Rev 387 | Go to most recent revision | Only display areas with differences | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 387 | Rev 444 | ||
|---|---|---|---|
| - | 1 | $Revision: 431 $ |
|
| - | 2 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; |
|
| - | 3 | ;; ;; |
|
| - | 4 | ;; Copyright (C) KolibriOS team 2004-2007. All rights reserved. ;; |
|
| - | 5 | ;; Distributed under terms of the GNU General Public License ;; |
|
| - | 6 | ;; ;; |
|
| - | 7 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; |
|
| - | 8 | ||
| 1 | ntfs_test_bootsec: |
9 | ntfs_test_bootsec: |
| 2 | ; in: ebx->buffer, edx=size of partition |
10 | ; in: ebx->buffer, edx=size of partition |
| 3 | ; out: CF set <=> invalid |
11 | ; out: CF set <=> invalid |
| 4 | ; 1. Name=='NTFS ' |
12 | ; 1. Name=='NTFS ' |
| 5 | cmp dword [ebx+3], 'NTFS' |
13 | cmp dword [ebx+3], 'NTFS' |
| 6 | jnz .no |
14 | jnz .no |
| 7 | cmp dword [ebx+7], ' ' |
15 | cmp dword [ebx+7], ' ' |
| 8 | jnz .no |
16 | jnz .no |
| 9 | ; 2. Number of bytes per sector is the same as for physical device |
17 | ; 2. Number of bytes per sector is the same as for physical device |
| 10 | ; (that is, 0x200 for hard disk) |
18 | ; (that is, 0x200 for hard disk) |
| 11 | cmp word [ebx+11], 0x200 |
19 | cmp word [ebx+11], 0x200 |
| 12 | jnz .no |
20 | jnz .no |
| 13 | ; 3. Number of sectors per cluster must be power of 2 |
21 | ; 3. Number of sectors per cluster must be power of 2 |
| 14 | movzx eax, byte [ebx+13] |
22 | movzx eax, byte [ebx+13] |
| 15 | dec eax |
23 | dec eax |
| 16 | js .no |
24 | js .no |
| 17 | test al, [ebx+13] |
25 | test al, [ebx+13] |
| 18 | jnz .no |
26 | jnz .no |
| 19 | ; 4. FAT parameters must be zero |
27 | ; 4. FAT parameters must be zero |
| 20 | cmp word [ebx+14], 0 |
28 | cmp word [ebx+14], 0 |
| 21 | jnz .no |
29 | jnz .no |
| 22 | cmp dword [ebx+16], 0 |
30 | cmp dword [ebx+16], 0 |
| 23 | jnz .no |
31 | jnz .no |
| 24 | cmp byte [ebx+20], 0 |
32 | cmp byte [ebx+20], 0 |
| 25 | jnz .no |
33 | jnz .no |
| 26 | cmp word [ebx+22], 0 |
34 | cmp word [ebx+22], 0 |
| 27 | jnz .no |
35 | jnz .no |
| 28 | cmp dword [ebx+32], 0 |
36 | cmp dword [ebx+32], 0 |
| 29 | jnz .no |
37 | jnz .no |
| 30 | ; 5. Number of sectors <= partition size |
38 | ; 5. Number of sectors <= partition size |
| 31 | cmp dword [ebx+0x2C], 0 |
39 | cmp dword [ebx+0x2C], 0 |
| 32 | ja .no |
40 | ja .no |
| 33 | cmp [ebx+0x28], edx |
41 | cmp [ebx+0x28], edx |
| 34 | ja .no |
42 | ja .no |
| 35 | ; 6. $MFT and $MFTMirr clusters must be within partition |
43 | ; 6. $MFT and $MFTMirr clusters must be within partition |
| 36 | cmp dword [ebx+0x34], 0 |
44 | cmp dword [ebx+0x34], 0 |
| 37 | ja .no |
45 | ja .no |
| 38 | push edx |
46 | push edx |
| 39 | movzx eax, byte [ebx+13] |
47 | movzx eax, byte [ebx+13] |
| 40 | mul dword [ebx+0x30] |
48 | mul dword [ebx+0x30] |
| 41 | test edx, edx |
49 | test edx, edx |
| 42 | pop edx |
50 | pop edx |
| 43 | jnz .no |
51 | jnz .no |
| 44 | cmp eax, edx |
52 | cmp eax, edx |
| 45 | ja .no |
53 | ja .no |
| 46 | cmp dword [ebx+0x3C], 0 |
54 | cmp dword [ebx+0x3C], 0 |
| 47 | ja .no |
55 | ja .no |
| 48 | push edx |
56 | push edx |
| 49 | movzx eax, byte [ebx+13] |
57 | movzx eax, byte [ebx+13] |
| 50 | mul dword [ebx+0x38] |
58 | mul dword [ebx+0x38] |
| 51 | test edx, edx |
59 | test edx, edx |
| 52 | pop edx |
60 | pop edx |
| 53 | jnz .no |
61 | jnz .no |
| 54 | cmp eax, edx |
62 | cmp eax, edx |
| 55 | ja .no |
63 | ja .no |
| 56 | ; 7. Clusters per FRS must be either negative and in [-31,-9] or positive and power of 2 |
64 | ; 7. Clusters per FRS must be either negative and in [-31,-9] or positive and power of 2 |
| 57 | movsx eax, byte [ebx+0x40] |
65 | movsx eax, byte [ebx+0x40] |
| 58 | cmp al, -31 |
66 | cmp al, -31 |
| 59 | jl .no |
67 | jl .no |
| 60 | cmp al, -9 |
68 | cmp al, -9 |
| 61 | jle @f |
69 | jle @f |
| 62 | dec eax |
70 | dec eax |
| 63 | js .no |
71 | js .no |
| 64 | test [ebx+0x40], al |
72 | test [ebx+0x40], al |
| 65 | jnz .no |
73 | jnz .no |
| 66 | @@: |
74 | @@: |
| 67 | ; 8. Same for clusters per IndexAllocationBuffer |
75 | ; 8. Same for clusters per IndexAllocationBuffer |
| 68 | movsx eax, byte [ebx+0x44] |
76 | movsx eax, byte [ebx+0x44] |
| 69 | cmp al, -31 |
77 | cmp al, -31 |
| 70 | jl .no |
78 | jl .no |
| 71 | cmp al, -9 |
79 | cmp al, -9 |
| 72 | jle @f |
80 | jle @f |
| 73 | dec eax |
81 | dec eax |
| 74 | js .no |
82 | js .no |
| 75 | test [ebx+0x44], al |
83 | test [ebx+0x44], al |
| 76 | jnz .no |
84 | jnz .no |
| 77 | @@: |
85 | @@: |
| 78 | ; OK, this is correct NTFS bootsector |
86 | ; OK, this is correct NTFS bootsector |
| 79 | clc |
87 | clc |
| 80 | ret |
88 | ret |
| 81 | .no: |
89 | .no: |
| 82 | ; No, this bootsector isn't NTFS |
90 | ; No, this bootsector isn't NTFS |
| 83 | stc |
91 | stc |
| 84 | ret |
92 | ret |
| 85 | 93 | ||
| 86 | ntfs_setup: ; CODE XREF: part_set.inc |
94 | ntfs_setup: ; CODE XREF: part_set.inc |
| 87 | ; By given bootsector, initialize some NTFS variables |
95 | ; By given bootsector, initialize some NTFS variables |
| 88 | call ntfs_test_bootsec |
96 | call ntfs_test_bootsec |
| 89 | jc problem_fat_dec_count |
97 | jc problem_fat_dec_count |
| 90 | movzx eax, byte [ebx+13] |
98 | movzx eax, byte [ebx+13] |
| 91 | mov [ntfs_data.sectors_per_cluster], eax |
99 | mov [ntfs_data.sectors_per_cluster], eax |
| 92 | mov eax, [ebx+0x28] |
100 | mov eax, [ebx+0x28] |
| 93 | add eax, [PARTITION_START] |
101 | add eax, [PARTITION_START] |
| 94 | dec eax |
102 | dec eax |
| 95 | mov [PARTITION_END], eax |
103 | mov [PARTITION_END], eax |
| 96 | mov [fs_type], 1 |
104 | mov [fs_type], 1 |
| 97 | mov eax, [ebx+0x30] |
105 | mov eax, [ebx+0x30] |
| 98 | mov [ntfs_data.mft_cluster], eax |
106 | mov [ntfs_data.mft_cluster], eax |
| 99 | mov eax, [ebx+0x38] |
107 | mov eax, [ebx+0x38] |
| 100 | mov [ntfs_data.mftmirr_cluster], eax |
108 | mov [ntfs_data.mftmirr_cluster], eax |
| 101 | movsx eax, byte [ebx+0x40] |
109 | movsx eax, byte [ebx+0x40] |
| 102 | test eax, eax |
110 | test eax, eax |
| 103 | js .1 |
111 | js .1 |
| 104 | mul [ntfs_data.sectors_per_cluster] |
112 | mul [ntfs_data.sectors_per_cluster] |
| 105 | shl eax, 9 |
113 | shl eax, 9 |
| 106 | jmp .2 |
114 | jmp .2 |
| 107 | .1: |
115 | .1: |
| 108 | neg eax |
116 | neg eax |
| 109 | mov ecx, eax |
117 | mov ecx, eax |
| 110 | mov eax, 1 |
118 | mov eax, 1 |
| 111 | shl eax, cl |
119 | shl eax, cl |
| 112 | .2: |
120 | .2: |
| 113 | mov [ntfs_data.frs_size], eax |
121 | mov [ntfs_data.frs_size], eax |
| 114 | movsx eax, byte [ebx+0x44] |
122 | movsx eax, byte [ebx+0x44] |
| 115 | test eax, eax |
123 | test eax, eax |
| 116 | js .3 |
124 | js .3 |
| 117 | mul [ntfs_data.sectors_per_cluster] |
125 | mul [ntfs_data.sectors_per_cluster] |
| 118 | shl eax, 9 |
126 | shl eax, 9 |
| 119 | jmp .4 |
127 | jmp .4 |
| 120 | .3: |
128 | .3: |
| 121 | neg eax |
129 | neg eax |
| 122 | mov ecx, eax |
130 | mov ecx, eax |
| 123 | mov eax, 1 |
131 | mov eax, 1 |
| 124 | shl eax, cl |
132 | shl eax, cl |
| 125 | .4: |
133 | .4: |
| 126 | mov [ntfs_data.iab_size], eax |
134 | mov [ntfs_data.iab_size], eax |
| 127 | ; allocate space for buffers |
135 | ; allocate space for buffers |
| 128 | add eax, [ntfs_data.frs_size] |
136 | add eax, [ntfs_data.frs_size] |
| 129 | push eax |
137 | push eax |
| 130 | call kernel_alloc |
138 | call kernel_alloc |
| 131 | test eax, eax |
139 | test eax, eax |
| 132 | jz problem_fat_dec_count |
140 | jz problem_fat_dec_count |
| 133 | mov [ntfs_data.frs_buffer], eax |
141 | mov [ntfs_data.frs_buffer], eax |
| 134 | add eax, [ntfs_data.frs_size] |
142 | add eax, [ntfs_data.frs_size] |
| 135 | mov [ntfs_data.iab_buffer], eax |
143 | mov [ntfs_data.iab_buffer], eax |
| 136 | ; read $MFT disposition |
144 | ; read $MFT disposition |
| 137 | mov eax, [ntfs_data.mft_cluster] |
145 | mov eax, [ntfs_data.mft_cluster] |
| 138 | mul [ntfs_data.sectors_per_cluster] |
146 | mul [ntfs_data.sectors_per_cluster] |
| 139 | call ntfs_read_frs_sector |
147 | call ntfs_read_frs_sector |
| 140 | cmp [hd_error], 0 |
148 | cmp [hd_error], 0 |
| 141 | jnz .usemirr |
149 | jnz .usemirr |
| 142 | cmp dword [ebx], 'FILE' |
150 | cmp dword [ebx], 'FILE' |
| 143 | jnz .usemirr |
151 | jnz .usemirr |
| 144 | call ntfs_restore_usa_frs |
152 | call ntfs_restore_usa_frs |
| 145 | jnc .mftok |
153 | jnc .mftok |
| 146 | .usemirr: |
154 | .usemirr: |
| 147 | and [hd_error], 0 |
155 | and [hd_error], 0 |
| 148 | mov eax, [ntfs_data.mftmirr_cluster] |
156 | mov eax, [ntfs_data.mftmirr_cluster] |
| 149 | mul [ntfs_data.sectors_per_cluster] |
157 | mul [ntfs_data.sectors_per_cluster] |
| 150 | call ntfs_read_frs_sector |
158 | call ntfs_read_frs_sector |
| 151 | cmp [hd_error], 0 |
159 | cmp [hd_error], 0 |
| 152 | jnz @f |
160 | jnz @f |
| 153 | cmp dword [ebx], 'FILE' |
161 | cmp dword [ebx], 'FILE' |
| 154 | jnz @f |
162 | jnz @f |
| 155 | call ntfs_restore_usa_frs |
163 | call ntfs_restore_usa_frs |
| 156 | jnc .mftok |
164 | jnc .mftok |
| 157 | @@: |
165 | @@: |
| 158 | ; $MFT and $MFTMirr invalid! |
166 | ; $MFT and $MFTMirr invalid! |
| 159 | .fail_free_frs: |
167 | .fail_free_frs: |
| 160 | push [ntfs_data.frs_buffer] |
168 | push [ntfs_data.frs_buffer] |
| 161 | call kernel_free |
169 | call kernel_free |
| 162 | jmp problem_fat_dec_count |
170 | jmp problem_fat_dec_count |
| 163 | .fail_free_mft: |
171 | .fail_free_mft: |
| 164 | push [ntfs_data.mft_retrieval] |
172 | push [ntfs_data.mft_retrieval] |
| 165 | call kernel_free |
173 | call kernel_free |
| 166 | jmp .fail_free_frs |
174 | jmp .fail_free_frs |
| 167 | .mftok: |
175 | .mftok: |
| 168 | ; read $MFT table retrieval information |
176 | ; read $MFT table retrieval information |
| 169 | ; start with one page, increase if not enough (when MFT too fragmented) |
177 | ; start with one page, increase if not enough (when MFT too fragmented) |
| 170 | push ebx |
178 | push ebx |
| 171 | push 0x1000 |
179 | push 0x1000 |
| 172 | call kernel_alloc |
180 | call kernel_alloc |
| 173 | pop ebx |
181 | pop ebx |
| 174 | test eax, eax |
182 | test eax, eax |
| 175 | jz .fail_free_frs |
183 | jz .fail_free_frs |
| 176 | mov [ntfs_data.mft_retrieval], eax |
184 | mov [ntfs_data.mft_retrieval], eax |
| 177 | and [ntfs_data.mft_retrieval_size], 0 |
185 | and [ntfs_data.mft_retrieval_size], 0 |
| 178 | mov [ntfs_data.mft_retrieval_alloc], 0x1000/8 |
186 | mov [ntfs_data.mft_retrieval_alloc], 0x1000/8 |
| 179 | ; $MFT base record must contain unnamed non-resident $DATA attribute |
187 | ; $MFT base record must contain unnamed non-resident $DATA attribute |
| 180 | movzx eax, word [ebx+14h] |
188 | movzx eax, word [ebx+14h] |
| 181 | add eax, ebx |
189 | add eax, ebx |
| 182 | .scandata: |
190 | .scandata: |
| 183 | cmp dword [eax], -1 |
191 | cmp dword [eax], -1 |
| 184 | jz .fail_free_mft |
192 | jz .fail_free_mft |
| 185 | cmp dword [eax], 0x80 |
193 | cmp dword [eax], 0x80 |
| 186 | jnz @f |
194 | jnz @f |
| 187 | cmp byte [eax+9], 0 |
195 | cmp byte [eax+9], 0 |
| 188 | jz .founddata |
196 | jz .founddata |
| 189 | @@: |
197 | @@: |
| 190 | add eax, [eax+4] |
198 | add eax, [eax+4] |
| 191 | jmp .scandata |
199 | jmp .scandata |
| 192 | .founddata: |
200 | .founddata: |
| 193 | cmp byte [eax+8], 0 |
201 | cmp byte [eax+8], 0 |
| 194 | jz .fail_free_mft |
202 | jz .fail_free_mft |
| 195 | ; load first portion of $DATA attribute retrieval information |
203 | ; load first portion of $DATA attribute retrieval information |
| 196 | mov edx, [eax+0x18] |
204 | mov edx, [eax+0x18] |
| 197 | mov [ntfs_data.mft_retrieval_end], edx |
205 | mov [ntfs_data.mft_retrieval_end], edx |
| 198 | mov esi, eax |
206 | mov esi, eax |
| 199 | movzx eax, word [eax+0x20] |
207 | movzx eax, word [eax+0x20] |
| 200 | add esi, eax |
208 | add esi, eax |
| 201 | sub esp, 10h |
209 | sub esp, 10h |
| 202 | .scanmcb: |
210 | .scanmcb: |
| 203 | call ntfs_decode_mcb_entry |
211 | call ntfs_decode_mcb_entry |
| 204 | jnc .scanmcbend |
212 | jnc .scanmcbend |
| 205 | call .get_mft_retrieval_ptr |
213 | call .get_mft_retrieval_ptr |
| 206 | mov edx, [esp] ; block length |
214 | mov edx, [esp] ; block length |
| 207 | mov [eax], edx |
215 | mov [eax], edx |
| 208 | mov edx, [esp+8] ; block addr (relative) |
