Rev 6292 | Rev 6340 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 6292 | Rev 6297 | ||
|---|---|---|---|
| Line 3... | Line 3... | ||
| 3 | ;; Copyright (C) KolibriOS team 2004-2016. All rights reserved. ;; |
3 | ;; Copyright (C) KolibriOS team 2004-2016. All rights reserved. ;; |
| 4 | ;; Distributed under terms of the GNU General Public License ;; |
4 | ;; Distributed under terms of the GNU General Public License ;; |
| 5 | ;; ;; |
5 | ;; ;; |
| 6 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; |
6 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; |
| Line 7... | Line 7... | ||
| 7 | 7 | ||
| Line 8... | Line 8... | ||
| 8 | $Revision: 6292 $ |
8 | $Revision: 6297 $ |
| Line 9... | Line 9... | ||
| 9 | 9 | ||
| 10 | ; NTFS driver |
10 | ; NTFS driver |
| Line 81... | Line 81... | ||
| 81 | indexAllocatedSize = 8 |
81 | indexAllocatedSize = 8 |
| 82 | indexRawSize = 10 |
82 | indexRawSize = 10 |
| 83 | indexFlags = 12 |
83 | indexFlags = 12 |
| 84 | directoryRecordReference = 16 |
84 | directoryRecordReference = 16 |
| 85 | directoryReferenceReuse = 16h |
85 | directoryReferenceReuse = 16h |
| - | 86 | fileCreated = 18h |
|
| - | 87 | fileModified = 20h |
|
| - | 88 | recordModified = 28h |
|
| - | 89 | fileAccessed = 30h |
|
| 86 | fileAllocatedSize = 38h |
90 | fileAllocatedSize = 38h |
| 87 | fileRealSize = 40h |
91 | fileRealSize = 40h |
| 88 | fileFlags = 48h |
92 | fileFlags = 48h |
| 89 | fileNameLength = 50h |
93 | fileNameLength = 50h |
| - | 94 | namespace = 51h |
|
| - | 95 | fileName = 52h |
|
| Line 90... | Line 96... | ||
| 90 | 96 | ||
| 91 | struct NTFS PARTITION |
97 | struct NTFS PARTITION |
| 92 | Lock MUTEX ? ; Currently operations with one partition |
98 | Lock MUTEX ? ; Currently operations with one partition |
| 93 | ; can not be executed in parallel since the legacy code is not ready. |
99 | ; can not be executed in parallel since the legacy code is not ready. |
| Line 273... | Line 279... | ||
| 273 | call ntfs_test_bootsec |
279 | call ntfs_test_bootsec |
| 274 | jnc .ntfs_setup |
280 | jnc .ntfs_setup |
| 275 | .nope: |
281 | .nope: |
| 276 | xor eax, eax |
282 | xor eax, eax |
| 277 | jmp .exit |
283 | jmp .exit |
| - | 284 | ||
| 278 | ; By given bootsector, initialize some NTFS variables |
285 | ; By given bootsector, initialize some NTFS variables |
| 279 | .ntfs_setup: |
286 | .ntfs_setup: |
| 280 | movi eax, sizeof.NTFS |
287 | movi eax, sizeof.NTFS |
| 281 | call malloc |
288 | call malloc |
| 282 | test eax, eax |
289 | test eax, eax |
| Line 307... | Line 314... | ||
| 307 | test eax, eax |
314 | test eax, eax |
| 308 | js @f |
315 | js @f |
| 309 | mul [ebp+NTFS.sectors_per_cluster] |
316 | mul [ebp+NTFS.sectors_per_cluster] |
| 310 | shl eax, 9 |
317 | shl eax, 9 |
| 311 | jmp .1 |
318 | jmp .1 |
| - | 319 | ||
| 312 | @@: |
320 | @@: |
| 313 | neg eax |
321 | neg eax |
| 314 | mov ecx, eax |
322 | mov ecx, eax |
| 315 | mov eax, 1 |
323 | mov eax, 1 |
| 316 | shl eax, cl |
324 | shl eax, cl |
| Line 362... | Line 370... | ||
| 362 | cmp byte [eax+9], 0 |
370 | cmp byte [eax+9], 0 |
| 363 | jz .founddata |
371 | jz .founddata |
| 364 | @@: |
372 | @@: |
| 365 | add eax, [eax+4] |
373 | add eax, [eax+4] |
| 366 | jmp .scandata |
374 | jmp .scandata |
| - | 375 | ||
| 367 | .founddata: |
376 | .founddata: |
| 368 | cmp byte [eax+8], 0 |
377 | cmp byte [eax+8], 0 |
| 369 | jz .fail_free_mft |
378 | jz .fail_free_mft |
| 370 | ; load first portion of $DATA attribute retrieval information |
379 | ; load first portion of $DATA attribute retrieval information |
| 371 | mov edx, [eax+0x18] |
380 | mov edx, [eax+0x18] |
| Line 382... | Line 391... | ||
| 382 | mov [eax], edx |
391 | mov [eax], edx |
| 383 | mov edx, [esp+8] ; block addr (relative) |
392 | mov edx, [esp+8] ; block addr (relative) |
| 384 | mov [eax+4], edx |
393 | mov [eax+4], edx |
| 385 | inc [ebp+NTFS.mft_retrieval_size] |
394 | inc [ebp+NTFS.mft_retrieval_size] |
| 386 | jmp .scanmcb |
395 | jmp .scanmcb |
| - | 396 | ||
| 387 | .scanmcbend: |
397 | .scanmcbend: |
| 388 | add esp, 10h |
398 | add esp, 10h |
| 389 | ; there may be other portions of $DATA attribute in auxiliary records; |
399 | ; there may be other portions of $DATA attribute in auxiliary records; |
| 390 | ; if they will be needed, they will be loaded later |
400 | ; if they will be needed, they will be loaded later |
| 391 | mov [ebp+NTFS.cur_index_size], 0x1000/0x200 |
401 | mov [ebp+NTFS.cur_index_size], 0x1000/0x200 |
| Line 496... | Line 506... | ||
| 496 | test eax, eax |
506 | test eax, eax |
| 497 | jnz @f |
507 | jnz @f |
| 498 | popad |
508 | popad |
| 499 | add esp, 14h |
509 | add esp, 14h |
| 500 | jmp .fail_free_mft |
510 | jmp .fail_free_mft |
| - | 511 | ||
| 501 | @@: |
512 | @@: |
| 502 | mov esi, [ebp+NTFS.mft_retrieval] |
513 | mov esi, [ebp+NTFS.mft_retrieval] |
| 503 | mov edi, eax |
514 | mov edi, eax |
| 504 | mov ecx, [ebp+NTFS.mft_retrieval_size] |
515 | mov ecx, [ebp+NTFS.mft_retrieval_size] |
| 505 | add ecx, ecx |
516 | add ecx, ecx |
| Line 599... | Line 610... | ||
| 599 | add eax, [ebp+NTFS.mft_retrieval] |
610 | add eax, [ebp+NTFS.mft_retrieval] |
| 600 | cmp eax, esi |
611 | cmp eax, esi |
| 601 | pop eax |
612 | pop eax |
| 602 | jnz .mftscan |
613 | jnz .mftscan |
| 603 | jmp .nomft |
614 | jmp .nomft |
| - | 615 | ||
| 604 | @@: |
616 | @@: |
| 605 | push ecx |
617 | push ecx |
| 606 | add ecx, eax |
618 | add ecx, eax |
| 607 | add ecx, [esi] |
619 | add ecx, [esi] |
| 608 | push eax |
620 | push eax |
| Line 647... | Line 659... | ||
| 647 | add eax, [ebp+NTFS.mft_retrieval] |
659 | add eax, [ebp+NTFS.mft_retrieval] |
| 648 | cmp eax, esi |
660 | cmp eax, esi |
| 649 | pop eax |
661 | pop eax |
| 650 | jz .nomft |
662 | jz .nomft |
| 651 | jmp .mftscan |
663 | jmp .mftscan |
| 652 | @@: |
664 | |
| - | 665 | .errret2_pop: |
|
| 653 | popad |
666 | xor eax, eax |
| - | 667 | .errret_pop: |
|
| 654 | ret |
668 | pop ecx |
| 655 | .errread: |
669 | .errread: |
| 656 | pop ecx |
670 | pop ecx |
| 657 | .errret: |
671 | .errret: |
| 658 | mov [esp+28], eax |
672 | mov [esp+28], eax |
| 659 | stc |
673 | stc |
| - | 674 | @@: |
|
| 660 | popad |
675 | popad |
| 661 | ret |
676 | ret |
| - | 677 | ||
| 662 | .nomft: |
678 | .nomft: |
| 663 | ; 1. Read file record. |
679 | ; 1. Read file record. |
| 664 | ; N.B. This will do recursive call of read_attr for $MFT::$Data. |
680 | ; N.B. This will do recursive call of read_attr for $MFT::$Data. |
| 665 | mov eax, [ebp+NTFS.cur_iRecord] |
681 | mov eax, [ebp+NTFS.cur_iRecord] |
| 666 | mov [ebp+NTFS.attr_iRecord], eax |
682 | mov [ebp+NTFS.attr_iRecord], eax |
| Line 673... | Line 689... | ||
| 673 | ; 2. Find required attribute. |
689 | ; 2. Find required attribute. |
| 674 | mov eax, [ebp+NTFS.frs_buffer] |
690 | mov eax, [ebp+NTFS.frs_buffer] |
| 675 | ; a) For auxiliary records, read base record. |
691 | ; a) For auxiliary records, read base record. |
| 676 | ; If base record is present, base iRecord may be 0 (for $Mft), |
692 | ; If base record is present, base iRecord may be 0 (for $Mft), |
| 677 | ; but SequenceNumber is nonzero. |
693 | ; but SequenceNumber is nonzero. |
| 678 | cmp dword [eax+24h], 0 |
