVICE_EXTENSION
|
|
|
|
|
*
|
|
|
|
|
* @param FileObject
|
|
|
|
|
* Pointer to a FILE_OBJECT describing the file to be created
|
|
|
|
|
*
|
|
|
|
|
* @param CanWait
|
|
|
|
|
* Boolean indicating if the function is allowed to wait for exclusive access to the master file table.
|
|
|
|
|
* This will only be relevant if the MFT doesn't have any free file records and needs to be enlarged.
|
2021-06-11 12:29:21 +00:00
|
|
|
*
|
2017-08-27 14:37:17 +00:00
|
|
|
* @return
|
2021-06-11 12:29:21 +00:00
|
|
|
* STATUS_SUCCESS on success.
|
2017-08-27 14:37:17 +00:00
|
|
|
* STATUS_INSUFFICIENT_RESOURCES if unable to allocate memory for the file record.
|
2021-06-11 12:29:21 +00:00
|
|
|
* STATUS_CANT_WAIT if CanWait was FALSE and the function needed to resize the MFT but
|
2017-08-27 14:37:17 +00:00
|
|
|
* couldn't get immediate, exclusive access to it.
|
|
|
|
|
*/
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NtfsCreateFileRecord(PDEVICE_EXTENSION DeviceExt,
|
|
|
|
|
PFILE_OBJECT FileObject,
|
|
|
|
|
BOOLEAN CaseSensitive,
|
|
|
|
|
BOOLEAN CanWait)
|
|
|
|
|
{
|
|
|
|
|
NTSTATUS Status = STATUS_SUCCESS;
|
|
|
|
|
PFILE_RECORD_HEADER FileRecord;
|
|
|
|
|
PNTFS_ATTR_RECORD NextAttribute;
|
|
|
|
|
PFILENAME_ATTRIBUTE FilenameAttribute;
|
|
|
|
|
ULONGLONG ParentMftIndex;
|
|
|
|
|
ULONGLONG FileMftIndex;
|
|
|
|
|
|
2019-06-15 16:24:27 +00:00
|
|
|
DPRINT("NtfsCreateFileRecord(%p, %p, %s, %s)\n",
|
2017-08-27 14:37:17 +00:00
|
|
|
DeviceExt,
|
|
|
|
|
FileObject,
|
|
|
|
|
CaseSensitive ? "TRUE" : "FALSE",
|
|
|
|
|
CanWait ? "TRUE" : "FALSE");
|
|
|
|
|
|
|
|
|
|
// allocate memory for file record
|
|
|
|
|
FileRecord = NtfsCreateEmptyFileRecord(DeviceExt);
|
|
|
|
|
if (!FileRecord)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("ERROR: Unable to allocate memory for file record!\n");
|
|
|
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// find where the first attribute will be added
|
|
|
|
|
NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)FileRecord + FileRecord->AttributeOffset);
|
|
|
|
|
|
2017-04-16 00:17:07 +00:00
|
|
|
// add first attribute, $STANDARD_INFORMATION
|
|
|
|
|
AddStandardInformation(FileRecord, NextAttribute);
|
2017-08-27 14:37:17 +00:00
|
|
|
|
2017-04-16 00:17:07 +00:00
|
|
|
// advance NextAttribute pointer to the next attribute
|
|
|
|
|
NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)NextAttribute + (ULONG_PTR)NextAttribute->Length);
|
|
|
|
|
|
|
|
|
|
// Add the $FILE_NAME attribute
|
2017-06-25 02:38:15 +00:00
|
|
|
AddFileName(FileRecord, NextAttribute, DeviceExt, FileObject, CaseSensitive, &ParentMftIndex);
|
2017-06-09 03:14:30 +00:00
|
|
|
|
|
|
|
|
// save a pointer to the filename attribute
|
|
|
|
|
FilenameAttribute = (PFILENAME_ATTRIBUTE)((ULONG_PTR)NextAttribute + NextAttribute->Resident.ValueOffset);
|
2017-04-16 00:17:07 +00:00
|
|
|
|
|
|
|
|
// advance NextAttribute pointer to the next attribute
|
|
|
|
|
NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)NextAttribute + (ULONG_PTR)NextAttribute->Length);
|
|
|
|
|
|
|
|
|
|
// add the $DATA attribute
|
|
|
|
|
AddData(FileRecord, NextAttribute);
|
|
|
|
|
|
2017-08-27 14:37:17 +00:00
|
|
|
#ifndef NDEBUG
|
2017-04-16 00:17:07 +00:00
|
|
|
// dump file record in memory (for debugging)
|
|
|
|
|
NtfsDumpFileRecord(DeviceExt, FileRecord);
|
2017-08-27 14:37:17 +00:00
|
|
|
#endif
|
2017-04-16 00:17:07 +00:00
|
|
|
|
|
|
|
|
// Now that we've built the file record in memory, we need to store it in the MFT.
|
2017-06-23 17:30:13 +00:00
|
|
|
Status = AddNewMftEntry(FileRecord, DeviceExt, &FileMftIndex, CanWait);
|
2017-06-09 03:14:30 +00:00
|
|
|
if (NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
// The highest 2 bytes should be the sequence number, unless the parent happens to be root
|
|
|
|
|
if (FileMftIndex == NTFS_FILE_ROOT)
|
|
|
|
|
FileMftIndex = FileMftIndex + ((ULONGLONG)NTFS_FILE_ROOT << 48);
|
|
|
|
|
else
|
|
|
|
|
FileMftIndex = FileMftIndex + ((ULONGLONG)FileRecord->SequenceNumber << 48);
|
|
|
|
|
|
|
|
|
|
DPRINT1("New File Reference: 0x%016I64x\n", FileMftIndex);
|
|
|
|
|
|
|
|
|
|
// Add the filename attribute to the filename-index of the parent directory
|
|
|
|
|
Status = NtfsAddFilenameToDirectory(DeviceExt,
|
|
|
|
|
ParentMftIndex,
|
|
|
|
|
FileMftIndex,
|
2017-06-28 03:45:52 +00:00
|
|
|
FilenameAttribute,
|
|
|
|
|
CaseSensitive);
|
2017-06-09 03:14:30 +00:00
|
|
|
}
|
2017-04-16 00:17:07 +00:00
|
|
|
|
2017-12-31 13:14:24 +00:00
|
|
|
ExFreeToNPagedLookasideList(&DeviceExt->FileRecLookasideList, FileRecord);
|
2017-04-16 00:17:07 +00:00
|
|
|
|
|
|
|
|
return Status;
|
|
|
|
|
}
|
|
|
|
|
|
2002-06-25 22:23:06 +00:00
|
|
|
/* EOF */
|