Rev 6078 | Rev 6246 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 6078 | Rev 6240 | ||
|---|---|---|---|
| Line 3... | Line 3... | ||
| 3 | ;; Copyright (C) KolibriOS team 2004-2015. All rights reserved. ;; |
3 | ;; Copyright (C) KolibriOS team 2004-2015. All rights reserved. ;; |
| 4 | ;; Distributed under terms of the GNU General Public License ;; |
4 | ;; Distributed under terms of the GNU General Public License ;; |
| 5 | ;; ;; |
5 | ;; ;; |
| 6 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; |
6 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; |
| Line 7... | Line 7... | ||
| 7 | 7 | ||
| Line 8... | Line 8... | ||
| 8 | $Revision: 6078 $ |
8 | $Revision: 6240 $ |
| Line 9... | Line 9... | ||
| 9 | 9 | ||
| 10 | ; NTFS driver |
10 | ; NTFS driver |
| Line 46... | Line 46... | ||
| 46 | nonResidentFlag = 8 |
46 | nonResidentFlag = 8 |
| 47 | nameLength = 9 |
47 | nameLength = 9 |
| 48 | nameOffset = 10 |
48 | nameOffset = 10 |
| 49 | attributeFlags = 12 |
49 | attributeFlags = 12 |
| 50 | attributeID = 14 |
50 | attributeID = 14 |
| - | 51 | ; resident attribute header |
|
| 51 | sizeWithoutHeader = 16 |
52 | sizeWithoutHeader = 10h |
| - | 53 | ; attributeOffset = 14h |
|
| 52 | indexedFlag = 16h |
54 | indexedFlag = 16h |
| 53 | ; non resident attribute header |
55 | ; non resident attribute header |
| - | 56 | firstVCN = 10h |
|
| 54 | lastVCN = 18h |
57 | lastVCN = 18h |
| 55 | dataRunsOffset = 20h |
58 | dataRunsOffset = 20h |
| 56 | attributeAllocatedSize = 28h |
59 | attributeAllocatedSize = 28h |
| 57 | attributeRealSize = 30h |
60 | attributeRealSize = 30h |
| 58 | initialDataSize = 38h |
61 | initialDataSize = 38h |
| Line 437... | Line 440... | ||
| 437 | mov [ebp+NTFS.ntfs_cur_offs], 0 |
440 | mov [ebp+NTFS.ntfs_cur_offs], 0 |
| 438 | call ntfs_read_attr |
441 | call ntfs_read_attr |
| 439 | mov eax, [ebp+NTFS.ntfs_cur_read] |
442 | mov eax, [ebp+NTFS.ntfs_cur_read] |
| 440 | cmp eax, 4 |
443 | cmp eax, 4 |
| 441 | jc .failFreeBitmapMFT |
444 | jc .failFreeBitmapMFT |
| - | 445 | mov ecx, [ebp+NTFS.ntfs_attr_offs] |
|
| - | 446 | cmp byte [ecx+nonResidentFlag], 1 |
|
| - | 447 | jnz .failFreeBitmapMFT |
|
| 442 | mov [ebp+NTFS.mftBitmapSize], eax |
448 | mov [ebp+NTFS.mftBitmapSize], eax |
| 443 | mov eax, [ebp+NTFS.ntfsLastRead] |
449 | mov eax, [ebp+NTFS.ntfsLastRead] |
| 444 | mov [ebp+NTFS.mftBitmapLocation], eax |
450 | mov [ebp+NTFS.mftBitmapLocation], eax |
| Line 445... | Line 451... | ||
| 445 | 451 | ||
| Line 655... | Line 661... | ||
| 655 | or [ebp+NTFS.ntfs_attr_iBaseRecord], -1 |
661 | or [ebp+NTFS.ntfs_attr_iBaseRecord], -1 |
| 656 | call ntfs_read_file_record |
662 | call ntfs_read_file_record |
| 657 | jc .errret |
663 | jc .errret |
| 658 | ; 2. Find required attribute. |
664 | ; 2. Find required attribute. |
| 659 | mov eax, [ebp+NTFS.frs_buffer] |
665 | mov eax, [ebp+NTFS.frs_buffer] |
| 660 | ; a) For auxiliary records, read base record |
666 | ; a) For auxiliary records, read base record. |
| 661 | ; N.B. If base record is present, |
667 | ; If base record is present, base iRecord may be 0 (for $Mft), |
| 662 | ; base iRecord may be 0 (for $Mft), but SequenceNumber is nonzero |
668 | ; but SequenceNumber is nonzero. |
| 663 | cmp dword [eax+24h], 0 |
669 | cmp dword [eax+24h], 0 |
| 664 | jz @f |
670 | jz @f |
| 665 | mov eax, [eax+20h] |
671 | mov eax, [eax+20h] |
| 666 | ; test eax, eax |
- | |
| 667 | ; jz @f |
- | |
| 668 | .beginfindattr: |
672 | .beginfindattr: |
| 669 | mov [ebp+NTFS.ntfs_attr_iRecord], eax |
673 | mov [ebp+NTFS.ntfs_attr_iRecord], eax |
| 670 | call ntfs_read_file_record |
674 | call ntfs_read_file_record |
| 671 | jc .errret |
675 | jc .errret |
| - | 676 | jmp @f |
|
| - | 677 | .newAttribute: |
|
| - | 678 | pushad |
|
| 672 | @@: |
679 | @@: |
| 673 | ; b) Scan for required attribute and for $ATTR_LIST |
680 | ; b) Scan for required attribute and for $ATTR_LIST |
| 674 | mov eax, [ebp+NTFS.frs_buffer] |
681 | mov eax, [ebp+NTFS.frs_buffer] |
| 675 | movzx ecx, word [eax+14h] |
682 | movzx ecx, word [eax+14h] |
| 676 | add eax, ecx |
683 | add eax, ecx |
| Line 1068... | Line 1075... | ||
| 1068 | mov [ebp+NTFS.ntfs_bCanContinue], 1 |
1075 | mov [ebp+NTFS.ntfs_bCanContinue], 1 |
| 1069 | ret |
1076 | ret |
| Line 1070... | Line 1077... | ||
| 1070 | 1077 | ||
| 1071 | ntfs_read_file_record: |
1078 | ntfs_read_file_record: |
| 1072 | ; in: eax = iRecord |
1079 | ; in: eax = iRecord |
| 1073 | ; out: [ebp+NTFS.frs_buffer] = record data |
1080 | ; out: [ebp+NTFS.frs_buffer] -> file record |
| 1074 | ; CF=1 -> failed, eax = disk error code, eax=0 -> something with FS |
1081 | ; CF=1 -> failed, eax = disk error code, eax=0 -> something with FS |
| 1075 | ; Read attr $DATA of $Mft, starting from eax*[ebp+NTFS.frs_size] |
1082 | ; Read attr $DATA of $Mft, starting from eax*[ebp+NTFS.frs_size] |
| 1076 | push ecx edx |
1083 | push ecx edx |
| 1077 | mov ecx, [ebp+NTFS.frs_size] |
1084 | mov ecx, [ebp+NTFS.frs_size] |
| Line 1133... | Line 1140... | ||
| 1133 | ret |
1140 | ret |
| Line 1134... | Line 1141... | ||
| 1134 | 1141 | ||
| 1135 | ntfs_restore_usa_frs: |
1142 | ntfs_restore_usa_frs: |
| 1136 | mov eax, [ebp+NTFS.frs_size] |
1143 | mov eax, [ebp+NTFS.frs_size] |
| - | 1144 | ntfs_restore_usa: |
|
| - | 1145 | ; in: |
|
| - | 1146 | ; ebx -> record |
|
| 1137 | ntfs_restore_usa: |
1147 | ; eax = size in bytes |
| 1138 | pushad |
1148 | pushad |
| 1139 | shr eax, 9 |
1149 | shr eax, 9 |
| 1140 | mov ecx, eax |
1150 | mov ecx, eax |
| 1141 | inc eax |
1151 | inc eax |
| Line 1161... | Line 1171... | ||
| 1161 | stc |
1171 | stc |
| 1162 | ret |
1172 | ret |
| Line 1163... | Line 1173... | ||
| 1163 | 1173 | ||
| 1164 | ntfs_decode_mcb_entry: |
1174 | ntfs_decode_mcb_entry: |
| 1165 | ; in: |
1175 | ; in: |
| 1166 | ; esi -> mcb entry |
1176 | ; esi -> MCB entry |
| 1167 | ; esp -> buffer (16 bytes) |
1177 | ; esp -> buffer (16 bytes) |
| 1168 | ; out: |
1178 | ; out: |
| 1169 | ; esi -> next mcb entry |
1179 | ; esi -> next MCB entry |
| 1170 | ; esp -> data run size |
1180 | ; esp -> data run size |
| 1171 | ; esp+8 -> cluster (delta) |
1181 | ; esp+8 -> cluster (delta) |
| 1172 | ; CF=0 -> mcb end |
1182 | ; CF=0 -> MCB end |
| 1173 | push eax ecx edi |
1183 | push eax ecx edi |
| 1174 | lea edi, [esp+16] |
1184 | lea edi, [esp+16] |
| 1175 | xor eax, eax |
1185 | xor eax, eax |
| 1176 | lodsb |
1186 | lodsb |
| Line 1997... | Line 2007... | ||
| 1997 | movi eax, ERROR_ACCESS_DENIED |
2007 | movi eax, ERROR_ACCESS_DENIED |
| 1998 | ret |
2008 | ret |
| 1999 | @@: ; 1. Search file |
2009 | @@: ; 1. Search file |
| 2000 | call ntfs_lock |
2010 | call ntfs_lock |
| 2001 | stdcall ntfs_find_lfn, [esp+4] |
2011 | stdcall ntfs_find_lfn, [esp+4] |
| 2002 | jnc .found |
- | |
| 2003 | cmp [ebp+NTFS.ntfsFragmentCount], 1 |
- | |
| 2004 | jnz ntfsUnsupported ; record fragmented |
- | |
| 2005 | test eax, eax |
- | |
| 2006 | jz ntfsFail |
- | |
| 2007 | jmp .notFound |
2012 | jc .notFound |
| 2008 | - | ||
| 2009 | .found: ; rewrite |
2013 | ; found, rewrite |
| 2010 | cmp [ebp+NTFS.ntfs_cur_iRecord], 16 |
2014 | cmp [ebp+NTFS.ntfs_cur_iRecord], 16 |
| 2011 | jc ntfsDenied |
2015 | jc ntfsDenied |
| 2012 | cmp [ebp+NTFS.ntfsFolder], 1 |
2016 | cmp [ebp+NTFS.ntfsFolder], 1 |
| 2013 | jz ntfsDenied |
2017 | jz .folder |
| - | 2018 | cmp [ebp+NTFS.ntfsFragmentCount], 1 |
|
| - | 2019 | jnz ntfsUnsupported ; record fragmented |
|
| - | 2020 | ; edit directory node |
|
| - | 2021 | mov edi, [ebp+NTFS.cur_index_buf] |
|
| - | 2022 | cmp dword [edi], 'INDX' |
|
| - | 2023 | jz @f |
|
| - | 2024 | mov esi, [ebp+NTFS.frs_buffer] |
|
| - | 2025 | mov ecx, [esi+recordRealSize] |
|
| - | 2026 | shr ecx, 2 |
|
| - | 2027 | rep movsd |
|
| - | 2028 | mov esi, [ebp+NTFS.ntfs_attr_offs] |
|
| - | 2029 | mov cl, [esi+attributeOffset] |
|
| - | 2030 | sub esi, [ebp+NTFS.frs_buffer] |
|
| - | 2031 | add eax, ecx |
|
| - | 2032 | add eax, esi |
|
| - | 2033 | @@: |
|
| - | 2034 | mov edx, [ebx+12] |
|
| - | 2035 | mov [eax+fileRealSize], edx |
|
| - | 2036 | mov dword [eax+fileRealSize+4], 0 |
|
| - | 2037 | mov eax, [ebp+NTFS.ntfsLastRead] |
|
| - | 2038 | mov [ebp+NTFS.nodeLastRead], eax |
|
| 2014 | mov [ebp+NTFS.ntfs_cur_attr], 0x80 |
2039 | mov [ebp+NTFS.ntfs_cur_attr], 0x80 |
| 2015 | mov [ebp+NTFS.ntfs_cur_offs], 0 |
2040 | mov [ebp+NTFS.ntfs_cur_offs], 0 |
| 2016 | mov [ebp+NTFS.ntfs_cur_size], 0 |
2041 | mov [ebp+NTFS.ntfs_cur_size], 0 |
| 2017 | call ntfs_read_attr |
2042 | call ntfs_read_attr |
| 2018 | jc ntfsDenied |
2043 | jc ntfsFail |
| 2019 | mov eax, [ebp+NTFS.frs_buffer] |
2044 | mov ecx, [ebp+NTFS.frs_buffer] |
| - | 2045 | mov eax, edx |
|
| - | 2046 | xor edx, edx |
|
| 2020 | cmp word [eax+baseRecordReuse], 0 |
2047 | cmp word [ecx+baseRecordReuse], 0 |
| 2021 | jnz ntfsUnsupported ; auxiliary record |
2048 | jnz ntfsUnsupported ; auxiliary record |
| 2022 | cmp byte [eax+hardLinkCounter], 1 |
- | |
| 2023 | jnz ntfsUnsupported ; file copying required |
- | |
| 2024 | mov ecx, [ebp+NTFS.ntfs_attr_offs] |
2049 | mov ecx, [ebp+NTFS.ntfs_attr_offs] |
| 2025 | cmp byte [ecx+nonResidentFlag], 1 |
- | |
| 2026 | jnz ntfsUnsupported ; resident $DATA |
- | |
| 2027 | mov eax, [ebx+4] |
- | |
| 2028 | mov edx, [ebx+8] |
- | |
| 2029 | add eax, [ebx+12] |
- | |
| 2030 | adc edx, 0 |
- | |
| 2031 | cmp edx, [ecx+attributeRealSize+4] |
2050 | cmp word [ecx+attributeFlags], 0 |
| 2032 | jnz ntfsUnsupported |
2051 | jnz ntfsUnsupported |
| - | 2052 | push ebx |
|
| - | 2053 | cmp byte [ecx+nonResidentFlag], 0 |
|
| - | 2054 | jz @f |
|
| - | 2055 | cmp [ecx+attributeRealSize+4], edx |
|
| - | 2056 | jnz @f |
|
| 2033 | cmp [ecx+attributeRealSize], eax |
2057 | cmp [ecx+attributeRealSize], eax |
| 2034 | jnz ntfsUnsupported |
2058 | jz ntfs_WriteFile.writeNode |
| - | 2059 | @@: |
|
| 2035 | jmp ntfs_WriteFile.write |
2060 | jmp ntfs_WriteFile.resizeAttribute |
| Line -... | Line 2061... | ||
| - | 2061 | ||
| 2036 | 2062 | .folder: |
|
| 2037 | .notFound: ; create; check path folders |
