Rev 6292 | Rev 6340 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 6292 | Rev 6297 | ||
---|---|---|---|
Line 3... | Line 3... | ||
3 | ;; Copyright (C) KolibriOS team 2004-2016. All rights reserved. ;; |
3 | ;; Copyright (C) KolibriOS team 2004-2016. All rights reserved. ;; |
4 | ;; Distributed under terms of the GNU General Public License ;; |
4 | ;; Distributed under terms of the GNU General Public License ;; |
5 | ;; ;; |
5 | ;; ;; |
6 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; |
6 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; |
Line 7... | Line 7... | ||
7 | 7 | ||
Line 8... | Line 8... | ||
8 | $Revision: 6292 $ |
8 | $Revision: 6297 $ |
Line 9... | Line 9... | ||
9 | 9 | ||
10 | ; NTFS driver |
10 | ; NTFS driver |
Line 81... | Line 81... | ||
81 | indexAllocatedSize = 8 |
81 | indexAllocatedSize = 8 |
82 | indexRawSize = 10 |
82 | indexRawSize = 10 |
83 | indexFlags = 12 |
83 | indexFlags = 12 |
84 | directoryRecordReference = 16 |
84 | directoryRecordReference = 16 |
85 | directoryReferenceReuse = 16h |
85 | directoryReferenceReuse = 16h |
- | 86 | fileCreated = 18h |
|
- | 87 | fileModified = 20h |
|
- | 88 | recordModified = 28h |
|
- | 89 | fileAccessed = 30h |
|
86 | fileAllocatedSize = 38h |
90 | fileAllocatedSize = 38h |
87 | fileRealSize = 40h |
91 | fileRealSize = 40h |
88 | fileFlags = 48h |
92 | fileFlags = 48h |
89 | fileNameLength = 50h |
93 | fileNameLength = 50h |
- | 94 | namespace = 51h |
|
- | 95 | fileName = 52h |
|
Line 90... | Line 96... | ||
90 | 96 | ||
91 | struct NTFS PARTITION |
97 | struct NTFS PARTITION |
92 | Lock MUTEX ? ; Currently operations with one partition |
98 | Lock MUTEX ? ; Currently operations with one partition |
93 | ; can not be executed in parallel since the legacy code is not ready. |
99 | ; can not be executed in parallel since the legacy code is not ready. |
Line 273... | Line 279... | ||
273 | call ntfs_test_bootsec |
279 | call ntfs_test_bootsec |
274 | jnc .ntfs_setup |
280 | jnc .ntfs_setup |
275 | .nope: |
281 | .nope: |
276 | xor eax, eax |
282 | xor eax, eax |
277 | jmp .exit |
283 | jmp .exit |
- | 284 | ||
278 | ; By given bootsector, initialize some NTFS variables |
285 | ; By given bootsector, initialize some NTFS variables |
279 | .ntfs_setup: |
286 | .ntfs_setup: |
280 | movi eax, sizeof.NTFS |
287 | movi eax, sizeof.NTFS |
281 | call malloc |
288 | call malloc |
282 | test eax, eax |
289 | test eax, eax |
Line 307... | Line 314... | ||
307 | test eax, eax |
314 | test eax, eax |
308 | js @f |
315 | js @f |
309 | mul [ebp+NTFS.sectors_per_cluster] |
316 | mul [ebp+NTFS.sectors_per_cluster] |
310 | shl eax, 9 |
317 | shl eax, 9 |
311 | jmp .1 |
318 | jmp .1 |
- | 319 | ||
312 | @@: |
320 | @@: |
313 | neg eax |
321 | neg eax |
314 | mov ecx, eax |
322 | mov ecx, eax |
315 | mov eax, 1 |
323 | mov eax, 1 |
316 | shl eax, cl |
324 | shl eax, cl |
Line 362... | Line 370... | ||
362 | cmp byte [eax+9], 0 |
370 | cmp byte [eax+9], 0 |
363 | jz .founddata |
371 | jz .founddata |
364 | @@: |
372 | @@: |
365 | add eax, [eax+4] |
373 | add eax, [eax+4] |
366 | jmp .scandata |
374 | jmp .scandata |
- | 375 | ||
367 | .founddata: |
376 | .founddata: |
368 | cmp byte [eax+8], 0 |
377 | cmp byte [eax+8], 0 |
369 | jz .fail_free_mft |
378 | jz .fail_free_mft |
370 | ; load first portion of $DATA attribute retrieval information |
379 | ; load first portion of $DATA attribute retrieval information |
371 | mov edx, [eax+0x18] |
380 | mov edx, [eax+0x18] |
Line 382... | Line 391... | ||
382 | mov [eax], edx |
391 | mov [eax], edx |
383 | mov edx, [esp+8] ; block addr (relative) |
392 | mov edx, [esp+8] ; block addr (relative) |
384 | mov [eax+4], edx |
393 | mov [eax+4], edx |
385 | inc [ebp+NTFS.mft_retrieval_size] |
394 | inc [ebp+NTFS.mft_retrieval_size] |
386 | jmp .scanmcb |
395 | jmp .scanmcb |
- | 396 | ||
387 | .scanmcbend: |
397 | .scanmcbend: |
388 | add esp, 10h |
398 | add esp, 10h |
389 | ; there may be other portions of $DATA attribute in auxiliary records; |
399 | ; there may be other portions of $DATA attribute in auxiliary records; |
390 | ; if they will be needed, they will be loaded later |
400 | ; if they will be needed, they will be loaded later |
391 | mov [ebp+NTFS.cur_index_size], 0x1000/0x200 |
401 | mov [ebp+NTFS.cur_index_size], 0x1000/0x200 |
Line 496... | Line 506... | ||
496 | test eax, eax |
506 | test eax, eax |
497 | jnz @f |
507 | jnz @f |
498 | popad |
508 | popad |
499 | add esp, 14h |
509 | add esp, 14h |
500 | jmp .fail_free_mft |
510 | jmp .fail_free_mft |
- | 511 | ||
501 | @@: |
512 | @@: |
502 | mov esi, [ebp+NTFS.mft_retrieval] |
513 | mov esi, [ebp+NTFS.mft_retrieval] |
503 | mov edi, eax |
514 | mov edi, eax |
504 | mov ecx, [ebp+NTFS.mft_retrieval_size] |
515 | mov ecx, [ebp+NTFS.mft_retrieval_size] |
505 | add ecx, ecx |
516 | add ecx, ecx |
Line 599... | Line 610... | ||
599 | add eax, [ebp+NTFS.mft_retrieval] |
610 | add eax, [ebp+NTFS.mft_retrieval] |
600 | cmp eax, esi |
611 | cmp eax, esi |
601 | pop eax |
612 | pop eax |
602 | jnz .mftscan |
613 | jnz .mftscan |
603 | jmp .nomft |
614 | jmp .nomft |
- | 615 | ||
604 | @@: |
616 | @@: |
605 | push ecx |
617 | push ecx |
606 | add ecx, eax |
618 | add ecx, eax |
607 | add ecx, [esi] |
619 | add ecx, [esi] |
608 | push eax |
620 | push eax |
Line 647... | Line 659... | ||
647 | add eax, [ebp+NTFS.mft_retrieval] |
659 | add eax, [ebp+NTFS.mft_retrieval] |
648 | cmp eax, esi |
660 | cmp eax, esi |
649 | pop eax |
661 | pop eax |
650 | jz .nomft |
662 | jz .nomft |
651 | jmp .mftscan |
663 | jmp .mftscan |
652 | @@: |
664 | |
- | 665 | .errret2_pop: |
|
653 | popad |
666 | xor eax, eax |
- | 667 | .errret_pop: |
|
654 | ret |
668 | pop ecx |
655 | .errread: |
669 | .errread: |
656 | pop ecx |
670 | pop ecx |
657 | .errret: |
671 | .errret: |
658 | mov [esp+28], eax |
672 | mov [esp+28], eax |
659 | stc |
673 | stc |
- | 674 | @@: |
|
660 | popad |
675 | popad |
661 | ret |
676 | ret |
- | 677 | ||
662 | .nomft: |
678 | .nomft: |
663 | ; 1. Read file record. |
679 | ; 1. Read file record. |
664 | ; N.B. This will do recursive call of read_attr for $MFT::$Data. |
680 | ; N.B. This will do recursive call of read_attr for $MFT::$Data. |
665 | mov eax, [ebp+NTFS.cur_iRecord] |
681 | mov eax, [ebp+NTFS.cur_iRecord] |
666 | mov [ebp+NTFS.attr_iRecord], eax |
682 | mov [ebp+NTFS.attr_iRecord], eax |
Line 673... | Line 689... | ||
673 | ; 2. Find required attribute. |
689 | ; 2. Find required attribute. |
674 | mov eax, [ebp+NTFS.frs_buffer] |
690 | mov eax, [ebp+NTFS.frs_buffer] |
675 | ; a) For auxiliary records, read base record. |
691 | ; a) For auxiliary records, read base record. |
676 | ; If base record is present, base iRecord may be 0 (for $Mft), |
692 | ; If base record is present, base iRecord may be 0 (for $Mft), |
677 | ; but SequenceNumber is nonzero. |
693 | ; but SequenceNumber is nonzero. |
