问题描述
在我的C#应用程序中,我已经有一种检查文件系统的方法,但是我想利用从主文件表(MFT)读取的优势,因为它快得多。我了解1)它是专有规范,因此可能随时更改,恕不另行通知; 2)仅当应用程序以管理特权运行时才可以访问。
In my C# application, I already have a way to examine the file system but I would like to take advantage of reading from the Master File Table (MFT) because it is so much faster. I understand that 1) it is a proprietary specification and therefore subject to change without notice, and 2) it is only accessible when the application is running under administrative privileges.
I设法通过(带有该文件参考号)(Vista及更高版本),或者您可以通过在阅读MFT时遍历构建的列表,然后调用,并带有组合名称。
There's two straightforward approaches you can take to open the file when you're lurking around in the MFT - You can call OpenFileByID with that file reference number (Vista and higher), or you can build the fully qualified file name by traversing the list you built when reading the MFT and then calling the CreateFile with the assembled name.
您要将句柄从CreateFile或OpenFileByID转换为SafeFileHandle:
You want to get the handle from CreateFile or OpenFileByID into a SafeFileHandle:
[DllImport( "kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode )]
internal static extern SafeFileHandle CreateFile( string lpFileName, EFileAccess dwDesiredAccess, uint dwShareMode, IntPtr lpSecurityAttributes, uint dwCreationDisposition, uint dwFlagsAndAttributes, IntPtr hTemplateFile );
[DllImport( "kernel32.dll", SetLastError = true )]
internal static extern SafeFileHandle OpenFileById( IntPtr volumeHandle, ref FileIdDescriptor lpFileId, uint dwDesiredAccess, uint dwShareMode, uint lpSecurityAttributes, uint dwFlagsAndAttributes );
一旦您拥有SafeFileHandle(并检查了它的有效性),就可以将其传递给
Once you have the SafeFileHandle (and you've checked that it's valid), you can pass it to a FileStream constructor and read/write the file like normal.
每个文件都在MFT中表示,但有一些警告。例如,单个文件可以在文件层次结构中的多个位置出现,但是所有'em都有一个MFT条目-这些是所谓的硬链接(它们不是副本-有多个条目指向一个文件-头疼很多)。有成千上万个。有一些API可以查询硬链接,但是很难看。
Every file is represented in the MFT, but there are caveats. For example, a single file can be in the file hierarchy in multiple places, yet there is a single MFT entry for all of 'em - these are the so-called hard links (they're not copies - there are multiple entry points to a file - headaches abound). There are thousands of these. There are APIs for interrogating the hard links, but it gets ugly.
这篇关于从NTFS-MFT参考编号获取文件信息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!