|
|
[ Peke @ 29.12.2010. 04:01 ] @
[ salaczr @ 29.12.2010. 11:56 ] @
Veoma zanimljivo. Ranije sam imao taj problem, ali ga nikad nisam resio jer se projekat, nazalost, ugasio.
Evo sta sam tada pronasao.
>> 48h LongLongWord (8 Bytes) B4A4E199A4E15DFC - NTFS Volume Serial Number.
>>
>> NOTE: When you use the DIR command and others inside of a CMD/DOS-box under Windows 2000/XP, it will show a Volume Serial Number composed of only >> the last four bytes of this Long Long Word! Example:
>> C:\>dir
>> Volume in drive C is Win2000
>> Volume Serial Number is A4E1-5DFC
>>
>> Obviously, we must look into this further to find out how all these bytes are being used by the Operating System! It is interesting to note how the (3rd and >> 4th) and (6th and 7th) bytes repeat here! Do you have a Serial Number where these two sets of bytes are not the same?
Mozda se varam ali resenje bi trebalo da bude:
http://msdn.microsoft.com/en-u...ary/aa364569%28v=vs.85%29.aspx
i struktura koju vraca funkcija
http://msdn.microsoft.com/en-u...ary/aa365256%28v=vs.85%29.aspx
sretno sa resavanjem problema.
poz [ Peke @ 29.12.2010. 23:44 ] @
U pravu si, to je to. Kanda mi search po MSDN-u nije bio OK.
Sve Odradjeno Hvala.
[ salaczr @ 30.12.2010. 19:12 ] @
Evo za sve one koji imaju isti problem.
Code:
unit NtfsSerialFull;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;
const
FILE_DEVICE_FILE_SYSTEM = $00000009;
FILE_ANY_ACCESS = 0;
METHOD_BUFFERED = 0;
const
FSCTL_GET_NTFS_VOLUME_DATA = (
(FILE_DEVICE_FILE_SYSTEM shl 16) or (FILE_ANY_ACCESS shl 14) or
(25 shl 2) or METHOD_BUFFERED);
{$EXTERNALSYM FSCTL_GET_NTFS_VOLUME_DATA}
FSCTL_GET_NTFS_FILE_RECORD = (
(FILE_DEVICE_FILE_SYSTEM shl 16) or (FILE_ANY_ACCESS shl 14) or
(26 shl 2) or METHOD_BUFFERED);
{$EXTERNALSYM FSCTL_GET_NTFS_FILE_RECORD}
type
// Structures for FSCTL_GET_NTFS_VOLUME_DATA.
// The user must pass the basic buffer below. Ntfs
// will return as many fields as available in the extended
// buffer which follows immediately after the VOLUME_DATA_BUFFER.
PNTFS_VOLUME_DATA_BUFFER = ^NTFS_VOLUME_DATA_BUFFER;
{$EXTERNALSYM PNTFS_VOLUME_DATA_BUFFER}
NTFS_VOLUME_DATA_BUFFER = record
VolumeSerialNumber: LARGE_INTEGER;
NumberSectors: LARGE_INTEGER;
TotalClusters: LARGE_INTEGER;
FreeClusters: LARGE_INTEGER;
TotalReserved: LARGE_INTEGER;
BytesPerSector: DWORD;
BytesPerCluster: DWORD;
BytesPerFileRecordSegment: DWORD;
ClustersPerFileRecordSegment: DWORD;
MftValidDataLength: LARGE_INTEGER;
MftStartLcn: LARGE_INTEGER;
Mft2StartLcn: LARGE_INTEGER;
MftZoneStart: LARGE_INTEGER;
MftZoneEnd: LARGE_INTEGER;
end;
{$EXTERNALSYM NTFS_VOLUME_DATA_BUFFER}
TNtfsVolumeDataBuffer = NTFS_VOLUME_DATA_BUFFER;
PNtfsVolumeDataBuffer = PNTFS_VOLUME_DATA_BUFFER;
// Structures for FSCTL_GET_NTFS_FILE_RECORD
PNTFS_FILE_RECORD_INPUT_BUFFER = ^NTFS_FILE_RECORD_INPUT_BUFFER;