678 | cmp dword [eax+24h], 0 |
694 | cmp word [eax+baseRecordReuse], 0 |
679 | jz @f |
695 | jz @f |
680 | mov eax, [eax+20h] |
696 | mov eax, [eax+baseRecordReference] |
681 | .beginfindattr: |
697 | .beginfindattr: |
682 | mov [ebp+NTFS.attr_iRecord], eax |
698 | mov [ebp+NTFS.attr_iRecord], eax |
683 | call ntfs_read_file_record |
699 | call ntfs_read_file_record |
684 | jc .errret |
700 | jc .errret |
685 | jmp @f |
701 | jmp @f |
- | 702 | ||
686 | .newAttribute: |
703 | .newAttribute: |
687 | pushad |
704 | pushad |
- | 705 | and [ebp+NTFS.cur_read], 0 |
|
688 | @@: |
706 | @@: |
689 | ; b) Scan for required attribute and for $ATTR_LIST |
707 | ; b) Scan for required attribute and for $ATTR_LIST |
690 | mov eax, [ebp+NTFS.frs_buffer] |
708 | mov eax, [ebp+NTFS.frs_buffer] |
691 | movzx ecx, word [eax+14h] |
709 | movzx ecx, word [eax+attributeOffset] |
692 | add eax, ecx |
710 | add eax, ecx |
693 | mov ecx, [ebp+NTFS.cur_attr] |
711 | mov ecx, [ebp+NTFS.cur_attr] |
694 | and [ebp+NTFS.attr_offs], 0 |
712 | and [ebp+NTFS.attr_offs], 0 |
695 | .scanattr: |
713 | .scanattr: |
696 | cmp dword [eax], -1 |
714 | cmp dword [eax], -1 |
Line 701... | Line 719... | ||
701 | jnz .scancont |
719 | jnz .scancont |
702 | cmp dword [eax], 0x20 ; $ATTR_LIST |
720 | cmp dword [eax], 0x20 ; $ATTR_LIST |
703 | jnz .scancont |
721 | jnz .scancont |
704 | mov [ebp+NTFS.attr_list], eax |
722 | mov [ebp+NTFS.attr_list], eax |
705 | jmp .scancont |
723 | jmp .scancont |
- | 724 | ||
706 | .okattr: |
725 | .okattr: |
707 | ; ignore named $DATA attributes (aka NTFS streams) |
726 | ; ignore named $DATA attributes (aka NTFS streams) |
708 | cmp ecx, 0x80 |
727 | cmp ecx, 0x80 |
709 | jnz @f |
728 | jnz @f |
710 | cmp byte [eax+9], 0 |
729 | cmp byte [eax+nameLength], 0 |
711 | jnz .scancont |
730 | jnz .scancont |
712 | @@: |
731 | @@: |
713 | mov [ebp+NTFS.attr_offs], eax |
732 | mov [ebp+NTFS.attr_offs], eax |
714 | .scancont: |
733 | .scancont: |
715 | add eax, [eax+4] |
734 | add eax, [eax+sizeWithHeader] |
716 | jmp .scanattr |
735 | jmp .scanattr |
- | 736 | ||
717 | .continue: |
737 | .continue: |
718 | pushad |
738 | pushad |
719 | and [ebp+NTFS.cur_read], 0 |
739 | and [ebp+NTFS.cur_read], 0 |
720 | .scandone: |
740 | .scandone: |
721 | ; c) Check for required offset and length |
741 | ; c) Check for required offset and length |
Line 724... | Line 744... | ||
724 | push [ebp+NTFS.cur_size] |
744 | push [ebp+NTFS.cur_size] |
725 | push [ebp+NTFS.cur_read] |
745 | push [ebp+NTFS.cur_read] |
726 | call .doreadattr |
746 | call .doreadattr |
727 | pop edx |
747 | pop edx |
728 | pop ecx |
748 | pop ecx |
729 | jc @f |
749 | jc .ret |
730 | cmp [ebp+NTFS.bCanContinue], 0 |
750 | cmp [ebp+NTFS.bCanContinue], 0 |
731 | jz @f |
751 | jz .ret |
732 | sub edx, [ebp+NTFS.cur_read] |
752 | sub edx, [ebp+NTFS.cur_read] |
733 | neg edx |
753 | neg edx |
734 | shr edx, 9 |
754 | shr edx, 9 |
735 | sub ecx, edx |
755 | sub ecx, edx |
736 | mov [ebp+NTFS.cur_size], ecx |
756 | mov [ebp+NTFS.cur_size], ecx |
737 | jnz .not_in_cur |
757 | jz .ret |
738 | @@: |
- | |
739 | popad |
- | |
740 | ret |
- | |
741 | .noattr: |
758 | .noattr: |
742 | .not_in_cur: |
- | |
743 | cmp [ebp+NTFS.cur_attr], 0x20 |
759 | cmp [ebp+NTFS.cur_attr], 0x20 |
744 | jz @f |
760 | jz @f |
745 | mov ecx, [ebp+NTFS.attr_list] |
761 | mov ecx, [ebp+NTFS.attr_list] |
746 | test ecx, ecx |
762 | test ecx, ecx |
747 | jnz .lookattr |
763 | jnz .lookattr |
748 | .ret_is_attr: |
764 | .ret_is_attr: |
749 | and dword [esp+28], 0 |
765 | and dword [esp+28], 0 |
750 | cmp [ebp+NTFS.attr_offs], 1 ; CF set <=> attr_offs == 0 |
766 | cmp [ebp+NTFS.attr_offs], 1 ; define CF |
- | 767 | .ret: |
|
751 | popad |
768 | popad |
752 | ret |
769 | ret |
- | 770 | ||
753 | .lookattr: |
771 | .lookattr: |
754 | ; required attribute or required offset was not found in base record; |
772 | ; required attribute or required offset was not found in base record; |
755 | ; it may be present in auxiliary records; |
773 | ; it may be present in auxiliary records; |
756 | ; scan $ATTR_LIST |
774 | ; scan $ATTR_LIST |
757 | mov eax, [ebp+NTFS.attr_iBaseRecord] |
775 | mov eax, [ebp+NTFS.attr_iBaseRecord] |
Line 802... | Line 820... | ||
802 | jz @f |
820 | jz @f |
803 | .scanlistcont: |
821 | .scanlistcont: |
804 | movzx ecx, word [esi+4] |
822 | movzx ecx, word [esi+4] |
805 | add esi, ecx |
823 | add esi, ecx |
806 | jmp .scanlist |
824 | jmp .scanlist |
- | 825 | ||
807 | @@: |
826 | @@: |
808 | ; ignore named $DATA attributes (aka NTFS streams) |
827 | ; ignore named $DATA attributes (aka NTFS streams) |
809 | cmp eax, 0x80 |
828 | cmp eax, 0x80 |
810 | jnz @f |
829 | jnz @f |
811 | cmp byte [esi+6], 0 |
830 | cmp byte [esi+6], 0 |
Line 820... | Line 839... | ||
820 | cmp eax, -1 |
839 | cmp eax, -1 |
821 | jnz .testfz |
840 | jnz .testfz |
822 | ; if attribute is in auxiliary records, its size is defined only in first |
841 | ; if attribute is in auxiliary records, its size is defined only in first |
823 | mov eax, [esi+10h] |
842 | mov eax, [esi+10h] |
824 | call ntfs_read_file_record |
843 | call ntfs_read_file_record |
825 | jnc @f |
- | |
826 | .errret_pop: |
- | |
827 | pop ecx ecx |
- | |
828 | jmp .errret |
- | |
829 | .errret2_pop: |
- | |
830 | xor eax, eax |
- | |
831 | jmp .errret_pop |
844 | jc .errret_pop |
832 | @@: |
- | |
833 | mov eax, [ebp+NTFS.frs_buffer] |
845 | mov eax, [ebp+NTFS.frs_buffer] |
834 | movzx ecx, word [eax+14h] |
846 | movzx ecx, word [eax+14h] |
835 | add eax, ecx |
847 | add eax, ecx |
836 | mov ecx, [ebp+NTFS.cur_attr] |
848 | mov ecx, [ebp+NTFS.cur_attr] |
837 | @@: |
849 | @@: |
Line 840... | Line 852... | ||
840 | cmp dword [eax], ecx |
852 | cmp dword [eax], ecx |
841 | jz @f |
853 | jz @f |
842 | .l1: |
854 | .l1: |
843 | add eax, [eax+4] |
855 | add eax, [eax+4] |
844 | jmp @b |
856 | jmp @b |
- | 857 | ||
845 | @@: |
858 | @@: |
846 | cmp eax, 0x80 |
859 | cmp eax, 0x80 |
847 | jnz @f |
860 | jnz @f |
848 | cmp byte [eax+9], 0 |
861 | cmp byte [eax+9], 0 |
849 | jnz .l1 |
862 | jnz .l1 |
Line 852... | Line 865... | ||
852 | jnz .sdnores |
865 | jnz .sdnores |
853 | mov eax, [eax+10h] |
866 | mov eax, [eax+10h] |
854 | mov dword [ebp+NTFS.attr_size], eax |
867 | mov dword [ebp+NTFS.attr_size], eax |
855 | and dword [ebp+NTFS.attr_size+4], 0 |
868 | and dword [ebp+NTFS.attr_size+4], 0 |
856 | jmp .testfz |
869 | jmp .testfz |
- | 870 | ||
857 | .sdnores: |
871 | .sdnores: |
858 | mov ecx, [eax+30h] |
872 | mov ecx, [eax+30h] |
859 | mov dword [ebp+NTFS.attr_size], ecx |
873 | mov dword [ebp+NTFS.attr_size], ecx |
860 | mov ecx, [eax+34h] |
874 | mov ecx, [eax+34h] |
861 | mov dword [ebp+NTFS.attr_size+4], ecx |
875 | mov dword [ebp+NTFS.attr_size+4], ecx |
Line 866... | Line 880... | ||
866 | cmp eax, [ebp+NTFS.cur_offs] |
880 | cmp eax, [ebp+NTFS.cur_offs] |
867 | pop eax |
881 | pop eax |
868 | ja @f |
882 | ja @f |