216 | mov edx, [esp+8] ; block addr (relative) |
| 209 | mov [eax+4], edx |
217 | mov [eax+4], edx |
| 210 | inc [ntfs_data.mft_retrieval_size] |
218 | inc [ntfs_data.mft_retrieval_size] |
| 211 | jmp .scanmcb |
219 | jmp .scanmcb |
| 212 | .scanmcbend: |
220 | .scanmcbend: |
| 213 | add esp, 10h |
221 | add esp, 10h |
| 214 | ; there may be other portions of $DATA attribute in auxiliary records; |
222 | ; there may be other portions of $DATA attribute in auxiliary records; |
| 215 | ; if they will be needed, they will be loaded later |
223 | ; if they will be needed, they will be loaded later |
| 216 | 224 | ||
| 217 | mov [ntfs_data.cur_index_size], 0x1000/0x200 |
225 | mov [ntfs_data.cur_index_size], 0x1000/0x200 |
| 218 | push 0x1000 |
226 | push 0x1000 |
| 219 | call kernel_alloc |
227 | call kernel_alloc |
| 220 | test eax, eax |
228 | test eax, eax |
| 221 | jz .fail_free_mft |
229 | jz .fail_free_mft |
| 222 | mov [ntfs_data.cur_index_buf], eax |
230 | mov [ntfs_data.cur_index_buf], eax |
| 223 | 231 | ||
| 224 | popad |
232 | popad |
| 225 | call free_hd_channel |
233 | call free_hd_channel |
| 226 | and [hd1_status], 0 |
234 | and [hd1_status], 0 |
| 227 | ret |
235 | ret |
| 228 | 236 | ||
| 229 | .get_mft_retrieval_ptr: |
237 | .get_mft_retrieval_ptr: |
| 230 | pushad |
238 | pushad |
| 231 | mov eax, [ntfs_data.mft_retrieval_size] |
239 | mov eax, [ntfs_data.mft_retrieval_size] |
| 232 | cmp eax, [ntfs_data.mft_retrieval_alloc] |
240 | cmp eax, [ntfs_data.mft_retrieval_alloc] |
| 233 | jnz .ok |
241 | jnz .ok |
| 234 | add eax, 0x1000/8 |
242 | add eax, 0x1000/8 |
| 235 | mov [ntfs_data.mft_retrieval_alloc], eax |
243 | mov [ntfs_data.mft_retrieval_alloc], eax |
| 236 | shl eax, 3 |
244 | shl eax, 3 |
| 237 | push eax |
245 | push eax |
| 238 | call kernel_alloc |
246 | call kernel_alloc |
| 239 | test eax, eax |
247 | test eax, eax |
| 240 | jnz @f |
248 | jnz @f |
| 241 | popad |
249 | popad |
| 242 | add esp, 14h |
250 | add esp, 14h |
| 243 | jmp .fail_free_mft |
251 | jmp .fail_free_mft |
| 244 | @@: |
252 | @@: |
| 245 | mov esi, [ntfs_data.mft_retrieval] |
253 | mov esi, [ntfs_data.mft_retrieval] |
| 246 | mov edi, eax |
254 | mov edi, eax |
| 247 | mov ecx, [ntfs_data.mft_retrieval_size] |
255 | mov ecx, [ntfs_data.mft_retrieval_size] |
| 248 | add ecx, ecx |
256 | add ecx, ecx |
| 249 | rep movsd |
257 | rep movsd |
| 250 | push [ntfs_data.mft_retrieval] |
258 | push [ntfs_data.mft_retrieval] |
| 251 | mov [ntfs_data.mft_retrieval], eax |
259 | mov [ntfs_data.mft_retrieval], eax |
| 252 | call kernel_free |
260 | call kernel_free |
| 253 | mov eax, [ntfs_data.mft_retrieval_size] |
261 | mov eax, [ntfs_data.mft_retrieval_size] |
| 254 | .ok: |
262 | .ok: |
| 255 | shl eax, 3 |
263 | shl eax, 3 |
| 256 | add eax, [ntfs_data.mft_retrieval] |
264 | add eax, [ntfs_data.mft_retrieval] |
| 257 | mov [esp+28], eax |
265 | mov [esp+28], eax |
| 258 | popad |
266 | popad |
| 259 | ret |
267 | ret |
| 260 | 268 | ||
| 261 | ntfs_read_frs_sector: |
269 | ntfs_read_frs_sector: |
| 262 | push eax ecx |
270 | push eax ecx |
| 263 | add eax, [PARTITION_START] |
271 | add eax, [PARTITION_START] |
| 264 | mov ecx, [ntfs_data.frs_size] |
272 | mov ecx, [ntfs_data.frs_size] |
| 265 | shr ecx, 9 |
273 | shr ecx, 9 |
| 266 | mov ebx, [ntfs_data.frs_buffer] |
274 | mov ebx, [ntfs_data.frs_buffer] |
| 267 | push ebx |
275 | push ebx |
| 268 | @@: |
276 | @@: |
| 269 | call hd_read |
277 | call hd_read |
| 270 | cmp [hd_error], 0 |
278 | cmp [hd_error], 0 |
| 271 | jnz .fail |
279 | jnz .fail |
| 272 | add ebx, 0x200 |
280 | add ebx, 0x200 |
| 273 | inc eax |
281 | inc eax |
| 274 | loop @b |
282 | loop @b |
| 275 | .fail: |
283 | .fail: |
| 276 | pop ebx |
284 | pop ebx |
| 277 | pop ecx eax |
285 | pop ecx eax |
| 278 | ret |
286 | ret |
| 279 | 287 | ||
| 280 | uglobal |
288 | uglobal |
| 281 | align 4 |
289 | align 4 |
| 282 | ntfs_cur_attr dd ? |
290 | ntfs_cur_attr dd ? |
| 283 | ntfs_cur_iRecord dd ? |
291 | ntfs_cur_iRecord dd ? |
| 284 | ntfs_cur_offs dd ? ; in sectors |
292 | ntfs_cur_offs dd ? ; in sectors |
| 285 | ntfs_cur_size dd ? ; in sectors |
293 | ntfs_cur_size dd ? ; in sectors |
| 286 | ntfs_cur_buf dd ? |
294 | ntfs_cur_buf dd ? |
| 287 | ntfs_cur_read dd ? ; [output] |
295 | ntfs_cur_read dd ? ; [output] |
| 288 | ntfs_bCanContinue db ? |
296 | ntfs_bCanContinue db ? |
| 289 | rb 3 |
297 | rb 3 |
| 290 | 298 | ||
| 291 | ntfs_attrlist_buf rb 0x400 |
299 | ntfs_attrlist_buf rb 0x400 |
| 292 | ntfs_attrlist_mft_buf rb 0x400 |
300 | ntfs_attrlist_mft_buf rb 0x400 |
| 293 | ntfs_bitmap_buf rb 0x400 |
301 | ntfs_bitmap_buf rb 0x400 |
| 294 | 302 | ||
| 295 | ntfs_attr_iRecord dd ? |
303 | ntfs_attr_iRecord dd ? |
| 296 | ntfs_attr_iBaseRecord dd ? |
304 | ntfs_attr_iBaseRecord dd ? |
| 297 | ntfs_attr_offs dd ? |
305 | ntfs_attr_offs dd ? |
| 298 | ntfs_attr_list dd ? |
306 | ntfs_attr_list dd ? |
| 299 | ntfs_attr_size dq ? |
307 | ntfs_attr_size dq ? |
| 300 | ntfs_cur_tail dd ? |
308 | ntfs_cur_tail dd ? |
| 301 | endg |
309 | endg |
| 302 | 310 | ||
| 303 | ntfs_read_attr: |
311 | ntfs_read_attr: |
| 304 | ; in: global variables |
312 | ; in: global variables |
| 305 | ; out: [ntfs_cur_read] |
313 | ; out: [ntfs_cur_read] |
| 306 | pushad |
314 | pushad |
| 307 | and [ntfs_cur_read], 0 |
315 | and [ntfs_cur_read], 0 |
| 308 | cmp [ntfs_cur_iRecord], 0 |
316 | cmp [ntfs_cur_iRecord], 0 |
| 309 | jnz .nomft |
317 | jnz .nomft |
| 310 | cmp [ntfs_cur_attr], 0x80 |
318 | cmp [ntfs_cur_attr], 0x80 |
| 311 | jnz .nomft |
319 | jnz .nomft |
| 312 | mov eax, [ntfs_data.mft_retrieval_end] |
320 | mov eax, [ntfs_data.mft_retrieval_end] |
| 313 | inc eax |
321 | inc eax |
| 314 | mul [ntfs_data.sectors_per_cluster] |
322 | mul [ntfs_data.sectors_per_cluster] |
| 315 | cmp eax, [ntfs_cur_offs] |
323 | cmp eax, [ntfs_cur_offs] |
| 316 | jbe .nomft |
324 | jbe .nomft |
| 317 | ; precalculated part of $Mft $DATA |
325 | ; precalculated part of $Mft $DATA |
| 318 | mov esi, [ntfs_data.mft_retrieval] |
326 | mov esi, [ntfs_data.mft_retrieval] |
| 319 | mov eax, [ntfs_cur_offs] |
327 | mov eax, [ntfs_cur_offs] |
| 320 | xor edx, edx |
328 | xor edx, edx |
| 321 | div [ntfs_data.sectors_per_cluster] |
329 | div [ntfs_data.sectors_per_cluster] |
| 322 | ; eax = VCN, edx = offset in sectors from beginning of cluster |
330 | ; eax = VCN, edx = offset in sectors from beginning of cluster |
| 323 | xor ecx, ecx ; ecx will contain LCN |
331 | xor ecx, ecx ; ecx will contain LCN |
| 324 | .mftscan: |
332 | .mftscan: |
| 325 | add ecx, [esi+4] |
333 | add ecx, [esi+4] |
| 326 | sub eax, [esi] |
334 | sub eax, [esi] |
| 327 | jb @f |
335 | jb @f |
| 328 | add esi, 8 |
336 | add esi, 8 |
| 329 | push eax |
337 | push eax |
| 330 | mov eax, [ntfs_data.mft_retrieval_end] |
338 | mov eax, [ntfs_data.mft_retrieval_end] |
| 331 | shl eax, 3 |
339 | shl eax, 3 |
| 332 | add eax, [ntfs_data.mft_retrieval] |
340 | add eax, [ntfs_data.mft_retrieval] |
| 333 | cmp eax, esi |
341 | cmp eax, esi |
| 334 | pop eax |
342 | pop eax |
| 335 | jnz .mftscan |
343 | jnz .mftscan |
| 336 | jmp .nomft |
344 | jmp .nomft |
| 337 | @@: |
345 | @@: |
| 338 | push ecx |
346 | push ecx |
| 339 | add ecx, eax |
347 | add ecx, eax |
| 340 | add ecx, [esi] |
348 | add ecx, [esi] |
| 341 | push eax |
349 | push eax |
| 342 | push edx |
350 | push edx |
| 343 | mov eax, [ntfs_data.sectors_per_cluster] |
351 | mov eax, [ntfs_data.sectors_per_cluster] |
| 344 | mul ecx |
352 | mul ecx |
| 345 | ; eax = sector on partition |
353 | ; eax = sector on partition |
| 346 | add eax, [PARTITION_START] |
354 | add eax, [PARTITION_START] |
| 347 | pop edx |
355 | pop edx |
| 348 | add eax, edx |
356 | add eax, edx |
| 349 | mov ebx, [ntfs_cur_buf] |
357 | mov ebx, [ntfs_cur_buf] |
| 350 | pop ecx |
358 | pop ecx |
| 351 | neg ecx |
359 | neg ecx |
| 352 | imul ecx, [ntfs_data.sectors_per_cluster] |
360 | imul ecx, [ntfs_data.sectors_per_cluster] |
| 353 | sub ecx, edx |
361 | sub ecx, edx |
| 354 | cmp ecx, [ntfs_cur_size] |
362 | cmp ecx, [ntfs_cur_size] |
| 355 | jb @f |
363 | jb @f |
| 356 | mov ecx, [ntfs_cur_size] |
364 | mov ecx, [ntfs_cur_size] |
| 357 | @@: |
365 | @@: |
| 358 | ; ecx = number of sequential sectors to read |
366 | ; ecx = number of sequential sectors to read |
| 359 | call hd_read |
367 | call hd_read |
| 360 | cmp [hd_error], 0 |
368 | cmp [hd_error], 0 |
| 361 | jnz .errread |
369 | jnz .errread |
| 362 | add [ntfs_cur_read], 0x200 |
370 | add [ntfs_cur_read], 0x200 |
| 363 | dec [ntfs_cur_size] |
371 | dec [ntfs_cur_size] |
| 364 | inc [ntfs_cur_offs] |
372 | inc [ntfs_cur_offs] |
| 365 | add ebx, 0x200 |
373 | add ebx, 0x200 |
| 366 | mov [ntfs_cur_buf], ebx |
374 | mov [ntfs_cur_buf], ebx |
| 367 | inc eax |
375 | inc eax |
| 368 | loop @b |
376 | loop @b |
| 369 | pop ecx |
377 | pop ecx |
| 370 | xor eax, eax |
378 | xor eax, eax |
| 371 | xor edx, edx |
379 | xor edx, edx |
| 372 | cmp [ntfs_cur_size], eax |
380 | cmp [ntfs_cur_size], eax |
| 373 | jz @f |
381 | jz @f |
| 374 | add esi, 8 |
382 | add esi, 8 |
| 375 | push eax |
383 | push eax |
| 376 | mov eax, [ntfs_data.mft_retrieval_end] |
384 | mov eax, [ntfs_data.mft_retrieval_end] |
| 377 | shl eax, 3 |
385 | shl eax, 3 |
| 378 | add eax, [ntfs_data.mft_retrieval] |
386 | add eax, [ntfs_data.mft_retrieval] |
| 379 | cmp eax, esi |
387 | cmp eax, esi |
| 380 | pop eax |
388 | pop eax |
| 381 | jz .nomft |
389 | jz .nomft |
| 382 | jmp .mftscan |
390 | jmp .mftscan |
| 383 | @@: |
391 | @@: |
| 384 | popad |
392 | popad |
| 385 | ret |
393 | ret |
| 386 | .errread: |
394 | .errread: |
| 387 | pop ecx |
395 | pop ecx |
| 388 | .errret: |
396 | .errret: |
| 389 | stc |
397 | stc |
| 390 | popad |
398 | popad |
| 391 | ret |
399 | ret |
| 392 | .nomft: |
400 | .nomft: |
| 393 | ; 1. Read file record. |
401 | ; 1. Read file record. |
| 394 | ; N.B. This will do recursive call of read_attr for $MFT::$Data. |
402 | ; N.B. This will do recursive call of read_attr for $MFT::$Data. |
| 395 | mov eax, [ntfs_cur_iRecord] |
403 | mov eax, [ntfs_cur_iRecord] |
| 396 | mov [ntfs_attr_iRecord], eax |
404 | mov [ntfs_attr_iRecord], eax |
| 397 | and [ntfs_attr_list], 0 |
405 | and [ntfs_attr_list], 0 |
| 398 | or dword [ntfs_attr_size], -1 |
406 | or dword [ntfs_attr_size], -1 |
| 399 | or dword [ntfs_attr_size+4], -1 |
407 | or dword [ntfs_attr_size+4], -1 |
| 400 | or [ntfs_attr_iBaseRecord], -1 |
408 | or [ntfs_attr_iBaseRecord], -1 |
| 401 | call ntfs_read_file_record |
409 | call ntfs_read_file_record |
| 402 | test eax, eax |
410 | test eax, eax |
| 403 | jz .errret |
411 | jz .errret |
| 404 | ; 2. Find required attribute. |
412 | ; 2. Find required attribute. |
| 405 | mov eax, [ntfs_data.frs_buffer] |
413 | mov eax, [ntfs_data.frs_buffer] |
| 406 | ; a) For auxiliary records, read base record |
414 | ; a) For auxiliary records, read base record |
| 407 | ; N.B. If base record is present, |
415 | ; N.B. If base record is present, |
| 408 | ; base iRecord may be 0 (for $Mft), but SequenceNumber is nonzero |
416 | ; base iRecord may be 0 (for $Mft), but SequenceNumber is nonzero |
| 409 | cmp dword [eax+24h], 0 |
417 | cmp dword [eax+24h], 0 |
| 410 | jz @f |
418 | jz @f |
| 411 | mov eax, [eax+20h] |
419 | mov eax, [eax+20h] |
| 412 | ; test eax, eax |
420 | ; test eax, eax |
| 413 | ; jz @f |
421 | ; jz @f |
| 414 | .beginfindattr: |
422 | .beginfindattr: |
| 415 | mov [ntfs_attr_iRecord], eax |
423 | mov [ntfs_attr_iRecord], eax |
| 416 | call ntfs_read_file_record |
424 | call ntfs_read_file_record |
| 417 | test eax, eax |
425 | test eax, eax |
| 418 | jz .errret |
426 | jz .errret |
| 419 | @@: |
427 | @@: |
| 420 | ; b) Scan for required attribute and for $ATTR_LIST |
428 | ; b) Scan for required attribute and for $ATTR_LIST |
| 421 | mov eax, [ntfs_data.frs_buffer] |
429 | mov eax, [ntfs_data.frs_buffer] |
| 422 | movzx ecx, word [eax+14h] |
430 | movzx ecx, word [eax+14h] |
| 423 | add eax, ecx |
431 | add eax, ecx |
| 424 | mov ecx, [ntfs_cur_attr] |
432 | mov ecx, [ntfs_cur_attr] |
| 425 | and [ntfs_attr_offs], 0 |
433 | and [ntfs_attr_offs], 0 |
| 426 | .scanattr: |
434 | .scanattr: |
| 427 | cmp dword [eax], -1 |
435 | cmp dword [eax], -1 |
