Rev 6151 | Rev 6297 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 6151 | Rev 6273 | ||
|---|---|---|---|
| Line 3... | Line 3... | ||
| 3 | ;; Copyright (C) KolibriOS team 2004-2016. All rights reserved. ;; |
3 | ;; Copyright (C) KolibriOS team 2004-2016. All rights reserved. ;; |
| 4 | ;; Distributed under terms of the GNU General Public License ;; |
4 | ;; Distributed under terms of the GNU General Public License ;; |
| 5 | ;; ;; |
5 | ;; ;; |
| 6 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; |
6 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; |
| Line 7... | Line 7... | ||
| 7 | 7 | ||
| Line 8... | Line 8... | ||
| 8 | $Revision: 6151 $ |
8 | $Revision: 6273 $ |
| Line 9... | Line 9... | ||
| 9 | 9 | ||
| 10 | ; NTFS driver |
10 | ; NTFS driver |
| Line 27... | Line 27... | ||
| 27 | ; Directories index $Filename (30h) attribute of all existing files. |
27 | ; Directories index $Filename (30h) attribute of all existing files. |
| 28 | ; $IndexRoot and $IndexAllocation attributes of a directory has a name — $I30. |
28 | ; $IndexRoot and $IndexAllocation attributes of a directory has a name — $I30. |
| Line 29... | Line 29... | ||
| 29 | 29 | ||
| 30 | ; Offsets: |
30 | ; Offsets: |
| - | 31 | ; record header |
|
| 31 | ; record header |
32 | magic = 0 |
| 32 | updateSequenceOffset = 4 |
33 | updateSequenceOffset = 4 |
| - | 34 | updateSequenceSize = 6 |
|
| 33 | updateSequenceSize = 6 |
35 | ; FileRecord header |
| 34 | reuseCounter = 16 |
36 | reuseCounter = 16 |
| 35 | hardLinkCounter = 12h |
37 | hardLinkCounter = 12h |
| 36 | attributeOffset = 14h |
38 | attributeOffset = 14h |
| 37 | recordFlags = 16h |
39 | recordFlags = 16h |
| Line 48... | Line 50... | ||
| 48 | nameOffset = 10 |
50 | nameOffset = 10 |
| 49 | attributeFlags = 12 |
51 | attributeFlags = 12 |
| 50 | attributeID = 14 |
52 | attributeID = 14 |
| 51 | ; resident attribute header |
53 | ; resident attribute header |
| 52 | sizeWithoutHeader = 10h |
54 | sizeWithoutHeader = 10h |
| 53 | ; attributeOffset = 14h |
55 | attributeOffset = 14h |
| 54 | indexedFlag = 16h |
56 | indexedFlag = 16h |
| 55 | ; non resident attribute header |
57 | ; non resident attribute header |
| 56 | firstVCN = 10h |
58 | firstVCN = 10h |
| 57 | lastVCN = 18h |
59 | lastVCN = 18h |
| 58 | dataRunsOffset = 20h |
60 | dataRunsOffset = 20h |
| 59 | attributeAllocatedSize = 28h |
61 | attributeAllocatedSize = 28h |
| 60 | attributeRealSize = 30h |
62 | attributeRealSize = 30h |
| 61 | initialDataSize = 38h |
63 | initialDataSize = 38h |
| 62 | ; $IndexRoot |
64 | ; $IndexRoot |
| - | 65 | indexedAttributesType = 0 |
|
| 63 | collationRule = 4 |
66 | collationRule = 4 |
| 64 | indexRecordSize = 8 |
67 | indexRecordSize = 8 |
| 65 | indexRecordSizeClus = 12 |
68 | indexRecordSizeClus = 12 |
| - | 69 | rootNode = 16 |
|
| - | 70 | ; IndexRecord header |
|
| - | 71 | recordVCN = 16 |
|
| - | 72 | recordNode = 18h |
|
| 66 | ; node header |
73 | ; node header |
| 67 | indexOffset = 0 |
74 | indexOffset = 0 |
| 68 | nodeRealSize = 4 |
75 | nodeRealSize = 4 |
| 69 | nodeAllocatedSize = 8 |
76 | nodeAllocatedSize = 8 |
| - | 77 | nonLeafFlag = 12 |
|
| 70 | ; $Filename index |
78 | ; $Filename index |
| 71 | fileRecordReference = 0 |
79 | fileRecordReference = 0 |
| 72 | fileReferenceReuse = 6 |
80 | fileReferenceReuse = 6 |
| 73 | indexAllocatedSize = 8 |
81 | indexAllocatedSize = 8 |
| 74 | indexRawSize = 10 |
82 | indexRawSize = 10 |
| Line 101... | Line 109... | ||
| 101 | BitmapStart dd ? ; first byte after area, reserved for MFT |
109 | BitmapStart dd ? ; first byte after area, reserved for MFT |
| 102 | mftBitmapBuffer dd ? ; one cluster |
110 | mftBitmapBuffer dd ? ; one cluster |
| 103 | mftBitmapSize dd ? ; bytes readen |
111 | mftBitmapSize dd ? ; bytes readen |
| 104 | mftBitmapLocation dd ? ; starting sector |
112 | mftBitmapLocation dd ? ; starting sector |
| Line 105... | Line 113... | ||
| 105 | 113 | ||
| 106 | ntfs_cur_attr dd ? ; attribute type |
114 | cur_attr dd ? ; attribute type |
| 107 | ntfs_cur_iRecord dd ? ; number of fileRecord in MFT |
115 | cur_iRecord dd ? ; number of fileRecord in MFT |
| 108 | ntfs_cur_offs dd ? ; attribute VCN in sectors |
116 | cur_offs dd ? ; attribute VCN in sectors |
| 109 | ntfs_cur_size dd ? ; max sectors to read |
117 | cur_size dd ? ; max sectors to read |
| 110 | ntfs_cur_buf dd ? |
118 | cur_buf dd ? |
| 111 | ntfs_cur_read dd ? ; bytes readen |
119 | cur_read dd ? ; bytes readen |
| 112 | ntfsLastRead dd ? ; last readen block of sectors |
120 | LastRead dd ? ; last readen block of sectors |
| 113 | newMftRecord dd ? ; number of fileRecord in MFT |
121 | newMftRecord dd ? ; number of fileRecord in MFT |
| 114 | fileDataStart dd ? ; starting cluster |
122 | fileDataStart dd ? ; starting cluster |
| 115 | fileDataSize dd ? ; in clusters |
123 | fileDataSize dd ? ; in clusters |
| 116 | fileRealSize dd ? ; in bytes |
124 | fileRealSize dd ? ; in bytes |
| 117 | indexOffset dd ? |
125 | indexOffset dd ? |
| - | 126 | nodeLastRead dd ? |
|
| 118 | nodeLastRead dd ? |
127 | fragmentCount db ? |
| 119 | ntfs_bCanContinue db ? |
128 | bCanContinue db ? |
| 120 | ntfsFolder db ? |
129 | bFolder db ? |
| 121 | ntfsWriteAttr db ? ; Warning: Don't forget to turn off!!! |
- | |
| Line 122... | Line 130... | ||
| 122 | ntfsFragmentCount db ? |
130 | bWriteAttr db ? ; Warning: Don't forget to turn off!!! |
| 123 | 131 | ||
| 124 | cur_subnode_size dd ? |
132 | cur_subnode_size dd ? |
| 125 | ntfs_attr_iRecord dd ? |
133 | attr_iRecord dd ? |
| 126 | ntfs_attr_iBaseRecord dd ? |
134 | attr_iBaseRecord dd ? |
| 127 | ntfs_attr_offs dd ? |
135 | attr_offs dd ? |
| 128 | ntfs_attr_list dd ? |
136 | attr_list dd ? |
| 129 | ntfs_attr_size dq ? |
137 | attr_size dq ? |
| 130 | ntfs_cur_tail dd ? |
138 | cur_tail dd ? |
| 131 | 139 | ||
| 132 | ntfs_attrlist_buf rb 0x400 |
140 | attrlist_buf rb 0x400 |
| 133 | ntfs_attrlist_mft_buf rb 0x400 |
141 | attrlist_mft_buf rb 0x400 |
| Line 134... | Line 142... | ||
| 134 | ntfs_bitmap_buf rb 0x400 |
142 | bitmap_buf rb 0x400 |
| 135 | ends |
143 | ends |
| 136 | 144 | ||
| Line 277... | Line 285... | ||
| 277 | mov ecx, dword [ebp+PARTITION.FirstSector+4] |
285 | mov ecx, dword [ebp+PARTITION.FirstSector+4] |
| 278 | mov dword [eax+NTFS.FirstSector+4], ecx |
286 | mov dword [eax+NTFS.FirstSector+4], ecx |
| 279 | mov ecx, [ebp+PARTITION.Disk] |
287 | mov ecx, [ebp+PARTITION.Disk] |
| 280 | mov [eax+NTFS.Disk], ecx |
288 | mov [eax+NTFS.Disk], ecx |
| 281 | mov [eax+NTFS.FSUserFunctions], ntfs_user_functions |
289 | mov [eax+NTFS.FSUserFunctions], ntfs_user_functions |
| 282 | mov [eax+NTFS.ntfsWriteAttr], 0 |
290 | mov [eax+NTFS.bWriteAttr], 0 |
| Line 283... | Line 291... | ||
| 283 | 291 | ||
| 284 | push ebx ebp esi |
292 | push ebx ebp esi |
| 285 | mov ebp, eax |
293 | mov ebp, eax |
| 286 | lea ecx, [ebp+NTFS.Lock] |
294 | lea ecx, [ebp+NTFS.Lock] |
| Line 395... | Line 403... | ||
| 395 | push eax |
403 | push eax |
| 396 | call alloc_kernel_space |
404 | call alloc_kernel_space |
| 397 | test eax, eax |
405 | test eax, eax |
| 398 | jz .failFreeIndex |
406 | jz .failFreeIndex |
| 399 | mov [ebp+NTFS.BitmapBuffer], eax |
407 | mov [ebp+NTFS.BitmapBuffer], eax |
| 400 | mov [ebp+NTFS.ntfs_cur_buf], eax |
408 | mov [ebp+NTFS.cur_buf], eax |
| 401 | mov eax, [ebp+NTFS.BitmapTotalSize] |
409 | mov eax, [ebp+NTFS.BitmapTotalSize] |
| 402 | add eax, [ebp+NTFS.mft_cluster] |
410 | add eax, [ebp+NTFS.mft_cluster] |
| 403 | shr eax, 3+2 ; reserve 1/8 of partition for $MFT |
411 | shr eax, 3+2 ; reserve 1/8 of partition for $MFT |
| 404 | shl eax, 2 |
412 | shl eax, 2 |
| 405 | mov [ebp+NTFS.BitmapStart], eax |
413 | mov [ebp+NTFS.BitmapStart], eax |
| Line 407... | Line 415... | ||
| 407 | inc eax |
415 | inc eax |
| 408 | shl eax, 3 |
416 | shl eax, 3 |
| 409 | push eax |
417 | push eax |
| 410 | push eax |
418 | push eax |
| 411 | shl eax, 3 |
419 | shl eax, 3 |
| 412 | mov [ebp+NTFS.ntfs_cur_size], eax |
420 | mov [ebp+NTFS.cur_size], eax |
| 413 | call alloc_pages |
421 | call alloc_pages |
| 414 | test eax, eax |
422 | test eax, eax |
| 415 | pop ecx |
423 | pop ecx |
| 416 | jz .failFreeBitmap |
424 | jz .failFreeBitmap |
| 417 | add eax, 3 |
425 | add eax, 3 |
| 418 | mov ebx, [ebp+NTFS.BitmapBuffer] |
426 | mov ebx, [ebp+NTFS.BitmapBuffer] |
| 419 | call commit_pages |
427 | call commit_pages |
| 420 | mov [ebp+NTFS.ntfs_cur_iRecord], 6 |
428 | mov [ebp+NTFS.cur_iRecord], 6 |
| 421 | mov [ebp+NTFS.ntfs_cur_attr], 0x80 |
429 | mov [ebp+NTFS.cur_attr], 0x80 |
| 422 | mov [ebp+NTFS.ntfs_cur_offs], 0 |
430 | mov [ebp+NTFS.cur_offs], 0 |
| 423 | call ntfs_read_attr |
431 | call ntfs_read_attr |
| 424 | jc .failFreeBitmap |
432 | jc .failFreeBitmap |
| 425 | mov eax, [ebp+NTFS.ntfs_cur_read] |
433 | mov eax, [ebp+NTFS.cur_read] |
| 426 | mov [ebp+NTFS.BitmapSize], eax |
434 | mov [ebp+NTFS.BitmapSize], eax |
| 427 | mov eax, [ebp+NTFS.ntfsLastRead] |
435 | mov eax, [ebp+NTFS.LastRead] |
| 428 | mov [ebp+NTFS.BitmapLocation], eax |
436 | mov [ebp+NTFS.BitmapLocation], eax |
| 429 | ; read MFT $BITMAP attribute |
437 | ; read MFT $BITMAP attribute |
| 430 | mov eax, [ebp+NTFS.sectors_per_cluster] |
438 | mov eax, [ebp+NTFS.sectors_per_cluster] |
| 431 | mov [ebp+NTFS.ntfs_cur_size], eax |
439 | mov [ebp+NTFS.cur_size], eax |
| 432 | shl eax, 9 |
440 | shl eax, 9 |
| 433 | stdcall kernel_alloc, eax |
441 | stdcall kernel_alloc, eax |
| 434 | test eax, eax |
442 | test eax, eax |
| 435 | jz .failFreeBitmap |
443 | jz .failFreeBitmap |
| 436 | mov [ebp+NTFS.mftBitmapBuffer], eax |
444 | mov [ebp+NTFS.mftBitmapBuffer], eax |
| 437 | mov [ebp+NTFS.ntfs_cur_buf], eax |
445 | mov [ebp+NTFS.cur_buf], eax |
| 438 | mov [ebp+NTFS.ntfs_cur_iRecord], 0 |
446 | mov [ebp+NTFS.cur_iRecord], 0 |
| 439 | mov [ebp+NTFS.ntfs_cur_attr], 0xB0 |
447 | mov [ebp+NTFS.cur_attr], 0xB0 |
| 440 | mov [ebp+NTFS.ntfs_cur_offs], 0 |
448 | mov [ebp+NTFS.cur_offs], 0 |
| 441 | call ntfs_read_attr |
449 | call ntfs_read_attr |
| 442 | mov eax, [ebp+NTFS.ntfs_cur_read] |
450 | mov eax, [ebp+NTFS.cur_read] |
| 443 | cmp eax, 4 |
451 | cmp eax, 4 |
| 444 | jc .failFreeBitmapMFT |
452 | jc .failFreeBitmapMFT |
| 445 | mov ecx, [ebp+NTFS.ntfs_attr_offs] |
453 | mov ecx, [ebp+NTFS.attr_offs] |
| 446 | cmp byte [ecx+nonResidentFlag], 1 |
454 | cmp byte [ecx+nonResidentFlag], 1 |
| 447 | jnz .failFreeBitmapMFT |
455 | jnz .failFreeBitmapMFT |
| 448 | mov [ebp+NTFS.mftBitmapSize], eax |
456 | mov [ebp+NTFS.mftBitmapSize], eax |
| 449 | mov eax, [ebp+NTFS.ntfsLastRead] |
457 | mov eax, [ebp+NTFS.LastRead] |
| 450 | mov [ebp+NTFS.mftBitmapLocation], eax |
458 | mov [ebp+NTFS.mftBitmapLocation], eax |
| Line 451... | Line 459... | ||
| 451 | 459 | ||
| 452 | mov eax, ebp |
460 | mov eax, ebp |
| 453 | .pop_exit: |
461 | .pop_exit: |
| Line 548... | Line 556... | ||
| 548 | pop ebx |
556 | pop ebx |
| 549 | pop ecx |
557 | pop ecx |
| 550 | ret |
558 | ret |
| Line 551... | Line 559... | ||
| 551 | 559 | ||
| 552 | ntfs_read_attr: |
560 | ntfs_read_attr: |
| 553 | ; [ebp+NTFS.ntfsWriteAttr]=1 -> write attribute |
561 | ; [ebp+NTFS.bWriteAttr]=1 -> write attribute |
| 554 | ; in: |
562 | ; in: |
| 555 | ; [ebp+NTFS.ntfs_cur_iRecord] = number of fileRecord |
563 | ; [ebp+NTFS.cur_iRecord] = number of fileRecord |
| 556 | ; [ebp+NTFS.ntfs_cur_attr] = attribute type |
564 | ; [ebp+NTFS.cur_attr] = attribute type |
| 557 | ; [ebp+NTFS.ntfs_cur_offs] = attribute VCN in sectors |
565 | ; [ebp+NTFS.cur_offs] = attribute VCN in sectors |
| 558 | ; [ebp+NTFS.ntfs_cur_buf] -> buffer for data |
566 | ; [ebp+NTFS.cur_buf] -> buffer for data |
| 559 | ; [ebp+NTFS.ntfs_cur_size] = max sectors to read |
567 | ; [ebp+NTFS.cur_size] = max sectors to read |
| 560 | ; out: |
568 | ; out: |
| 561 | ; [ebp+NTFS.ntfs_cur_read] = bytes readen |
569 | ; [ebp+NTFS.cur_read] = bytes readen |
| 562 | ; CF=1 -> failed, eax = disk error code, eax=0 -> something with FS |
570 | ; CF=1 -> failed, eax = disk error code, eax=0 -> something with FS |
| 563 | xor eax, eax |
571 | xor eax, eax |
| 564 | pushad |
572 | pushad |
| 565 | and [ebp+NTFS.ntfs_cur_read], 0 |
573 | and [ebp+NTFS.cur_read], 0 |
| 566 | cmp [ebp+NTFS.ntfs_cur_iRecord], 0 |
574 | cmp [ebp+NTFS.cur_iRecord], 0 |
| 567 | jnz .nomft |
575 | jnz .nomft |
| 568 | cmp [ebp+NTFS.ntfs_cur_attr], 0x80 |
576 | cmp [ebp+NTFS.cur_attr], 0x80 |
| 569 | jnz .nomft |
577 | jnz .nomft |
| 570 | mov eax, [ebp+NTFS.mft_retrieval_end] |
578 | mov eax, [ebp+NTFS.mft_retrieval_end] |
| 571 | inc eax |
579 | inc eax |
| 572 | mul [ebp+NTFS.sectors_per_cluster] |
580 | mul [ebp+NTFS.sectors_per_cluster] |
| 573 | cmp eax, [ebp+NTFS.ntfs_cur_offs] |
581 | cmp eax, [ebp+NTFS.cur_offs] |
| 574 | jbe .nomft |
582 | jbe .nomft |
| 575 | ; precalculated part of $Mft $DATA |
583 | ; precalculated part of $Mft $DATA |
| 576 | mov esi, [ebp+NTFS.mft_retrieval] |
584 | mov esi, [ebp+NTFS.mft_retrieval] |
| 577 | mov eax, [ebp+NTFS.ntfs_cur_offs] |
585 | mov eax, [ebp+NTFS.cur_offs] |
| 578 | xor edx, edx |
586 | xor edx, edx |
| 579 | div [ebp+NTFS.sectors_per_cluster] |
587 | div [ebp+NTFS.sectors_per_cluster] |
| 580 | ; eax = VCN, edx = offset in sectors from beginning of cluster |
588 | ; eax = VCN, edx = offset in sectors from beginning of cluster |
| 581 | xor ecx, ecx ; ecx will contain LCN |
589 | xor ecx, ecx ; ecx will contain LCN |
| Line 601... | Line 609... | ||
| 601 | mov eax, [ebp+NTFS.sectors_per_cluster] |
609 | mov eax, [ebp+NTFS.sectors_per_cluster] |
| 602 | mul ecx |
610 | mul ecx |
| 603 | ; eax = sector on partition |
611 | ; eax = sector on partition |
| 604 | pop edx |
612 | pop edx |
| 605 | add eax, edx |
613 | add eax, edx |
| 606 | mov ebx, [ebp+NTFS.ntfs_cur_buf] |
614 | mov ebx, [ebp+NTFS.cur_buf] |
| 607 | pop ecx |
615 | pop ecx |
| 608 | neg ecx |
616 | neg ecx |
| 609 | imul ecx, [ebp+NTFS.sectors_per_cluster] |
617 | imul ecx, [ebp+NTFS.sectors_per_cluster] |
| 610 | sub ecx, edx |
618 | sub ecx, edx |
| 611 | mov [ebp+NTFS.ntfsLastRead], eax |
619 | mov [ebp+NTFS.LastRead], eax |