869 | mov edi, [esi+10h] ; keep previous iRecord |
883 | mov edi, [esi+10h] ; keep previous iRecord |
870 | jmp .scanlistcont |
884 | jmp .scanlistcont |
- | 885 | ||
871 | @@: |
886 | @@: |
872 | pop ecx |
887 | pop ecx |
873 | .scanlistfound: |
888 | .scanlistfound: |
874 | cmp edi, -1 |
889 | cmp edi, -1 |
875 | jnz @f |
890 | jz .ret |
876 | popad |
- | |
877 | ret |
- | |
878 | @@: |
- | |
879 | mov eax, [ebp+NTFS.cur_iRecord] |
891 | mov eax, [ebp+NTFS.cur_iRecord] |
880 | mov [ebp+NTFS.attr_iBaseRecord], eax |
892 | mov [ebp+NTFS.attr_iBaseRecord], eax |
881 | mov eax, edi |
893 | mov eax, edi |
882 | jmp .beginfindattr |
894 | jmp .beginfindattr |
- | 895 | ||
883 | .scanlistdone: |
896 | .scanlistdone: |
884 | pop ecx |
897 | pop ecx |
885 | sub ecx, ebp |
898 | sub ecx, ebp |
886 | sub ecx, NTFS.attrlist_buf-1Ah |
899 | sub ecx, NTFS.attrlist_buf-1Ah |
887 | cmp [ebp+NTFS.cur_iRecord], 0 |
900 | cmp [ebp+NTFS.cur_iRecord], 0 |
Line 934... | Line 947... | ||
934 | add ecx, NTFS.attrlist_mft_buf-NTFS.attrlist_buf |
947 | add ecx, NTFS.attrlist_mft_buf-NTFS.attrlist_buf |
935 | jmp .scanliststart |
948 | jmp .scanliststart |
Line 936... | Line 949... | ||
936 | 949 | ||
937 | .doreadattr: |
950 | .doreadattr: |
938 | mov [ebp+NTFS.bCanContinue], 0 |
951 | mov [ebp+NTFS.bCanContinue], 0 |
939 | cmp byte [ecx+8], 0 |
952 | cmp byte [ecx+nonResidentFlag], 0 |
940 | jnz .nonresident |
953 | jnz .nonresident |
941 | mov eax, [ecx+10h] ; length |
954 | mov eax, [ecx+sizeWithoutHeader] |
942 | mov esi, eax |
955 | mov esi, eax |
943 | mov edx, [ebp+NTFS.cur_offs] |
956 | mov edx, [ebp+NTFS.cur_offs] |
944 | shr eax, 9 |
957 | shr eax, 9 |
945 | cmp eax, edx |
958 | cmp eax, edx |
946 | jb .okret |
959 | jb .okret |
947 | shl edx, 9 |
960 | shl edx, 9 |
948 | sub esi, edx |
961 | sub esi, edx |
949 | movzx eax, word [ecx+14h] |
962 | movzx eax, word [ecx+attributeOffset] |
950 | add edx, eax |
963 | add edx, eax |
951 | add edx, ecx ; edx -> data |
964 | add edx, ecx ; edx -> data |
952 | mov eax, [ebp+NTFS.cur_size] |
965 | mov eax, [ebp+NTFS.cur_size] |
953 | cmp eax, (0xFFFFFFFF shr 9)+1 |
966 | cmp eax, (0xFFFFFFFF shr 9)+1 |
Line 965... | Line 978... | ||
965 | mov eax, edx |
978 | mov eax, edx |
966 | mov ebx, [ebp+NTFS.cur_buf] |
979 | mov ebx, [ebp+NTFS.cur_buf] |
967 | call memmove |
980 | call memmove |
968 | and [ebp+NTFS.cur_size], 0 ; CF=0 |
981 | and [ebp+NTFS.cur_size], 0 ; CF=0 |
969 | ret |
982 | ret |
- | 983 | ||
970 | .nonresident: |
984 | .nonresident: |
971 | ; Not all auxiliary records contain correct FileSize info |
985 | ; Not all auxiliary records contain correct FileSize info |
972 | mov eax, dword [ebp+NTFS.attr_size] |
986 | mov eax, dword [ebp+NTFS.attr_size] |
973 | mov edx, dword [ebp+NTFS.attr_size+4] |
987 | mov edx, dword [ebp+NTFS.attr_size+4] |
974 | push eax |
988 | push eax |
975 | and eax, edx |
989 | and eax, edx |
976 | cmp eax, -1 |
990 | cmp eax, -1 |
977 | pop eax |
991 | pop eax |
978 | jnz @f |
992 | jnz @f |
979 | mov eax, [ecx+30h] ; FileSize |
993 | mov eax, [ecx+attributeRealSize] |
980 | mov edx, [ecx+34h] |
994 | mov edx, [ecx+attributeRealSize+4] |
981 | mov dword [ebp+NTFS.attr_size], eax |
995 | mov dword [ebp+NTFS.attr_size], eax |
982 | mov dword [ebp+NTFS.attr_size+4], edx |
996 | mov dword [ebp+NTFS.attr_size+4], edx |
983 | @@: |
997 | @@: |
984 | add eax, 0x1FF |
998 | add eax, 0x1FF |
985 | adc edx, 0 |
999 | adc edx, 0 |
Line 989... | Line 1003... | ||
989 | ; return with nothing read |
1003 | ; return with nothing read |
990 | and [ebp+NTFS.cur_size], 0 |
1004 | and [ebp+NTFS.cur_size], 0 |
991 | .okret: |
1005 | .okret: |
992 | clc |
1006 | clc |
993 | ret |
1007 | ret |
- | 1008 | ||
994 | @@: |
1009 | @@: |
995 | ; reduce read length |
1010 | ; reduce read length |
996 | and [ebp+NTFS.cur_tail], 0 |
1011 | and [ebp+NTFS.cur_tail], 0 |
997 | cmp [ebp+NTFS.cur_size], eax |
1012 | cmp [ebp+NTFS.cur_size], eax |
998 | jb @f |
1013 | jb @f |
Line 1004... | Line 1019... | ||
1004 | cmp [ebp+NTFS.cur_size], 0 |
1019 | cmp [ebp+NTFS.cur_size], 0 |
1005 | jz .okret |
1020 | jz .okret |
1006 | mov eax, [ebp+NTFS.cur_offs] |
1021 | mov eax, [ebp+NTFS.cur_offs] |
1007 | xor edx, edx |
1022 | xor edx, edx |
1008 | div [ebp+NTFS.sectors_per_cluster] |
1023 | div [ebp+NTFS.sectors_per_cluster] |
1009 | sub eax, [ecx+10h] ; first_vbo |
1024 | sub eax, [ecx+firstVCN] |
1010 | jb .okret |
1025 | jb .okret |
1011 | ; eax = cluster, edx = starting sector |
1026 | ; eax = cluster, edx = starting sector |
1012 | cmp [ebp+NTFS.cur_attr], 0x80 |
1027 | cmp [ebp+NTFS.cur_attr], 0x80 |
1013 | jnz .sys |
1028 | jnz .sys |
1014 | cmp [ebp+NTFS.cur_iRecord], 0 |
1029 | cmp [ebp+NTFS.cur_iRecord], 0 |
Line 1016... | Line 1031... | ||
1016 | push fs_read64_app |
1031 | push fs_read64_app |
1017 | cmp [ebp+NTFS.bWriteAttr], 1 |
1032 | cmp [ebp+NTFS.bWriteAttr], 1 |
1018 | jnz @f |
1033 | jnz @f |
1019 | mov dword[esp], fs_write64_app |
1034 | mov dword[esp], fs_write64_app |
1020 | jmp @f |
1035 | jmp @f |
- | 1036 | ||
1021 | .sys: |
1037 | .sys: |
1022 | push fs_read64_sys |
1038 | push fs_read64_sys |
1023 | @@: |
1039 | @@: |
1024 | sub esp, 10h |
1040 | sub esp, 10h |
1025 | movzx esi, word [ecx+20h] ; mcb_info_ofs |
1041 | movzx esi, word [ecx+dataRunsOffset] |
1026 | add esi, ecx |
1042 | add esi, ecx |
1027 | xor edi, edi |
1043 | xor edi, edi |
1028 | mov [ebp+NTFS.fragmentCount], 0 |
1044 | mov [ebp+NTFS.fragmentCount], 0 |
1029 | .readloop: |
1045 | .readloop: |
1030 | call ntfs_decode_mcb_entry |
1046 | call ntfs_decode_mcb_entry |
Line 1072... | Line 1088... | ||
1072 | sub eax, 0x200 |
1088 | sub eax, 0x200 |
1073 | add [ebp+NTFS.cur_read], eax |
1089 | add [ebp+NTFS.cur_read], eax |
1074 | @@: |
1090 | @@: |
1075 | clc |
1091 | clc |
1076 | ret |
1092 | ret |
- | 1093 | ||
1077 | .errread2: |
1094 | .errread2: |
1078 | pop ecx |
1095 | pop ecx |
1079 | add esp, 14h |
1096 | add esp, 14h |
1080 | stc |
1097 | stc |
1081 | ret |
1098 | ret |
- | 1099 | ||
1082 | .break: |
1100 | .break: |
1083 | add esp, 14h ; CF=0 |
1101 | add esp, 14h ; CF=0 |
1084 | mov [ebp+NTFS.bCanContinue], 1 |
1102 | mov [ebp+NTFS.bCanContinue], 1 |
1085 | ret |
1103 | ret |
Line 1140... | Line 1158... | ||
1140 | pop ebx |
1158 | pop ebx |
1141 | jc .errret |
1159 | jc .errret |
1142 | .ret: |
1160 | .ret: |
1143 | pop edx ecx |
1161 | pop edx ecx |
1144 | ret |
1162 | ret |
- | 1163 | ||
1145 | .errret: |
1164 | .errret: |
1146 | pop edx ecx |
1165 | pop edx ecx |
1147 | xor eax, eax |
1166 | xor eax, eax |
1148 | stc |
1167 | stc |
1149 | ret |
1168 | ret |
Line 1156... | Line 1175... | ||
1156 | ; eax = size in bytes |
1175 | ; eax = size in bytes |
1157 | pushad |
1176 | pushad |
1158 | shr eax, 9 |
1177 | shr eax, 9 |
1159 | mov ecx, eax |
1178 | mov ecx, eax |
1160 | inc eax |
1179 | inc eax |
1161 | cmp [ebx+6], ax |
1180 | cmp [ebx+updateSequenceSize], ax |
1162 | jnz .err |