2063 | bt dword [eax+fileFlags], 28 |
| - | 2064 | jnc ntfsDenied |
|
| 2038 | cmp dword [esp+4], 0 |
2065 | push 0 |
| - | 2066 | jmp ntfsOut |
|
| - | 2067 | ||
| 2039 | jnz ntfsNotFound |
2068 | .notFound: ; create |
| 2040 | cmp byte [esi], 0 |
2069 | test eax, eax |
| - | 2070 | jz ntfsFail |
|
| - | 2071 | cmp [ebp+NTFS.ntfsFragmentCount], 1 |
|
| 2041 | jz ntfsNotFound |
2072 | jnz ntfsUnsupported ; record fragmented |
| 2042 | ; 2. Prepare directory record |
2073 | ; 2. Prepare directory record |
| 2043 | mov ecx, esi |
2074 | mov ecx, esi |
| 2044 | @@: ; count characters |
2075 | @@: ; count characters |
| 2045 | inc ecx |
2076 | inc ecx |
| 2046 | cmp byte [ecx], '/' |
2077 | cmp byte [ecx], '/' |
| 2047 | jz ntfsNotFound |
2078 | jz ntfsNotFound ; path folder not found |
| 2048 | cmp byte [ecx], 0 |
2079 | cmp byte [ecx], 0 |
| 2049 | jnz @b |
2080 | jnz @b |
| 2050 | sub ecx, esi |
2081 | sub ecx, esi |
| 2051 | push ecx |
2082 | push ecx |
| 2052 | lea ecx, [ecx*2+52h] ; precalculate index length |
2083 | lea ecx, [ecx*2+52h+7] ; precalculate index length |
| 2053 | add ecx, 7 ; align 8 |
- | |
| 2054 | and ecx, not 7 |
2084 | and ecx, not 7 ; align 8 |
| 2055 | mov edi, [ebp+NTFS.cur_index_buf] |
2085 | mov edi, [ebp+NTFS.cur_index_buf] |
| 2056 | push esi |
2086 | push esi |
| 2057 | push ecx |
2087 | push ecx |
| 2058 | cmp dword [edi], 'INDX' |
2088 | cmp dword [edi], 'INDX' |
| Line 2109... | Line 2139... | ||
| 2109 | shr ecx, 2 |
2139 | shr ecx, 2 |
| 2110 | xor eax, eax |
2140 | xor eax, eax |
| 2111 | rep stosd |
2141 | rep stosd |
| 2112 | cld |
2142 | cld |
| 2113 | add edi, 4 |
2143 | add edi, 4 |
| 2114 | pop eax |
2144 | pop ecx |
| 2115 | pop esi |
2145 | pop esi |
| 2116 | mov [edi+indexAllocatedSize], ax ; fill index with data |
2146 | mov [edi+indexAllocatedSize], cx ; fill index with data |
| 2117 | mov eax, [esp] |
2147 | mov eax, [esp] |
| - | 2148 | shl eax, 1 |
|
| 2118 | lea eax, [eax*2+42h] |
2149 | add eax, 42h |
| 2119 | mov [edi+indexRawSize], ax |
2150 | mov [edi+indexRawSize], ax |
| 2120 | mov eax, [ebp+NTFS.ntfs_attr_iRecord] |
2151 | mov eax, [ebp+NTFS.ntfs_attr_iRecord] |
| 2121 | mov [edi+directoryRecordReference], eax |
2152 | mov [edi+directoryRecordReference], eax |
| 2122 | mov eax, [ebp+NTFS.frs_buffer] |
2153 | mov eax, [ebp+NTFS.frs_buffer] |
| 2123 | mov eax, [eax+reuseCounter] |
2154 | mov eax, [eax+reuseCounter] |
| 2124 | mov [edi+directoryReferenceReuse], ax |
2155 | mov [edi+directoryReferenceReuse], ax |
| 2125 | mov eax, [ebx+12] |
2156 | mov eax, [ebx+12] |
| - | 2157 | add ecx, 30h+48h+8+18h+8 |
|
| - | 2158 | add ecx, eax |
|
| 2126 | mov [ebp+NTFS.fileRealSize], eax |
2159 | mov [ebp+NTFS.fileRealSize], eax |
| 2127 | mov [edi+fileRealSize], eax |
2160 | mov [edi+fileRealSize], eax |
| - | 2161 | cmp [ebp+NTFS.frs_size], ecx |
|
| - | 2162 | jc @f |
|
| - | 2163 | mov eax, [ebx+16] |
|
| - | 2164 | mov [ebp+NTFS.fileDataStart], eax |
|
| - | 2165 | xor eax, eax |
|
| - | 2166 | @@: |
|
| 2128 | mov ecx, [ebp+NTFS.sectors_per_cluster] |
2167 | mov ecx, [ebp+NTFS.sectors_per_cluster] |
| 2129 | shl ecx, 9 |
2168 | shl ecx, 9 |
| 2130 | add eax, ecx |
2169 | add eax, ecx |
| 2131 | dec eax |
2170 | dec eax |
| 2132 | xor edx, edx |
2171 | xor edx, edx |
| Line 2147... | Line 2186... | ||
| 2147 | mov eax, [ebp+NTFS.ntfsLastRead] |
2186 | mov eax, [ebp+NTFS.ntfsLastRead] |
| 2148 | mov [ebp+NTFS.nodeLastRead], eax |
2187 | mov [ebp+NTFS.nodeLastRead], eax |
| 2149 | cmp [ebp+NTFS.ntfsFolder], 0 |
2188 | cmp [ebp+NTFS.ntfsFolder], 0 |
| 2150 | jz @f |
2189 | jz @f |
| 2151 | mov edi, [ebp+NTFS.indexOffset] |
2190 | mov edi, [ebp+NTFS.indexOffset] |
| 2152 | mov byte [edi+fileFlags+3], 16 |
2191 | bts dword [edi+fileFlags], 28 |
| 2153 | jmp .mftBitmap |
2192 | jmp .mftBitmap |
| Line 2154... | Line 2193... | ||
| 2154 | 2193 | ||
| 2155 | @@: ; 3. File data |
2194 | @@: ; 3. File data |
| 2156 | cmp [ebp+NTFS.fileRealSize], 0 |
2195 | cmp [ebp+NTFS.fileDataSize], 0 |
| 2157 | jz .mftBitmap |
- | |
| 2158 | ; One piece free space bitmap search engine |
- | |
| 2159 | mov edi, [ebp+NTFS.BitmapBuffer] |
2196 | jz .mftBitmap |
| 2160 | add edi, [ebp+NTFS.BitmapStart] |
- | |
| 2161 | mov eax, [ebp+NTFS.fileDataSize] |
- | |
| 2162 | shr eax, 5 |
- | |
| 2163 | jz .small |
- | |
| 2164 | push eax ; bitmap dwords |
- | |
| 2165 | add edi, 4 |
- | |
| 2166 | .start: |
- | |
| 2167 | mov ecx, [ebp+NTFS.BitmapSize] |
- | |
| 2168 | add ecx, [ebp+NTFS.BitmapBuffer] |
- | |
| 2169 | sub ecx, edi |
- | |
| 2170 | shr ecx, 2 |
- | |
| 2171 | @@: |
- | |
| 2172 | xor eax, eax |
- | |
| 2173 | repnz scasd ; search for empty dword |
- | |
| 2174 | jz @f |
- | |
| 2175 | call bitmapBuffering |
- | |
| 2176 | jmp @b |
- | |
| 2177 | @@: |
- | |
| 2178 | cmp ecx, [esp] |
- | |
| 2179 | jnc @f |
- | |
| 2180 | call bitmapBuffering |
- | |
| 2181 | jmp @b |
- | |
| 2182 | @@: |
- | |
| 2183 | sub edi, 4 |
- | |
| 2184 | mov ecx, [esp] |
- | |
| 2185 | mov esi, edi |
- | |
| 2186 | xor eax, eax |
- | |
| 2187 | repz scasd ; check following dwords |
- | |
| 2188 | jnz .start |
- | |
| 2189 | sub esi, 4 |
- | |
| 2190 | mov eax, [esi] |
- | |
| 2191 | xor edx, edx |
- | |
| 2192 | bsr edx, eax |
- | |
| 2193 | inc edx |
- | |
| 2194 | push edx ; starting bit |
- | |
| 2195 | push esi ; starting dword |
- | |
| 2196 | add esi, 4 |
- | |
| 2197 | neg edx |
- | |
| 2198 | add edx, 32 |
- | |
| 2199 | mov eax, [ebp+NTFS.fileDataSize] |
- | |
| 2200 | sub eax, edx |
- | |
| 2201 | mov edx, eax |
- | |
| 2202 | shr eax, 5 |
- | |
| 2203 | shl eax, 2 |
- | |
| 2204 | add esi, eax |
- | |
| 2205 | mov eax, [esi] |
- | |
| 2206 | bsf ecx, eax ; last dword |
- | |
| 2207 | jz .done |
- | |
| 2208 | and edx, 31 |
- | |
| 2209 | cmp ecx, edx |
- | |
| 2210 | jnc .done |
- | |
| 2211 | add esp, 8 |
- | |
| 2212 | jmp .start |
- | |
| 2213 | - | ||
| 2214 | .small: ; less than 32 clusters |
- | |
| 2215 | mov ecx, [ebp+NTFS.BitmapSize] |
- | |
| 2216 | sub ecx, [ebp+NTFS.BitmapStart] |
- | |
| 2217 | shr ecx, 2 |
- | |
| 2218 | .smStart: |
- | |
| 2219 | mov eax, -1 |
- | |
| 2220 | repz scasd ; search for zero bits |
- | |
| 2221 | push ecx |
- | |
| 2222 | test ecx, ecx |
- | |
| 2223 | jnz @f |
2197 | mov edi, [ebp+NTFS.BitmapStart] |
| 2224 | call bitmapBuffering |
- | |
| 2225 | pop eax |
- | |
| 2226 | jmp .smStart |
- | |
| 2227 | @@: |
- | |
| 2228 | sub edi, 4 |
- | |
| 2229 | mov eax, [edi] |
- | |
| 2230 | not eax |
- | |
| 2231 | @@: |
- | |
| 2232 | bsf ecx, eax ; first 0 |
- | |
| 2233 | jz .again |
- | |
| 2234 | not eax |
- | |
| 2235 | shr eax, cl |
- | |
| 2236 | shl eax, cl |
- | |
| 2237 | bsf edx, eax ; next 1 |
- | |
| 2238 | jz @f |
- | |
| 2239 | sub edx, ecx |
- | |
| 2240 | cmp edx, [ebp+NTFS.fileDataSize] |
- | |
| 2241 | jnc .got ; fits inside |
- | |
| 2242 | bsf ecx, eax |
- | |
| 2243 | not eax |
- | |
| 2244 | shr eax, cl |
- | |
| 2245 | shl eax, cl |
- | |
| 2246 | jmp @b |
- | |
| 2247 | @@: ; next dword |
- | |
| 2248 | mov eax, [edi+4] |
- | |
| 2249 | bsf edx, eax |
- | |
| 2250 | jz .got ; empty |
- | |
| 2251 | add edx, 32 |
- | |
| 2252 | sub edx, ecx |
- | |
| 2253 | cmp edx, [ebp+NTFS.fileDataSize] |
- | |
| 2254 | jnc .got ; share between dwords |
- | |
| 2255 | .again: |
- | |
| 2256 | add edi, 4 |
- | |
| 2257 | pop ecx |
- | |
| 2258 | jmp .smStart |
- | |
| 2259 | - | ||
| 2260 | .got: |
- | |
| 2261 | push ecx ; starting bit |
- | |
| 2262 | push edi ; starting dword |
- | |
| 2263 | .done: ; mark space |
- | |
| 2264 | mov ecx, [esp+4] |
- | |
| 2265 | cmp ecx, 32 |
- | |
| 2266 | jc @f |
- | |
| 2267 | xor ecx, ecx |
- | |
| 2268 | add dword [esp], 4 |
- | |
| 2269 | mov [esp+4], ecx |
- | |
| 2270 | @@: |
- | |
| 2271 | mov edi, [esp] |
- | |
| 2272 | xor eax, eax |
- | |
| 2273 | dec eax |
- | |
| 2274 | shr eax, cl |
- | |
| 2275 | shl eax, cl |
- | |
| 2276 | neg ecx |
- | |
| 2277 | add ecx, 32 |
- | |
| 2278 | sub ecx, [ebp+NTFS.fileDataSize] |
2198 | call ntfsSpaceAlloc |
| 2279 | jc @f |
- | |
| 2280 | shl eax, cl ; fits inside dword |
- | |
| 2281 | shr eax, cl |
- | |
| 2282 | or [edi], eax |
- | |
| 2283 | jmp .writeData |
- | |
| 2284 | - | ||
| 2285 | @@: |
- | |
| 2286 | or [edi], eax |
- | |
| 2287 | neg ecx |
- | |
| 2288 | push ecx |
- | |
| 2289 | shr ecx, 5 |
- | |
| 2290 | add edi, 4 |
- | |
| 2291 | xor eax, eax |
- | |
| 2292 | dec eax |
- | |
| 2293 | rep stosd |
- | |
| 2294 | pop ecx |
- | |
| 2295 | and ecx, 31 |
- | |
| 2296 | shr eax, cl |
- | |
| 2297 | shl eax, cl |
- | |
| 2298 | not eax |
- | |
| 2299 | or [edi], eax |
- | |
| 2300 | .writeData: |
- | |
| 2301 | pop edx |
- | |
| 2302 | sub edx, [ebp+NTFS.BitmapBuffer] |
- | |
| 2303 | shl edx, 3 |
- | |
| 2304 | pop eax |
- | |
| 2305 | add eax, edx |
- | |
| 2306 | pop edx |
2199 | jc ntfsDiskFull |
| 2307 | mov [ebp+NTFS.fileDataStart], eax |
2200 | mov [ebp+NTFS.fileDataStart], eax |
| 2308 | mul [ebp+NTFS.sectors_per_cluster] |
2201 | mul [ebp+NTFS.sectors_per_cluster] |
| 2309 | mov ecx, [ebp+NTFS.fileRealSize] |
2202 | mov ecx, [ebp+NTFS.fileRealSize] |
| 2310 | add ecx, 511 |
2203 | add ecx, 511 |
| Line 2323... | Line 2216... | ||
| 2323 | repz scasb |
2216 | repz scasb |
| 2324 | dec edi |
2217 | dec edi |
| 2325 | movzx eax, byte [edi] |
2218 | movzx eax, byte [edi] |
| 2326 | not al |
2219 | not al |
| 2327 | bsf ecx, eax |
2220 | bsf ecx, eax |
| 2328 | jz ntfsUnsupported ; no free records |
2221 | jz .extendBitmapMFT ; no free records |
| 2329 | bts [edi], ecx |
2222 | bts [edi], ecx |
| 2330 | ; get record location |
2223 | ; get record location |
| 2331 | sub edi, [ebp+NTFS.mftBitmapBuffer] |
2224 | sub edi, [ebp+NTFS.mftBitmapBuffer] |
| 2332 | shl edi, 3 |
2225 | shl edi, 3 |
| 2333 | add edi, ecx |
2226 | add edi, ecx |
| Line 2341... | Line 2234... | ||
| 2341 | mov [ebp+NTFS.ntfs_cur_size], 1 |
2234 | mov [ebp+NTFS.ntfs_cur_size], 1 |
| 2342 | mov eax, [ebp+NTFS.frs_buffer] |
2235 | mov eax, [ebp+NTFS.frs_buffer] |
| 2343 | mov [ebp+NTFS.ntfs_cur_buf], eax |
