I'm not sure I understand your comment. The DeviceIoControl() with FSCTL_READ_USN_JOURNAL reads the raw bytes of the journal.
bool bRtn = Win32Api.DeviceIoControl(
_changeJournalRootHandle,
Win32Api.FSCTL_READ_USN_JOURNAL,
rujdBuffer,
sizeRujd,
pbData,
pbDataSize,
out outBytesReturned,
IntPtr.Zero);
And the statement: usn = new Win32Api.USN_RECORD(pUsnRecord); converts the bits from the raw read into a USN_RECORD in its constructor. I know I can do it a little faster in C++ because I can just cast the memory to the structure.
Other than that, I'd love to find a faster way but I don't see one. Even reading the raw sparse file.
On another topic, I've been side tracked these last few days working on another project. But I've been thinking about what I would like the ideal UsnJournal object to look like. In resolving the issues between removing the complexity and still exposing the functionality of the actual USN Journal, I've decided I minimally want my UsnJournal object to expose the ability for the user to specify which kinds of entries he/she wants to see.
This means giving the caller the ability to specify ReasonMask and RetrunOnlyOnClose and perhaps BytesToWaitFor in the typedef struct {
USN StartUsn;
DWORD ReasonMask;
DWORD ReturnOnlyOnClose;
DWORDLONG Timeout;
DWORDLONG BytesToWaitFor;
DWORDLONG UsnJournalID;
} READ_USN_JOURNAL_DATA, *PREAD_USN_JOURNAL_DATA;
When I get a working copy of the code, I'll post it here.
StCroixSkipper