Page 2 of 3
Posted: Sat May 15, 2004 10:24 am
by blueznl
here's how you do it:
http://msdn.microsoft.com/library/defau ... rights.asp
access_mode = #READ_CONTROL
share_mode = 0
creation_mode = #OPEN_EXISTING
flags = #FILE_FLAG_BACKUP_SEMANTICS
you have to use backupread to actually read the data, can't do it using the normal api's or build in calls
i could open the file normally, even though another program was using it, now going to try to read from it
Posted: Sat May 15, 2004 10:25 am
by blueznl
ah, i just saw a new possibility for this, ymmie, for another problem i was struggling with...
Posted: Sat May 15, 2004 10:26 am
by fweil
Great blueznl,
I try to apply in an small HexDump app I made and see if this works for me.
Thanks a lot.
Posted: Sat May 15, 2004 11:01 am
by fweil
Maybe I don't know how to translate stuff well ...
By using :
Code: Select all
FileName.s = "C:\pagefile.sys"
hFile = CreateFile_(@FileName, #READ_CONTROL, #FILE_SHARE_READ, #NULL, #OPEN_EXISTING, #FILE_FLAG_BACKUP_SEMANTICS, #NULL)
BytesToRead = 512
*Buffer = AllocateMemory(BytesToRead)
Repeat
Debug BackupRead_(hFile, *Buffer, BytesToRead, @BytesRead, #FALSE, #TRUE, @Context)
Debug BytesRead
ForEver ; Until BytesRead < BytesToRead
... I don't get bytes in my buffer. BackupRead_() returns 0 and the GetLastError_() is a 6 (Handle invalid).
This way does not bypass the CreateFile_() which returns a -1.
I don't understand more right now.
Posted: Sat May 15, 2004 11:25 am
by blueznl
i think this is one step in the right direction, doesn't work yet though...
Code: Select all
attribs.SECURITY_ATTRIBUTES
attribs\nLength = SizeOf(attribs)
attribs\lpSecurityDescriptor = 0
attribs\bInheritHandle = 0
;
filename.s = "test.txt"
hFile = CreateFile_(@filename, #READ_CONTROL, 0, @attribs, #OPEN_EXISTING, #FILE_FLAG_BACKUP_SEMANTICS, 0)
;
BytesToRead.l = 5
BytesRead.l = 0
*Buffer = AllocateMemory(BytesToRead)
Context.l = 0
;
Debug BackupRead_(hFile, *Buffer, BytesToRead, @BytesRead, 0, 1, @Context)
Debug BackupRead_(hFile, 0, 0, 0, 1, 0, @Context)
Debug BytesRead
Posted: Sat May 15, 2004 11:45 am
by blueznl
nah, we're on the wrong track, although i got this working, it has to do with reading associated data such as time / date stamps etc. i think
The function reads data associated with this file
Code: Select all
CreateFile(1,"c:\test.txt")
For n = 1 To 20
WriteString("dit is een test"+Chr(13)+Chr(10))
Next n
CloseFile(1)
;
attribs.SECURITY_ATTRIBUTES
attribs\nLength = SizeOf(attribs)
attribs\lpSecurityDescriptor = 0
attribs\bInheritHandle = 0
;
filename.s = "c:\test.txt"
hFile = CreateFile_(@filename, #READ_CONTROL, 0, @attribs, #OPEN_EXISTING, #FILE_FLAG_BACKUP_SEMANTICS, 0)
;
BytesToRead.l = 1024
BytesRead.l = 0
*Buffer = AllocateMemory(1024)
Context.l = 0
;
Repeat
z = BackupRead_(hFile, *Buffer, BytesToRead, @BytesRead, 0, 1, @Context)
Debug z
Debug BytesRead
Until z =0
;
Debug "done"
;
Debug BackupRead_(hFile, 0, 0, 0, 1, 0, @Context)
;
Debug SizeOf(WIN32_STREAM_ID)
Posted: Sat May 15, 2004 12:13 pm
by blueznl
but i am getting a little lost...
The BackupRead function can be used to back up a file or directory, including the security information. The function reads data associated with a specified file or directory into a buffer, which can then be written to the backup medium using the WriteFile function
Posted: Sat May 15, 2004 12:27 pm
by blueznl
Posted: Sat May 15, 2004 12:50 pm
by fweil
Posted: Sat May 15, 2004 1:05 pm
by blueznl
that sample in ruby uses GENERIC_READ but that doesn't work on my machine... only READ_CONTROL, if i use the parameters suggested there it won't work...
Posted: Sat May 15, 2004 1:10 pm
by fweil
I red carefully @
http://www.ntdev.org/archive/ntdev9704/msg0333.html
but this does not solve the bad hFile return from CreateFile_() ATM .
I am puzzled.
Posted: Sat May 15, 2004 1:43 pm
by blueznl
this reads the stream, reports stream name, and reports proper size of that stream (ie. filesize in this case) on win xp pro
Code: Select all
CreateFile(1,"c:\test.txt")
For n = 1 To 2
WriteString("dit is een test"+Chr(13)+Chr(10))
Next n
CloseFile(1)
;
filename.s = "c:\test.txt"
file_h = CreateFile_(@filename, #READ_CONTROL, #FILE_SHARE_READ, 0, #OPEN_EXISTING, #FILE_FLAG_BACKUP_SEMANTICS, 0)
;
*buffer = AllocateMemory(1024)
context.l = 0
bytes_read.l = 0
;
Structure _win32_stream_id
dwStreamID.l
dwStreamAttributes.l
dwStreamSizeLow.l
dwStreamSizeHigh.l
dwStreamNameSize.l
EndStructure
For n =1 To 3
z = BackupRead_(file_h, *buffer, 20, @bytes_read, 0, 0, @context)
Debug z
If z>0
Debug "stream "+Str(n)
;
*stream._win32_stream_id = *buffer
Debug "stream id "+Str( *stream\dwStreamID )
Debug "stream attributes: %"+Bin( *stream\dwStreamAttributes )
Debug "stream size: "+Str( *stream\dwStreamSizeLow + *stream\dwStreamSizeHigh *256*256*256*256 )
Debug "name size: "+Str( *stream\dwStreamNameSize )
;
EndIf
Next n
;
BackupRead_(file_h, *0,0,@bytes_read,0,0,@context)
CloseHandle_(file_h)
there's no error on createfile_()... are you running on ntfs?
Posted: Sat May 15, 2004 1:45 pm
by fweil
Yes I run NTFS for sure.
Posted: Sat May 15, 2004 1:52 pm
by blueznl
Posted: Sat May 15, 2004 2:11 pm
by fweil
Blueznl, yes the sample code you just posted works, but does not unlock the file if it is locked.
Here is my point, backuping files is possible by using API functions, but it somebody may exist another level to backup even the locked files.
ATM, I surrender after reading how possible to do worms and hack NTFS !
That's crazy, but too deep right now to work on.