| 612 | cmp ecx, [ebp+NTFS.ntfs_cur_size] |
620 | cmp ecx, [ebp+NTFS.cur_size] |
| 613 | jb @f |
621 | jb @f |
| 614 | mov ecx, [ebp+NTFS.ntfs_cur_size] |
622 | mov ecx, [ebp+NTFS.cur_size] |
| 615 | @@: |
623 | @@: |
| 616 | ; ecx = number of sequential sectors to read |
624 | ; ecx = number of sequential sectors to read |
| 617 | push eax |
625 | push eax |
| 618 | call fs_read32_sys |
626 | call fs_read32_sys |
| 619 | pop edx |
627 | pop edx |
| 620 | test eax, eax |
628 | test eax, eax |
| 621 | jnz .errread |
629 | jnz .errread |
| 622 | add [ebp+NTFS.ntfs_cur_read], 0x200 |
630 | add [ebp+NTFS.cur_read], 0x200 |
| 623 | dec [ebp+NTFS.ntfs_cur_size] |
631 | dec [ebp+NTFS.cur_size] |
| 624 | inc [ebp+NTFS.ntfs_cur_offs] |
632 | inc [ebp+NTFS.cur_offs] |
| 625 | add ebx, 0x200 |
633 | add ebx, 0x200 |
| 626 | mov [ebp+NTFS.ntfs_cur_buf], ebx |
634 | mov [ebp+NTFS.cur_buf], ebx |
| 627 | lea eax, [edx+1] |
635 | lea eax, [edx+1] |
| 628 | loop @b |
636 | loop @b |
| 629 | pop ecx |
637 | pop ecx |
| 630 | xor eax, eax |
638 | xor eax, eax |
| 631 | xor edx, edx |
639 | xor edx, edx |
| 632 | cmp [ebp+NTFS.ntfs_cur_size], eax |
640 | cmp [ebp+NTFS.cur_size], eax |
| 633 | jz @f |
641 | jz @f |
| 634 | add esi, 8 |
642 | add esi, 8 |
| 635 | push eax |
643 | push eax |
| 636 | mov eax, [ebp+NTFS.mft_retrieval_end] |
644 | mov eax, [ebp+NTFS.mft_retrieval_end] |
| 637 | shl eax, 3 |
645 | shl eax, 3 |
| Line 651... | Line 659... | ||
| 651 | popad |
659 | popad |
| 652 | ret |
660 | ret |
| 653 | .nomft: |
661 | .nomft: |
| 654 | ; 1. Read file record. |
662 | ; 1. Read file record. |
| 655 | ; N.B. This will do recursive call of read_attr for $MFT::$Data. |
663 | ; N.B. This will do recursive call of read_attr for $MFT::$Data. |
| 656 | mov eax, [ebp+NTFS.ntfs_cur_iRecord] |
664 | mov eax, [ebp+NTFS.cur_iRecord] |
| 657 | mov [ebp+NTFS.ntfs_attr_iRecord], eax |
665 | mov [ebp+NTFS.attr_iRecord], eax |
| 658 | and [ebp+NTFS.ntfs_attr_list], 0 |
666 | and [ebp+NTFS.attr_list], 0 |
| 659 | or dword [ebp+NTFS.ntfs_attr_size], -1 |
667 | or dword [ebp+NTFS.attr_size], -1 |
| 660 | or dword [ebp+NTFS.ntfs_attr_size+4], -1 |
668 | or dword [ebp+NTFS.attr_size+4], -1 |
| 661 | or [ebp+NTFS.ntfs_attr_iBaseRecord], -1 |
669 | or [ebp+NTFS.attr_iBaseRecord], -1 |
| 662 | call ntfs_read_file_record |
670 | call ntfs_read_file_record |
| 663 | jc .errret |
671 | jc .errret |
| 664 | ; 2. Find required attribute. |
672 | ; 2. Find required attribute. |
| 665 | mov eax, [ebp+NTFS.frs_buffer] |
673 | mov eax, [ebp+NTFS.frs_buffer] |
| 666 | ; a) For auxiliary records, read base record. |
674 | ; a) For auxiliary records, read base record. |
| Line 668... | Line 676... | ||
| 668 | ; but SequenceNumber is nonzero. |
676 | ; but SequenceNumber is nonzero. |
| 669 | cmp dword [eax+24h], 0 |
677 | cmp dword [eax+24h], 0 |
| 670 | jz @f |
678 | jz @f |
| 671 | mov eax, [eax+20h] |
679 | mov eax, [eax+20h] |
| 672 | .beginfindattr: |
680 | .beginfindattr: |
| 673 | mov [ebp+NTFS.ntfs_attr_iRecord], eax |
681 | mov [ebp+NTFS.attr_iRecord], eax |
| 674 | call ntfs_read_file_record |
682 | call ntfs_read_file_record |
| 675 | jc .errret |
683 | jc .errret |
| 676 | jmp @f |
684 | jmp @f |
| 677 | .newAttribute: |
685 | .newAttribute: |
| 678 | pushad |
686 | pushad |
| 679 | @@: |
687 | @@: |
| 680 | ; b) Scan for required attribute and for $ATTR_LIST |
688 | ; b) Scan for required attribute and for $ATTR_LIST |
| 681 | mov eax, [ebp+NTFS.frs_buffer] |
689 | mov eax, [ebp+NTFS.frs_buffer] |
| 682 | movzx ecx, word [eax+14h] |
690 | movzx ecx, word [eax+14h] |
| 683 | add eax, ecx |
691 | add eax, ecx |
| 684 | mov ecx, [ebp+NTFS.ntfs_cur_attr] |
692 | mov ecx, [ebp+NTFS.cur_attr] |
| 685 | and [ebp+NTFS.ntfs_attr_offs], 0 |
693 | and [ebp+NTFS.attr_offs], 0 |
| 686 | .scanattr: |
694 | .scanattr: |
| 687 | cmp dword [eax], -1 |
695 | cmp dword [eax], -1 |
| 688 | jz .scandone |
696 | jz .scandone |
| 689 | cmp dword [eax], ecx |
697 | cmp dword [eax], ecx |
| 690 | jz .okattr |
698 | jz .okattr |
| 691 | cmp [ebp+NTFS.ntfs_attr_iBaseRecord], -1 |
699 | cmp [ebp+NTFS.attr_iBaseRecord], -1 |
| 692 | jnz .scancont |
700 | jnz .scancont |
| 693 | cmp dword [eax], 0x20 ; $ATTR_LIST |
701 | cmp dword [eax], 0x20 ; $ATTR_LIST |
| 694 | jnz .scancont |
702 | jnz .scancont |
| 695 | mov [ebp+NTFS.ntfs_attr_list], eax |
703 | mov [ebp+NTFS.attr_list], eax |
| 696 | jmp .scancont |
704 | jmp .scancont |
| 697 | .okattr: |
705 | .okattr: |
| 698 | ; ignore named $DATA attributes (aka NTFS streams) |
706 | ; ignore named $DATA attributes (aka NTFS streams) |
| 699 | cmp ecx, 0x80 |
707 | cmp ecx, 0x80 |
| 700 | jnz @f |
708 | jnz @f |
| 701 | cmp byte [eax+9], 0 |
709 | cmp byte [eax+9], 0 |
| 702 | jnz .scancont |
710 | jnz .scancont |
| 703 | @@: |
711 | @@: |
| 704 | mov [ebp+NTFS.ntfs_attr_offs], eax |
712 | mov [ebp+NTFS.attr_offs], eax |
| 705 | .scancont: |
713 | .scancont: |
| 706 | add eax, [eax+4] |
714 | add eax, [eax+4] |
| 707 | jmp .scanattr |
715 | jmp .scanattr |
| 708 | .continue: |
716 | .continue: |
| 709 | pushad |
717 | pushad |
| 710 | and [ebp+NTFS.ntfs_cur_read], 0 |
718 | and [ebp+NTFS.cur_read], 0 |
| 711 | .scandone: |
719 | .scandone: |
| 712 | ; c) Check for required offset and length |
720 | ; c) Check for required offset and length |
| 713 | mov ecx, [ebp+NTFS.ntfs_attr_offs] |
721 | mov ecx, [ebp+NTFS.attr_offs] |
| 714 | jecxz .noattr |
722 | jecxz .noattr |
| 715 | push [ebp+NTFS.ntfs_cur_size] |
723 | push [ebp+NTFS.cur_size] |
| 716 | push [ebp+NTFS.ntfs_cur_read] |
724 | push [ebp+NTFS.cur_read] |
| 717 | call .doreadattr |
725 | call .doreadattr |
| 718 | pop edx |
726 | pop edx |
| 719 | pop ecx |
727 | pop ecx |
| 720 | jc @f |
728 | jc @f |
| 721 | cmp [ebp+NTFS.ntfs_bCanContinue], 0 |
729 | cmp [ebp+NTFS.bCanContinue], 0 |
| 722 | jz @f |
730 | jz @f |
| 723 | sub edx, [ebp+NTFS.ntfs_cur_read] |
731 | sub edx, [ebp+NTFS.cur_read] |
| 724 | neg edx |
732 | neg edx |
| 725 | shr edx, 9 |
733 | shr edx, 9 |
| 726 | sub ecx, edx |
734 | sub ecx, edx |
| 727 | mov [ebp+NTFS.ntfs_cur_size], ecx |
735 | mov [ebp+NTFS.cur_size], ecx |
| 728 | jnz .not_in_cur |
736 | jnz .not_in_cur |
| 729 | @@: |
737 | @@: |
| 730 | popad |
738 | popad |
| 731 | ret |
739 | ret |
| 732 | .noattr: |
740 | .noattr: |
| 733 | .not_in_cur: |
741 | .not_in_cur: |
| 734 | cmp [ebp+NTFS.ntfs_cur_attr], 0x20 |
742 | cmp [ebp+NTFS.cur_attr], 0x20 |
| 735 | jz @f |
743 | jz @f |
| 736 | mov ecx, [ebp+NTFS.ntfs_attr_list] |
744 | mov ecx, [ebp+NTFS.attr_list] |
| 737 | test ecx, ecx |
745 | test ecx, ecx |
| 738 | jnz .lookattr |
746 | jnz .lookattr |
| 739 | .ret_is_attr: |
747 | .ret_is_attr: |
| 740 | and dword [esp+28], 0 |
748 | and dword [esp+28], 0 |
| 741 | cmp [ebp+NTFS.ntfs_attr_offs], 1 ; CF set <=> ntfs_attr_offs == 0 |
749 | cmp [ebp+NTFS.attr_offs], 1 ; CF set <=> attr_offs == 0 |
| 742 | popad |
750 | popad |
| 743 | ret |
751 | ret |
| 744 | .lookattr: |
752 | .lookattr: |
| 745 | ; required attribute or required offset was not found in base record; |
753 | ; required attribute or required offset was not found in base record; |
| 746 | ; it may be present in auxiliary records; |
754 | ; it may be present in auxiliary records; |
| 747 | ; scan $ATTR_LIST |
755 | ; scan $ATTR_LIST |
| 748 | mov eax, [ebp+NTFS.ntfs_attr_iBaseRecord] |
756 | mov eax, [ebp+NTFS.attr_iBaseRecord] |
| 749 | cmp eax, -1 |
757 | cmp eax, -1 |
| 750 | jz @f |
758 | jz @f |
| 751 | call ntfs_read_file_record |
759 | call ntfs_read_file_record |
| 752 | jc .errret |
760 | jc .errret |
| 753 | or [ebp+NTFS.ntfs_attr_iBaseRecord], -1 |
761 | or [ebp+NTFS.attr_iBaseRecord], -1 |
| 754 | @@: |
762 | @@: |
| 755 | push [ebp+NTFS.ntfs_cur_offs] |
763 | push [ebp+NTFS.cur_offs] |
| 756 | push [ebp+NTFS.ntfs_cur_size] |
764 | push [ebp+NTFS.cur_size] |
| 757 | push [ebp+NTFS.ntfs_cur_read] |
765 | push [ebp+NTFS.cur_read] |
| 758 | push [ebp+NTFS.ntfs_cur_buf] |
766 | push [ebp+NTFS.cur_buf] |
| 759 | push dword [ebp+NTFS.ntfs_attr_size] |
767 | push dword [ebp+NTFS.attr_size] |
| 760 | push dword [ebp+NTFS.ntfs_attr_size+4] |
768 | push dword [ebp+NTFS.attr_size+4] |
| 761 | or dword [ebp+NTFS.ntfs_attr_size], -1 |
769 | or dword [ebp+NTFS.attr_size], -1 |
| 762 | or dword [ebp+NTFS.ntfs_attr_size+4], -1 |
770 | or dword [ebp+NTFS.attr_size+4], -1 |
| 763 | and [ebp+NTFS.ntfs_cur_offs], 0 |
771 | and [ebp+NTFS.cur_offs], 0 |
| 764 | mov [ebp+NTFS.ntfs_cur_size], 2 |
772 | mov [ebp+NTFS.cur_size], 2 |
| 765 | and [ebp+NTFS.ntfs_cur_read], 0 |
773 | and [ebp+NTFS.cur_read], 0 |
| 766 | lea eax, [ebp+NTFS.ntfs_attrlist_buf] |
774 | lea eax, [ebp+NTFS.attrlist_buf] |
| 767 | cmp [ebp+NTFS.ntfs_cur_iRecord], 0 |
775 | cmp [ebp+NTFS.cur_iRecord], 0 |
| 768 | jnz @f |
776 | jnz @f |
| 769 | lea eax, [ebp+NTFS.ntfs_attrlist_mft_buf] |
777 | lea eax, [ebp+NTFS.attrlist_mft_buf] |
| 770 | @@: |
778 | @@: |
| 771 | mov [ebp+NTFS.ntfs_cur_buf], eax |
779 | mov [ebp+NTFS.cur_buf], eax |
| 772 | push eax |
780 | push eax |
| 773 | call .doreadattr |
781 | call .doreadattr |
| 774 | pop esi |
782 | pop esi |
| 775 | mov edx, 1 |
783 | mov edx, 1 |
| 776 | pop dword [ebp+NTFS.ntfs_attr_size+4] |
784 | pop dword [ebp+NTFS.attr_size+4] |
| 777 | pop dword [ebp+NTFS.ntfs_attr_size] |
785 | pop dword [ebp+NTFS.attr_size] |
| 778 | mov ecx, [ebp+NTFS.ntfs_cur_read] |
786 | mov ecx, [ebp+NTFS.cur_read] |
| 779 | pop [ebp+NTFS.ntfs_cur_buf] |
787 | pop [ebp+NTFS.cur_buf] |
| 780 | pop [ebp+NTFS.ntfs_cur_read] |
788 | pop [ebp+NTFS.cur_read] |
| 781 | pop [ebp+NTFS.ntfs_cur_size] |
789 | pop [ebp+NTFS.cur_size] |
| 782 | pop [ebp+NTFS.ntfs_cur_offs] |
790 | pop [ebp+NTFS.cur_offs] |
| 783 | jc .errret |
791 | jc .errret |
| 784 | or edi, -1 |
792 | or edi, -1 |
| 785 | lea ecx, [ecx+esi-1Ah] |
793 | lea ecx, [ecx+esi-1Ah] |
| 786 | .scanliststart: |
794 | .scanliststart: |
| 787 | push ecx |
795 | push ecx |
| 788 | mov eax, [ebp+NTFS.ntfs_cur_attr] |
796 | mov eax, [ebp+NTFS.cur_attr] |
| 789 | .scanlist: |
797 | .scanlist: |
| 790 | cmp esi, [esp] |
798 | cmp esi, [esp] |
| 791 | jae .scanlistdone |
799 | jae .scanlistdone |
| 792 | cmp eax, [esi] |
800 | cmp eax, [esi] |
| 793 | jz @f |
801 | jz @f |
| Line 804... | Line 812... | ||
| 804 | @@: |
812 | @@: |
| 805 | push eax |
813 | push eax |
| 806 | mov eax, [esi+8] |
814 | mov eax, [esi+8] |
| 807 | test eax, eax |
815 | test eax, eax |
| 808 | jnz .testf |
816 | jnz .testf |
| 809 | mov eax, dword [ebp+NTFS.ntfs_attr_size] |
817 | mov eax, dword [ebp+NTFS.attr_size] |
| 810 | and eax, dword [ebp+NTFS.ntfs_attr_size+4] |
818 | and eax, dword [ebp+NTFS.attr_size+4] |
| 811 | cmp eax, -1 |
819 | cmp eax, -1 |
| 812 | jnz .testfz |
820 | jnz .testfz |
| 813 | ; if attribute is in auxiliary records, its size is defined only in first |
821 | ; if attribute is in auxiliary records, its size is defined only in first |
| 814 | mov eax, [esi+10h] |
822 | mov eax, [esi+10h] |
| 815 | call ntfs_read_file_record |
823 | call ntfs_read_file_record |
| Line 822... | Line 830... | ||
| 822 | jmp .errret_pop |
830 | jmp .errret_pop |
| 823 | @@: |
831 | @@: |
| 824 | mov eax, [ebp+NTFS.frs_buffer] |
832 | mov eax, [ebp+NTFS.frs_buffer] |
| 825 | movzx ecx, word [eax+14h] |
833 | movzx ecx, word [eax+14h] |
| 826 | add eax, ecx |
834 | add eax, ecx |
| 827 | mov ecx, [ebp+NTFS.ntfs_cur_attr] |
835 | mov ecx, [ebp+NTFS.cur_attr] |
| 828 | @@: |
836 | @@: |
| 829 | cmp dword [eax], -1 |
837 | cmp dword [eax], -1 |
| 830 | jz .errret2_pop |
838 | jz .errret2_pop |
| 831 | cmp dword [eax], ecx |
839 | cmp dword [eax], ecx |
| 832 | jz @f |
840 | jz @f |
| Line 840... | Line 848... | ||
| 840 | jnz .l1 |
848 | jnz .l1 |
| 841 | @@: |
849 | @@: |
| 842 | cmp byte [eax+8], 0 |
850 | cmp byte [eax+8], 0 |
| 843 | jnz .sdnores |
851 | jnz .sdnores |
| 844 | mov eax, [eax+10h] |
852 | mov eax, [eax+10h] |
| 845 | mov dword [ebp+NTFS.ntfs_attr_size], eax |
853 | mov dword [ebp+NTFS.attr_size], eax |
| 846 | and dword [ebp+NTFS.ntfs_attr_size+4], 0 |
854 | and dword [ebp+NTFS.attr_size+4], 0 |
| 847 | jmp .testfz |
855 | jmp .testfz |
| 848 | .sdnores: |
856 | .sdnores: |
| 849 | mov ecx, [eax+30h] |
857 | mov ecx, [eax+30h] |
| 850 | mov dword [ebp+NTFS.ntfs_attr_size], ecx |
858 | mov dword [ebp+NTFS.attr_size], ecx |
| 851 | mov ecx, [eax+34h] |
859 | mov ecx, [eax+34h] |
| 852 | mov dword [ebp+NTFS.ntfs_attr_size+4], ecx |
860 | mov dword [ebp+NTFS.attr_size+4], ecx |
| 853 | .testfz: |
861 | .testfz: |
| 854 | xor eax, eax |
862 | xor eax, eax |
| 855 | .testf: |
863 | .testf: |
| 856 | imul eax, [ebp+NTFS.sectors_per_cluster] |
864 | imul eax, [ebp+NTFS.sectors_per_cluster] |
| 857 | cmp eax, [ebp+NTFS.ntfs_cur_offs] |
865 | cmp eax, [ebp+NTFS.cur_offs] |
| 858 | pop eax |
866 | pop eax |
| 859 | ja @f |
867 | ja @f |
| 860 | mov edi, [esi+10h] ; keep previous iRecord |
868 | mov edi, [esi+10h] ; keep previous iRecord |
| 861 | jmp .scanlistcont |
869 | jmp .scanlistcont |
| 862 | @@: |
870 | @@: |
| Line 865... | Line 873... | ||
| 865 | cmp edi, -1 |
873 | cmp edi, -1 |
| 866 | jnz @f |
874 | jnz @f |
| 867 | popad |
875 | popad |
| 868 | ret |
876 | ret |
| 869 | @@: |
877 | @@: |
| 870 | mov eax, [ebp+NTFS.ntfs_cur_iRecord] |
878 | mov eax, [ebp+NTFS.cur_iRecord] |
| 871 | mov [ebp+NTFS.ntfs_attr_iBaseRecord], eax |
879 | mov [ebp+NTFS.attr_iBaseRecord], eax |
| 872 | mov eax, edi |
880 | mov eax, edi |
| 873 | jmp .beginfindattr |
881 | jmp .beginfindattr |
| 874 | .scanlistdone: |
882 | .scanlistdone: |
| 875 | pop ecx |
883 | pop ecx |
| 876 | sub ecx, ebp |
884 | sub ecx, ebp |
| 877 | sub ecx, NTFS.ntfs_attrlist_buf-1Ah |
885 | sub ecx, NTFS.attrlist_buf-1Ah |
| 878 | cmp [ebp+NTFS.ntfs_cur_iRecord], 0 |
886 | cmp [ebp+NTFS.cur_iRecord], 0 |
| 879 | jnz @f |
887 | jnz @f |
| 880 | sub ecx, NTFS.ntfs_attrlist_mft_buf-NTFS.ntfs_attrlist_buf |
888 | sub ecx, NTFS.attrlist_mft_buf-NTFS.attrlist_buf |
| 881 | @@: |
889 | @@: |
| 882 | cmp ecx, 0x400 |
890 | cmp ecx, 0x400 |
| 883 | jnz .scanlistfound |
891 | jnz .scanlistfound |
| 884 | inc edx |
892 | inc edx |
| 885 | push esi edi |