694 | cmp word [eax+baseRecordReuse], 0 |
| 679 | jz @f |
695 | jz @f |
| 680 | mov eax, [eax+20h] |
696 | mov eax, [eax+baseRecordReference] |
| 681 | .beginfindattr: |
697 | .beginfindattr: |
| 682 | mov [ebp+NTFS.attr_iRecord], eax |
698 | mov [ebp+NTFS.attr_iRecord], eax |
| 683 | call ntfs_read_file_record |
699 | call ntfs_read_file_record |
| 684 | jc .errret |
700 | jc .errret |
| 685 | jmp @f |
701 | jmp @f |
| - | 702 | ||
| 686 | .newAttribute: |
703 | .newAttribute: |
| 687 | pushad |
704 | pushad |
| - | 705 | and [ebp+NTFS.cur_read], 0 |
|
| 688 | @@: |
706 | @@: |
| 689 | ; b) Scan for required attribute and for $ATTR_LIST |
707 | ; b) Scan for required attribute and for $ATTR_LIST |
| 690 | mov eax, [ebp+NTFS.frs_buffer] |
708 | mov eax, [ebp+NTFS.frs_buffer] |
| 691 | movzx ecx, word [eax+14h] |
709 | movzx ecx, word [eax+attributeOffset] |
| 692 | add eax, ecx |
710 | add eax, ecx |
| 693 | mov ecx, [ebp+NTFS.cur_attr] |
711 | mov ecx, [ebp+NTFS.cur_attr] |
| 694 | and [ebp+NTFS.attr_offs], 0 |
712 | and [ebp+NTFS.attr_offs], 0 |
| 695 | .scanattr: |
713 | .scanattr: |
| 696 | cmp dword [eax], -1 |
714 | cmp dword [eax], -1 |
| Line 701... | Line 719... | ||
| 701 | jnz .scancont |
719 | jnz .scancont |
| 702 | cmp dword [eax], 0x20 ; $ATTR_LIST |
720 | cmp dword [eax], 0x20 ; $ATTR_LIST |
| 703 | jnz .scancont |
721 | jnz .scancont |
| 704 | mov [ebp+NTFS.attr_list], eax |
722 | mov [ebp+NTFS.attr_list], eax |
| 705 | jmp .scancont |
723 | jmp .scancont |
| - | 724 | ||
| 706 | .okattr: |
725 | .okattr: |
| 707 | ; ignore named $DATA attributes (aka NTFS streams) |
726 | ; ignore named $DATA attributes (aka NTFS streams) |
| 708 | cmp ecx, 0x80 |
727 | cmp ecx, 0x80 |
| 709 | jnz @f |
728 | jnz @f |
| 710 | cmp byte [eax+9], 0 |
729 | cmp byte [eax+nameLength], 0 |
| 711 | jnz .scancont |
730 | jnz .scancont |
| 712 | @@: |
731 | @@: |
| 713 | mov [ebp+NTFS.attr_offs], eax |
732 | mov [ebp+NTFS.attr_offs], eax |
| 714 | .scancont: |
733 | .scancont: |
| 715 | add eax, [eax+4] |
734 | add eax, [eax+sizeWithHeader] |
| 716 | jmp .scanattr |
735 | jmp .scanattr |
| - | 736 | ||
| 717 | .continue: |
737 | .continue: |
| 718 | pushad |
738 | pushad |
| 719 | and [ebp+NTFS.cur_read], 0 |
739 | and [ebp+NTFS.cur_read], 0 |
| 720 | .scandone: |
740 | .scandone: |
| 721 | ; c) Check for required offset and length |
741 | ; c) Check for required offset and length |
| Line 724... | Line 744... | ||
| 724 | push [ebp+NTFS.cur_size] |
744 | push [ebp+NTFS.cur_size] |
| 725 | push [ebp+NTFS.cur_read] |
745 | push [ebp+NTFS.cur_read] |
| 726 | call .doreadattr |
746 | call .doreadattr |
| 727 | pop edx |
747 | pop edx |
| 728 | pop ecx |
748 | pop ecx |
| 729 | jc @f |
749 | jc .ret |
| 730 | cmp [ebp+NTFS.bCanContinue], 0 |
750 | cmp [ebp+NTFS.bCanContinue], 0 |
| 731 | jz @f |
751 | jz .ret |
| 732 | sub edx, [ebp+NTFS.cur_read] |
752 | sub edx, [ebp+NTFS.cur_read] |
| 733 | neg edx |
753 | neg edx |
| 734 | shr edx, 9 |
754 | shr edx, 9 |
| 735 | sub ecx, edx |
755 | sub ecx, edx |
| 736 | mov [ebp+NTFS.cur_size], ecx |
756 | mov [ebp+NTFS.cur_size], ecx |
| 737 | jnz .not_in_cur |
757 | jz .ret |
| 738 | @@: |
- | |
| 739 | popad |
- | |
| 740 | ret |
- | |
| 741 | .noattr: |
758 | .noattr: |
| 742 | .not_in_cur: |
- | |
| 743 | cmp [ebp+NTFS.cur_attr], 0x20 |
759 | cmp [ebp+NTFS.cur_attr], 0x20 |
| 744 | jz @f |
760 | jz @f |
| 745 | mov ecx, [ebp+NTFS.attr_list] |
761 | mov ecx, [ebp+NTFS.attr_list] |
| 746 | test ecx, ecx |
762 | test ecx, ecx |
| 747 | jnz .lookattr |
763 | jnz .lookattr |
| 748 | .ret_is_attr: |
764 | .ret_is_attr: |
| 749 | and dword [esp+28], 0 |
765 | and dword [esp+28], 0 |
| 750 | cmp [ebp+NTFS.attr_offs], 1 ; CF set <=> attr_offs == 0 |
766 | cmp [ebp+NTFS.attr_offs], 1 ; define CF |
| - | 767 | .ret: |
|
| 751 | popad |
768 | popad |
| 752 | ret |
769 | ret |
| - | 770 | ||
| 753 | .lookattr: |
771 | .lookattr: |
| 754 | ; required attribute or required offset was not found in base record; |
772 | ; required attribute or required offset was not found in base record; |
| 755 | ; it may be present in auxiliary records; |
773 | ; it may be present in auxiliary records; |
| 756 | ; scan $ATTR_LIST |
774 | ; scan $ATTR_LIST |
| 757 | mov eax, [ebp+NTFS.attr_iBaseRecord] |
775 | mov eax, [ebp+NTFS.attr_iBaseRecord] |
| Line 802... | Line 820... | ||
| 802 | jz @f |
820 | jz @f |
| 803 | .scanlistcont: |
821 | .scanlistcont: |
| 804 | movzx ecx, word [esi+4] |
822 | movzx ecx, word [esi+4] |
| 805 | add esi, ecx |
823 | add esi, ecx |
| 806 | jmp .scanlist |
824 | jmp .scanlist |
| - | 825 | ||
| 807 | @@: |
826 | @@: |
| 808 | ; ignore named $DATA attributes (aka NTFS streams) |
827 | ; ignore named $DATA attributes (aka NTFS streams) |
| 809 | cmp eax, 0x80 |
828 | cmp eax, 0x80 |
| 810 | jnz @f |
829 | jnz @f |
| 811 | cmp byte [esi+6], 0 |
830 | cmp byte [esi+6], 0 |
| Line 820... | Line 839... | ||
| 820 | cmp eax, -1 |
839 | cmp eax, -1 |
| 821 | jnz .testfz |
840 | jnz .testfz |
| 822 | ; if attribute is in auxiliary records, its size is defined only in first |
841 | ; if attribute is in auxiliary records, its size is defined only in first |
| 823 | mov eax, [esi+10h] |
842 | mov eax, [esi+10h] |
| 824 | call ntfs_read_file_record |
843 | call ntfs_read_file_record |
| 825 | jnc @f |
- | |
| 826 | .errret_pop: |
- | |
| 827 | pop ecx ecx |
- | |
| 828 | jmp .errret |
- | |
| 829 | .errret2_pop: |
- | |
| 830 | xor eax, eax |
- | |
| 831 | jmp .errret_pop |
844 | jc .errret_pop |
| 832 | @@: |
- | |
| 833 | mov eax, [ebp+NTFS.frs_buffer] |
845 | mov eax, [ebp+NTFS.frs_buffer] |
| 834 | movzx ecx, word [eax+14h] |
846 | movzx ecx, word [eax+14h] |
| 835 | add eax, ecx |
847 | add eax, ecx |
| 836 | mov ecx, [ebp+NTFS.cur_attr] |
848 | mov ecx, [ebp+NTFS.cur_attr] |
| 837 | @@: |
849 | @@: |
| Line 840... | Line 852... | ||
| 840 | cmp dword [eax], ecx |
852 | cmp dword [eax], ecx |
| 841 | jz @f |
853 | jz @f |
| 842 | .l1: |
854 | .l1: |
| 843 | add eax, [eax+4] |
855 | add eax, [eax+4] |
| 844 | jmp @b |
856 | jmp @b |
| - | 857 | ||
| 845 | @@: |
858 | @@: |
| 846 | cmp eax, 0x80 |
859 | cmp eax, 0x80 |
| 847 | jnz @f |
860 | jnz @f |
| 848 | cmp byte [eax+9], 0 |
861 | cmp byte [eax+9], 0 |
| 849 | jnz .l1 |
862 | jnz .l1 |
| Line 852... | Line 865... | ||
| 852 | jnz .sdnores |
865 | jnz .sdnores |
| 853 | mov eax, [eax+10h] |
866 | mov eax, [eax+10h] |
| 854 | mov dword [ebp+NTFS.attr_size], eax |
867 | mov dword [ebp+NTFS.attr_size], eax |
| 855 | and dword [ebp+NTFS.attr_size+4], 0 |
868 | and dword [ebp+NTFS.attr_size+4], 0 |
| 856 | jmp .testfz |
869 | jmp .testfz |
| - | 870 | ||
| 857 | .sdnores: |
871 | .sdnores: |
| 858 | mov ecx, [eax+30h] |
872 | mov ecx, [eax+30h] |
| 859 | mov dword [ebp+NTFS.attr_size], ecx |
873 | mov dword [ebp+NTFS.attr_size], ecx |
| 860 | mov ecx, [eax+34h] |
874 | mov ecx, [eax+34h] |
| 861 | mov dword [ebp+NTFS.attr_size+4], ecx |
875 | mov dword [ebp+NTFS.attr_size+4], ecx |
| Line 866... | Line 880... | ||
| 866 | cmp eax, [ebp+NTFS.cur_offs] |
880 | cmp eax, [ebp+NTFS.cur_offs] |
| 867 | pop eax |
881 | pop eax |
| 868 | ja @f |
882 | ja @f |
| 869 | mov edi, [esi+10h] ; keep previous iRecord |