| 428 | jz .scandone |
436 | jz .scandone |
| 429 | cmp dword [eax], ecx |
437 | cmp dword [eax], ecx |
| 430 | jz .okattr |
438 | jz .okattr |
| 431 | cmp [ntfs_attr_iBaseRecord], -1 |
439 | cmp [ntfs_attr_iBaseRecord], -1 |
| 432 | jnz .scancont |
440 | jnz .scancont |
| 433 | cmp dword [eax], 0x20 ; $ATTR_LIST |
441 | cmp dword [eax], 0x20 ; $ATTR_LIST |
| 434 | jnz .scancont |
442 | jnz .scancont |
| 435 | mov [ntfs_attr_list], eax |
443 | mov [ntfs_attr_list], eax |
| 436 | jmp .scancont |
444 | jmp .scancont |
| 437 | .okattr: |
445 | .okattr: |
| 438 | ; ignore named $DATA attributes (aka NTFS streams) |
446 | ; ignore named $DATA attributes (aka NTFS streams) |
| 439 | cmp ecx, 0x80 |
447 | cmp ecx, 0x80 |
| 440 | jnz @f |
448 | jnz @f |
| 441 | cmp byte [eax+9], 0 |
449 | cmp byte [eax+9], 0 |
| 442 | jnz .scancont |
450 | jnz .scancont |
| 443 | @@: |
451 | @@: |
| 444 | mov [ntfs_attr_offs], eax |
452 | mov [ntfs_attr_offs], eax |
| 445 | .scancont: |
453 | .scancont: |
| 446 | add eax, [eax+4] |
454 | add eax, [eax+4] |
| 447 | jmp .scanattr |
455 | jmp .scanattr |
| 448 | .continue: |
456 | .continue: |
| 449 | pushad |
457 | pushad |
| 450 | and [ntfs_cur_read], 0 |
458 | and [ntfs_cur_read], 0 |
| 451 | .scandone: |
459 | .scandone: |
| 452 | ; c) Check for required offset and length |
460 | ; c) Check for required offset and length |
| 453 | mov ecx, [ntfs_attr_offs] |
461 | mov ecx, [ntfs_attr_offs] |
| 454 | jecxz .noattr |
462 | jecxz .noattr |
| 455 | push [ntfs_cur_size] |
463 | push [ntfs_cur_size] |
| 456 | push [ntfs_cur_read] |
464 | push [ntfs_cur_read] |
| 457 | call .doreadattr |
465 | call .doreadattr |
| 458 | pop edx |
466 | pop edx |
| 459 | pop eax |
467 | pop eax |
| 460 | jc @f |
468 | jc @f |
| 461 | cmp [ntfs_bCanContinue], 0 |
469 | cmp [ntfs_bCanContinue], 0 |
| 462 | jz @f |
470 | jz @f |
| 463 | sub edx, [ntfs_cur_read] |
471 | sub edx, [ntfs_cur_read] |
| 464 | neg edx |
472 | neg edx |
| 465 | shr edx, 9 |
473 | shr edx, 9 |
| 466 | sub eax, edx |
474 | sub eax, edx |
| 467 | mov [ntfs_cur_size], eax |
475 | mov [ntfs_cur_size], eax |
| 468 | jnz .not_in_cur |
476 | jnz .not_in_cur |
| 469 | @@: |
477 | @@: |
| 470 | popad |
478 | popad |
| 471 | ret |
479 | ret |
| 472 | .noattr: |
480 | .noattr: |
| 473 | .not_in_cur: |
481 | .not_in_cur: |
| 474 | cmp [ntfs_cur_attr], 0x20 |
482 | cmp [ntfs_cur_attr], 0x20 |
| 475 | jz @f |
483 | jz @f |
| 476 | mov ecx, [ntfs_attr_list] |
484 | mov ecx, [ntfs_attr_list] |
| 477 | test ecx, ecx |
485 | test ecx, ecx |
| 478 | jnz .lookattr |
486 | jnz .lookattr |
| 479 | .ret_is_attr: |
487 | .ret_is_attr: |
| 480 | cmp [ntfs_attr_offs], 1 ; CF set <=> ntfs_attr_offs == 0 |
488 | cmp [ntfs_attr_offs], 1 ; CF set <=> ntfs_attr_offs == 0 |
| 481 | popad |
489 | popad |
| 482 | ret |
490 | ret |
| 483 | .lookattr: |
491 | .lookattr: |
| 484 | ; required attribute or required offset was not found in base record; |
492 | ; required attribute or required offset was not found in base record; |
| 485 | ; it may be present in auxiliary records; |
493 | ; it may be present in auxiliary records; |
| 486 | ; scan $ATTR_LIST |
494 | ; scan $ATTR_LIST |
| 487 | mov eax, [ntfs_attr_iBaseRecord] |
495 | mov eax, [ntfs_attr_iBaseRecord] |
| 488 | cmp eax, -1 |
496 | cmp eax, -1 |
| 489 | jz @f |
497 | jz @f |
| 490 | call ntfs_read_file_record |
498 | call ntfs_read_file_record |
| 491 | test eax, eax |
499 | test eax, eax |
| 492 | jz .errret |
500 | jz .errret |
| 493 | or [ntfs_attr_iBaseRecord], -1 |
501 | or [ntfs_attr_iBaseRecord], -1 |
| 494 | @@: |
502 | @@: |
| 495 | push [ntfs_cur_offs] |
503 | push [ntfs_cur_offs] |
| 496 | push [ntfs_cur_size] |
504 | push [ntfs_cur_size] |
| 497 | push [ntfs_cur_read] |
505 | push [ntfs_cur_read] |
| 498 | push [ntfs_cur_buf] |
506 | push [ntfs_cur_buf] |
| 499 | push dword [ntfs_attr_size] |
507 | push dword [ntfs_attr_size] |
| 500 | push dword [ntfs_attr_size+4] |
508 | push dword [ntfs_attr_size+4] |
| 501 | or dword [ntfs_attr_size], -1 |
509 | or dword [ntfs_attr_size], -1 |
| 502 | or dword [ntfs_attr_size+4], -1 |
510 | or dword [ntfs_attr_size+4], -1 |
| 503 | and [ntfs_cur_offs], 0 |
511 | and [ntfs_cur_offs], 0 |
| 504 | mov [ntfs_cur_size], 2 |
512 | mov [ntfs_cur_size], 2 |
| 505 | and [ntfs_cur_read], 0 |
513 | and [ntfs_cur_read], 0 |
| 506 | mov eax, ntfs_attrlist_buf |
514 | mov eax, ntfs_attrlist_buf |
| 507 | cmp [ntfs_cur_iRecord], 0 |
515 | cmp [ntfs_cur_iRecord], 0 |
| 508 | jnz @f |
516 | jnz @f |
| 509 | mov eax, ntfs_attrlist_mft_buf |
517 | mov eax, ntfs_attrlist_mft_buf |
| 510 | @@: |
518 | @@: |
| 511 | mov [ntfs_cur_buf], eax |
519 | mov [ntfs_cur_buf], eax |
| 512 | push eax |
520 | push eax |
| 513 | call .doreadattr |
521 | call .doreadattr |
| 514 | pop esi |
522 | pop esi |
| 515 | mov edx, 1 |
523 | mov edx, 1 |
| 516 | pop dword [ntfs_attr_size+4] |
524 | pop dword [ntfs_attr_size+4] |
| 517 | pop dword [ntfs_attr_size] |
525 | pop dword [ntfs_attr_size] |
| 518 | mov ebp, [ntfs_cur_read] |
526 | mov ebp, [ntfs_cur_read] |
| 519 | pop [ntfs_cur_buf] |
527 | pop [ntfs_cur_buf] |
| 520 | pop [ntfs_cur_read] |
528 | pop [ntfs_cur_read] |
| 521 | pop [ntfs_cur_size] |
529 | pop [ntfs_cur_size] |
| 522 | pop [ntfs_cur_offs] |
530 | pop [ntfs_cur_offs] |
| 523 | jc .errret |
531 | jc .errret |
| 524 | or edi, -1 |
532 | or edi, -1 |
| 525 | lea ebp, [ebp+esi-1Ah] |
533 | lea ebp, [ebp+esi-1Ah] |
| 526 | .scanliststart: |
534 | .scanliststart: |
| 527 | mov eax, [ntfs_cur_attr] |
535 | mov eax, [ntfs_cur_attr] |
| 528 | .scanlist: |
536 | .scanlist: |
| 529 | cmp esi, ebp |
537 | cmp esi, ebp |
| 530 | jae .scanlistdone |
538 | jae .scanlistdone |
| 531 | cmp eax, [esi] |
539 | cmp eax, [esi] |
| 532 | jz @f |
540 | jz @f |
| 533 | .scanlistcont: |
541 | .scanlistcont: |
| 534 | movzx ecx, word [esi+4] |
542 | movzx ecx, word [esi+4] |
| 535 | add esi, ecx |
543 | add esi, ecx |
| 536 | jmp .scanlist |
544 | jmp .scanlist |
| 537 | @@: |
545 | @@: |
| 538 | ; ignore named $DATA attributes (aka NTFS streams) |
546 | ; ignore named $DATA attributes (aka NTFS streams) |
| 539 | cmp eax, 0x80 |
547 | cmp eax, 0x80 |
| 540 | jnz @f |
548 | jnz @f |
| 541 | cmp byte [esi+6], 0 |
549 | cmp byte [esi+6], 0 |
| 542 | jnz .scanlistcont |
550 | jnz .scanlistcont |
| 543 | @@: |
551 | @@: |
| 544 | push eax |
552 | push eax |
| 545 | mov eax, [esi+8] |
553 | mov eax, [esi+8] |
| 546 | test eax, eax |
554 | test eax, eax |
| 547 | jnz .testf |
555 | jnz .testf |
| 548 | mov eax, dword [ntfs_attr_size] |
556 | mov eax, dword [ntfs_attr_size] |
| 549 | and eax, dword [ntfs_attr_size+4] |
557 | and eax, dword [ntfs_attr_size+4] |
| 550 | cmp eax, -1 |
558 | cmp eax, -1 |
| 551 | jnz .testfz |
559 | jnz .testfz |
| 552 | ; if attribute is in auxiliary records, its size is defined only in first |
560 | ; if attribute is in auxiliary records, its size is defined only in first |
| 553 | mov eax, [esi+10h] |
561 | mov eax, [esi+10h] |
| 554 | call ntfs_read_file_record |
562 | call ntfs_read_file_record |
| 555 | test eax, eax |
563 | test eax, eax |
| 556 | jnz @f |
564 | jnz @f |
| 557 | .errret_pop: |
565 | .errret_pop: |
| 558 | pop eax |
566 | pop eax |
| 559 | jmp .errret |
567 | jmp .errret |
| 560 | @@: |
568 | @@: |
| 561 | mov eax, [ntfs_data.frs_buffer] |
569 | mov eax, [ntfs_data.frs_buffer] |
| 562 | movzx ecx, word [eax+14h] |
570 | movzx ecx, word [eax+14h] |
| 563 | add eax, ecx |
571 | add eax, ecx |
| 564 | mov ecx, [ntfs_cur_attr] |
572 | mov ecx, [ntfs_cur_attr] |
| 565 | @@: |
573 | @@: |
| 566 | cmp dword [eax], -1 |
574 | cmp dword [eax], -1 |
| 567 | jz .errret_pop |
575 | jz .errret_pop |
| 568 | cmp dword [eax], ecx |
576 | cmp dword [eax], ecx |
| 569 | jz @f |
577 | jz @f |
| 570 | .l1: |
578 | .l1: |
| 571 | add eax, [eax+4] |
579 | add eax, [eax+4] |
| 572 | jmp @b |
580 | jmp @b |
| 573 | @@: |
581 | @@: |
| 574 | cmp eax, 0x80 |
582 | cmp eax, 0x80 |
| 575 | jnz @f |
583 | jnz @f |
| 576 | cmp byte [eax+9], 0 |
584 | cmp byte [eax+9], 0 |
| 577 | jnz .l1 |
585 | jnz .l1 |
| 578 | @@: |
586 | @@: |
| 579 | cmp byte [eax+8], 0 |
587 | cmp byte [eax+8], 0 |
| 580 | jnz .sdnores |
588 | jnz .sdnores |
| 581 | mov eax, [eax+10h] |
589 | mov eax, [eax+10h] |
| 582 | mov dword [ntfs_attr_size], eax |
590 | mov dword [ntfs_attr_size], eax |
| 583 | and dword [ntfs_attr_size+4], 0 |
591 | and dword [ntfs_attr_size+4], 0 |
| 584 | jmp .testfz |
592 | jmp .testfz |
| 585 | .sdnores: |
593 | .sdnores: |
| 586 | mov ecx, [eax+30h] |
594 | mov ecx, [eax+30h] |
| 587 | mov dword [ntfs_attr_size], ecx |
595 | mov dword [ntfs_attr_size], ecx |
| 588 | mov ecx, [eax+34h] |
596 | mov ecx, [eax+34h] |
| 589 | mov dword [ntfs_attr_size+4], ecx |
597 | mov dword [ntfs_attr_size+4], ecx |
| 590 | .testfz: |
598 | .testfz: |
| 591 | xor eax, eax |
599 | xor eax, eax |
| 592 | .testf: |
600 | .testf: |
| 593 | imul eax, [ntfs_data.sectors_per_cluster] |
601 | imul eax, [ntfs_data.sectors_per_cluster] |
| 594 | cmp eax, [ntfs_cur_offs] |
602 | cmp eax, [ntfs_cur_offs] |
| 595 | pop eax |
603 | pop eax |
| 596 | ja @f |
604 | ja @f |
| 597 | mov edi, [esi+10h] ; keep previous iRecord |
605 | mov edi, [esi+10h] ; keep previous iRecord |
| 598 | jmp .scanlistcont |
606 | jmp .scanlistcont |
| 599 | @@: |
607 | @@: |
| 600 | .scanlistfound: |
608 | .scanlistfound: |
| 601 | cmp edi, -1 |
609 | cmp edi, -1 |
| 602 | jnz @f |
610 | jnz @f |
| 603 | popad |
611 | popad |
| 604 | ret |
612 | ret |
| 605 | @@: |
613 | @@: |
| 606 | mov eax, [ntfs_cur_iRecord] |
614 | mov eax, [ntfs_cur_iRecord] |
| 607 | mov [ntfs_attr_iBaseRecord], eax |
615 | mov [ntfs_attr_iBaseRecord], eax |
| 608 | mov eax, edi |
616 | mov eax, edi |
| 609 | jmp .beginfindattr |
617 | jmp .beginfindattr |
| 610 | .sde: |
618 | .sde: |
| 611 | popad |
619 | popad |
| 612 | stc |
620 | stc |
| 613 | ret |
621 | ret |
| 614 | .scanlistdone: |
622 | .scanlistdone: |
| 615 | sub ebp, ntfs_attrlist_buf-1Ah |
623 | sub ebp, ntfs_attrlist_buf-1Ah |
| 616 | cmp [ntfs_cur_iRecord], 0 |
624 | cmp [ntfs_cur_iRecord], 0 |
| 617 | jnz @f |
625 | jnz @f |
| 618 | sub ebp, ntfs_attrlist_mft_buf-ntfs_attrlist_buf |
626 | sub ebp, ntfs_attrlist_mft_buf-ntfs_attrlist_buf |
| 619 | @@: |
627 | @@: |
| 620 | cmp ebp, 0x400 |
628 | cmp ebp, 0x400 |
| 621 | jnz .scanlistfound |
629 | jnz .scanlistfound |
| 622 | inc edx |
630 | inc edx |
| 623 | push esi edi |
631 | push esi edi |
| 624 | mov esi, ntfs_attrlist_buf+0x200 |
632 | mov esi, ntfs_attrlist_buf+0x200 |
| 625 | mov edi, ntfs_attrlist_buf |
633 | mov edi, ntfs_attrlist_buf |
| 626 | cmp [ntfs_cur_iRecord], 0 |
634 | cmp [ntfs_cur_iRecord], 0 |
| 627 | jnz @f |
635 | jnz @f |
| 628 | mov esi, ntfs_attrlist_mft_buf+0x200 |
636 | mov esi, ntfs_attrlist_mft_buf+0x200 |
| 629 | mov edi, ntfs_attrlist_mft_buf |
637 | mov edi, ntfs_attrlist_mft_buf |
| 630 | @@: |
638 | @@: |
| 631 | mov ecx, 0x200/4 |
639 | mov ecx, 0x200/4 |
| 632 | rep movsd |
640 | rep movsd |
| 633 | mov eax, edi |
641 | mov eax, edi |
| 634 | pop edi esi |
642 | pop edi esi |
| 635 | sub esi, 0x200 |
643 | sub esi, 0x200 |
| 636 | push [ntfs_cur_offs] |
644 | push [ntfs_cur_offs] |
| 637 | push [ntfs_cur_size] |
645 | push [ntfs_cur_size] |
| 638 | push [ntfs_cur_read] |
646 | push [ntfs_cur_read] |
| 639 | push [ntfs_cur_buf] |
647 | push [ntfs_cur_buf] |
| 640 | push dword [ntfs_attr_size] |
648 | push dword [ntfs_attr_size] |
| 641 | push dword [ntfs_attr_size+4] |
649 | push dword [ntfs_attr_size+4] |
| 642 | or dword [ntfs_attr_size], -1 |
650 | or dword [ntfs_attr_size], -1 |
| 643 | or dword [ntfs_attr_size+4], -1 |
651 | or dword [ntfs_attr_size+4], -1 |
| 644 | mov [ntfs_cur_offs], edx |
652 | mov [ntfs_cur_offs], edx |
| 645 | mov [ntfs_cur_size], 1 |
653 | mov [ntfs_cur_size], 1 |
| 646 | and [ntfs_cur_read], 0 |
654 | and [ntfs_cur_read], 0 |
| 647 | mov [ntfs_cur_buf], eax |
655 | mov [ntfs_cur_buf], eax |
| 648 | mov ecx, [ntfs_attr_list] |
656 | mov ecx, [ntfs_attr_list] |
| 649 | push esi edx |
657 | push esi edx |
| 650 | call .doreadattr |
658 | call .doreadattr |
| 651 | pop edx esi |
659 | pop edx esi |
| 652 | mov ebp, [ntfs_cur_read] |
660 | mov ebp, [ntfs_cur_read] |
| 653 | pop dword [ntfs_attr_size+4] |
