Page 3 of 3
Posted: Sat May 15, 2004 3:25 pm
by blueznl
tada... all streams and all data
what took me so much trouble is the value returned by backupread_() that doesn't return a zero when it is supposed to...
all that's left is figure out the relation between id and stream name, i don't see a 'deafult' stream named $data so i suppose stream id plays a role in there...
if you want to make multiple streams, try notepad from the prompt using: notepad test.txt:hidden_stream and have fun
Code: Select all
filename.s = "c:\test.txt"
file_h = CreateFile_(@filename, #GENERIC_READ, 0, 0, #OPEN_EXISTING, #FILE_FLAG_BACKUP_SEMANTICS, 0)
;
*buffer = AllocateMemory(4096)
*stream.WIN32_STREAM_ID = *buffer
;
context.l = 0
bytes_read.l = 0
;
Repeat
;
z = BackupRead_(file_h, *buffer, 20, @bytes_read, 0, 1, @context)
;
; dunno why, but sometimes backupread() returns a 1 when it should be zero, next if / endif fixes it
;
If bytes_read = 0
z = 0
EndIf
;
If z > 0
;
n+1
Debug ""
Debug "stream "+Str(n)
Debug "stream id "+Str( *stream\dwStreamID )
Debug "stream attributes %"+Bin( *stream\dwStreamAttributes )
;
size.l = *stream\dwStreamSizeLow + *stream\dwStreamSizeHigh *256*256*256*256
namesize.l = *stream\dwStreamNameSize
;
Debug "stream size "+Str(size)
Debug "name size "+Str(namesize)
;
If namesize > 0
BackupRead_(file_h, *buffer, namesize, @bytes_read, 0, 1, @context)
Debug "name... "+Str(bytes_read)
EndIf
If size > 0
BackupRead_(file_h, *buffer, size, @bytes_read, 0, 1, @context)
Debug "data..."+Str(bytes_read)
EndIf
EndIf
Until z = 0
;
BackupRead_(file_h, *buffer,0,@bytes_read,1,0,@context)
CloseHandle_(file_h)
Posted: Sat May 15, 2004 3:36 pm
by fweil
I will look forward ... was testing your last post which gets well data, but trying to add BackupWrite_() with no success ATM.
I will rework it later today.
Thanx anyway to share efforts like this.
Posted: Sat May 15, 2004 7:21 pm
by blueznl
ok, got it mostly done, one thing i'm not totally clear on is the unicode stream name, there are some question marks and i haven't got a clue if i made the mistake or if they should be there (behind the stream name if multiple streams exist in a file)...
to test this:
0. only when using ntfs (!)
1. use notepad from the command prompt, notepad.exe c:\test.txt
2. edit some text save exit
3. create a new stream using notepad.exe c:\test.txt:hidden.txt
4. edit some text save exit
5. run the following code:
Code: Select all
filename.s = "c:\test.txt"
file_h = CreateFile_(@filename, #GENERIC_READ, 0, 0, #OPEN_EXISTING, #FILE_FLAG_BACKUP_SEMANTICS, 0)
;
*buffer = AllocateMemory(4096)
*stream.WIN32_STREAM_ID = *buffer
;
context.l = 0
bytes_read.l = 0
;
Repeat
;
z = BackupRead_(file_h, *buffer, 20, @bytes_read, 0, 1, @context)
;
; dunno why, but sometimes backupread() returns a 1 when it should be zero
;
If bytes_read = 0
z = 0
EndIf
;
If z > 0
;
n+1
Debug ""
Debug "stream "+Str(n)
id = *stream\dwStreamID
Debug "stream id "+Str( id )
Select id
Case #BACKUP_DATA
Debug "data"
Case #BACKUP_EA_DATA
Debug "extended attribute"
Case #BACKUP_SECURITY_DATA
Debug "security data"
Case #BACKUP_ALTERNATE_DATA
Debug "alternate data"
Case #BACKUP_LINK
Debug "hard link information"
Default
Debug "unknown id type"
EndSelect
;
Debug "stream attributes %"+Bin( *stream\dwStreamAttributes )
;
size.l = *stream\dwStreamSizeLow + *stream\dwStreamSizeHigh *256*256*256*256
namesize.l = *stream\dwStreamNameSize
;
Debug "stream size "+Str(size)
Debug "name size "+Str(namesize)
;
If namesize > 0
BackupRead_(file_h, *buffer, namesize, @bytes_read, 0, 1, @context)
l = WideCharToMultiByte_(#CP_OEMCP,0,*buffer,-1,0,0,0,0)
name.s = Space(l)
l = WideCharToMultiByte_(#CP_OEMCP,0,*buffer,-1,@name,l,0,0)
Debug "name... "+Str(bytes_read)+" "+name
EndIf
If size > 0
BackupRead_(file_h, *buffer, size, @bytes_read, 0, 1, @context)
Debug "data..."+Str(bytes_read)
EndIf
EndIf
Until z = 0
;
BackupRead_(file_h, *buffer,0,@bytes_read,1,0,@context)
CloseHandle_(file_h)
this will allow you to...
1. open and read any file, including those locked
2. look at all streams within a file
i haven't tested this yet on a file with changing contents, it is supposed to work, but i haven't got a clue if it really does
Posted: Sat May 15, 2004 7:25 pm
by fweil
Blueznl, you are a star today
Posted: Sat May 15, 2004 7:30 pm
by fweil
.... same quote marks on my side but it is going to be more talkative.
I will focus again tonight or tomorrow.
Posted: Sat May 15, 2004 7:48 pm
by blueznl
although you can read from open files there are some issues, if the filesize is increasing, reading files this way is somewhat dangerous and can return incorrect results, to my surprise i must add...
you might have to resort to 'shadow copy' but i dunno how that works
Posted: Sun May 16, 2004 12:19 pm
by Max.
blueznl wrote:this will allow you to...
1. open and read any file, including those locked
2. look at all streams within a file
i haven't tested this yet on a file with changing contents, it is supposed to work, but i haven't got a clue if it really does
Bluez, you puzzle me.
How does your code solve the basic problem that CreateFile doesn't return a handle and therefor also doesn't perform any operation on the file?
Posted: Sun May 16, 2004 5:53 pm
by blueznl
files that are locked (or that are opened without the share flag set) cannot be opened in any regular way, not even for reading, unless you use this approach, that's all
Posted: Tue May 18, 2004 8:31 am
by blueznl
fweil, see tips and tricks section, think i've solved it
Posted: Tue May 18, 2004 10:32 am
by fweil
I switch there now !
Posted: Mon Oct 29, 2007 4:57 pm
by blueznl
Posted: Thu Nov 01, 2007 10:35 pm
by blueznl
... and doesn't work a 100%... Fweil, if you're still around (perhaps not, last mail in the forum was 2006 I think), did you ever get it fixed?
It looks like I need to give my process certain privileges... Anyone who knows how to do that