{$EXTERNALSYM PNTFS_FILE_RECORD_INPUT_BUFFER}
NTFS_FILE_RECORD_INPUT_BUFFER = record
FileReferenceNumber: LARGE_INTEGER;
end;
{$EXTERNALSYM NTFS_FILE_RECORD_INPUT_BUFFER}
TNtfsFileRecordInputBuffer = NTFS_FILE_RECORD_INPUT_BUFFER;
PNtfsFileRecordInputBuffer = PNTFS_FILE_RECORD_INPUT_BUFFER;
PNTFS_FILE_RECORD_OUTPUT_BUFFER = ^NTFS_FILE_RECORD_OUTPUT_BUFFER;
{$EXTERNALSYM PNTFS_FILE_RECORD_OUTPUT_BUFFER}
NTFS_FILE_RECORD_OUTPUT_BUFFER = record
FileReferenceNumber: LARGE_INTEGER;
FileRecordLength: DWORD;
FileRecordBuffer: array [0..0] of BYTE;
end;
{$EXTERNALSYM NTFS_FILE_RECORD_OUTPUT_BUFFER}
TNtfsFileRecordOutputBuffer = NTFS_FILE_RECORD_OUTPUT_BUFFER;
PNtfsFileRecordOutputBuffer = PNTFS_FILE_RECORD_OUTPUT_BUFFER;
// Structure for NTFS_RECORD_HEADER
USHORT = Word;
{$EXTERNALSYM USHORT}
USN = LONGLONG;
{$EXTERNALSYM USN}
_NTFS_RECORD_HEADER = record
//Type_: ULONG;
Type_ : array[1..4] of Char;
UsaOffset: USHORT;
UsaCount: USHORT;
Usn: USN;
end;
NTFS_RECORD_HEADER = _NTFS_RECORD_HEADER;
PNTFS_RECORD_HEADER = ^NTFS_RECORD_HEADER;
TNtfsRecordHeader = NTFS_RECORD_HEADER;
PNtfsRecordHeader = ^TNtfsRecordHeader;
// Structure for FILE_RECORD_HEADER
ULONGLONG = Int64;
{$EXTERNALSYM ULONGLONG}
_FILE_RECORD_HEADER = record
Ntfs: NTFS_RECORD_HEADER;
SequenceNumber: USHORT;
LinkCount: USHORT;
AttributesOffset: USHORT;
Flags: USHORT; // 0x0001 = InUse, 0x0002 = Directory
BytesInUse: ULONG;
BytesAllocated: ULONG;
BaseFileRecord: ULONGLONG;
NextAttributeNumber: USHORT;
end;
FILE_RECORD_HEADER = _FILE_RECORD_HEADER;
PFILE_RECORD_HEADER = ^FILE_RECORD_HEADER;
TFileRecordHeader = FILE_RECORD_HEADER;
PFileRecordHeader = ^TFileRecordHeader;
const
AttributeStandardInformation = $10;
AttributeAttributeList = $20;
AttributeFileName = $30;
AttributeObjectId = $40;
AttributeSecurityDescriptor = $50;
AttributeVolumeName = $60;
AttributeVolumeInformation = $70;
AttributeData = $80;
AttributeIndexRoot = $90;
AttributeIndexAllocation = $A0;
AttributeBitmap = $B0;
AttributeReparsePoint = $C0;
AttributeEAInformation = $D0;
AttributeEA = $E0;
AttributePropertySet = $F0;
AttributeLoggedUtilityStream = $100;
type
ATTRIBUTE_TYPE = AttributeStandardInformation..AttributeLoggedUtilityStream;
PATTRIBUTE_TYPE = ^ATTRIBUTE_TYPE;
TAttributeType = ATTRIBUTE_TYPE;
_ATTRIBUTE = record
AttributeType: ATTRIBUTE_TYPE;
Length: ULONG;
Nonresident: ByteBool;
NameLength: UCHAR;
NameOffset: USHORT;
Flags: USHORT; // 0x0001 = Compressed
AttributeNumber: USHORT;
end;
ATTRIBUTE = _ATTRIBUTE;
PATTRIBUTE = ^ATTRIBUTE;
TAttribute = ATTRIBUTE;
type
TForm1 = class(TForm)
Button1: TButton;
Memo1: TMemo;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
procedure TForm1.Button1Click(Sender: TObject);
var
vHandleVolume : THandle;
vLastError : Cardinal;