661 | pop dword [ntfs_attr_size+4] |
| 654 | pop dword [ntfs_attr_size] |
662 | pop dword [ntfs_attr_size] |
| 655 | pop [ntfs_cur_buf] |
663 | pop [ntfs_cur_buf] |
| 656 | pop [ntfs_cur_read] |
664 | pop [ntfs_cur_read] |
| 657 | pop [ntfs_cur_size] |
665 | pop [ntfs_cur_size] |
| 658 | pop [ntfs_cur_offs] |
666 | pop [ntfs_cur_offs] |
| 659 | jc .errret |
667 | jc .errret |
| 660 | add ebp, ntfs_attrlist_buf+0x200-0x1A |
668 | add ebp, ntfs_attrlist_buf+0x200-0x1A |
| 661 | cmp [ntfs_cur_iRecord], 0 |
669 | cmp [ntfs_cur_iRecord], 0 |
| 662 | jnz .scanliststart |
670 | jnz .scanliststart |
| 663 | add ebp, ntfs_attrlist_mft_buf-ntfs_attrlist_buf |
671 | add ebp, ntfs_attrlist_mft_buf-ntfs_attrlist_buf |
| 664 | jmp .scanliststart |
672 | jmp .scanliststart |
| 665 | 673 | ||
| 666 | .doreadattr: |
674 | .doreadattr: |
| 667 | mov [ntfs_bCanContinue], 0 |
675 | mov [ntfs_bCanContinue], 0 |
| 668 | cmp byte [ecx+8], 0 |
676 | cmp byte [ecx+8], 0 |
| 669 | jnz .nonresident |
677 | jnz .nonresident |
| 670 | mov eax, [ecx+10h] ; length |
678 | mov eax, [ecx+10h] ; length |
| 671 | mov esi, eax |
679 | mov esi, eax |
| 672 | mov edx, [ntfs_cur_offs] |
680 | mov edx, [ntfs_cur_offs] |
| 673 | shr eax, 9 |
681 | shr eax, 9 |
| 674 | cmp eax, edx |
682 | cmp eax, edx |
| 675 | jb .okret |
683 | jb .okret |
| 676 | shl edx, 9 |
684 | shl edx, 9 |
| 677 | sub esi, edx |
685 | sub esi, edx |
| 678 | movzx eax, word [ecx+14h] |
686 | movzx eax, word [ecx+14h] |
| 679 | add edx, eax |
687 | add edx, eax |
| 680 | add edx, ecx ; edx -> data |
688 | add edx, ecx ; edx -> data |
| 681 | mov eax, [ntfs_cur_size] |
689 | mov eax, [ntfs_cur_size] |
| 682 | cmp eax, (0xFFFFFFFF shr 9)+1 |
690 | cmp eax, (0xFFFFFFFF shr 9)+1 |
| 683 | jbe @f |
691 | jbe @f |
| 684 | mov eax, (0xFFFFFFFF shr 9)+1 |
692 | mov eax, (0xFFFFFFFF shr 9)+1 |
| 685 | @@: |
693 | @@: |
| 686 | shl eax, 9 |
694 | shl eax, 9 |
| 687 | cmp eax, esi |
695 | cmp eax, esi |
| 688 | jbe @f |
696 | jbe @f |
| 689 | mov eax, esi |
697 | mov eax, esi |
| 690 | @@: |
698 | @@: |
| 691 | ; eax = length, edx -> data |
699 | ; eax = length, edx -> data |
| 692 | mov [ntfs_cur_read], eax |
700 | mov [ntfs_cur_read], eax |
| 693 | mov ecx, eax |
701 | mov ecx, eax |
| 694 | mov eax, edx |
702 | mov eax, edx |
| 695 | mov ebx, [ntfs_cur_buf] |
703 | mov ebx, [ntfs_cur_buf] |
| 696 | call memmove |
704 | call memmove |
| 697 | and [ntfs_cur_size], 0 ; CF=0 |
705 | and [ntfs_cur_size], 0 ; CF=0 |
| 698 | ret |
706 | ret |
| 699 | .nonresident: |
707 | .nonresident: |
| 700 | ; Not all auxiliary records contain correct FileSize info |
708 | ; Not all auxiliary records contain correct FileSize info |
| 701 | mov eax, dword [ntfs_attr_size] |
709 | mov eax, dword [ntfs_attr_size] |
| 702 | mov edx, dword [ntfs_attr_size+4] |
710 | mov edx, dword [ntfs_attr_size+4] |
| 703 | push eax |
711 | push eax |
| 704 | and eax, edx |
712 | and eax, edx |
| 705 | cmp eax, -1 |
713 | cmp eax, -1 |
| 706 | pop eax |
714 | pop eax |
| 707 | jnz @f |
715 | jnz @f |
| 708 | mov eax, [ecx+30h] ; FileSize |
716 | mov eax, [ecx+30h] ; FileSize |
| 709 | mov edx, [ecx+34h] |
717 | mov edx, [ecx+34h] |
| 710 | mov dword [ntfs_attr_size], eax |
718 | mov dword [ntfs_attr_size], eax |
| 711 | mov dword [ntfs_attr_size+4], edx |
719 | mov dword [ntfs_attr_size+4], edx |
| 712 | @@: |
720 | @@: |
| 713 | add eax, 0x1FF |
721 | add eax, 0x1FF |
| 714 | adc edx, 0 |
722 | adc edx, 0 |
| 715 | shrd eax, edx, 9 |
723 | shrd eax, edx, 9 |
| 716 | sub eax, [ntfs_cur_offs] |
724 | sub eax, [ntfs_cur_offs] |
| 717 | ja @f |
725 | ja @f |
| 718 | ; return with nothing read |
726 | ; return with nothing read |
| 719 | and [ntfs_cur_size], 0 |
727 | and [ntfs_cur_size], 0 |
| 720 | .okret: |
728 | .okret: |
| 721 | clc |
729 | clc |
| 722 | ret |
730 | ret |
| 723 | @@: |
731 | @@: |
| 724 | ; reduce read length |
732 | ; reduce read length |
| 725 | and [ntfs_cur_tail], 0 |
733 | and [ntfs_cur_tail], 0 |
| 726 | cmp [ntfs_cur_size], eax |
734 | cmp [ntfs_cur_size], eax |
| 727 | jb @f |
735 | jb @f |
| 728 | mov [ntfs_cur_size], eax |
736 | mov [ntfs_cur_size], eax |
| 729 | mov eax, dword [ntfs_attr_size] |
737 | mov eax, dword [ntfs_attr_size] |
| 730 | and eax, 0x1FF |
738 | and eax, 0x1FF |
| 731 | mov [ntfs_cur_tail], eax |
739 | mov [ntfs_cur_tail], eax |
| 732 | @@: |
740 | @@: |
| 733 | cmp [ntfs_cur_size], 0 |
741 | cmp [ntfs_cur_size], 0 |
| 734 | jz .okret |
742 | jz .okret |
| 735 | mov eax, [ntfs_cur_offs] |
743 | mov eax, [ntfs_cur_offs] |
| 736 | xor edx, edx |
744 | xor edx, edx |
| 737 | div [ntfs_data.sectors_per_cluster] |
745 | div [ntfs_data.sectors_per_cluster] |
| 738 | sub eax, [ecx+10h] ; first_vbo |
746 | sub eax, [ecx+10h] ; first_vbo |
| 739 | jb .okret |
747 | jb .okret |
| 740 | ; eax = cluster, edx = starting sector |
748 | ; eax = cluster, edx = starting sector |
| 741 | sub esp, 10h |
749 | sub esp, 10h |
| 742 | movzx esi, word [ecx+20h] ; mcb_info_ofs |
750 | movzx esi, word [ecx+20h] ; mcb_info_ofs |
| 743 | add esi, ecx |
751 | add esi, ecx |
| 744 | xor ebp, ebp |
752 | xor ebp, ebp |
| 745 | .readloop: |
753 | .readloop: |
| 746 | call ntfs_decode_mcb_entry |
754 | call ntfs_decode_mcb_entry |
| 747 | jnc .break |
755 | jnc .break |
| 748 | add ebp, [esp+8] |
756 | add ebp, [esp+8] |
| 749 | sub eax, [esp] |
757 | sub eax, [esp] |
| 750 | jae .readloop |
758 | jae .readloop |
| 751 | push ecx |
759 | push ecx |
| 752 | push eax |
760 | push eax |
| 753 | add eax, [esp+8] |
761 | add eax, [esp+8] |
| 754 | add eax, ebp |
762 | add eax, ebp |
| 755 | imul eax, [ntfs_data.sectors_per_cluster] |
763 | imul eax, [ntfs_data.sectors_per_cluster] |
| 756 | add eax, edx |
764 | add eax, edx |
| 757 | add eax, [PARTITION_START] |
765 | add eax, [PARTITION_START] |
| 758 | pop ecx |
766 | pop ecx |
| 759 | neg ecx |
767 | neg ecx |
| 760 | imul ecx, [ntfs_data.sectors_per_cluster] |
768 | imul ecx, [ntfs_data.sectors_per_cluster] |
| 761 | sub ecx, edx |
769 | sub ecx, edx |
| 762 | cmp ecx, [ntfs_cur_size] |
770 | cmp ecx, [ntfs_cur_size] |
| 763 | jb @f |
771 | jb @f |
| 764 | mov ecx, [ntfs_cur_size] |
772 | mov ecx, [ntfs_cur_size] |
| 765 | @@: |
773 | @@: |
| 766 | mov ebx, [ntfs_cur_buf] |
774 | mov ebx, [ntfs_cur_buf] |
| 767 | @@: |
775 | @@: |
| 768 | call hd_read |
776 | call hd_read |
| 769 | cmp [hd_error], 0 |
777 | cmp [hd_error], 0 |
| 770 | jnz .errread2 |
778 | jnz .errread2 |
| 771 | add ebx, 0x200 |
779 | add ebx, 0x200 |
| 772 | mov [ntfs_cur_buf], ebx |
780 | mov [ntfs_cur_buf], ebx |
| 773 | inc eax |
781 | inc eax |
| 774 | add [ntfs_cur_read], 0x200 |
782 | add [ntfs_cur_read], 0x200 |
| 775 | dec [ntfs_cur_size] |
783 | dec [ntfs_cur_size] |
| 776 | inc [ntfs_cur_offs] |
784 | inc [ntfs_cur_offs] |
| 777 | loop @b |
785 | loop @b |
| 778 | pop ecx |
786 | pop ecx |
| 779 | xor eax, eax |
787 | xor eax, eax |
| 780 | xor edx, edx |
788 | xor edx, edx |
| 781 | cmp [ntfs_cur_size], 0 |
789 | cmp [ntfs_cur_size], 0 |
| 782 | jnz .readloop |
790 | jnz .readloop |
| 783 | add esp, 10h |
791 | add esp, 10h |
| 784 | mov eax, [ntfs_cur_tail] |
792 | mov eax, [ntfs_cur_tail] |
| 785 | test eax, eax |
793 | test eax, eax |
| 786 | jz .okret |
794 | jz .okret |
| 787 | sub eax, 0x200 |
795 | sub eax, 0x200 |
| 788 | add [ntfs_cur_read], eax |
796 | add [ntfs_cur_read], eax |
| 789 | jmp .okret |
797 | jmp .okret |
| 790 | .errread2: |
798 | .errread2: |
| 791 | pop ecx |
799 | pop ecx |
| 792 | add esp, 10h |
800 | add esp, 10h |
| 793 | jmp .errret |
801 | jmp .errret |
| 794 | .break: |
802 | .break: |
| 795 | add esp, 10h ; CF=0 |
803 | add esp, 10h ; CF=0 |
| 796 | mov [ntfs_bCanContinue], 1 |
804 | mov [ntfs_bCanContinue], 1 |
| 797 | ret |
805 | ret |
| 798 | 806 | ||
| 799 | ntfs_read_file_record: |
807 | ntfs_read_file_record: |
| 800 | ; in: eax=iRecord |
808 | ; in: eax=iRecord |
| 801 | ; out: [ntfs_data.frs_buffer] contains information |
809 | ; out: [ntfs_data.frs_buffer] contains information |
| 802 | ; eax=0 - failed, eax=1 - success |
810 | ; eax=0 - failed, eax=1 - success |
| 803 | ; Read attr $DATA of $Mft, starting from eax*[ntfs_data.frs_size] |
811 | ; Read attr $DATA of $Mft, starting from eax*[ntfs_data.frs_size] |
| 804 | push ecx edx |
812 | push ecx edx |
| 805 | mov ecx, [ntfs_data.frs_size] |
813 | mov ecx, [ntfs_data.frs_size] |
| 806 | mul ecx |
814 | mul ecx |
| 807 | shrd eax, edx, 9 |
815 | shrd eax, edx, 9 |
| 808 | shr edx, 9 |
816 | shr edx, 9 |
| 809 | jnz .err |
817 | jnz .err |
| 810 | push [ntfs_attr_iRecord] |
818 | push [ntfs_attr_iRecord] |
| 811 | push [ntfs_attr_iBaseRecord] |
819 | push [ntfs_attr_iBaseRecord] |
| 812 | push [ntfs_attr_offs] |
820 | push [ntfs_attr_offs] |
| 813 | push [ntfs_attr_list] |
821 | push [ntfs_attr_list] |
| 814 | push dword [ntfs_attr_size+4] |
822 | push dword [ntfs_attr_size+4] |
| 815 | push dword [ntfs_attr_size] |
823 | push dword [ntfs_attr_size] |
| 816 | push [ntfs_cur_iRecord] |
824 | push [ntfs_cur_iRecord] |
| 817 | push [ntfs_cur_attr] |
825 | push [ntfs_cur_attr] |
| 818 | push [ntfs_cur_offs] |
826 | push [ntfs_cur_offs] |
| 819 | push [ntfs_cur_size] |
827 | push [ntfs_cur_size] |
| 820 | push [ntfs_cur_buf] |
828 | push [ntfs_cur_buf] |
| 821 | push [ntfs_cur_read] |
829 | push [ntfs_cur_read] |
| 822 | mov [ntfs_cur_attr], 0x80 ; $DATA |
830 | mov [ntfs_cur_attr], 0x80 ; $DATA |
| 823 | and [ntfs_cur_iRecord], 0 ; $Mft |
831 | and [ntfs_cur_iRecord], 0 ; $Mft |
| 824 | mov [ntfs_cur_offs], eax |
832 | mov [ntfs_cur_offs], eax |
| 825 | shr ecx, 9 |
833 | shr ecx, 9 |
| 826 | mov [ntfs_cur_size], ecx |
834 | mov [ntfs_cur_size], ecx |
| 827 | mov eax, [ntfs_data.frs_buffer] |
835 | mov eax, [ntfs_data.frs_buffer] |
| 828 | mov [ntfs_cur_buf], eax |
836 | mov [ntfs_cur_buf], eax |
| 829 | call ntfs_read_attr |
837 | call ntfs_read_attr |
| 830 | mov eax, [ntfs_cur_read] |
838 | mov eax, [ntfs_cur_read] |
| 831 | pop [ntfs_cur_read] |
839 | pop [ntfs_cur_read] |
| 832 | pop [ntfs_cur_buf] |
840 | pop [ntfs_cur_buf] |
| 833 | pop [ntfs_cur_size] |
841 | pop [ntfs_cur_size] |
| 834 | pop [ntfs_cur_offs] |
842 | pop [ntfs_cur_offs] |
| 835 | pop [ntfs_cur_attr] |
843 | pop [ntfs_cur_attr] |
| 836 | pop [ntfs_cur_iRecord] |
844 | pop [ntfs_cur_iRecord] |
| 837 | pop dword [ntfs_attr_size] |
845 | pop dword [ntfs_attr_size] |
| 838 | pop dword [ntfs_attr_size+4] |
846 | pop dword [ntfs_attr_size+4] |
| 839 | pop [ntfs_attr_list] |
847 | pop [ntfs_attr_list] |
| 840 | pop [ntfs_attr_offs] |
848 | pop [ntfs_attr_offs] |
| 841 | pop [ntfs_attr_iBaseRecord] |
849 | pop [ntfs_attr_iBaseRecord] |
| 842 | pop [ntfs_attr_iRecord] |
850 | pop [ntfs_attr_iRecord] |
| 843 | pop edx ecx |
851 | pop edx ecx |
| 844 | jc .errret |
852 | jc .errret |
| 845 | cmp eax, [ntfs_data.frs_size] |
853 | cmp eax, [ntfs_data.frs_size] |
| 846 | jnz .errret |
854 | jnz .errret |
| 847 | mov eax, [ntfs_data.frs_buffer] |
855 | mov eax, [ntfs_data.frs_buffer] |
| 848 | cmp dword [eax], 'FILE' |
856 | cmp dword [eax], 'FILE' |
| 849 | jnz .errret |
857 | jnz .errret |
| 850 | push ebx |
858 | push ebx |
| 851 | mov ebx, eax |
859 | mov ebx, eax |
| 852 | call ntfs_restore_usa_frs |
860 | call ntfs_restore_usa_frs |
| 853 | pop ebx |
861 | pop ebx |
| 854 | setnc al |
862 | setnc al |
| 855 | movzx eax, al |
863 | movzx eax, al |
| 856 | .ret: |
864 | .ret: |
| 857 | ret |
865 | ret |
| 858 | .err: |
866 | .err: |
| 859 | pop edx ecx |
867 | pop edx ecx |
| 860 | .errret: |
868 | .errret: |
| 861 | xor eax, eax |
869 | xor eax, eax |
| 862 | ret |
870 | ret |
| 863 | 871 | ||
| 864 | ntfs_restore_usa_frs: |
872 | ntfs_restore_usa_frs: |
| 865 | mov eax, [ntfs_data.frs_size] |
873 | mov eax, [ntfs_data.frs_size] |
| 866 | ntfs_restore_usa: |
874 | ntfs_restore_usa: |
| 867 | pushad |
875 | pushad |
| 868 | shr eax, 9 |
876 | shr eax, 9 |
| 869 | mov ecx, eax |
877 | mov ecx, eax |
| 870 | inc eax |
878 | inc eax |
| 871 | cmp [ebx+6], ax |
879 | cmp [ebx+6], ax |
| 872 | jnz .err |
880 | jnz .err |
| 873 | movzx eax, word [ebx+4] |
881 | movzx eax, word [ebx+4] |
| 874 | lea esi, [eax+ebx] |
882 | lea esi, [eax+ebx] |
| 875 | lodsw |
883 | lodsw |
| 876 | mov edx, eax |
884 | mov edx, eax |