893 | push esi edi |
| 886 | lea esi, [ebp+NTFS.ntfs_attrlist_buf+0x200] |
894 | lea esi, [ebp+NTFS.attrlist_buf+0x200] |
| 887 | lea edi, [ebp+NTFS.ntfs_attrlist_buf] |
895 | lea edi, [ebp+NTFS.attrlist_buf] |
| 888 | cmp [ebp+NTFS.ntfs_cur_iRecord], 0 |
896 | cmp [ebp+NTFS.cur_iRecord], 0 |
| 889 | jnz @f |
897 | jnz @f |
| 890 | lea esi, [ebp+NTFS.ntfs_attrlist_mft_buf+0x200] |
898 | lea esi, [ebp+NTFS.attrlist_mft_buf+0x200] |
| 891 | lea edi, [ebp+NTFS.ntfs_attrlist_mft_buf] |
899 | lea edi, [ebp+NTFS.attrlist_mft_buf] |
| 892 | @@: |
900 | @@: |
| 893 | mov ecx, 0x200/4 |
901 | mov ecx, 0x200/4 |
| 894 | rep movsd |
902 | rep movsd |
| 895 | mov eax, edi |
903 | mov eax, edi |
| 896 | pop edi esi |
904 | pop edi esi |
| 897 | sub esi, 0x200 |
905 | sub esi, 0x200 |
| 898 | push [ebp+NTFS.ntfs_cur_offs] |
906 | push [ebp+NTFS.cur_offs] |
| 899 | push [ebp+NTFS.ntfs_cur_size] |
907 | push [ebp+NTFS.cur_size] |
| 900 | push [ebp+NTFS.ntfs_cur_read] |
908 | push [ebp+NTFS.cur_read] |
| 901 | push [ebp+NTFS.ntfs_cur_buf] |
909 | push [ebp+NTFS.cur_buf] |
| 902 | push dword [ebp+NTFS.ntfs_attr_size] |
910 | push dword [ebp+NTFS.attr_size] |
| 903 | push dword [ebp+NTFS.ntfs_attr_size+4] |
911 | push dword [ebp+NTFS.attr_size+4] |
| 904 | or dword [ebp+NTFS.ntfs_attr_size], -1 |
912 | or dword [ebp+NTFS.attr_size], -1 |
| 905 | or dword [ebp+NTFS.ntfs_attr_size+4], -1 |
913 | or dword [ebp+NTFS.attr_size+4], -1 |
| 906 | mov [ebp+NTFS.ntfs_cur_offs], edx |
914 | mov [ebp+NTFS.cur_offs], edx |
| 907 | mov [ebp+NTFS.ntfs_cur_size], 1 |
915 | mov [ebp+NTFS.cur_size], 1 |
| 908 | and [ebp+NTFS.ntfs_cur_read], 0 |
916 | and [ebp+NTFS.cur_read], 0 |
| 909 | mov [ebp+NTFS.ntfs_cur_buf], eax |
917 | mov [ebp+NTFS.cur_buf], eax |
| 910 | mov ecx, [ebp+NTFS.ntfs_attr_list] |
918 | mov ecx, [ebp+NTFS.attr_list] |
| 911 | push esi edx edi |
919 | push esi edx edi |
| 912 | call .doreadattr |
920 | call .doreadattr |
| 913 | pop edi edx esi |
921 | pop edi edx esi |
| 914 | mov ecx, [ebp+NTFS.ntfs_cur_read] |
922 | mov ecx, [ebp+NTFS.cur_read] |
| 915 | pop dword [ebp+NTFS.ntfs_attr_size+4] |
923 | pop dword [ebp+NTFS.attr_size+4] |
| 916 | pop dword [ebp+NTFS.ntfs_attr_size] |
924 | pop dword [ebp+NTFS.attr_size] |
| 917 | pop [ebp+NTFS.ntfs_cur_buf] |
925 | pop [ebp+NTFS.cur_buf] |
| 918 | pop [ebp+NTFS.ntfs_cur_read] |
926 | pop [ebp+NTFS.cur_read] |
| 919 | pop [ebp+NTFS.ntfs_cur_size] |
927 | pop [ebp+NTFS.cur_size] |
| 920 | pop [ebp+NTFS.ntfs_cur_offs] |
928 | pop [ebp+NTFS.cur_offs] |
| 921 | jc .errret |
929 | jc .errret |
| 922 | lea ecx, [ecx+ebp+NTFS.ntfs_attrlist_buf+0x200-0x1A] |
930 | lea ecx, [ecx+ebp+NTFS.attrlist_buf+0x200-0x1A] |
| 923 | cmp [ebp+NTFS.ntfs_cur_iRecord], 0 |
931 | cmp [ebp+NTFS.cur_iRecord], 0 |
| 924 | jnz .scanliststart |
932 | jnz .scanliststart |
| 925 | add ecx, NTFS.ntfs_attrlist_mft_buf-NTFS.ntfs_attrlist_buf |
933 | add ecx, NTFS.attrlist_mft_buf-NTFS.attrlist_buf |
| 926 | jmp .scanliststart |
934 | jmp .scanliststart |
| Line 927... | Line 935... | ||
| 927 | 935 | ||
| 928 | .doreadattr: |
936 | .doreadattr: |
| 929 | mov [ebp+NTFS.ntfs_bCanContinue], 0 |
937 | mov [ebp+NTFS.bCanContinue], 0 |
| 930 | cmp byte [ecx+8], 0 |
938 | cmp byte [ecx+8], 0 |
| 931 | jnz .nonresident |
939 | jnz .nonresident |
| 932 | mov eax, [ecx+10h] ; length |
940 | mov eax, [ecx+10h] ; length |
| 933 | mov esi, eax |
941 | mov esi, eax |
| 934 | mov edx, [ebp+NTFS.ntfs_cur_offs] |
942 | mov edx, [ebp+NTFS.cur_offs] |
| 935 | shr eax, 9 |
943 | shr eax, 9 |
| 936 | cmp eax, edx |
944 | cmp eax, edx |
| 937 | jb .okret |
945 | jb .okret |
| 938 | shl edx, 9 |
946 | shl edx, 9 |
| 939 | sub esi, edx |
947 | sub esi, edx |
| 940 | movzx eax, word [ecx+14h] |
948 | movzx eax, word [ecx+14h] |
| 941 | add edx, eax |
949 | add edx, eax |
| 942 | add edx, ecx ; edx -> data |
950 | add edx, ecx ; edx -> data |
| 943 | mov eax, [ebp+NTFS.ntfs_cur_size] |
951 | mov eax, [ebp+NTFS.cur_size] |
| 944 | cmp eax, (0xFFFFFFFF shr 9)+1 |
952 | cmp eax, (0xFFFFFFFF shr 9)+1 |
| 945 | jbe @f |
953 | jbe @f |
| 946 | mov eax, (0xFFFFFFFF shr 9)+1 |
954 | mov eax, (0xFFFFFFFF shr 9)+1 |
| 947 | @@: |
955 | @@: |
| 948 | shl eax, 9 |
956 | shl eax, 9 |
| 949 | cmp eax, esi |
957 | cmp eax, esi |
| 950 | jbe @f |
958 | jbe @f |
| 951 | mov eax, esi |
959 | mov eax, esi |
| 952 | @@: |
960 | @@: |
| 953 | ; eax = length, edx -> data |
961 | ; eax = length, edx -> data |
| 954 | mov [ebp+NTFS.ntfs_cur_read], eax |
962 | mov [ebp+NTFS.cur_read], eax |
| 955 | mov ecx, eax |
963 | mov ecx, eax |
| 956 | mov eax, edx |
964 | mov eax, edx |
| 957 | mov ebx, [ebp+NTFS.ntfs_cur_buf] |
965 | mov ebx, [ebp+NTFS.cur_buf] |
| 958 | call memmove |
966 | call memmove |
| 959 | and [ebp+NTFS.ntfs_cur_size], 0 ; CF=0 |
967 | and [ebp+NTFS.cur_size], 0 ; CF=0 |
| 960 | ret |
968 | ret |
| 961 | .nonresident: |
969 | .nonresident: |
| 962 | ; Not all auxiliary records contain correct FileSize info |
970 | ; Not all auxiliary records contain correct FileSize info |
| 963 | mov eax, dword [ebp+NTFS.ntfs_attr_size] |
971 | mov eax, dword [ebp+NTFS.attr_size] |
| 964 | mov edx, dword [ebp+NTFS.ntfs_attr_size+4] |
972 | mov edx, dword [ebp+NTFS.attr_size+4] |
| 965 | push eax |
973 | push eax |
| 966 | and eax, edx |
974 | and eax, edx |
| 967 | cmp eax, -1 |
975 | cmp eax, -1 |
| 968 | pop eax |
976 | pop eax |
| 969 | jnz @f |
977 | jnz @f |
| 970 | mov eax, [ecx+30h] ; FileSize |
978 | mov eax, [ecx+30h] ; FileSize |
| 971 | mov edx, [ecx+34h] |
979 | mov edx, [ecx+34h] |
| 972 | mov dword [ebp+NTFS.ntfs_attr_size], eax |
980 | mov dword [ebp+NTFS.attr_size], eax |
| 973 | mov dword [ebp+NTFS.ntfs_attr_size+4], edx |
981 | mov dword [ebp+NTFS.attr_size+4], edx |
| 974 | @@: |
982 | @@: |
| 975 | add eax, 0x1FF |
983 | add eax, 0x1FF |
| 976 | adc edx, 0 |
984 | adc edx, 0 |
| 977 | shrd eax, edx, 9 |
985 | shrd eax, edx, 9 |
| 978 | sub eax, [ebp+NTFS.ntfs_cur_offs] |
986 | sub eax, [ebp+NTFS.cur_offs] |
| 979 | ja @f |
987 | ja @f |
| 980 | ; return with nothing read |
988 | ; return with nothing read |
| 981 | and [ebp+NTFS.ntfs_cur_size], 0 |
989 | and [ebp+NTFS.cur_size], 0 |
| 982 | .okret: |
990 | .okret: |
| 983 | clc |
991 | clc |
| 984 | ret |
992 | ret |
| 985 | @@: |
993 | @@: |
| 986 | ; reduce read length |
994 | ; reduce read length |
| 987 | and [ebp+NTFS.ntfs_cur_tail], 0 |
995 | and [ebp+NTFS.cur_tail], 0 |
| 988 | cmp [ebp+NTFS.ntfs_cur_size], eax |
996 | cmp [ebp+NTFS.cur_size], eax |
| 989 | jb @f |
997 | jb @f |
| 990 | mov [ebp+NTFS.ntfs_cur_size], eax |
998 | mov [ebp+NTFS.cur_size], eax |
| 991 | mov eax, dword [ebp+NTFS.ntfs_attr_size] |
999 | mov eax, dword [ebp+NTFS.attr_size] |
| 992 | and eax, 0x1FF |
1000 | and eax, 0x1FF |
| 993 | mov [ebp+NTFS.ntfs_cur_tail], eax |
1001 | mov [ebp+NTFS.cur_tail], eax |
| 994 | @@: |
1002 | @@: |
| 995 | cmp [ebp+NTFS.ntfs_cur_size], 0 |
1003 | cmp [ebp+NTFS.cur_size], 0 |
| 996 | jz .okret |
1004 | jz .okret |
| 997 | mov eax, [ebp+NTFS.ntfs_cur_offs] |
1005 | mov eax, [ebp+NTFS.cur_offs] |
| 998 | xor edx, edx |
1006 | xor edx, edx |
| 999 | div [ebp+NTFS.sectors_per_cluster] |
1007 | div [ebp+NTFS.sectors_per_cluster] |
| 1000 | sub eax, [ecx+10h] ; first_vbo |
1008 | sub eax, [ecx+10h] ; first_vbo |
| 1001 | jb .okret |
1009 | jb .okret |
| 1002 | ; eax = cluster, edx = starting sector |
1010 | ; eax = cluster, edx = starting sector |
| 1003 | cmp [ebp+NTFS.ntfs_cur_attr], 0x80 |
1011 | cmp [ebp+NTFS.cur_attr], 0x80 |
| 1004 | jnz .sys |
1012 | jnz .sys |
| 1005 | cmp [ebp+NTFS.ntfs_cur_iRecord], 0 |
1013 | cmp [ebp+NTFS.cur_iRecord], 0 |
| 1006 | jz .sys |
1014 | jz .sys |
| 1007 | push fs_read64_app |
1015 | push fs_read64_app |
| 1008 | cmp [ebp+NTFS.ntfsWriteAttr], 1 |
1016 | cmp [ebp+NTFS.bWriteAttr], 1 |
| 1009 | jnz @f |
1017 | jnz @f |
| 1010 | mov dword[esp], fs_write64_app |
1018 | mov dword[esp], fs_write64_app |
| 1011 | jmp @f |
1019 | jmp @f |
| 1012 | .sys: |
1020 | .sys: |
| 1013 | push fs_read64_sys |
1021 | push fs_read64_sys |
| 1014 | @@: |
1022 | @@: |
| 1015 | sub esp, 10h |
1023 | sub esp, 10h |
| 1016 | movzx esi, word [ecx+20h] ; mcb_info_ofs |
1024 | movzx esi, word [ecx+20h] ; mcb_info_ofs |
| 1017 | add esi, ecx |
1025 | add esi, ecx |
| 1018 | xor edi, edi |
1026 | xor edi, edi |
| 1019 | mov [ebp+NTFS.ntfsFragmentCount], 0 |
1027 | mov [ebp+NTFS.fragmentCount], 0 |
| 1020 | .readloop: |
1028 | .readloop: |
| 1021 | call ntfs_decode_mcb_entry |
1029 | call ntfs_decode_mcb_entry |
| 1022 | jnc .break |
1030 | jnc .break |
| 1023 | add edi, [esp+8] |
1031 | add edi, [esp+8] |
| Line 1031... | Line 1039... | ||
| 1031 | add eax, edx |
1039 | add eax, edx |
| 1032 | pop ecx |
1040 | pop ecx |
| 1033 | neg ecx |
1041 | neg ecx |
| 1034 | imul ecx, [ebp+NTFS.sectors_per_cluster] |
1042 | imul ecx, [ebp+NTFS.sectors_per_cluster] |
| 1035 | sub ecx, edx |
1043 | sub ecx, edx |
| 1036 | cmp ecx, [ebp+NTFS.ntfs_cur_size] |
1044 | cmp ecx, [ebp+NTFS.cur_size] |
| 1037 | jb @f |
1045 | jb @f |
| 1038 | mov ecx, [ebp+NTFS.ntfs_cur_size] |
1046 | mov ecx, [ebp+NTFS.cur_size] |
| 1039 | @@: |
1047 | @@: |
| 1040 | mov ebx, [ebp+NTFS.ntfs_cur_buf] |
1048 | mov ebx, [ebp+NTFS.cur_buf] |
| 1041 | mov [ebp+NTFS.ntfsLastRead], eax |
1049 | mov [ebp+NTFS.LastRead], eax |
| 1042 | push ecx |
1050 | push ecx |
| 1043 | xor edx, edx |
1051 | xor edx, edx |
| 1044 | call dword[esp+18h] |
1052 | call dword[esp+18h] |
| 1045 | pop ecx |
1053 | pop ecx |
| 1046 | test eax, eax |
1054 | test eax, eax |
| 1047 | jnz .errread2 |
1055 | jnz .errread2 |
| 1048 | sub [ebp+NTFS.ntfs_cur_size], ecx |
1056 | sub [ebp+NTFS.cur_size], ecx |
| 1049 | add [ebp+NTFS.ntfs_cur_offs], ecx |
1057 | add [ebp+NTFS.cur_offs], ecx |
| 1050 | shl ecx, 9 |
1058 | shl ecx, 9 |
| 1051 | add [ebp+NTFS.ntfs_cur_read], ecx |
1059 | add [ebp+NTFS.cur_read], ecx |
| 1052 | add [ebp+NTFS.ntfs_cur_buf], ecx |
1060 | add [ebp+NTFS.cur_buf], ecx |
| 1053 | inc [ebp+NTFS.ntfsFragmentCount] |
1061 | inc [ebp+NTFS.fragmentCount] |
| 1054 | pop ecx |
1062 | pop ecx |
| 1055 | xor eax, eax |
1063 | xor eax, eax |
| 1056 | xor edx, edx |
1064 | xor edx, edx |
| 1057 | cmp [ebp+NTFS.ntfs_cur_size], 0 |
1065 | cmp [ebp+NTFS.cur_size], 0 |
| 1058 | jnz .readloop |
1066 | jnz .readloop |
| 1059 | add esp, 14h |
1067 | add esp, 14h |
| 1060 | mov eax, [ebp+NTFS.ntfs_cur_tail] |
1068 | mov eax, [ebp+NTFS.cur_tail] |
| 1061 | test eax, eax |
1069 | test eax, eax |
| 1062 | jz @f |
1070 | jz @f |
| 1063 | sub eax, 0x200 |
1071 | sub eax, 0x200 |
| 1064 | add [ebp+NTFS.ntfs_cur_read], eax |
1072 | add [ebp+NTFS.cur_read], eax |
| 1065 | @@: |
1073 | @@: |
| 1066 | clc |
1074 | clc |
| 1067 | ret |
1075 | ret |
| 1068 | .errread2: |
1076 | .errread2: |
| 1069 | pop ecx |
1077 | pop ecx |
| 1070 | add esp, 14h |
1078 | add esp, 14h |
| 1071 | stc |
1079 | stc |
| 1072 | ret |
1080 | ret |
| 1073 | .break: |
1081 | .break: |
| 1074 | add esp, 14h ; CF=0 |
1082 | add esp, 14h ; CF=0 |
| 1075 | mov [ebp+NTFS.ntfs_bCanContinue], 1 |
1083 | mov [ebp+NTFS.bCanContinue], 1 |
| 1076 | ret |
1084 | ret |
| Line 1077... | Line 1085... | ||
| 1077 | 1085 | ||
| 1078 | ntfs_read_file_record: |
1086 | ntfs_read_file_record: |
| 1079 | ; in: eax = iRecord |
1087 | ; in: eax = iRecord |
| Line 1084... | Line 1092... | ||
| 1084 | mov ecx, [ebp+NTFS.frs_size] |
1092 | mov ecx, [ebp+NTFS.frs_size] |
| 1085 | mul ecx |
1093 | mul ecx |
| 1086 | shrd eax, edx, 9 |
1094 | shrd eax, edx, 9 |
| 1087 | shr edx, 9 |
1095 | shr edx, 9 |
| 1088 | jnz .errret |
1096 | jnz .errret |
| 1089 | push [ebp+NTFS.ntfs_attr_iRecord] |
1097 | push [ebp+NTFS.attr_iRecord] |
| 1090 | push [ebp+NTFS.ntfs_attr_iBaseRecord] |
1098 | push [ebp+NTFS.attr_iBaseRecord] |
| 1091 | push [ebp+NTFS.ntfs_attr_offs] |
1099 | push [ebp+NTFS.attr_offs] |
| 1092 | push [ebp+NTFS.ntfs_attr_list] |
1100 | push [ebp+NTFS.attr_list] |
| 1093 | push dword [ebp+NTFS.ntfs_attr_size+4] |
1101 | push dword [ebp+NTFS.attr_size+4] |
| 1094 | push dword [ebp+NTFS.ntfs_attr_size] |
1102 | push dword [ebp+NTFS.attr_size] |
| 1095 | push [ebp+NTFS.ntfs_cur_iRecord] |
1103 | push [ebp+NTFS.cur_iRecord] |
| 1096 | push [ebp+NTFS.ntfs_cur_attr] |
1104 | push [ebp+NTFS.cur_attr] |
| 1097 | push [ebp+NTFS.ntfs_cur_offs] |
1105 | push [ebp+NTFS.cur_offs] |
| 1098 | push [ebp+NTFS.ntfs_cur_size] |
1106 | push [ebp+NTFS.cur_size] |
| 1099 | push [ebp+NTFS.ntfs_cur_buf] |
1107 | push [ebp+NTFS.cur_buf] |
| 1100 | push [ebp+NTFS.ntfs_cur_read] |
1108 | push [ebp+NTFS.cur_read] |
| 1101 | mov [ebp+NTFS.ntfs_cur_attr], 0x80 ; $DATA |
1109 | mov [ebp+NTFS.cur_attr], 0x80 ; $DATA |
| 1102 | and [ebp+NTFS.ntfs_cur_iRecord], 0 ; $Mft |
1110 | and [ebp+NTFS.cur_iRecord], 0 ; $Mft |
| 1103 | mov [ebp+NTFS.ntfs_cur_offs], eax |
1111 | mov [ebp+NTFS.cur_offs], eax |
| 1104 | shr ecx, 9 |
1112 | shr ecx, 9 |
| 1105 | mov [ebp+NTFS.ntfs_cur_size], ecx |
1113 | mov [ebp+NTFS.cur_size], ecx |
| 1106 | mov eax, [ebp+NTFS.frs_buffer] |
1114 | mov eax, [ebp+NTFS.frs_buffer] |
| 1107 | mov [ebp+NTFS.ntfs_cur_buf], eax |
1115 | mov [ebp+NTFS.cur_buf], eax |
| 1108 | call ntfs_read_attr |
1116 | call ntfs_read_attr |
| 1109 | mov edx, [ebp+NTFS.ntfs_cur_read] |
1117 | mov edx, [ebp+NTFS.cur_read] |
| 1110 | pop [ebp+NTFS.ntfs_cur_read] |
1118 | pop [ebp+NTFS.cur_read] |
| 1111 | pop [ebp+NTFS.ntfs_cur_buf] |
1119 | pop [ebp+NTFS.cur_buf] |
| 1112 | pop [ebp+NTFS.ntfs_cur_size] |
1120 | pop [ebp+NTFS.cur_size] |
| 1113 | pop [ebp+NTFS.ntfs_cur_offs] |
1121 | pop [ebp+NTFS.cur_offs] |
| 1114 | pop [ebp+NTFS.ntfs_cur_attr] |
1122 | pop [ebp+NTFS.cur_attr] |
| 1115 | pop [ebp+NTFS.ntfs_cur_iRecord] |
1123 | pop [ebp+NTFS.cur_iRecord] |
| 1116 | pop dword [ebp+NTFS.ntfs_attr_size] |
1124 | pop dword [ebp+NTFS.attr_size] |
| 1117 | pop dword [ebp+NTFS.ntfs_attr_size+4] |
1125 | pop dword [ebp+NTFS.attr_size+4] |
| 1118 | pop [ebp+NTFS.ntfs_attr_list] |
1126 | pop [ebp+NTFS.attr_list] |
| 1119 | pop [ebp+NTFS.ntfs_attr_offs] |
1127 | pop [ebp+NTFS.attr_offs] |
| 1120 | pop [ebp+NTFS.ntfs_attr_iBaseRecord] |
1128 | pop [ebp+NTFS.attr_iBaseRecord] |