vNtfsVolumeData : TNtfsVolumeDataBuffer;
vBytes : DWORD;
vDrive : string;
vTotalFileCount : LONGLONG;
vi : LONGLONG;
vNtfsFileRecordInputBuffer : TNtfsFileRecordInputBuffer;
vNtfsFileRecordOutputBuffer : TNtfsFileRecordOutputBuffer;
vNtfsRecordHeader : TNtfsRecordHeader;
vFileRecordHeader : TFileRecordHeader;
vAttribut : TAttribute;
vNtfsFileRecordInputBufferPrecedent : TNtfsFileRecordInputBuffer;
vBuffer : PChar;
vBufLen : Cardinal;
vPos : Cardinal;
i : integer;
begin
Memo1.Lines.Clear();
vDrive := 'c:';
i := 0;
vHandleVolume := CreateFile(PAnsiChar('\\.\' + vDrive),
GENERIC_READ,
FILE_SHARE_READ or FILE_SHARE_WRITE or FILE_SHARE_READ or FILE_SHARE_WRITE,
nil,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
0);
if vHandleVolume = INVALID_HANDLE_VALUE then
begin
vLastError := GetLastError;
Memo1.Lines.Add(Format('%s [%s] (CREATEFILE)', [SysErrorMessage(vLastError), IntToStr(vLastError)]));
Exit;
end;
if not DeviceIoControl(vHandleVolume,
FSCTL_GET_NTFS_VOLUME_DATA,
nil,
0,
@vNtfsVolumeData,
SizeOf(vNtfsVolumeData),
vBytes,
nil) then
begin
vLastError := GetLastError();
Memo1.Lines.Add(Format('%s [%s] (GET_NTFS_VOLUME_DATA)', [SysErrorMessage(vLastError), IntToStr(vLastError)]));
CloseHandle(vHandleVolume);
Exit;
end;
Memo1.Lines.Add('Volume : ' + vDrive);
Memo1.Lines.Add('VolumeSerialNumber : ' + IntToHex(vNtfsVolumeData.VolumeSerialNumber.QuadPart, 16));
Memo1.Lines.Add('NumberSectors : ' + IntToHex(vNtfsVolumeData.NumberSectors.QuadPart, 16));
Memo1.Lines.Add('TotalClusters : ' + IntToHex(vNtfsVolumeData.TotalClusters.QuadPart, 16));
Memo1.Lines.Add('FreeClusters : ' + IntToHex(vNtfsVolumeData.FreeClusters.QuadPart, 16));
Memo1.Lines.Add('TotalReserved : ' + IntToHex(vNtfsVolumeData.TotalReserved.QuadPart, 16));
Memo1.Lines.Add('BytesPerSector : ' + IntToStr(vNtfsVolumeData.BytesPerSector));
Memo1.Lines.Add('BytesPerCluster : ' + IntToStr(vNtfsVolumeData.BytesPerCluster));
Memo1.Lines.Add('BytesPerFileRecordSegment : ' + IntToStr(vNtfsVolumeData.BytesPerFileRecordSegment));
Memo1.Lines.Add('ClustersPerFileRecordSegment : ' + IntToStr(vNtfsVolumeData.ClustersPerFileRecordSegment));
Memo1.Lines.Add('MftValidDataLength : ' + IntToHex(vNtfsVolumeData.MftValidDataLength.QuadPart, 16));
Memo1.Lines.Add('MftStartLcn : ' + IntToHex(vNtfsVolumeData.MftStartLcn.QuadPart, 16));
Memo1.Lines.Add('Mft2StartLcn : ' + IntToHex(vNtfsVolumeData.Mft2StartLcn.QuadPart, 16));
Memo1.Lines.Add('MftZoneStart : ' + IntToHex(vNtfsVolumeData.MftZoneStart.QuadPart, 16));
Memo1.Lines.Add('MftZoneEnd : ' + IntToHex(vNtfsVolumeData.MftZoneEnd.QuadPart, 16));
vTotalFileCount := vNtfsVolumeData.MftValidDataLength.QuadPart div vNtfsVolumeData.BytesPerFileRecordSegment;// vNum.QuadPart;
Memo1.Lines.Add('TotalEntries : ' + IntToStr(vTotalFileCount));
CloseHandle(vHandleVolume);
end;
end.