883 | mov edi, [esi+10h] ; keep previous iRecord |
| 870 | jmp .scanlistcont |
884 | jmp .scanlistcont |
| - | 885 | ||
| 871 | @@: |
886 | @@: |
| 872 | pop ecx |
887 | pop ecx |
| 873 | .scanlistfound: |
888 | .scanlistfound: |
| 874 | cmp edi, -1 |
889 | cmp edi, -1 |
| 875 | jnz @f |
890 | jz .ret |
| 876 | popad |
- | |
| 877 | ret |
- | |
| 878 | @@: |
- | |
| 879 | mov eax, [ebp+NTFS.cur_iRecord] |
891 | mov eax, [ebp+NTFS.cur_iRecord] |
| 880 | mov [ebp+NTFS.attr_iBaseRecord], eax |
892 | mov [ebp+NTFS.attr_iBaseRecord], eax |
| 881 | mov eax, edi |
893 | mov eax, edi |
| 882 | jmp .beginfindattr |
894 | jmp .beginfindattr |
| - | 895 | ||
| 883 | .scanlistdone: |
896 | .scanlistdone: |
| 884 | pop ecx |
897 | pop ecx |
| 885 | sub ecx, ebp |
898 | sub ecx, ebp |
| 886 | sub ecx, NTFS.attrlist_buf-1Ah |
899 | sub ecx, NTFS.attrlist_buf-1Ah |
| 887 | cmp [ebp+NTFS.cur_iRecord], 0 |
900 | cmp [ebp+NTFS.cur_iRecord], 0 |
| Line 934... | Line 947... | ||
| 934 | add ecx, NTFS.attrlist_mft_buf-NTFS.attrlist_buf |
947 | add ecx, NTFS.attrlist_mft_buf-NTFS.attrlist_buf |
| 935 | jmp .scanliststart |
948 | jmp .scanliststart |
| Line 936... | Line 949... | ||
| 936 | 949 | ||
| 937 | .doreadattr: |
950 | .doreadattr: |
| 938 | mov [ebp+NTFS.bCanContinue], 0 |
951 | mov [ebp+NTFS.bCanContinue], 0 |
| 939 | cmp byte [ecx+8], 0 |
952 | cmp byte [ecx+nonResidentFlag], 0 |
| 940 | jnz .nonresident |
953 | jnz .nonresident |
| 941 | mov eax, [ecx+10h] ; length |
954 | mov eax, [ecx+sizeWithoutHeader] |
| 942 | mov esi, eax |
955 | mov esi, eax |
| 943 | mov edx, [ebp+NTFS.cur_offs] |
956 | mov edx, [ebp+NTFS.cur_offs] |
| 944 | shr eax, 9 |
957 | shr eax, 9 |
| 945 | cmp eax, edx |
958 | cmp eax, edx |
| 946 | jb .okret |
959 | jb .okret |
| 947 | shl edx, 9 |
960 | shl edx, 9 |
| 948 | sub esi, edx |
961 | sub esi, edx |
| 949 | movzx eax, word [ecx+14h] |
962 | movzx eax, word [ecx+attributeOffset] |
| 950 | add edx, eax |
963 | add edx, eax |
| 951 | add edx, ecx ; edx -> data |
964 | add edx, ecx ; edx -> data |
| 952 | mov eax, [ebp+NTFS.cur_size] |
965 | mov eax, [ebp+NTFS.cur_size] |
| 953 | cmp eax, (0xFFFFFFFF shr 9)+1 |
966 | cmp eax, (0xFFFFFFFF shr 9)+1 |
| Line 965... | Line 978... | ||
| 965 | mov eax, edx |
978 | mov eax, edx |
| 966 | mov ebx, [ebp+NTFS.cur_buf] |
979 | mov ebx, [ebp+NTFS.cur_buf] |
| 967 | call memmove |
980 | call memmove |
| 968 | and [ebp+NTFS.cur_size], 0 ; CF=0 |
981 | and [ebp+NTFS.cur_size], 0 ; CF=0 |
| 969 | ret |
982 | ret |
| - | 983 | ||
| 970 | .nonresident: |
984 | .nonresident: |
| 971 | ; Not all auxiliary records contain correct FileSize info |
985 | ; Not all auxiliary records contain correct FileSize info |
| 972 | mov eax, dword [ebp+NTFS.attr_size] |
986 | mov eax, dword [ebp+NTFS.attr_size] |
| 973 | mov edx, dword [ebp+NTFS.attr_size+4] |
987 | mov edx, dword [ebp+NTFS.attr_size+4] |
| 974 | push eax |
988 | push eax |
| 975 | and eax, edx |
989 | and eax, edx |
| 976 | cmp eax, -1 |
990 | cmp eax, -1 |
| 977 | pop eax |
991 | pop eax |
| 978 | jnz @f |
992 | jnz @f |
| 979 | mov eax, [ecx+30h] ; FileSize |
993 | mov eax, [ecx+attributeRealSize] |
| 980 | mov edx, [ecx+34h] |
994 | mov edx, [ecx+attributeRealSize+4] |
| 981 | mov dword [ebp+NTFS.attr_size], eax |
995 | mov dword [ebp+NTFS.attr_size], eax |
| 982 | mov dword [ebp+NTFS.attr_size+4], edx |
996 | mov dword [ebp+NTFS.attr_size+4], edx |
| 983 | @@: |
997 | @@: |
| 984 | add eax, 0x1FF |
998 | add eax, 0x1FF |
| 985 | adc edx, 0 |
999 | adc edx, 0 |
| Line 989... | Line 1003... | ||
| 989 | ; return with nothing read |
1003 | ; return with nothing read |
| 990 | and [ebp+NTFS.cur_size], 0 |
1004 | and [ebp+NTFS.cur_size], 0 |
| 991 | .okret: |
1005 | .okret: |
| 992 | clc |
1006 | clc |
| 993 | ret |
1007 | ret |
| - | 1008 | ||
| 994 | @@: |
1009 | @@: |
| 995 | ; reduce read length |
1010 | ; reduce read length |
| 996 | and [ebp+NTFS.cur_tail], 0 |
1011 | and [ebp+NTFS.cur_tail], 0 |
| 997 | cmp [ebp+NTFS.cur_size], eax |
1012 | cmp [ebp+NTFS.cur_size], eax |
| 998 | jb @f |
1013 | jb @f |
| Line 1004... | Line 1019... | ||
| 1004 | cmp [ebp+NTFS.cur_size], 0 |
1019 | cmp [ebp+NTFS.cur_size], 0 |
| 1005 | jz .okret |
1020 | jz .okret |
| 1006 | mov eax, [ebp+NTFS.cur_offs] |
1021 | mov eax, [ebp+NTFS.cur_offs] |
| 1007 | xor edx, edx |
1022 | xor edx, edx |
| 1008 | div [ebp+NTFS.sectors_per_cluster] |
1023 | div [ebp+NTFS.sectors_per_cluster] |
| 1009 | sub eax, [ecx+10h] ; first_vbo |
1024 | sub eax, [ecx+firstVCN] |
| 1010 | jb .okret |
1025 | jb .okret |
| 1011 | ; eax = cluster, edx = starting sector |
1026 | ; eax = cluster, edx = starting sector |
| 1012 | cmp [ebp+NTFS.cur_attr], 0x80 |
1027 | cmp [ebp+NTFS.cur_attr], 0x80 |
| 1013 | jnz .sys |
1028 | jnz .sys |
| 1014 | cmp [ebp+NTFS.cur_iRecord], 0 |
1029 | cmp [ebp+NTFS.cur_iRecord], 0 |
| Line 1016... | Line 1031... | ||
| 1016 | push fs_read64_app |
1031 | push fs_read64_app |
| 1017 | cmp [ebp+NTFS.bWriteAttr], 1 |
1032 | cmp [ebp+NTFS.bWriteAttr], 1 |
| 1018 | jnz @f |
1033 | jnz @f |
| 1019 | mov dword[esp], fs_write64_app |
1034 | mov dword[esp], fs_write64_app |
| 1020 | jmp @f |
1035 | jmp @f |
| - | 1036 | ||
| 1021 | .sys: |
1037 | .sys: |
| 1022 | push fs_read64_sys |
1038 | push fs_read64_sys |
| 1023 | @@: |
1039 | @@: |
| 1024 | sub esp, 10h |
1040 | sub esp, 10h |
| 1025 | movzx esi, word [ecx+20h] ; mcb_info_ofs |
1041 | movzx esi, word [ecx+dataRunsOffset] |
| 1026 | add esi, ecx |
1042 | add esi, ecx |
| 1027 | xor edi, edi |
1043 | xor edi, edi |
| 1028 | mov [ebp+NTFS.fragmentCount], 0 |
1044 | mov [ebp+NTFS.fragmentCount], 0 |
| 1029 | .readloop: |
1045 | .readloop: |
| 1030 | call ntfs_decode_mcb_entry |
1046 | call ntfs_decode_mcb_entry |
| Line 1072... | Line 1088... | ||
| 1072 | sub eax, 0x200 |
1088 | sub eax, 0x200 |
| 1073 | add [ebp+NTFS.cur_read], eax |
1089 | add [ebp+NTFS.cur_read], eax |
| 1074 | @@: |
1090 | @@: |
| 1075 | clc |
1091 | clc |
| 1076 | ret |
1092 | ret |
| - | 1093 | ||
| 1077 | .errread2: |
1094 | .errread2: |
| 1078 | pop ecx |
1095 | pop ecx |
| 1079 | add esp, 14h |
1096 | add esp, 14h |
| 1080 | stc |
1097 | stc |
| 1081 | ret |
1098 | ret |
| - | 1099 | ||
| 1082 | .break: |
1100 | .break: |
| 1083 | add esp, 14h ; CF=0 |
1101 | add esp, 14h ; CF=0 |
| 1084 | mov [ebp+NTFS.bCanContinue], 1 |
1102 | mov [ebp+NTFS.bCanContinue], 1 |
| 1085 | ret |
1103 | ret |
| Line 1140... | Line 1158... | ||
| 1140 | pop ebx |
1158 | pop ebx |
| 1141 | jc .errret |
1159 | jc .errret |
| 1142 | .ret: |
1160 | .ret: |
| 1143 | pop edx ecx |
1161 | pop edx ecx |
| 1144 | ret |
1162 | ret |
| - | 1163 | ||
| 1145 | .errret: |
1164 | .errret: |
| 1146 | pop edx ecx |
1165 | pop edx ecx |
| 1147 | xor eax, eax |
1166 | xor eax, eax |
| 1148 | stc |
1167 | stc |
| 1149 | ret |
1168 | ret |
| Line 1156... | Line 1175... | ||
| 1156 | ; eax = size in bytes |
1175 | ; eax = size in bytes |
| 1157 | pushad |
1176 | pushad |
| 1158 | shr eax, 9 |
1177 | shr eax, 9 |
| 1159 | mov ecx, eax |
1178 | mov ecx, eax |
| 1160 | inc eax |
1179 | inc eax |
| 1161 | cmp [ebx+6], ax |
1180 | cmp [ebx+updateSequenceSize], ax |
| 1162 | jnz .err |
1181 | jnz .err |
| 1163 | movzx eax, word [ebx+4] |