2236 | mov [ebp+NTFS.ntfs_cur_buf], eax |
| 2344 | call ntfs_read_attr |
2237 | call ntfs_read_attr |
| 2345 | cmp [ebp+NTFS.ntfs_cur_read], 0 |
2238 | cmp [ebp+NTFS.ntfs_cur_read], 0 |
| - | 2239 | jz .extendMFT |
|
| 2346 | jnz .mftRecord |
2240 | jmp .mftRecord |
| - | 2241 | ||
| 2347 | ; extend MFT $DATA |
2242 | .extendBitmapMFT: |
| - | 2243 | mov eax, [ebp+NTFS.sectors_per_cluster] |
|
| - | 2244 | shl eax, 9 |
|
| - | 2245 | cmp [ebp+NTFS.mftBitmapSize], eax |
|
| - | 2246 | jnc ntfsUnsupported |
|
| - | 2247 | mov [ebp+NTFS.ntfs_cur_iRecord], 0 |
|
| - | 2248 | mov [ebp+NTFS.ntfs_cur_attr], 0xB0 |
|
| - | 2249 | mov [ebp+NTFS.ntfs_cur_offs], 0 |
|
| - | 2250 | mov [ebp+NTFS.ntfs_cur_size], 0 |
|
| - | 2251 | call ntfs_read_attr |
|
| - | 2252 | jc ntfsFail |
|
| 2348 | mov eax, [ebp+NTFS.mft_cluster] |
2253 | mov eax, [ebp+NTFS.mft_cluster] |
| 2349 | mul [ebp+NTFS.sectors_per_cluster] |
2254 | mul [ebp+NTFS.sectors_per_cluster] |
| 2350 | cmp eax, [ebp+NTFS.ntfsLastRead] |
2255 | cmp eax, [ebp+NTFS.ntfsLastRead] |
| 2351 | jnz ntfsUnsupported ; auxiliary record |
2256 | jnz ntfsUnsupported ; auxiliary record |
| 2352 | mov edi, [ebp+NTFS.ntfs_attr_offs] |
2257 | mov edi, [ebp+NTFS.mftBitmapBuffer] |
| 2353 | mov ebx, [ebp+NTFS.sectors_per_cluster] |
2258 | mov ecx, [ebp+NTFS.mftBitmapSize] |
| 2354 | shl ebx, 9+3 |
- | |
| 2355 | add dword [edi+lastVCN], 8 |
- | |
| 2356 | add [edi+attributeAllocatedSize], ebx |
- | |
| 2357 | adc byte [edi+attributeAllocatedSize+4], 0 |
- | |
| 2358 | add [edi+attributeRealSize], ebx |
- | |
| 2359 | adc byte [edi+attributeRealSize+4], 0 |
- | |
| 2360 | add [edi+initialDataSize], ebx |
- | |
| 2361 | adc byte [edi+initialDataSize+4], 0 |
- | |
| 2362 | movzx eax, byte [edi+dataRunsOffset] |
- | |
| 2363 | add edi, eax |
2259 | add edi, ecx |
| 2364 | mov al, [edi] |
- | |
| 2365 | inc edi |
- | |
| 2366 | shl eax, 4 |
- | |
| 2367 | shr al, 4 |
- | |
| 2368 | mov cl, 4 |
- | |
| 2369 | sub cl, al |
- | |
| 2370 | shl cl, 3 |
- | |
| 2371 | add ah, al |
- | |
| 2372 | shr eax, 8 |
- | |
| 2373 | cmp byte [edi+eax], 0 |
- | |
| 2374 | jnz ntfsUnsupported ; $MFT fragmented |
- | |
| 2375 | mov al, 8 |
2260 | mov eax, ecx |
| 2376 | mov edx, [edi] |
2261 | mov edx, [ebp+NTFS.ntfs_attr_offs] |
| 2377 | rol eax, cl |
- | |
| 2378 | rol edx, cl |
- | |
| 2379 | add eax, edx |
2262 | add ecx, 8 |
| 2380 | jc ntfsUnsupported |
- | |
| 2381 | ror eax, cl |
- | |
| 2382 | shr edx, cl |
- | |
| 2383 | mov [edi], eax |
2263 | mov [edx+attributeRealSize], ecx |
| 2384 | add edx, [ebp+NTFS.mft_cluster] |
- | |
| 2385 | mov esi, edx |
- | |
| 2386 | mov ecx, edx |
2264 | mov [edx+initialDataSize], ecx |
| 2387 | and ecx, 7 |
- | |
| 2388 | shr edx, 3 |
2265 | shl eax, 3 |
| 2389 | add edx, [ebp+NTFS.BitmapBuffer] |
2266 | mov [ebp+NTFS.newMftRecord], eax |
| 2390 | mov ax, [edx] |
2267 | mov dword [edi], 1 |
| 2391 | shr ax, cl |
- | |
| 2392 | test al, al |
- | |
| 2393 | jnz ntfsUnsupported |
- | |
| 2394 | dec al |
- | |
| 2395 | xchg [edx], al |
2268 | mov dword [edi+4], 0 |
| 2396 | mov [edx+1], al |
2269 | mov [ebp+NTFS.ntfs_cur_attr], 0x80 |
| 2397 | stdcall kernel_alloc, ebx |
2270 | call ntfs_read_attr.newAttribute |
| 2398 | test eax, eax |
- | |
| 2399 | jz ntfsNoMemory |
2271 | jc ntfsFail |
| 2400 | mov ecx, ebx |
- | |
| 2401 | shr ecx, 2 |
- | |
| 2402 | mov edi, eax |
2272 | mov [ebp+NTFS.mftBitmapSize], ecx |
| 2403 | push ebx |
- | |
| 2404 | mov ebx, eax |
- | |
| 2405 | xor eax, eax |
- | |
| 2406 | rep stosd |
2273 | .extendMFT: |
| 2407 | mov eax, esi |
2274 | mov eax, [ebp+NTFS.mft_cluster] |
| 2408 | mul [ebp+NTFS.sectors_per_cluster] |
2275 | mul [ebp+NTFS.sectors_per_cluster] |
| 2409 | pop ecx |
2276 | cmp eax, [ebp+NTFS.ntfsLastRead] |
| 2410 | shr ecx, 9 |
2277 | jnz ntfsUnsupported ; auxiliary record |
| 2411 | call fs_write64_sys ; clear new records |
2278 | mov ecx, [ebp+NTFS.ntfs_attr_offs] |
| 2412 | stdcall kernel_free, ebx |
2279 | mov eax, [ecx+attributeRealSize] |
| 2413 | mov eax, esi |
2280 | mov edx, [ecx+attributeRealSize+4] |
| 2414 | shr eax, 3+9 |
2281 | xor ax, ax |
| 2415 | mov ebx, eax |
2282 | add eax, 10000h |
| 2416 | shl ebx, 9 |
2283 | adc edx, 0 |
| 2417 | add ebx, [ebp+NTFS.BitmapBuffer] |
2284 | push [ebp+NTFS.fileDataStart] |
| 2418 | add eax, [ebp+NTFS.BitmapLocation] |
2285 | push [ebp+NTFS.fileDataSize] |
| 2419 | mov ecx, 1 |
- | |
| 2420 | xor edx, edx |
- | |
| 2421 | call fs_write64_app ; partition bitmap |
- | |
| 2422 | test eax, eax |
2286 | call resizeAttribute |
| 2423 | jnz ntfsDevice |
2287 | jc ntfsErrorPop2 |
| 2424 | mov eax, [ebp+NTFS.frs_buffer] |
2288 | mov eax, [ebp+NTFS.frs_buffer] |
| 2425 | mov [ebp+NTFS.ntfs_cur_buf], eax |
2289 | mov [ebp+NTFS.ntfs_cur_buf], eax |
| 2426 | call writeRecord ; $MFT |
2290 | call writeRecord ; $MFT |
| 2427 | test eax, eax |
- | |
| 2428 | jnz ntfsDevice |
- | |
| 2429 | mov eax, [ebp+NTFS.mftmirr_cluster] |
2291 | mov eax, [ebp+NTFS.mftmirr_cluster] |
| 2430 | mul [ebp+NTFS.sectors_per_cluster] |
2292 | mul [ebp+NTFS.sectors_per_cluster] |
| 2431 | mov ebx, [ebp+NTFS.frs_buffer] |
2293 | mov ebx, [ebp+NTFS.frs_buffer] |
| 2432 | movzx ecx, word [ebx+updateSequenceSize] |
2294 | movzx ecx, word [ebx+updateSequenceSize] |
| 2433 | dec ecx |
2295 | dec ecx |
| 2434 | call fs_write64_sys ; $MFTMirr |
2296 | call fs_write64_sys ; $MFTMirr |
| 2435 | test eax, eax |
- | |
| 2436 | jnz ntfsDevice |
2297 | call ntfsSpaceClean |
| 2437 | mov eax, [ebp+NTFS.ntfs_cur_offs] |
2298 | pop [ebp+NTFS.fileDataSize] |
| 2438 | add [ebp+NTFS.ntfsLastRead], eax |
2299 | pop [ebp+NTFS.fileDataStart] |
| 2439 | .mftRecord: |
2300 | .mftRecord: |
| 2440 | mov esi, [ebp+NTFS.indexOffset] |
2301 | mov ecx, [ebp+NTFS.frs_size] |
| - | 2302 | shr ecx, 2 |
|
| 2441 | mov edi, [ebp+NTFS.frs_buffer] |
2303 | mov edi, [ebp+NTFS.frs_buffer] |
| 2442 | xor eax, eax |
2304 | xor eax, eax |
| 2443 | movzx ecx, word [esi+indexAllocatedSize] |
- | |
| 2444 | add ecx, 8+30h+48h+50h+8 |
- | |
| 2445 | push ecx |
- | |
| 2446 | shr ecx, 2 |
- | |
| 2447 | rep stosd |
2305 | rep stosd |
| 2448 | mov edi, [ebp+NTFS.frs_buffer] |
2306 | mov edi, [ebp+NTFS.frs_buffer] |
| 2449 | ; record header |
2307 | ; record header |
| - | 2308 | mov eax, [ebp+NTFS.frs_size] |
|
| - | 2309 | mov [edi+recordAllocatedSize], eax |
|
| - | 2310 | shr eax, 9 |
|
| - | 2311 | inc eax |
|
| - | 2312 | mov [edi+updateSequenceSize], al |
|
| 2450 | mov dword[edi], 'FILE' |
2313 | mov dword[edi], 'FILE' |
| 2451 | mov byte [edi+updateSequenceOffset], 2ah |
2314 | mov byte [edi+updateSequenceOffset], 2ah |
| 2452 | mov byte [edi+updateSequenceSize], 3 |
- | |
| 2453 | mov byte [edi+hardLinkCounter], 1 |
2315 | mov byte [edi+hardLinkCounter], 1 |
| 2454 | mov byte [edi+attributeOffset], 30h |
2316 | mov byte [edi+attributeOffset], 30h |
| 2455 | pop dword[edi+recordRealSize] |
- | |
| 2456 | mov word [edi+recordAllocatedSize], 1024 |
- | |
| 2457 | mov byte [edi+newAttributeID], 3 |
2317 | mov byte [edi+newAttributeID], 3 |
| 2458 | rdtsc |
2318 | rdtsc |
| 2459 | mov [edi+2ah], ax |
2319 | mov [edi+2ah], ax |
| 2460 | add edi, 30h |
2320 | add edi, 30h |
| 2461 | ; $StandardInformation |
2321 | ; $StandardInformation |
| Line 2463... | Line 2323... | ||
| 2463 | mov byte [edi+sizeWithHeader], 48h |
2323 | mov byte [edi+sizeWithHeader], 48h |
| 2464 | mov byte [edi+sizeWithoutHeader], 30h |
2324 | mov byte [edi+sizeWithoutHeader], 30h |
| 2465 | mov byte [edi+attributeOffset], 18h |
2325 | mov byte [edi+attributeOffset], 18h |
| 2466 | add edi, 48h |
2326 | add edi, 48h |
| 2467 | ; $FileName |
2327 | ; $FileName |
| - | 2328 | mov esi, [ebp+NTFS.indexOffset] |
|
| 2468 | mov byte [edi+attributeType], 30h |
2329 | mov byte [edi+attributeType], 30h |
| 2469 | mov byte [edi+attributeID], 1 |
2330 | mov byte [edi+attributeID], 1 |
| - | 2331 | mov byte [edi+attributeOffset], 18h |
|
| - | 2332 | mov byte [edi+indexedFlag], 1 |
|
| 2470 | mov cx, [esi+indexRawSize] |
2333 | mov cx, [esi+indexRawSize] |
| 2471 | mov [edi+sizeWithoutHeader], ecx |
2334 | mov [edi+sizeWithoutHeader], ecx |
| 2472 | mov cx, [esi+indexAllocatedSize] |
2335 | mov cx, [esi+indexAllocatedSize] |
| 2473 | add ecx, 8 |
2336 | add ecx, 8 |
| 2474 | mov [edi+sizeWithHeader], ecx |
2337 | mov [edi+sizeWithHeader], ecx |
| 2475 | mov byte [edi+attributeOffset], 18h |
- | |
| 2476 | mov byte [edi+indexedFlag], 1 |
- | |
| 2477 | add edi, 18h |
2338 | add edi, 18h |
| 2478 | add esi, 16 |
2339 | add esi, 16 |
| 2479 | sub ecx, 18h |
2340 | sub ecx, 18h |
| 2480 | shr ecx, 2 |
2341 | shr ecx, 2 |
| 2481 | rep movsd |
2342 | rep movsd |
| - | 2343 | mov byte [edi+sizeWithHeader], 50h |
|
| - | 2344 | mov byte [edi+attributeID], 2 |
|
| 2482 | cmp [ebp+NTFS.ntfsFolder], 0 |
2345 | cmp [ebp+NTFS.ntfsFolder], 1 |
| 2483 | jnz @f |
2346 | jz .indexRoot |
| 2484 | ; $Data |
2347 | ; $Data |
| 2485 | mov byte [edi+attributeType], 80h |
2348 | mov byte [edi+attributeType], 80h |
| 2486 | cmp [ebp+NTFS.fileRealSize], 0 |
2349 | mov eax, [ebp+NTFS.fileDataSize] |
| - | 2350 | test eax, eax |
|
| 2487 | jz .zeroSize |
2351 | jz .resident |
| 2488 | mov esi, [ebp+NTFS.indexOffset] |
2352 | mov esi, [ebp+NTFS.indexOffset] |
| - | 2353 | dec eax |
|
| - | 2354 | mov [edi+lastVCN], eax |
|
| 2489 | mov byte [edi+nonResidentFlag], 1 |
2355 | mov byte [edi+nonResidentFlag], 1 |
| 2490 | mov byte [edi+dataRunsOffset], 40h |
2356 | mov byte [edi+dataRunsOffset], 40h |
| 2491 | mov eax, [esi+fileAllocatedSize] |
2357 | mov eax, [esi+fileAllocatedSize] |
| 2492 | mov [edi+attributeAllocatedSize], eax |
2358 | mov [edi+attributeAllocatedSize], eax |
| 2493 | mov eax, [esi+fileRealSize] |
2359 | mov eax, [esi+fileRealSize] |
| 2494 | mov [edi+attributeRealSize], eax |
2360 | mov [edi+attributeRealSize], eax |
| 2495 | mov [edi+initialDataSize], eax |
2361 | mov [edi+initialDataSize], eax |
| 2496 | mov byte [edi+40h], 44h |
2362 | push edi |
| 2497 | mov eax, [ebp+NTFS.fileDataSize] |
- | |
| 2498 | mov [edi+41h], eax |
2363 | mov esi, edi |
