NtfsStreamsEditor.zip提交时间:2006-03-18 提交用户:smzd2005 工具分类:其它工具 运行平台:Windows 工具大小:356876 Bytes 文件MD5 :abd453c1d3951a427842df38c5425062 工具来源:http://www.freewebs.com/okwin/ NtfsStreamsEditor V1.0 1.简介 NtfsStreamsEditor是对NTFS分区的文件的数据流进行编辑,删除, 附加,备份和还原的强大工具。 注意:没有任何明确或暗示形式的担保。你使用要自己承担风险。 不管是作者还是作者的代理,都没有责任对使用或误用本软件时 的数据丢失、损坏、利益损失或其它任何形式的损失负责。 2.关于NTFS分区的数据流 NTFS分区的数据流是一个子文件系统允许额外的数据连接到一个 特别的文件中,现在的FAT/FAT32文件系统格式是不支持数据流格式的。 3.关于NTFS文件系统中的数据流问题 参见http://www.xfocus.net/articles/200103/81.html 4.FAQ Q:能否建立C:\:.:$DATA或者C:\:www.txt:$DATA这样的流,并能删除吗? A:可以附加或者删除,但是无法编辑。请小心可能的危害。 5.部分核心源码 type IO_STATUS_BLOCK=record Status:INTEGER; Information:ULONG; end; PIO_STATUS_BLOCK=^IO_STATUS_BLOCK; PFILE_STREAM_INFORMATION=^FILE_STREAM_INFORMATION; FILE_STREAM_INFORMATION=packed record NextEntry:ULONG; NameLength:ULONG; Size:LARGE_INTEGER; AllocationSize:LARGE_INTEGER; pName:WORD; end; FILE_INFORMATION_CLASS=INTEGER; TNtQueryInformationFile=function( FileHandle:THANDLE; IoStatusBlock:PIO_STATUS_BLOCK; FileInformation:Pointer; Length:ULONG; FileInformationClass:FILE_INFORMATION_CLASS):INTEGER;stdcall; PTNtQueryInformationFile=^TNtQueryInformationFile; TRtlNtStatusToDosError=function(Status:INTEGER):ULONG;stdcall; PTRtlNtStatusToDosError=^TRtlNtStatusToDosError; PIO_APC_ROUTINE=^IO_APC_ROUTINE; IO_APC_ROUTINE=procedure( ApcContext:Pointer; IoStatusBlock:PIO_STATUS_BLOCK; Reserved:ULONG); procedure GetAFileInfo(filename:string;pTRR:TReturnResult); var pfilename:array[0..MAX_PATH]of widechar; fileHandle:Thandle; streamInfoStructMemPtr:Pointer; streamInfoStructPtr:PFILE_STREAM_INFORMATION; streamInfoSize:ULONG; streamName:array[0..MAX_PATH]of wchar; pstreamsInfo:PStreamInfo; heapHandle:THandle; ioStatus:IO_STATUS_BLOCK; status:Integer; tempfilesize:ULONG; begin //initial pTRR.pRR.filename:= filename; pTRR.pRR.errorinfo:=EI_UnKnown; pTRR.pRR.myList.Clear; //open file StringToWidechar(filename, pfilename,MAX_PATH); fileHandle:=CreateFileW(pfilename, GENERIC_READ, FILE_SHARE_READ or FILE_SHARE_WRITE,nil, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS,0); if (fileHandle=INVALID_HANDLE_VALUE) then begin pTRR.pRR.errorinfo:=EI_F_CanNotOpenFile; CloseHandle(fileHandle); Exit; end; pTRR.pRR.errorinfo:=EI_F_NoStreams; tempfilesize:=GetFileSize(fileHandle,nil); if INVALID_FILE_SIZE=tempfilesize then begin pTRR.pRR.filelength:=0; end else pTRR.pRR.filelength:=tempfilesize; streamInfoSize:=$4000; heapHandle:=HeapCreate(HEAP_NO_SERIALIZE,streamInfoSize,0); streamInfoStructMemPtr:=HeapAlloc(heapHandle,HEAP_ZERO_MEMORY,streamInfoSize); status:=STATUS_BUFFER_OVERFLOW; while(status=STATUS_BUFFER_OVERFLOW)do begin status:=NtQueryInformationFile(fileHandle, @ioStatus, streamInfoStructMemPtr, streamInfoSize, FILESTREAMINFOMATION); if(status=STATUS_BUFFER_OVERFLOW)then begin streamInfoSize:=streamInfoSize+$4000; if (streamInfoSize>$3200000) then begin pTRR.pRR.errorinfo:=EI_F_CanNotGetStreamsInfo; HeapFree(heapHandle,HEAP_NO_SERIALIZE,streamInfoStructMemPtr); CloseHandle(filehandle); Exit; end; HeapReAlloc(heapHandle,HEAP_ZERO_MEMORY,streamInfoStructMemPtr,streamInfoSize); end else begin break; end; end;//while end /// if success if((status>=0) and (ioStatus.Information<>0))then begin streamInfoStructPtr:=streamInfoStructMemPtr; while(TRUE)do begin Move(streamInfoStructPtr^.pName,streamName,streamInfoStructPtr^.NameLength); streamName[streamInfoStructPtr^.NameLength div 2]:=#0; if not (WideCompareText(streamName,DEFAULTSTREAMNAME)=0)then begin new(pstreamsInfo); pstreamsInfo^.streamname:= WidechartoString(streamName); pstreamsInfo^.streamsize:=streamInfoStructPtr.Size.QuadPart; pTRR.pRR.myList.Add(pstreamsInfo); end; if (streamInfoStructPtr^.NextEntry=0) then break; streamInfoStructPtr:=Pointer(DWORD(streamInfoStructPtr)+streamInfoStructPtr^.NextEntry); end; pTRR.pRR.errorinfo:=EI_F_GetStreamsInfoOK; end else begin if (status<0) then begin pTRR.pRR.errorinfo:=EI_F_NoStreams; end; end; /// end if success HeapFree(heapHandle,HEAP_NO_SERIALIZE,streamInfoStructMemPtr); CloseHandle(filehandle); end; >> 下载 << |