1182 | movzx eax, word [ebx+updateSequenceOffset] |
| 1164 | lea esi, [eax+ebx] |
1183 | lea esi, [eax+ebx] |
| 1165 | lodsw |
1184 | lodsw |
| 1166 | mov edx, eax |
1185 | mov edx, eax |
| 1167 | lea edi, [ebx+0x1FE] |
1186 | lea edi, [ebx+0x1FE] |
| 1168 | @@: |
1187 | @@: |
| Line 1173... | Line 1192... | ||
| 1173 | add edi, 0x1FE |
1192 | add edi, 0x1FE |
| 1174 | loop @b |
1193 | loop @b |
| 1175 | popad |
1194 | popad |
| 1176 | clc |
1195 | clc |
| 1177 | ret |
1196 | ret |
| - | 1197 | ||
| 1178 | .err: |
1198 | .err: |
| 1179 | popad |
1199 | popad |
| 1180 | stc |
1200 | stc |
| 1181 | ret |
1201 | ret |
| Line 1243... | Line 1263... | ||
| 1243 | ; in: [esi]+[esp+4] = name |
1263 | ; in: [esi]+[esp+4] = name |
| 1244 | ; out: |
1264 | ; out: |
| 1245 | ; [ebp+NTFS.cur_iRecord] = number of MFT fileRecord |
1265 | ; [ebp+NTFS.cur_iRecord] = number of MFT fileRecord |
| 1246 | ; eax -> index in the parent index node |
1266 | ; eax -> index in the parent index node |
| 1247 | ; CF=1 -> file not found, eax=0 -> error |
1267 | ; CF=1 -> file not found, eax=0 -> error |
| 1248 | mov [ebp+NTFS.cur_iRecord], 5 ; start parse from root cluster |
1268 | mov [ebp+NTFS.cur_iRecord], 5 ; start from root directory |
| 1249 | .doit2: |
1269 | .doit2: |
| 1250 | mov [ebp+NTFS.cur_attr], 0x90 ; $INDEX_ROOT |
1270 | mov [ebp+NTFS.cur_attr], 0x90 ; $INDEX_ROOT |
| 1251 | and [ebp+NTFS.cur_offs], 0 |
1271 | and [ebp+NTFS.cur_offs], 0 |
| 1252 | mov eax, [ebp+NTFS.cur_index_size] |
1272 | mov eax, [ebp+NTFS.cur_index_size] |
| 1253 | mov [ebp+NTFS.cur_size], eax |
1273 | mov [ebp+NTFS.cur_size], eax |
| 1254 | mov eax, [ebp+NTFS.cur_index_buf] |
1274 | mov eax, [ebp+NTFS.cur_index_buf] |
| 1255 | mov [ebp+NTFS.cur_buf], eax |
1275 | mov [ebp+NTFS.cur_buf], eax |
| 1256 | call ntfs_read_attr |
1276 | call ntfs_read_attr |
| 1257 | mov eax, 0 |
1277 | mov eax, 0 |
| 1258 | jnc @f |
1278 | jc .ret |
| 1259 | .ret: |
- | |
| 1260 | ret 4 |
- | |
| 1261 | @@: |
- | |
| 1262 | cmp [ebp+NTFS.cur_read], 0x20 |
1279 | cmp [ebp+NTFS.cur_read], 0x20 |
| 1263 | jc .ret |
1280 | jc .ret |
| 1264 | pushad |
1281 | pushad |
| 1265 | mov esi, [ebp+NTFS.cur_index_buf] |
1282 | mov esi, [ebp+NTFS.cur_index_buf] |
| 1266 | mov eax, [esi+14h] |
- | |
| 1267 | add eax, 10h |
- | |
| 1268 | cmp [ebp+NTFS.cur_read], eax |
- | |
| 1269 | jae .readok1 |
- | |
| 1270 | add eax, 1FFh |
- | |
| 1271 | shr eax, 9 |
- | |
| 1272 | cmp eax, [ebp+NTFS.cur_index_size] |
- | |
| 1273 | ja @f |
- | |
| 1274 | .stc_ret: |
- | |
| 1275 | popad |
- | |
| 1276 | stc |
- | |
| 1277 | ret 4 |
- | |
| 1278 | @@: |
- | |
| 1279 | ; reallocate |
- | |
| 1280 | push eax |
- | |
| 1281 | stdcall kernel_free, [ebp+NTFS.cur_index_buf] |
- | |
| 1282 | pop eax |
- | |
| 1283 | mov [ebp+NTFS.cur_index_size], eax |
- | |
| 1284 | stdcall kernel_alloc, eax |
- | |
| 1285 | test eax, eax |
- | |
| 1286 | jnz @f |
- | |
| 1287 | and [ebp+NTFS.cur_index_size], 0 |
- | |
| 1288 | and [ebp+NTFS.cur_index_buf], 0 |
- | |
| 1289 | jmp .stc_ret |
- | |
| 1290 | @@: |
- | |
| 1291 | mov [ebp+NTFS.cur_index_buf], eax |
- | |
| 1292 | popad |
- | |
| 1293 | jmp .doit2 |
- | |
| 1294 | .readok1: |
- | |
| 1295 | mov edx, [esi+8] ; subnode_size |
1283 | mov edx, [esi+indexRecordSize] |
| 1296 | shr edx, 9 |
1284 | shr edx, 9 |
| 1297 | cmp edx, [ebp+NTFS.cur_index_size] |
1285 | cmp [ebp+NTFS.cur_index_size], edx |
| 1298 | jbe .ok2 |
- | |
| 1299 | push esi edx |
- | |
| 1300 | stdcall kernel_alloc, edx |
- | |
| 1301 | pop edx esi |
- | |
| 1302 | test eax, eax |
- | |
| 1303 | jz .stc_ret |
1286 | jc .realloc |
| 1304 | mov edi, eax |
1287 | add esi, rootNode |
| 1305 | mov ecx, [ebp+NTFS.cur_index_size] |
1288 | mov eax, [esi+nodeRealSize] |
| 1306 | shl ecx, 9-2 |
1289 | add eax, rootNode |
| 1307 | rep movsd |
- | |
| 1308 | mov esi, eax |
- | |
| 1309 | mov [ebp+NTFS.cur_index_size], edx |
1290 | cmp [ebp+NTFS.cur_read], eax |
| 1310 | push esi edx |
- | |
| 1311 | stdcall kernel_free, [ebp+NTFS.cur_index_buf] |
- | |
| 1312 | pop edx esi |
1291 | jc .err |
| 1313 | mov [ebp+NTFS.cur_index_buf], esi |
- | |
| 1314 | .ok2: |
- | |
| 1315 | add esi, 10h |
- | |
| 1316 | mov edi, [esp+4] |
1292 | mov edi, [esp+4] |
| 1317 | ; edi -> name, esi -> current index data, edx = subnode size |
1293 | ; edi -> name, esi -> current index node, edx = subnode size |
| 1318 | .scanloop: |
1294 | .scanloop: |
| 1319 | add esi, [esi] |
1295 | add esi, [esi+indexOffset] |
| 1320 | .scanloopint: |
1296 | .scanloopint: |
| 1321 | test byte [esi+0Ch], 2 |
1297 | test byte [esi+indexFlags], 2 |
| 1322 | jnz .subnode |
1298 | jnz .subnode |
| 1323 | push esi |
1299 | push esi |
| 1324 | add esi, 0x52 |
1300 | movzx ecx, byte [esi+fileNameLength] |
| 1325 | movzx ecx, byte [esi-2] |
1301 | add esi, fileName |
| 1326 | push edi |
1302 | push edi |
| 1327 | @@: |
1303 | @@: |
| 1328 | lodsw |
1304 | lodsw |
| 1329 | call unichar_toupper |
1305 | call unichar_toupper |
| 1330 | push eax |
1306 | push eax |
| Line 1340... | Line 1316... | ||
| 1340 | jz .found |
1316 | jz .found |
| 1341 | pop edi |
1317 | pop edi |
| 1342 | pop esi |
1318 | pop esi |
| 1343 | jb .subnode |
1319 | jb .subnode |
| 1344 | .scanloopcont: |
1320 | .scanloopcont: |
| 1345 | movzx eax, word [esi+8] |
1321 | movzx eax, word [esi+indexAllocatedSize] |
| 1346 | add esi, eax |
1322 | add esi, eax |
| 1347 | jmp .scanloopint |
1323 | jmp .scanloopint |
| - | 1324 | ||
| - | 1325 | .realloc: |
|
| - | 1326 | mov edi, edx |
|
| - | 1327 | stdcall kernel_alloc, [esi+indexRecordSize] |
|
| - | 1328 | test eax, eax |
|
| - | 1329 | jz .err |
|
| - | 1330 | push [ebp+NTFS.cur_index_buf] |
|
| - | 1331 | mov [ebp+NTFS.cur_index_buf], eax |
|
| - | 1332 | call kernel_free |
|
| - | 1333 | mov [ebp+NTFS.cur_index_size], edi |
|
| - | 1334 | popad |
|
| - | 1335 | jmp .doit2 |
|
| - | 1336 | ||
| - | 1337 | .notfound: |
|
| - | 1338 | mov [esp+1Ch], esi |
|
| - | 1339 | .err: |
|
| - | 1340 | popad |
|
| - | 1341 | stc |
|
| - | 1342 | .ret: |
|
| - | 1343 | ret 4 |
|
| - | 1344 | ||
| 1348 | .slash: |
1345 | .slash: |
| 1349 | pop eax |
1346 | pop eax |
| 1350 | pop edi |
1347 | pop edi |
| 1351 | pop esi |
1348 | pop esi |
| 1352 | .subnode: |
1349 | .subnode: |
| 1353 | test byte [esi+0Ch], 1 |
1350 | test byte [esi+indexFlags], 1 |
| 1354 | jz .notfound |
1351 | jz .notfound |
| 1355 | movzx eax, word [esi+8] |
1352 | movzx eax, word [esi+indexAllocatedSize] |
| 1356 | mov eax, [esi+eax-8] |
1353 | mov eax, [esi+eax-8] |
| 1357 | imul eax, [ebp+NTFS.sectors_per_cluster] |
1354 | imul eax, [ebp+NTFS.sectors_per_cluster] |
| 1358 | mov [ebp+NTFS.cur_offs], eax |
1355 | mov [ebp+NTFS.cur_offs], eax |
| 1359 | mov [ebp+NTFS.cur_attr], 0xA0 ; $INDEX_ALLOCATION |
1356 | mov [ebp+NTFS.cur_attr], 0xA0 ; $INDEX_ALLOCATION |
| 1360 | mov [ebp+NTFS.cur_size], edx |
1357 | mov [ebp+NTFS.cur_size], edx |
| 1361 | mov eax, [ebp+NTFS.cur_index_buf] |
1358 | mov eax, [ebp+NTFS.cur_index_buf] |
| 1362 | mov esi, eax |
1359 | mov esi, eax |
| 1363 | mov [ebp+NTFS.cur_buf], eax |
1360 | mov [ebp+NTFS.cur_buf], eax |
| 1364 | push edx |
- | |
| 1365 | call ntfs_read_attr |
1361 | call ntfs_read_attr.newAttribute |