| 1121 | pop [ebp+NTFS.ntfs_attr_iRecord] |
1129 | pop [ebp+NTFS.attr_iRecord] |
| 1122 | jc .ret |
1130 | jc .ret |
| 1123 | cmp edx, [ebp+NTFS.frs_size] |
1131 | cmp edx, [ebp+NTFS.frs_size] |
| 1124 | jnz .errret |
1132 | jnz .errret |
| 1125 | mov eax, [ebp+NTFS.frs_buffer] |
1133 | mov eax, [ebp+NTFS.frs_buffer] |
| 1126 | cmp dword [eax], 'FILE' |
1134 | cmp dword [eax], 'FILE' |
| Line 1231... | Line 1239... | ||
| 1231 | ret |
1239 | ret |
| Line 1232... | Line 1240... | ||
| 1232 | 1240 | ||
| 1233 | ntfs_find_lfn: |
1241 | ntfs_find_lfn: |
| 1234 | ; in: [esi]+[esp+4] = name |
1242 | ; in: [esi]+[esp+4] = name |
| 1235 | ; out: |
1243 | ; out: |
| 1236 | ; [ebp+NTFS.ntfs_cur_iRecord] = number of MFT fileRecord |
1244 | ; [ebp+NTFS.cur_iRecord] = number of MFT fileRecord |
| 1237 | ; eax -> index in the parent index node |
1245 | ; eax -> index in the parent index node |
| 1238 | ; CF=1 -> file not found, eax=0 -> error |
1246 | ; CF=1 -> file not found, eax=0 -> error |
| 1239 | mov [ebp+NTFS.ntfs_cur_iRecord], 5 ; start parse from root cluster |
1247 | mov [ebp+NTFS.cur_iRecord], 5 ; start parse from root cluster |
| 1240 | .doit2: |
1248 | .doit2: |
| 1241 | mov [ebp+NTFS.ntfs_cur_attr], 0x90 ; $INDEX_ROOT |
1249 | mov [ebp+NTFS.cur_attr], 0x90 ; $INDEX_ROOT |
| 1242 | and [ebp+NTFS.ntfs_cur_offs], 0 |
1250 | and [ebp+NTFS.cur_offs], 0 |
| 1243 | mov eax, [ebp+NTFS.cur_index_size] |
1251 | mov eax, [ebp+NTFS.cur_index_size] |
| 1244 | mov [ebp+NTFS.ntfs_cur_size], eax |
1252 | mov [ebp+NTFS.cur_size], eax |
| 1245 | mov eax, [ebp+NTFS.cur_index_buf] |
1253 | mov eax, [ebp+NTFS.cur_index_buf] |
| 1246 | mov [ebp+NTFS.ntfs_cur_buf], eax |
1254 | mov [ebp+NTFS.cur_buf], eax |
| 1247 | call ntfs_read_attr |
1255 | call ntfs_read_attr |
| 1248 | mov eax, 0 |
1256 | mov eax, 0 |
| 1249 | jnc @f |
1257 | jnc @f |
| 1250 | .ret: |
1258 | .ret: |
| 1251 | ret 4 |
1259 | ret 4 |
| 1252 | @@: |
1260 | @@: |
| 1253 | cmp [ebp+NTFS.ntfs_cur_read], 0x20 |
1261 | cmp [ebp+NTFS.cur_read], 0x20 |
| 1254 | jc .ret |
1262 | jc .ret |
| 1255 | pushad |
1263 | pushad |
| 1256 | mov esi, [ebp+NTFS.cur_index_buf] |
1264 | mov esi, [ebp+NTFS.cur_index_buf] |
| 1257 | mov eax, [esi+14h] |
1265 | mov eax, [esi+14h] |
| 1258 | add eax, 10h |
1266 | add eax, 10h |
| 1259 | cmp [ebp+NTFS.ntfs_cur_read], eax |
1267 | cmp [ebp+NTFS.cur_read], eax |
| 1260 | jae .readok1 |
1268 | jae .readok1 |
| 1261 | add eax, 1FFh |
1269 | add eax, 1FFh |
| 1262 | shr eax, 9 |
1270 | shr eax, 9 |
| 1263 | cmp eax, [ebp+NTFS.cur_index_size] |
1271 | cmp eax, [ebp+NTFS.cur_index_size] |
| Line 1344... | Line 1352... | ||
| 1344 | test byte [esi+0Ch], 1 |
1352 | test byte [esi+0Ch], 1 |
| 1345 | jz .notfound |
1353 | jz .notfound |
| 1346 | movzx eax, word [esi+8] |
1354 | movzx eax, word [esi+8] |
| 1347 | mov eax, [esi+eax-8] |
1355 | mov eax, [esi+eax-8] |
| 1348 | imul eax, [ebp+NTFS.sectors_per_cluster] |
1356 | imul eax, [ebp+NTFS.sectors_per_cluster] |
| 1349 | mov [ebp+NTFS.ntfs_cur_offs], eax |
1357 | mov [ebp+NTFS.cur_offs], eax |
| 1350 | mov [ebp+NTFS.ntfs_cur_attr], 0xA0 ; $INDEX_ALLOCATION |
1358 | mov [ebp+NTFS.cur_attr], 0xA0 ; $INDEX_ALLOCATION |
| 1351 | mov [ebp+NTFS.ntfs_cur_size], edx |
1359 | mov [ebp+NTFS.cur_size], edx |
| 1352 | mov eax, [ebp+NTFS.cur_index_buf] |
1360 | mov eax, [ebp+NTFS.cur_index_buf] |
| 1353 | mov esi, eax |
1361 | mov esi, eax |
| 1354 | mov [ebp+NTFS.ntfs_cur_buf], eax |
1362 | mov [ebp+NTFS.cur_buf], eax |
| 1355 | push edx |
1363 | push edx |
| 1356 | call ntfs_read_attr |
1364 | call ntfs_read_attr |
| 1357 | pop edx |
1365 | pop edx |
| 1358 | mov eax, edx |
1366 | mov eax, edx |
| 1359 | shl eax, 9 |
1367 | shl eax, 9 |
| 1360 | cmp [ebp+NTFS.ntfs_cur_read], eax |
1368 | cmp [ebp+NTFS.cur_read], eax |
| 1361 | jnz .err |
1369 | jnz .err |
| 1362 | cmp dword [esi], 'INDX' |
1370 | cmp dword [esi], 'INDX' |
| 1363 | jnz .err |
1371 | jnz .err |
| 1364 | mov [ebp+NTFS.ntfs_cur_buf], esi |
1372 | mov [ebp+NTFS.cur_buf], esi |
| 1365 | mov ebx, esi |
1373 | mov ebx, esi |
| 1366 | call ntfs_restore_usa |
1374 | call ntfs_restore_usa |
| 1367 | jc .err |
1375 | jc .err |
| 1368 | add esi, 0x18 |
1376 | add esi, 0x18 |
| 1369 | jmp .scanloop |
1377 | jmp .scanloop |
| Line 1384... | Line 1392... | ||
| 1384 | .done: |
1392 | .done: |
| 1385 | .next: |
1393 | .next: |
| 1386 | pop esi |
1394 | pop esi |
| 1387 | pop esi |
1395 | pop esi |
| 1388 | mov eax, [esi] |
1396 | mov eax, [esi] |
| 1389 | mov [ebp+NTFS.ntfs_cur_iRecord], eax |
1397 | mov [ebp+NTFS.cur_iRecord], eax |
| 1390 | mov [esp+1Ch], esi |
1398 | mov [esp+1Ch], esi |
| 1391 | mov [esp+4], edi |
1399 | mov [esp+4], edi |
| 1392 | popad |
1400 | popad |
| 1393 | inc esi |
1401 | inc esi |
| 1394 | cmp byte [esi-1], 0 |
1402 | cmp byte [esi-1], 0 |
| Line 1415... | Line 1423... | ||
| 1415 | call ntfs_unlock |
1423 | call ntfs_unlock |
| 1416 | or ebx, -1 |
1424 | or ebx, -1 |
| 1417 | movi eax, ERROR_FILE_NOT_FOUND |
1425 | movi eax, ERROR_FILE_NOT_FOUND |
| 1418 | ret |
1426 | ret |
| 1419 | .found: |
1427 | .found: |
| 1420 | mov [ebp+NTFS.ntfs_cur_attr], 0x80 ; $DATA |
1428 | mov [ebp+NTFS.cur_attr], 0x80 ; $DATA |
| 1421 | and [ebp+NTFS.ntfs_cur_offs], 0 |
1429 | and [ebp+NTFS.cur_offs], 0 |
| 1422 | and [ebp+NTFS.ntfs_cur_size], 0 |
1430 | and [ebp+NTFS.cur_size], 0 |
| 1423 | call ntfs_read_attr |
1431 | call ntfs_read_attr |
| 1424 | jnc @f |
1432 | jnc @f |
| 1425 | call ntfs_unlock |
1433 | call ntfs_unlock |
| 1426 | or ebx, -1 |
1434 | or ebx, -1 |
| 1427 | movi eax, ERROR_ACCESS_DENIED |
1435 | movi eax, ERROR_ACCESS_DENIED |
| Line 1448... | Line 1456... | ||
| 1448 | jz .alignedstart |
1456 | jz .alignedstart |
| 1449 | push edx |
1457 | push edx |
| 1450 | mov edx, [ebx+8] |
1458 | mov edx, [ebx+8] |
| 1451 | shrd eax, edx, 9 |
1459 | shrd eax, edx, 9 |
| 1452 | pop edx |
1460 | pop edx |
| 1453 | mov [ebp+NTFS.ntfs_cur_offs], eax |
1461 | mov [ebp+NTFS.cur_offs], eax |
| 1454 | mov [ebp+NTFS.ntfs_cur_size], 1 |
1462 | mov [ebp+NTFS.cur_size], 1 |
| 1455 | lea eax, [ebp+NTFS.ntfs_bitmap_buf] |
1463 | lea eax, [ebp+NTFS.bitmap_buf] |
| 1456 | mov [ebp+NTFS.ntfs_cur_buf], eax |
1464 | mov [ebp+NTFS.cur_buf], eax |
| 1457 | call ntfs_read_attr.continue |
1465 | call ntfs_read_attr.continue |
| 1458 | mov eax, [ebx+4] |
1466 | mov eax, [ebx+4] |
| 1459 | and eax, 0x1FF |
1467 | and eax, 0x1FF |
| 1460 | lea esi, [ebp+NTFS.ntfs_bitmap_buf+eax] |
1468 | lea esi, [ebp+NTFS.bitmap_buf+eax] |
| 1461 | sub eax, [ebp+NTFS.ntfs_cur_read] |
1469 | sub eax, [ebp+NTFS.cur_read] |
| 1462 | jae .eof0 |
1470 | jae .eof0 |
| 1463 | neg eax |
1471 | neg eax |
| 1464 | push ecx |
1472 | push ecx |
| 1465 | cmp ecx, eax |
1473 | cmp ecx, eax |
| 1466 | jb @f |
1474 | jb @f |
| Line 1477... | Line 1485... | ||
| 1477 | popad |
1485 | popad |
| 1478 | call ntfs_unlock |
1486 | call ntfs_unlock |
| 1479 | xor eax, eax |
1487 | xor eax, eax |
| 1480 | ret |
1488 | ret |
| 1481 | @@: |
1489 | @@: |
| 1482 | cmp [ebp+NTFS.ntfs_cur_read], 0x200 |
1490 | cmp [ebp+NTFS.cur_read], 0x200 |
| 1483 | jz .alignedstart |
1491 | jz .alignedstart |
| 1484 | .eof_ebx: |
1492 | .eof_ebx: |
| 1485 | popad |
1493 | popad |
| 1486 | jmp .eof |
1494 | jmp .eof |
| 1487 | .alignedstart: |
1495 | .alignedstart: |
| Line 1490... | Line 1498... | ||
| 1490 | mov edx, [ebx+8] |
1498 | mov edx, [ebx+8] |
| 1491 | add eax, 511 |
1499 | add eax, 511 |
| 1492 | adc edx, 0 |
1500 | adc edx, 0 |
| 1493 | shrd eax, edx, 9 |
1501 | shrd eax, edx, 9 |
| 1494 | pop edx |
1502 | pop edx |
| 1495 | mov [ebp+NTFS.ntfs_cur_offs], eax |
1503 | mov [ebp+NTFS.cur_offs], eax |
| 1496 | mov [ebp+NTFS.ntfs_cur_buf], edx |
1504 | mov [ebp+NTFS.cur_buf], edx |
| 1497 | mov eax, ecx |
1505 | mov eax, ecx |
| 1498 | shr eax, 9 |
1506 | shr eax, 9 |
| 1499 | mov [ebp+NTFS.ntfs_cur_size], eax |
1507 | mov [ebp+NTFS.cur_size], eax |
| 1500 | add eax, [ebp+NTFS.ntfs_cur_offs] |
1508 | add eax, [ebp+NTFS.cur_offs] |
| 1501 | push eax |
1509 | push eax |
| 1502 | call ntfs_read_attr.continue |
1510 | call ntfs_read_attr.continue |
| 1503 | pop [ebp+NTFS.ntfs_cur_offs] |
1511 | pop [ebp+NTFS.cur_offs] |
| 1504 | mov eax, [ebp+NTFS.ntfs_cur_read] |
1512 | mov eax, [ebp+NTFS.cur_read] |
| 1505 | add [esp+10h], eax |
1513 | add [esp+10h], eax |
| 1506 | mov eax, ecx |
1514 | mov eax, ecx |
| 1507 | and eax, not 0x1FF |
1515 | and eax, not 0x1FF |
| 1508 | cmp [ebp+NTFS.ntfs_cur_read], eax |
1516 | cmp [ebp+NTFS.cur_read], eax |
| 1509 | jnz .eof_ebx |
1517 | jnz .eof_ebx |
| 1510 | and ecx, 0x1FF |
1518 | and ecx, 0x1FF |
| 1511 | jz .retok |
1519 | jz .retok |
| 1512 | add edx, [ebp+NTFS.ntfs_cur_read] |
1520 | add edx, [ebp+NTFS.cur_read] |
| 1513 | mov [ebp+NTFS.ntfs_cur_size], 1 |
1521 | mov [ebp+NTFS.cur_size], 1 |
| 1514 | lea eax, [ebp+NTFS.ntfs_bitmap_buf] |
1522 | lea eax, [ebp+NTFS.bitmap_buf] |
| 1515 | mov [ebp+NTFS.ntfs_cur_buf], eax |
1523 | mov [ebp+NTFS.cur_buf], eax |
| 1516 | call ntfs_read_attr.continue |
1524 | call ntfs_read_attr.continue |
| 1517 | cmp [ebp+NTFS.ntfs_cur_read], ecx |
1525 | cmp [ebp+NTFS.cur_read], ecx |
| 1518 | jb @f |
1526 | jb @f |
| 1519 | mov [ebp+NTFS.ntfs_cur_read], ecx |
1527 | mov [ebp+NTFS.cur_read], ecx |
| 1520 | @@: |
1528 | @@: |
| 1521 | xchg ecx, [ebp+NTFS.ntfs_cur_read] |
1529 | xchg ecx, [ebp+NTFS.cur_read] |
| 1522 | push ecx |
1530 | push ecx |
| 1523 | mov edi, edx |
1531 | mov edi, edx |
| 1524 | lea esi, [ebp+NTFS.ntfs_bitmap_buf] |
1532 | lea esi, [ebp+NTFS.bitmap_buf] |
| 1525 | add [esp+10h+4], ecx |
1533 | add [esp+10h+4], ecx |
| 1526 | rep movsb |
1534 | rep movsb |
| 1527 | pop ecx |
1535 | pop ecx |
| 1528 | xor eax, eax |
1536 | xor eax, eax |
| 1529 | cmp ecx, [ebp+NTFS.ntfs_cur_read] |
1537 | cmp ecx, [ebp+NTFS.cur_read] |
| 1530 | jz @f |
1538 | jz @f |
| 1531 | mov al, ERROR_END_OF_FILE |
1539 | mov al, ERROR_END_OF_FILE |
| 1532 | @@: |
1540 | @@: |
| 1533 | mov [esp+1Ch], eax |
1541 | mov [esp+1Ch], eax |
| 1534 | call ntfs_unlock |
1542 | call ntfs_unlock |
| Line 1549... | Line 1557... | ||
| 1549 | .pop_ret: |
1557 | .pop_ret: |
| 1550 | call ntfs_unlock |
1558 | call ntfs_unlock |
| 1551 | pop eax |
1559 | pop eax |
| 1552 | ret |
1560 | ret |
| 1553 | .doit: |
1561 | .doit: |
| 1554 | mov [ebp+NTFS.ntfs_cur_iRecord], eax |
1562 | mov [ebp+NTFS.cur_iRecord], eax |
| 1555 | .doit2: |
1563 | .doit2: |
| 1556 | mov [ebp+NTFS.ntfs_cur_attr], 0x10 ; $STANDARD_INFORMATION |
1564 | mov [ebp+NTFS.cur_attr], 0x10 ; $STANDARD_INFORMATION |
| 1557 | and [ebp+NTFS.ntfs_cur_offs], 0 |
1565 | and [ebp+NTFS.cur_offs], 0 |
| 1558 | mov [ebp+NTFS.ntfs_cur_size], 1 |
1566 | mov [ebp+NTFS.cur_size], 1 |
| 1559 | lea eax, [ebp+NTFS.ntfs_bitmap_buf] |
1567 | lea eax, [ebp+NTFS.bitmap_buf] |
| 1560 | mov [ebp+NTFS.ntfs_cur_buf], eax |
1568 | mov [ebp+NTFS.cur_buf], eax |
| 1561 | call ntfs_read_attr |
1569 | call ntfs_read_attr |
| 1562 | jc .notfound |
1570 | jc .notfound |
| 1563 | mov [ebp+NTFS.ntfs_cur_attr], 0x90 ; $INDEX_ROOT |
1571 | mov [ebp+NTFS.cur_attr], 0x90 ; $INDEX_ROOT |
| 1564 | and [ebp+NTFS.ntfs_cur_offs], 0 |
1572 | and [ebp+NTFS.cur_offs], 0 |
| 1565 | mov eax, [ebp+NTFS.cur_index_size] |
1573 | mov eax, [ebp+NTFS.cur_index_size] |
| 1566 | mov [ebp+NTFS.ntfs_cur_size], eax |
1574 | mov [ebp+NTFS.cur_size], eax |
| 1567 | mov eax, [ebp+NTFS.cur_index_buf] |
1575 | mov eax, [ebp+NTFS.cur_index_buf] |
| 1568 | mov [ebp+NTFS.ntfs_cur_buf], eax |
1576 | mov [ebp+NTFS.cur_buf], eax |
| 1569 | call ntfs_read_attr |
1577 | call ntfs_read_attr |
| 1570 | jnc .ok |
1578 | jnc .ok |
| 1571 | test eax, eax |
1579 | test eax, eax |
| 1572 | jz .notfound |
1580 | jz .notfound |
| 1573 | or ebx, -1 |
1581 | or ebx, -1 |
| 1574 | push ERROR_DEVICE |
1582 | push ERROR_DEVICE |
| 1575 | jmp .pop_ret |
1583 | jmp .pop_ret |
| 1576 | .ok: |
1584 | .ok: |
| 1577 | cmp [ebp+NTFS.ntfs_cur_read], 0x20 |
1585 | cmp [ebp+NTFS.cur_read], 0x20 |
| 1578 | jae @f |
1586 | jae @f |
| 1579 | or ebx, -1 |
1587 | or ebx, -1 |
| 1580 | .fserr: |
1588 | .fserr: |
| 1581 | push ERROR_FAT_TABLE |
1589 | push ERROR_FAT_TABLE |
| 1582 | jmp .pop_ret |
1590 | jmp .pop_ret |
| 1583 | @@: |
1591 | @@: |
| 1584 | pushad |
1592 | pushad |
| 1585 | mov esi, [ebp+NTFS.cur_index_buf] |
1593 | mov esi, [ebp+NTFS.cur_index_buf] |
| 1586 | mov eax, [esi+14h] |
1594 | mov eax, [esi+14h] |
| 1587 | add eax, 10h |
1595 | add eax, 10h |
| 1588 | cmp [ebp+NTFS.ntfs_cur_read], eax |
1596 | cmp [ebp+NTFS.cur_read], eax |
| 1589 | jae .readok1 |
1597 | jae .readok1 |
| 1590 | add eax, 1FFh |
1598 | add eax, 1FFh |
| 1591 | shr eax, 9 |
1599 | shr eax, 9 |
| 1592 | cmp eax, [ebp+NTFS.cur_index_size] |
1600 | cmp eax, [ebp+NTFS.cur_index_size] |
| 1593 | ja @f |
1601 | ja @f |
| Line 1648... | Line 1656... | ||
| 1648 | push edx |
1656 | push edx |
| 1649 | mov edx, esp |
1657 | mov edx, esp |
| 1650 | ; edi -> BDFE, esi -> current index data, ebx = first wanted block, |
1658 | ; edi -> BDFE, esi -> current index data, ebx = first wanted block, |
| 1651 | ; ecx = number of blocks to read |
1659 | ; ecx = number of blocks to read |
| 1652 | ; edx -> parameters block: dd |
1660 | ; edx -> parameters block: dd |
| 1653 | cmp [ebp+NTFS.ntfs_cur_iRecord], 5 |
1661 | cmp [ebp+NTFS.cur_iRecord], 5 |
| 1654 | jz .skip_specials |
1662 | jz .skip_specials |
| 1655 | ; dot and dotdot entries |
1663 | ; dot and dotdot entries |
| 1656 | push esi |
1664 | push esi |
| 1657 | xor esi, esi |
1665 | xor esi, esi |
| 1658 | call .add_special_entry |
1666 | call .add_special_entry |
| Line 1670... | Line 1678... | ||
| 1670 | add esi, eax |
1678 | add esi, eax |
| 1671 | jmp .dump_root |
1679 | jmp .dump_root |
| 1672 | .dump_root_done: |
1680 | .dump_root_done: |
| 1673 | ; now dump all subnodes |
1681 | ; now dump all subnodes |
| 1674 | push ecx edi |
1682 | push ecx edi |
| 1675 | lea edi, [ebp+NTFS.ntfs_bitmap_buf] |
1683 | lea edi, [ebp+NTFS.bitmap_buf] |
| 1676 | mov [ebp+NTFS.ntfs_cur_buf], edi |
1684 | mov [ebp+NTFS.cur_buf], edi |
| 1677 | mov ecx, 0x400/4 |
1685 | mov ecx, 0x400/4 |
| 1678 | xor eax, eax |