1181 | jnz .err |
1163 | movzx eax, word [ebx+4] |
1182 | movzx eax, word [ebx+updateSequenceOffset] |
1164 | lea esi, [eax+ebx] |
1183 | lea esi, [eax+ebx] |
1165 | lodsw |
1184 | lodsw |
1166 | mov edx, eax |
1185 | mov edx, eax |
1167 | lea edi, [ebx+0x1FE] |
1186 | lea edi, [ebx+0x1FE] |
1168 | @@: |
1187 | @@: |
Line 1173... | Line 1192... | ||
1173 | add edi, 0x1FE |
1192 | add edi, 0x1FE |
1174 | loop @b |
1193 | loop @b |
1175 | popad |
1194 | popad |
1176 | clc |
1195 | clc |
1177 | ret |
1196 | ret |
- | 1197 | ||
1178 | .err: |
1198 | .err: |
1179 | popad |
1199 | popad |
1180 | stc |
1200 | stc |
1181 | ret |
1201 | ret |
Line 1243... | Line 1263... | ||
1243 | ; in: [esi]+[esp+4] = name |
1263 | ; in: [esi]+[esp+4] = name |
1244 | ; out: |
1264 | ; out: |
1245 | ; [ebp+NTFS.cur_iRecord] = number of MFT fileRecord |
1265 | ; [ebp+NTFS.cur_iRecord] = number of MFT fileRecord |
1246 | ; eax -> index in the parent index node |
1266 | ; eax -> index in the parent index node |
1247 | ; CF=1 -> file not found, eax=0 -> error |
1267 | ; CF=1 -> file not found, eax=0 -> error |
1248 | mov [ebp+NTFS.cur_iRecord], 5 ; start parse from root cluster |
1268 | mov [ebp+NTFS.cur_iRecord], 5 ; start from root directory |
1249 | .doit2: |
1269 | .doit2: |
1250 | mov [ebp+NTFS.cur_attr], 0x90 ; $INDEX_ROOT |
1270 | mov [ebp+NTFS.cur_attr], 0x90 ; $INDEX_ROOT |
1251 | and [ebp+NTFS.cur_offs], 0 |
1271 | and [ebp+NTFS.cur_offs], 0 |
1252 | mov eax, [ebp+NTFS.cur_index_size] |
1272 | mov eax, [ebp+NTFS.cur_index_size] |
1253 | mov [ebp+NTFS.cur_size], eax |
1273 | mov [ebp+NTFS.cur_size], eax |
1254 | mov eax, [ebp+NTFS.cur_index_buf] |
1274 | mov eax, [ebp+NTFS.cur_index_buf] |
1255 | mov [ebp+NTFS.cur_buf], eax |
1275 | mov [ebp+NTFS.cur_buf], eax |
1256 | call ntfs_read_attr |
1276 | call ntfs_read_attr |
1257 | mov eax, 0 |
1277 | mov eax, 0 |
1258 | jnc @f |
1278 | jc .ret |
1259 | .ret: |
- | |
1260 | ret 4 |
- | |
1261 | @@: |
- | |
1262 | cmp [ebp+NTFS.cur_read], 0x20 |
1279 | cmp [ebp+NTFS.cur_read], 0x20 |
1263 | jc .ret |
1280 | jc .ret |
1264 | pushad |
1281 | pushad |
1265 | mov esi, [ebp+NTFS.cur_index_buf] |
1282 | mov esi, [ebp+NTFS.cur_index_buf] |
1266 | mov eax, [esi+14h] |
- | |
1267 | add eax, 10h |
- | |
1268 | cmp [ebp+NTFS.cur_read], eax |
- | |
1269 | jae .readok1 |
- | |
1270 | add eax, 1FFh |
- | |
1271 | shr eax, 9 |
- | |
1272 | cmp eax, [ebp+NTFS.cur_index_size] |
- | |
1273 | ja @f |
- | |
1274 | .stc_ret: |
- | |
1275 | popad |
- | |
1276 | stc |
- | |
1277 | ret 4 |
- | |
1278 | @@: |
- | |
1279 | ; reallocate |
- | |
1280 | push eax |
- | |
1281 | stdcall kernel_free, [ebp+NTFS.cur_index_buf] |
- | |
1282 | pop eax |
- | |
1283 | mov [ebp+NTFS.cur_index_size], eax |
- | |
1284 | stdcall kernel_alloc, eax |
- | |
1285 | test eax, eax |
- | |
1286 | jnz @f |
- | |
1287 | and [ebp+NTFS.cur_index_size], 0 |
- | |
1288 | and [ebp+NTFS.cur_index_buf], 0 |
- | |
1289 | jmp .stc_ret |
- | |
1290 | @@: |
- | |
1291 | mov [ebp+NTFS.cur_index_buf], eax |
- | |
1292 | popad |
- | |
1293 | jmp .doit2 |
- | |
1294 | .readok1: |
- | |
1295 | mov edx, [esi+8] ; subnode_size |
1283 | mov edx, [esi+indexRecordSize] |
1296 | shr edx, 9 |
1284 | shr edx, 9 |
1297 | cmp edx, [ebp+NTFS.cur_index_size] |
1285 | cmp [ebp+NTFS.cur_index_size], edx |
1298 | jbe .ok2 |
- | |
1299 | push esi edx |
- | |
1300 | stdcall kernel_alloc, edx |
- | |
1301 | pop edx esi |
- | |
1302 | test eax, eax |
- | |
1303 | jz .stc_ret |
1286 | jc .realloc |
1304 | mov edi, eax |
1287 | add esi, rootNode |
1305 | mov ecx, [ebp+NTFS.cur_index_size] |
1288 | mov eax, [esi+nodeRealSize] |
1306 | shl ecx, 9-2 |
1289 | add eax, rootNode |
1307 | rep movsd |
- | |
1308 | mov esi, eax |
- | |
1309 | mov [ebp+NTFS.cur_index_size], edx |
1290 | cmp [ebp+NTFS.cur_read], eax |
1310 | push esi edx |
- | |
1311 | stdcall kernel_free, [ebp+NTFS.cur_index_buf] |
- | |
1312 | pop edx esi |
1291 | jc .err |
1313 | mov [ebp+NTFS.cur_index_buf], esi |
- | |
1314 | .ok2: |
- | |
1315 | add esi, 10h |
- | |
1316 | mov edi, [esp+4] |
1292 | mov edi, [esp+4] |
1317 | ; edi -> name, esi -> current index data, edx = subnode size |
1293 | ; edi -> name, esi -> current index node, edx = subnode size |
1318 | .scanloop: |
1294 | .scanloop: |
1319 | add esi, [esi] |
1295 | add esi, [esi+indexOffset] |
1320 | .scanloopint: |
1296 | .scanloopint: |
1321 | test byte [esi+0Ch], 2 |
1297 | test byte [esi+indexFlags], 2 |
1322 | jnz .subnode |
1298 | jnz .subnode |
1323 | push esi |
1299 | push esi |
1324 | add esi, 0x52 |
1300 | movzx ecx, byte [esi+fileNameLength] |
1325 | movzx ecx, byte [esi-2] |
1301 | add esi, fileName |
1326 | push edi |
1302 | push edi |
1327 | @@: |
1303 | @@: |
1328 | lodsw |
1304 | lodsw |
1329 | call unichar_toupper |
1305 | call unichar_toupper |
1330 | push eax |
1306 | push eax |
Line 1340... | Line 1316... | ||
1340 | jz .found |
1316 | jz .found |
1341 | pop edi |
1317 | pop edi |
1342 | pop esi |
1318 | pop esi |
1343 | jb .subnode |
1319 | jb .subnode |
1344 | .scanloopcont: |
1320 | .scanloopcont: |
1345 | movzx eax, word [esi+8] |
1321 | movzx eax, word [esi+indexAllocatedSize] |
1346 | add esi, eax |
1322 | add esi, eax |
1347 | jmp .scanloopint |
1323 | jmp .scanloopint |
- | 1324 | ||
- | 1325 | .realloc: |
|
- | 1326 | mov edi, edx |
|
- | 1327 | stdcall kernel_alloc, [esi+indexRecordSize] |
|
- | 1328 | test eax, eax |
|
- | 1329 | jz .err |
|
- | 1330 | push [ebp+NTFS.cur_index_buf] |
|
- | 1331 | mov [ebp+NTFS.cur_index_buf], eax |
|
- | 1332 | call kernel_free |
|
- | 1333 | mov [ebp+NTFS.cur_index_size], edi |
|
- | 1334 | popad |
|
- | 1335 | jmp .doit2 |
|
- | 1336 | ||
- | 1337 | .notfound: |
|
- | 1338 | mov [esp+1Ch], esi |
|
- | 1339 | .err: |
|
- | 1340 | popad |
|
- | 1341 | stc |
|
- | 1342 | .ret: |
|
- | 1343 | ret 4 |
|
- | 1344 | ||
1348 | .slash: |
1345 | .slash: |
1349 | pop eax |
1346 | pop eax |
1350 | pop edi |
1347 | pop edi |
1351 | pop esi |
1348 | pop esi |
1352 | .subnode: |
1349 | .subnode: |
1353 | test byte [esi+0Ch], 1 |
1350 | test byte [esi+indexFlags], 1 |
1354 | jz .notfound |
1351 | jz .notfound |
1355 | movzx eax, word [esi+8] |
1352 | movzx eax, word [esi+indexAllocatedSize] |
1356 | mov eax, [esi+eax-8] |
1353 | mov eax, [esi+eax-8] |
1357 | imul eax, [ebp+NTFS.sectors_per_cluster] |
1354 | imul eax, [ebp+NTFS.sectors_per_cluster] |
1358 | mov [ebp+NTFS.cur_offs], eax |
1355 | mov [ebp+NTFS.cur_offs], eax |
1359 | mov [ebp+NTFS.cur_attr], 0xA0 ; $INDEX_ALLOCATION |
1356 | mov [ebp+NTFS.cur_attr], 0xA0 ; $INDEX_ALLOCATION |
1360 | mov [ebp+NTFS.cur_size], edx |
1357 | mov [ebp+NTFS.cur_size], edx |
1361 | mov eax, [ebp+NTFS.cur_index_buf] |
1358 | mov eax, [ebp+NTFS.cur_index_buf] |
1362 | mov esi, eax |
1359 | mov esi, eax |
1363 | mov [ebp+NTFS.cur_buf], eax |
1360 | mov [ebp+NTFS.cur_buf], eax |
1364 | push edx |
- | |
1365 | call ntfs_read_attr |