| 1366 | pop edx |
- | |
| 1367 | mov eax, edx |
1362 | mov eax, edx |
| 1368 | shl eax, 9 |
1363 | shl eax, 9 |
| 1369 | cmp [ebp+NTFS.cur_read], eax |
1364 | cmp [ebp+NTFS.cur_read], eax |
| 1370 | jnz .err |
1365 | jnz .err |
| 1371 | cmp dword [esi], 'INDX' |
1366 | cmp dword [esi], 'INDX' |
| 1372 | jnz .err |
1367 | jnz .err |
| 1373 | mov [ebp+NTFS.cur_buf], esi |
1368 | mov [ebp+NTFS.cur_buf], esi |
| 1374 | mov ebx, esi |
1369 | mov ebx, esi |
| 1375 | call ntfs_restore_usa |
1370 | call ntfs_restore_usa |
| 1376 | jc .err |
1371 | jc .err |
| 1377 | add esi, 0x18 |
1372 | add esi, recordNode |
| 1378 | jmp .scanloop |
1373 | jmp .scanloop |
| 1379 | .notfound: |
- | |
| 1380 | mov [esp+1Ch], esi |
- | |
| 1381 | .err: |
1374 | |
| 1382 | popad |
- | |
| 1383 | stc |
- | |
| 1384 | ret 4 |
- | |
| 1385 | .found: |
1375 | .found: |
| 1386 | cmp byte [edi], 0 |
1376 | cmp byte [edi], 0 |
| 1387 | jz .done |
1377 | jz .done |
| 1388 | cmp byte [edi], '/' |
1378 | cmp byte [edi], '/' |
| 1389 | jz .next |
1379 | jz .next |
| 1390 | pop edi |
1380 | pop edi |
| 1391 | pop esi |
1381 | pop esi |
| 1392 | jmp .scanloopcont |
1382 | jmp .scanloopcont |
| - | 1383 | ||
| 1393 | .done: |
1384 | .done: |
| 1394 | .next: |
1385 | .next: |
| 1395 | pop esi |
1386 | pop esi |
| 1396 | pop esi |
1387 | pop esi |
| 1397 | mov eax, [esi] |
1388 | mov eax, [esi] |
| Line 1401... | Line 1392... | ||
| 1401 | popad |
1392 | popad |
| 1402 | inc esi |
1393 | inc esi |
| 1403 | cmp byte [esi-1], 0 |
1394 | cmp byte [esi-1], 0 |
| 1404 | jnz .doit2 |
1395 | jnz .doit2 |
| 1405 | cmp dword [esp+4], 0 |
1396 | cmp dword [esp+4], 0 |
| 1406 | jz @f |
1397 | jz .ret |
| 1407 | mov esi, [esp+4] |
1398 | mov esi, [esp+4] |
| 1408 | mov dword [esp+4], 0 |
1399 | mov dword [esp+4], 0 |
| 1409 | jmp .doit2 |
1400 | jmp .doit2 |
| 1410 | @@: |
- | |
| 1411 | ret 4 |
- | |
| Line 1412... | Line 1401... | ||
| 1412 | 1401 | ||
| 1413 | ;---------------------------------------------------------------- |
1402 | ;---------------------------------------------------------------- |
| 1414 | ntfs_ReadFile: |
1403 | ntfs_ReadFile: |
| 1415 | cmp byte [esi], 0 |
1404 | cmp byte [esi], 0 |
| 1416 | jnz @f |
1405 | jnz @f |
| 1417 | or ebx, -1 |
1406 | or ebx, -1 |
| 1418 | movi eax, ERROR_ACCESS_DENIED |
1407 | movi eax, ERROR_ACCESS_DENIED |
| - | 1408 | ret |
|
| 1419 | ret |
1409 | |
| 1420 | @@: |
1410 | @@: |
| 1421 | call ntfs_lock |
1411 | call ntfs_lock |
| 1422 | stdcall ntfs_find_lfn, [esp+4] |
1412 | stdcall ntfs_find_lfn, [esp+4] |
| 1423 | jnc .found |
1413 | jnc .found |
| 1424 | call ntfs_unlock |
1414 | call ntfs_unlock |
| 1425 | or ebx, -1 |
1415 | or ebx, -1 |
| 1426 | movi eax, ERROR_FILE_NOT_FOUND |
1416 | movi eax, ERROR_FILE_NOT_FOUND |
| - | 1417 | ret |
|
| 1427 | ret |
1418 | |
| 1428 | .found: |
1419 | .found: |
| 1429 | mov [ebp+NTFS.cur_attr], 0x80 ; $DATA |
1420 | mov [ebp+NTFS.cur_attr], 0x80 ; $DATA |
| 1430 | and [ebp+NTFS.cur_offs], 0 |
1421 | and [ebp+NTFS.cur_offs], 0 |
| 1431 | and [ebp+NTFS.cur_size], 0 |
1422 | and [ebp+NTFS.cur_size], 0 |
| 1432 | call ntfs_read_attr |
1423 | call ntfs_read_attr |
| 1433 | jnc @f |
1424 | jnc @f |
| 1434 | call ntfs_unlock |
1425 | call ntfs_unlock |
| 1435 | or ebx, -1 |
1426 | or ebx, -1 |
| 1436 | movi eax, ERROR_ACCESS_DENIED |
1427 | movi eax, ERROR_ACCESS_DENIED |
| - | 1428 | ret |
|
| 1437 | ret |
1429 | |
| 1438 | @@: |
1430 | @@: |
| 1439 | pushad |
1431 | pushad |
| 1440 | and dword [esp+10h], 0 |
1432 | and dword [esp+10h], 0 |
| 1441 | xor eax, eax |
1433 | xor eax, eax |
| 1442 | cmp dword [ebx+8], 0x200 |
1434 | cmp dword [ebx+8], 0x200 |
| 1443 | jb @f |
1435 | jb @f |
| 1444 | .eof0: |
1436 | .eof0: |
| 1445 | popad |
1437 | popad |
| 1446 | xor ebx, ebx |
1438 | xor ebx, ebx |
| 1447 | .eof: |
- | |
| 1448 | push ERROR_END_OF_FILE |
1439 | .eof: |
| 1449 | call ntfs_unlock |
1440 | call ntfs_unlock |
| 1450 | pop eax |
1441 | movi eax, ERROR_END_OF_FILE |
| - | 1442 | ret |
|
| 1451 | ret |
1443 | |
| 1452 | @@: |
1444 | @@: |
| 1453 | mov ecx, [ebx+12] |
1445 | mov ecx, [ebx+12] |
| 1454 | mov edx, [ebx+16] |
1446 | mov edx, [ebx+16] |
| 1455 | mov eax, [ebx+4] |
1447 | mov eax, [ebx+4] |
| Line 1485... | Line 1477... | ||
| 1485 | .retok: |
1477 | .retok: |
| 1486 | popad |
1478 | popad |
| 1487 | call ntfs_unlock |
1479 | call ntfs_unlock |
| 1488 | xor eax, eax |
1480 | xor eax, eax |
| 1489 | ret |
1481 | ret |
| - | 1482 | ||
| 1490 | @@: |
1483 | @@: |
| 1491 | cmp [ebp+NTFS.cur_read], 0x200 |
1484 | cmp [ebp+NTFS.cur_read], 0x200 |
| 1492 | jz .alignedstart |
1485 | jz .alignedstart |
| 1493 | .eof_ebx: |
1486 | .eof_ebx: |
| 1494 | popad |
1487 | popad |
| 1495 | jmp .eof |
1488 | jmp .eof |
| - | 1489 | ||
| 1496 | .alignedstart: |
1490 | .alignedstart: |
| 1497 | mov eax, [ebx+4] |
1491 | mov eax, [ebx+4] |
| 1498 | push edx |
1492 | push edx |
| 1499 | mov edx, [ebx+8] |
1493 | mov edx, [ebx+8] |
| 1500 | add eax, 511 |
1494 | add eax, 511 |
| Line 1545... | Line 1539... | ||
| 1545 | ret |
1539 | ret |
| Line 1546... | Line 1540... | ||
| 1546 | 1540 | ||
| 1547 | ;---------------------------------------------------------------- |
1541 | ;---------------------------------------------------------------- |
| 1548 | ntfs_ReadFolder: |
1542 | ntfs_ReadFolder: |
| 1549 | call ntfs_lock |
1543 | call ntfs_lock |
| 1550 | mov eax, 5 ; root cluster |
1544 | mov [ebp+NTFS.cur_iRecord], 5 ; root directory |
| 1551 | cmp byte [esi], 0 |
1545 | cmp byte [esi], 0 |
| 1552 | jz .doit |
1546 | jz @f |
| 1553 | stdcall ntfs_find_lfn, [esp+4] |
- | |
| 1554 | jnc .doit2 |
- | |
| 1555 | .notfound: |
- | |
| 1556 | or ebx, -1 |
- | |
| 1557 | push ERROR_FILE_NOT_FOUND |
- | |
| 1558 | .pop_ret: |
1547 | stdcall ntfs_find_lfn, [esp+4] |
| 1559 | call ntfs_unlock |
- | |
| 1560 | pop eax |
- | |
| 1561 | ret |
1548 | jc ntfsNotFound |
| 1562 | .doit: |
- | |
| 1563 | mov [ebp+NTFS.cur_iRecord], eax |
- | |
| 1564 | .doit2: |
1549 | @@: |
| 1565 | mov [ebp+NTFS.cur_attr], 0x10 ; $STANDARD_INFORMATION |
1550 | mov [ebp+NTFS.cur_attr], 0x10 ; $STANDARD_INFORMATION |
| 1566 | and [ebp+NTFS.cur_offs], 0 |
1551 | and [ebp+NTFS.cur_offs], 0 |
| 1567 | mov [ebp+NTFS.cur_size], 1 |
1552 | mov [ebp+NTFS.cur_size], 1 |
| 1568 | lea eax, [ebp+NTFS.bitmap_buf] |
1553 | lea eax, [ebp+NTFS.bitmap_buf] |
| 1569 | mov [ebp+NTFS.cur_buf], eax |
1554 | mov [ebp+NTFS.cur_buf], eax |
| 1570 | call ntfs_read_attr |
1555 | call ntfs_read_attr |
| 1571 | jc .notfound |
1556 | jc ntfsFail |
| 1572 | mov [ebp+NTFS.cur_attr], 0x90 ; $INDEX_ROOT |
1557 | mov [ebp+NTFS.cur_attr], 0x90 ; $INDEX_ROOT |
| 1573 | and [ebp+NTFS.cur_offs], 0 |
1558 | .doit: |
| 1574 | mov eax, [ebp+NTFS.cur_index_size] |
1559 | mov eax, [ebp+NTFS.cur_index_size] |
| 1575 | mov [ebp+NTFS.cur_size], eax |
1560 | mov [ebp+NTFS.cur_size], eax |
| 1576 | mov eax, [ebp+NTFS.cur_index_buf] |
1561 | mov eax, [ebp+NTFS.cur_index_buf] |
| 1577 | mov [ebp+NTFS.cur_buf], eax |
1562 | mov [ebp+NTFS.cur_buf], eax |
| 1578 | call ntfs_read_attr |
- | |
| 1579 | jnc .ok |
- | |
| 1580 | test eax, eax |
1563 | call ntfs_read_attr.newAttribute |
| 1581 | jz .notfound |
- | |