1686 | xor eax, eax |
| 1679 | rep stosd |
1687 | rep stosd |
| 1680 | mov [ebp+NTFS.ntfs_cur_attr], 0xB0 ; $BITMAP |
1688 | mov [ebp+NTFS.cur_attr], 0xB0 ; $BITMAP |
| 1681 | and [ebp+NTFS.ntfs_cur_offs], 0 |
1689 | and [ebp+NTFS.cur_offs], 0 |
| 1682 | mov [ebp+NTFS.ntfs_cur_size], 2 |
1690 | mov [ebp+NTFS.cur_size], 2 |
| 1683 | call ntfs_read_attr |
1691 | call ntfs_read_attr |
| 1684 | pop edi ecx |
1692 | pop edi ecx |
| 1685 | push 0 ; save offset in $BITMAP attribute |
1693 | push 0 ; save offset in $BITMAP attribute |
| 1686 | and [ebp+NTFS.ntfs_cur_offs], 0 |
1694 | and [ebp+NTFS.cur_offs], 0 |
| 1687 | .dumploop: |
1695 | .dumploop: |
| 1688 | mov [ebp+NTFS.ntfs_cur_attr], 0xA0 |
1696 | mov [ebp+NTFS.cur_attr], 0xA0 |
| 1689 | mov eax, [ebp+NTFS.cur_subnode_size] |
1697 | mov eax, [ebp+NTFS.cur_subnode_size] |
| 1690 | mov [ebp+NTFS.ntfs_cur_size], eax |
1698 | mov [ebp+NTFS.cur_size], eax |
| 1691 | mov eax, [ebp+NTFS.cur_index_buf] |
1699 | mov eax, [ebp+NTFS.cur_index_buf] |
| 1692 | mov esi, eax |
1700 | mov esi, eax |
| 1693 | mov [ebp+NTFS.ntfs_cur_buf], eax |
1701 | mov [ebp+NTFS.cur_buf], eax |
| 1694 | push [ebp+NTFS.ntfs_cur_offs] |
1702 | push [ebp+NTFS.cur_offs] |
| 1695 | mov eax, [ebp+NTFS.ntfs_cur_offs] |
1703 | mov eax, [ebp+NTFS.cur_offs] |
| 1696 | imul eax, [ebp+NTFS.cur_subnode_size] |
1704 | imul eax, [ebp+NTFS.cur_subnode_size] |
| 1697 | mov [ebp+NTFS.ntfs_cur_offs], eax |
1705 | mov [ebp+NTFS.cur_offs], eax |
| 1698 | call ntfs_read_attr |
1706 | call ntfs_read_attr |
| 1699 | pop [ebp+NTFS.ntfs_cur_offs] |
1707 | pop [ebp+NTFS.cur_offs] |
| 1700 | mov eax, [ebp+NTFS.cur_subnode_size] |
1708 | mov eax, [ebp+NTFS.cur_subnode_size] |
| 1701 | shl eax, 9 |
1709 | shl eax, 9 |
| 1702 | cmp [ebp+NTFS.ntfs_cur_read], eax |
1710 | cmp [ebp+NTFS.cur_read], eax |
| 1703 | jnz .done |
1711 | jnz .done |
| 1704 | push eax |
1712 | push eax |
| 1705 | mov eax, [ebp+NTFS.ntfs_cur_offs] |
1713 | mov eax, [ebp+NTFS.cur_offs] |
| 1706 | and eax, 0x400*8-1 |
1714 | and eax, 0x400*8-1 |
| 1707 | bt dword [ebp+NTFS.ntfs_bitmap_buf], eax |
1715 | bt dword [ebp+NTFS.bitmap_buf], eax |
| 1708 | pop eax |
1716 | pop eax |
| 1709 | jnc .dump_subnode_done |
1717 | jnc .dump_subnode_done |
| 1710 | cmp dword [esi], 'INDX' |
1718 | cmp dword [esi], 'INDX' |
| 1711 | jnz .dump_subnode_done |
1719 | jnz .dump_subnode_done |
| 1712 | push ebx |
1720 | push ebx |
| Line 1722... | Line 1730... | ||
| 1722 | call .add_entry |
1730 | call .add_entry |
| 1723 | movzx eax, word [esi+8] |
1731 | movzx eax, word [esi+8] |
| 1724 | add esi, eax |
1732 | add esi, eax |
| 1725 | jmp .dump_subnode |
1733 | jmp .dump_subnode |
| 1726 | .dump_subnode_done: |
1734 | .dump_subnode_done: |
| 1727 | inc [ebp+NTFS.ntfs_cur_offs] |
1735 | inc [ebp+NTFS.cur_offs] |
| 1728 | test [ebp+NTFS.ntfs_cur_offs], 0x400*8-1 |
1736 | test [ebp+NTFS.cur_offs], 0x400*8-1 |
| 1729 | jnz .dumploop |
1737 | jnz .dumploop |
| 1730 | mov [ebp+NTFS.ntfs_cur_attr], 0xB0 |
1738 | mov [ebp+NTFS.cur_attr], 0xB0 |
| 1731 | push ecx edi |
1739 | push ecx edi |
| 1732 | lea edi, [ebp+NTFS.ntfs_bitmap_buf] |
1740 | lea edi, [ebp+NTFS.bitmap_buf] |
| 1733 | mov [ebp+NTFS.ntfs_cur_buf], edi |
1741 | mov [ebp+NTFS.cur_buf], edi |
| 1734 | mov ecx, 0x400/4 |
1742 | mov ecx, 0x400/4 |
| 1735 | xor eax, eax |
1743 | xor eax, eax |
| 1736 | rep stosd |
1744 | rep stosd |
| 1737 | pop edi ecx |
1745 | pop edi ecx |
| 1738 | pop eax |
1746 | pop eax |
| 1739 | push [ebp+NTFS.ntfs_cur_offs] |
1747 | push [ebp+NTFS.cur_offs] |
| 1740 | inc eax |
1748 | inc eax |
| 1741 | mov [ebp+NTFS.ntfs_cur_offs], eax |
1749 | mov [ebp+NTFS.cur_offs], eax |
| 1742 | mov [ebp+NTFS.ntfs_cur_size], 2 |
1750 | mov [ebp+NTFS.cur_size], 2 |
| 1743 | push eax |
1751 | push eax |
| 1744 | call ntfs_read_attr |
1752 | call ntfs_read_attr |
| 1745 | pop eax |
1753 | pop eax |
| 1746 | pop [ebp+NTFS.ntfs_cur_offs] |
1754 | pop [ebp+NTFS.cur_offs] |
| 1747 | push eax |
1755 | push eax |
| 1748 | jmp .dumploop |
1756 | jmp .dumploop |
| 1749 | .done: |
1757 | .done: |
| 1750 | pop eax |
1758 | pop eax |
| 1751 | pop edx |
1759 | pop edx |
| Line 1770... | Line 1778... | ||
| 1770 | dec ecx |
1778 | dec ecx |
| 1771 | js .ret |
1779 | js .ret |
| 1772 | inc dword [eax+4] ; new file block copied |
1780 | inc dword [eax+4] ; new file block copied |
| 1773 | mov eax, [edx+4] |
1781 | mov eax, [edx+4] |
| 1774 | mov [edi+4], eax |
1782 | mov [edi+4], eax |
| 1775 | ; mov eax, dword [ntfs_bitmap_buf+0x20] |
1783 | ; mov eax, dword [bitmap_buf+0x20] |
| 1776 | ; or al, 0x10 |
1784 | ; or al, 0x10 |
| 1777 | mov eax, 0x10 |
1785 | mov eax, 0x10 |
| 1778 | stosd |
1786 | stosd |
| 1779 | scasd |
1787 | scasd |
| 1780 | push edx |
1788 | push edx |
| 1781 | mov eax, dword [ebp+NTFS.ntfs_bitmap_buf] |
1789 | mov eax, dword [ebp+NTFS.bitmap_buf] |
| 1782 | mov edx, dword [ebp+NTFS.ntfs_bitmap_buf+4] |
1790 | mov edx, dword [ebp+NTFS.bitmap_buf+4] |
| 1783 | call ntfs_datetime_to_bdfe |
1791 | call ntfs_datetime_to_bdfe |
| 1784 | mov eax, dword [ebp+NTFS.ntfs_bitmap_buf+0x18] |
1792 | mov eax, dword [ebp+NTFS.bitmap_buf+0x18] |
| 1785 | mov edx, dword [ebp+NTFS.ntfs_bitmap_buf+0x1C] |
1793 | mov edx, dword [ebp+NTFS.bitmap_buf+0x1C] |
| 1786 | call ntfs_datetime_to_bdfe |
1794 | call ntfs_datetime_to_bdfe |
| 1787 | mov eax, dword [ebp+NTFS.ntfs_bitmap_buf+8] |
1795 | mov eax, dword [ebp+NTFS.bitmap_buf+8] |
| 1788 | mov edx, dword [ebp+NTFS.ntfs_bitmap_buf+0xC] |
1796 | mov edx, dword [ebp+NTFS.bitmap_buf+0xC] |
| 1789 | call ntfs_datetime_to_bdfe |
1797 | call ntfs_datetime_to_bdfe |
| 1790 | pop edx |
1798 | pop edx |
| 1791 | xor eax, eax |
1799 | xor eax, eax |
| 1792 | stosd |
1800 | stosd |
| 1793 | stosd |
1801 | stosd |
| Line 1993... | Line 2001... | ||
| 1993 | add edi, 8 |
2001 | add edi, 8 |
| 1994 | ret |
2002 | ret |
| Line 1995... | Line 2003... | ||
| 1995 | 2003 | ||
| 1996 | ;---------------------------------------------------------------- |
2004 | ;---------------------------------------------------------------- |
| 1997 | ntfs_CreateFolder: |
2005 | ntfs_CreateFolder: |
| 1998 | mov [ebp+NTFS.ntfsFolder], 1 |
2006 | mov [ebp+NTFS.bFolder], 1 |
| Line 1999... | Line 2007... | ||
| 1999 | jmp @f |
2007 | jmp @f |
| 2000 | 2008 | ||
| 2001 | ntfs_CreateFile: |
2009 | ntfs_CreateFile: |
| 2002 | mov [ebp+NTFS.ntfsFolder], 0 |
2010 | mov [ebp+NTFS.bFolder], 0 |
| 2003 | @@: |
2011 | @@: |
| 2004 | cmp byte [esi], 0 |
2012 | cmp byte [esi], 0 |
| 2005 | jnz @f |
2013 | jnz @f |
| Line 2009... | Line 2017... | ||
| 2009 | @@: ; 1. Search file |
2017 | @@: ; 1. Search file |
| 2010 | call ntfs_lock |
2018 | call ntfs_lock |
| 2011 | stdcall ntfs_find_lfn, [esp+4] |
2019 | stdcall ntfs_find_lfn, [esp+4] |
| 2012 | jc .notFound |
2020 | jc .notFound |
| 2013 | ; found, rewrite |
2021 | ; found, rewrite |
| 2014 | cmp [ebp+NTFS.ntfs_cur_iRecord], 16 |
2022 | cmp [ebp+NTFS.cur_iRecord], 16 |
| 2015 | jc ntfsDenied |
2023 | jc ntfsDenied |
| 2016 | cmp [ebp+NTFS.ntfsFolder], 1 |
2024 | cmp [ebp+NTFS.bFolder], 1 |
| 2017 | jz .folder |
2025 | jz .folder |
| 2018 | cmp [ebp+NTFS.ntfsFragmentCount], 1 |
2026 | cmp [ebp+NTFS.fragmentCount], 1 |
| 2019 | jnz ntfsUnsupported ; record fragmented |
2027 | jnz ntfsUnsupported ; record fragmented |
| 2020 | ; edit directory node |
2028 | ; edit directory node |
| 2021 | mov edi, [ebp+NTFS.cur_index_buf] |
2029 | mov edi, [ebp+NTFS.cur_index_buf] |
| 2022 | cmp dword [edi], 'INDX' |
2030 | cmp dword [edi], 'INDX' |
| 2023 | jz @f |
2031 | jz @f |
| 2024 | mov esi, [ebp+NTFS.frs_buffer] |
2032 | mov esi, [ebp+NTFS.frs_buffer] |
| 2025 | mov ecx, [esi+recordRealSize] |
2033 | mov ecx, [esi+recordRealSize] |
| 2026 | shr ecx, 2 |
2034 | shr ecx, 2 |
| 2027 | rep movsd |
2035 | rep movsd |
| 2028 | mov esi, [ebp+NTFS.ntfs_attr_offs] |
2036 | mov esi, [ebp+NTFS.attr_offs] |
| 2029 | mov cl, [esi+attributeOffset] |
2037 | mov cl, [esi+attributeOffset] |
| 2030 | sub esi, [ebp+NTFS.frs_buffer] |
2038 | sub esi, [ebp+NTFS.frs_buffer] |
| 2031 | add eax, ecx |
2039 | add eax, ecx |
| 2032 | add eax, esi |
2040 | add eax, esi |
| 2033 | @@: |
2041 | @@: |
| 2034 | mov edx, [ebx+12] |
2042 | mov edx, [ebx+12] |
| 2035 | mov [eax+fileRealSize], edx |
2043 | mov [eax+fileRealSize], edx |
| 2036 | mov dword [eax+fileRealSize+4], 0 |
2044 | mov dword [eax+fileRealSize+4], 0 |
| 2037 | mov eax, [ebp+NTFS.ntfsLastRead] |
2045 | mov eax, [ebp+NTFS.LastRead] |
| 2038 | mov [ebp+NTFS.nodeLastRead], eax |
2046 | mov [ebp+NTFS.nodeLastRead], eax |
| 2039 | mov [ebp+NTFS.ntfs_cur_attr], 0x80 |
2047 | mov [ebp+NTFS.cur_attr], 0x80 |
| 2040 | mov [ebp+NTFS.ntfs_cur_offs], 0 |
2048 | mov [ebp+NTFS.cur_offs], 0 |
| 2041 | mov [ebp+NTFS.ntfs_cur_size], 0 |
2049 | mov [ebp+NTFS.cur_size], 0 |
| 2042 | call ntfs_read_attr |
2050 | call ntfs_read_attr |
| 2043 | jc ntfsFail |
2051 | jc ntfsFail |
| 2044 | mov ecx, [ebp+NTFS.frs_buffer] |
2052 | mov ecx, [ebp+NTFS.frs_buffer] |
| 2045 | mov eax, edx |
2053 | mov eax, edx |
| 2046 | xor edx, edx |
2054 | xor edx, edx |
| 2047 | cmp word [ecx+baseRecordReuse], 0 |
2055 | cmp word [ecx+baseRecordReuse], 0 |
| 2048 | jnz ntfsUnsupported ; auxiliary record |
2056 | jnz ntfsUnsupported ; auxiliary record |
| 2049 | mov ecx, [ebp+NTFS.ntfs_attr_offs] |
2057 | mov ecx, [ebp+NTFS.attr_offs] |
| 2050 | cmp word [ecx+attributeFlags], 0 |
2058 | cmp word [ecx+attributeFlags], 0 |
| 2051 | jnz ntfsUnsupported |
2059 | jnz ntfsUnsupported |
| 2052 | push ebx |
2060 | push ebx |
| 2053 | cmp byte [ecx+nonResidentFlag], 0 |
2061 | cmp byte [ecx+nonResidentFlag], 0 |
| 2054 | jz @f |
2062 | jz @f |
| Line 2066... | Line 2074... | ||
| 2066 | jmp ntfsOut |
2074 | jmp ntfsOut |
| Line 2067... | Line 2075... | ||
| 2067 | 2075 | ||
| 2068 | .notFound: ; create |
2076 | .notFound: ; create |
| 2069 | test eax, eax |
2077 | test eax, eax |
| 2070 | jz ntfsFail |
2078 | jz ntfsFail |
| 2071 | cmp [ebp+NTFS.ntfsFragmentCount], 1 |
2079 | cmp [ebp+NTFS.fragmentCount], 1 |
| 2072 | jnz ntfsUnsupported ; record fragmented |
2080 | jnz ntfsUnsupported ; record fragmented |
| 2073 | ; 2. Prepare directory record |
2081 | ; 2. Prepare directory record |
| 2074 | mov ecx, esi |
2082 | mov ecx, esi |
| 2075 | @@: ; count characters |
2083 | @@: ; count characters |
| Line 2097... | Line 2105... | ||
| 2097 | @@: ; index fits in the indexRoot |
2105 | @@: ; index fits in the indexRoot |
| 2098 | mov [esi+recordRealSize], edx |
2106 | mov [esi+recordRealSize], edx |
| 2099 | mov ecx, edx |
2107 | mov ecx, edx |
| 2100 | shr ecx, 2 |
2108 | shr ecx, 2 |
| 2101 | rep movsd |
2109 | rep movsd |
| 2102 | mov edi, [ebp+NTFS.ntfs_attr_offs] |
2110 | mov edi, [ebp+NTFS.attr_offs] |
| 2103 | sub edi, [ebp+NTFS.frs_buffer] |
2111 | sub edi, [ebp+NTFS.frs_buffer] |
| 2104 | add edi, [ebp+NTFS.cur_index_buf] |
2112 | add edi, [ebp+NTFS.cur_index_buf] |
| 2105 | mov esi, [esp] |
2113 | mov esi, [esp] |
| 2106 | add [edi+sizeWithHeader], esi |
2114 | add [edi+sizeWithHeader], esi |
| 2107 | add [edi+sizeWithoutHeader], esi |
2115 | add [edi+sizeWithoutHeader], esi |
| 2108 | mov cl, [edi+attributeOffset] |
2116 | mov cl, [edi+attributeOffset] |
| 2109 | add edi, ecx |
2117 | add edi, ecx |
| 2110 | add [edi+16+nodeRealSize], esi |
2118 | add [edi+rootNode+nodeRealSize], esi |
| 2111 | add [edi+16+nodeAllocatedSize], esi |
2119 | add [edi+rootNode+nodeAllocatedSize], esi |
| 2112 | sub eax, [ebp+NTFS.cur_index_buf] |
2120 | sub eax, [ebp+NTFS.cur_index_buf] |
| 2113 | add eax, edi |
2121 | add eax, edi |
| 2114 | mov edi, [ebp+NTFS.cur_index_buf] |
2122 | mov edi, [ebp+NTFS.cur_index_buf] |
| 2115 | add edi, edx |
2123 | add edi, edx |
| 2116 | sub edi, 4 |
2124 | sub edi, 4 |
| 2117 | jmp .common |
2125 | jmp .common |
| Line 2118... | Line 2126... | ||
| 2118 | 2126 | ||
| - | 2127 | .indexRecord: |
|
| 2119 | .indexRecord: |
2128 | add edi, recordNode |
| 2120 | mov edx, [edi+28] |
2129 | mov edx, [edi+nodeRealSize] |
| 2121 | add edx, ecx |
2130 | add edx, ecx |
| 2122 | cmp [edi+32], edx |
2131 | cmp [edi+nodeAllocatedSize], edx |
| 2123 | jnc @f |
2132 | jnc @f |
| 2124 | add esp, 12 |
2133 | add esp, 12 |
| 2125 | jmp ntfsUnsupported ; new node required |
2134 | jmp ntfsUnsupported ; new node required |
| 2126 | @@: ; index fits in the node |
2135 | @@: ; index fits in the node |
| 2127 | mov [edi+28], edx |
2136 | mov [edi+nodeRealSize], edx |
| - | 2137 | add edi, edx |
|
| 2128 | lea edi, [edi+edx+24-4] |
2138 | sub edi, 4 |
| 2129 | .common: |
2139 | .common: |
| 2130 | mov esi, edi |
2140 | mov esi, edi |
| 2131 | sub esi, [esp] |
2141 | sub esi, [esp] |
| 2132 | mov ecx, esi |
2142 | mov ecx, esi |
| Line 2146... | Line 2156... | ||
| 2146 | mov [edi+indexAllocatedSize], cx ; fill index with data |
2156 | mov [edi+indexAllocatedSize], cx ; fill index with data |
| 2147 | mov eax, [esp] |
2157 | mov eax, [esp] |
| 2148 | shl eax, 1 |
2158 | shl eax, 1 |
| 2149 | add eax, 42h |
2159 | add eax, 42h |
| 2150 | mov [edi+indexRawSize], ax |
2160 | mov [edi+indexRawSize], ax |
| 2151 | mov eax, [ebp+NTFS.ntfs_attr_iRecord] |
2161 | mov eax, [ebp+NTFS.attr_iRecord] |
| 2152 | mov [edi+directoryRecordReference], eax |
2162 | mov [edi+directoryRecordReference], eax |
| 2153 | mov eax, [ebp+NTFS.frs_buffer] |
2163 | mov eax, [ebp+NTFS.frs_buffer] |
| 2154 | mov eax, [eax+reuseCounter] |
2164 | mov eax, [eax+reuseCounter] |
| 2155 | mov [edi+directoryReferenceReuse], ax |
2165 | mov [edi+directoryReferenceReuse], ax |
| 2156 | mov eax, [ebx+12] |
2166 | mov eax, [ebx+12] |
| Line 2181... | Line 2191... | ||
| 2181 | lodsb |
2191 | lodsb |
| 2182 | call ansi2uni_char |
2192 | call ansi2uni_char |
| 2183 | stosw |
2193 | stosw |
| 2184 | dec ecx |
2194 | dec ecx |
| 2185 | jnz @b |
2195 | jnz @b |
| 2186 | mov eax, [ebp+NTFS.ntfsLastRead] |
2196 | mov eax, [ebp+NTFS.LastRead] |
| 2187 | mov [ebp+NTFS.nodeLastRead], eax |
2197 | mov [ebp+NTFS.nodeLastRead], eax |
| 2188 | cmp [ebp+NTFS.ntfsFolder], 0 |
2198 | cmp [ebp+NTFS.bFolder], 0 |
| 2189 | jz @f |
2199 | jz @f |
| 2190 | mov edi, [ebp+NTFS.indexOffset] |