1361 | call ntfs_read_attr.newAttribute |
1366 | pop edx |
- | |
1367 | mov eax, edx |
1362 | mov eax, edx |
1368 | shl eax, 9 |
1363 | shl eax, 9 |
1369 | cmp [ebp+NTFS.cur_read], eax |
1364 | cmp [ebp+NTFS.cur_read], eax |
1370 | jnz .err |
1365 | jnz .err |
1371 | cmp dword [esi], 'INDX' |
1366 | cmp dword [esi], 'INDX' |
1372 | jnz .err |
1367 | jnz .err |
1373 | mov [ebp+NTFS.cur_buf], esi |
1368 | mov [ebp+NTFS.cur_buf], esi |
1374 | mov ebx, esi |
1369 | mov ebx, esi |
1375 | call ntfs_restore_usa |
1370 | call ntfs_restore_usa |
1376 | jc .err |
1371 | jc .err |
1377 | add esi, 0x18 |
1372 | add esi, recordNode |
1378 | jmp .scanloop |
1373 | jmp .scanloop |
1379 | .notfound: |
- | |
1380 | mov [esp+1Ch], esi |
- | |
1381 | .err: |
1374 | |
1382 | popad |
- | |
1383 | stc |
- | |
1384 | ret 4 |
- | |
1385 | .found: |
1375 | .found: |
1386 | cmp byte [edi], 0 |
1376 | cmp byte [edi], 0 |
1387 | jz .done |
1377 | jz .done |
1388 | cmp byte [edi], '/' |
1378 | cmp byte [edi], '/' |
1389 | jz .next |
1379 | jz .next |
1390 | pop edi |
1380 | pop edi |
1391 | pop esi |
1381 | pop esi |
1392 | jmp .scanloopcont |
1382 | jmp .scanloopcont |
- | 1383 | ||
1393 | .done: |
1384 | .done: |
1394 | .next: |
1385 | .next: |
1395 | pop esi |
1386 | pop esi |
1396 | pop esi |
1387 | pop esi |
1397 | mov eax, [esi] |
1388 | mov eax, [esi] |
Line 1401... | Line 1392... | ||
1401 | popad |
1392 | popad |
1402 | inc esi |
1393 | inc esi |
1403 | cmp byte [esi-1], 0 |
1394 | cmp byte [esi-1], 0 |
1404 | jnz .doit2 |
1395 | jnz .doit2 |
1405 | cmp dword [esp+4], 0 |
1396 | cmp dword [esp+4], 0 |
1406 | jz @f |
1397 | jz .ret |
1407 | mov esi, [esp+4] |
1398 | mov esi, [esp+4] |
1408 | mov dword [esp+4], 0 |
1399 | mov dword [esp+4], 0 |
1409 | jmp .doit2 |
1400 | jmp .doit2 |
1410 | @@: |
- | |
1411 | ret 4 |
- | |
Line 1412... | Line 1401... | ||
1412 | 1401 | ||
1413 | ;---------------------------------------------------------------- |
1402 | ;---------------------------------------------------------------- |
1414 | ntfs_ReadFile: |
1403 | ntfs_ReadFile: |
1415 | cmp byte [esi], 0 |
1404 | cmp byte [esi], 0 |
1416 | jnz @f |
1405 | jnz @f |
1417 | or ebx, -1 |
1406 | or ebx, -1 |
1418 | movi eax, ERROR_ACCESS_DENIED |
1407 | movi eax, ERROR_ACCESS_DENIED |
- | 1408 | ret |
|
1419 | ret |
1409 | |
1420 | @@: |
1410 | @@: |
1421 | call ntfs_lock |
1411 | call ntfs_lock |
1422 | stdcall ntfs_find_lfn, [esp+4] |
1412 | stdcall ntfs_find_lfn, [esp+4] |
1423 | jnc .found |
1413 | jnc .found |
1424 | call ntfs_unlock |
1414 | call ntfs_unlock |
1425 | or ebx, -1 |
1415 | or ebx, -1 |
1426 | movi eax, ERROR_FILE_NOT_FOUND |
1416 | movi eax, ERROR_FILE_NOT_FOUND |
- | 1417 | ret |
|
1427 | ret |
1418 | |
1428 | .found: |
1419 | .found: |
1429 | mov [ebp+NTFS.cur_attr], 0x80 ; $DATA |
1420 | mov [ebp+NTFS.cur_attr], 0x80 ; $DATA |
1430 | and [ebp+NTFS.cur_offs], 0 |
1421 | and [ebp+NTFS.cur_offs], 0 |
1431 | and [ebp+NTFS.cur_size], 0 |
1422 | and [ebp+NTFS.cur_size], 0 |
1432 | call ntfs_read_attr |
1423 | call ntfs_read_attr |
1433 | jnc @f |
1424 | jnc @f |
1434 | call ntfs_unlock |
1425 | call ntfs_unlock |
1435 | or ebx, -1 |
1426 | or ebx, -1 |
1436 | movi eax, ERROR_ACCESS_DENIED |
1427 | movi eax, ERROR_ACCESS_DENIED |
- | 1428 | ret |
|
1437 | ret |
1429 | |
1438 | @@: |
1430 | @@: |
1439 | pushad |
1431 | pushad |
1440 | and dword [esp+10h], 0 |
1432 | and dword [esp+10h], 0 |
1441 | xor eax, eax |
1433 | xor eax, eax |
1442 | cmp dword [ebx+8], 0x200 |
1434 | cmp dword [ebx+8], 0x200 |
1443 | jb @f |
1435 | jb @f |
1444 | .eof0: |
1436 | .eof0: |
1445 | popad |
1437 | popad |
1446 | xor ebx, ebx |
1438 | xor ebx, ebx |
1447 | .eof: |
- | |
1448 | push ERROR_END_OF_FILE |
1439 | .eof: |
1449 | call ntfs_unlock |
1440 | call ntfs_unlock |
1450 | pop eax |
1441 | movi eax, ERROR_END_OF_FILE |
- | 1442 | ret |
|
1451 | ret |
1443 | |
1452 | @@: |
1444 | @@: |
1453 | mov ecx, [ebx+12] |
1445 | mov ecx, [ebx+12] |
1454 | mov edx, [ebx+16] |
1446 | mov edx, [ebx+16] |
1455 | mov eax, [ebx+4] |
1447 | mov eax, [ebx+4] |
Line 1485... | Line 1477... | ||
1485 | .retok: |
1477 | .retok: |
1486 | popad |
1478 | popad |
1487 | call ntfs_unlock |
1479 | call ntfs_unlock |
1488 | xor eax, eax |
1480 | xor eax, eax |
1489 | ret |
1481 | ret |
- | 1482 | ||
1490 | @@: |
1483 | @@: |
1491 | cmp [ebp+NTFS.cur_read], 0x200 |
1484 | cmp [ebp+NTFS.cur_read], 0x200 |
1492 | jz .alignedstart |
1485 | jz .alignedstart |
1493 | .eof_ebx: |
1486 | .eof_ebx: |
1494 | popad |
1487 | popad |
1495 | jmp .eof |
1488 | jmp .eof |
- | 1489 | ||
1496 | .alignedstart: |
1490 | .alignedstart: |
1497 | mov eax, [ebx+4] |
1491 | mov eax, [ebx+4] |
1498 | push edx |
1492 | push edx |
1499 | mov edx, [ebx+8] |
1493 | mov edx, [ebx+8] |
1500 | add eax, 511 |
1494 | add eax, 511 |
Line 1545... | Line 1539... | ||
1545 | ret |
1539 | ret |
Line 1546... | Line 1540... | ||
1546 | 1540 | ||
1547 | ;---------------------------------------------------------------- |
1541 | ;---------------------------------------------------------------- |
1548 | ntfs_ReadFolder: |
1542 | ntfs_ReadFolder: |
1549 | call ntfs_lock |
1543 | call ntfs_lock |
1550 | mov eax, 5 ; root cluster |
1544 | mov [ebp+NTFS.cur_iRecord], 5 ; root directory |
1551 | cmp byte [esi], 0 |
1545 | cmp byte [esi], 0 |
1552 | jz .doit |
1546 | jz @f |
1553 | stdcall ntfs_find_lfn, [esp+4] |
- | |
1554 | jnc .doit2 |
- | |
1555 | .notfound: |
- | |
1556 | or ebx, -1 |
- | |
1557 | push ERROR_FILE_NOT_FOUND |
- | |
1558 | .pop_ret: |
1547 | stdcall ntfs_find_lfn, [esp+4] |
1559 | call ntfs_unlock |
- | |
1560 | pop eax |
- | |
1561 | ret |
1548 | jc ntfsNotFound |
1562 | .doit: |
- | |
1563 | mov [ebp+NTFS.cur_iRecord], eax |
- | |
1564 | .doit2: |
1549 | @@: |
1565 | mov [ebp+NTFS.cur_attr], 0x10 ; $STANDARD_INFORMATION |
1550 | mov [ebp+NTFS.cur_attr], 0x10 ; $STANDARD_INFORMATION |
1566 | and [ebp+NTFS.cur_offs], 0 |
1551 | and [ebp+NTFS.cur_offs], 0 |
1567 | mov [ebp+NTFS.cur_size], 1 |
1552 | mov [ebp+NTFS.cur_size], 1 |
1568 | lea eax, [ebp+NTFS.bitmap_buf] |
1553 | lea eax, [ebp+NTFS.bitmap_buf] |
1569 | mov [ebp+NTFS.cur_buf], eax |
1554 | mov [ebp+NTFS.cur_buf], eax |
1570 | call ntfs_read_attr |
1555 | call ntfs_read_attr |
1571 | jc .notfound |
1556 | jc ntfsFail |
1572 | mov [ebp+NTFS.cur_attr], 0x90 ; $INDEX_ROOT |
1557 | mov [ebp+NTFS.cur_attr], 0x90 ; $INDEX_ROOT |
1573 | and [ebp+NTFS.cur_offs], 0 |
1558 | .doit: |
1574 | mov eax, [ebp+NTFS.cur_index_size] |
1559 | mov eax, [ebp+NTFS.cur_index_size] |
1575 | mov [ebp+NTFS.cur_size], eax |
1560 | mov [ebp+NTFS.cur_size], eax |
1576 | mov eax, [ebp+NTFS.cur_index_buf] |
1561 | mov eax, [ebp+NTFS.cur_index_buf] |
1577 | mov [ebp+NTFS.cur_buf], eax |
1562 | mov [ebp+NTFS.cur_buf], eax |
1578 | call ntfs_read_attr |
- | |
1579 | jnc .ok |
- | |
1580 | test eax, eax |
1563 | call ntfs_read_attr.newAttribute |
1581 | jz .notfound |