| 1582 | or ebx, -1 |
- | |
| 1583 | push ERROR_DEVICE |
- | |
| 1584 | jmp .pop_ret |
- | |
| 1585 | .ok: |
1564 | jc ntfsFail |
| 1586 | cmp [ebp+NTFS.cur_read], 0x20 |
- | |
| 1587 | jae @f |
- | |
| 1588 | or ebx, -1 |
- | |
| 1589 | .fserr: |
- | |
| 1590 | push ERROR_FAT_TABLE |
1565 | cmp [ebp+NTFS.cur_read], 0x20 |
| 1591 | jmp .pop_ret |
- | |
| 1592 | @@: |
1566 | jc ntfsFail |
| 1593 | pushad |
1567 | pushad |
| 1594 | mov esi, [ebp+NTFS.cur_index_buf] |
- | |
| 1595 | mov eax, [esi+14h] |
- | |
| 1596 | add eax, 10h |
- | |
| 1597 | cmp [ebp+NTFS.cur_read], eax |
- | |
| 1598 | jae .readok1 |
- | |
| 1599 | add eax, 1FFh |
- | |
| 1600 | shr eax, 9 |
- | |
| 1601 | cmp eax, [ebp+NTFS.cur_index_size] |
- | |
| 1602 | ja @f |
- | |
| 1603 | popad |
- | |
| 1604 | jmp .fserr |
- | |
| 1605 | @@: |
- | |
| 1606 | ; reallocate |
- | |
| 1607 | push eax |
- | |
| 1608 | stdcall kernel_free, [ebp+NTFS.cur_index_buf] |
- | |
| 1609 | pop eax |
- | |
| 1610 | mov [ebp+NTFS.cur_index_size], eax |
- | |
| 1611 | stdcall kernel_alloc, eax |
- | |
| 1612 | test eax, eax |
- | |
| 1613 | jnz @f |
- | |
| 1614 | and [ebp+NTFS.cur_index_size], 0 |
- | |
| 1615 | and [ebp+NTFS.cur_index_buf], 0 |
- | |
| 1616 | .nomem: |
- | |
| 1617 | call ntfs_unlock |
- | |
| 1618 | popad |
- | |
| 1619 | or ebx, -1 |
- | |
| 1620 | movi eax, ERROR_OUT_OF_MEMORY |
- | |
| 1621 | ret |
- | |
| 1622 | @@: |
- | |
| 1623 | mov [ebp+NTFS.cur_index_buf], eax |
- | |
| 1624 | popad |
- | |
| 1625 | jmp .doit2 |
- | |
| 1626 | .readok1: |
1568 | mov esi, [ebp+NTFS.cur_index_buf] |
| 1627 | mov edx, [esi+8] ; subnode_size |
1569 | mov edx, [esi+indexRecordSize] |
| - | 1570 | shr edx, 9 |
|
| - | 1571 | cmp [ebp+NTFS.cur_index_size], edx |
|
| 1628 | shr edx, 9 |
1572 | jc .realloc |
| 1629 | mov [ebp+NTFS.cur_subnode_size], edx |
- | |
| 1630 | cmp edx, [ebp+NTFS.cur_index_size] |
- | |
| 1631 | jbe .ok2 |
- | |
| 1632 | push esi edx |
- | |
| 1633 | stdcall kernel_alloc, edx |
- | |
| 1634 | pop edx esi |
- | |
| 1635 | test eax, eax |
- | |
| 1636 | jz .nomem |
1573 | mov [ebp+NTFS.cur_subnode_size], edx |
| 1637 | mov edi, eax |
1574 | add esi, rootNode |
| 1638 | mov ecx, [ebp+NTFS.cur_index_size] |
1575 | mov eax, [esi+nodeRealSize] |
| 1639 | shl ecx, 9-2 |
- | |
| 1640 | rep movsd |
- | |
| 1641 | mov esi, eax |
1576 | add eax, rootNode |
| 1642 | mov [ebp+NTFS.cur_index_size], edx |
- | |
| 1643 | stdcall kernel_free, [ebp+NTFS.cur_index_buf] |
- | |
| 1644 | mov [ebp+NTFS.cur_index_buf], esi |
- | |
| 1645 | .ok2: |
1577 | cmp [ebp+NTFS.cur_read], eax |
| 1646 | add esi, 10h |
1578 | jc .err |
| 1647 | mov edx, [ebx+16] |
1579 | mov edx, [ebx+16] |
| 1648 | push dword [ebx+8] ; read ANSI/UNICODE name |
1580 | push dword [ebx+8] ; read ANSI/UNICODE name |
| 1649 | ; init header |
1581 | ; init header |
| 1650 | mov edi, edx |
1582 | mov edi, edx |
| Line 1668... | Line 1600... | ||
| 1668 | inc esi |
1600 | inc esi |
| 1669 | call .add_special_entry |
1601 | call .add_special_entry |
| 1670 | pop esi |
1602 | pop esi |
| 1671 | .skip_specials: |
1603 | .skip_specials: |
| 1672 | ; at first, dump index root |
1604 | ; at first, dump index root |
| 1673 | add esi, [esi] |
1605 | add esi, [esi+indexOffset] |
| 1674 | .dump_root: |
1606 | .dump_root: |
| 1675 | test byte [esi+0Ch], 2 |
1607 | test byte [esi+indexFlags], 2 |
| 1676 | jnz .dump_root_done |
1608 | jnz .dump_root_done |
| 1677 | call .add_entry |
1609 | call .add_entry |
| 1678 | movzx eax, word [esi+8] |
1610 | movzx eax, word [esi+indexAllocatedSize] |
| 1679 | add esi, eax |
1611 | add esi, eax |
| 1680 | jmp .dump_root |
1612 | jmp .dump_root |
| - | 1613 | ||
| - | 1614 | .realloc: |
|
| - | 1615 | mov edi, edx |
|
| - | 1616 | stdcall kernel_alloc, [esi+indexRecordSize] |
|
| - | 1617 | test eax, eax |
|
| - | 1618 | jz .err |
|
| - | 1619 | push [ebp+NTFS.cur_index_buf] |
|
| - | 1620 | mov [ebp+NTFS.cur_index_buf], eax |
|
| - | 1621 | call kernel_free |
|
| - | 1622 | mov [ebp+NTFS.cur_index_size], edi |
|
| - | 1623 | popad |
|
| - | 1624 | jmp .doit |
|
| - | 1625 | ||
| - | 1626 | .err: |
|
| - | 1627 | popad |
|
| - | 1628 | jmp ntfsFail |
|
| - | 1629 | ||
| 1681 | .dump_root_done: |
1630 | .dump_root_done: |
| 1682 | ; now dump all subnodes |
1631 | ; now dump all subnodes |
| 1683 | push ecx edi |
1632 | push ecx edi |
| 1684 | lea edi, [ebp+NTFS.bitmap_buf] |
1633 | lea edi, [ebp+NTFS.bitmap_buf] |
| 1685 | mov [ebp+NTFS.cur_buf], edi |
1634 | mov [ebp+NTFS.cur_buf], edi |
| Line 1687... | Line 1636... | ||
| 1687 | xor eax, eax |
1636 | xor eax, eax |
| 1688 | rep stosd |
1637 | rep stosd |
| 1689 | mov [ebp+NTFS.cur_attr], 0xB0 ; $BITMAP |
1638 | mov [ebp+NTFS.cur_attr], 0xB0 ; $BITMAP |
| 1690 | and [ebp+NTFS.cur_offs], 0 |
1639 | and [ebp+NTFS.cur_offs], 0 |
| 1691 | mov [ebp+NTFS.cur_size], 2 |
1640 | mov [ebp+NTFS.cur_size], 2 |
| 1692 | call ntfs_read_attr |
1641 | call ntfs_read_attr.newAttribute |
| 1693 | pop edi ecx |
1642 | pop edi ecx |
| 1694 | push 0 ; save offset in $BITMAP attribute |
1643 | push 0 ; save offset in $BITMAP attribute |
| 1695 | and [ebp+NTFS.cur_offs], 0 |
1644 | and [ebp+NTFS.cur_offs], 0 |
| 1696 | .dumploop: |
1645 | .dumploop: |
| 1697 | mov [ebp+NTFS.cur_attr], 0xA0 |
1646 | mov [ebp+NTFS.cur_attr], 0xA0 |
| 1698 | mov eax, [ebp+NTFS.cur_subnode_size] |
1647 | mov eax, [ebp+NTFS.cur_subnode_size] |
| 1699 | mov [ebp+NTFS.cur_size], eax |
1648 | mov [ebp+NTFS.cur_size], eax |
| 1700 | mov eax, [ebp+NTFS.cur_index_buf] |
1649 | mov esi, [ebp+NTFS.cur_index_buf] |
| 1701 | mov esi, eax |
- | |
| 1702 | mov [ebp+NTFS.cur_buf], eax |
1650 | mov [ebp+NTFS.cur_buf], esi |
| 1703 | push [ebp+NTFS.cur_offs] |
- | |
| 1704 | mov eax, [ebp+NTFS.cur_offs] |
1651 | mov eax, [ebp+NTFS.cur_offs] |
| - | 1652 | push eax |
|
| 1705 | imul eax, [ebp+NTFS.cur_subnode_size] |
1653 | imul eax, [ebp+NTFS.cur_subnode_size] |
| 1706 | mov [ebp+NTFS.cur_offs], eax |
1654 | mov [ebp+NTFS.cur_offs], eax |
| 1707 | call ntfs_read_attr |
1655 | call ntfs_read_attr.newAttribute |
| 1708 | pop [ebp+NTFS.cur_offs] |
1656 | pop [ebp+NTFS.cur_offs] |
| 1709 | mov eax, [ebp+NTFS.cur_subnode_size] |
1657 | mov eax, [ebp+NTFS.cur_subnode_size] |
| 1710 | shl eax, 9 |
1658 | shl eax, 9 |
| 1711 | cmp [ebp+NTFS.cur_read], eax |
1659 | cmp [ebp+NTFS.cur_read], eax |
| 1712 | jnz .done |
1660 | jnz .done |
| Line 1721... | Line 1669... | ||
| 1721 | push ebx |
1669 | push ebx |
| 1722 | mov ebx, esi |
1670 | mov ebx, esi |
| 1723 | call ntfs_restore_usa |
1671 | call ntfs_restore_usa |
| 1724 | pop ebx |
1672 | pop ebx |
| 1725 | jc .dump_subnode_done |
1673 | jc .dump_subnode_done |
| 1726 | add esi, 0x18 |
1674 | add esi, recordNode |
| 1727 | add esi, [esi] |
1675 | add esi, [esi+indexOffset] |
| 1728 | .dump_subnode: |
1676 | .dump_subnode: |
| 1729 | test byte [esi+0Ch], 2 |
1677 | test byte [esi+indexFlags], 2 |
| 1730 | jnz .dump_subnode_done |
1678 | jnz .dump_subnode_done |
| 1731 | call .add_entry |
1679 | call .add_entry |
| 1732 | movzx eax, word [esi+8] |
1680 | movzx eax, word [esi+indexAllocatedSize] |
| 1733 | add esi, eax |
1681 | add esi, eax |
| 1734 | jmp .dump_subnode |
1682 | jmp .dump_subnode |
| - | 1683 | ||