| 2499 | dec eax |
2364 | add edi, 40h |
| 2500 | mov [edi+lastVCN], eax |
- | |
| 2501 | mov eax, [ebp+NTFS.fileDataStart] |
- | |
| 2502 | mov [edi+45h], eax |
2365 | call createMcbEntry |
| 2503 | mov al, 1 |
2366 | inc edi |
| 2504 | jmp .writeMftRecord |
2367 | jmp @f |
| Line 2505... | Line 2368... | ||
| 2505 | 2368 | ||
| - | 2369 | .resident: |
|
| - | 2370 | mov ecx, [ebp+NTFS.fileRealSize] |
|
| 2506 | .zeroSize: |
2371 | mov [edi+sizeWithoutHeader], ecx |
| - | 2372 | mov byte [edi+attributeOffset], 18h |
|
| - | 2373 | push edi |
|
| - | 2374 | mov esi, [ebp+NTFS.fileDataStart] |
|
| - | 2375 | add edi, 18h |
|
| - | 2376 | rep movsb |
|
| - | 2377 | @@: |
|
| - | 2378 | mov eax, edi |
|
| - | 2379 | pop edi |
|
| - | 2380 | sub eax, edi |
|
| - | 2381 | add eax, 7 |
|
| - | 2382 | and eax, not 7 |
|
| - | 2383 | mov [edi+sizeWithHeader], eax |
|
| 2507 | mov byte [edi+attributeOffset], 18h |
2384 | add edi, eax |
| 2508 | mov al, 1 |
2385 | mov al, 1 |
| Line 2509... | Line 2386... | ||
| 2509 | jmp .writeMftRecord |
2386 | jmp @f |
| 2510 | 2387 | ||
| 2511 | @@: ; $IndexRoot |
2388 | .indexRoot: |
| 2512 | mov byte [edi+attributeType], 90h |
2389 | mov byte [edi+attributeType], 90h |
| 2513 | mov byte [edi+nameLength], 4 |
2390 | mov byte [edi+nameLength], 4 |
| 2514 | mov byte [edi+nameOffset], 18h |
2391 | mov byte [edi+nameOffset], 18h |
| Line 2525... | Line 2402... | ||
| 2525 | mov byte [edi+30h+indexOffset], 16 |
2402 | mov byte [edi+30h+indexOffset], 16 |
| 2526 | mov byte [edi+30h+nodeRealSize], 32 |
2403 | mov byte [edi+30h+nodeRealSize], 32 |
| 2527 | mov byte [edi+30h+nodeAllocatedSize], 32 |
2404 | mov byte [edi+30h+nodeAllocatedSize], 32 |
| 2528 | mov byte [edi+40h+indexAllocatedSize], 16 |
2405 | mov byte [edi+40h+indexAllocatedSize], 16 |
| 2529 | mov byte [edi+40h+indexFlags], 2 |
2406 | mov byte [edi+40h+indexFlags], 2 |
| - | 2407 | add edi, 50h |
|
| 2530 | mov al, 3 |
2408 | mov al, 3 |
| 2531 | .writeMftRecord: |
2409 | @@: |
| 2532 | mov byte [edi+sizeWithHeader], 50h |
2410 | mov esi, [ebp+NTFS.frs_buffer] |
| 2533 | mov byte [edi+attributeID], 2 |
2411 | mov dword [edi], -1 |
| 2534 | mov dword[edi+50h], -1 ; $End |
2412 | mov dword [edi+4], 0 |
| - | 2413 | add edi, 8 |
|
| - | 2414 | sub edi, esi |
|
| 2535 | mov edi, [ebp+NTFS.frs_buffer] |
2415 | mov [ebp+NTFS.ntfs_cur_buf], esi |
| 2536 | mov [edi+recordFlags], al |
2416 | mov [esi+recordFlags], al |
| 2537 | mov [ebp+NTFS.ntfs_cur_buf], edi |
2417 | mov [esi+recordRealSize], edi |
| 2538 | call writeRecord |
2418 | call writeRecord |
| 2539 | test eax, eax |
2419 | test eax, eax |
| 2540 | jnz ntfsDevice |
2420 | jnz ntfsDevice |
| 2541 | mov esi, [ebp+PARTITION.Disk] |
- | |
| 2542 | call disk_sync |
- | |
| 2543 | ; write MFT bitmap |
2421 | ; write MFT bitmap |
| 2544 | mov eax, [ebp+NTFS.newMftRecord] |
2422 | mov eax, [ebp+NTFS.newMftRecord] |
| 2545 | shr eax, 3+9 |
2423 | shr eax, 3+9 |
| 2546 | mov ebx, eax |
2424 | mov ebx, eax |
| 2547 | shl ebx, 9 |
2425 | shl ebx, 9 |
| Line 2551... | Line 2429... | ||
| 2551 | xor edx, edx |
2429 | xor edx, edx |
| 2552 | call fs_write64_sys |
2430 | call fs_write64_sys |
| 2553 | test eax, eax |
2431 | test eax, eax |
| 2554 | jnz ntfsDevice |
2432 | jnz ntfsDevice |
| 2555 | ; 5. Write partition bitmap |
2433 | ; 5. Write partition bitmap |
| 2556 | cmp [ebp+NTFS.ntfsFolder], 0 |
2434 | cmp [ebp+NTFS.ntfsFolder], 1 |
| 2557 | jnz @f |
- | |
| 2558 | cmp [ebp+NTFS.fileRealSize], 0 |
- | |
| 2559 | jz @f |
2435 | jz @f |
| 2560 | mov ecx, [ebp+NTFS.fileDataStart] |
2436 | mov eax, [ebp+NTFS.fileDataStart] |
| - | 2437 | mov ecx, [ebp+NTFS.fileDataSize] |
|
| 2561 | mov eax, ecx |
2438 | test ecx, ecx |
| - | 2439 | jz @f |
|
| 2562 | add ecx, [ebp+NTFS.fileDataSize] |
2440 | add ecx, eax |
| 2563 | add ecx, 4095 |
2441 | add ecx, 4095 |
| 2564 | shr ecx, 3+9 |
2442 | shr ecx, 3+9 |
| 2565 | shr eax, 3+9 |
2443 | shr eax, 3+9 |
| 2566 | sub ecx, eax |
2444 | sub ecx, eax |
| 2567 | mov ebx, eax |
2445 | mov ebx, eax |
| Line 2571... | Line 2449... | ||
| 2571 | xor edx, edx |
2449 | xor edx, edx |
| 2572 | call fs_write64_app |
2450 | call fs_write64_app |
| 2573 | test eax, eax |
2451 | test eax, eax |
| 2574 | jnz ntfsDevice |
2452 | jnz ntfsDevice |
| 2575 | @@: |
2453 | @@: |
| 2576 | mov esi, [ebp+PARTITION.Disk] |
- | |
| 2577 | call disk_sync |
- | |
| 2578 | mov edi, [ebp+NTFS.indexOffset] |
2454 | mov edi, [ebp+NTFS.indexOffset] |
| 2579 | mov eax, [ebp+NTFS.newMftRecord] |
2455 | mov eax, [ebp+NTFS.newMftRecord] |
| 2580 | mov [edi+fileRecordReference], eax |
2456 | mov [edi+fileRecordReference], eax |
| 2581 | ; 6. Write directory node |
2457 | ; 6. Write directory node |
| 2582 | mov eax, [ebp+NTFS.nodeLastRead] |
2458 | mov eax, [ebp+NTFS.nodeLastRead] |
| 2583 | mov [ebp+NTFS.ntfsLastRead], eax |
2459 | mov [ebp+NTFS.ntfsLastRead], eax |
| 2584 | mov eax, [ebp+NTFS.cur_index_buf] |
2460 | mov eax, [ebp+NTFS.cur_index_buf] |
| 2585 | mov [ebp+NTFS.ntfs_cur_buf], eax |
2461 | mov [ebp+NTFS.ntfs_cur_buf], eax |
| 2586 | call writeRecord |
2462 | call writeRecord |
| 2587 | test eax, eax |
- | |
| 2588 | jnz ntfsDevice |
- | |
| 2589 | mov ebx, [ebp+NTFS.fileRealSize] |
2463 | mov ebx, [ebp+NTFS.fileRealSize] |
| 2590 | ntfsDone: |
2464 | ntfsDone: |
| 2591 | mov esi, [ebp+PARTITION.Disk] |
2465 | mov esi, [ebp+PARTITION.Disk] |
| 2592 | call disk_sync |
2466 | call disk_sync |
| 2593 | call ntfs_unlock |
2467 | call ntfs_unlock |
| 2594 | xor eax, eax |
2468 | xor eax, eax |
| 2595 | ret |
2469 | ret |
| Line 2596... | Line 2470... | ||
| 2596 | 2470 | ||
| - | 2471 | writeRecord: |
|
| 2597 | writeRecord: |
2472 | ; make updateSequence and write to disk |
| 2598 | ; in: |
2473 | ; in: |
| 2599 | ; [ebp+NTFS.ntfs_cur_buf] = record |
2474 | ; [ebp+NTFS.ntfs_cur_buf] -> record |
| 2600 | ; [ebp+NTFS.ntfsLastRead] = partition sector |
- | |
| 2601 | ; making updateSequence |
2475 | ; [ebp+NTFS.ntfsLastRead] = partition sector |
| 2602 | mov esi, [ebp+NTFS.ntfs_cur_buf] |
2476 | mov esi, [ebp+NTFS.ntfs_cur_buf] |
| 2603 | mov edi, esi |
2477 | mov edi, esi |
| 2604 | movzx ecx, word [esi+updateSequenceOffset] |
2478 | movzx ecx, word [esi+updateSequenceOffset] |
| 2605 | add edi, ecx |
2479 | add edi, ecx |
| 2606 | mov ax, [edi] |
2480 | mov ax, [edi] |
| - | 2481 | inc ax |
|
| 2607 | add edi, 2 |
2482 | stosw |
| 2608 | mov cx, [esi+updateSequenceSize] |
2483 | mov cx, [esi+updateSequenceSize] |
| 2609 | dec ecx |
2484 | dec ecx |
| 2610 | push ecx |
2485 | push ecx |
| 2611 | @@: |
2486 | @@: |
| 2612 | add esi, 510 |
2487 | add esi, 510 |
| 2613 | movsw |
2488 | movsw |
| 2614 | mov [esi-2], ax |
2489 | mov [esi-2], ax |
| 2615 | dec ecx |
2490 | dec ecx |
| 2616 | jnz @b |
- | |
| 2617 | ; writing to disk |
2491 | jnz @b |
| 2618 | mov eax, [ebp+NTFS.ntfsLastRead] |
2492 | mov eax, [ebp+NTFS.ntfsLastRead] |
| 2619 | mov ebx, [ebp+NTFS.ntfs_cur_buf] |
2493 | mov ebx, [ebp+NTFS.ntfs_cur_buf] |
| 2620 | pop ecx |
2494 | pop ecx |
| 2621 | xor edx, edx |
2495 | xor edx, edx |
| Line -... | Line 2496... | ||
| - | 2496 | jmp fs_write64_sys |
|
| - | 2497 | ||
| - | 2498 | createMcbEntry: |
|
| - | 2499 | ; in: |
|
| - | 2500 | ; [ebp+NTFS.fileDataStart] = position value |
|
| - | 2501 | ; [ebp+NTFS.fileDataSize] = size value |
|
| - | 2502 | ; edi -> destination |
|
| - | 2503 | ; esi -> attribute header |
|
| - | 2504 | mov eax, [ebp+NTFS.fileDataStart] |
|
| - | 2505 | xor edx, edx |
|
| - | 2506 | shl eax, 1 |
|
| - | 2507 | jnc @f |
|
| - | 2508 | not eax |
|
| - | 2509 | @@: |
|
| - | 2510 | inc edx |
|
| - | 2511 | shr eax, 8 |
|
| - | 2512 | jnz @b |
|
| - | 2513 | mov eax, [ebp+NTFS.fileDataSize] |
|
| - | 2514 | shl eax, 1 |
|
| - | 2515 | xor ecx, ecx |
|
| - | 2516 | @@: |
|
| - | 2517 | inc ecx |
|
| - | 2518 | shr eax, 8 |
|
| - | 2519 | jnz @b |
|
| - | 2520 | lea eax, [edi+edx+1] |
|
| - | 2521 | add eax, ecx |
|
| - | 2522 | sub eax, esi |
|
| - | 2523 | sub eax, [esi+sizeWithHeader] |
|
| - | 2524 | jc @f |
|
| - | 2525 | add word [esi+sizeWithHeader], 8 ; extend attribute |
|
| - | 2526 | mov esi, [ebp+NTFS.frs_buffer] |
|
| - | 2527 | mov eax, [esi+recordRealSize] |
|
| - | 2528 | add eax, 8 |
|
| - | 2529 | cmp [esi+recordAllocatedSize], eax |
|
| - | 2530 | jc .end ; no space in the record |
|
| - | 2531 | mov [esi+recordRealSize], eax |
|
| - | 2532 | push ecx edi |
|
| - | 2533 | add esi, eax |
|
| - | 2534 | mov ecx, esi |
|
| - | 2535 | sub ecx, edi |
|
| - | 2536 | sub ecx, 8 |
|
| - | 2537 | shr ecx, 2 |
|
| - | 2538 | mov edi, esi |
|
| - | 2539 | sub edi, 4 |
|
| - | 2540 | sub esi, 12 |
|
| - | 2541 | std |
|
| - | 2542 | rep movsd |
|
| - | 2543 | cld |
|
| - | 2544 | pop edi ecx |
|
| - | 2545 | @@: |
|
| - | 2546 | mov eax, edx |
|
| - | 2547 | shl eax, 4 |
|
| - | 2548 | add eax, ecx |
|
| - | 2549 | stosb |
|
| - | 2550 | lea esi, [ebp+NTFS.fileDataSize] |
|
| - | 2551 | rep movsb |
|
| - | 2552 | lea esi, [ebp+NTFS.fileDataStart] |
|
| - | 2553 | mov ecx, edx |
|
| - | 2554 | rep movsb |
|
| - | 2555 | mov [edi], cl |
|
| - | 2556 | .end: |
|
| - | 2557 | ret |
|
| - | 2558 | ||
| - | 2559 | resizeAttribute: |
|
| - | 2560 | ; in: |
|
| - | 2561 | ; [ebp+NTFS.frs_buffer] -> file record |
|
| - | 2562 | ; [ebp+NTFS.ntfs_attr_offs] -> attribute |
|
| - | 2563 | ; edx:eax = new size |
|
| - | 2564 | ; out: |
|
| - | 2565 | ; [ebp+NTFS.fileDataSize] = clusters added (positive) |
|
| - | 2566 | ; [ebp+NTFS.fileDataStart] = added block |
|
| - | 2567 | ; CF=1 -> eax = error code |
|
| - | 2568 | mov esi, [ebp+NTFS.ntfs_attr_offs] |
|
| - | 2569 | mov dword [ebp+NTFS.ntfs_attr_size], eax |
|
| - | 2570 | mov dword [ebp+NTFS.ntfs_attr_size+4], edx |
|
| - | 2571 | cmp byte [esi+nonResidentFlag], 0 |
|
| - | 2572 | jz .resident |
|
| - | 2573 | mov ecx, [ebp+NTFS.sectors_per_cluster] |
|
| - | 2574 | shl ecx, 9 |
|
| - | 2575 | mov [esi+attributeRealSize], eax |
|
| - | 2576 | mov [esi+attributeRealSize+4], edx |
|
| - | 2577 | mov [esi+initialDataSize], eax |
|
