Changeset 1859 for trunk/eraser6/Eraser.Util/NtfsApi.cs

Timestamp:

3/1/2010 2:57:41 AM (2 years ago)

Author:

lowjoel

Message:

For NTFS MFT Record lengths we need volume (data) read access so instead catch unauthorized access exceptions (i.e. when running under a split user token in 7) and return using the heuristic of one of volume cluster size and 1024 bytes, whichever is smaller

File:

• trunk/eraser6/Eraser.Util/NtfsApi.cs (modified) (2 diffs)

trunk/eraser6/Eraser.Util/NtfsApi.cs

@@ -48 +48 @@
         public static long GetMftRecordSegmentSize(VolumeInfo volume)
         {
-            return GetNtfsVolumeData(volume).BytesPerFileRecordSegment;
+            try
+            {
+                return GetNtfsVolumeData(volume).BytesPerFileRecordSegment;
+            }
+            catch (UnauthorizedAccessException)
+            {
+                return Math.Min(volume.ClusterSize, 1024);
+            }
         }
 
@@ -58 +65 @@
         /// <returns>The NTFS_VOLUME_DATA_BUFFER structure representing the data
         /// file systme structures for the volume.</returns>
+        /// <exception cref="UnauthorizedAccessException">Thrown when the current user
+        /// does not have the permissions required to obtain the volume information.</exception>
         internal static NativeMethods.NTFS_VOLUME_DATA_BUFFER GetNtfsVolumeData(VolumeInfo volume)
         {
             using (SafeFileHandle volumeHandle = volume.OpenHandle(
-                NativeMethods.FILE_READ_ATTRIBUTES, FileShare.ReadWrite, FileOptions.None))
+                FileAccess.Read, FileShare.ReadWrite, FileOptions.None))
             {
                 uint resultSize = 0;