| 1735 | .dump_subnode_done: |
1684 | .dump_subnode_done: |
| 1736 | inc [ebp+NTFS.cur_offs] |
1685 | inc [ebp+NTFS.cur_offs] |
| 1737 | test [ebp+NTFS.cur_offs], 0x400*8-1 |
1686 | test [ebp+NTFS.cur_offs], 0x400*8-1 |
| 1738 | jnz .dumploop |
1687 | jnz .dumploop |
| 1739 | mov [ebp+NTFS.cur_attr], 0xB0 |
1688 | mov [ebp+NTFS.cur_attr], 0xB0 |
| Line 1748... | Line 1697... | ||
| 1748 | push [ebp+NTFS.cur_offs] |
1697 | push [ebp+NTFS.cur_offs] |
| 1749 | inc eax |
1698 | inc eax |
| 1750 | mov [ebp+NTFS.cur_offs], eax |
1699 | mov [ebp+NTFS.cur_offs], eax |
| 1751 | mov [ebp+NTFS.cur_size], 2 |
1700 | mov [ebp+NTFS.cur_size], 2 |
| 1752 | push eax |
1701 | push eax |
| 1753 | call ntfs_read_attr |
1702 | call ntfs_read_attr.newAttribute |
| 1754 | pop eax |
1703 | pop eax |
| 1755 | pop [ebp+NTFS.cur_offs] |
1704 | pop [ebp+NTFS.cur_offs] |
| 1756 | push eax |
1705 | push eax |
| 1757 | jmp .dumploop |
1706 | jmp .dumploop |
| - | 1707 | ||
| 1758 | .done: |
1708 | .done: |
| 1759 | pop eax |
1709 | pop eax |
| 1760 | pop edx |
1710 | pop edx |
| 1761 | mov ebx, [edx+4] |
1711 | mov ebx, [edx+4] |
| 1762 | pop edx |
1712 | pop edx |
| Line 1779... | Line 1729... | ||
| 1779 | dec ecx |
1729 | dec ecx |
| 1780 | js .ret |
1730 | js .ret |
| 1781 | inc dword [eax+4] ; new file block copied |
1731 | inc dword [eax+4] ; new file block copied |
| 1782 | mov eax, [edx+4] |
1732 | mov eax, [edx+4] |
| 1783 | mov [edi+4], eax |
1733 | mov [edi+4], eax |
| 1784 | ; mov eax, dword [bitmap_buf+0x20] |
- | |
| 1785 | ; or al, 0x10 |
- | |
| 1786 | mov eax, 0x10 |
1734 | mov eax, 0x10 |
| 1787 | stosd |
1735 | stosd |
| 1788 | scasd |
1736 | scasd |
| 1789 | push edx |
1737 | push edx |
| 1790 | mov eax, dword [ebp+NTFS.bitmap_buf] |
1738 | mov eax, dword [ebp+NTFS.bitmap_buf] |
| Line 1810... | Line 1758... | ||
| 1810 | xor eax, eax |
1758 | xor eax, eax |
| 1811 | stosw |
1759 | stosw |
| 1812 | pop edi |
1760 | pop edi |
| 1813 | add edi, 520 |
1761 | add edi, 520 |
| 1814 | ret |
1762 | ret |
| - | 1763 | ||
| 1815 | @@: |
1764 | @@: |
| 1816 | rep stosb |
1765 | rep stosb |
| 1817 | pop ecx |
1766 | pop ecx |
| 1818 | xor eax, eax |
1767 | xor eax, eax |
| 1819 | stosb |
1768 | stosb |
| Line 1822... | Line 1771... | ||
| 1822 | .ret: |
1771 | .ret: |
| 1823 | ret |
1772 | ret |
| Line 1824... | Line 1773... | ||
| 1824 | 1773 | ||
| 1825 | .add_entry: |
1774 | .add_entry: |
| 1826 | ; do not return DOS 8.3 names |
1775 | ; do not return DOS 8.3 names |
| 1827 | cmp byte [esi+0x51], 2 |
1776 | cmp byte [esi+namespace], 2 |
| 1828 | jz .ret |
1777 | jz .ret |
| 1829 | ; do not return system files |
1778 | ; do not return system files |
| 1830 | ; ... note that there will be no bad effects if system files also were reported ... |
1779 | ; ... note that there will be no bad effects if system files also were reported ... |
| 1831 | cmp dword [esi], 0x10 |
1780 | cmp dword [esi+fileRecordReference], 0x10 |
| 1832 | jb .ret |
1781 | jb .ret |
| 1833 | mov eax, [edx] |
1782 | mov eax, [edx] |
| 1834 | inc dword [eax+8] ; new file found |
1783 | inc dword [eax+8] ; new file found |
| 1835 | dec ebx |
1784 | dec ebx |
| Line 1838... | Line 1787... | ||
| 1838 | js .ret |
1787 | js .ret |
| 1839 | inc dword [eax+4] ; new file block copied |
1788 | inc dword [eax+4] ; new file block copied |
| 1840 | mov eax, [edx+4] ; flags |
1789 | mov eax, [edx+4] ; flags |
| 1841 | call ntfs_direntry_to_bdfe |
1790 | call ntfs_direntry_to_bdfe |
| 1842 | push ecx esi edi |
1791 | push ecx esi edi |
| 1843 | movzx ecx, byte [esi+0x50] |
1792 | movzx ecx, byte [esi+fileNameLength] |
| 1844 | add esi, 0x52 |
1793 | add esi, fileName |
| 1845 | test byte [edi-0x24], 1 |
1794 | test byte [edi-0x24], 1 |
| 1846 | jz .ansi |
1795 | jz .ansi |
| 1847 | shr ecx, 1 |
1796 | shr ecx, 1 |
| 1848 | rep movsd |
1797 | rep movsd |
| 1849 | adc ecx, ecx |
1798 | adc ecx, ecx |
| Line 1851... | Line 1800... | ||
| 1851 | and word [edi], 0 |
1800 | and word [edi], 0 |
| 1852 | pop edi |
1801 | pop edi |
| 1853 | add edi, 520 |
1802 | add edi, 520 |
| 1854 | pop esi ecx |
1803 | pop esi ecx |
| 1855 | ret |
1804 | ret |
| - | 1805 | ||
| 1856 | .ansi: |
1806 | .ansi: |
| 1857 | jecxz .skip |
1807 | jecxz .skip |
| 1858 | @@: |
1808 | @@: |
| 1859 | lodsw |
1809 | lodsw |
| 1860 | call uni2ansi_char |
1810 | call uni2ansi_char |
| Line 1868... | Line 1818... | ||
| 1868 | pop esi ecx |
1818 | pop esi ecx |
| 1869 | ret |
1819 | ret |
| Line 1870... | Line 1820... | ||
| 1870 | 1820 | ||
| 1871 | ntfs_direntry_to_bdfe: |
1821 | ntfs_direntry_to_bdfe: |
| 1872 | mov [edi+4], eax ; ANSI/UNICODE name |
1822 | mov [edi+4], eax ; ANSI/UNICODE name |
| 1873 | mov eax, [esi+48h] |
1823 | mov eax, [esi+fileFlags] |
| 1874 | test eax, 0x10000000 |
1824 | test eax, 0x10000000 |
| 1875 | jz @f |
1825 | jz @f |
| 1876 | and eax, not 0x10000000 |
1826 | and eax, not 0x10000000 |
| 1877 | or al, 0x10 |
1827 | or al, 0x10 |
| 1878 | @@: |
1828 | @@: |
| 1879 | stosd |
1829 | stosd |
| 1880 | scasd |
1830 | scasd |
| 1881 | push edx |
1831 | push edx |
| 1882 | mov eax, [esi+0x18] |
1832 | mov eax, [esi+fileCreated] |
| 1883 | mov edx, [esi+0x1C] |
1833 | mov edx, [esi+fileCreated+4] |
| 1884 | call ntfs_datetime_to_bdfe |
1834 | call ntfs_datetime_to_bdfe |
| 1885 | mov eax, [esi+0x30] |
1835 | mov eax, [esi+fileAccessed] |
| 1886 | mov edx, [esi+0x34] |
1836 | mov edx, [esi+fileAccessed+4] |
| 1887 | call ntfs_datetime_to_bdfe |
1837 | call ntfs_datetime_to_bdfe |
| 1888 | mov eax, [esi+0x20] |
1838 | mov eax, [esi+fileModified] |
| 1889 | mov edx, [esi+0x24] |
1839 | mov edx, [esi+fileModified+4] |
| 1890 | call ntfs_datetime_to_bdfe |
1840 | call ntfs_datetime_to_bdfe |
| 1891 | pop edx |
1841 | pop edx |
| 1892 | mov eax, [esi+0x40] |
1842 | mov eax, [esi+fileRealSize] |
| 1893 | stosd |
1843 | stosd |
| 1894 | mov eax, [esi+0x44] |
1844 | mov eax, [esi+fileRealSize+4] |
| 1895 | stosd |
1845 | stosd |
| Line 1896... | Line 1846... | ||
| 1896 | ret |
1846 | ret |
| 1897 | - | ||
| 1898 | iglobal |
- | |
| 1899 | _24 dd 24 |
- | |
| 1900 | _60 dd 60 |
- | |
| 1901 | _10000000 dd 10000000 |
- | |
| 1902 | days400year dd 365*400+100-4+1 |
- | |
| 1903 | days100year dd 365*100+25-1 |
- | |
| 1904 | days4year dd 365*4+1 |
1847 | |
| 1905 | days1year dd 365 |
1848 | iglobal |
| 1906 | months dd 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 |
- | |
| 1907 | months2 dd 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 |
- | |
| 1908 | _400 dd 400 |
1849 | months db 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 |
| Line 1909... | Line 1850... | ||
| 1909 | _100 dd 100 |
1850 | months2 db 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 |
| 1910 | endg |
1851 | endg |
| 1911 | 1852 | ||
| - | 1853 | ntfs_datetime_to_bdfe: |
|
| 1912 | ntfs_datetime_to_bdfe: |
1854 | ; edx:eax = number of 100-nanosecond intervals since January 1, 1601, in UTC |
| 1913 | ; edx:eax = number of 100-nanosecond intervals since January 1, 1601, in UTC |
1855 | push ebx ecx |
| 1914 | push eax |
1856 | mov ebx, eax |
| 1915 | mov eax, edx |
1857 | mov eax, edx |
| 1916 | xor edx, edx |
1858 | xor edx, edx |
| 1917 | div [_10000000] |
