Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: VC8.0 C++ C Windows VC9.0 , +
Hello,
For a project I'm assisting with I need to open the $MFT (the actual file) and calculate its MD5.
Windows does acknowledge its existence (i.e. Create file to \\.\c:\$mft works) but any attempt to read from it returns Access denied error.
tried a different approach with FSCTL_GET_RETRIEVAL_POINTERS, the call works but I couldn't find any code example on how to go over the file one cluster a time.
An NTFS Parser Lib[^] is a great project that can actually do what I want but it uses a GPL licence so I can't take code directly off it.
plus i think using it might be somewhat of an overkill anyway.
Any info would be welcomed.
Thanks.
Posted 7-Feb-11 5:45am
hjaiuyg435

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

You will need to open the HDD (or better yet, just the partition) with direct access, then write your own file system library. You were pretty much doing this. Just use "\\\\.\\C:"
 
The good news is that this is not as hard as it sounds.
 
I would STRONGLY reccommend getting a hex editor. I use the excellent Breakpoint Hex Workshop[^] but it is not free. Try searching around for 1 that can open HDDs.
 
I would recommend that you get a basic understanding of the FAT filesystem first. Although the idea of NTFS is remarkably different the implementation of core features is almost identical for accessing the $FILEs such as $MFT.
 
There is a website http://www.ntfs.com/[^] which I used for helping my understanding of the NTFS filesystem, although I already knew the FAT filesystem.
 
In addition. You can read parts of the NTFS Parser Lib that you mentioned, there is no harm in that, you just can't copy code from it.
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 Sergey Alexandrovich Kryukov 498
1 OriginalGriff 439
2 ChintanShukla 305
3 Richard Deeming 250
4 RyanDev 210
0 Sergey Alexandrovich Kryukov 8,901
1 OriginalGriff 7,571
2 CPallini 2,603
3 Richard MacCutchan 2,095
4 Abhinav S 1,893


Advertise | Privacy | Mobile
Web03 | 2.8.140827.1 | Last Updated 7 Feb 2011
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100