[matt] new code

(Logical change 1.50)

ntfsprogs/ntfsinfo.c

@@ -29,16 +29,30 @@
 #include <string.h>
 #include <errno.h>
 #include <locale.h>
+#include <time.h>
 #include "types.h"
 #include "mft.h"
 #include "attrib.h"
 #include "layout.h"
 #include "inode.h"
 
-void get_file_attribute_value(const char *dev, long int i);
+void ntfs_get_file_attributes(const char *dev, long int i);
-void print_standard_information_attr(ntfs_attr_search_ctx * ctx);
+void ntfs_dump_file_name_attribute(ntfs_inode *inode, MFT_RECORD *mrec);
-void print_file_name_attr(ntfs_attr_search_ctx * ctx);
+void ntfs_dump_standard_information(ntfs_inode *inode, MFT_RECORD *mrec);
 
+/**
+ * ntfs2utc - Convert an NTFS time to Unix time
+ * @time:  An NTFS time in 100ns units since 1601
+ *
+ * NTFS stores times as the number of 100ns intervals since January 1st 1601 at
+ * 00:00 UTC.  This system will not suffer from Y2K problems until ~57000AD.
+ *
+ * Return:  n  A Unix time (number of seconds since 1970)
+ */
+time_t ntfs2utc (long long time)
+{
+	return (time - ((long long) (369 * 365 + 89) * 24 * 3600 * 10000000)) / 10000000;
+}
 
 #define NTFS_TIME_OFFSET ((u64)(369*365 + 89) * 24 * 3600 * 10000000)
 
@@ -55,8 +69,7 @@ int main(int argc, char **argv)
 
 		locale = setlocale(LC_ALL, NULL);
 		printf("Failed to set locale, using default (%s).\n", locale);
-	} else
+	}
-		printf("Using locale %s.\n", locale);
 
 	if (argc < 3 || argc > 4) {
 		fprintf(stderr, "%s v%s - %s\n", EXEC_NAME, VERSION, AUTHOR);
@@ -66,128 +79,116 @@ int main(int argc, char **argv)
 
 	else {
 		i = atoll(argv[2]);
-		get_file_attribute_value(argv[1], i);
+		ntfs_get_file_attributes(argv[1], i);
 	}
 
 	return 0;
 }
 
-void get_file_attribute_value(const char *dev, long int i)
+void ntfs_get_file_attributes(const char *dev, long int i)
 {
 
 	MFT_REF mref;
 	MFT_RECORD *mrec = NULL;
-	//ATTR_RECORD *attr = NULL;
+	//ntfs_attr_search_ctx *ctx = NULL;
-	//FILE_NAME_ATTR *file_name_attr = NULL;
-	//STANDARD_INFORMATION *standard_information = NULL;
-	//SECURITY_DESCRIPTOR_RELATIVE *security_descriptor = NULL;
-	ntfs_attr_search_ctx *ctx = NULL;
 	ntfs_volume *vol = NULL;
-	//char *file_name;
 	ntfs_inode *inode = NULL;
+	//int error;
 
-	vol = ntfs_mount(dev, 0);
+	if(!(vol = ntfs_mount(dev, 0))) {
+		fprintf(stderr, "ntfsinfo error: cannot mount device %s\n",dev);
+		exit(1);
+	}
 
 	mref = (MFT_REF) i;
 	inode = ntfs_inode_open(vol, mref);
 
 	if (ntfs_file_record_read(vol, mref, &mrec, NULL)) {
-		perror("Error reading file record!\n");
+		fprintf(stderr, "ntfsinfo error: error reading file record!\n");
 		exit(1);
 	}
 
+	//see flatcap.org/ntfs/info for what formatting should look like
+	//ntfs_dump_boot_sector_information(inode, mrec);
+	ntfs_dump_file_name_attribute(inode, mrec);
+	ntfs_dump_standard_information(inode, mrec);
+}
+
+void ntfs_dump_file_name_attribute(ntfs_inode *inode, MFT_RECORD *mrec)
+{
+	FILE_NAME_ATTR *file_name_attr = NULL;
+	ATTR_RECORD *attr = NULL;
+	ntfs_attr_search_ctx *ctx = NULL;
+	char *file_name;
+	time_t ntfs_time;
+
 	ctx = ntfs_attr_get_search_ctx(inode, mrec);
 
-//	print_file_name_attr(ctx);
+	if(ntfs_attr_lookup(AT_FILE_NAME, AT_UNNAMED, 0, 0, 0, NULL, 0, ctx)) {
-
+		fprintf(stderr, "ntfsinfo error: cannot lookup attribute AT_FILE_NAME!\n");
-//	ctx = ntfs_get_attr_search_ctx(inode, mrec);	//need to fix this
+		return;
-
-	print_standard_information_attr(ctx);
-}
-
-
-s64 ntfs2time(s64 time)
-{
-	s64 t;
-	printf("Original Time: %Li\n",time);
-	t = time - NTFS_TIME_OFFSET;
-	t = t / 10000000;
-	return t;
-
-
-}
-
-void print_standard_information_attr(ntfs_attr_search_ctx *ctx)
-{
-	ATTR_RECORD *attr = NULL;
-	STANDARD_INFORMATION *standard_information_attr = NULL;
-
-	if (ntfs_attr_lookup
-		(AT_STANDARD_INFORMATION, AT_UNNAMED, 0, 0, 0, NULL, 0, ctx)) {
-		perror("Error looking up $STANDARD_INFORMATION!\n");
-		exit(1);
 	}
 
 	attr = ctx->attr;
 