| - | 2578 | mov [esi+initialDataSize+4], edx |
|
| - | 2579 | sub eax, 1 |
|
| - | 2580 | sbb edx, 0 |
|
| - | 2581 | jc .makeResident |
|
| - | 2582 | div ecx |
|
| - | 2583 | mov edi, eax |
|
| - | 2584 | inc eax |
|
| - | 2585 | mul ecx |
|
| - | 2586 | mov [esi+attributeAllocatedSize], eax |
|
| - | 2587 | mov [esi+attributeAllocatedSize+4], edx |
|
| - | 2588 | mov ecx, [esi+lastVCN] |
|
| - | 2589 | mov [esi+lastVCN], edi |
|
| - | 2590 | movzx eax, byte [esi+dataRunsOffset] |
|
| - | 2591 | sub edi, ecx |
|
| - | 2592 | mov [ebp+NTFS.fileDataSize], edi |
|
| - | 2593 | jz .done |
|
| - | 2594 | jc .shrinkAttribute |
|
| - | 2595 | ; extend attribute |
|
| - | 2596 | xor edi, edi |
|
| - | 2597 | add esi, eax |
|
| - | 2598 | push edi edi edi edi |
|
| - | 2599 | @@: |
|
| - | 2600 | mov edx, eax |
|
| - | 2601 | mov eax, esi |
|
| - | 2602 | add edi, [esp+8] |
|
| - | 2603 | call ntfs_decode_mcb_entry |
|
| - | 2604 | jc @b |
|
| - | 2605 | mov [esp+4], edx |
|
| - | 2606 | mov [esp+12], edi |
|
| - | 2607 | add edi, [esp] |
|
| - | 2608 | push edi |
|
| - | 2609 | shr edi, 5 |
|
| - | 2610 | shl edi, 2 |
|
| - | 2611 | push eax |
|
| - | 2612 | cmp [ebp+NTFS.ntfs_cur_iRecord], 0 |
|
| - | 2613 | jz @f |
|
| - | 2614 | cmp edi, [ebp+NTFS.BitmapStart] |
|
| - | 2615 | jc .err1 |
|
| - | 2616 | @@: |
|
| - | 2617 | call ntfsSpaceAlloc |
|
| - | 2618 | jc .err1 |
|
| - | 2619 | pop edi |
|
| - | 2620 | pop edx |
|
| - | 2621 | cmp edx, eax |
|
| - | 2622 | jnz .newEntry |
|
| - | 2623 | pop edx |
|
| - | 2624 | pop edi |
|
| - | 2625 | pop [ebp+NTFS.fileDataStart] |
|
| - | 2626 | mov [esp], eax |
|
| - | 2627 | push [ebp+NTFS.fileDataSize] |
|
| - | 2628 | add [ebp+NTFS.fileDataSize], edx |
|
| - | 2629 | jmp @f |
|
| - | 2630 | ||
| - | 2631 | .newEntry: |
|
| - | 2632 | add esp, 12 |
|
| - | 2633 | pop edx |
|
| - | 2634 | push eax |
|
| - | 2635 | push [ebp+NTFS.fileDataSize] |
|
| - | 2636 | sub eax, edx |
|
| - | 2637 | mov [ebp+NTFS.fileDataStart], eax |
|
| - | 2638 | @@: |
|
| - | 2639 | mov esi, [ebp+NTFS.ntfs_attr_offs] |
|
| - | 2640 | call createMcbEntry |
|
| - | 2641 | pop ecx |
|
| - | 2642 | pop eax |
|
| - | 2643 | jc .err2 |
|
| - | 2644 | mov [ebp+NTFS.fileDataSize], ecx |
|
| - | 2645 | mov [ebp+NTFS.fileDataStart], eax |
|
| - | 2646 | .writeBitmap: |
|
| - | 2647 | add ecx, eax |
|
| - | 2648 | add ecx, 4095 |
|
| - | 2649 | shr ecx, 3+9 |
|
| - | 2650 | shr eax, 3+9 |
|
| - | 2651 | sub ecx, eax |
|
| - | 2652 | mov ebx, eax |
|
| - | 2653 | shl ebx, 9 |
|
| - | 2654 | add eax, [ebp+NTFS.BitmapLocation] |
|
| - | 2655 | add ebx, [ebp+NTFS.BitmapBuffer] |
|
| - | 2656 | xor edx, edx |
|
| - | 2657 | call fs_write64_app |
|
| - | 2658 | test eax, eax |
|
| - | 2659 | jnz @f |
|
| - | 2660 | .done: |
|
| - | 2661 | ret |
|
| - | 2662 | ||
| - | 2663 | .err4: |
|
| - | 2664 | pop eax |
|
| - | 2665 | @@: |
|
| - | 2666 | movi eax, ERROR_DEVICE |
|
| - | 2667 | stc |
|
| - | 2668 | ret |
|
| - | 2669 | ||
| - | 2670 | .err1: |
|
| - | 2671 | add esp, 24 |
|
| - | 2672 | stc |
|
| - | 2673 | .err10: |
|
| - | 2674 | movi eax, ERROR_DISK_FULL |
|
| - | 2675 | ret |
|
| - | 2676 | ||
| - | 2677 | .err2: |
|
| - | 2678 | movi eax, ERROR_UNSUPPORTED_FS |
|
| - | 2679 | ret |
|
| - | 2680 | ||
| - | 2681 | .shrinkAttribute: |
|
| - | 2682 | add ecx, edi |
|
| - | 2683 | inc ecx |
|
| - | 2684 | add esi, eax |
|
| - | 2685 | xor edi, edi |
|
| - | 2686 | sub esp, 20 |
|
| - | 2687 | @@: |
|
| - | 2688 | mov [esp+16], esi |
|
| - | 2689 | call ntfs_decode_mcb_entry |
|
| - | 2690 | jnc .err3 |
|
| - | 2691 | add edi, [esp+8] |
|
| - | 2692 | sub ecx, [esp] |
|
| - | 2693 | jnc @b |
|
| - | 2694 | mov ebx, ecx |
|
| - | 2695 | add ecx, [esp] |
|
| - | 2696 | mov eax, [esp+8] |
|
| - | 2697 | mov [ebp+NTFS.fileDataSize], ecx |
|
| - | 2698 | mov [ebp+NTFS.fileDataStart], eax |
|
| - | 2699 | push edi |
|
| - | 2700 | add edi, ecx |
|
| - | 2701 | neg ebx |
|
| - | 2702 | call ntfsSpaceFree |
|
| - | 2703 | pop edi |
|
| - | 2704 | jc .end |
|
| - | 2705 | @@: |
|
| - | 2706 | call ntfs_decode_mcb_entry |
|
| - | 2707 | jnc .end |
|
| - | 2708 | cmp dword[esp+8], 0 |
|
| - | 2709 | jz @b |
|
| - | 2710 | add edi, [esp+8] |
|
| - | 2711 | mov ebx, [esp] |
|
| - | 2712 | call ntfsSpaceFree |
|
| - | 2713 | jnc @b |
|
| - | 2714 | .end: |
|
| - | 2715 | add esp, 16 |
|
| - | 2716 | pop edi |
|
| - | 2717 | cmp [ebp+NTFS.fileDataSize], 0 |
|
| - | 2718 | jz @f |
|
| - | 2719 | mov esi, [ebp+NTFS.ntfs_attr_offs] |
|
| - | 2720 | call createMcbEntry |
|
| - | 2721 | mov [ebp+NTFS.fileDataSize], 0 |
|
| - | 2722 | @@: |
|
| - | 2723 | ret |
|
| - | 2724 | ||
| - | 2725 | .err3: |
|
| - | 2726 | movi eax, ERROR_FS_FAIL |
|
| - | 2727 | add esp, 20 |
|
| - | 2728 | stc |
|
| - | 2729 | ret |
|
| - | 2730 | ||
| - | 2731 | .resident: |
|
| - | 2732 | test edx, edx |
|
| - | 2733 | jnz .nonResident |
|
| - | 2734 | cmp eax, 8000h |
|
| - | 2735 | jnc .nonResident |
|
| - | 2736 | add ax, [esi+attributeOffset] |
|
| - | 2737 | sub eax, [esi+sizeWithHeader] |
|
| - | 2738 | jc @f |
|
| - | 2739 | mov edi, [ebp+NTFS.frs_buffer] |
|
| - | 2740 | mov ecx, eax |
|
| - | 2741 | add ecx, [edi+recordRealSize] |
|
| - | 2742 | cmp [edi+recordAllocatedSize], ecx |
|
| - | 2743 | jc .nonResident |
|
| - | 2744 | add eax, 7 |
|
| - | 2745 | and eax, not 7 |
|
| - | 2746 | add [edi+recordRealSize], eax |
|
| - | 2747 | add edi, [edi+recordRealSize] |
|
| - | 2748 | add [esi+sizeWithHeader], eax |
|
| - | 2749 | add esi, [esi+sizeWithHeader] |
|
| - | 2750 | mov ecx, edi |
|
| - | 2751 | sub ecx, esi |
|
| - | 2752 | shr ecx, 2 |
|
| - | 2753 | sub edi, 4 |
|
| - | 2754 | mov esi, edi |
|
| - | 2755 | sub esi, eax |
|
| - | 2756 | std |
|
| - | 2757 | rep movsd |
|
| - | 2758 | mov ecx, eax |
|
| - | 2759 | shr ecx, 2 |
|
| - | 2760 | xor eax, eax |
|
| - | 2761 | rep stosd |
|
| - | 2762 | cld |
|
| - | 2763 | mov esi, [ebp+NTFS.ntfs_attr_offs] |
|
| - | 2764 | @@: |
|
| - | 2765 | mov eax, dword [ebp+NTFS.ntfs_attr_size] |
|
| - | 2766 | mov [esi+sizeWithoutHeader], eax |
|
| - | 2767 | mov [ebp+NTFS.fileDataSize], 0 |
|
| - | 2768 | clc |
|
| - | 2769 | ret |
|
| - | 2770 | ||
| - | 2771 | .nonResident: ; convert resident to non-resident |
|
| - | 2772 | mov eax, dword [ebp+NTFS.ntfs_attr_size] |
|
| - | 2773 | sub eax, 1 |
|
| - | 2774 | sbb edx, 0 |
|
| - | 2775 | mov ecx, [ebp+NTFS.sectors_per_cluster] |
|
| - | 2776 | shl ecx, 9 |
|
| - | 2777 | div ecx |
|
| - | 2778 | inc eax |
|
| - | 2779 | mov [ebp+NTFS.fileDataSize], eax |
|
| - | 2780 | mov edi, [ebp+NTFS.BitmapStart] |
|
| - | 2781 | push ecx |
|
| - | 2782 | call ntfsSpaceAlloc |
|
| - | 2783 | pop ecx |
|
| - | 2784 | jc .err10 |
|
| - | 2785 | mov [ebp+NTFS.fileDataStart], eax |
|
| - | 2786 | mov esi, [ebp+NTFS.ntfs_attr_offs] |
|
| - | 2787 | xor eax, eax |
|
| - | 2788 | xor edx, edx |
|
| - | 2789 | @@: |
|
| - | 2790 | add eax, ecx |
|
| - | 2791 | inc edx |
|
| - | 2792 | cmp eax, [esi+sizeWithoutHeader] |
|
| - | 2793 | jc @b |
|
| - | 2794 | push edx |
|
| - | 2795 | push eax |
|
| - | 2796 | stdcall kernel_alloc, eax |
|
| - | 2797 | mov ecx, [esp] |
|
| - | 2798 | shr ecx, 2 |
|
| - | 2799 | mov edi, eax |
|
| - | 2800 | mov ebx, eax |
|
| - | 2801 | xor eax, eax |
|
| - | 2802 | rep stosd |
|
| - | 2803 | mov al, [esi+attributeOffset] |
|
| - | 2804 | mov ecx, [esi+sizeWithoutHeader] |
|
| - | 2805 | add esi, eax |
|
| - | 2806 | mov edi, ebx |
|
| - | 2807 | rep movsb |
|
| - | 2808 | mov eax, [ebp+NTFS.fileDataStart] |
|
| - | 2809 | mul [ebp+NTFS.sectors_per_cluster] |
|
| - | 2810 | pop ecx |
|
| - | 2811 | shr ecx, 9 |
|
| - | 2812 | call fs_write64_app |
|
| - | 2813 | push ebx |
|
| - | 2814 | mov ebx, eax |
|
| - | 2815 | call kernel_free |
|
| - | 2816 | test ebx, ebx |
|
| - | 2817 | jnz .err4 |
|
| - | 2818 | mov esi, [ebp+NTFS.ntfs_attr_offs] |
|
| - | 2819 | add esi, [esi+sizeWithHeader] |
|
| - | 2820 | mov ecx, [ebp+NTFS.frs_buffer] |
|
| - | 2821 | add ecx, [ecx+recordRealSize] |
|
| - | 2822 | sub ecx, esi |
|
| - | 2823 | shr ecx, 2 |
|
| - | 2824 | lea edi, [ebp+NTFS.ntfs_bitmap_buf] |
|
| - | 2825 | push ecx |
|
| - | 2826 | rep movsd |
|
| - | 2827 | mov edi, [ebp+NTFS.ntfs_attr_offs] |
|
| - | 2828 | add edi, 16 |
|
| - | 2829 | mov cl, 6 |
|
| - | 2830 | xor eax, eax |
|
| - | 2831 | rep stosd |
|
| - | 2832 | mov edi, [ebp+NTFS.ntfs_attr_offs] |
|
| - | 2833 | mov eax, [ebp+NTFS.fileDataSize] |
|
| - | 2834 | dec eax |
|
| - | 2835 | mov [edi+lastVCN], eax |
|
| - | 2836 | inc eax |
|
| - | 2837 | mov ecx, [ebp+NTFS.sectors_per_cluster] |
|
| - | 2838 | shl ecx, 9 |
|
| - | 2839 | mul ecx |
|
| - | 2840 | mov byte [edi+sizeWithHeader], 50h |
|
| - | 2841 | mov byte [edi+nonResidentFlag], 1 |
|
| - | 2842 | mov byte [edi+dataRunsOffset], 40h |
|
| - | 2843 | mov [edi+attributeAllocatedSize], eax |
|
| - | 2844 | mov [edi+attributeAllocatedSize+4], edx |
|
| - | 2845 | mov eax, dword [ebp+NTFS.ntfs_attr_size] |
|
| - | 2846 | mov edx, dword [ebp+NTFS.ntfs_attr_size+4] |
|
| - | 2847 | mov [edi+attributeRealSize], eax |
|
| - | 2848 | mov [edi+attributeRealSize+4], edx |
|
| - | 2849 | mov [edi+initialDataSize], eax |
|
| - | 2850 | mov [edi+initialDataSize+4], edx |
|
| - | 2851 | mov esi, edi |
|
| - | 2852 | add edi, 40h |
|
| - | 2853 | call createMcbEntry |
|
| - | 2854 | mov eax, edi |
|
| - | 2855 | mov edi, [ebp+NTFS.ntfs_attr_offs] |
|
| - | 2856 | sub eax, edi |
|
| - | 2857 | add eax, 8 |
|
| - | 2858 | and eax, not 7 |
|
| - | 2859 | mov [edi+sizeWithHeader], eax |
|
| - | 2860 | pop ecx |
|
| - | 2861 | lea esi, [ebp+NTFS.ntfs_bitmap_buf] |
|
| - | 2862 | add edi, eax |
|
| - | 2863 | rep movsd |
|
| - | 2864 | mov esi, [ebp+NTFS.frs_buffer] |
|
| - | 2865 | sub edi, esi |
|
| - | 2866 | mov [esi+recordRealSize], edi |
|
| - | 2867 | pop edx |
|
| - | 2868 | mov ecx, [ebp+NTFS.fileDataSize] |
|
| - | 2869 | sub [ebp+NTFS.fileDataSize], edx |
|
| - | 2870 | mov eax, [ebp+NTFS.fileDataStart] |
|
| - | 2871 | add [ebp+NTFS.fileDataStart], edx |
|