| 877 | lea edi, [ebx+0x1FE] |
885 | lea edi, [ebx+0x1FE] |
| 878 | @@: |
886 | @@: |
| 879 | cmp [edi], dx |
887 | cmp [edi], dx |
| 880 | jnz .err |
888 | jnz .err |
| 881 | lodsw |
889 | lodsw |
| 882 | stosw |
890 | stosw |
| 883 | add edi, 0x1FE |
891 | add edi, 0x1FE |
| 884 | loop @b |
892 | loop @b |
| 885 | popad |
893 | popad |
| 886 | clc |
894 | clc |
| 887 | ret |
895 | ret |
| 888 | .err: |
896 | .err: |
| 889 | popad |
897 | popad |
| 890 | stc |
898 | stc |
| 891 | ret |
899 | ret |
| 892 | 900 | ||
| 893 | ntfs_decode_mcb_entry: |
901 | ntfs_decode_mcb_entry: |
| 894 | push eax ecx edi |
902 | push eax ecx edi |
| 895 | lea edi, [esp+16] |
903 | lea edi, [esp+16] |
| 896 | xor eax, eax |
904 | xor eax, eax |
| 897 | lodsb |
905 | lodsb |
| 898 | test al, al |
906 | test al, al |
| 899 | jz .end |
907 | jz .end |
| 900 | mov ecx, eax |
908 | mov ecx, eax |
| 901 | and ecx, 0xF |
909 | and ecx, 0xF |
| 902 | cmp ecx, 8 |
910 | cmp ecx, 8 |
| 903 | ja .end |
911 | ja .end |
| 904 | push ecx |
912 | push ecx |
| 905 | rep movsb |
913 | rep movsb |
| 906 | pop ecx |
914 | pop ecx |
| 907 | sub ecx, 8 |
915 | sub ecx, 8 |
| 908 | neg ecx |
916 | neg ecx |
| 909 | cmp byte [esi-1], 80h |
917 | cmp byte [esi-1], 80h |
| 910 | jae .end |
918 | jae .end |
| 911 | push eax |
919 | push eax |
| 912 | xor eax, eax |
920 | xor eax, eax |
| 913 | rep stosb |
921 | rep stosb |
| 914 | pop ecx |
922 | pop ecx |
| 915 | shr ecx, 4 |
923 | shr ecx, 4 |
| 916 | cmp ecx, 8 |
924 | cmp ecx, 8 |
| 917 | ja .end |
925 | ja .end |
| 918 | push ecx |
926 | push ecx |
| 919 | rep movsb |
927 | rep movsb |
| 920 | pop ecx |
928 | pop ecx |
| 921 | sub ecx, 8 |
929 | sub ecx, 8 |
| 922 | neg ecx |
930 | neg ecx |
| 923 | cmp byte [esi-1], 80h |
931 | cmp byte [esi-1], 80h |
| 924 | cmc |
932 | cmc |
| 925 | sbb eax, eax |
933 | sbb eax, eax |
| 926 | rep stosb |
934 | rep stosb |
| 927 | stc |
935 | stc |
| 928 | .end: |
936 | .end: |
| 929 | pop edi ecx eax |
937 | pop edi ecx eax |
| 930 | ret |
938 | ret |
| 931 | 939 | ||
| 932 | ntfs_find_lfn: |
940 | ntfs_find_lfn: |
| 933 | ; in: esi->name |
941 | ; in: esi->name |
| 934 | ; out: CF=1 - file not found |
942 | ; out: CF=1 - file not found |
| 935 | ; else CF=0, [ntfs_cur_iRecord] valid, eax->record in parent directory |
943 | ; else CF=0, [ntfs_cur_iRecord] valid, eax->record in parent directory |
| 936 | mov [ntfs_cur_iRecord], 5 ; start parse from root cluster |
944 | mov [ntfs_cur_iRecord], 5 ; start parse from root cluster |
| 937 | .doit2: |
945 | .doit2: |
| 938 | mov [ntfs_cur_attr], 0x90 ; $INDEX_ROOT |
946 | mov [ntfs_cur_attr], 0x90 ; $INDEX_ROOT |
| 939 | and [ntfs_cur_offs], 0 |
947 | and [ntfs_cur_offs], 0 |
| 940 | mov eax, [ntfs_data.cur_index_size] |
948 | mov eax, [ntfs_data.cur_index_size] |
| 941 | mov [ntfs_cur_size], eax |
949 | mov [ntfs_cur_size], eax |
| 942 | mov eax, [ntfs_data.cur_index_buf] |
950 | mov eax, [ntfs_data.cur_index_buf] |
| 943 | mov [ntfs_cur_buf], eax |
951 | mov [ntfs_cur_buf], eax |
| 944 | call ntfs_read_attr |
952 | call ntfs_read_attr |
| 945 | jnc @f |
953 | jnc @f |
| 946 | .ret: |
954 | .ret: |
| 947 | ret |
955 | ret |
| 948 | @@: |
956 | @@: |
| 949 | cmp [ntfs_cur_read], 0x20 |
957 | cmp [ntfs_cur_read], 0x20 |
| 950 | jc .ret |
958 | jc .ret |
| 951 | pushad |
959 | pushad |
| 952 | mov esi, [ntfs_data.cur_index_buf] |
960 | mov esi, [ntfs_data.cur_index_buf] |
| 953 | mov eax, [esi+14h] |
961 | mov eax, [esi+14h] |
| 954 | add eax, 10h |
962 | add eax, 10h |
| 955 | cmp [ntfs_cur_read], eax |
963 | cmp [ntfs_cur_read], eax |
| 956 | jae .readok1 |
964 | jae .readok1 |
| 957 | add eax, 1FFh |
965 | add eax, 1FFh |
| 958 | shr eax, 9 |
966 | shr eax, 9 |
| 959 | cmp eax, [ntfs_data.cur_index_size] |
967 | cmp eax, [ntfs_data.cur_index_size] |
| 960 | ja @f |
968 | ja @f |
| 961 | .stc_ret: |
969 | .stc_ret: |
| 962 | popad |
970 | popad |
| 963 | stc |
971 | stc |
| 964 | ret |
972 | ret |
| 965 | @@: |
973 | @@: |
| 966 | ; reallocate |
974 | ; reallocate |
| 967 | push eax |
975 | push eax |
| 968 | push [ntfs_data.cur_index_buf] |
976 | push [ntfs_data.cur_index_buf] |
| 969 | call kernel_free |
977 | call kernel_free |
| 970 | pop eax |
978 | pop eax |
| 971 | mov [ntfs_data.cur_index_size], eax |
979 | mov [ntfs_data.cur_index_size], eax |
| 972 | push eax |
980 | push eax |
| 973 | call kernel_alloc |
981 | call kernel_alloc |
| 974 | test eax, eax |
982 | test eax, eax |
| 975 | jnz @f |
983 | jnz @f |
| 976 | and [ntfs_data.cur_index_size], 0 |
984 | and [ntfs_data.cur_index_size], 0 |
| 977 | and [ntfs_data.cur_index_buf], 0 |
985 | and [ntfs_data.cur_index_buf], 0 |
| 978 | jmp .stc_ret |
986 | jmp .stc_ret |
| 979 | @@: |
987 | @@: |
| 980 | mov [ntfs_data.cur_index_buf], eax |
988 | mov [ntfs_data.cur_index_buf], eax |
| 981 | popad |
989 | popad |
| 982 | jmp .doit2 |
990 | jmp .doit2 |
| 983 | .readok1: |
991 | .readok1: |
| 984 | mov ebp, [esi+8] ; subnode_size |
992 | mov ebp, [esi+8] ; subnode_size |
| 985 | shr ebp, 9 |
993 | shr ebp, 9 |
| 986 | cmp ebp, [ntfs_data.cur_index_size] |
994 | cmp ebp, [ntfs_data.cur_index_size] |
| 987 | jbe .ok2 |
995 | jbe .ok2 |
| 988 | push esi ebp |
996 | push esi ebp |
| 989 | push ebp |
997 | push ebp |
| 990 | call kernel_alloc |
998 | call kernel_alloc |
| 991 | pop ebp esi |
999 | pop ebp esi |
| 992 | test eax, eax |
1000 | test eax, eax |
| 993 | jz .stc_ret |
1001 | jz .stc_ret |
| 994 | mov edi, eax |
1002 | mov edi, eax |
| 995 | mov ecx, [ntfs_data.cur_index_size] |
1003 | mov ecx, [ntfs_data.cur_index_size] |
| 996 | shl ecx, 9-2 |
1004 | shl ecx, 9-2 |
| 997 | rep movsd |
1005 | rep movsd |
| 998 | mov esi, eax |
1006 | mov esi, eax |
| 999 | mov [ntfs_data.cur_index_size], ebp |
1007 | mov [ntfs_data.cur_index_size], ebp |
| 1000 | push esi ebp |
1008 | push esi ebp |
| 1001 | push [ntfs_data.cur_index_buf] |
1009 | push [ntfs_data.cur_index_buf] |
| 1002 | call kernel_free |
1010 | call kernel_free |
| 1003 | pop ebp esi |
1011 | pop ebp esi |
| 1004 | mov [ntfs_data.cur_index_buf], esi |
1012 | mov [ntfs_data.cur_index_buf], esi |
| 1005 | .ok2: |
1013 | .ok2: |
| 1006 | add esi, 10h |
1014 | add esi, 10h |
| 1007 | mov edi, [esp+4] |
1015 | mov edi, [esp+4] |
| 1008 | ; edi -> name, esi -> current index data, ebp = subnode size |
1016 | ; edi -> name, esi -> current index data, ebp = subnode size |
| 1009 | .scanloop: |
1017 | .scanloop: |
| 1010 | add esi, [esi] |
1018 | add esi, [esi] |
| 1011 | .scanloopint: |
1019 | .scanloopint: |
| 1012 | test byte [esi+0Ch], 2 |
1020 | test byte [esi+0Ch], 2 |
| 1013 | jnz .subnode |
1021 | jnz .subnode |
| 1014 | push esi |
1022 | push esi |
| 1015 | add esi, 0x52 |
1023 | add esi, 0x52 |
| 1016 | movzx ecx, byte [esi-2] |
1024 | movzx ecx, byte [esi-2] |
| 1017 | push edi |
1025 | push edi |
| 1018 | @@: |
1026 | @@: |
| 1019 | lodsw |
1027 | lodsw |
| 1020 | call uni2ansi_char |
1028 | call uni2ansi_char |
| 1021 | call char_toupper |
1029 | call char_toupper |
| 1022 | push eax |
1030 | push eax |
| 1023 | mov al, [edi] |
1031 | mov al, [edi] |
| 1024 | inc edi |
1032 | inc edi |
| 1025 | call char_toupper |
1033 | call char_toupper |
| 1026 | cmp al, [esp] |
1034 | cmp al, [esp] |
| 1027 | pop eax |
1035 | pop eax |
| 1028 | loopz @b |
1036 | loopz @b |
| 1029 | jz .found |
1037 | jz .found |
| 1030 | pop edi |
1038 | pop edi |
| 1031 | pop esi |
1039 | pop esi |
| 1032 | jb .subnode |
1040 | jb .subnode |
| 1033 | .scanloopcont: |
1041 | .scanloopcont: |
| 1034 | movzx eax, word [esi+8] |
1042 | movzx eax, word [esi+8] |
| 1035 | add esi, eax |
1043 | add esi, eax |
| 1036 | jmp .scanloopint |
1044 | jmp .scanloopint |
| 1037 | .subnode: |
1045 | .subnode: |
| 1038 | test byte [esi+0Ch], 1 |
1046 | test byte [esi+0Ch], 1 |
| 1039 | jz .notfound |
1047 | jz .notfound |
| 1040 | movzx eax, word [esi+8] |
1048 | movzx eax, word [esi+8] |
| 1041 | mov eax, [esi+eax-8] |
1049 | mov eax, [esi+eax-8] |
| 1042 | mul [ntfs_data.sectors_per_cluster] |
1050 | mul [ntfs_data.sectors_per_cluster] |
| 1043 | mov [ntfs_cur_offs], eax |
1051 | mov [ntfs_cur_offs], eax |
| 1044 | mov [ntfs_cur_attr], 0xA0 ; $INDEX_ALLOCATION |
1052 | mov [ntfs_cur_attr], 0xA0 ; $INDEX_ALLOCATION |
| 1045 | mov [ntfs_cur_size], ebp |
1053 | mov [ntfs_cur_size], ebp |
| 1046 | mov eax, [ntfs_data.cur_index_buf] |
1054 | mov eax, [ntfs_data.cur_index_buf] |
| 1047 | mov esi, eax |
1055 | mov esi, eax |
| 1048 | mov [ntfs_cur_buf], eax |
1056 | mov [ntfs_cur_buf], eax |
| 1049 | call ntfs_read_attr |
1057 | call ntfs_read_attr |
| 1050 | mov eax, ebp |
1058 | mov eax, ebp |
| 1051 | shl eax, 9 |
1059 | shl eax, 9 |
| 1052 | cmp [ntfs_cur_read], eax |
1060 | cmp [ntfs_cur_read], eax |
| 1053 | jnz .notfound |
1061 | jnz .notfound |
| 1054 | cmp dword [esi], 'INDX' |
1062 | cmp dword [esi], 'INDX' |
| 1055 | jnz .notfound |
1063 | jnz .notfound |
| 1056 | mov ebx, esi |
1064 | mov ebx, esi |
| 1057 | call ntfs_restore_usa |
1065 | call ntfs_restore_usa |
| 1058 | jc .notfound |
1066 | jc .notfound |
| 1059 | add esi, 0x18 |
1067 | add esi, 0x18 |
| 1060 | jmp .scanloop |
1068 | jmp .scanloop |
| 1061 | .notfound: |
1069 | .notfound: |
| 1062 | popad |
1070 | popad |
| 1063 | stc |
1071 | stc |
| 1064 | ret |
1072 | ret |
| 1065 | .found: |
1073 | .found: |
| 1066 | cmp byte [edi], 0 |
1074 | cmp byte [edi], 0 |
| 1067 | jz .done |
1075 | jz .done |
| 1068 | cmp byte [edi], '/' |
1076 | cmp byte [edi], '/' |
| 1069 | jz .next |
1077 | jz .next |
| 1070 | pop edi |
1078 | pop edi |
| 1071 | pop esi |
1079 | pop esi |
| 1072 | jmp .scanloopcont |
1080 | jmp .scanloopcont |
| 1073 | .done: |
1081 | .done: |
| 1074 | .next: |
1082 | .next: |
| 1075 | pop esi |
1083 | pop esi |
| 1076 | pop esi |
1084 | pop esi |
| 1077 | mov eax, [esi] |
1085 | mov eax, [esi] |
| 1078 | mov [ntfs_cur_iRecord], eax |
1086 | mov [ntfs_cur_iRecord], eax |
| 1079 | mov [esp+1Ch], esi |
1087 | mov [esp+1Ch], esi |
| 1080 | mov [esp+4], edi |
1088 | mov [esp+4], edi |
| 1081 | popad |
1089 | popad |
| 1082 | inc esi |
1090 | inc esi |
| 1083 | cmp byte [esi-1], 0 |
1091 | cmp byte [esi-1], 0 |
| 1084 | jnz .doit2 |
1092 | jnz .doit2 |
| 1085 | ret |
1093 | ret |
| 1086 | 1094 | ||
| 1087 | ;---------------------------------------------------------------- |
1095 | ;---------------------------------------------------------------- |
| 1088 | ; |
1096 | ; |
| 1089 | ; ntfs_HdRead - read NTFS hard disk |
1097 | ; ntfs_HdRead - read NTFS hard disk |
| 1090 | ; |
1098 | ; |
| 1091 | ; esi points to filename |
1099 | ; esi points to filename |
| 1092 | ; ebx pointer to 64-bit number = first wanted byte, 0+ |
1100 | ; ebx pointer to 64-bit number = first wanted byte, 0+ |
| 1093 | ; may be ebx=0 - start from first byte |
1101 | ; may be ebx=0 - start from first byte |
| 1094 | ; ecx number of bytes to read, 0+ |
1102 | ; ecx number of bytes to read, 0+ |
| 1095 | ; edx mem location to return data |
1103 | ; edx mem location to return data |
| 1096 | ; |
1104 | ; |
| 1097 | ; ret ebx = bytes read or 0xffffffff file not found |
1105 | ; ret ebx = bytes read or 0xffffffff file not found |
| 1098 | ; eax = 0 ok read or other = errormsg |
1106 | ; eax = 0 ok read or other = errormsg |
| 1099 | ; |
1107 | ; |
| 1100 | ;-------------------------------------------------------------- |
1108 | ;-------------------------------------------------------------- |
| 1101 | ntfs_HdRead: |
1109 | ntfs_HdRead: |
| 1102 | cmp byte [esi], 0 |
1110 | cmp byte [esi], 0 |
| 1103 | jnz @f |
1111 | jnz @f |
| 1104 | or ebx, -1 |
1112 | or ebx, -1 |
| 1105 | push ERROR_ACCESS_DENIED |
1113 | push ERROR_ACCESS_DENIED |
| 1106 | pop eax |
1114 | pop eax |
| 1107 | ret |
1115 | ret |
| 1108 | @@: |
1116 | @@: |
| 1109 | call ntfs_find_lfn |
1117 | call ntfs_find_lfn |
| 1110 | jnc .found |
1118 | jnc .found |
| 1111 | or ebx, -1 |
1119 | or ebx, -1 |
| 1112 | push ERROR_FILE_NOT_FOUND |
1120 | push ERROR_FILE_NOT_FOUND |
| 1113 | pop eax |
1121 | pop eax |
| 1114 | ret |
1122 | ret |
| 1115 | .found: |
1123 | .found: |
| 1116 | mov [ntfs_cur_attr], 0x80 ; $DATA |
1124 | mov [ntfs_cur_attr], 0x80 ; $DATA |
| 1117 | and [ntfs_cur_offs], 0 |
1125 | and [ntfs_cur_offs], 0 |
| 1118 | and [ntfs_cur_size], 0 |