2200 | mov edi, [ebp+NTFS.indexOffset] |
| 2191 | bts dword [edi+fileFlags], 28 |
2201 | bts dword [edi+fileFlags], 28 |
| 2192 | jmp .mftBitmap |
2202 | jmp .mftBitmap |
| Line 2226... | Line 2236... | ||
| 2226 | add edi, ecx |
2236 | add edi, ecx |
| 2227 | mov [ebp+NTFS.newMftRecord], edi |
2237 | mov [ebp+NTFS.newMftRecord], edi |
| 2228 | mov eax, [ebp+NTFS.frs_size] |
2238 | mov eax, [ebp+NTFS.frs_size] |
| 2229 | shr eax, 9 |
2239 | shr eax, 9 |
| 2230 | mul edi |
2240 | mul edi |
| 2231 | mov [ebp+NTFS.ntfs_cur_iRecord], 0 |
2241 | mov [ebp+NTFS.cur_iRecord], 0 |
| 2232 | mov [ebp+NTFS.ntfs_cur_attr], 0x80 |
2242 | mov [ebp+NTFS.cur_attr], 0x80 |
| 2233 | mov [ebp+NTFS.ntfs_cur_offs], eax |
2243 | mov [ebp+NTFS.cur_offs], eax |
| 2234 | mov [ebp+NTFS.ntfs_cur_size], 1 |
2244 | mov [ebp+NTFS.cur_size], 1 |
| 2235 | mov eax, [ebp+NTFS.frs_buffer] |
2245 | mov eax, [ebp+NTFS.frs_buffer] |
| 2236 | mov [ebp+NTFS.ntfs_cur_buf], eax |
2246 | mov [ebp+NTFS.cur_buf], eax |
| 2237 | call ntfs_read_attr |
2247 | call ntfs_read_attr |
| 2238 | cmp [ebp+NTFS.ntfs_cur_read], 0 |
2248 | cmp [ebp+NTFS.cur_read], 0 |
| 2239 | jz .extendMFT |
2249 | jz .extendMFT |
| 2240 | jmp .mftRecord |
2250 | jmp .mftRecord |
| Line 2241... | Line 2251... | ||
| 2241 | 2251 | ||
| 2242 | .extendBitmapMFT: |
2252 | .extendBitmapMFT: |
| 2243 | mov eax, [ebp+NTFS.sectors_per_cluster] |
2253 | mov eax, [ebp+NTFS.sectors_per_cluster] |
| 2244 | shl eax, 9 |
2254 | shl eax, 9 |
| 2245 | cmp [ebp+NTFS.mftBitmapSize], eax |
2255 | cmp [ebp+NTFS.mftBitmapSize], eax |
| 2246 | jnc ntfsUnsupported |
2256 | jnc ntfsUnsupported |
| 2247 | mov [ebp+NTFS.ntfs_cur_iRecord], 0 |
2257 | mov [ebp+NTFS.cur_iRecord], 0 |
| 2248 | mov [ebp+NTFS.ntfs_cur_attr], 0xB0 |
2258 | mov [ebp+NTFS.cur_attr], 0xB0 |
| 2249 | mov [ebp+NTFS.ntfs_cur_offs], 0 |
2259 | mov [ebp+NTFS.cur_offs], 0 |
| 2250 | mov [ebp+NTFS.ntfs_cur_size], 0 |
2260 | mov [ebp+NTFS.cur_size], 0 |
| 2251 | call ntfs_read_attr |
2261 | call ntfs_read_attr |
| 2252 | jc ntfsFail |
2262 | jc ntfsFail |
| 2253 | mov eax, [ebp+NTFS.mft_cluster] |
2263 | mov eax, [ebp+NTFS.mft_cluster] |
| 2254 | mul [ebp+NTFS.sectors_per_cluster] |
2264 | mul [ebp+NTFS.sectors_per_cluster] |
| 2255 | cmp eax, [ebp+NTFS.ntfsLastRead] |
2265 | cmp eax, [ebp+NTFS.LastRead] |
| 2256 | jnz ntfsUnsupported ; auxiliary record |
2266 | jnz ntfsUnsupported ; auxiliary record |
| 2257 | mov edi, [ebp+NTFS.mftBitmapBuffer] |
2267 | mov edi, [ebp+NTFS.mftBitmapBuffer] |
| 2258 | mov ecx, [ebp+NTFS.mftBitmapSize] |
2268 | mov ecx, [ebp+NTFS.mftBitmapSize] |
| 2259 | add edi, ecx |
2269 | add edi, ecx |
| 2260 | mov eax, ecx |
2270 | mov eax, ecx |
| 2261 | mov edx, [ebp+NTFS.ntfs_attr_offs] |
2271 | mov edx, [ebp+NTFS.attr_offs] |
| 2262 | add ecx, 8 |
2272 | add ecx, 8 |
| 2263 | mov [edx+attributeRealSize], ecx |
2273 | mov [edx+attributeRealSize], ecx |
| 2264 | mov [edx+initialDataSize], ecx |
2274 | mov [edx+initialDataSize], ecx |
| 2265 | shl eax, 3 |
2275 | shl eax, 3 |
| 2266 | mov [ebp+NTFS.newMftRecord], eax |
2276 | mov [ebp+NTFS.newMftRecord], eax |
| 2267 | mov dword [edi], 1 |
2277 | mov dword [edi], 1 |
| 2268 | mov dword [edi+4], 0 |
2278 | mov dword [edi+4], 0 |
| 2269 | mov [ebp+NTFS.ntfs_cur_attr], 0x80 |
2279 | mov [ebp+NTFS.cur_attr], 0x80 |
| 2270 | call ntfs_read_attr.newAttribute |
2280 | call ntfs_read_attr.newAttribute |
| 2271 | jc ntfsFail |
2281 | jc ntfsFail |
| 2272 | mov [ebp+NTFS.mftBitmapSize], ecx |
2282 | mov [ebp+NTFS.mftBitmapSize], ecx |
| 2273 | .extendMFT: |
2283 | .extendMFT: |
| 2274 | mov eax, [ebp+NTFS.mft_cluster] |
2284 | mov eax, [ebp+NTFS.mft_cluster] |
| 2275 | mul [ebp+NTFS.sectors_per_cluster] |
2285 | mul [ebp+NTFS.sectors_per_cluster] |
| 2276 | cmp eax, [ebp+NTFS.ntfsLastRead] |
2286 | cmp eax, [ebp+NTFS.LastRead] |
| 2277 | jnz ntfsUnsupported ; auxiliary record |
2287 | jnz ntfsUnsupported ; auxiliary record |
| 2278 | mov ecx, [ebp+NTFS.ntfs_attr_offs] |
2288 | mov ecx, [ebp+NTFS.attr_offs] |
| 2279 | mov eax, [ecx+attributeRealSize] |
2289 | mov eax, [ecx+attributeRealSize] |
| 2280 | mov edx, [ecx+attributeRealSize+4] |
2290 | mov edx, [ecx+attributeRealSize+4] |
| 2281 | xor ax, ax |
2291 | xor ax, ax |
| 2282 | add eax, 10000h |
2292 | add eax, 10000h |
| 2283 | adc edx, 0 |
2293 | adc edx, 0 |
| 2284 | push [ebp+NTFS.fileDataStart] |
2294 | push [ebp+NTFS.fileDataStart] |
| 2285 | push [ebp+NTFS.fileDataSize] |
2295 | push [ebp+NTFS.fileDataSize] |
| 2286 | call resizeAttribute |
2296 | call resizeAttribute |
| 2287 | jc ntfsErrorPop2 |
2297 | jc ntfsErrorPop2 |
| 2288 | mov eax, [ebp+NTFS.frs_buffer] |
2298 | mov eax, [ebp+NTFS.frs_buffer] |
| 2289 | mov [ebp+NTFS.ntfs_cur_buf], eax |
2299 | mov [ebp+NTFS.cur_buf], eax |
| 2290 | call writeRecord ; $MFT |
2300 | call writeRecord ; $MFT |
| 2291 | mov eax, [ebp+NTFS.mftmirr_cluster] |
2301 | mov eax, [ebp+NTFS.mftmirr_cluster] |
| 2292 | mul [ebp+NTFS.sectors_per_cluster] |
2302 | mul [ebp+NTFS.sectors_per_cluster] |
| 2293 | mov ebx, [ebp+NTFS.frs_buffer] |
2303 | mov ebx, [ebp+NTFS.frs_buffer] |
| Line 2340... | Line 2350... | ||
| 2340 | sub ecx, 18h |
2350 | sub ecx, 18h |
| 2341 | shr ecx, 2 |
2351 | shr ecx, 2 |
| 2342 | rep movsd |
2352 | rep movsd |
| 2343 | mov byte [edi+sizeWithHeader], 50h |
2353 | mov byte [edi+sizeWithHeader], 50h |
| 2344 | mov byte [edi+attributeID], 2 |
2354 | mov byte [edi+attributeID], 2 |
| 2345 | cmp [ebp+NTFS.ntfsFolder], 1 |
2355 | cmp [ebp+NTFS.bFolder], 1 |
| 2346 | jz .indexRoot |
2356 | jz .indexRoot |
| 2347 | ; $Data |
2357 | ; $Data |
| 2348 | mov byte [edi+attributeType], 80h |
2358 | mov byte [edi+attributeType], 80h |
| 2349 | mov eax, [ebp+NTFS.fileDataSize] |
2359 | mov eax, [ebp+NTFS.fileDataSize] |
| 2350 | test eax, eax |
2360 | test eax, eax |
| Line 2391... | Line 2401... | ||
| 2391 | mov byte [edi+nameOffset], 18h |
2401 | mov byte [edi+nameOffset], 18h |
| 2392 | mov byte [edi+sizeWithoutHeader], 30h |
2402 | mov byte [edi+sizeWithoutHeader], 30h |
| 2393 | mov byte [edi+attributeOffset], 20h |
2403 | mov byte [edi+attributeOffset], 20h |
| 2394 | mov dword[edi+18h], 490024h ; unicode $I30 |
2404 | mov dword[edi+18h], 490024h ; unicode $I30 |
| 2395 | mov dword[edi+18h+4], 300033h |
2405 | mov dword[edi+18h+4], 300033h |
| 2396 | mov byte [edi+20h+attributeType], 30h |
2406 | mov byte [edi+20h+indexedAttributesType], 30h |
| 2397 | mov byte [edi+20h+collationRule], 1 |
2407 | mov byte [edi+20h+collationRule], 1 |
| 2398 | mov eax, [ebp+NTFS.sectors_per_cluster] |
2408 | mov eax, [ebp+NTFS.sectors_per_cluster] |
| 2399 | shl eax, 9 |
2409 | shl eax, 9 |
| 2400 | mov [edi+20h+indexRecordSize], eax |
2410 | mov [edi+20h+indexRecordSize], eax |
| 2401 | mov byte [edi+20h+indexRecordSizeClus], 1 |
2411 | mov byte [edi+20h+indexRecordSizeClus], 1 |
| Line 2410... | Line 2420... | ||
| 2410 | mov esi, [ebp+NTFS.frs_buffer] |
2420 | mov esi, [ebp+NTFS.frs_buffer] |
| 2411 | mov dword [edi], -1 |
2421 | mov dword [edi], -1 |
| 2412 | mov dword [edi+4], 0 |
2422 | mov dword [edi+4], 0 |
| 2413 | add edi, 8 |
2423 | add edi, 8 |
| 2414 | sub edi, esi |
2424 | sub edi, esi |
| 2415 | mov [ebp+NTFS.ntfs_cur_buf], esi |
2425 | mov [ebp+NTFS.cur_buf], esi |
| 2416 | mov [esi+recordFlags], al |
2426 | mov [esi+recordFlags], al |
| 2417 | mov [esi+recordRealSize], edi |
2427 | mov [esi+recordRealSize], edi |
| 2418 | call writeRecord |
2428 | call writeRecord |
| 2419 | test eax, eax |
2429 | test eax, eax |
| 2420 | jnz ntfsDevice |
2430 | jnz ntfsDevice |
| Line 2429... | Line 2439... | ||
| 2429 | xor edx, edx |
2439 | xor edx, edx |
| 2430 | call fs_write64_sys |
2440 | call fs_write64_sys |
| 2431 | test eax, eax |
2441 | test eax, eax |
| 2432 | jnz ntfsDevice |
2442 | jnz ntfsDevice |
| 2433 | ; 5. Write partition bitmap |
2443 | ; 5. Write partition bitmap |
| 2434 | cmp [ebp+NTFS.ntfsFolder], 1 |
2444 | cmp [ebp+NTFS.bFolder], 1 |
| 2435 | jz @f |
2445 | jz @f |
| 2436 | mov eax, [ebp+NTFS.fileDataStart] |
2446 | mov eax, [ebp+NTFS.fileDataStart] |
| 2437 | mov ecx, [ebp+NTFS.fileDataSize] |
2447 | mov ecx, [ebp+NTFS.fileDataSize] |
| 2438 | test ecx, ecx |
2448 | test ecx, ecx |
| 2439 | jz @f |
2449 | jz @f |
| Line 2454... | Line 2464... | ||
| 2454 | mov edi, [ebp+NTFS.indexOffset] |
2464 | mov edi, [ebp+NTFS.indexOffset] |
| 2455 | mov eax, [ebp+NTFS.newMftRecord] |
2465 | mov eax, [ebp+NTFS.newMftRecord] |
| 2456 | mov [edi+fileRecordReference], eax |
2466 | mov [edi+fileRecordReference], eax |
| 2457 | ; 6. Write directory node |
2467 | ; 6. Write directory node |
| 2458 | mov eax, [ebp+NTFS.nodeLastRead] |
2468 | mov eax, [ebp+NTFS.nodeLastRead] |
| 2459 | mov [ebp+NTFS.ntfsLastRead], eax |
2469 | mov [ebp+NTFS.LastRead], eax |
| 2460 | mov eax, [ebp+NTFS.cur_index_buf] |
2470 | mov eax, [ebp+NTFS.cur_index_buf] |
| 2461 | mov [ebp+NTFS.ntfs_cur_buf], eax |
2471 | mov [ebp+NTFS.cur_buf], eax |
| 2462 | call writeRecord |
2472 | call writeRecord |
| 2463 | mov ebx, [ebp+NTFS.fileRealSize] |
2473 | mov ebx, [ebp+NTFS.fileRealSize] |
| 2464 | ntfsDone: |
2474 | ntfsDone: |
| 2465 | mov esi, [ebp+PARTITION.Disk] |
2475 | mov esi, [ebp+PARTITION.Disk] |
| 2466 | call disk_sync |
2476 | call disk_sync |
| Line 2469... | Line 2479... | ||
| 2469 | ret |
2479 | ret |
| Line 2470... | Line 2480... | ||
| 2470 | 2480 | ||
| 2471 | writeRecord: |
2481 | writeRecord: |
| 2472 | ; make updateSequence and write to disk |
2482 | ; make updateSequence and write to disk |
| 2473 | ; in: |
2483 | ; in: |
| 2474 | ; [ebp+NTFS.ntfs_cur_buf] -> record |
2484 | ; [ebp+NTFS.cur_buf] -> record |
| 2475 | ; [ebp+NTFS.ntfsLastRead] = partition sector |
2485 | ; [ebp+NTFS.LastRead] = partition sector |
| 2476 | mov esi, [ebp+NTFS.ntfs_cur_buf] |
2486 | mov esi, [ebp+NTFS.cur_buf] |
| 2477 | mov edi, esi |
2487 | mov edi, esi |
| 2478 | movzx ecx, word [esi+updateSequenceOffset] |
2488 | movzx ecx, word [esi+updateSequenceOffset] |
| 2479 | add edi, ecx |
2489 | add edi, ecx |
| 2480 | mov ax, [edi] |
2490 | mov ax, [edi] |
| Line 2487... | Line 2497... | ||
| 2487 | add esi, 510 |
2497 | add esi, 510 |
| 2488 | movsw |
2498 | movsw |
| 2489 | mov [esi-2], ax |
2499 | mov [esi-2], ax |
| 2490 | dec ecx |
2500 | dec ecx |
| 2491 | jnz @b |
2501 | jnz @b |
| 2492 | mov eax, [ebp+NTFS.ntfsLastRead] |
2502 | mov eax, [ebp+NTFS.LastRead] |
| 2493 | mov ebx, [ebp+NTFS.ntfs_cur_buf] |
2503 | mov ebx, [ebp+NTFS.cur_buf] |
| 2494 | pop ecx |
2504 | pop ecx |
| 2495 | xor edx, edx |
2505 | xor edx, edx |
| 2496 | jmp fs_write64_sys |
2506 | jmp fs_write64_sys |
| Line 2497... | Line 2507... | ||
| 2497 | 2507 | ||
| Line 2557... | Line 2567... | ||
| 2557 | ret |
2567 | ret |
| Line 2558... | Line 2568... | ||
| 2558 | 2568 | ||
| 2559 | resizeAttribute: |
2569 | resizeAttribute: |
| 2560 | ; in: |
2570 | ; in: |
| 2561 | ; [ebp+NTFS.frs_buffer] -> file record |
2571 | ; [ebp+NTFS.frs_buffer] -> file record |
| 2562 | ; [ebp+NTFS.ntfs_attr_offs] -> attribute |
2572 | ; [ebp+NTFS.attr_offs] -> attribute |
| 2563 | ; edx:eax = new size |
2573 | ; edx:eax = new size |
| 2564 | ; out: |
2574 | ; out: |
| 2565 | ; [ebp+NTFS.fileDataSize] = clusters added (positive) |
2575 | ; [ebp+NTFS.fileDataSize] = clusters added (positive) |
| 2566 | ; [ebp+NTFS.fileDataStart] = added block |
2576 | ; [ebp+NTFS.fileDataStart] = added block |
| 2567 | ; CF=1 -> eax = error code |
2577 | ; CF=1 -> eax = error code |
| 2568 | mov esi, [ebp+NTFS.ntfs_attr_offs] |
2578 | mov esi, [ebp+NTFS.attr_offs] |
| 2569 | mov dword [ebp+NTFS.ntfs_attr_size], eax |
2579 | mov dword [ebp+NTFS.attr_size], eax |
| 2570 | mov dword [ebp+NTFS.ntfs_attr_size+4], edx |
2580 | mov dword [ebp+NTFS.attr_size+4], edx |
| 2571 | cmp byte [esi+nonResidentFlag], 0 |
2581 | cmp byte [esi+nonResidentFlag], 0 |
| 2572 | jz .resident |
2582 | jz .resident |
| 2573 | mov ecx, [ebp+NTFS.sectors_per_cluster] |
2583 | mov ecx, [ebp+NTFS.sectors_per_cluster] |
| 2574 | shl ecx, 9 |
2584 | shl ecx, 9 |
| Line 2607... | Line 2617... | ||
| 2607 | add edi, [esp] |
2617 | add edi, [esp] |
| 2608 | push edi |
2618 | push edi |
| 2609 | shr edi, 5 |
2619 | shr edi, 5 |
| 2610 | shl edi, 2 |
2620 | shl edi, 2 |
| 2611 | push eax |
2621 | push eax |
| 2612 | cmp [ebp+NTFS.ntfs_cur_iRecord], 0 |
2622 | cmp [ebp+NTFS.cur_iRecord], 0 |
| 2613 | jz @f |
2623 | jz @f |
| 2614 | cmp edi, [ebp+NTFS.BitmapStart] |
2624 | cmp edi, [ebp+NTFS.BitmapStart] |
| 2615 | jc .err1 |
2625 | jc .err1 |
| 2616 | @@: |
2626 | @@: |
| 2617 | call ntfsSpaceAlloc |
2627 | call ntfsSpaceAlloc |
| Line 2634... | Line 2644... | ||
| 2634 | push eax |
2644 | push eax |
| 2635 | push [ebp+NTFS.fileDataSize] |
2645 | push [ebp+NTFS.fileDataSize] |
| 2636 | sub eax, edx |
2646 | sub eax, edx |
| 2637 | mov [ebp+NTFS.fileDataStart], eax |
2647 | mov [ebp+NTFS.fileDataStart], eax |
| 2638 | @@: |
2648 | @@: |
| 2639 | mov esi, [ebp+NTFS.ntfs_attr_offs] |
2649 | mov esi, [ebp+NTFS.attr_offs] |
| 2640 | call createMcbEntry |
2650 | call createMcbEntry |
| 2641 | pop ecx |
2651 | pop ecx |
| 2642 | pop eax |
2652 | pop eax |
| 2643 | jc .err2 |
2653 | jc .err2 |
| 2644 | mov [ebp+NTFS.fileDataSize], ecx |
2654 | mov [ebp+NTFS.fileDataSize], ecx |
| Line 2714... | Line 2724... | ||
| 2714 | .end: |
2724 | .end: |
| 2715 | add esp, 16 |
2725 | add esp, 16 |
| 2716 | pop edi |
2726 | pop edi |
| 2717 | cmp [ebp+NTFS.fileDataSize], 0 |
2727 | cmp [ebp+NTFS.fileDataSize], 0 |
| 2718 | jz @f |
2728 | jz @f |
| 2719 | mov esi, [ebp+NTFS.ntfs_attr_offs] |
2729 | mov esi, [ebp+NTFS.attr_offs] |
| 2720 | call createMcbEntry |
2730 | call createMcbEntry |
| 2721 | mov [ebp+NTFS.fileDataSize], 0 |
2731 | mov [ebp+NTFS.fileDataSize], 0 |
| 2722 | @@: |
2732 | @@: |
| 2723 | ret |
2733 | ret |
| Line 2758... | Line 2768... | ||
| 2758 | mov ecx, eax |
2768 | mov ecx, eax |
| 2759 | shr ecx, 2 |
2769 | shr ecx, 2 |
| 2760 | xor eax, eax |
2770 | xor eax, eax |
| 2761 | rep stosd |
2771 | rep stosd |
| 2762 | cld |
2772 | cld |
| 2763 | mov esi, [ebp+NTFS.ntfs_attr_offs] |
2773 | mov esi, [ebp+NTFS.attr_offs] |
