You can create a change journal any way you like... That is the easy part.
Here is some sample code.
As for the log statements, simply convert them to Console.WriteLine()... I use Log4Net, hence the log errors.
All you need to do is build your own class. There are some class member variables to define, etc but you should be able to figure out what they are by the code segments.
Here is some sample code.
As for the log statements, simply convert them to Console.WriteLine()... I use Log4Net, hence the log errors.
All you need to do is build your own class. There are some class member variables to define, etc but you should be able to figure out what they are by the code segments.
| unsafe private void CreateChangeJournal() |
| { |
| // This function creates a journal on the volume. If a journal already |
| // exists this function will adjust the MaximumSize and AllocationDelta |
| // parameters of the journal |
| UInt64 MaximumSize = 0x800000; |
| UInt64 AllocationDelta = 0x100000; |
| UInt32 cb; |
| PInvokeWin32.CREATE_USN_JOURNAL_DATA cujd; |
| cujd.MaximumSize = MaximumSize; |
| cujd.AllocationDelta = AllocationDelta; |
| int sizeCujd = Marshal.SizeOf(cujd); |
| IntPtr cujdBuffer = Marshal.AllocHGlobal(sizeCujd); |
| PInvokeWin32.ZeroMemory(cujdBuffer, sizeCujd); |
| Marshal.StructureToPtr(cujd, cujdBuffer, true); |
| bool fOk = PInvokeWin32.DeviceIoControl(_changeJournalRootHandle, PInvokeWin32.FSCTL_CREATE_USN_JOURNAL, |
| cujdBuffer, sizeCujd, IntPtr.Zero, 0, out cb, IntPtr.Zero); |
| if (!fOk) |
| { |
| throw new IOException("DeviceIoControl() returned false", new Win32Exception(Marshal.GetLastWin32Error())); |
| } |
| } |
| unsafe private void SetupMFT_Enum_DataBuffer(ref IntPtr medBuffer) |
| { |
| uint bytesReturned = 0; |
| PInvokeWin32.USN_JOURNAL_DATA ujd = new PInvokeWin32.USN_JOURNAL_DATA(); |
| bool bOk = PInvokeWin32.DeviceIoControl(_changeJournalRootHandle, // Handle to drive |
| PInvokeWin32.FSCTL_QUERY_USN_JOURNAL, // IO Control Code |
| IntPtr.Zero, // In Buffer |
| 0, // In Buffer Size |
| out ujd, // Out Buffer |
| sizeof(PInvokeWin32.USN_JOURNAL_DATA), // Size Of Out Buffer |
| out bytesReturned, // Bytes Returned |
| IntPtr.Zero); // lpOverlapped |
| if (bOk) |
| { |
| PInvokeWin32.MFT_ENUM_DATA med; |
| med.StartFileReferenceNumber = 0; |
| med.LowUsn = 0; |
| med.HighUsn = ujd.NextUsn; |
| int sizeMftEnumData = Marshal.SizeOf(med); |
| medBuffer = Marshal.AllocHGlobal(sizeMftEnumData); |
| PInvokeWin32.ZeroMemory(medBuffer, sizeMftEnumData); |
| Marshal.StructureToPtr(med, medBuffer, true); |
| } |
| else |
| { |
| throw new IOException("DeviceIoControl() returned false", new Win32Exception(Marshal.GetLastWin32Error())); |
| } |
| } |