1126 | and [ntfs_cur_size], 0 |
| 1119 | call ntfs_read_attr |
1127 | call ntfs_read_attr |
| 1120 | jnc @f |
1128 | jnc @f |
| 1121 | or ebx, -1 |
1129 | or ebx, -1 |
| 1122 | push ERROR_ACCESS_DENIED |
1130 | push ERROR_ACCESS_DENIED |
| 1123 | pop eax |
1131 | pop eax |
| 1124 | ret |
1132 | ret |
| 1125 | @@: |
1133 | @@: |
| 1126 | pushad |
1134 | pushad |
| 1127 | and dword [esp+10h], 0 |
1135 | and dword [esp+10h], 0 |
| 1128 | xor eax, eax |
1136 | xor eax, eax |
| 1129 | test ebx, ebx |
1137 | test ebx, ebx |
| 1130 | jz .zero1 |
1138 | jz .zero1 |
| 1131 | cmp dword [ebx+4], 0x200 |
1139 | cmp dword [ebx+4], 0x200 |
| 1132 | jb @f |
1140 | jb @f |
| 1133 | .eof0: |
1141 | .eof0: |
| 1134 | popad |
1142 | popad |
| 1135 | xor ebx, ebx |
1143 | xor ebx, ebx |
| 1136 | .eof: |
1144 | .eof: |
| 1137 | push ERROR_END_OF_FILE |
1145 | push ERROR_END_OF_FILE |
| 1138 | pop eax |
1146 | pop eax |
| 1139 | ret |
1147 | ret |
| 1140 | @@: |
1148 | @@: |
| 1141 | mov eax, [ebx] |
1149 | mov eax, [ebx] |
| 1142 | test eax, 0x1FF |
1150 | test eax, 0x1FF |
| 1143 | jz .alignedstart |
1151 | jz .alignedstart |
| 1144 | push edx |
1152 | push edx |
| 1145 | mov edx, [ebx+4] |
1153 | mov edx, [ebx+4] |
| 1146 | shrd eax, edx, 9 |
1154 | shrd eax, edx, 9 |
| 1147 | pop edx |
1155 | pop edx |
| 1148 | mov [ntfs_cur_offs], eax |
1156 | mov [ntfs_cur_offs], eax |
| 1149 | mov [ntfs_cur_size], 1 |
1157 | mov [ntfs_cur_size], 1 |
| 1150 | mov [ntfs_cur_buf], ntfs_bitmap_buf |
1158 | mov [ntfs_cur_buf], ntfs_bitmap_buf |
| 1151 | call ntfs_read_attr.continue |
1159 | call ntfs_read_attr.continue |
| 1152 | mov eax, [ebx] |
1160 | mov eax, [ebx] |
| 1153 | and eax, 0x1FF |
1161 | and eax, 0x1FF |
| 1154 | lea esi, [ntfs_bitmap_buf+eax] |
1162 | lea esi, [ntfs_bitmap_buf+eax] |
| 1155 | sub eax, [ntfs_cur_read] |
1163 | sub eax, [ntfs_cur_read] |
| 1156 | jae .eof0 |
1164 | jae .eof0 |
| 1157 | neg eax |
1165 | neg eax |
| 1158 | push ecx |
1166 | push ecx |
| 1159 | cmp ecx, eax |
1167 | cmp ecx, eax |
| 1160 | jb @f |
1168 | jb @f |
| 1161 | mov ecx, eax |
1169 | mov ecx, eax |
| 1162 | @@: |
1170 | @@: |
| 1163 | mov [esp+10h+4], ecx |
1171 | mov [esp+10h+4], ecx |
| 1164 | mov edi, edx |
1172 | mov edi, edx |
| 1165 | rep movsb |
1173 | rep movsb |
| 1166 | mov edx, edi |
1174 | mov edx, edi |
| 1167 | pop ecx |
1175 | pop ecx |
| 1168 | sub ecx, [esp+10h] |
1176 | sub ecx, [esp+10h] |
| 1169 | jnz @f |
1177 | jnz @f |
| 1170 | .retok: |
1178 | .retok: |
| 1171 | popad |
1179 | popad |
| 1172 | xor eax, eax |
1180 | xor eax, eax |
| 1173 | ret |
1181 | ret |
| 1174 | @@: |
1182 | @@: |
| 1175 | cmp [ntfs_cur_read], 0x200 |
1183 | cmp [ntfs_cur_read], 0x200 |
| 1176 | jz .alignedstart |
1184 | jz .alignedstart |
| 1177 | .eof_ebx: |
1185 | .eof_ebx: |
| 1178 | popad |
1186 | popad |
| 1179 | jmp .eof |
1187 | jmp .eof |
| 1180 | .alignedstart: |
1188 | .alignedstart: |
| 1181 | mov eax, [ebx] |
1189 | mov eax, [ebx] |
| 1182 | push edx |
1190 | push edx |
| 1183 | mov edx, [ebx+4] |
1191 | mov edx, [ebx+4] |
| 1184 | add eax, 511 |
1192 | add eax, 511 |
| 1185 | adc edx, 0 |
1193 | adc edx, 0 |
| 1186 | shrd eax, edx, 9 |
1194 | shrd eax, edx, 9 |
| 1187 | pop edx |
1195 | pop edx |
| 1188 | .zero1: |
1196 | .zero1: |
| 1189 | mov [ntfs_cur_offs], eax |
1197 | mov [ntfs_cur_offs], eax |
| 1190 | mov [ntfs_cur_buf], edx |
1198 | mov [ntfs_cur_buf], edx |
| 1191 | mov eax, ecx |
1199 | mov eax, ecx |
| 1192 | shr eax, 9 |
1200 | shr eax, 9 |
| 1193 | mov [ntfs_cur_size], eax |
1201 | mov [ntfs_cur_size], eax |
| 1194 | add eax, [ntfs_cur_offs] |
1202 | add eax, [ntfs_cur_offs] |
| 1195 | push eax |
1203 | push eax |
| 1196 | call ntfs_read_attr.continue |
1204 | call ntfs_read_attr.continue |
| 1197 | pop [ntfs_cur_offs] |
1205 | pop [ntfs_cur_offs] |
| 1198 | mov eax, [ntfs_cur_read] |
1206 | mov eax, [ntfs_cur_read] |
| 1199 | add [esp+10h], eax |
1207 | add [esp+10h], eax |
| 1200 | mov eax, ecx |
1208 | mov eax, ecx |
| 1201 | and eax, not 0x1FF |
1209 | and eax, not 0x1FF |
| 1202 | cmp [ntfs_cur_read], eax |
1210 | cmp [ntfs_cur_read], eax |
| 1203 | jnz .eof_ebx |
1211 | jnz .eof_ebx |
| 1204 | and ecx, 0x1FF |
1212 | and ecx, 0x1FF |
| 1205 | jz .retok |
1213 | jz .retok |
| 1206 | add edx, [ntfs_cur_read] |
1214 | add edx, [ntfs_cur_read] |
| 1207 | mov [ntfs_cur_size], 1 |
1215 | mov [ntfs_cur_size], 1 |
| 1208 | mov [ntfs_cur_buf], ntfs_bitmap_buf |
1216 | mov [ntfs_cur_buf], ntfs_bitmap_buf |
| 1209 | call ntfs_read_attr.continue |
1217 | call ntfs_read_attr.continue |
| 1210 | cmp [ntfs_cur_read], ecx |
1218 | cmp [ntfs_cur_read], ecx |
| 1211 | jb @f |
1219 | jb @f |
| 1212 | mov [ntfs_cur_read], ecx |
1220 | mov [ntfs_cur_read], ecx |
| 1213 | @@: |
1221 | @@: |
| 1214 | xchg ecx, [ntfs_cur_read] |
1222 | xchg ecx, [ntfs_cur_read] |
| 1215 | push ecx |
1223 | push ecx |
| 1216 | mov edi, edx |
1224 | mov edi, edx |
| 1217 | mov esi, ntfs_bitmap_buf |
1225 | mov esi, ntfs_bitmap_buf |
| 1218 | add [esp+10h+4], ecx |
1226 | add [esp+10h+4], ecx |
| 1219 | rep movsb |
1227 | rep movsb |
| 1220 | pop ecx |
1228 | pop ecx |
| 1221 | xor eax, eax |
1229 | xor eax, eax |
| 1222 | cmp ecx, [ntfs_cur_read] |
1230 | cmp ecx, [ntfs_cur_read] |
| 1223 | jz @f |
1231 | jz @f |
| 1224 | mov al, ERROR_END_OF_FILE |
1232 | mov al, ERROR_END_OF_FILE |
| 1225 | @@: |
1233 | @@: |
| 1226 | mov [esp+1Ch], eax |
1234 | mov [esp+1Ch], eax |
| 1227 | popad |
1235 | popad |
| 1228 | ret |
1236 | ret |
| 1229 | 1237 | ||
| 1230 | ;---------------------------------------------------------------- |
1238 | ;---------------------------------------------------------------- |
| 1231 | ; |
1239 | ; |
| 1232 | ; ntfs_HdReadFolder - read NTFS hard disk folder |
1240 | ; ntfs_HdReadFolder - read NTFS hard disk folder |
| 1233 | ; |
1241 | ; |
| 1234 | ; esi points to filename |
1242 | ; esi points to filename |
| 1235 | ; ebx pointer to structure 32-bit number = first wanted block, 0+ |
1243 | ; ebx pointer to structure 32-bit number = first wanted block, 0+ |
| 1236 | ; & flags (bitfields) |
1244 | ; & flags (bitfields) |
| 1237 | ; flags: bit 0: 0=ANSI names, 1=UNICODE names |
1245 | ; flags: bit 0: 0=ANSI names, 1=UNICODE names |
| 1238 | ; ecx number of blocks to read, 0+ |
1246 | ; ecx number of blocks to read, 0+ |
| 1239 | ; edx mem location to return data |
1247 | ; edx mem location to return data |
| 1240 | ; |
1248 | ; |
| 1241 | ; ret ebx = blocks read or 0xffffffff folder not found |
1249 | ; ret ebx = blocks read or 0xffffffff folder not found |
| 1242 | ; eax = 0 ok read or other = errormsg |
1250 | ; eax = 0 ok read or other = errormsg |
| 1243 | ; |
1251 | ; |
| 1244 | ;-------------------------------------------------------------- |
1252 | ;-------------------------------------------------------------- |
| 1245 | ntfs_HdReadFolder: |
1253 | ntfs_HdReadFolder: |
| 1246 | mov eax, 5 ; root cluster |
1254 | mov eax, 5 ; root cluster |
| 1247 | cmp byte [esi], 0 |
1255 | cmp byte [esi], 0 |
| 1248 | jz .doit |
1256 | jz .doit |
| 1249 | call ntfs_find_lfn |
1257 | call ntfs_find_lfn |
| 1250 | jnc .doit2 |
1258 | jnc .doit2 |
| 1251 | .notfound: |
1259 | .notfound: |
| 1252 | or ebx, -1 |
1260 | or ebx, -1 |
| 1253 | push ERROR_FILE_NOT_FOUND |
1261 | push ERROR_FILE_NOT_FOUND |
| 1254 | .pop_ret: |
1262 | .pop_ret: |
| 1255 | pop eax |
1263 | pop eax |
| 1256 | ret |
1264 | ret |
| 1257 | .doit: |
1265 | .doit: |
| 1258 | mov [ntfs_cur_iRecord], eax |
1266 | mov [ntfs_cur_iRecord], eax |
| 1259 | .doit2: |
1267 | .doit2: |
| 1260 | mov [ntfs_cur_attr], 0x10 ; $STANDARD_INFORMATION |
1268 | mov [ntfs_cur_attr], 0x10 ; $STANDARD_INFORMATION |
| 1261 | and [ntfs_cur_offs], 0 |
1269 | and [ntfs_cur_offs], 0 |
| 1262 | mov [ntfs_cur_size], 1 |
1270 | mov [ntfs_cur_size], 1 |
| 1263 | mov [ntfs_cur_buf], ntfs_bitmap_buf |
1271 | mov [ntfs_cur_buf], ntfs_bitmap_buf |
| 1264 | call ntfs_read_attr |
1272 | call ntfs_read_attr |
| 1265 | jc .notfound |
1273 | jc .notfound |
| 1266 | mov [ntfs_cur_attr], 0x90 ; $INDEX_ROOT |
1274 | mov [ntfs_cur_attr], 0x90 ; $INDEX_ROOT |
| 1267 | and [ntfs_cur_offs], 0 |
1275 | and [ntfs_cur_offs], 0 |
| 1268 | mov eax, [ntfs_data.cur_index_size] |
1276 | mov eax, [ntfs_data.cur_index_size] |
| 1269 | mov [ntfs_cur_size], eax |
1277 | mov [ntfs_cur_size], eax |
| 1270 | mov eax, [ntfs_data.cur_index_buf] |
1278 | mov eax, [ntfs_data.cur_index_buf] |
| 1271 | mov [ntfs_cur_buf], eax |
1279 | mov [ntfs_cur_buf], eax |
| 1272 | call ntfs_read_attr |
1280 | call ntfs_read_attr |
| 1273 | jnc .ok |
1281 | jnc .ok |
| 1274 | cmp [hd_error], 0 |
1282 | cmp [hd_error], 0 |
| 1275 | jz .notfound |
1283 | jz .notfound |
| 1276 | or ebx, -1 |
1284 | or ebx, -1 |
| 1277 | push 11 |
1285 | push 11 |
| 1278 | jmp .pop_ret |
1286 | jmp .pop_ret |
| 1279 | .ok: |
1287 | .ok: |
| 1280 | cmp [ntfs_cur_read], 0x20 |
1288 | cmp [ntfs_cur_read], 0x20 |
| 1281 | jae @f |
1289 | jae @f |
| 1282 | or ebx, -1 |
1290 | or ebx, -1 |
| 1283 | .fserr: |
1291 | .fserr: |
| 1284 | push ERROR_FAT_TABLE |
1292 | push ERROR_FAT_TABLE |
| 1285 | jmp .pop_ret |
1293 | jmp .pop_ret |
| 1286 | @@: |
1294 | @@: |
| 1287 | pushad |
1295 | pushad |
| 1288 | mov esi, [ntfs_data.cur_index_buf] |
1296 | mov esi, [ntfs_data.cur_index_buf] |
| 1289 | mov eax, [esi+14h] |
1297 | mov eax, [esi+14h] |
| 1290 | add eax, 10h |
1298 | add eax, 10h |
| 1291 | cmp [ntfs_cur_read], eax |
1299 | cmp [ntfs_cur_read], eax |
| 1292 | jae .readok1 |
1300 | jae .readok1 |
| 1293 | add eax, 1FFh |
1301 | add eax, 1FFh |
| 1294 | shr eax, 9 |
1302 | shr eax, 9 |
| 1295 | cmp eax, [ntfs_data.cur_index_size] |
1303 | cmp eax, [ntfs_data.cur_index_size] |
| 1296 | ja @f |
1304 | ja @f |
| 1297 | popad |
1305 | popad |
| 1298 | jmp .fserr |
1306 | jmp .fserr |
| 1299 | @@: |
1307 | @@: |
| 1300 | ; reallocate |
1308 | ; reallocate |
| 1301 | push eax |
1309 | push eax |
| 1302 | push [ntfs_data.cur_index_buf] |
1310 | push [ntfs_data.cur_index_buf] |
| 1303 | call kernel_free |
1311 | call kernel_free |
| 1304 | pop eax |
1312 | pop eax |
| 1305 | mov [ntfs_data.cur_index_size], eax |
1313 | mov [ntfs_data.cur_index_size], eax |
| 1306 | push eax |
1314 | push eax |
| 1307 | call kernel_alloc |
1315 | call kernel_alloc |
| 1308 | test eax, eax |
1316 | test eax, eax |
| 1309 | jnz @f |
1317 | jnz @f |
| 1310 | and [ntfs_data.cur_index_size], 0 |
1318 | and [ntfs_data.cur_index_size], 0 |
| 1311 | and [ntfs_data.cur_index_buf], 0 |
1319 | and [ntfs_data.cur_index_buf], 0 |
| 1312 | .nomem: |
1320 | .nomem: |
| 1313 | popad |
1321 | popad |
| 1314 | or ebx, -1 |
1322 | or ebx, -1 |
| 1315 | push 12 |
1323 | push 12 |
| 1316 | pop eax |
1324 | pop eax |
| 1317 | ret |
1325 | ret |
| 1318 | @@: |
1326 | @@: |
| 1319 | mov [ntfs_data.cur_index_buf], eax |
1327 | mov [ntfs_data.cur_index_buf], eax |
| 1320 | popad |
1328 | popad |
| 1321 | jmp .doit2 |
1329 | jmp .doit2 |
| 1322 | .readok1: |
1330 | .readok1: |
| 1323 | mov ebp, [esi+8] ; subnode_size |
1331 | mov ebp, [esi+8] ; subnode_size |
| 1324 | shr ebp, 9 |
1332 | shr ebp, 9 |
| 1325 | cmp ebp, [ntfs_data.cur_index_size] |
1333 | cmp ebp, [ntfs_data.cur_index_size] |
| 1326 | jbe .ok2 |
1334 | jbe .ok2 |
| 1327 | push esi ebp |
1335 | push esi ebp |
| 1328 | push ebp |
1336 | push ebp |
| 1329 | call kernel_alloc |
1337 | call kernel_alloc |
| 1330 | pop ebp esi |
1338 | pop ebp esi |
| 1331 | test eax, eax |
1339 | test eax, eax |
| 1332 | jz .nomem |
1340 | jz .nomem |
| 1333 | mov edi, eax |
1341 | mov edi, eax |
| 1334 | mov ecx, [ntfs_data.cur_index_size] |
1342 | mov ecx, [ntfs_data.cur_index_size] |
| 1335 | shl ecx, 9-2 |
1343 | shl ecx, 9-2 |
| 1336 | rep movsd |
1344 | rep movsd |
| 1337 | mov esi, eax |
1345 | mov esi, eax |
| 1338 | mov [ntfs_data.cur_index_size], ebp |
1346 | mov [ntfs_data.cur_index_size], ebp |
| 1339 | push esi ebp |
1347 | push esi ebp |
| 1340 | push [ntfs_data.cur_index_buf] |
1348 | push [ntfs_data.cur_index_buf] |
| 1341 | call kernel_free |
1349 | call kernel_free |
| 1342 | pop ebp esi |
1350 | pop ebp esi |
| 1343 | mov [ntfs_data.cur_index_buf], esi |
1351 | mov [ntfs_data.cur_index_buf], esi |
| 1344 | .ok2: |
1352 | .ok2: |
| 1345 | add esi, 10h |
1353 | add esi, 10h |