| - | 2872 | jmp .writeBitmap |
|
| - | 2873 | ||
| - | 2874 | .makeResident: ; convert non-resident to empty resident |
|
| - | 2875 | movzx eax, byte [esi+dataRunsOffset] |
|
| - | 2876 | mov byte [esi+nonResidentFlag], 0 |
|
| - | 2877 | mov dword [esi+sizeWithoutHeader], 0 |
|
| - | 2878 | mov dword [esi+attributeOffset], 18h |
|
| - | 2879 | add esi, eax |
|
| - | 2880 | xor edi, edi |
|
| - | 2881 | sub esp, 16 |
|
| - | 2882 | @@: |
|
| - | 2883 | call ntfs_decode_mcb_entry |
|
| - | 2884 | jnc @f |
|
| - | 2885 | cmp dword[esp+8], 0 |
|
| - | 2886 | jz @b |
|
| - | 2887 | add edi, [esp+8] |
|
| - | 2888 | mov ebx, [esp] |
|
| - | 2889 | call ntfsSpaceFree |
|
| - | 2890 | jnc @b |
|
| - | 2891 | @@: |
|
| - | 2892 | add esp, 16 |
|
| - | 2893 | mov [ebp+NTFS.fileDataSize], 0 |
|
| - | 2894 | ret |
|
| - | 2895 | ||
| - | 2896 | ntfsSpaceClean: |
|
| - | 2897 | ; clean up to 16 Mb of disk space |
|
| - | 2898 | ; in: |
|
| - | 2899 | ; [ebp+NTFS.fileDataStart] = block to clean |
|
| - | 2900 | ; [ebp+NTFS.fileDataSize] = block size |
|
| - | 2901 | mov eax, [ebp+NTFS.fileDataSize] |
|
| - | 2902 | test eax, eax |
|
| - | 2903 | jz @f |
|
| - | 2904 | mul [ebp+NTFS.sectors_per_cluster] |
|
| - | 2905 | cmp eax, 8001h |
|
| - | 2906 | jnc @f |
|
| - | 2907 | push eax |
|
| - | 2908 | shl eax, 9 |
|
| - | 2909 | stdcall kernel_alloc, eax |
|
| - | 2910 | pop ecx |
|
| - | 2911 | test eax, eax |
|
| - | 2912 | jz @f |
|
| - | 2913 | push ecx |
|
| - | 2914 | shl ecx, 7 |
|
| - | 2915 | mov edi, eax |
|
| - | 2916 | mov ebx, eax |
|
| - | 2917 | xor eax, eax |
|
| - | 2918 | rep stosd |
|
| - | 2919 | mov eax, [ebp+NTFS.fileDataStart] |
|
| - | 2920 | mul [ebp+NTFS.sectors_per_cluster] |
|
| - | 2921 | mov [ebp+NTFS.ntfsLastRead], eax |
|
| - | 2922 | pop ecx |
|
| - | 2923 | call fs_write64_app |
|
| - | 2924 | stdcall kernel_free, ebx |
|
| - | 2925 | @@: |
|
| - | 2926 | ret |
|
| - | 2927 | ||
| - | 2928 | ntfsSpaceAlloc: |
|
| - | 2929 | ; find and mark block of free space in bitmap buffer |
|
| - | 2930 | ; in: |
|
| - | 2931 | ; edi = offset in bitmap to start search from |
|
| - | 2932 | ; [ebp+NTFS.fileDataSize] = block size in clusters |
|
| - | 2933 | ; out: |
|
| - | 2934 | ; eax = allocated block starting cluster |
|
| - | 2935 | ; CF=1 -> disk full |
|
| - | 2936 | mov ecx, [ebp+NTFS.BitmapBuffer] |
|
| - | 2937 | add edi, ecx |
|
| - | 2938 | add ecx, [ebp+NTFS.BitmapSize] |
|
| - | 2939 | sub ecx, edi |
|
| - | 2940 | jnc @f |
|
| - | 2941 | call bitmapBuffering |
|
| - | 2942 | shl ecx, 2 |
|
| - | 2943 | @@: |
|
| - | 2944 | shr ecx, 2 |
|
| - | 2945 | mov eax, [ebp+NTFS.fileDataSize] |
|
| - | 2946 | shr eax, 5 |
|
| - | 2947 | jz .small |
|
| - | 2948 | push eax ; bitmap dwords |
|
| - | 2949 | .start: |
|
| - | 2950 | mov ecx, [ebp+NTFS.BitmapBuffer] |
|
| - | 2951 | add ecx, [ebp+NTFS.BitmapSize] |
|
| - | 2952 | sub ecx, edi |
|
| - | 2953 | shr ecx, 2 |
|
| - | 2954 | @@: |
|
| - | 2955 | xor eax, eax |
|
| - | 2956 | repnz scasd ; search for empty dword |
|
| - | 2957 | jz @f |
|
| - | 2958 | call bitmapBuffering |
|
| - | 2959 | jmp @b |
|
| - | 2960 | @@: |
|
| - | 2961 | cmp ecx, [esp] |
|
| - | 2962 | jnc @f |
|
| - | 2963 | call bitmapBuffering |
|
| - | 2964 | jmp @b |
|
| - | 2965 | @@: |
|
| - | 2966 | sub edi, 4 |
|
| - | 2967 | mov ecx, [esp] |
|
| - | 2968 | mov esi, edi |
|
| - | 2969 | xor eax, eax |
|
| - | 2970 | repz scasd ; check following dwords |
|
| - | 2971 | jnz .start |
|
| - | 2972 | sub esi, 4 |
|
| - | 2973 | mov eax, [esi] |
|
| - | 2974 | xor edx, edx |
|
| - | 2975 | bsr edx, eax |
|
| - | 2976 | inc edx |
|
| - | 2977 | push edx ; starting bit |
|
| - | 2978 | push esi ; starting dword |
|
| - | 2979 | add esi, 4 |
|
| - | 2980 | neg edx |
|
| - | 2981 | add edx, 32 |
|
| - | 2982 | mov eax, [ebp+NTFS.fileDataSize] |
|
| - | 2983 | sub eax, edx |
|
| - | 2984 | mov edx, eax |
|
| - | 2985 | shr eax, 5 |
|
| - | 2986 | shl eax, 2 |
|
| - | 2987 | add esi, eax |
|
| - | 2988 | mov eax, [esi] |
|
| - | 2989 | bsf ecx, eax ; check last dword |
|
| - | 2990 | jz .done |
|
| - | 2991 | and edx, 31 |
|
| - | 2992 | cmp ecx, edx |
|
| - | 2993 | jnc .done |
|
| - | 2994 | add esp, 8 |
|
| - | 2995 | jmp .start |
|
| - | 2996 | ||
| - | 2997 | .small: ; less than 32 clusters |
|
| - | 2998 | mov eax, -1 |
|
| - | 2999 | repz scasd ; search for zero bits |
|
| - | 3000 | push ecx |
|
| - | 3001 | test ecx, ecx |
|
| - | 3002 | jnz @f |
|
| - | 3003 | call bitmapBuffering |
|
| - | 3004 | pop eax |
|
| - | 3005 | jmp .small |
|
| - | 3006 | @@: |
|
| - | 3007 | sub edi, 4 |
|
| - | 3008 | mov eax, [edi] |
|
| - | 3009 | not eax |
|
| - | 3010 | @@: |
|
| - | 3011 | bsf ecx, eax ; first 0 |
|
| - | 3012 | jz .again |
|
| - | 3013 | not eax |
|
| - | 3014 | shr eax, cl |
|
| - | 3015 | shl eax, cl |
|
| - | 3016 | bsf edx, eax ; next 1 |
|
| - | 3017 | jz @f |
|
| - | 3018 | sub edx, ecx |
|
| - | 3019 | cmp edx, [ebp+NTFS.fileDataSize] |
|
| - | 3020 | jnc .got ; fits inside |
|
| - | 3021 | bsf ecx, eax |
|
| - | 3022 | not eax |
|
| - | 3023 | shr eax, cl |
|
| - | 3024 | shl eax, cl |
|
| - | 3025 | jmp @b |
|
| - | 3026 | @@: ; next dword |
|
| - | 3027 | mov eax, [edi+4] |
|
| - | 3028 | bsf edx, eax |
|
| - | 3029 | jz .got ; empty |
|
| - | 3030 | add edx, 32 |
|
| - | 3031 | sub edx, ecx |
|
| - | 3032 | cmp edx, [ebp+NTFS.fileDataSize] |
|
| - | 3033 | jnc .got ; share between dwords |
|
| - | 3034 | .again: |
|
| - | 3035 | add edi, 4 |
|
| - | 3036 | pop ecx |
|
| - | 3037 | jmp .small |
|
| - | 3038 | ||
| - | 3039 | .got: |
|
| - | 3040 | push ecx ; starting bit |
|
| - | 3041 | push edi ; starting dword |
|
| - | 3042 | .done: ; mark space |
|
| - | 3043 | mov ecx, [esp+4] |
|
| - | 3044 | cmp ecx, 32 |
|
| - | 3045 | jc @f |
|
| - | 3046 | xor ecx, ecx |
|
| - | 3047 | add dword [esp], 4 |
|
| - | 3048 | mov [esp+4], ecx |
|
| - | 3049 | @@: |
|
| - | 3050 | mov edi, [esp] |
|
| - | 3051 | xor eax, eax |
|
| - | 3052 | dec eax |
|
| - | 3053 | shr eax, cl |
|
| - | 3054 | shl eax, cl |
|
| - | 3055 | neg ecx |
|
| - | 3056 | add ecx, 32 |
|
| - | 3057 | sub ecx, [ebp+NTFS.fileDataSize] |
|
| - | 3058 | jc @f |
|
| - | 3059 | shl eax, cl ; fits inside dword |
|
| - | 3060 | shr eax, cl |
|
| - | 3061 | or [edi], eax |
|
| - | 3062 | jmp .end |
|
| - | 3063 | ||
| - | 3064 | @@: |
|
| - | 3065 | or [edi], eax |
|
| - | 3066 | neg ecx |
|
| - | 3067 | push ecx |
|
| - | 3068 | shr ecx, 5 |
|
| - | 3069 | add edi, 4 |
|
| - | 3070 | xor eax, eax |
|
| - | 3071 | dec eax |
|
| - | 3072 | rep stosd |
|
| - | 3073 | pop ecx |
|
| - | 3074 | and ecx, 31 |
|
| - | 3075 | shr eax, cl |
|
| - | 3076 | shl eax, cl |
|
| - | 3077 | not eax |
|
| - | 3078 | or [edi], eax |
|
| - | 3079 | .end: |
|
| - | 3080 | pop eax |
|
| - | 3081 | sub eax, [ebp+NTFS.BitmapBuffer] |
|
| - | 3082 | shl eax, 3 |
|
| - | 3083 | pop edx |
|
| - | 3084 | add eax, edx |
|
| - | 3085 | pop edx |
|
| - | 3086 | ret |
|
| - | 3087 | ||
| - | 3088 | ntfsSpaceFree: |
|
| - | 3089 | ; free disk space |
|
| - | 3090 | ; in: |
|
| - | 3091 | ; edi = starting cluster |
|
| - | 3092 | ; ebx = size in clusters |
|
| - | 3093 | mov eax, edi |
|
| - | 3094 | add eax, ebx |
|
| - | 3095 | shr eax, 3 |
|
| - | 3096 | inc eax |
|
| - | 3097 | cmp eax, [ebp+NTFS.BitmapSize] |
|
| - | 3098 | jc @f |
|
| - | 3099 | add eax, [ebp+NTFS.BitmapBuffer] |
|
| - | 3100 | push edi |
|
| - | 3101 | mov edi, eax |
|
| - | 3102 | call bitmapBuffering |
|
| - | 3103 | pop edi |
|
| - | 3104 | @@: |
|
| - | 3105 | push edi |
|
| - | 3106 | mov ecx, edi |
|
| - | 3107 | shr edi, 5 |
|
| - | 3108 | shl edi, 2 |
|
| - | 3109 | add edi, [ebp+NTFS.BitmapBuffer] |
|
| - | 3110 | and ecx, 31 |
|
| - | 3111 | xor eax, eax |
|
| - | 3112 | dec eax |
|
| - | 3113 | shr eax, cl |
|
| - | 3114 | shl eax, cl |
|
| - | 3115 | neg ecx |
|
| - | 3116 | add ecx, 32 |
|
| - | 3117 | sub ecx, ebx |
|
| - | 3118 | jc @f |
|
| - | 3119 | shl eax, cl ; fits inside dword |
|
| - | 3120 | shr eax, cl |
|
| - | 3121 | not eax |
|
| - | 3122 | and [edi], eax |
|
| - | 3123 | jmp .writeBitmap |
|
| - | 3124 | ||
| - | 3125 | @@: |
|
| - | 3126 | not eax |
|
| - | 3127 | and [edi], eax |
|
| - | 3128 | neg ecx |
|
| - | 3129 | push ecx |
|
| - | 3130 | shr ecx, 5 |
|
| - | 3131 | add edi, 4 |
|
| - | 3132 | xor eax, eax |
|
| - | 3133 | rep stosd |
|
| - | 3134 | pop ecx |
|
| - | 3135 | and ecx, 31 |
|
| - | 3136 | dec eax |
|
| - | 3137 | shr eax, cl |
|
| - | 3138 | shl eax, cl |
|
| - | 3139 | and [edi], eax |
|
| - | 3140 | .writeBitmap: |
|
| - | 3141 | pop eax |
|
| - | 3142 | mov edi, eax |
|
| - | 3143 | lea ecx, [eax+ebx+4095] |
|
| - | 3144 | shr eax, 3+9 |
|
| - | 3145 | shr ecx, 3+9 |
|
| - | 3146 | sub ecx, eax |
|
| - | 3147 | mov ebx, eax |
|
| - | 3148 | shl ebx, 9 |
|
| - | 3149 | add eax, [ebp+NTFS.BitmapLocation] |
|
| - | 3150 | add ebx, [ebp+NTFS.BitmapBuffer] |
|
| - | 3151 | xor edx, edx |
|
| 2622 | jmp fs_write64_sys |
3152 | jmp fs_write64_app |
| 2623 | 3153 | ||
| 2624 | bitmapBuffering: |
3154 | bitmapBuffering: |
| 2625 | ; Extend BitmapBuffer and read next 32kb of bitmap |
3155 | ; Extend BitmapBuffer and read next 32kb of bitmap |
| 2626 | ; Warning: $Bitmap fragmentation is not foreseen |
3156 | ; Warning: $Bitmap fragmentation is not foreseen |
| 2627 | ; if edi -> position in bitmap buffer, |
3157 | ; in: edi -> position in bitmap buffer |
| 2628 | ; then ecx = number of buffered dwords left |
3158 | ; out: ecx = number of buffered dwords left |
| 2629 | push ebx |
3159 | push ebx |
| 2630 | mov eax, [ebp+NTFS.BitmapTotalSize] |
3160 | mov eax, [ebp+NTFS.BitmapTotalSize] |
| 2631 | cmp eax, [ebp+NTFS.BitmapSize] |
3161 | cmp eax, [ebp+NTFS.BitmapSize] |
| Line 2652... | Line 3182... | ||
| 2652 | mov eax, [ebp+NTFS.BitmapTotalSize] |
3182 | mov eax, [ebp+NTFS.BitmapTotalSize] |
| 2653 | cmp eax, [ebp+NTFS.BitmapSize] |
3183 | cmp eax, [ebp+NTFS.BitmapSize] |
| 2654 | jnc @f |
3184 | jnc @f |
| 2655 | mov [ebp+NTFS.BitmapSize], eax |
