I am developing an upper volume filter driver, it monitors the read/write blocks of volume. I am getting the volume offset and 1st sector(LBA) from it when any read/write happens. How can I obtain the file name from volume offset or 1st sector using C/C++? Any kind of help appreciated. Thanks in advance.
Obtain file name from volume offset or sector(Windows)
1.7k views Asked by Jorge Chon At
2
There are 2 answers
Related Questions in WINDOWS
- how to play a sounds in c# forms?
- Echo behaviour of Microsoft Windows Telnet Client
- Getting error while running spark-shell on my system; pyspark is running fine
- DirectX 9 With No SDK Installed - How To Translate a D3DMATRIX?
- Gradle 8.7 cannot find installed JDK 22 in IntelliJ
- 'IOException: The cloud file provider is not running', when trying to delete 'cloud' folder
- Cannot load modules/mod_dav_svn.so into server
- Issue with launching application after updating ElectronJs to version 28.0.0 on Windows and Linux
- 32-bit applications do not display some files in Windows 10
- 'bun' is not recognized as an internal or external command
- mkssecreenshotmgr taking a screenshot
- Next js installation in windows 7 os
- Can't resize a partition using Mini Tool?
- Is there any way to set a printer as default according with Active Directory Policy Security Group and PC hostname?
- Electron Printing not working on Windows (Works on Mac)
Related Questions in FILENAMES
- 1 filenames = [] 2 ----> 3 for file in os.zipfile('images.zip'):
- My Google Apps Script renames all files in a folder from data in a spreadsheet. Can someone explain why it returns an exception error?
- excel filename by vba script causes 2 filenames
- How to obfuscate windows long filenames without exceeding max length
- Applescript How to get the filename from open -a "xx.app" [file] --args "someargs" in the applescript
- How to rename file name in Linux using the command "rename"?
- Changing the all filename field of WooCommerce products
- C++ - Shell API - Is there a way to convert a display file name to a parsed file name?
- Call windows explorer to refresh recycle bin filename
- How to speed up Open Folder "whose name starts with" in AppleScript
- How can I use VBA coding to make word automatically remember the filename of a dragged and dropped image?
- Parent directory \results does not exist, in pytorch when trying to save a new network
- Extracting the date from a filename
- Render PDF from byte[] with specific filename using blazor .net 8
- Use Python or Shell to answer this challenge
Related Questions in OFFSET
- Update Cell Value in Filtered Sheet Via VBA
- onEdit() to exclude header row
- Pinescript Warning of only support to Simple Integer and asking to eliminate the Series Integer
- How do i select multiple, NON connected cells as a range with the offset function in VBA?
- Create dependent data validation list where blank cell is defined as a valid value in the list
- Is there a way to offset a CSS grid item by n tracks?
- Looking Up the Next Value after I locate the correct row of the value i need
- Getting scale offset inside tkinter canvas
- Migrated to new php, now get, Warning: Trying to access array offset on value of type bool in blog editor
- Returning a column C value list based on context of column A & B
- Move to the first empty column
- setFirstResult/setMaxResults generates wrong SQL for PostgreSQL since upgrading to Hibernate 6
- Javascript listener mousemove giving wrong position to custom cursor
- Tuning of GBM model with offset column using h2o and R
- SVG gradient offset animation
Related Questions in VOLUME
- How to control the volume of an iPhone programmatically in objective-c
- 3D construction from set of 2D images using mobile camera
- backup issue about openstack disk
- Why the volume version of ATR of vawma function cannot work in Pine Script?
- Airflow on Azure Container Apps with terraform : Errno 13 - Permission denied: '/opt/airflow/logs/scheduler
- Extracting All Docker Volume Labels With No Name Association And Adding Them to a List
- Pinescript: Plot an entry point where Volume bars are Red, Red, Green
- How to measure decibel value (dBHL) from a website?
- Node.js at command promt is not completing calculations, how do I discover why?
- Export EC2 and S3 details from AWS using CLI
- How to execute volume changes on a youtube iframe from javascript?
- Indicator/script which writes something on Volume column
- pod failed to get Plugin from volumeSpec for volume in k8s,using gluster?
- Unmute vimeo after video play event using api
- Why do the audio elements look different and have different features on Mac vs iPad?
Related Questions in SECTOR
- writing a single sector into a dump binary file using vba
- c# System.IO.FileStream Unable to read last sector if drive has an odd sector number
- STM32F407VE erase sector issues
- Is it possible to check whether any given disk sector is being accessed?
- Yahoo Finance - get sector data for dynamic list of tickers
- how to write a python code to get input and make a list of numbers from 1 to 100 and divide in to 5 parts and see the input is in witch part
- How can I read Total bytes per sector value using PowerShell or Cmd?
- How large is a disk sector anyway?
- How can I write to the boot sector of an SD card (in windows)?
- Recover data from a bad sector hard drive
- LogicalBytesPerSector vs PhysicalBytesPerSector
- Why does writing raw byte to a partition not working [sector writing]?
- Load Sectors to RAM in qemu
- Search for bad sectors of a device in C
- How to obtain stock market company sector from ticker or company name in python
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
It is almost possible, sort of. You can enumerate all the files on a volume using this code. (Warning: some of the printf functions use
%luwhen they should be using%I64u, so some of the information being printed is wrong, most notably the file reference numbers; I believe the main logic is OK though.)For each file you find, you can use
FSCTL_GET_RETRIEVAL_POINTERSto find its location on disk.So you could build a database ahead of time. You could keep it mostly up to date using
FSCTL_READ_USN_JOURNALrather than having to constantly rescan the entire disk.However, even having identified the file that used to be at a given location, you would then need to check it again in case it has been moved. The USN journal probably does not record when files are relocated on the disk without being logically modified.
And, even then, there's no guarantee that the file wasn't moved away and then moved back before you checked it. Or a file might be created and then deleted again before you have a chance to collect any data for it at all.
So, basically: No. You can't do that.
(There may be some scenarios where another solution is possible. For example, if your driver can snapshot the contents of the volume at the point of interest, you could examine the snapshot to determine the file in question. You'd have to include your own NTFS stack, though. You might be able to borrow the NTFS code from Linux. Basically still more effort than it is likely to be worth.)