1859 | mov ecx, 10000000 |
| 1918 | xchg eax, [esp] |
1860 | div ecx |
| 1919 | div [_10000000] |
- | |
| 1920 | pop edx |
- | |
| 1921 | .sec: |
1861 | xchg eax, ebx |
| 1922 | ; edx:eax = number of seconds since January 1, 1601 |
1862 | div ecx |
| - | 1863 | .forEXT: |
|
| 1923 | push eax |
1864 | xchg eax, ebx |
| 1924 | mov eax, edx |
1865 | xor edx, edx |
| 1925 | xor edx, edx |
1866 | mov ecx, 60 |
| 1926 | div [_60] |
1867 | div ecx |
| 1927 | xchg eax, [esp] |
1868 | xchg eax, ebx |
| 1928 | div [_60] |
1869 | div ecx |
| 1929 | mov [edi], dl |
1870 | mov [edi], dl |
| 1930 | pop edx |
1871 | mov edx, ebx |
| 1931 | ; edx:eax = number of minutes |
1872 | ; edx:eax = number of minutes |
| 1932 | div [_60] |
1873 | div ecx |
| 1933 | mov [edi+1], dl |
1874 | mov [edi+1], dl |
| 1934 | ; eax = number of hours (note that 2^64/(10^7*60*60) < 2^32) |
1875 | ; eax = number of hours |
| 1935 | xor edx, edx |
1876 | xor edx, edx |
| 1936 | div [_24] |
1877 | mov cl, 24 |
| 1937 | mov [edi+2], dl |
1878 | div ecx |
| 1938 | mov [edi+3], byte 0 |
- | |
| 1939 | ; eax = number of days since January 1, 1601 |
1879 | mov [edi+2], dx |
| 1940 | xor edx, edx |
1880 | ; eax = number of days since January 1, 1601 |
| 1941 | div [days400year] |
1881 | xor edx, edx |
| 1942 | imul eax, 400 |
1882 | mov cx, 365 |
| 1943 | add eax, 1601 |
1883 | div ecx |
| 1944 | mov [edi+6], ax |
1884 | mov ebx, eax |
| 1945 | mov eax, edx |
1885 | add ebx, 1601 |
| 1946 | xor edx, edx |
- | |
| 1947 | div [days100year] |
1886 | shr eax, 2 |
| 1948 | cmp al, 4 |
- | |
| 1949 | jnz @f |
- | |
| 1950 | dec eax |
1887 | sub edx, eax |
| 1951 | add edx, [days100year] |
1888 | mov cl, 25 |
| 1952 | @@: |
1889 | div cl |
| 1953 | imul eax, 100 |
1890 | xor ah, ah |
| 1954 | add [edi+6], ax |
- | |
| 1955 | mov eax, edx |
1891 | add edx, eax |
| 1956 | xor edx, edx |
- | |
| 1957 | div [days4year] |
1892 | shr eax, 2 |
| 1958 | shl eax, 2 |
1893 | sub edx, eax |
| 1959 | add [edi+6], ax |
- | |
| 1960 | mov eax, edx |
1894 | jns @f |
| 1961 | xor edx, edx |
1895 | dec ebx |
| 1962 | div [days1year] |
1896 | add edx, 365 |
| 1963 | cmp al, 4 |
- | |
| 1964 | jnz @f |
1897 | test bl, 3 |
| 1965 | dec eax |
- | |
| 1966 | add edx, [days1year] |
- | |
| 1967 | @@: |
- | |
| 1968 | add [edi+6], ax |
- | |
| 1969 | push esi edx |
- | |
| 1970 | mov esi, months |
- | |
| 1971 | movzx eax, word [edi+6] |
- | |
| 1972 | test al, 3 |
- | |
| 1973 | jnz .noleap |
- | |
| 1974 | xor edx, edx |
- | |
| 1975 | push eax |
- | |
| 1976 | div [_400] |
- | |
| 1977 | pop eax |
- | |
| 1978 | test edx, edx |
- | |
| 1979 | jz .leap |
- | |
| 1980 | xor edx, edx |
- | |
| 1981 | div [_100] |
- | |
| 1982 | test edx, edx |
- | |
| 1983 | jz .noleap |
- | |
| 1984 | .leap: |
- | |
| 1985 | mov esi, months2 |
1898 | jnz @f |
| - | 1899 | inc edx |
|
| - | 1900 | @@: |
|
| 1986 | .noleap: |
1901 | xor eax, eax |
| - | 1902 | mov ecx, months-1 |
|
| 1987 | pop edx |
1903 | test bl, 3 |
| 1988 | xor eax, eax |
- | |
| 1989 | inc eax |
1904 | jnz @f |
| 1990 | @@: |
- | |
| 1991 | sub edx, [esi] |
1905 | add ecx, 12 |
| - | 1906 | @@: |
|
| 1992 | jb @f |
1907 | inc ecx |
| 1993 | add esi, 4 |
- | |
| 1994 | inc eax |
1908 | inc eax |
| 1995 | jmp @b |
1909 | sub dl, [ecx] |
| - | 1910 | jnc @b |
|
| 1996 | @@: |
1911 | dec dh |
| 1997 | add edx, [esi] |
1912 | jns @b |
| 1998 | pop esi |
1913 | add dl, [ecx] |
| - | 1914 | inc edx |
|
| 1999 | inc edx |
1915 | mov [edi+4], dl |
| - | 1916 | mov [edi+5], al |
|
| 2000 | mov [edi+4], dl |
1917 | mov [edi+6], bx |
| Line -... | Line 1918... | ||
| - | 1918 | add edi, 8 |
|
| - | 1919 | pop ecx ebx |
|
| - | 1920 | ret |
|
| - | 1921 | ||
| - | 1922 | .sec: |
|
| 2001 | mov [edi+5], al |
1923 | push ebx ecx |
| 2002 | add edi, 8 |
1924 | mov ebx, edx |
| 2003 | ret |
1925 | jmp .forEXT |
| 2004 | 1926 | ||
| Line 2013... | Line 1935... | ||
| 2013 | cmp byte [esi], 0 |
1935 | cmp byte [esi], 0 |
| 2014 | jnz @f |
1936 | jnz @f |
| 2015 | xor ebx, ebx |
1937 | xor ebx, ebx |
| 2016 | movi eax, ERROR_ACCESS_DENIED |
1938 | movi eax, ERROR_ACCESS_DENIED |
| 2017 | ret |
1939 | ret |
| - | 1940 | ||
| 2018 | @@: ; 1. Search file |
1941 | @@: ; 1. Search file |
| 2019 | call ntfs_lock |
1942 | call ntfs_lock |
| 2020 | stdcall ntfs_find_lfn, [esp+4] |
1943 | stdcall ntfs_find_lfn, [esp+4] |
| 2021 | jc .notFound |
1944 | jc .notFound |
| 2022 | ; found, rewrite |
1945 | ; found, rewrite |
| Line 2086... | Line 2009... | ||
| 2086 | cmp byte [ecx], '/' |
2009 | cmp byte [ecx], '/' |
| 2087 | jz ntfsNotFound ; path folder not found |
2010 | jz ntfsNotFound ; path folder not found |
| 2088 | cmp byte [ecx], 0 |
2011 | cmp byte [ecx], 0 |
| 2089 | jnz @b |
2012 | jnz @b |
| 2090 | sub ecx, esi |
2013 | sub ecx, esi |
| - | 2014 | push ecx ; name length |
|
| 2091 | push ecx |
2015 | shl ecx, 1 |
| 2092 | lea ecx, [ecx*2+52h+7] ; precalculate index length |
2016 | add ecx, fileName+7 |
| 2093 | and ecx, not 7 ; align 8 |
2017 | and ecx, not 7 |
| 2094 | mov edi, [ebp+NTFS.cur_index_buf] |
2018 | mov edi, [ebp+NTFS.cur_index_buf] |
| 2095 | push esi |
- | |
| 2096 | push ecx |
- | |
| 2097 | mov edx, [ebx+12] |
2019 | mov edx, [ebx+12] |
| 2098 | mov [ebp+NTFS.fileRealSize], edx |
2020 | mov [ebp+NTFS.fileRealSize], edx |
| 2099 | mov edx, [ebx+16] |
2021 | mov edx, [ebx+16] |
| 2100 | mov [ebp+NTFS.fileDataBuffer], edx |
2022 | mov [ebp+NTFS.fileDataBuffer], edx |
| - | 2023 | push esi |
|
| - | 2024 | push ecx ; index length |
|
| 2101 | mov edx, ecx |
2025 | mov edx, ecx |
| 2102 | cmp dword [edi], 'INDX' |
2026 | cmp dword [edi], 'INDX' |
| 2103 | jz .indexRecord |
2027 | jz .indexRecord |
| 2104 | mov esi, [ebp+NTFS.frs_buffer] ; indexRoot |
2028 | mov esi, [ebp+NTFS.frs_buffer] ; indexRoot |
| 2105 | mov ecx, [esi+recordRealSize] |
2029 | mov ecx, [esi+recordRealSize] |
| Line 2140... | Line 2064... | ||
| 2140 | stosw |
2064 | stosw |
| 2141 | mov esi, [ebp+NTFS.attr_offs] |
2065 | mov esi, [ebp+NTFS.attr_offs] |
| 2142 | mov cl, [esi+attributeOffset] |
2066 | mov cl, [esi+attributeOffset] |
| 2143 | add esi, ecx |
2067 | add esi, ecx |
| 2144 | mov eax, [esi+indexRecordSizeClus] |
2068 | mov eax, [esi+indexRecordSizeClus] |
| 2145 | cmp eax, 128 |
2069 | cmp eax, 129 |
| 2146 | jnc @b |
2070 | jnc @b |
| 2147 | mov [ebp+NTFS.fileDataSize], eax |
2071 | mov [ebp+NTFS.fileDataSize], eax |
| 2148 | mov eax, [esi+indexRecordSize] |
2072 | mov eax, [esi+indexRecordSize] |
| 2149 | cmp eax, [ebp+NTFS.frs_size] |
2073 | cmp eax, [ebp+NTFS.frs_size] |
| 2150 | jc @b |
2074 | jc @b |
| Line 2326... | Line 2250... | ||
| 2326 | mul ecx |
2250 | mul ecx |
| 2327 | mov [edi+fileAllocatedSize], eax |
2251 | mov [edi+fileAllocatedSize], eax |
| 2328 | pop ecx |
2252 | pop ecx |
| 2329 | mov [ebp+NTFS.indexOffset], edi |
2253 | mov [ebp+NTFS.indexOffset], edi |
| 2330 | mov [edi+fileNameLength], cl |
2254 | mov [edi+fileNameLength], cl |
| 2331 | add edi, 52h |
2255 | add edi, fileName |
| 2332 | @@: ; record filename |
2256 | @@: ; record filename |
| 2333 | lodsb |
2257 | lodsb |
| 2334 | call ansi2uni_char |
2258 | call ansi2uni_char |
| 2335 | stosw |
2259 | stosw |
| 2336 | dec ecx |
2260 | dec ecx |