| 1346 | mov ebx, [esp+10h] |
1354 | mov ebx, [esp+10h] |
| 1347 | mov edx, [esp+14h] |
1355 | mov edx, [esp+14h] |
| 1348 | push dword [ebx+4] ; read ANSI/UNICODE name |
1356 | push dword [ebx+4] ; read ANSI/UNICODE name |
| 1349 | mov ebx, [ebx] |
1357 | mov ebx, [ebx] |
| 1350 | ; init header |
1358 | ; init header |
| 1351 | mov edi, edx |
1359 | mov edi, edx |
| 1352 | mov ecx, 32/4 |
1360 | mov ecx, 32/4 |
| 1353 | xor eax, eax |
1361 | xor eax, eax |
| 1354 | rep stosd |
1362 | rep stosd |
| 1355 | mov byte [edx], 1 ; version |
1363 | mov byte [edx], 1 ; version |
| 1356 | mov ecx, [esp+4+18h] |
1364 | mov ecx, [esp+4+18h] |
| 1357 | push edx |
1365 | push edx |
| 1358 | mov edx, esp |
1366 | mov edx, esp |
| 1359 | ; edi -> BDFE, esi -> current index data, ebp = subnode size, ebx = first wanted block, |
1367 | ; edi -> BDFE, esi -> current index data, ebp = subnode size, ebx = first wanted block, |
| 1360 | ; ecx = number of blocks to read |
1368 | ; ecx = number of blocks to read |
| 1361 | ; edx -> parameters block: dd |
1369 | ; edx -> parameters block: dd |
| 1362 | cmp [ntfs_cur_iRecord], 5 |
1370 | cmp [ntfs_cur_iRecord], 5 |
| 1363 | jz .skip_specials |
1371 | jz .skip_specials |
| 1364 | ; dot and dotdot entries |
1372 | ; dot and dotdot entries |
| 1365 | push esi |
1373 | push esi |
| 1366 | xor esi, esi |
1374 | xor esi, esi |
| 1367 | call .add_special_entry |
1375 | call .add_special_entry |
| 1368 | inc esi |
1376 | inc esi |
| 1369 | call .add_special_entry |
1377 | call .add_special_entry |
| 1370 | pop esi |
1378 | pop esi |
| 1371 | .skip_specials: |
1379 | .skip_specials: |
| 1372 | ; at first, dump index root |
1380 | ; at first, dump index root |
| 1373 | add esi, [esi] |
1381 | add esi, [esi] |
| 1374 | .dump_root: |
1382 | .dump_root: |
| 1375 | test byte [esi+0Ch], 2 |
1383 | test byte [esi+0Ch], 2 |
| 1376 | jnz .dump_root_done |
1384 | jnz .dump_root_done |
| 1377 | call .add_entry |
1385 | call .add_entry |
| 1378 | movzx eax, word [esi+8] |
1386 | movzx eax, word [esi+8] |
| 1379 | add esi, eax |
1387 | add esi, eax |
| 1380 | jmp .dump_root |
1388 | jmp .dump_root |
| 1381 | .dump_root_done: |
1389 | .dump_root_done: |
| 1382 | ; now dump all subnodes |
1390 | ; now dump all subnodes |
| 1383 | push ecx edi |
1391 | push ecx edi |
| 1384 | mov edi, ntfs_bitmap_buf |
1392 | mov edi, ntfs_bitmap_buf |
| 1385 | mov [ntfs_cur_buf], edi |
1393 | mov [ntfs_cur_buf], edi |
| 1386 | mov ecx, 0x400/4 |
1394 | mov ecx, 0x400/4 |
| 1387 | xor eax, eax |
1395 | xor eax, eax |
| 1388 | rep stosd |
1396 | rep stosd |
| 1389 | mov [ntfs_cur_attr], 0xB0 ; $BITMAP |
1397 | mov [ntfs_cur_attr], 0xB0 ; $BITMAP |
| 1390 | and [ntfs_cur_offs], 0 |
1398 | and [ntfs_cur_offs], 0 |
| 1391 | mov [ntfs_cur_size], 2 |
1399 | mov [ntfs_cur_size], 2 |
| 1392 | call ntfs_read_attr |
1400 | call ntfs_read_attr |
| 1393 | pop edi ecx |
1401 | pop edi ecx |
| 1394 | push 0 ; save offset in $BITMAP attribute |
1402 | push 0 ; save offset in $BITMAP attribute |
| 1395 | and [ntfs_cur_offs], 0 |
1403 | and [ntfs_cur_offs], 0 |
| 1396 | .dumploop: |
1404 | .dumploop: |
| 1397 | mov [ntfs_cur_attr], 0xA0 |
1405 | mov [ntfs_cur_attr], 0xA0 |
| 1398 | mov [ntfs_cur_size], ebp |
1406 | mov [ntfs_cur_size], ebp |
| 1399 | mov eax, [ntfs_data.cur_index_buf] |
1407 | mov eax, [ntfs_data.cur_index_buf] |
| 1400 | mov esi, eax |
1408 | mov esi, eax |
| 1401 | mov [ntfs_cur_buf], eax |
1409 | mov [ntfs_cur_buf], eax |
| 1402 | push [ntfs_cur_offs] |
1410 | push [ntfs_cur_offs] |
| 1403 | mov eax, [ntfs_cur_offs] |
1411 | mov eax, [ntfs_cur_offs] |
| 1404 | imul eax, ebp |
1412 | imul eax, ebp |
| 1405 | mov [ntfs_cur_offs], eax |
1413 | mov [ntfs_cur_offs], eax |
| 1406 | call ntfs_read_attr |
1414 | call ntfs_read_attr |
| 1407 | pop [ntfs_cur_offs] |
1415 | pop [ntfs_cur_offs] |
| 1408 | mov eax, ebp |
1416 | mov eax, ebp |
| 1409 | shl eax, 9 |
1417 | shl eax, 9 |
| 1410 | cmp [ntfs_cur_read], eax |
1418 | cmp [ntfs_cur_read], eax |
| 1411 | jnz .done |
1419 | jnz .done |
| 1412 | push eax |
1420 | push eax |
| 1413 | mov eax, [ntfs_cur_offs] |
1421 | mov eax, [ntfs_cur_offs] |
| 1414 | and eax, 0x400*8-1 |
1422 | and eax, 0x400*8-1 |
| 1415 | bt dword [ntfs_bitmap_buf], eax |
1423 | bt dword [ntfs_bitmap_buf], eax |
| 1416 | pop eax |
1424 | pop eax |
| 1417 | jnc .dump_subnode_done |
1425 | jnc .dump_subnode_done |
| 1418 | cmp dword [esi], 'INDX' |
1426 | cmp dword [esi], 'INDX' |
| 1419 | jnz .dump_subnode_done |
1427 | jnz .dump_subnode_done |
| 1420 | push ebx |
1428 | push ebx |
| 1421 | mov ebx, esi |
1429 | mov ebx, esi |
| 1422 | call ntfs_restore_usa |
1430 | call ntfs_restore_usa |
| 1423 | pop ebx |
1431 | pop ebx |
| 1424 | jc .dump_subnode_done |
1432 | jc .dump_subnode_done |
| 1425 | add esi, 0x18 |
1433 | add esi, 0x18 |
| 1426 | add esi, [esi] |
1434 | add esi, [esi] |
| 1427 | .dump_subnode: |
1435 | .dump_subnode: |
| 1428 | test byte [esi+0Ch], 2 |
1436 | test byte [esi+0Ch], 2 |
| 1429 | jnz .dump_subnode_done |
1437 | jnz .dump_subnode_done |
| 1430 | call .add_entry |
1438 | call .add_entry |
| 1431 | movzx eax, word [esi+8] |
1439 | movzx eax, word [esi+8] |
| 1432 | add esi, eax |
1440 | add esi, eax |
| 1433 | jmp .dump_subnode |
1441 | jmp .dump_subnode |
| 1434 | .dump_subnode_done: |
1442 | .dump_subnode_done: |
| 1435 | inc [ntfs_cur_offs] |
1443 | inc [ntfs_cur_offs] |
| 1436 | test [ntfs_cur_offs], 0x400*8-1 |
1444 | test [ntfs_cur_offs], 0x400*8-1 |
| 1437 | jnz .dumploop |
1445 | jnz .dumploop |
| 1438 | mov [ntfs_cur_attr], 0xB0 |
1446 | mov [ntfs_cur_attr], 0xB0 |
| 1439 | push ecx edi |
1447 | push ecx edi |
| 1440 | mov edi, ntfs_bitmap_buf |
1448 | mov edi, ntfs_bitmap_buf |
| 1441 | mov [ntfs_cur_buf], edi |
1449 | mov [ntfs_cur_buf], edi |
| 1442 | mov ecx, 0x400/4 |
1450 | mov ecx, 0x400/4 |
| 1443 | xor eax, eax |
1451 | xor eax, eax |
| 1444 | rep stosd |
1452 | rep stosd |
| 1445 | pop edi ecx |
1453 | pop edi ecx |
| 1446 | pop eax |
1454 | pop eax |
| 1447 | push [ntfs_cur_offs] |
1455 | push [ntfs_cur_offs] |
| 1448 | inc eax |
1456 | inc eax |
| 1449 | mov [ntfs_cur_offs], eax |
1457 | mov [ntfs_cur_offs], eax |
| 1450 | mov [ntfs_cur_size], 2 |
1458 | mov [ntfs_cur_size], 2 |
| 1451 | push eax |
1459 | push eax |
| 1452 | call ntfs_read_attr |
1460 | call ntfs_read_attr |
| 1453 | pop eax |
1461 | pop eax |
| 1454 | pop [ntfs_cur_offs] |
1462 | pop [ntfs_cur_offs] |
| 1455 | push eax |
1463 | push eax |
| 1456 | jmp .dumploop |
1464 | jmp .dumploop |
| 1457 | .done: |
1465 | .done: |
| 1458 | pop eax |
1466 | pop eax |
| 1459 | pop edx |
1467 | pop edx |
| 1460 | mov ebx, [edx+4] |
1468 | mov ebx, [edx+4] |
| 1461 | pop edx |
1469 | pop edx |
| 1462 | xor eax, eax |
1470 | xor eax, eax |
| 1463 | dec ecx |
1471 | dec ecx |
| 1464 | js @f |
1472 | js @f |
| 1465 | mov al, ERROR_END_OF_FILE |
1473 | mov al, ERROR_END_OF_FILE |
| 1466 | @@: |
1474 | @@: |
| 1467 | mov [esp+1Ch], eax |
1475 | mov [esp+1Ch], eax |
| 1468 | mov [esp+10h], ebx |
1476 | mov [esp+10h], ebx |
| 1469 | popad |
1477 | popad |
| 1470 | ret |
1478 | ret |
| 1471 | 1479 | ||
| 1472 | .add_special_entry: |
1480 | .add_special_entry: |
| 1473 | mov eax, [edx] |
1481 | mov eax, [edx] |
| 1474 | inc dword [eax+8] ; new file found |
1482 | inc dword [eax+8] ; new file found |
| 1475 | dec ebx |
1483 | dec ebx |
| 1476 | jns .ret |
1484 | jns .ret |
| 1477 | dec ecx |
1485 | dec ecx |
| 1478 | js .ret |
1486 | js .ret |
| 1479 | inc dword [eax+4] ; new file block copied |
1487 | inc dword [eax+4] ; new file block copied |
| 1480 | mov eax, [edx+4] |
1488 | mov eax, [edx+4] |
| 1481 | mov [edi+4], eax |
1489 | mov [edi+4], eax |
| 1482 | ; mov eax, dword [ntfs_bitmap_buf+0x20] |
1490 | ; mov eax, dword [ntfs_bitmap_buf+0x20] |
| 1483 | ; or al, 0x10 |
1491 | ; or al, 0x10 |
| 1484 | mov eax, 0x10 |
1492 | mov eax, 0x10 |
| 1485 | stosd |
1493 | stosd |
| 1486 | scasd |
1494 | scasd |
| 1487 | push edx |
1495 | push edx |
| 1488 | mov eax, dword [ntfs_bitmap_buf] |
1496 | mov eax, dword [ntfs_bitmap_buf] |
| 1489 | mov edx, dword [ntfs_bitmap_buf+4] |
1497 | mov edx, dword [ntfs_bitmap_buf+4] |
| 1490 | call ntfs_datetime_to_bdfe |
1498 | call ntfs_datetime_to_bdfe |
| 1491 | mov eax, dword [ntfs_bitmap_buf+0x18] |
1499 | mov eax, dword [ntfs_bitmap_buf+0x18] |
| 1492 | mov edx, dword [ntfs_bitmap_buf+0x1C] |
1500 | mov edx, dword [ntfs_bitmap_buf+0x1C] |
| 1493 | call ntfs_datetime_to_bdfe |
1501 | call ntfs_datetime_to_bdfe |
| 1494 | mov eax, dword [ntfs_bitmap_buf+8] |
1502 | mov eax, dword [ntfs_bitmap_buf+8] |
| 1495 | mov edx, dword [ntfs_bitmap_buf+0xC] |
1503 | mov edx, dword [ntfs_bitmap_buf+0xC] |
| 1496 | call ntfs_datetime_to_bdfe |
1504 | call ntfs_datetime_to_bdfe |
| 1497 | pop edx |
1505 | pop edx |
| 1498 | xor eax, eax |
1506 | xor eax, eax |
| 1499 | stosd |
1507 | stosd |
| 1500 | stosd |
1508 | stosd |
| 1501 | mov al, '.' |
1509 | mov al, '.' |
| 1502 | push edi ecx |
1510 | push edi ecx |
| 1503 | lea ecx, [esi+1] |
1511 | lea ecx, [esi+1] |
| 1504 | test byte [edi-0x24], 1 |
1512 | test byte [edi-0x24], 1 |
| 1505 | jz @f |
1513 | jz @f |
| 1506 | rep stosw |
1514 | rep stosw |
| 1507 | pop ecx |
1515 | pop ecx |
| 1508 | xor eax, eax |
1516 | xor eax, eax |
| 1509 | stosw |
1517 | stosw |
| 1510 | pop edi |
1518 | pop edi |
| 1511 | add edi, 520 |
1519 | add edi, 520 |
| 1512 | ret |
1520 | ret |
| 1513 | @@: |
1521 | @@: |
| 1514 | rep stosb |
1522 | rep stosb |
| 1515 | pop ecx |
1523 | pop ecx |
| 1516 | xor eax, eax |
1524 | xor eax, eax |
| 1517 | stosb |
1525 | stosb |
| 1518 | pop edi |
1526 | pop edi |
| 1519 | add edi, 264 |
1527 | add edi, 264 |
| 1520 | .ret: |
1528 | .ret: |
| 1521 | ret |
1529 | ret |
| 1522 | 1530 | ||
| 1523 | .add_entry: |
1531 | .add_entry: |
| 1524 | ; do not return DOS 8.3 names |
1532 | ; do not return DOS 8.3 names |
| 1525 | cmp byte [esi+0x51], 2 |
1533 | cmp byte [esi+0x51], 2 |
| 1526 | jz .ret |
1534 | jz .ret |
| 1527 | ; do not return system files |
1535 | ; do not return system files |
| 1528 | ; ... note that there will be no bad effects if system files also were reported ... |
1536 | ; ... note that there will be no bad effects if system files also were reported ... |
| 1529 | cmp dword [esi], 0x10 |
1537 | cmp dword [esi], 0x10 |
| 1530 | jb .ret |
1538 | jb .ret |
| 1531 | mov eax, [edx] |
1539 | mov eax, [edx] |
| 1532 | inc dword [eax+8] ; new file found |
1540 | inc dword [eax+8] ; new file found |
| 1533 | dec ebx |
1541 | dec ebx |
| 1534 | jns .ret |
1542 | jns .ret |
| 1535 | dec ecx |
1543 | dec ecx |
| 1536 | js .ret |
1544 | js .ret |
| 1537 | inc dword [eax+4] ; new file block copied |
1545 | inc dword [eax+4] ; new file block copied |
| 1538 | mov eax, [edx+4] ; flags |
1546 | mov eax, [edx+4] ; flags |
| 1539 | call ntfs_direntry_to_bdfe |
1547 | call ntfs_direntry_to_bdfe |
| 1540 | push ecx esi edi |
1548 | push ecx esi edi |
| 1541 | movzx ecx, byte [esi+0x50] |
1549 | movzx ecx, byte [esi+0x50] |
| 1542 | add esi, 0x52 |
1550 | add esi, 0x52 |
| 1543 | test byte [edi-0x24], 1 |
1551 | test byte [edi-0x24], 1 |
| 1544 | jz .ansi |
1552 | jz .ansi |
| 1545 | shr ecx, 1 |
1553 | shr ecx, 1 |
| 1546 | rep movsd |
1554 | rep movsd |
| 1547 | adc ecx, ecx |
1555 | adc ecx, ecx |
| 1548 | rep movsw |
1556 | rep movsw |
| 1549 | and word [edi], 0 |
1557 | and word [edi], 0 |
| 1550 | pop edi |
1558 | pop edi |
| 1551 | add edi, 520 |
1559 | add edi, 520 |
| 1552 | pop esi ecx |
1560 | pop esi ecx |
| 1553 | ret |
1561 | ret |
| 1554 | .ansi: |
1562 | .ansi: |
| 1555 | jecxz .skip |
1563 | jecxz .skip |
| 1556 | @@: |
1564 | @@: |
| 1557 | lodsw |
1565 | lodsw |
| 1558 | call uni2ansi_char |
1566 | call uni2ansi_char |
| 1559 | stosb |
1567 | stosb |
| 1560 | loop @b |
1568 | loop @b |
| 1561 | .skip: |
1569 | .skip: |
| 1562 | xor al, al |
1570 | xor al, al |
| 1563 | stosb |
1571 | stosb |
| 1564 | pop edi |
1572 | pop edi |
| 1565 | add edi, 264 |
1573 | add edi, 264 |
| 1566 | pop esi ecx |
1574 | pop esi ecx |
| 1567 | ret |
1575 | ret |
| 1568 | 1576 | ||
| 1569 | ntfs_direntry_to_bdfe: |
1577 | ntfs_direntry_to_bdfe: |
| 1570 | mov [edi+4], eax ; ANSI/UNICODE name |
1578 | mov [edi+4], eax ; ANSI/UNICODE name |