- | |
1582 | or ebx, -1 |
- | |
1583 | push ERROR_DEVICE |
- | |
1584 | jmp .pop_ret |
- | |
1585 | .ok: |
1564 | jc ntfsFail |
1586 | cmp [ebp+NTFS.cur_read], 0x20 |
- | |
1587 | jae @f |
- | |
1588 | or ebx, -1 |
- | |
1589 | .fserr: |
- | |
1590 | push ERROR_FAT_TABLE |
1565 | cmp [ebp+NTFS.cur_read], 0x20 |
1591 | jmp .pop_ret |
- | |
1592 | @@: |
1566 | jc ntfsFail |
1593 | pushad |
1567 | pushad |
1594 | mov esi, [ebp+NTFS.cur_index_buf] |
- | |
1595 | mov eax, [esi+14h] |
- | |
1596 | add eax, 10h |
- | |
1597 | cmp [ebp+NTFS.cur_read], eax |
- | |
1598 | jae .readok1 |
- | |
1599 | add eax, 1FFh |
- | |
1600 | shr eax, 9 |
- | |
1601 | cmp eax, [ebp+NTFS.cur_index_size] |
- | |
1602 | ja @f |
- | |
1603 | popad |
- | |
1604 | jmp .fserr |
- | |
1605 | @@: |
- | |
1606 | ; reallocate |
- | |
1607 | push eax |
- | |
1608 | stdcall kernel_free, [ebp+NTFS.cur_index_buf] |
- | |
1609 | pop eax |
- | |
1610 | mov [ebp+NTFS.cur_index_size], eax |
- | |
1611 | stdcall kernel_alloc, eax |
- | |
1612 | test eax, eax |
- | |
1613 | jnz @f |
- | |
1614 | and [ebp+NTFS.cur_index_size], 0 |
- | |
1615 | and [ebp+NTFS.cur_index_buf], 0 |
- | |
1616 | .nomem: |
- | |
1617 | call ntfs_unlock |
- | |
1618 | popad |
- | |
1619 | or ebx, -1 |
- | |
1620 | movi eax, ERROR_OUT_OF_MEMORY |
- | |
1621 | ret |
- | |
1622 | @@: |
- | |
1623 | mov [ebp+NTFS.cur_index_buf], eax |
- | |
1624 | popad |
- | |
1625 | jmp .doit2 |
- | |
1626 | .readok1: |
1568 | mov esi, [ebp+NTFS.cur_index_buf] |
1627 | mov edx, [esi+8] ; subnode_size |
1569 | mov edx, [esi+indexRecordSize] |
- | 1570 | shr edx, 9 |
|
- | 1571 | cmp [ebp+NTFS.cur_index_size], edx |
|
1628 | shr edx, 9 |
1572 | jc .realloc |
1629 | mov [ebp+NTFS.cur_subnode_size], edx |
- | |
1630 | cmp edx, [ebp+NTFS.cur_index_size] |
- | |
1631 | jbe .ok2 |
- | |
1632 | push esi edx |
- | |
1633 | stdcall kernel_alloc, edx |
- | |
1634 | pop edx esi |
- | |
1635 | test eax, eax |
- | |
1636 | jz .nomem |
1573 | mov [ebp+NTFS.cur_subnode_size], edx |
1637 | mov edi, eax |
1574 | add esi, rootNode |
1638 | mov ecx, [ebp+NTFS.cur_index_size] |
1575 | mov eax, [esi+nodeRealSize] |
1639 | shl ecx, 9-2 |
- | |
1640 | rep movsd |
- | |
1641 | mov esi, eax |
1576 | add eax, rootNode |
1642 | mov [ebp+NTFS.cur_index_size], edx |
- | |
1643 | stdcall kernel_free, [ebp+NTFS.cur_index_buf] |
- | |
1644 | mov [ebp+NTFS.cur_index_buf], esi |
- | |
1645 | .ok2: |
1577 | cmp [ebp+NTFS.cur_read], eax |
1646 | add esi, 10h |
1578 | jc .err |
1647 | mov edx, [ebx+16] |
1579 | mov edx, [ebx+16] |
1648 | push dword [ebx+8] ; read ANSI/UNICODE name |
1580 | push dword [ebx+8] ; read ANSI/UNICODE name |
1649 | ; init header |
1581 | ; init header |
1650 | mov edi, edx |
1582 | mov edi, edx |
Line 1668... | Line 1600... | ||
1668 | inc esi |
1600 | inc esi |
1669 | call .add_special_entry |
1601 | call .add_special_entry |
1670 | pop esi |
1602 | pop esi |
1671 | .skip_specials: |
1603 | .skip_specials: |
1672 | ; at first, dump index root |
1604 | ; at first, dump index root |
1673 | add esi, [esi] |
1605 | add esi, [esi+indexOffset] |
1674 | .dump_root: |
1606 | .dump_root: |
1675 | test byte [esi+0Ch], 2 |
1607 | test byte [esi+indexFlags], 2 |
1676 | jnz .dump_root_done |
1608 | jnz .dump_root_done |
1677 | call .add_entry |
1609 | call .add_entry |
1678 | movzx eax, word [esi+8] |
1610 | movzx eax, word [esi+indexAllocatedSize] |
1679 | add esi, eax |
1611 | add esi, eax |
1680 | jmp .dump_root |
1612 | jmp .dump_root |
- | 1613 | ||
- | 1614 | .realloc: |
|
- | 1615 | mov edi, edx |
|
- | 1616 | stdcall kernel_alloc, [esi+indexRecordSize] |
|
- | 1617 | test eax, eax |
|
- | 1618 | jz .err |
|
- | 1619 | push [ebp+NTFS.cur_index_buf] |
|
- | 1620 | mov [ebp+NTFS.cur_index_buf], eax |
|
- | 1621 | call kernel_free |
|
- | 1622 | mov [ebp+NTFS.cur_index_size], edi |
|
- | 1623 | popad |
|
- | 1624 | jmp .doit |
|
- | 1625 | ||
- | 1626 | .err: |
|
- | 1627 | popad |
|
- | 1628 | jmp ntfsFail |
|
- | 1629 | ||
1681 | .dump_root_done: |
1630 | .dump_root_done: |
1682 | ; now dump all subnodes |
1631 | ; now dump all subnodes |
1683 | push ecx edi |
1632 | push ecx edi |
1684 | lea edi, [ebp+NTFS.bitmap_buf] |
1633 | lea edi, [ebp+NTFS.bitmap_buf] |
1685 | mov [ebp+NTFS.cur_buf], edi |
1634 | mov [ebp+NTFS.cur_buf], edi |
Line 1687... | Line 1636... | ||
1687 | xor eax, eax |
1636 | xor eax, eax |
1688 | rep stosd |
1637 | rep stosd |
1689 | mov [ebp+NTFS.cur_attr], 0xB0 ; $BITMAP |
1638 | mov [ebp+NTFS.cur_attr], 0xB0 ; $BITMAP |
1690 | and [ebp+NTFS.cur_offs], 0 |
1639 | and [ebp+NTFS.cur_offs], 0 |
1691 | mov [ebp+NTFS.cur_size], 2 |
1640 | mov [ebp+NTFS.cur_size], 2 |
1692 | call ntfs_read_attr |
1641 | call ntfs_read_attr.newAttribute |
1693 | pop edi ecx |
1642 | pop edi ecx |
1694 | push 0 ; save offset in $BITMAP attribute |
1643 | push 0 ; save offset in $BITMAP attribute |
1695 | and [ebp+NTFS.cur_offs], 0 |
1644 | and [ebp+NTFS.cur_offs], 0 |
1696 | .dumploop: |
1645 | .dumploop: |
1697 | mov [ebp+NTFS.cur_attr], 0xA0 |
1646 | mov [ebp+NTFS.cur_attr], 0xA0 |
1698 | mov eax, [ebp+NTFS.cur_subnode_size] |
1647 | mov eax, [ebp+NTFS.cur_subnode_size] |
1699 | mov [ebp+NTFS.cur_size], eax |
1648 | mov [ebp+NTFS.cur_size], eax |
1700 | mov eax, [ebp+NTFS.cur_index_buf] |
1649 | mov esi, [ebp+NTFS.cur_index_buf] |
1701 | mov esi, eax |
- | |
1702 | mov [ebp+NTFS.cur_buf], eax |
1650 | mov [ebp+NTFS.cur_buf], esi |
1703 | push [ebp+NTFS.cur_offs] |
- | |
1704 | mov eax, [ebp+NTFS.cur_offs] |
1651 | mov eax, [ebp+NTFS.cur_offs] |
- | 1652 | push eax |
|
1705 | imul eax, [ebp+NTFS.cur_subnode_size] |
1653 | imul eax, [ebp+NTFS.cur_subnode_size] |
1706 | mov [ebp+NTFS.cur_offs], eax |
1654 | mov [ebp+NTFS.cur_offs], eax |
1707 | call ntfs_read_attr |
1655 | call ntfs_read_attr.newAttribute |
1708 | pop [ebp+NTFS.cur_offs] |
1656 | pop [ebp+NTFS.cur_offs] |
1709 | mov eax, [ebp+NTFS.cur_subnode_size] |
1657 | mov eax, [ebp+NTFS.cur_subnode_size] |
1710 | shl eax, 9 |
1658 | shl eax, 9 |
1711 | cmp [ebp+NTFS.cur_read], eax |
1659 | cmp [ebp+NTFS.cur_read], eax |
1712 | jnz .done |
1660 | jnz .done |
Line 1721... | Line 1669... | ||
1721 | push ebx |
1669 | push ebx |
1722 | mov ebx, esi |
1670 | mov ebx, esi |
1723 | call ntfs_restore_usa |
1671 | call ntfs_restore_usa |
1724 | pop ebx |
1672 | pop ebx |
1725 | jc .dump_subnode_done |
1673 | jc .dump_subnode_done |
1726 | add esi, 0x18 |
1674 | add esi, recordNode |
1727 | add esi, [esi] |
1675 | add esi, [esi+indexOffset] |
1728 | .dump_subnode: |
1676 | .dump_subnode: |
1729 | test byte [esi+0Ch], 2 |
1677 | test byte [esi+indexFlags], 2 |
1730 | jnz .dump_subnode_done |
1678 | jnz .dump_subnode_done |
1731 | call .add_entry |
1679 | call .add_entry |
1732 | movzx eax, word [esi+8] |
1680 | movzx eax, word [esi+indexAllocatedSize] |
1733 | add esi, eax |
1681 | add esi, eax |
1734 | jmp .dump_subnode |
1682 | jmp .dump_subnode |