| 2764 | @@: |
2774 | @@: |
| 2765 | mov eax, dword [ebp+NTFS.ntfs_attr_size] |
2775 | mov eax, dword [ebp+NTFS.attr_size] |
| 2766 | mov [esi+sizeWithoutHeader], eax |
2776 | mov [esi+sizeWithoutHeader], eax |
| 2767 | mov [ebp+NTFS.fileDataSize], 0 |
2777 | mov [ebp+NTFS.fileDataSize], 0 |
| 2768 | clc |
2778 | clc |
| 2769 | ret |
2779 | ret |
| Line 2770... | Line 2780... | ||
| 2770 | 2780 | ||
| 2771 | .nonResident: ; convert resident to non-resident |
2781 | .nonResident: ; convert resident to non-resident |
| 2772 | mov eax, dword [ebp+NTFS.ntfs_attr_size] |
2782 | mov eax, dword [ebp+NTFS.attr_size] |
| 2773 | sub eax, 1 |
2783 | sub eax, 1 |
| 2774 | sbb edx, 0 |
2784 | sbb edx, 0 |
| 2775 | mov ecx, [ebp+NTFS.sectors_per_cluster] |
2785 | mov ecx, [ebp+NTFS.sectors_per_cluster] |
| 2776 | shl ecx, 9 |
2786 | shl ecx, 9 |
| Line 2781... | Line 2791... | ||
| 2781 | push ecx |
2791 | push ecx |
| 2782 | call ntfsSpaceAlloc |
2792 | call ntfsSpaceAlloc |
| 2783 | pop ecx |
2793 | pop ecx |
| 2784 | jc .err10 |
2794 | jc .err10 |
| 2785 | mov [ebp+NTFS.fileDataStart], eax |
2795 | mov [ebp+NTFS.fileDataStart], eax |
| 2786 | mov esi, [ebp+NTFS.ntfs_attr_offs] |
2796 | mov esi, [ebp+NTFS.attr_offs] |
| 2787 | xor eax, eax |
2797 | xor eax, eax |
| 2788 | xor edx, edx |
2798 | xor edx, edx |
| 2789 | @@: |
2799 | @@: |
| 2790 | add eax, ecx |
2800 | add eax, ecx |
| 2791 | inc edx |
2801 | inc edx |
| Line 2813... | Line 2823... | ||
| 2813 | push ebx |
2823 | push ebx |
| 2814 | mov ebx, eax |
2824 | mov ebx, eax |
| 2815 | call kernel_free |
2825 | call kernel_free |
| 2816 | test ebx, ebx |
2826 | test ebx, ebx |
| 2817 | jnz .err4 |
2827 | jnz .err4 |
| 2818 | mov esi, [ebp+NTFS.ntfs_attr_offs] |
2828 | mov esi, [ebp+NTFS.attr_offs] |
| 2819 | add esi, [esi+sizeWithHeader] |
2829 | add esi, [esi+sizeWithHeader] |
| 2820 | mov ecx, [ebp+NTFS.frs_buffer] |
2830 | mov ecx, [ebp+NTFS.frs_buffer] |
| 2821 | add ecx, [ecx+recordRealSize] |
2831 | add ecx, [ecx+recordRealSize] |
| 2822 | sub ecx, esi |
2832 | sub ecx, esi |
| 2823 | shr ecx, 2 |
2833 | shr ecx, 2 |
| 2824 | lea edi, [ebp+NTFS.ntfs_bitmap_buf] |
2834 | lea edi, [ebp+NTFS.bitmap_buf] |
| 2825 | push ecx |
2835 | push ecx |
| 2826 | rep movsd |
2836 | rep movsd |
| 2827 | mov edi, [ebp+NTFS.ntfs_attr_offs] |
2837 | mov edi, [ebp+NTFS.attr_offs] |
| 2828 | add edi, 16 |
2838 | add edi, 16 |
| 2829 | mov cl, 6 |
2839 | mov cl, 6 |
| 2830 | xor eax, eax |
2840 | xor eax, eax |
| 2831 | rep stosd |
2841 | rep stosd |
| 2832 | mov edi, [ebp+NTFS.ntfs_attr_offs] |
2842 | mov edi, [ebp+NTFS.attr_offs] |
| 2833 | mov eax, [ebp+NTFS.fileDataSize] |
2843 | mov eax, [ebp+NTFS.fileDataSize] |
| 2834 | dec eax |
2844 | dec eax |
| 2835 | mov [edi+lastVCN], eax |
2845 | mov [edi+lastVCN], eax |
| 2836 | inc eax |
2846 | inc eax |
| 2837 | mov ecx, [ebp+NTFS.sectors_per_cluster] |
2847 | mov ecx, [ebp+NTFS.sectors_per_cluster] |
| Line 2840... | Line 2850... | ||
| 2840 | mov byte [edi+sizeWithHeader], 50h |
2850 | mov byte [edi+sizeWithHeader], 50h |
| 2841 | mov byte [edi+nonResidentFlag], 1 |
2851 | mov byte [edi+nonResidentFlag], 1 |
| 2842 | mov byte [edi+dataRunsOffset], 40h |
2852 | mov byte [edi+dataRunsOffset], 40h |
| 2843 | mov [edi+attributeAllocatedSize], eax |
2853 | mov [edi+attributeAllocatedSize], eax |
| 2844 | mov [edi+attributeAllocatedSize+4], edx |
2854 | mov [edi+attributeAllocatedSize+4], edx |
| 2845 | mov eax, dword [ebp+NTFS.ntfs_attr_size] |
2855 | mov eax, dword [ebp+NTFS.attr_size] |
| 2846 | mov edx, dword [ebp+NTFS.ntfs_attr_size+4] |
2856 | mov edx, dword [ebp+NTFS.attr_size+4] |
| 2847 | mov [edi+attributeRealSize], eax |
2857 | mov [edi+attributeRealSize], eax |
| 2848 | mov [edi+attributeRealSize+4], edx |
2858 | mov [edi+attributeRealSize+4], edx |
| 2849 | mov [edi+initialDataSize], eax |
2859 | mov [edi+initialDataSize], eax |
| 2850 | mov [edi+initialDataSize+4], edx |
2860 | mov [edi+initialDataSize+4], edx |
| 2851 | mov esi, edi |
2861 | mov esi, edi |
| 2852 | add edi, 40h |
2862 | add edi, 40h |
| 2853 | call createMcbEntry |
2863 | call createMcbEntry |
| 2854 | mov eax, edi |
2864 | mov eax, edi |
| 2855 | mov edi, [ebp+NTFS.ntfs_attr_offs] |
2865 | mov edi, [ebp+NTFS.attr_offs] |
| 2856 | sub eax, edi |
2866 | sub eax, edi |
| 2857 | add eax, 8 |
2867 | add eax, 8 |
| 2858 | and eax, not 7 |
2868 | and eax, not 7 |
| 2859 | mov [edi+sizeWithHeader], eax |
2869 | mov [edi+sizeWithHeader], eax |
| 2860 | pop ecx |
2870 | pop ecx |
| 2861 | lea esi, [ebp+NTFS.ntfs_bitmap_buf] |
2871 | lea esi, [ebp+NTFS.bitmap_buf] |
| 2862 | add edi, eax |
2872 | add edi, eax |
| 2863 | rep movsd |
2873 | rep movsd |
| 2864 | mov esi, [ebp+NTFS.frs_buffer] |
2874 | mov esi, [ebp+NTFS.frs_buffer] |
| 2865 | sub edi, esi |
2875 | sub edi, esi |
| 2866 | mov [esi+recordRealSize], edi |
2876 | mov [esi+recordRealSize], edi |
| Line 2916... | Line 2926... | ||
| 2916 | mov ebx, eax |
2926 | mov ebx, eax |
| 2917 | xor eax, eax |
2927 | xor eax, eax |
| 2918 | rep stosd |
2928 | rep stosd |
| 2919 | mov eax, [ebp+NTFS.fileDataStart] |
2929 | mov eax, [ebp+NTFS.fileDataStart] |
| 2920 | mul [ebp+NTFS.sectors_per_cluster] |
2930 | mul [ebp+NTFS.sectors_per_cluster] |
| 2921 | mov [ebp+NTFS.ntfsLastRead], eax |
2931 | mov [ebp+NTFS.LastRead], eax |
| 2922 | pop ecx |
2932 | pop ecx |
| 2923 | call fs_write64_app |
2933 | call fs_write64_app |
| 2924 | stdcall kernel_free, ebx |
2934 | stdcall kernel_free, ebx |
| 2925 | @@: |
2935 | @@: |
| 2926 | ret |
2936 | ret |
| Line 3213... | Line 3223... | ||
| 3213 | ret |
3223 | ret |
| 3214 | @@: |
3224 | @@: |
| 3215 | call ntfs_lock |
3225 | call ntfs_lock |
| 3216 | stdcall ntfs_find_lfn, [esp+4] |
3226 | stdcall ntfs_find_lfn, [esp+4] |
| 3217 | jc ntfsNotFound |
3227 | jc ntfsNotFound |
| 3218 | cmp [ebp+NTFS.ntfs_cur_iRecord], 16 |
3228 | cmp [ebp+NTFS.cur_iRecord], 16 |
| 3219 | jc ntfsDenied |
3229 | jc ntfsDenied |
| 3220 | bt dword [eax+fileFlags], 28 |
3230 | bt dword [eax+fileFlags], 28 |
| 3221 | jc ntfsDenied |
3231 | jc ntfsDenied |
| 3222 | cmp [ebp+NTFS.ntfsFragmentCount], 1 |
3232 | cmp [ebp+NTFS.fragmentCount], 1 |
| 3223 | jnz ntfsUnsupported ; record fragmented |
3233 | jnz ntfsUnsupported ; record fragmented |
| 3224 | ; edit directory node |
3234 | ; edit directory node |
| 3225 | mov edi, [ebp+NTFS.cur_index_buf] |
3235 | mov edi, [ebp+NTFS.cur_index_buf] |
| 3226 | cmp dword [edi], 'INDX' |
3236 | cmp dword [edi], 'INDX' |
| 3227 | jz @f |
3237 | jz @f |
| 3228 | mov esi, [ebp+NTFS.frs_buffer] |
3238 | mov esi, [ebp+NTFS.frs_buffer] |
| 3229 | mov ecx, [esi+recordRealSize] |
3239 | mov ecx, [esi+recordRealSize] |
| 3230 | shr ecx, 2 |
3240 | shr ecx, 2 |
| 3231 | rep movsd |
3241 | rep movsd |
| 3232 | mov esi, [ebp+NTFS.ntfs_attr_offs] |
3242 | mov esi, [ebp+NTFS.attr_offs] |
| 3233 | mov cl, [esi+attributeOffset] |
3243 | mov cl, [esi+attributeOffset] |
| 3234 | sub esi, [ebp+NTFS.frs_buffer] |
3244 | sub esi, [ebp+NTFS.frs_buffer] |
| 3235 | add eax, ecx |
3245 | add eax, ecx |
| 3236 | add eax, esi |
3246 | add eax, esi |
| 3237 | @@: |
3247 | @@: |
| Line 3239... | Line 3249... | ||
| 3239 | mov edx, [ebx+8] |
3249 | mov edx, [ebx+8] |
| 3240 | add ecx, [ebx+12] |
3250 | add ecx, [ebx+12] |
| 3241 | adc edx, 0 |
3251 | adc edx, 0 |
| 3242 | mov [eax+fileRealSize], ecx |
3252 | mov [eax+fileRealSize], ecx |
| 3243 | mov [eax+fileRealSize+4], edx |
3253 | mov [eax+fileRealSize+4], edx |
| 3244 | mov eax, [ebp+NTFS.ntfsLastRead] |
3254 | mov eax, [ebp+NTFS.LastRead] |
| 3245 | mov [ebp+NTFS.nodeLastRead], eax |
3255 | mov [ebp+NTFS.nodeLastRead], eax |
| 3246 | mov [ebp+NTFS.ntfs_cur_attr], 0x80 |
3256 | mov [ebp+NTFS.cur_attr], 0x80 |
| 3247 | mov [ebp+NTFS.ntfs_cur_offs], 0 |
3257 | mov [ebp+NTFS.cur_offs], 0 |
| 3248 | mov [ebp+NTFS.ntfs_cur_size], 0 |
3258 | mov [ebp+NTFS.cur_size], 0 |
| 3249 | call ntfs_read_attr |
3259 | call ntfs_read_attr |
| 3250 | jc ntfsFail |
3260 | jc ntfsFail |
| 3251 | mov eax, ecx |
3261 | mov eax, ecx |
| 3252 | mov ecx, [ebp+NTFS.frs_buffer] |
3262 | mov ecx, [ebp+NTFS.frs_buffer] |
| 3253 | cmp word [ecx+baseRecordReuse], 0 |
3263 | cmp word [ecx+baseRecordReuse], 0 |
| 3254 | jnz ntfsUnsupported ; auxiliary record |
3264 | jnz ntfsUnsupported ; auxiliary record |
| 3255 | mov ecx, [ebp+NTFS.ntfs_attr_offs] |
3265 | mov ecx, [ebp+NTFS.attr_offs] |
| 3256 | cmp word [ecx+attributeFlags], 0 |
3266 | cmp word [ecx+attributeFlags], 0 |
| 3257 | jnz ntfsUnsupported |
3267 | jnz ntfsUnsupported |
| 3258 | push ebx |
3268 | push ebx |
| 3259 | cmp byte [ecx+nonResidentFlag], 0 |
3269 | cmp byte [ecx+nonResidentFlag], 0 |
| 3260 | jz .resizeAttribute |
3270 | jz .resizeAttribute |
| Line 3264... | Line 3274... | ||
| 3264 | cmp [ecx+attributeRealSize], eax |
3274 | cmp [ecx+attributeRealSize], eax |
| 3265 | jnc .writeNode |
3275 | jnc .writeNode |
| 3266 | .resizeAttribute: |
3276 | .resizeAttribute: |
| 3267 | call resizeAttribute |
3277 | call resizeAttribute |
| 3268 | jc ntfsErrorPop |
3278 | jc ntfsErrorPop |
| 3269 | mov ecx, [ebp+NTFS.ntfs_attr_offs] |
3279 | mov ecx, [ebp+NTFS.attr_offs] |
| 3270 | cmp byte [ecx+nonResidentFlag], 1 |
3280 | cmp byte [ecx+nonResidentFlag], 1 |
| 3271 | jz @f |
3281 | jz @f |
| 3272 | mov ebx, [esp] |
3282 | mov ebx, [esp] |
| 3273 | movzx edi, byte [ecx+attributeOffset] |
3283 | movzx edi, byte [ecx+attributeOffset] |
| 3274 | add edi, ecx |
3284 | add edi, ecx |
| Line 3276... | Line 3286... | ||
| 3276 | mov ecx, [ebx+12] |
3286 | mov ecx, [ebx+12] |
| 3277 | mov esi, [ebx+16] |
3287 | mov esi, [ebx+16] |
| 3278 | rep movsb |
3288 | rep movsb |
| 3279 | @@: |
3289 | @@: |
| 3280 | mov eax, [ebp+NTFS.frs_buffer] |
3290 | mov eax, [ebp+NTFS.frs_buffer] |
| 3281 | mov [ebp+NTFS.ntfs_cur_buf], eax |
3291 | mov [ebp+NTFS.cur_buf], eax |
| 3282 | call writeRecord ; file |
3292 | call writeRecord ; file |
| 3283 | mov ebx, [ebp+NTFS.frs_buffer] |
3293 | mov ebx, [ebp+NTFS.frs_buffer] |
| 3284 | call ntfs_restore_usa_frs |
3294 | call ntfs_restore_usa_frs |
| 3285 | .writeNode: |
3295 | .writeNode: |
| 3286 | mov eax, [ebp+NTFS.nodeLastRead] |
3296 | mov eax, [ebp+NTFS.nodeLastRead] |
| 3287 | mov [ebp+NTFS.ntfsLastRead], eax |
3297 | mov [ebp+NTFS.LastRead], eax |
| 3288 | mov eax, [ebp+NTFS.cur_index_buf] |
3298 | mov eax, [ebp+NTFS.cur_index_buf] |
| 3289 | mov [ebp+NTFS.ntfs_cur_buf], eax |
3299 | mov [ebp+NTFS.cur_buf], eax |
| 3290 | call writeRecord ; directory |
3300 | call writeRecord ; directory |
| 3291 | pop ebx |
3301 | pop ebx |
| 3292 | mov ecx, [ebp+NTFS.ntfs_attr_offs] |
3302 | mov ecx, [ebp+NTFS.attr_offs] |
| 3293 | cmp byte [ecx+nonResidentFlag], 0 |
3303 | cmp byte [ecx+nonResidentFlag], 0 |
| 3294 | jz .done |
3304 | jz .done |
| 3295 | mov ecx, [ebx+12] |
3305 | mov ecx, [ebx+12] |
| 3296 | test ecx, ecx |
3306 | test ecx, ecx |
| 3297 | jz .done |
3307 | jz .done |
| Line 3299... | Line 3309... | ||
| 3299 | mov edx, [ebx+8] |
3309 | mov edx, [ebx+8] |
| 3300 | mov esi, [ebx+16] |
3310 | mov esi, [ebx+16] |
| 3301 | shrd eax, edx, 9 |
3311 | shrd eax, edx, 9 |
| 3302 | test dword[ebx+4], 1FFh |
3312 | test dword[ebx+4], 1FFh |
| 3303 | jz .aligned |
3313 | jz .aligned |
| 3304 | mov [ebp+NTFS.ntfs_cur_offs], eax |
3314 | mov [ebp+NTFS.cur_offs], eax |
| 3305 | mov [ebp+NTFS.ntfs_cur_size], 1 |
3315 | mov [ebp+NTFS.cur_size], 1 |
| 3306 | lea edi, [ebp+NTFS.ntfs_bitmap_buf] |
3316 | lea edi, [ebp+NTFS.bitmap_buf] |
| 3307 | mov [ebp+NTFS.ntfs_cur_buf], edi |
3317 | mov [ebp+NTFS.cur_buf], edi |
| 3308 | call ntfs_read_attr.continue |
3318 | call ntfs_read_attr.continue |
| 3309 | jc ntfsDevice |
3319 | jc ntfsDevice |
| 3310 | mov eax, [ebx+4] |
3320 | mov eax, [ebx+4] |
| 3311 | and eax, 1FFh |
3321 | and eax, 1FFh |
| 3312 | add edi, eax |
3322 | add edi, eax |
| 3313 | sub eax, [ebp+NTFS.ntfs_cur_read] |
3323 | sub eax, [ebp+NTFS.cur_read] |
| 3314 | neg eax |
3324 | neg eax |
| 3315 | push ecx |
3325 | push ecx |
| 3316 | cmp ecx, eax |
3326 | cmp ecx, eax |
| 3317 | jb @f |
3327 | jb @f |
| 3318 | mov ecx, eax |
3328 | mov ecx, eax |
| 3319 | @@: |
3329 | @@: |
| 3320 | sub [esp], ecx |
3330 | sub [esp], ecx |
| 3321 | rep movsb |
3331 | rep movsb |
| 3322 | push ebx |
3332 | push ebx |
| 3323 | mov eax, [ebp+NTFS.ntfsLastRead] |
3333 | mov eax, [ebp+NTFS.LastRead] |
| 3324 | lea ebx, [ebp+NTFS.ntfs_bitmap_buf] |
3334 | lea ebx, [ebp+NTFS.bitmap_buf] |
| 3325 | mov ecx, 1 |
3335 | mov ecx, 1 |
| 3326 | xor edx, edx |
3336 | xor edx, edx |
| 3327 | call fs_write64_app |
3337 | call fs_write64_app |
| 3328 | pop ebx |
3338 | pop ebx |
| 3329 | pop ecx |
3339 | pop ecx |
| Line 3334... | Line 3344... | ||
| 3334 | shrd eax, edx, 9 |
3344 | shrd eax, edx, 9 |
| 3335 | inc eax |
3345 | inc eax |
| 3336 | .aligned: |
3346 | .aligned: |
| 3337 | push ecx |
3347 | push ecx |
| 3338 | shr ecx, 9 |
3348 | shr ecx, 9 |
| 3339 | mov [ebp+NTFS.ntfs_cur_offs], eax |
3349 | mov [ebp+NTFS.cur_offs], eax |
| 3340 | mov [ebp+NTFS.ntfs_cur_size], ecx |
3350 | mov [ebp+NTFS.cur_size], ecx |
| 3341 | mov [ebp+NTFS.ntfs_cur_buf], esi |
3351 | mov [ebp+NTFS.cur_buf], esi |
| 3342 | add eax, ecx |
3352 | add eax, ecx |
| 3343 | push eax |
3353 | push eax |
| 3344 | mov [ebp+NTFS.ntfsWriteAttr], 1 |
3354 | mov [ebp+NTFS.bWriteAttr], 1 |
| 3345 | call ntfs_read_attr.continue |
3355 | call ntfs_read_attr.continue |
| 3346 | mov [ebp+NTFS.ntfsWriteAttr], 0 |
3356 | mov [ebp+NTFS.bWriteAttr], 0 |
| 3347 | pop [ebp+NTFS.ntfs_cur_offs] |
3357 | pop [ebp+NTFS.cur_offs] |
| 3348 | pop ecx |
3358 | pop ecx |
| 3349 | jc ntfsDevice |
3359 | jc ntfsDevice |
| 3350 | and ecx, 1FFh |
3360 | and ecx, 1FFh |
| 3351 | jz .done |
3361 | jz .done |
| 3352 | add esi, [ebp+NTFS.ntfs_cur_read] |
3362 | add esi, [ebp+NTFS.cur_read] |
| 3353 | mov [ebp+NTFS.ntfs_cur_size], 1 |
3363 | mov [ebp+NTFS.cur_size], 1 |
| 3354 | lea edi, [ebp+NTFS.ntfs_bitmap_buf] |
3364 | lea edi, [ebp+NTFS.bitmap_buf] |
| 3355 | mov [ebp+NTFS.ntfs_cur_buf], edi |
3365 | mov [ebp+NTFS.cur_buf], edi |
| 3356 | call ntfs_read_attr.continue |
3366 | call ntfs_read_attr.continue |