3185 | mov [ebp+NTFS.BitmapSize], eax |
| 2656 | @@: |
3186 | @@: |
| - | 3187 | pop ebx |
|
| 2657 | mov ecx, [ebp+NTFS.BitmapSize] |
3188 | mov ecx, [ebp+NTFS.BitmapBuffer] |
| 2658 | add ecx, [ebp+NTFS.BitmapBuffer] |
3189 | add ecx, [ebp+NTFS.BitmapSize] |
| 2659 | sub ecx, edi |
3190 | sub ecx, edi |
| - | 3191 | jc bitmapBuffering |
|
| 2660 | shr ecx, 2 |
3192 | shr ecx, 2 |
| 2661 | pop ebx |
- | |
| 2662 | ret |
3193 | ret |
| Line 2663... | Line 3194... | ||
| 2663 | 3194 | ||
| 2664 | .err: |
3195 | .err: |
| 2665 | mov eax, [ebp+NTFS.BitmapBuffer] |
3196 | mov eax, [ebp+NTFS.BitmapBuffer] |
| 2666 | add eax, [ebp+NTFS.BitmapSize] |
3197 | add eax, [ebp+NTFS.BitmapSize] |
| 2667 | mov ecx, 8 |
3198 | mov ecx, 8 |
| 2668 | call release_pages |
3199 | call release_pages |
| 2669 | .end: |
3200 | .end: |
| 2670 | add esp, 12 ; double ret |
3201 | pop ebx |
| 2671 | push ERROR_DISK_FULL |
3202 | pop eax ; ret |
| - | 3203 | pop eax |
|
| - | 3204 | stc |
|
| Line 2672... | Line 3205... | ||
| 2672 | jmp ntfsOut |
3205 | ret |
| 2673 | 3206 | ||
| 2674 | ;---------------------------------------------------------------- |
3207 | ;---------------------------------------------------------------- |
| 2675 | ntfs_WriteFile: |
3208 | ntfs_WriteFile: |
| Line 2682... | Line 3215... | ||
| 2682 | call ntfs_lock |
3215 | call ntfs_lock |
| 2683 | stdcall ntfs_find_lfn, [esp+4] |
3216 | stdcall ntfs_find_lfn, [esp+4] |
| 2684 | jc ntfsNotFound |
3217 | jc ntfsNotFound |
| 2685 | cmp [ebp+NTFS.ntfs_cur_iRecord], 16 |
3218 | cmp [ebp+NTFS.ntfs_cur_iRecord], 16 |
| 2686 | jc ntfsDenied |
3219 | jc ntfsDenied |
| - | 3220 | bt dword [eax+fileFlags], 28 |
|
| - | 3221 | jc ntfsDenied |
|
| - | 3222 | cmp [ebp+NTFS.ntfsFragmentCount], 1 |
|
| - | 3223 | jnz ntfsUnsupported ; record fragmented |
|
| - | 3224 | ; edit directory node |
|
| - | 3225 | mov edi, [ebp+NTFS.cur_index_buf] |
|
| - | 3226 | cmp dword [edi], 'INDX' |
|
| - | 3227 | jz @f |
|
| - | 3228 | mov esi, [ebp+NTFS.frs_buffer] |
|
| - | 3229 | mov ecx, [esi+recordRealSize] |
|
| - | 3230 | shr ecx, 2 |
|
| - | 3231 | rep movsd |
|
| - | 3232 | mov esi, [ebp+NTFS.ntfs_attr_offs] |
|
| - | 3233 | mov cl, [esi+attributeOffset] |
|
| - | 3234 | sub esi, [ebp+NTFS.frs_buffer] |
|
| - | 3235 | add eax, ecx |
|
| - | 3236 | add eax, esi |
|
| - | 3237 | @@: |
|
| - | 3238 | mov ecx, [ebx+4] |
|
| - | 3239 | mov edx, [ebx+8] |
|
| - | 3240 | add ecx, [ebx+12] |
|
| - | 3241 | adc edx, 0 |
|
| - | 3242 | mov [eax+fileRealSize], ecx |
|
| - | 3243 | mov [eax+fileRealSize+4], edx |
|
| - | 3244 | mov eax, [ebp+NTFS.ntfsLastRead] |
|
| - | 3245 | mov [ebp+NTFS.nodeLastRead], eax |
|
| 2687 | mov [ebp+NTFS.ntfs_cur_attr], 0x80 |
3246 | mov [ebp+NTFS.ntfs_cur_attr], 0x80 |
| 2688 | mov [ebp+NTFS.ntfs_cur_offs], 0 |
3247 | mov [ebp+NTFS.ntfs_cur_offs], 0 |
| 2689 | mov [ebp+NTFS.ntfs_cur_size], 0 |
3248 | mov [ebp+NTFS.ntfs_cur_size], 0 |
| 2690 | call ntfs_read_attr |
3249 | call ntfs_read_attr |
| 2691 | jc ntfsDenied |
3250 | jc ntfsFail |
| - | 3251 | mov eax, ecx |
|
| 2692 | mov eax, [ebp+NTFS.frs_buffer] |
3252 | mov ecx, [ebp+NTFS.frs_buffer] |
| 2693 | cmp word [eax+baseRecordReuse], 0 |
3253 | cmp word [ecx+baseRecordReuse], 0 |
| 2694 | jnz ntfsUnsupported ; auxiliary record |
3254 | jnz ntfsUnsupported ; auxiliary record |
| 2695 | cmp byte [eax+hardLinkCounter], 1 |
- | |
| 2696 | jnz ntfsUnsupported ; file copying required |
- | |
| 2697 | mov ecx, [ebp+NTFS.ntfs_attr_offs] |
3255 | mov ecx, [ebp+NTFS.ntfs_attr_offs] |
| 2698 | cmp byte [ecx+nonResidentFlag], 1 |
- | |
| 2699 | jnz ntfsUnsupported ; resident $DATA |
- | |
| 2700 | cmp word [ecx+attributeFlags], 0 |
3256 | cmp word [ecx+attributeFlags], 0 |
| 2701 | jnz ntfsUnsupported |
3257 | jnz ntfsUnsupported |
| 2702 | mov eax, [ebx+4] |
3258 | push ebx |
| 2703 | mov edx, [ebx+8] |
3259 | cmp byte [ecx+nonResidentFlag], 0 |
| 2704 | add eax, [ebx+12] |
3260 | jz .resizeAttribute |
| 2705 | adc edx, 0 |
- | |
| 2706 | cmp edx, [ecx+attributeRealSize+4] |
3261 | cmp edx, [ecx+attributeRealSize+4] |
| 2707 | jc .write |
3262 | jc .writeNode |
| 2708 | jnz ntfsUnsupported ; end of file |
3263 | jnz .resizeAttribute |
| 2709 | cmp [ecx+attributeRealSize], eax |
3264 | cmp [ecx+attributeRealSize], eax |
| - | 3265 | jnc .writeNode |
|
| - | 3266 | .resizeAttribute: |
|
| - | 3267 | call resizeAttribute |
|
| 2710 | jc ntfsUnsupported |
3268 | jc ntfsErrorPop |
| - | 3269 | mov ecx, [ebp+NTFS.ntfs_attr_offs] |
|
| - | 3270 | cmp byte [ecx+nonResidentFlag], 1 |
|
| - | 3271 | jz @f |
|
| - | 3272 | mov ebx, [esp] |
|
| - | 3273 | movzx edi, byte [ecx+attributeOffset] |
|
| - | 3274 | add edi, ecx |
|
| - | 3275 | add edi, [ebx+4] |
|
| - | 3276 | mov ecx, [ebx+12] |
|
| - | 3277 | mov esi, [ebx+16] |
|
| - | 3278 | rep movsb |
|
| - | 3279 | @@: |
|
| - | 3280 | mov eax, [ebp+NTFS.frs_buffer] |
|
| - | 3281 | mov [ebp+NTFS.ntfs_cur_buf], eax |
|
| - | 3282 | call writeRecord ; file |
|
| - | 3283 | mov ebx, [ebp+NTFS.frs_buffer] |
|
| - | 3284 | call ntfs_restore_usa_frs |
|
| 2711 | .write: |
3285 | .writeNode: |
| - | 3286 | mov eax, [ebp+NTFS.nodeLastRead] |
|
| - | 3287 | mov [ebp+NTFS.ntfsLastRead], eax |
|
| - | 3288 | mov eax, [ebp+NTFS.cur_index_buf] |
|
| - | 3289 | mov [ebp+NTFS.ntfs_cur_buf], eax |
|
| - | 3290 | call writeRecord ; directory |
|
| - | 3291 | pop ebx |
|
| - | 3292 | mov ecx, [ebp+NTFS.ntfs_attr_offs] |
|
| - | 3293 | cmp byte [ecx+nonResidentFlag], 0 |
|
| - | 3294 | jz .done |
|
| - | 3295 | mov ecx, [ebx+12] |
|
| - | 3296 | test ecx, ecx |
|
| - | 3297 | jz .done |
|
| 2712 | mov eax, [ebx+4] |
3298 | mov eax, [ebx+4] |
| 2713 | mov edx, [ebx+8] |
3299 | mov edx, [ebx+8] |
| 2714 | mov ecx, [ebx+12] |
- | |
| 2715 | mov esi, [ebx+16] |
3300 | mov esi, [ebx+16] |
| 2716 | shrd eax, edx, 9 |
3301 | shrd eax, edx, 9 |
| 2717 | test dword[ebx+4], 1FFh |
3302 | test dword[ebx+4], 1FFh |
| 2718 | jz .aligned |
3303 | jz .aligned |
| 2719 | mov [ebp+NTFS.ntfs_cur_offs], eax |
3304 | mov [ebp+NTFS.ntfs_cur_offs], eax |
| Line 2740... | Line 3325... | ||
| 2740 | mov ecx, 1 |
3325 | mov ecx, 1 |
| 2741 | xor edx, edx |
3326 | xor edx, edx |
| 2742 | call fs_write64_app |
3327 | call fs_write64_app |
| 2743 | pop ebx |
3328 | pop ebx |
| 2744 | pop ecx |
3329 | pop ecx |
| 2745 | test eax, eax |
- | |
| 2746 | jnz ntfsDevice |
- | |
| 2747 | test ecx, ecx |
3330 | test ecx, ecx |
| 2748 | jz @f |
3331 | jz .done |
| 2749 | mov eax, [ebx+4] |
3332 | mov eax, [ebx+4] |
| 2750 | mov edx, [ebx+8] |
3333 | mov edx, [ebx+8] |
| 2751 | shrd eax, edx, 9 |
3334 | shrd eax, edx, 9 |
| 2752 | inc eax |
3335 | inc eax |
| 2753 | .aligned: |
3336 | .aligned: |
| Line 2763... | Line 3346... | ||
| 2763 | mov [ebp+NTFS.ntfsWriteAttr], 0 |
3346 | mov [ebp+NTFS.ntfsWriteAttr], 0 |
| 2764 | pop [ebp+NTFS.ntfs_cur_offs] |
3347 | pop [ebp+NTFS.ntfs_cur_offs] |
| 2765 | pop ecx |
3348 | pop ecx |
| 2766 | jc ntfsDevice |
3349 | jc ntfsDevice |
| 2767 | and ecx, 1FFh |
3350 | and ecx, 1FFh |
| 2768 | jz @f |
3351 | jz .done |
| 2769 | add esi, [ebp+NTFS.ntfs_cur_read] |
3352 | add esi, [ebp+NTFS.ntfs_cur_read] |
| 2770 | mov [ebp+NTFS.ntfs_cur_size], 1 |
3353 | mov [ebp+NTFS.ntfs_cur_size], 1 |
| 2771 | lea edi, [ebp+NTFS.ntfs_bitmap_buf] |
3354 | lea edi, [ebp+NTFS.ntfs_bitmap_buf] |
| 2772 | mov [ebp+NTFS.ntfs_cur_buf], edi |
3355 | mov [ebp+NTFS.ntfs_cur_buf], edi |
| 2773 | call ntfs_read_attr.continue |
3356 | call ntfs_read_attr.continue |
| Line 2778... | Line 3361... | ||
| 2778 | lea ebx, [ebp+NTFS.ntfs_bitmap_buf] |
3361 | lea ebx, [ebp+NTFS.ntfs_bitmap_buf] |
| 2779 | mov ecx, 1 |
3362 | mov ecx, 1 |
| 2780 | xor edx, edx |
3363 | xor edx, edx |
| 2781 | call fs_write64_app |
3364 | call fs_write64_app |
| 2782 | pop ebx |
3365 | pop ebx |
| 2783 | test eax, eax |
- | |
| 2784 | jnz ntfsDevice |
- | |
| 2785 | @@: |
3366 | .done: |
| 2786 | mov ebx, [ebx+12] |
3367 | mov ebx, [ebx+12] |
| 2787 | jmp ntfsDone |
3368 | jmp ntfsDone |
| Line 2788... | Line 3369... | ||
| 2788 | 3369 | ||
| 2789 | ;---------------------------------------------------------------- |
3370 | ;---------------------------------------------------------------- |
| Line 2807... | Line 3388... | ||
| 2807 | shr edx, 3 |
3388 | shr edx, 3 |
| 2808 | cmp edx, [ebp+NTFS.mftBitmapSize] |
3389 | cmp edx, [ebp+NTFS.mftBitmapSize] |
| 2809 | jnc ntfsUnsupported |
3390 | jnc ntfsUnsupported |
| 2810 | ; delete index from the node |
3391 | ; delete index from the node |
| 2811 | movzx edx, word [eax+indexAllocatedSize] |
3392 | movzx edx, word [eax+indexAllocatedSize] |
| - | 3393 | mov ecx, [eax+fileRecordReference] |
|
| - | 3394 | cmp [eax+edx+fileRecordReference], ecx |
|
| - | 3395 | jnz @f |
|
| - | 3396 | add dx, [eax+edx+indexAllocatedSize] |
|
| - | 3397 | @@: |
|
| 2812 | mov edi, [ebp+NTFS.cur_index_buf] |
3398 | mov edi, [ebp+NTFS.cur_index_buf] |
| 2813 | cmp dword [edi], 'INDX' |
3399 | cmp dword [edi], 'INDX' |
| 2814 | jz .indexRecord |
3400 | jz .indexRecord |
| 2815 | mov esi, [ebp+NTFS.frs_buffer] ; indexRoot |
3401 | mov esi, [ebp+NTFS.frs_buffer] ; indexRoot |
| 2816 | mov ecx, [esi+recordRealSize] |
3402 | mov ecx, [esi+recordRealSize] |
| Line 2853... | Line 3439... | ||
| 2853 | call ntfs_read_attr |
3439 | call ntfs_read_attr |
| 2854 | jc .folder |
3440 | jc .folder |
| 2855 | mov esi, [ebp+NTFS.frs_buffer] |
3441 | mov esi, [ebp+NTFS.frs_buffer] |
| 2856 | cmp word [esi+baseRecordReuse], 0 |
3442 | cmp word [esi+baseRecordReuse], 0 |
| 2857 | jnz ntfsUnsupported ; auxiliary record |
3443 | jnz ntfsUnsupported ; auxiliary record |
| 2858 | cmp byte [esi+hardLinkCounter], 2 |
- | |
| 2859 | jnc .writeFileRecord ; delete hard link |
- | |
| 2860 | mov esi, [ebp+NTFS.ntfs_attr_offs] |
3444 | mov esi, [ebp+NTFS.ntfs_attr_offs] |
| 2861 | cmp byte [esi+nonResidentFlag], 0 |
3445 | cmp byte [esi+nonResidentFlag], 0 |
| 2862 | jz .writeBitmapMFT |
3446 | jz .writeBitmapMFT |
| 2863 | movzx eax, byte [esi+dataRunsOffset] |
3447 | movzx eax, byte [esi+dataRunsOffset] |