-	standard_information_attr =
+	file_name_attr = (FILE_NAME_ATTR*)((char *)attr + le16_to_cpu(attr->value_offset));
-	    (STANDARD_INFORMATION *) ((char *) attr +
-				      le16_to_cpu(attr->value_offset));
 
-	printf("Creation time: %Li\n",
+	file_name = malloc(file_name_attr->file_name_length * sizeof(char));
-		ntfs2time(standard_information_attr->creation_time));
+
-/*	printf("Last Data Change Time: %Li\n",
+	//need to convert the little endian unicode string to a multibyte string
-	       ntfs2time(standard_information_attr->last_data_change_time));
+	ntfs_ucstombs(file_name_attr->file_name, file_name_attr->file_name_length,
-	printf("Last MFT Change Time: %Li\n",
+			&file_name, file_name_attr->file_name_length);
-	       ntfs2time(standard_information_attr->last_mft_change_time));
+
-	printf("Last Access Time: %Li\n",
+	printf("Dumping $FILE_NAME (0x30)\n");
-	       ntfs2time(standard_information_attr->last_access_time));
+
-	printf("Maxium Versions: %d\n",
+	//basic stuff about the file
-		standard_information_attr->maximum_versions);
+	printf("File Name: \t\t %s\n",file_name);
-	printf("Version Number: %d\n",
+	printf("File Name Length: \t %d\n",file_name_attr->file_name_length);
-		standard_information_attr->version_number);
+	printf("Allocated File Size: \t %lld\n", sle64_to_cpu(file_name_attr->allocated_size));
-	printf("Class ID: %d\n",
+	printf("Real File Size: \t %lld\n", sle64_to_cpu(file_name_attr->data_size));
-		standard_information_attr->class_id);
+
-	printf("Owner ID: %d\n",
+	//time conversion stuff
-		standard_information_attr->owner_id);
+	ntfs_time = ntfs2utc(file_name_attr->creation_time);
-	printf("Security ID: %d\n",
+	printf("File Creation Time: \t %s",ctime(&ntfs_time));
-		standard_information_attr->security_id);
+
+	ntfs_time = ntfs2utc(file_name_attr->last_data_change_time);
+	printf("File Altered Time: \t %s",ctime(&ntfs_time));
+
+	ntfs_time = ntfs2utc(file_name_attr->last_mft_change_time);
+	printf("MFT Changed Time: \t %s",ctime(&ntfs_time));
+
+	ntfs_time = ntfs2utc(file_name_attr->last_access_time);
+	printf("Last Acced Time: \t %s",ctime(&ntfs_time));
+
+	free(file_name);
 
-*/
 }
 
-void print_file_name_attr(ntfs_attr_search_ctx *ctx)
+void ntfs_dump_standard_information(ntfs_inode *inode, MFT_RECORD *mrec)
 {
-	ATTR_RECORD *attr = NULL;
-	ntfs_attr_search_ctx *c = ctx;
-	FILE_NAME_ATTR *file_name_attr = NULL;
-	char *file_name;
 
-	if (ntfs_attr_lookup(AT_FILE_NAME, AT_UNNAMED, 0, 0, 0, NULL, 0, ctx)) {
+	STANDARD_INFORMATION *standard_attr = NULL;
-		perror("Error looking up $FILE_NAME_ATTR!\n");
+	ATTR_RECORD *attr = NULL;
-		exit(1);
+	ntfs_attr_search_ctx *ctx = NULL;
+
+	ctx = ntfs_attr_get_search_ctx(inode, mrec);
+
+	if(ntfs_attr_lookup(AT_STANDARD_INFORMATION, AT_UNNAMED, 0, 0, 0, NULL, 0, ctx)) {
+		fprintf(stderr, "ntfsinfo error: cannot look up attribute AT_STANDARD_INFORMATION!\n");
+		return;
 	}
 
 	attr = ctx->attr;
-	ctx = c;
 
-	file_name_attr =
+	standard_attr = (STANDARD_INFORMATION*)((char *)attr + le16_to_cpu(attr->value_offset));
-	    (FILE_NAME_ATTR *) ((char *) attr +
-				le16_to_cpu(attr->value_offset));
 
-	file_name = malloc(file_name_attr->file_name_length * sizeof (char));
+	printf("Dumping $STANDARD_INFORMATION (0x10)\n");
 
-	ntfs_ucstombs(file_name_attr->file_name,
+	printf("Maximum Number of Versions: \t %d \n",standard_attr->maximum_versions);
-		      file_name_attr->file_name_length, &file_name,
+	printf("Version Number: \t\t %d \n",standard_attr->version_number);
-		      file_name_attr->file_name_length);
+	printf("Class ID: \t\t\t %d \n",standard_attr->class_id);
+	printf("User ID: \t\t\t %d \n", standard_attr->owner_id);
+	printf("Security ID: \t\t\t %d \n", standard_attr->security_id);
 
-	printf("File Name: %s\n", file_name);
-	printf("File Name Length: %d\n", file_name_attr->file_name_length);
-	printf("Allocated Size: %Li\n",sle64_to_cpu(file_name_attr->allocated_size));
-	printf("Data Size: %Li\n",sle64_to_cpu(file_name_attr->data_size));
 }
 
-/*void print_security_descriptor_attr(SECURITY_DESCRIPTOR_RELATIVE *security_descriptor)
-{
-
-}*/