| 3357 | jc ntfsDevice |
3367 | jc ntfsDevice |
| 3358 | rep movsb |
3368 | rep movsb |
| 3359 | push ebx |
3369 | push ebx |
| 3360 | mov eax, [ebp+NTFS.ntfsLastRead] |
3370 | mov eax, [ebp+NTFS.LastRead] |
| 3361 | lea ebx, [ebp+NTFS.ntfs_bitmap_buf] |
3371 | lea ebx, [ebp+NTFS.bitmap_buf] |
| 3362 | mov ecx, 1 |
3372 | mov ecx, 1 |
| 3363 | xor edx, edx |
3373 | xor edx, edx |
| 3364 | call fs_write64_app |
3374 | call fs_write64_app |
| 3365 | pop ebx |
3375 | pop ebx |
| 3366 | .done: |
3376 | .done: |
| Line 3376... | Line 3386... | ||
| 3376 | ret |
3386 | ret |
| 3377 | @@: |
3387 | @@: |
| 3378 | call ntfs_lock |
3388 | call ntfs_lock |
| 3379 | stdcall ntfs_find_lfn, [esp+4] |
3389 | stdcall ntfs_find_lfn, [esp+4] |
| 3380 | jc ntfsNotFound |
3390 | jc ntfsNotFound |
| 3381 | cmp [ebp+NTFS.ntfs_cur_iRecord], 16 |
3391 | cmp [ebp+NTFS.cur_iRecord], 16 |
| 3382 | jc ntfsDenied |
3392 | jc ntfsDenied |
| 3383 | cmp [ebp+NTFS.ntfsFragmentCount], 1 |
3393 | cmp [ebp+NTFS.fragmentCount], 1 |
| 3384 | jnz ntfsUnsupported ; record fragmented |
3394 | jnz ntfsUnsupported ; record fragmented |
| 3385 | test byte [eax+indexFlags], 1 |
3395 | test byte [eax+indexFlags], 1 |
| 3386 | jnz ntfsUnsupported ; index has a subnode |
3396 | jnz ntfsUnsupported ; index has a subnode |
| 3387 | mov edx, [ebp+NTFS.ntfs_cur_iRecord] |
3397 | mov edx, [ebp+NTFS.cur_iRecord] |
| 3388 | shr edx, 3 |
3398 | shr edx, 3 |
| 3389 | cmp edx, [ebp+NTFS.mftBitmapSize] |
3399 | cmp edx, [ebp+NTFS.mftBitmapSize] |
| 3390 | jnc ntfsUnsupported |
3400 | jnc ntfsUnsupported |
| 3391 | ; delete index from the node |
3401 | ; delete index from the node |
| 3392 | movzx edx, word [eax+indexAllocatedSize] |
3402 | movzx edx, word [eax+indexAllocatedSize] |
| Line 3401... | Line 3411... | ||
| 3401 | mov esi, [ebp+NTFS.frs_buffer] ; indexRoot |
3411 | mov esi, [ebp+NTFS.frs_buffer] ; indexRoot |
| 3402 | mov ecx, [esi+recordRealSize] |
3412 | mov ecx, [esi+recordRealSize] |
| 3403 | shr ecx, 2 |
3413 | shr ecx, 2 |
| 3404 | rep movsd |
3414 | rep movsd |
| 3405 | mov esi, [ebp+NTFS.cur_index_buf] |
3415 | mov esi, [ebp+NTFS.cur_index_buf] |
| 3406 | mov edi, [ebp+NTFS.ntfs_attr_offs] |
3416 | mov edi, [ebp+NTFS.attr_offs] |
| 3407 | sub edi, [ebp+NTFS.frs_buffer] |
3417 | sub edi, [ebp+NTFS.frs_buffer] |
| 3408 | add edi, esi |
3418 | add edi, esi |
| 3409 | sub [edi+sizeWithHeader], edx |
3419 | sub [edi+sizeWithHeader], edx |
| 3410 | sub [edi+sizeWithoutHeader], edx |
3420 | sub [edi+sizeWithoutHeader], edx |
| 3411 | mov cl, [edi+attributeOffset] |
3421 | mov cl, [edi+attributeOffset] |
| 3412 | add edi, ecx |
3422 | add edi, ecx |
| 3413 | sub [edi+16+nodeRealSize], edx |
3423 | sub [edi+rootNode+nodeRealSize], edx |
| 3414 | sub [edi+16+nodeAllocatedSize], edx |
3424 | sub [edi+rootNode+nodeAllocatedSize], edx |
| 3415 | sub eax, esi |
3425 | sub eax, esi |
| 3416 | add eax, edi |
3426 | add eax, edi |
| 3417 | sub [esi+recordRealSize], edx |
3427 | sub [esi+recordRealSize], edx |
| 3418 | mov ecx, [esi+recordRealSize] |
3428 | mov ecx, [esi+recordRealSize] |
| 3419 | jmp @f |
3429 | jmp @f |
| Line 3420... | Line 3430... | ||
| 3420 | 3430 | ||
| - | 3431 | .indexRecord: |
|
| 3421 | .indexRecord: |
3432 | add edi, recordNode+nodeRealSize |
| 3422 | sub [edi+28], edx |
3433 | sub [edi], edx |
| 3423 | mov ecx, [edi+28] |
3434 | mov ecx, [edi] |
| 3424 | add ecx, 24 |
3435 | add ecx, recordNode |
| 3425 | @@: |
3436 | @@: |
| 3426 | add ecx, [ebp+NTFS.cur_index_buf] |
3437 | add ecx, [ebp+NTFS.cur_index_buf] |
| 3427 | sub ecx, eax |
3438 | sub ecx, eax |
| 3428 | shr ecx, 2 |
3439 | shr ecx, 2 |
| 3429 | mov esi, eax |
3440 | mov esi, eax |
| 3430 | add esi, edx |
3441 | add esi, edx |
| 3431 | mov edi, eax |
3442 | mov edi, eax |
| 3432 | rep movsd |
3443 | rep movsd |
| 3433 | mov eax, [ebp+NTFS.ntfsLastRead] |
3444 | mov eax, [ebp+NTFS.LastRead] |
| 3434 | mov [ebp+NTFS.nodeLastRead], eax |
3445 | mov [ebp+NTFS.nodeLastRead], eax |
| 3435 | ; examine file record |
3446 | ; examine file record |
| 3436 | mov [ebp+NTFS.ntfs_cur_attr], 0x80 |
3447 | mov [ebp+NTFS.cur_attr], 0x80 |
| 3437 | mov [ebp+NTFS.ntfs_cur_offs], 0 |
3448 | mov [ebp+NTFS.cur_offs], 0 |
| 3438 | mov [ebp+NTFS.ntfs_cur_size], 0 |
3449 | mov [ebp+NTFS.cur_size], 0 |
| 3439 | call ntfs_read_attr |
3450 | call ntfs_read_attr |
| 3440 | jc .folder |
3451 | jc .folder |
| 3441 | mov esi, [ebp+NTFS.frs_buffer] |
3452 | mov esi, [ebp+NTFS.frs_buffer] |
| 3442 | cmp word [esi+baseRecordReuse], 0 |
3453 | cmp word [esi+baseRecordReuse], 0 |
| 3443 | jnz ntfsUnsupported ; auxiliary record |
3454 | jnz ntfsUnsupported ; auxiliary record |
| 3444 | mov esi, [ebp+NTFS.ntfs_attr_offs] |
3455 | mov esi, [ebp+NTFS.attr_offs] |
| 3445 | cmp byte [esi+nonResidentFlag], 0 |
3456 | cmp byte [esi+nonResidentFlag], 0 |
| 3446 | jz .writeBitmapMFT |
3457 | jz .writeBitmapMFT |
| 3447 | movzx eax, byte [esi+dataRunsOffset] |
3458 | movzx eax, byte [esi+dataRunsOffset] |
| 3448 | add esi, eax |
3459 | add esi, eax |
| Line 3460... | Line 3471... | ||
| 3460 | @@: |
3471 | @@: |
| 3461 | add esp, 16 |
3472 | add esp, 16 |
| 3462 | jmp .writeBitmapMFT |
3473 | jmp .writeBitmapMFT |
| Line 3463... | Line 3474... | ||
| 3463 | 3474 | ||
| 3464 | .folder: ; empty? |
3475 | .folder: ; empty? |
| 3465 | lea esi, [ebp+NTFS.ntfs_bitmap_buf] |
3476 | lea esi, [ebp+NTFS.bitmap_buf] |
| 3466 | mov [ebp+NTFS.ntfs_cur_buf], esi |
3477 | mov [ebp+NTFS.cur_buf], esi |
| 3467 | mov [ebp+NTFS.ntfs_cur_attr], 0x90 |
3478 | mov [ebp+NTFS.cur_attr], 0x90 |
| 3468 | mov [ebp+NTFS.ntfs_cur_offs], 0 |
3479 | mov [ebp+NTFS.cur_offs], 0 |
| 3469 | mov [ebp+NTFS.ntfs_cur_size], 1 |
3480 | mov [ebp+NTFS.cur_size], 1 |
| 3470 | call ntfs_read_attr |
3481 | call ntfs_read_attr |
| 3471 | cmp [ebp+NTFS.ntfs_cur_read], 48 |
3482 | cmp [ebp+NTFS.cur_read], 48 |
| 3472 | jnz ntfsDenied |
3483 | jnz ntfsDenied |
| 3473 | test byte [esi+32+indexFlags], 1 |
3484 | test byte [esi+32+indexFlags], 1 |
| 3474 | jnz ntfsDenied |
3485 | jnz ntfsDenied |
| 3475 | .writeBitmapMFT: ; "delete" file record |
3486 | .writeBitmapMFT: ; "delete" file record |
| 3476 | mov eax, [ebp+NTFS.ntfs_cur_iRecord] |
3487 | mov eax, [ebp+NTFS.cur_iRecord] |
| 3477 | mov ecx, eax |
3488 | mov ecx, eax |
| 3478 | shr eax, 3 |
3489 | shr eax, 3 |
| 3479 | and ecx, 7 |
3490 | and ecx, 7 |
| 3480 | mov edi, [ebp+NTFS.mftBitmapBuffer] |
3491 | mov edi, [ebp+NTFS.mftBitmapBuffer] |
| Line 3486... | Line 3497... | ||
| 3486 | add ebx, edi |
3497 | add ebx, edi |
| 3487 | mov ecx, 1 |
3498 | mov ecx, 1 |
| 3488 | xor edx, edx |
3499 | xor edx, edx |
| 3489 | call fs_write64_sys |
3500 | call fs_write64_sys |
| 3490 | mov esi, [ebp+NTFS.frs_buffer] |
3501 | mov esi, [ebp+NTFS.frs_buffer] |
| 3491 | mov [ebp+NTFS.ntfs_cur_buf], esi |
3502 | mov [ebp+NTFS.cur_buf], esi |
| 3492 | mov byte [esi+recordFlags], 0 |
3503 | mov byte [esi+recordFlags], 0 |
| 3493 | call writeRecord |
3504 | call writeRecord |
| 3494 | ; write directory node |
3505 | ; write directory node |
| 3495 | mov eax, [ebp+NTFS.nodeLastRead] |
3506 | mov eax, [ebp+NTFS.nodeLastRead] |
| 3496 | mov [ebp+NTFS.ntfsLastRead], eax |
3507 | mov [ebp+NTFS.LastRead], eax |
| 3497 | mov eax, [ebp+NTFS.cur_index_buf] |
3508 | mov eax, [ebp+NTFS.cur_index_buf] |
| 3498 | mov [ebp+NTFS.ntfs_cur_buf], eax |
3509 | mov [ebp+NTFS.cur_buf], eax |
| 3499 | call writeRecord |
3510 | call writeRecord |
| 3500 | jmp ntfsDone |
3511 | jmp ntfsDone |
| Line 3501... | Line 3512... | ||
| 3501 | 3512 | ||
| 3502 | ;---------------------------------------------------------------- |
3513 | ;---------------------------------------------------------------- |
| Line 3508... | Line 3519... | ||
| 3508 | ret |
3519 | ret |
| 3509 | @@: |
3520 | @@: |
| 3510 | call ntfs_lock |
3521 | call ntfs_lock |
| 3511 | stdcall ntfs_find_lfn, [esp+4] |
3522 | stdcall ntfs_find_lfn, [esp+4] |
| 3512 | jc ntfsNotFound |
3523 | jc ntfsNotFound |
| 3513 | cmp [ebp+NTFS.ntfs_cur_iRecord], 16 |
3524 | cmp [ebp+NTFS.cur_iRecord], 16 |
| 3514 | jc ntfsDenied |
3525 | jc ntfsDenied |
| 3515 | bt dword [eax+fileFlags], 28 |
3526 | bt dword [eax+fileFlags], 28 |
| 3516 | jc ntfsDenied |
3527 | jc ntfsDenied |
| 3517 | cmp [ebp+NTFS.ntfsFragmentCount], 1 |
3528 | cmp [ebp+NTFS.fragmentCount], 1 |
| 3518 | jnz ntfsUnsupported ; record fragmented |
3529 | jnz ntfsUnsupported ; record fragmented |
| 3519 | ; edit directory node |
3530 | ; edit directory node |
| 3520 | mov edi, [ebp+NTFS.cur_index_buf] |
3531 | mov edi, [ebp+NTFS.cur_index_buf] |
| 3521 | cmp dword [edi], 'INDX' |
3532 | cmp dword [edi], 'INDX' |
| 3522 | jz @f |
3533 | jz @f |
| 3523 | mov esi, [ebp+NTFS.frs_buffer] |
3534 | mov esi, [ebp+NTFS.frs_buffer] |
| 3524 | mov ecx, [esi+recordRealSize] |
3535 | mov ecx, [esi+recordRealSize] |
| 3525 | shr ecx, 2 |
3536 | shr ecx, 2 |
| 3526 | rep movsd |
3537 | rep movsd |
| 3527 | mov esi, [ebp+NTFS.ntfs_attr_offs] |
3538 | mov esi, [ebp+NTFS.attr_offs] |
| 3528 | mov cl, [esi+attributeOffset] |
3539 | mov cl, [esi+attributeOffset] |
| 3529 | sub esi, [ebp+NTFS.frs_buffer] |
3540 | sub esi, [ebp+NTFS.frs_buffer] |
| 3530 | add eax, ecx |
3541 | add eax, ecx |
| 3531 | add eax, esi |
3542 | add eax, esi |
| 3532 | @@: |
3543 | @@: |
| 3533 | mov ecx, [ebx+4] |
3544 | mov ecx, [ebx+4] |
| 3534 | mov edx, [ebx+8] |
3545 | mov edx, [ebx+8] |
| 3535 | mov [eax+fileRealSize], ecx |
3546 | mov [eax+fileRealSize], ecx |
| 3536 | mov [eax+fileRealSize+4], edx |
3547 | mov [eax+fileRealSize+4], edx |
| 3537 | mov eax, [ebp+NTFS.ntfsLastRead] |
3548 | mov eax, [ebp+NTFS.LastRead] |
| 3538 | mov [ebp+NTFS.nodeLastRead], eax |
3549 | mov [ebp+NTFS.nodeLastRead], eax |
| 3539 | mov [ebp+NTFS.ntfs_cur_attr], 0x80 |
3550 | mov [ebp+NTFS.cur_attr], 0x80 |
| 3540 | mov [ebp+NTFS.ntfs_cur_offs], 0 |
3551 | mov [ebp+NTFS.cur_offs], 0 |
| 3541 | mov [ebp+NTFS.ntfs_cur_size], 0 |
3552 | mov [ebp+NTFS.cur_size], 0 |
| 3542 | call ntfs_read_attr |
3553 | call ntfs_read_attr |
| 3543 | jc ntfsFail |
3554 | jc ntfsFail |
| 3544 | mov eax, ecx |
3555 | mov eax, ecx |
| 3545 | mov ecx, [ebp+NTFS.frs_buffer] |
3556 | mov ecx, [ebp+NTFS.frs_buffer] |
| 3546 | cmp word [ecx+baseRecordReuse], 0 |
3557 | cmp word [ecx+baseRecordReuse], 0 |
| 3547 | jnz ntfsUnsupported ; auxiliary record |
3558 | jnz ntfsUnsupported ; auxiliary record |
| 3548 | mov ecx, [ebp+NTFS.ntfs_attr_offs] |
3559 | mov ecx, [ebp+NTFS.attr_offs] |
| 3549 | cmp word [ecx+attributeFlags], 0 |
3560 | cmp word [ecx+attributeFlags], 0 |
| 3550 | jnz ntfsUnsupported |
3561 | jnz ntfsUnsupported |
| 3551 | cmp byte [ecx+nonResidentFlag], 0 |
3562 | cmp byte [ecx+nonResidentFlag], 0 |
| 3552 | jz .resizeAttribute |
3563 | jz .resizeAttribute |
| 3553 | cmp [ecx+attributeRealSize+4], edx |
3564 | cmp [ecx+attributeRealSize+4], edx |
| 3554 | jnz .resizeAttribute |
3565 | jnz .resizeAttribute |
| 3555 | cmp [ecx+attributeRealSize], eax |
3566 | cmp [ecx+attributeRealSize], eax |
| 3556 | jnc .resizeAttribute |
3567 | jnc .resizeAttribute |
| 3557 | mov eax, [ecx+attributeRealSize] |
3568 | mov eax, [ecx+attributeRealSize] |
| 3558 | mov ecx, [ebp+NTFS.sectors_per_cluster] |
3569 | mov ecx, [ebp+NTFS.sectors_per_cluster] |
| 3559 | mov [ebp+NTFS.ntfs_cur_size], ecx |
3570 | mov [ebp+NTFS.cur_size], ecx |
| 3560 | shl ecx, 9 |
3571 | shl ecx, 9 |
| 3561 | div ecx |
3572 | div ecx |
| 3562 | test edx, edx |
3573 | test edx, edx |
| 3563 | jz .aligned |
3574 | jz .aligned |
| 3564 | push edx |
3575 | push edx |
| 3565 | push ecx |
3576 | push ecx |
| 3566 | mul [ebp+NTFS.sectors_per_cluster] |
3577 | mul [ebp+NTFS.sectors_per_cluster] |
| 3567 | mov [ebp+NTFS.ntfs_cur_offs], eax |
3578 | mov [ebp+NTFS.cur_offs], eax |
| 3568 | stdcall kernel_alloc, ecx |
3579 | stdcall kernel_alloc, ecx |
| 3569 | pop ecx |
3580 | pop ecx |
| 3570 | pop edi |
3581 | pop edi |
| 3571 | sub ecx, edi |
3582 | sub ecx, edi |
| 3572 | add edi, eax |
3583 | add edi, eax |
| 3573 | mov [ebp+NTFS.ntfs_cur_buf], eax |
3584 | mov [ebp+NTFS.cur_buf], eax |
| 3574 | push [ebp+NTFS.ntfsLastRead] |
3585 | push [ebp+NTFS.LastRead] |
| 3575 | call ntfs_read_attr.continue |
3586 | call ntfs_read_attr.continue |
| 3576 | jc @f |
3587 | jc @f |
| 3577 | xor eax, eax |
3588 | xor eax, eax |
| 3578 | rep stosb |
3589 | rep stosb |
| 3579 | push ebx |
3590 | push ebx |
| 3580 | mov eax, [ebp+NTFS.ntfsLastRead] |
3591 | mov eax, [ebp+NTFS.LastRead] |
| 3581 | mov ebx, [ebp+NTFS.ntfs_cur_buf] |
3592 | mov ebx, [ebp+NTFS.cur_buf] |
| 3582 | mov ecx, [ebp+NTFS.sectors_per_cluster] |
3593 | mov ecx, [ebp+NTFS.sectors_per_cluster] |
| 3583 | xor edx, edx |
3594 | xor edx, edx |
| 3584 | call fs_write64_app |
3595 | call fs_write64_app |
| 3585 | pop ebx |
3596 | pop ebx |
| 3586 | @@: |
3597 | @@: |
| 3587 | pop [ebp+NTFS.ntfsLastRead] |
3598 | pop [ebp+NTFS.LastRead] |
| 3588 | stdcall kernel_free, [ebp+NTFS.ntfs_cur_buf] |
3599 | stdcall kernel_free, [ebp+NTFS.cur_buf] |
| 3589 | .aligned: |
3600 | .aligned: |
| 3590 | mov eax, [ebx+4] |
3601 | mov eax, [ebx+4] |
| 3591 | mov edx, [ebx+8] |
3602 | mov edx, [ebx+8] |
| 3592 | .resizeAttribute: |
3603 | .resizeAttribute: |
| 3593 | call resizeAttribute |
3604 | call resizeAttribute |
| 3594 | jc ntfsError |
3605 | jc ntfsError |
| 3595 | mov eax, [ebp+NTFS.frs_buffer] |
3606 | mov eax, [ebp+NTFS.frs_buffer] |
| 3596 | mov [ebp+NTFS.ntfs_cur_buf], eax |
3607 | mov [ebp+NTFS.cur_buf], eax |
| 3597 | call writeRecord ; file |
3608 | call writeRecord ; file |
| 3598 | mov eax, [ebp+NTFS.nodeLastRead] |
3609 | mov eax, [ebp+NTFS.nodeLastRead] |
| 3599 | mov [ebp+NTFS.ntfsLastRead], eax |
3610 | mov [ebp+NTFS.LastRead], eax |
| 3600 | mov eax, [ebp+NTFS.cur_index_buf] |
3611 | mov eax, [ebp+NTFS.cur_index_buf] |
| 3601 | mov [ebp+NTFS.ntfs_cur_buf], eax |
3612 | mov [ebp+NTFS.cur_buf], eax |
| 3602 | call writeRecord ; directory |
3613 | call writeRecord ; directory |
| 3603 | call ntfsSpaceClean |
3614 | call ntfsSpaceClean |
| 3604 | jmp ntfsDone |
3615 | jmp ntfsDone |
| Line 3605... | Line 3616... | ||
| 3605 | 3616 | ||