| 1571 | mov eax, [esi+48h] |
1579 | mov eax, [esi+48h] |
| 1572 | test eax, 0x10000000 |
1580 | test eax, 0x10000000 |
| 1573 | jz @f |
1581 | jz @f |
| 1574 | and eax, not 0x10000000 |
1582 | and eax, not 0x10000000 |
| 1575 | or al, 0x10 |
1583 | or al, 0x10 |
| 1576 | @@: |
1584 | @@: |
| 1577 | stosd |
1585 | stosd |
| 1578 | scasd |
1586 | scasd |
| 1579 | push edx |
1587 | push edx |
| 1580 | mov eax, [esi+0x18] |
1588 | mov eax, [esi+0x18] |
| 1581 | mov edx, [esi+0x1C] |
1589 | mov edx, [esi+0x1C] |
| 1582 | call ntfs_datetime_to_bdfe |
1590 | call ntfs_datetime_to_bdfe |
| 1583 | mov eax, [esi+0x30] |
1591 | mov eax, [esi+0x30] |
| 1584 | mov edx, [esi+0x34] |
1592 | mov edx, [esi+0x34] |
| 1585 | call ntfs_datetime_to_bdfe |
1593 | call ntfs_datetime_to_bdfe |
| 1586 | mov eax, [esi+0x20] |
1594 | mov eax, [esi+0x20] |
| 1587 | mov edx, [esi+0x24] |
1595 | mov edx, [esi+0x24] |
| 1588 | call ntfs_datetime_to_bdfe |
1596 | call ntfs_datetime_to_bdfe |
| 1589 | pop edx |
1597 | pop edx |
| 1590 | mov eax, [esi+0x40] |
1598 | mov eax, [esi+0x40] |
| 1591 | stosd |
1599 | stosd |
| 1592 | mov eax, [esi+0x44] |
1600 | mov eax, [esi+0x44] |
| 1593 | stosd |
1601 | stosd |
| 1594 | ret |
1602 | ret |
| 1595 | 1603 | ||
| 1596 | iglobal |
1604 | iglobal |
| 1597 | _24 dd 24 |
1605 | _24 dd 24 |
| 1598 | _60 dd 60 |
1606 | _60 dd 60 |
| 1599 | _10000000 dd 10000000 |
1607 | _10000000 dd 10000000 |
| 1600 | days400year dd 365*400+100-4+1 |
1608 | days400year dd 365*400+100-4+1 |
| 1601 | days100year dd 365*100+25-1 |
1609 | days100year dd 365*100+25-1 |
| 1602 | days4year dd 365*4+1 |
1610 | days4year dd 365*4+1 |
| 1603 | days1year dd 365 |
1611 | days1year dd 365 |
| 1604 | months dd 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 |
1612 | months dd 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 |
| 1605 | months2 dd 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 |
1613 | months2 dd 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 |
| 1606 | _400 dd 400 |
1614 | _400 dd 400 |
| 1607 | _100 dd 100 |
1615 | _100 dd 100 |
| 1608 | endg |
1616 | endg |
| 1609 | 1617 | ||
| 1610 | ntfs_datetime_to_bdfe: |
1618 | ntfs_datetime_to_bdfe: |
| 1611 | ; edx:eax = number of 100-nanosecond intervals since January 1, 1601, in UTC |
1619 | ; edx:eax = number of 100-nanosecond intervals since January 1, 1601, in UTC |
| 1612 | push eax |
1620 | push eax |
| 1613 | mov eax, edx |
1621 | mov eax, edx |
| 1614 | xor edx, edx |
1622 | xor edx, edx |
| 1615 | div [_10000000] |
1623 | div [_10000000] |
| 1616 | xchg eax, [esp] |
1624 | xchg eax, [esp] |
| 1617 | div [_10000000] |
1625 | div [_10000000] |
| 1618 | pop edx |
1626 | pop edx |
| 1619 | ; edx:eax = number of seconds since January 1, 1601 |
1627 | ; edx:eax = number of seconds since January 1, 1601 |
| 1620 | push eax |
1628 | push eax |
| 1621 | mov eax, edx |
1629 | mov eax, edx |
| 1622 | xor edx, edx |
1630 | xor edx, edx |
| 1623 | div [_60] |
1631 | div [_60] |
| 1624 | xchg eax, [esp] |
1632 | xchg eax, [esp] |
| 1625 | div [_60] |
1633 | div [_60] |
| 1626 | mov [edi], dl |
1634 | mov [edi], dl |
| 1627 | pop edx |
1635 | pop edx |
| 1628 | ; edx:eax = number of minutes |
1636 | ; edx:eax = number of minutes |
| 1629 | div [_60] |
1637 | div [_60] |
| 1630 | mov [edi+1], dl |
1638 | mov [edi+1], dl |
| 1631 | ; eax = number of hours (note that 2^64/(10^7*60*60) < 2^32) |
1639 | ; eax = number of hours (note that 2^64/(10^7*60*60) < 2^32) |
| 1632 | xor edx, edx |
1640 | xor edx, edx |
| 1633 | div [_24] |
1641 | div [_24] |
| 1634 | mov [edi+2], dl |
1642 | mov [edi+2], dl |
| 1635 | mov [edi+3], byte 0 |
1643 | mov [edi+3], byte 0 |
| 1636 | ; eax = number of days since January 1, 1601 |
1644 | ; eax = number of days since January 1, 1601 |
| 1637 | xor edx, edx |
1645 | xor edx, edx |
| 1638 | div [days400year] |
1646 | div [days400year] |
| 1639 | imul eax, 400 |
1647 | imul eax, 400 |
| 1640 | add eax, 1601 |
1648 | add eax, 1601 |
| 1641 | mov [edi+6], ax |
1649 | mov [edi+6], ax |
| 1642 | mov eax, edx |
1650 | mov eax, edx |
| 1643 | xor edx, edx |
1651 | xor edx, edx |
| 1644 | div [days100year] |
1652 | div [days100year] |
| 1645 | cmp al, 4 |
1653 | cmp al, 4 |
| 1646 | jnz @f |
1654 | jnz @f |
| 1647 | dec eax |
1655 | dec eax |
| 1648 | add edx, [days100year] |
1656 | add edx, [days100year] |
| 1649 | @@: |
1657 | @@: |
| 1650 | imul eax, 100 |
1658 | imul eax, 100 |
| 1651 | add [edi+6], ax |
1659 | add [edi+6], ax |
| 1652 | mov eax, edx |
1660 | mov eax, edx |
| 1653 | xor edx, edx |
1661 | xor edx, edx |
| 1654 | div [days4year] |
1662 | div [days4year] |
| 1655 | shl eax, 2 |
1663 | shl eax, 2 |
| 1656 | add [edi+6], ax |
1664 | add [edi+6], ax |
| 1657 | mov eax, edx |
1665 | mov eax, edx |
| 1658 | xor edx, edx |
1666 | xor edx, edx |
| 1659 | div [days1year] |
1667 | div [days1year] |
| 1660 | cmp al, 4 |
1668 | cmp al, 4 |
| 1661 | jnz @f |
1669 | jnz @f |
| 1662 | dec eax |
1670 | dec eax |
| 1663 | add edx, [days1year] |
1671 | add edx, [days1year] |
| 1664 | @@: |
1672 | @@: |
| 1665 | add [edi+6], ax |
1673 | add [edi+6], ax |
| 1666 | push esi edx |
1674 | push esi edx |
| 1667 | mov esi, months |
1675 | mov esi, months |
| 1668 | movzx eax, word [edi+6] |
1676 | movzx eax, word [edi+6] |
| 1669 | test al, 3 |
1677 | test al, 3 |
| 1670 | jnz .noleap |
1678 | jnz .noleap |
| 1671 | xor edx, edx |
1679 | xor edx, edx |
| 1672 | push eax |
1680 | push eax |
| 1673 | div [_400] |
1681 | div [_400] |
| 1674 | pop eax |
1682 | pop eax |
| 1675 | test edx, edx |
1683 | test edx, edx |
| 1676 | jz .leap |
1684 | jz .leap |
| 1677 | xor edx, edx |
1685 | xor edx, edx |
| 1678 | div [_100] |
1686 | div [_100] |
| 1679 | test edx, edx |
1687 | test edx, edx |
| 1680 | jz .noleap |
1688 | jz .noleap |
| 1681 | .leap: |
1689 | .leap: |
| 1682 | mov esi, months2 |
1690 | mov esi, months2 |
| 1683 | .noleap: |
1691 | .noleap: |
| 1684 | pop edx |
1692 | pop edx |
| 1685 | xor eax, eax |
1693 | xor eax, eax |
| 1686 | inc eax |
1694 | inc eax |
| 1687 | @@: |
1695 | @@: |
| 1688 | sub edx, [esi] |
1696 | sub edx, [esi] |
| 1689 | jb @f |
1697 | jb @f |
| 1690 | add esi, 4 |
1698 | add esi, 4 |
| 1691 | inc eax |
1699 | inc eax |
| 1692 | jmp @b |
1700 | jmp @b |
| 1693 | @@: |
1701 | @@: |
| 1694 | add edx, [esi] |
1702 | add edx, [esi] |
| 1695 | pop esi |
1703 | pop esi |
| 1696 | inc edx |
1704 | inc edx |
| 1697 | mov [edi+4], dl |
1705 | mov [edi+4], dl |
| 1698 | mov [edi+5], al |
1706 | mov [edi+5], al |
| 1699 | add edi, 8 |
1707 | add edi, 8 |
| 1700 | ret |
1708 | ret |
| 1701 | 1709 | ||
| 1702 | ;---------------------------------------------------------------- |
1710 | ;---------------------------------------------------------------- |
| 1703 | ; |
1711 | ; |
| 1704 | ; ntfs_HdRewrite - write to NTFS hard disk |
1712 | ; ntfs_HdRewrite - write to NTFS hard disk |
| 1705 | ; |
1713 | ; |
| 1706 | ; esi points to filename |
1714 | ; esi points to filename |
| 1707 | ; ebx ignored (reserved) |
1715 | ; ebx ignored (reserved) |
| 1708 | ; ecx number of bytes to write, 0+ |
1716 | ; ecx number of bytes to write, 0+ |
| 1709 | ; edx mem location to data |
1717 | ; edx mem location to data |
| 1710 | ; |
1718 | ; |
| 1711 | ; ret ebx = number of written bytes |
1719 | ; ret ebx = number of written bytes |
| 1712 | ; eax = 0 ok read or other = errormsg |
1720 | ; eax = 0 ok read or other = errormsg |
| 1713 | ; |
1721 | ; |
| 1714 | ;-------------------------------------------------------------- |
1722 | ;-------------------------------------------------------------- |
| 1715 | ntfs_HdRewrite: |
1723 | ntfs_HdRewrite: |
| 1716 | xor ebx, ebx |
1724 | xor ebx, ebx |
| 1717 | mov eax, ERROR_UNSUPPORTED_FS |
1725 | mov eax, ERROR_UNSUPPORTED_FS |
| 1718 | ret |
1726 | ret |
| 1719 | 1727 | ||
| 1720 | ;---------------------------------------------------------------- |
1728 | ;---------------------------------------------------------------- |
| 1721 | ; |
1729 | ; |
| 1722 | ; ntfs_HdWrite - write to NTFS hard disk |
1730 | ; ntfs_HdWrite - write to NTFS hard disk |
| 1723 | ; |
1731 | ; |
| 1724 | ; esi points to filename |
1732 | ; esi points to filename |
| 1725 | ; ebx pointer to 64-bit number = first wanted byte, 0+ |
1733 | ; ebx pointer to 64-bit number = first wanted byte, 0+ |
| 1726 | ; may be ebx=0 - start from first byte |
1734 | ; may be ebx=0 - start from first byte |
| 1727 | ; ecx number of bytes to write, 0+ |
1735 | ; ecx number of bytes to write, 0+ |
| 1728 | ; edx mem location to data |
1736 | ; edx mem location to data |
| 1729 | ; |
1737 | ; |
| 1730 | ; ret ebx = bytes written (maybe 0) |
1738 | ; ret ebx = bytes written (maybe 0) |
| 1731 | ; eax = 0 ok write or other = errormsg |
1739 | ; eax = 0 ok write or other = errormsg |
| 1732 | ; |
1740 | ; |
| 1733 | ;-------------------------------------------------------------- |
1741 | ;-------------------------------------------------------------- |
| 1734 | ntfs_HdWrite: |
1742 | ntfs_HdWrite: |
| 1735 | xor ebx, ebx |
1743 | xor ebx, ebx |
| 1736 | mov eax, ERROR_UNSUPPORTED_FS |
1744 | mov eax, ERROR_UNSUPPORTED_FS |
| 1737 | ret |
1745 | ret |
| 1738 | 1746 | ||
| 1739 | ;---------------------------------------------------------------- |
1747 | ;---------------------------------------------------------------- |
| 1740 | ; |
1748 | ; |
| 1741 | ; ntfs_HdSetFileEnd - set end of file on NTFS hard disk |
1749 | ; ntfs_HdSetFileEnd - set end of file on NTFS hard disk |
| 1742 | ; |
1750 | ; |
| 1743 | ; esi points to filename |
1751 | ; esi points to filename |
| 1744 | ; ebx points to 64-bit number = new file size |
1752 | ; ebx points to 64-bit number = new file size |
| 1745 | ; ecx ignored (reserved) |
1753 | ; ecx ignored (reserved) |
| 1746 | ; edx ignored (reserved) |
1754 | ; edx ignored (reserved) |
| 1747 | ; |
1755 | ; |
| 1748 | ; ret eax = 0 ok or other = errormsg |
1756 | ; ret eax = 0 ok or other = errormsg |
| 1749 | ; |
1757 | ; |
| 1750 | ;-------------------------------------------------------------- |
1758 | ;-------------------------------------------------------------- |
| 1751 | ntfs_HdSetFileEnd: |
1759 | ntfs_HdSetFileEnd: |
| 1752 | ntfs_HdSetFileInfo: |
1760 | ntfs_HdSetFileInfo: |
| 1753 | ;---------------------------------------------------------------- |
1761 | ;---------------------------------------------------------------- |
| 1754 | ; |
1762 | ; |
| 1755 | ; ntfs_HdDelete - delete file or empty folder from NTFS hard disk |
1763 | ; ntfs_HdDelete - delete file or empty folder from NTFS hard disk |
| 1756 | ; |
1764 | ; |
| 1757 | ; esi points to filename |
1765 | ; esi points to filename |
| 1758 | ; |
1766 | ; |
| 1759 | ; ret eax = 0 ok or other = errormsg |
1767 | ; ret eax = 0 ok or other = errormsg |
| 1760 | ; |
1768 | ; |
| 1761 | ;-------------------------------------------------------------- |
1769 | ;-------------------------------------------------------------- |
| 1762 | ntfs_HdDelete: |
1770 | ntfs_HdDelete: |
| 1763 | mov eax, ERROR_UNSUPPORTED_FS |
1771 | mov eax, ERROR_UNSUPPORTED_FS |
| 1764 | ret |
1772 | ret |
| 1765 | 1773 | ||
| 1766 | ntfs_HdGetFileInfo: |
1774 | ntfs_HdGetFileInfo: |
| 1767 | cmp byte [esi], 0 |
1775 | cmp byte [esi], 0 |
| 1768 | jnz @f |
1776 | jnz @f |
| 1769 | push 2 |
1777 | push 2 |
| 1770 | pop eax |
1778 | pop eax |
| 1771 | ret |
1779 | ret |
| 1772 | @@: |
1780 | @@: |
| 1773 | call ntfs_find_lfn |
1781 | call ntfs_find_lfn |
| 1774 | jnc .doit |
1782 | jnc .doit |
| 1775 | push ERROR_FILE_NOT_FOUND |
1783 | push ERROR_FILE_NOT_FOUND |
| 1776 | pop eax |
1784 | pop eax |
| 1777 | cmp [hd_error], 0 |
1785 | cmp [hd_error], 0 |
| 1778 | jz @f |
1786 | jz @f |
| 1779 | mov al, 11 |
1787 | mov al, 11 |
| 1780 | @@: |
1788 | @@: |
| 1781 | ret |
1789 | ret |
| 1782 | .doit: |
1790 | .doit: |
| 1783 | push esi edi |
1791 | push esi edi |
| 1784 | mov esi, eax |
1792 | mov esi, eax |
| 1785 | mov edi, edx |
1793 | mov edi, edx |
| 1786 | xor eax, eax |
1794 | xor eax, eax |
| 1787 | call ntfs_direntry_to_bdfe |
1795 | call ntfs_direntry_to_bdfe |
| 1788 | pop edi esi |
1796 | pop edi esi |
| 1789 | xor eax, eax |
1797 | xor eax, eax |
| 1790 | ret |
1798 | ret |