枚举NTFS文件的时候只能得到文件名和父目录标识符 我想获取到文件的基本属性 在NTFS有这样的定义
type
_FILENAME_ATTRIBUTE = record
DirectoryFileReferenceNumber: ULONGLONG;
CreationTime: ULONGLONG; // Saved when filename last changed
ChangeTime: ULONGLONG; // ditto
LastWriteTime: ULONGLONG; // ditto
LastAccessTime: ULONGLONG; // ditto
AllocatedSize: ULONGLONG; // ditto
DataSize: ULONGLONG; // ditto
FileAttributes: ULONG; // ditto
AlignmentOrReserved: ULONG;
NameLength: UCHAR;
NameType: UCHAR; // 0x01 = Long, 0x02 = Short
Name: array[0..0] of UCHAR;
end;
FILENAME_ATTRIBUTE = _FILENAME_ATTRIBUTE;
PFILENAME_ATTRIBUTE = ^FILENAME_ATTRIBUTE;
TFilenameAttribute = FILENAME_ATTRIBUTE;
PFilenameAttribute = ^TFilenameAttribute;
但是我在获取的时候总是不对 麻烦各位大神帮帮忙
type
_FILENAME_ATTRIBUTE = record
DirectoryFileReferenceNumber: ULONGLONG;
CreationTime: ULONGLONG; // Saved when filename last changed
ChangeTime: ULONGLONG; // ditto
LastWriteTime: ULONGLONG; // ditto
LastAccessTime: ULONGLONG; // ditto
AllocatedSize: ULONGLONG; // ditto
DataSize: ULONGLONG; // ditto
FileAttributes: ULONG; // ditto
AlignmentOrReserved: ULONG;
NameLength: UCHAR;
NameType: UCHAR; // 0x01 = Long, 0x02 = Short
Name: array[0..0] of UCHAR;
end;
FILENAME_ATTRIBUTE = _FILENAME_ATTRIBUTE;
PFILENAME_ATTRIBUTE = ^FILENAME_ATTRIBUTE;
TFilenameAttribute = FILENAME_ATTRIBUTE;
PFilenameAttribute = ^TFilenameAttribute;
但是我在获取的时候总是不对 麻烦各位大神帮帮忙
可以去看<Windows内核情景分析>书中的说明.