Sretna Nova 2011. godina
poz [ Peke @ 31.12.2010. 00:03 ] @
Moje resenje je bilo slicno:
Code:
unit NtfsInfo;
interface
uses
Windows, SysUtils, Classes;
type
PNTFS_VOLUME_DATA_BUFFER = ^NTFS_VOLUME_DATA_BUFFER;
NTFS_VOLUME_DATA_BUFFER = record
SerialNumber : LARGE_INTEGER;
NumberOfSectors : LARGE_INTEGER;
TotalClusters : LARGE_INTEGER;
FreeClusters : LARGE_INTEGER;
Reserved : LARGE_INTEGER;
BytesPerSector : ULONG;
BytesPerCluster : ULONG;
BytesPerMFTRecord : ULONG;
ClustersPerMFTRecord: ULONG;
MFTLength : LARGE_INTEGER;
MFTStart : LARGE_INTEGER;
MFTMirrorStart : LARGE_INTEGER;
MFTZoneStart : LARGE_INTEGER;
MFTZoneEnd : LARGE_INTEGER;
end;
procedure DumpMetaFiles(const DriveId: Char; Results: TStrings);
function GetNTFSInfo(const DriveId: Char; var VolumeInfo: NTFS_VOLUME_DATA_BUFFER;
var Err: String): Boolean;
implementation
const
FSCTL_GET_VOLUME_INFORMATION = $90064;
type NTSTATUS = UINT;
const
STATUS_SUCCESS = NTSTATUS($00000000);
STATUS_BUFFER_OVERFLOW = NTSTATUS($80000005);
STATUS_INVALID_PARAMETER = NTSTATUS($C000000D);
STATUS_BUFFER_TOO_SMALL = NTSTATUS($C0000023);
STATUS_ALREADY_COMMITTED = NTSTATUS($C0000021);
STATUS_INVALID_DEVICE_REQUEST = NTSTATUS($C0000010);
MetaFileNames: array[0..10] of string =
(
'$mft',
'$mftmirr',
'$logfile',
'$volume',
'$attrdef',
'$bitmap',
'$boot',
'$badclus',
'$quota',
'$badclust',
'$upcase'
);
type
PVOID = Pointer;
HANDLE = Cardinal;
PIO_STATUS_BLOCK = ^_IO_STATUS_BLOCK;
_IO_STATUS_BLOCK = record
Status: NTSTATUS;
Information: ULONG;
end;
PIO_APC_ROUTINE = procedure(
ApcContext: PVOID;
IoStatusBlock: PIO_STATUS_BLOCK;
Reserved: ULONG
);
TNtFsControlFile = function(
FileHandle : HANDLE;
Event : HANDLE;
ApcRoutine : PIO_APC_ROUTINE;
ApcContext : PVOID;
IoStatusBlock : PIO_STATUS_BLOCK;
FsControlCode : ULONG;
InputBuffer : PVOID;
InputBufferLength : ULONG;
OutputBuffer : PVOID;
OutputBufferLength : ULONG
): NTSTATUS; stdcall;
var
NtFsControlFile: TNtFsControlFile = nil;
function PrintNtError(const Status: NTSTATUS): String;
begin
case (Status) of
STATUS_SUCCESS: Result := 'STATUS_SUCCESS';
STATUS_INVALID_PARAMETER: Result := 'STATUS_INVALID_PARAMETER';
STATUS_BUFFER_TOO_SMALL: Result := 'STATUS_BUFFER_TOO_SMALL';
STATUS_ALREADY_COMMITTED: Result := 'STATUS_ALREADY_COMMITTED';
STATUS_INVALID_DEVICE_REQUEST: Result := 'STATUS_INVALID_DEVICE_REQUEST';
else Result := Format('%8d', [Status]);
end;
end;
procedure DumpMetaFiles(const DriveId: Char; Results: TStrings);
var
FileName: String;
FindData: WIN32_FIND_DATA;
FindHandle: HANDLE;
i: Integer;
Line: String;
begin
for i := 0 to Length(MetaFileNames) - 1 do
begin
FileName := Format('%s:\%s', [DriveId, MetaFileNames[i]]);
FindHandle := FindFirstFile(PChar(FileName), FindData);
if (FindHandle <> INVALID_HANDLE_VALUE) then
begin
Line := Format('%-11s %d bytes', [findData.cFileName, findData.nFileSizeLow]);
Windows.FindClose(FindHandle);
Results.Add(Line);
end;
end;
end;
function GetNTFSInfo(const DriveId: Char; var VolumeInfo: NTFS_VOLUME_DATA_BUFFER;
var Err: String): Boolean;
var
VolumeName: String;
VolumeHandle: HANDLE;
IoStatus: _IO_STATUS_BLOCK;
Status: NTSTATUS;
begin
Result := False;
if (@NtFsControlFile = nil) then
begin
Err := 'Not running on supported version of Windows NT.';
Exit;
end;
VolumeName := Format('\\.\%s:', [DriveId]);
VolumeHandle := CreateFile(PChar(VolumeName), GENERIC_READ, FILE_SHARE_READ or FILE_SHARE_WRITE, nil, OPEN_EXISTING, 0, 0);
if (VolumeHandle = INVALID_HANDLE_VALUE) then
begin
Err := 'Error opening volume:' + SysErrorMessage(GetLastError());
Exit;
end;
Status := NtFsControlFile(VolumeHandle, 0, nil, nil, @IoStatus, FSCTL_GET_VOLUME_INFORMATION, nil, 0, @VolumeInfo, SizeOf(NTFS_VOLUME_DATA_BUFFER));
if (Status <> STATUS_SUCCESS) then
begin
Err := 'Error obtaining NTFS information:' + PrintNtError(Status);
CloseHandle(VolumeHandle);
Exit;
end;
CloseHandle(VolumeHandle);
Result := True;
end;
initialization
@NtFsControlFile := GetProcAddress(GetModuleHandle('ntdll.dll'), 'NtFsControlFile');
finalization
end.
Copyright (C) 2001-2025 by www.elitesecurity.org. All rights reserved.
|