- | 1683 | ||
1735 | .dump_subnode_done: |
1684 | .dump_subnode_done: |
1736 | inc [ebp+NTFS.cur_offs] |
1685 | inc [ebp+NTFS.cur_offs] |
1737 | test [ebp+NTFS.cur_offs], 0x400*8-1 |
1686 | test [ebp+NTFS.cur_offs], 0x400*8-1 |
1738 | jnz .dumploop |
1687 | jnz .dumploop |
1739 | mov [ebp+NTFS.cur_attr], 0xB0 |
1688 | mov [ebp+NTFS.cur_attr], 0xB0 |
Line 1748... | Line 1697... | ||
1748 | push [ebp+NTFS.cur_offs] |
1697 | push [ebp+NTFS.cur_offs] |
1749 | inc eax |
1698 | inc eax |
1750 | mov [ebp+NTFS.cur_offs], eax |
1699 | mov [ebp+NTFS.cur_offs], eax |
1751 | mov [ebp+NTFS.cur_size], 2 |
1700 | mov [ebp+NTFS.cur_size], 2 |
1752 | push eax |
1701 | push eax |
1753 | call ntfs_read_attr |
1702 | call ntfs_read_attr.newAttribute |
1754 | pop eax |
1703 | pop eax |
1755 | pop [ebp+NTFS.cur_offs] |
1704 | pop [ebp+NTFS.cur_offs] |
1756 | push eax |
1705 | push eax |
1757 | jmp .dumploop |
1706 | jmp .dumploop |
- | 1707 | ||
1758 | .done: |
1708 | .done: |
1759 | pop eax |
1709 | pop eax |
1760 | pop edx |
1710 | pop edx |
1761 | mov ebx, [edx+4] |
1711 | mov ebx, [edx+4] |
1762 | pop edx |
1712 | pop edx |
Line 1779... | Line 1729... | ||
1779 | dec ecx |
1729 | dec ecx |
1780 | js .ret |
1730 | js .ret |
1781 | inc dword [eax+4] ; new file block copied |
1731 | inc dword [eax+4] ; new file block copied |
1782 | mov eax, [edx+4] |
1732 | mov eax, [edx+4] |
1783 | mov [edi+4], eax |
1733 | mov [edi+4], eax |
1784 | ; mov eax, dword [bitmap_buf+0x20] |
- | |
1785 | ; or al, 0x10 |
- | |
1786 | mov eax, 0x10 |
1734 | mov eax, 0x10 |
1787 | stosd |
1735 | stosd |
1788 | scasd |
1736 | scasd |
1789 | push edx |
1737 | push edx |
1790 | mov eax, dword [ebp+NTFS.bitmap_buf] |
1738 | mov eax, dword [ebp+NTFS.bitmap_buf] |
Line 1810... | Line 1758... | ||
1810 | xor eax, eax |
1758 | xor eax, eax |
1811 | stosw |
1759 | stosw |
1812 | pop edi |
1760 | pop edi |
1813 | add edi, 520 |
1761 | add edi, 520 |
1814 | ret |
1762 | ret |
- | 1763 | ||
1815 | @@: |
1764 | @@: |
1816 | rep stosb |
1765 | rep stosb |
1817 | pop ecx |
1766 | pop ecx |
1818 | xor eax, eax |
1767 | xor eax, eax |
1819 | stosb |
1768 | stosb |
Line 1822... | Line 1771... | ||
1822 | .ret: |
1771 | .ret: |
1823 | ret |
1772 | ret |
Line 1824... | Line 1773... | ||
1824 | 1773 | ||
1825 | .add_entry: |
1774 | .add_entry: |
1826 | ; do not return DOS 8.3 names |
1775 | ; do not return DOS 8.3 names |
1827 | cmp byte [esi+0x51], 2 |
1776 | cmp byte [esi+namespace], 2 |
1828 | jz .ret |
1777 | jz .ret |
1829 | ; do not return system files |
1778 | ; do not return system files |
1830 | ; ... note that there will be no bad effects if system files also were reported ... |
1779 | ; ... note that there will be no bad effects if system files also were reported ... |
1831 | cmp dword [esi], 0x10 |
1780 | cmp dword [esi+fileRecordReference], 0x10 |
1832 | jb .ret |
1781 | jb .ret |
1833 | mov eax, [edx] |
1782 | mov eax, [edx] |
1834 | inc dword [eax+8] ; new file found |
1783 | inc dword [eax+8] ; new file found |
1835 | dec ebx |
1784 | dec ebx |
Line 1838... | Line 1787... | ||
1838 | js .ret |
1787 | js .ret |
1839 | inc dword [eax+4] ; new file block copied |
1788 | inc dword [eax+4] ; new file block copied |
1840 | mov eax, [edx+4] ; flags |
1789 | mov eax, [edx+4] ; flags |
1841 | call ntfs_direntry_to_bdfe |
1790 | call ntfs_direntry_to_bdfe |
1842 | push ecx esi edi |
1791 | push ecx esi edi |
1843 | movzx ecx, byte [esi+0x50] |
1792 | movzx ecx, byte [esi+fileNameLength] |
1844 | add esi, 0x52 |
1793 | add esi, fileName |
1845 | test byte [edi-0x24], 1 |
1794 | test byte [edi-0x24], 1 |
1846 | jz .ansi |
1795 | jz .ansi |
1847 | shr ecx, 1 |
1796 | shr ecx, 1 |
1848 | rep movsd |
1797 | rep movsd |
1849 | adc ecx, ecx |
1798 | adc ecx, ecx |
Line 1851... | Line 1800... | ||
1851 | and word [edi], 0 |
1800 | and word [edi], 0 |
1852 | pop edi |
1801 | pop edi |
1853 | add edi, 520 |
1802 | add edi, 520 |
1854 | pop esi ecx |
1803 | pop esi ecx |
1855 | ret |
1804 | ret |
- | 1805 | ||
1856 | .ansi: |
1806 | .ansi: |
1857 | jecxz .skip |
1807 | jecxz .skip |
1858 | @@: |
1808 | @@: |
1859 | lodsw |
1809 | lodsw |
1860 | call uni2ansi_char |
1810 | call uni2ansi_char |
Line 1868... | Line 1818... | ||
1868 | pop esi ecx |
1818 | pop esi ecx |
1869 | ret |
1819 | ret |
Line 1870... | Line 1820... | ||
1870 | 1820 | ||
1871 | ntfs_direntry_to_bdfe: |
1821 | ntfs_direntry_to_bdfe: |
1872 | mov [edi+4], eax ; ANSI/UNICODE name |
1822 | mov [edi+4], eax ; ANSI/UNICODE name |
1873 | mov eax, [esi+48h] |
1823 | mov eax, [esi+fileFlags] |
1874 | test eax, 0x10000000 |
1824 | test eax, 0x10000000 |
1875 | jz @f |
1825 | jz @f |
1876 | and eax, not 0x10000000 |
1826 | and eax, not 0x10000000 |
1877 | or al, 0x10 |
1827 | or al, 0x10 |
1878 | @@: |
1828 | @@: |
1879 | stosd |
1829 | stosd |
1880 | scasd |
1830 | scasd |
1881 | push edx |
1831 | push edx |
1882 | mov eax, [esi+0x18] |
1832 | mov eax, [esi+fileCreated] |
1883 | mov edx, [esi+0x1C] |
1833 | mov edx, [esi+fileCreated+4] |
1884 | call ntfs_datetime_to_bdfe |
1834 | call ntfs_datetime_to_bdfe |
1885 | mov eax, [esi+0x30] |
1835 | mov eax, [esi+fileAccessed] |
1886 | mov edx, [esi+0x34] |
1836 | mov edx, [esi+fileAccessed+4] |
1887 | call ntfs_datetime_to_bdfe |
1837 | call ntfs_datetime_to_bdfe |
1888 | mov eax, [esi+0x20] |
1838 | mov eax, [esi+fileModified] |
1889 | mov edx, [esi+0x24] |
1839 | mov edx, [esi+fileModified+4] |
1890 | call ntfs_datetime_to_bdfe |
1840 | call ntfs_datetime_to_bdfe |
1891 | pop edx |
1841 | pop edx |
1892 | mov eax, [esi+0x40] |
1842 | mov eax, [esi+fileRealSize] |
1893 | stosd |
1843 | stosd |
1894 | mov eax, [esi+0x44] |
1844 | mov eax, [esi+fileRealSize+4] |
1895 | stosd |
1845 | stosd |
Line 1896... | Line 1846... | ||
1896 | ret |
1846 | ret |
1897 | - | ||
1898 | iglobal |
- | |
1899 | _24 dd 24 |
- | |
1900 | _60 dd 60 |
- | |
1901 | _10000000 dd 10000000 |
- | |
1902 | days400year dd 365*400+100-4+1 |
- | |
1903 | days100year dd 365*100+25-1 |
- | |
1904 | days4year dd 365*4+1 |
1847 | |
1905 | days1year dd 365 |
1848 | iglobal |
1906 | months dd 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 |
- | |
1907 | months2 dd 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 |
- | |
1908 | _400 dd 400 |
1849 | months db 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 |
Line 1909... | Line 1850... | ||
1909 | _100 dd 100 |
1850 | months2 db 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 |
1910 | endg |
1851 | endg |
1911 | 1852 | ||
- | 1853 | ntfs_datetime_to_bdfe: |
|
1912 | ntfs_datetime_to_bdfe: |
1854 | ; edx:eax = number of 100-nanosecond intervals since January 1, 1601, in UTC |
1913 | ; edx:eax = number of 100-nanosecond intervals since January 1, 1601, in UTC |
1855 | push ebx ecx |
1914 | push eax |
1856 | mov ebx, eax |
1915 | mov eax, edx |
1857 | mov eax, edx |
1916 | xor edx, edx |
1858 | xor edx, edx |