| 2864 | add esi, eax |
3448 | add esi, eax |
| 2865 | xor edi, edi |
3449 | xor edi, edi |
| 2866 | sub esp, 16 |
3450 | sub esp, 16 |
| 2867 | .clearBitmap: ; "delete" file data |
3451 | @@: ; "delete" file data |
| 2868 | call ntfs_decode_mcb_entry |
3452 | call ntfs_decode_mcb_entry |
| 2869 | jnc .mcbEnd |
3453 | jnc @f |
| 2870 | cmp dword[esp+8], 0 |
3454 | cmp dword[esp+8], 0 |
| 2871 | jz .clearBitmap |
3455 | jz @b |
| 2872 | add edi, [esp+8] |
3456 | add edi, [esp+8] |
| 2873 | mov ebx, [esp] |
3457 | mov ebx, [esp] |
| 2874 | mov eax, edi |
- | |
| 2875 | add eax, ebx |
- | |
| 2876 | shr eax, 3 |
- | |
| 2877 | inc eax |
- | |
| 2878 | cmp eax, [ebp+NTFS.BitmapSize] |
- | |
| 2879 | jc .buffered |
- | |
| 2880 | add eax, [ebp+NTFS.BitmapBuffer] |
- | |
| 2881 | add esp, 16 |
- | |
| 2882 | push edi |
- | |
| 2883 | mov edi, eax |
- | |
| 2884 | @@: |
- | |
| 2885 | call bitmapBuffering |
3458 | call ntfsSpaceFree |
| 2886 | shl ecx, 2 |
- | |
| 2887 | js @b |
3459 | jnc @b |
| 2888 | pop edi |
- | |
| 2889 | sub esp, 16 |
- | |
| 2890 | .buffered: |
- | |
| 2891 | push edi |
- | |
| 2892 | mov ecx, edi |
- | |
| 2893 | shr edi, 5 |
- | |
| 2894 | shl edi, 2 |
- | |
| 2895 | add edi, [ebp+NTFS.BitmapBuffer] |
- | |
| 2896 | and ecx, 31 |
- | |
| 2897 | xor eax, eax |
- | |
| 2898 | dec eax |
- | |
| 2899 | shr eax, cl |
- | |
| 2900 | shl eax, cl |
- | |
| 2901 | neg ecx |
- | |
| 2902 | add ecx, 32 |
- | |
| 2903 | sub ecx, ebx |
- | |
| 2904 | jc @f |
- | |
| 2905 | shl eax, cl ; fits inside dword |
- | |
| 2906 | shr eax, cl |
- | |
| 2907 | not eax |
- | |
| 2908 | and [edi], eax |
- | |
| 2909 | jmp .writeBitmap |
- | |
| 2910 | - | ||
| 2911 | @@: |
3460 | @@: |
| 2912 | not eax |
- | |
| 2913 | and [edi], eax |
- | |
| 2914 | neg ecx |
- | |
| 2915 | push ecx |
- | |
| 2916 | shr ecx, 5 |
- | |
| 2917 | add edi, 4 |
- | |
| 2918 | xor eax, eax |
- | |
| 2919 | rep stosd |
- | |
| 2920 | pop ecx |
- | |
| 2921 | and ecx, 31 |
- | |
| 2922 | dec eax |
- | |
| 2923 | shr eax, cl |
- | |
| 2924 | shl eax, cl |
- | |
| 2925 | and [edi], eax |
- | |
| 2926 | .writeBitmap: |
- | |
| 2927 | pop edi |
- | |
| 2928 | mov ecx, edi |
- | |
| 2929 | add ecx, ebx |
- | |
| 2930 | add ecx, 4095 |
- | |
| 2931 | shr ecx, 3+9 |
- | |
| 2932 | mov eax, edi |
- | |
| 2933 | shr eax, 3+9 |
- | |
| 2934 | sub ecx, eax |
- | |
| 2935 | mov ebx, eax |
- | |
| 2936 | shl ebx, 9 |
- | |
| 2937 | add eax, [ebp+NTFS.BitmapLocation] |
- | |
| 2938 | add ebx, [ebp+NTFS.BitmapBuffer] |
- | |
| 2939 | xor edx, edx |
- | |
| 2940 | call fs_write64_app |
- | |
| 2941 | jmp .clearBitmap |
- | |
| 2942 | - | ||
| 2943 | .mcbEnd: |
- | |
| 2944 | add esp, 16 |
3461 | add esp, 16 |
| 2945 | jmp .writeBitmapMFT |
3462 | jmp .writeBitmapMFT |
| Line 2946... | Line 3463... | ||
| 2946 | 3463 | ||
| 2947 | .folder: ; empty? |
3464 | .folder: ; empty? |
| Line 2969... | Line 3486... | ||
| 2969 | add ebx, edi |
3486 | add ebx, edi |
| 2970 | mov ecx, 1 |
3487 | mov ecx, 1 |
| 2971 | xor edx, edx |
3488 | xor edx, edx |
| 2972 | call fs_write64_sys |
3489 | call fs_write64_sys |
| 2973 | mov esi, [ebp+NTFS.frs_buffer] |
3490 | mov esi, [ebp+NTFS.frs_buffer] |
| 2974 | mov byte [esi+recordFlags], 0 |
- | |
| 2975 | .writeFileRecord: |
- | |
| 2976 | dec byte [esi+hardLinkCounter] |
- | |
| 2977 | mov [ebp+NTFS.ntfs_cur_buf], esi |
3491 | mov [ebp+NTFS.ntfs_cur_buf], esi |
| - | 3492 | mov byte [esi+recordFlags], 0 |
|
| 2978 | call writeRecord |
3493 | call writeRecord |
| 2979 | ; write directory node |
3494 | ; write directory node |
| 2980 | mov eax, [ebp+NTFS.nodeLastRead] |
3495 | mov eax, [ebp+NTFS.nodeLastRead] |
| 2981 | mov [ebp+NTFS.ntfsLastRead], eax |
3496 | mov [ebp+NTFS.ntfsLastRead], eax |
| 2982 | mov eax, [ebp+NTFS.cur_index_buf] |
3497 | mov eax, [ebp+NTFS.cur_index_buf] |
| 2983 | mov [ebp+NTFS.ntfs_cur_buf], eax |
3498 | mov [ebp+NTFS.ntfs_cur_buf], eax |
| 2984 | call writeRecord |
3499 | call writeRecord |
| 2985 | test eax, eax |
- | |
| 2986 | jz ntfsDone |
3500 | jmp ntfsDone |
| 2987 | jmp ntfsDevice |
- | |
| Line 2988... | Line 3501... | ||
| 2988 | 3501 | ||
| 2989 | ;---------------------------------------------------------------- |
3502 | ;---------------------------------------------------------------- |
| - | 3503 | ntfs_SetFileEnd: |
|
| - | 3504 | cmp byte [esi], 0 |
|
| - | 3505 | jnz @f |
|
| - | 3506 | xor ebx, ebx |
|
| - | 3507 | movi eax, ERROR_ACCESS_DENIED |
|
| - | 3508 | ret |
|
| - | 3509 | @@: |
|
| - | 3510 | call ntfs_lock |
|
| - | 3511 | stdcall ntfs_find_lfn, [esp+4] |
|
| - | 3512 | jc ntfsNotFound |
|
| - | 3513 | cmp [ebp+NTFS.ntfs_cur_iRecord], 16 |
|
| - | 3514 | jc ntfsDenied |
|
| - | 3515 | bt dword [eax+fileFlags], 28 |
|
| - | 3516 | jc ntfsDenied |
|
| - | 3517 | cmp [ebp+NTFS.ntfsFragmentCount], 1 |
|
| - | 3518 | jnz ntfsUnsupported ; record fragmented |
|
| - | 3519 | ; edit directory node |
|
| - | 3520 | mov edi, [ebp+NTFS.cur_index_buf] |
|
| - | 3521 | cmp dword [edi], 'INDX' |
|
| - | 3522 | jz @f |
|
| - | 3523 | mov esi, [ebp+NTFS.frs_buffer] |
|
| - | 3524 | mov ecx, [esi+recordRealSize] |
|
| - | 3525 | shr ecx, 2 |
|
| - | 3526 | rep movsd |
|
| - | 3527 | mov esi, [ebp+NTFS.ntfs_attr_offs] |
|
| - | 3528 | mov cl, [esi+attributeOffset] |
|
| - | 3529 | sub esi, [ebp+NTFS.frs_buffer] |
|
| - | 3530 | add eax, ecx |
|
| - | 3531 | add eax, esi |
|
| - | 3532 | @@: |
|
| - | 3533 | mov ecx, [ebx+4] |
|
| - | 3534 | mov edx, [ebx+8] |
|
| - | 3535 | mov [eax+fileRealSize], ecx |
|
| - | 3536 | mov [eax+fileRealSize+4], edx |
|
| - | 3537 | mov eax, [ebp+NTFS.ntfsLastRead] |
|
| - | 3538 | mov [ebp+NTFS.nodeLastRead], eax |
|
| - | 3539 | mov [ebp+NTFS.ntfs_cur_attr], 0x80 |
|
| - | 3540 | mov [ebp+NTFS.ntfs_cur_offs], 0 |
|
| - | 3541 | mov [ebp+NTFS.ntfs_cur_size], 0 |
|
| - | 3542 | call ntfs_read_attr |
|
| - | 3543 | jc ntfsFail |
|
| - | 3544 | mov eax, ecx |
|
| - | 3545 | mov ecx, [ebp+NTFS.frs_buffer] |
|
| - | 3546 | cmp word [ecx+baseRecordReuse], 0 |
|
| - | 3547 | jnz ntfsUnsupported ; auxiliary record |
|
| - | 3548 | mov ecx, [ebp+NTFS.ntfs_attr_offs] |
|
| - | 3549 | cmp word [ecx+attributeFlags], 0 |
|
| - | 3550 | jnz ntfsUnsupported |
|
| - | 3551 | cmp byte [ecx+nonResidentFlag], 0 |
|
| - | 3552 | jz .resizeAttribute |
|
| - | 3553 | cmp [ecx+attributeRealSize+4], edx |
|
| - | 3554 | jnz .resizeAttribute |
|
| - | 3555 | cmp [ecx+attributeRealSize], eax |
|
| - | 3556 | jnc .resizeAttribute |
|
| - | 3557 | mov eax, [ecx+attributeRealSize] |
|
| - | 3558 | mov ecx, [ebp+NTFS.sectors_per_cluster] |
|
| - | 3559 | mov [ebp+NTFS.ntfs_cur_size], ecx |
|
| - | 3560 | shl ecx, 9 |
|
| - | 3561 | div ecx |
|
| - | 3562 | test edx, edx |
|
| - | 3563 | jz .aligned |
|
| - | 3564 | push edx |
|
| - | 3565 | push ecx |
|
| - | 3566 | mul [ebp+NTFS.sectors_per_cluster] |
|
| - | 3567 | mov [ebp+NTFS.ntfs_cur_offs], eax |
|
| - | 3568 | stdcall kernel_alloc, ecx |
|
| - | 3569 | pop ecx |
|
| - | 3570 | pop edi |
|
| - | 3571 | sub ecx, edi |
|
| - | 3572 | add edi, eax |
|
| - | 3573 | mov [ebp+NTFS.ntfs_cur_buf], eax |
|
| - | 3574 | push [ebp+NTFS.ntfsLastRead] |
|
| - | 3575 | call ntfs_read_attr.continue |
|
| - | 3576 | jc @f |
|
| - | 3577 | xor eax, eax |
|
| - | 3578 | rep stosb |
|
| - | 3579 | push ebx |
|
| - | 3580 | mov eax, [ebp+NTFS.ntfsLastRead] |
|
| - | 3581 | mov ebx, [ebp+NTFS.ntfs_cur_buf] |
|
| - | 3582 | mov ecx, [ebp+NTFS.sectors_per_cluster] |
|
| - | 3583 | xor edx, edx |
|
| - | 3584 | call fs_write64_app |
|
| - | 3585 | pop ebx |
|
| - | 3586 | @@: |
|
| - | 3587 | pop [ebp+NTFS.ntfsLastRead] |
|
| - | 3588 | stdcall kernel_free, [ebp+NTFS.ntfs_cur_buf] |
|
| - | 3589 | .aligned: |
|
| - | 3590 | mov eax, [ebx+4] |
|
| - | 3591 | mov edx, [ebx+8] |
|
| - | 3592 | .resizeAttribute: |
|
| - | 3593 | call resizeAttribute |
|
| - | 3594 | jc ntfsError |
|
| - | 3595 | mov eax, [ebp+NTFS.frs_buffer] |
|
| - | 3596 | mov [ebp+NTFS.ntfs_cur_buf], eax |
|
| - | 3597 | call writeRecord ; file |
|
| - | 3598 | mov eax, [ebp+NTFS.nodeLastRead] |
|
| - | 3599 | mov [ebp+NTFS.ntfsLastRead], eax |
|
| - | 3600 | mov eax, [ebp+NTFS.cur_index_buf] |
|
| - | 3601 | mov [ebp+NTFS.ntfs_cur_buf], eax |
|
| - | 3602 | call writeRecord ; directory |
|
| - | 3603 | call ntfsSpaceClean |
|
| - | 3604 | jmp ntfsDone |
|
| - | 3605 | ||
| 2990 | ntfs_SetFileEnd: |
3606 | ;---------------------------------------------------------------- |
| 2991 | ntfs_SetFileInfo: |
3607 | ntfs_SetFileInfo: |
| 2992 | movi eax, ERROR_UNSUPPORTED_FS |
3608 | movi eax, ERROR_UNSUPPORTED_FS |
| Line 2993... | Line 3609... | ||
| 2993 | ret |
3609 | ret |
| Line 3016... | Line 3632... | ||
| 3016 | xor eax, eax |
3632 | xor eax, eax |
| 3017 | ret |
3633 | ret |
| Line 3018... | Line 3634... | ||
| 3018 | 3634 | ||
| 3019 | ntfsUnsupported: |
3635 | ntfsUnsupported: |
| 3020 | push ERROR_UNSUPPORTED_FS |
- | |
| 3021 | ntfsOut: |
3636 | push ERROR_UNSUPPORTED_FS |
| 3022 | call ntfs_unlock |
- | |
| 3023 | xor ebx, ebx |
- | |
| 3024 | pop eax |
- | |
| 3025 | ret |
3637 | jmp ntfsOut |
| 3026 | ntfsDevice: |
3638 | ntfsDevice: |
| 3027 | push ERROR_DEVICE |
3639 | push ERROR_DEVICE |
| 3028 | jmp ntfsOut |
3640 | jmp ntfsOut |
| 3029 | ntfsNotFound: |
3641 | ntfsNotFound: |
| Line 3033... | Line 3645... | ||
| 3033 | push ERROR_ACCESS_DENIED |
3645 | push ERROR_ACCESS_DENIED |
| 3034 | jmp ntfsOut |
3646 | jmp ntfsOut |
| 3035 | ntfsFail: |
3647 | ntfsFail: |
| 3036 | push ERROR_FS_FAIL |
3648 | push ERROR_FS_FAIL |
| 3037 | jmp ntfsOut |
3649 | jmp ntfsOut |
| 3038 | ntfsNoMemory: |
3650 | ntfsDiskFull: |
| 3039 | push ERROR_OUT_OF_MEMORY |
3651 | push ERROR_DISK_FULL |
| 3040 | jmp ntfsOut |
3652 | jmp ntfsOut |
| - | 3653 | ntfsErrorPop2: |
|
| - | 3654 | pop ebx |
|
| - | 3655 | ntfsErrorPop: |
|
| - | 3656 | pop ebx |
|
| - | 3657 | ntfsError: |
|
| - | 3658 | push eax |
|
| - | 3659 | ntfsOut: |
|
| - | 3660 | call ntfs_unlock |
|
| - | 3661 | xor ebx, ebx |
|
| - | 3662 | pop eax |
|
| - | 3663 | ret |
|