Private Function PathFromFrn(ByVal Id As Long) As String
Dim fOk As Integer
Dim FileName As String = String.Empty
Dim UnicodeString As UNICODE_STRING
Dim ObjAttributes As OBJECT_ATTRIBUTES
Dim IoStatusBlock As IO_STATUS_BLOCK
Dim hFile As IntPtr ' out handle
Dim Buffer As IntPtr = Marshal.AllocHGlobal(4096) ' Raw buffer
Dim Refptr As IntPtr = Marshal.AllocHGlobal(8) ' 8 byte FileID
Dim ObjAtt As IntPtr = Marshal.AllocHGlobal(Marshal.SizeOf(ObjAttributes)) 'pointer to the unicode string struct
' pointer>>fileid
Marshal.WriteInt64(Refptr, 0, Id)
' 8 byte file id
UnicodeString.Length = 8
UnicodeString.MaximumLength = 8
UnicodeString.Buffer = Refptr
' copy unicode structure to pointer
Marshal.StructureToPtr(UnicodeString, ObjAtt, True)
' InitializeObjectAttributes Macro
ObjAttributes.Length = Marshal.SizeOf(ObjAttributes)
ObjAttributes.ObjectName = ObjAtt
ObjAttributes.RootDirectory = m_hCJ
ObjAttributes.Attributes = OBJ_CASE_INSENSITIVE
fOk = NtCreateFile(hFile, GENERIC_READ, ObjAttributes, IoStatusBlock, 0, 0, _
FILE_SHARE_READ Or FILE_SHARE_WRITE, _
FILE_OPEN, FILE_OPEN_BY_FILE_ID Or FILE_OPEN_FOR_BACKUP_INTENT, 0, 0)
If fOk <> INVALID_HANDLE_VALUE Then
fOk = NtQueryInformationFile(hFile, IoStatusBlock, Buffer, 4096, FileNameInformationClass)
If fOk = 0 Then
' The first 4 bytes is the length
Dim FileLength As Integer = Marshal.ReadInt32(Buffer, 0)
' The filename is just after the first 4 bytes.
FileName = Marshal.PtrToStringUni(New IntPtr(Buffer.ToInt32() + 4), FileLength / 2)
End If
End If
' free allocated memory and handles
CloseHandle(hFile)
Marshal.FreeHGlobal(Buffer)
Marshal.FreeHGlobal(ObjAtt)
Marshal.FreeHGlobal(Refptr)
Return FileName
End Function
↧
Reading MFT
↧