1917 | div [_10000000] |
1859 | mov ecx, 10000000 |
1918 | xchg eax, [esp] |
1860 | div ecx |
1919 | div [_10000000] |
- | |
1920 | pop edx |
- | |
1921 | .sec: |
1861 | xchg eax, ebx |
1922 | ; edx:eax = number of seconds since January 1, 1601 |
1862 | div ecx |
- | 1863 | .forEXT: |
|
1923 | push eax |
1864 | xchg eax, ebx |
1924 | mov eax, edx |
1865 | xor edx, edx |
1925 | xor edx, edx |
1866 | mov ecx, 60 |
1926 | div [_60] |
1867 | div ecx |
1927 | xchg eax, [esp] |
1868 | xchg eax, ebx |
1928 | div [_60] |
1869 | div ecx |
1929 | mov [edi], dl |
1870 | mov [edi], dl |
1930 | pop edx |
1871 | mov edx, ebx |
1931 | ; edx:eax = number of minutes |
1872 | ; edx:eax = number of minutes |
1932 | div [_60] |
1873 | div ecx |
1933 | mov [edi+1], dl |
1874 | mov [edi+1], dl |
1934 | ; eax = number of hours (note that 2^64/(10^7*60*60) < 2^32) |
1875 | ; eax = number of hours |
1935 | xor edx, edx |
1876 | xor edx, edx |
1936 | div [_24] |
1877 | mov cl, 24 |
1937 | mov [edi+2], dl |
1878 | div ecx |
1938 | mov [edi+3], byte 0 |
- | |
1939 | ; eax = number of days since January 1, 1601 |
1879 | mov [edi+2], dx |
1940 | xor edx, edx |
1880 | ; eax = number of days since January 1, 1601 |
1941 | div [days400year] |
1881 | xor edx, edx |
1942 | imul eax, 400 |
1882 | mov cx, 365 |
1943 | add eax, 1601 |
1883 | div ecx |
1944 | mov [edi+6], ax |
1884 | mov ebx, eax |
1945 | mov eax, edx |
1885 | add ebx, 1601 |
1946 | xor edx, edx |
- | |
1947 | div [days100year] |
1886 | shr eax, 2 |
1948 | cmp al, 4 |
- | |
1949 | jnz @f |
- | |
1950 | dec eax |
1887 | sub edx, eax |
1951 | add edx, [days100year] |
1888 | mov cl, 25 |
1952 | @@: |
1889 | div cl |
1953 | imul eax, 100 |
1890 | xor ah, ah |
1954 | add [edi+6], ax |
- | |
1955 | mov eax, edx |
1891 | add edx, eax |
1956 | xor edx, edx |
- | |
1957 | div [days4year] |
1892 | shr eax, 2 |
1958 | shl eax, 2 |
1893 | sub edx, eax |
1959 | add [edi+6], ax |
- | |
1960 | mov eax, edx |
1894 | jns @f |
1961 | xor edx, edx |
1895 | dec ebx |
1962 | div [days1year] |
1896 | add edx, 365 |
1963 | cmp al, 4 |
- | |
1964 | jnz @f |
1897 | test bl, 3 |
1965 | dec eax |
- | |
1966 | add edx, [days1year] |
- | |
1967 | @@: |
- | |
1968 | add [edi+6], ax |
- | |
1969 | push esi edx |
- | |
1970 | mov esi, months |
- | |
1971 | movzx eax, word [edi+6] |
- | |
1972 | test al, 3 |
- | |
1973 | jnz .noleap |
- | |
1974 | xor edx, edx |
- | |
1975 | push eax |
- | |
1976 | div [_400] |
- | |
1977 | pop eax |
- | |
1978 | test edx, edx |
- | |
1979 | jz .leap |
- | |
1980 | xor edx, edx |
- | |
1981 | div [_100] |
- | |
1982 | test edx, edx |
- | |
1983 | jz .noleap |
- | |
1984 | .leap: |
- | |
1985 | mov esi, months2 |
1898 | jnz @f |
- | 1899 | inc edx |
|
- | 1900 | @@: |
|
1986 | .noleap: |
1901 | xor eax, eax |
- | 1902 | mov ecx, months-1 |
|
1987 | pop edx |
1903 | test bl, 3 |
1988 | xor eax, eax |
- | |
1989 | inc eax |
1904 | jnz @f |
1990 | @@: |
- | |
1991 | sub edx, [esi] |
1905 | add ecx, 12 |
- | 1906 | @@: |
|
1992 | jb @f |
1907 | inc ecx |
1993 | add esi, 4 |
- | |
1994 | inc eax |
1908 | inc eax |
1995 | jmp @b |
1909 | sub dl, [ecx] |
- | 1910 | jnc @b |
|
1996 | @@: |
1911 | dec dh |
1997 | add edx, [esi] |
1912 | jns @b |
1998 | pop esi |
1913 | add dl, [ecx] |
- | 1914 | inc edx |
|
1999 | inc edx |
1915 | mov [edi+4], dl |
- | 1916 | mov [edi+5], al |
|
2000 | mov [edi+4], dl |
1917 | mov [edi+6], bx |
Line -... | Line 1918... | ||
- | 1918 | add edi, 8 |
|
- | 1919 | pop ecx ebx |
|
- | 1920 | ret |
|
- | 1921 | ||
- | 1922 | .sec: |
|
2001 | mov [edi+5], al |
1923 | push ebx ecx |
2002 | add edi, 8 |
1924 | mov ebx, edx |
2003 | ret |
1925 | jmp .forEXT |
2004 | 1926 | ||
Line 2013... | Line 1935... | ||
2013 | cmp byte [esi], 0 |
1935 | cmp byte [esi], 0 |
2014 | jnz @f |
1936 | jnz @f |
2015 | xor ebx, ebx |
1937 | xor ebx, ebx |
2016 | movi eax, ERROR_ACCESS_DENIED |
1938 | movi eax, ERROR_ACCESS_DENIED |
2017 | ret |
1939 | ret |
- | 1940 | ||
2018 | @@: ; 1. Search file |
1941 | @@: ; 1. Search file |
2019 | call ntfs_lock |
1942 | call ntfs_lock |
2020 | stdcall ntfs_find_lfn, [esp+4] |
1943 | stdcall ntfs_find_lfn, [esp+4] |
2021 | jc .notFound |
1944 | jc .notFound |
2022 | ; found, rewrite |
1945 | ; found, rewrite |
Line 2086... | Line 2009... | ||
2086 | cmp byte [ecx], '/' |
2009 | cmp byte [ecx], '/' |
2087 | jz ntfsNotFound ; path folder not found |
2010 | jz ntfsNotFound ; path folder not found |
2088 | cmp byte [ecx], 0 |
2011 | cmp byte [ecx], 0 |
2089 | jnz @b |
2012 | jnz @b |
2090 | sub ecx, esi |
2013 | sub ecx, esi |
- | 2014 | push ecx ; name length |
|
2091 | push ecx |
2015 | shl ecx, 1 |
2092 | lea ecx, [ecx*2+52h+7] ; precalculate index length |
2016 | add ecx, fileName+7 |
2093 | and ecx, not 7 ; align 8 |
2017 | and ecx, not 7 |
2094 | mov edi, [ebp+NTFS.cur_index_buf] |
2018 | mov edi, [ebp+NTFS.cur_index_buf] |
2095 | push esi |
- | |
2096 | push ecx |
- | |
2097 | mov edx, [ebx+12] |
2019 | mov edx, [ebx+12] |
2098 | mov [ebp+NTFS.fileRealSize], edx |
2020 | mov [ebp+NTFS.fileRealSize], edx |
2099 | mov edx, [ebx+16] |
2021 | mov edx, [ebx+16] |
2100 | mov [ebp+NTFS.fileDataBuffer], edx |
2022 | mov [ebp+NTFS.fileDataBuffer], edx |
- | 2023 | push esi |
|
- | 2024 | push ecx ; index length |
|
2101 | mov edx, ecx |
2025 | mov edx, ecx |
2102 | cmp dword [edi], 'INDX' |
2026 | cmp dword [edi], 'INDX' |
2103 | jz .indexRecord |
2027 | jz .indexRecord |
2104 | mov esi, [ebp+NTFS.frs_buffer] ; indexRoot |
2028 | mov esi, [ebp+NTFS.frs_buffer] ; indexRoot |
2105 | mov ecx, [esi+recordRealSize] |
2029 | mov ecx, [esi+recordRealSize] |
Line 2140... | Line 2064... | ||
2140 | stosw |
2064 | stosw |
2141 | mov esi, [ebp+NTFS.attr_offs] |
2065 | mov esi, [ebp+NTFS.attr_offs] |
2142 | mov cl, [esi+attributeOffset] |
2066 | mov cl, [esi+attributeOffset] |
2143 | add esi, ecx |
2067 | add esi, ecx |
2144 | mov eax, [esi+indexRecordSizeClus] |
2068 | mov eax, [esi+indexRecordSizeClus] |
2145 | cmp eax, 128 |
2069 | cmp eax, 129 |
2146 | jnc @b |
2070 | jnc @b |
2147 | mov [ebp+NTFS.fileDataSize], eax |
2071 | mov [ebp+NTFS.fileDataSize], eax |
2148 | mov eax, [esi+indexRecordSize] |
2072 | mov eax, [esi+indexRecordSize] |
2149 | cmp eax, [ebp+NTFS.frs_size] |
2073 | cmp eax, [ebp+NTFS.frs_size] |
2150 | jc @b |
2074 | jc @b |
Line 2326... | Line 2250... | ||
2326 | mul ecx |
2250 | mul ecx |
2327 | mov [edi+fileAllocatedSize], eax |
2251 | mov [edi+fileAllocatedSize], eax |
2328 | pop ecx |
2252 | pop ecx |
2329 | mov [ebp+NTFS.indexOffset], edi |
2253 | mov [ebp+NTFS.indexOffset], edi |
2330 | mov [edi+fileNameLength], cl |
2254 | mov [edi+fileNameLength], cl |
2331 | add edi, 52h |
2255 | add edi, fileName |
2332 | @@: ; record filename |
2256 | @@: ; record filename |
2333 | lodsb |
2257 | lodsb |
2334 | call ansi2uni_char |
2258 | call ansi2uni_char |
2335 | stosw |
2259 | stosw |
2336 | dec ecx |
2260 | dec ecx |