Sign in with
Sign up | Sign in
Your question

Getting size of unaccessible folder tree? BackupRead() ?

Last response: in Windows 2000/NT
Share
Anonymous
March 15, 2005 3:58:50 PM

Archived from groups: comp.os.ms-windows.programmer.misc,comp.os.ms-windows.programmer.win32,microsoft.public.win2000.file_system,microsoft.public.win32.programmer.kernel,microsoft.public.win32.programmer.tools (More info?)

Hi

I just made a little tool that recursively finds out how many bytes the
files in
a folder tree contains. The tool will run with administrative rights on
Windows NT/2k/XP systems with NTFS where user is allowed to have folders
with security set so that only (s)he can access it.

My question is:
Is it possible for administrator to enumarate the files and subfolders in
such folders
without aquiring user credentials and preferably without getting and then
resetting
permission to the folder? The purpose is to find out the backup needs for
the users.

The only idea i have to go on at the moment is to use backup sematics in
CreateFile() to open the folder and then BackupRead() and BackupSeek()
to scan over end of stream and get actual size returned..
I tried this with this function:

BOOL bGetFailedFolderSizes(char *p_szFolder, BOOL bInNoBackup)
{
HANDLE hDir;
WIN32_STREAM_ID *p_strid;
DWORD dw, dwOut;
VOID *p_Cont=NULL;

hDir = CreateFile (p_szFolder, GENERIC_READ,
FILE_SHARE_READ|FILE_SHARE_DELETE,
NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL);
if (hDir==NULL) return FALSE;
dw=sizeof(WIN32_STREAM_ID) + 500000;
if ((p_strid=malloc(dw))==NULL) { CloseHandle(hDir); return FALSE; }
memset(p_strid, 0, dw);
while (BackupRead(hDir, p_strid, dw, &dwOut, FALSE, FALSE, &p_Cont))
{
// just debugging for now; not sure what the directory stream
contains...
}
CloseHandle(hDir);
return FALSE;
}

BackupRead() returns "true" but still the buffer isn't touch and context
pointer is
set to 0xFFFFFFFF. Do one need to enable some Local Policy for it to work?

- Sten
Anonymous
March 15, 2005 4:21:18 PM

Archived from groups: comp.os.ms-windows.programmer.misc,comp.os.ms-windows.programmer.win32,microsoft.public.win2000.file_system,microsoft.public.win32.programmer.kernel,microsoft.public.win32.programmer.tools (More info?)

Sten Westerback wrote:

> Hi
>
> I just made a little tool that recursively finds out how many bytes the
> files in
> a folder tree contains. The tool will run with administrative rights on
> Windows NT/2k/XP systems with NTFS where user is allowed to have folders
> with security set so that only (s)he can access it.
>
> My question is:
> Is it possible for administrator to enumarate the files and subfolders in
> such folders
> without aquiring user credentials and preferably without getting and then
> resetting
> permission to the folder? The purpose is to find out the backup needs for
> the users.

Yes, if the user running your tool has the SeBackupName privlege.

> The only idea i have to go on at the moment is to use backup sematics in
> CreateFile() to open the folder and then BackupRead() and BackupSeek()
> to scan over end of stream and get actual size returned..
> I tried this with this function:
>
> BOOL bGetFailedFolderSizes(char *p_szFolder, BOOL bInNoBackup)
> {
> HANDLE hDir;
> WIN32_STREAM_ID *p_strid;
> DWORD dw, dwOut;
> VOID *p_Cont=NULL;
>
> hDir = CreateFile (p_szFolder, GENERIC_READ,
> FILE_SHARE_READ|FILE_SHARE_DELETE,
> NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL);
> if (hDir==NULL) return FALSE;
> dw=sizeof(WIN32_STREAM_ID) + 500000;
> if ((p_strid=malloc(dw))==NULL) { CloseHandle(hDir); return FALSE; }
> memset(p_strid, 0, dw);
> while (BackupRead(hDir, p_strid, dw, &dwOut, FALSE, FALSE, &p_Cont))
> {
> // just debugging for now; not sure what the directory stream
> contains...
> }
> CloseHandle(hDir);
> return FALSE;
> }
>
> BackupRead() returns "true" but still the buffer isn't touch and context
> pointer is
> set to 0xFFFFFFFF. Do one need to enable some Local Policy for it to work?

You will need to enable SeBackupPrivilege first for your process and
then use FILE_FLAG_BACKUP_SEMANTICS flag in each call to CreateFile().

However, in your example you open a directory and use BackupRead() to
read everything but security information and that gives no data because
there is no data but security to backup on directories. So, if you
change the second last parameter to TRUE you will get a few hundred
bytes of security information to the backup stream buffer.

--
Olof Lagerkvist sm6xmk
ICQ: 724451 @ssa.se
Web: http://here.is/olof
Anonymous
March 15, 2005 4:47:29 PM

Archived from groups: comp.os.ms-windows.programmer.misc,comp.os.ms-windows.programmer.win32,microsoft.public.win2000.file_system,microsoft.public.win32.programmer.kernel,microsoft.public.win32.programmer.tools (More info?)

"Olof Lagerkvist" <no@email.address> wrote in message
news:ijBZd.132524$dP1.471028@newsc.telia.net...
> Sten Westerback wrote:
>
> > Hi
> >
> > I just made a little tool that recursively finds out how many bytes the
> > files in
> > a folder tree contains. The tool will run with administrative rights on
> > Windows NT/2k/XP systems with NTFS where user is allowed to have folders
> > with security set so that only (s)he can access it.
> >
> > My question is:
> > Is it possible for administrator to enumarate the files and subfolders
in
> > such folders
> > without aquiring user credentials and preferably without getting and
then
> > resetting
> > permission to the folder? The purpose is to find out the backup needs
for
> > the users.
>
> Yes, if the user running your tool has the SeBackupName privlege.

The automated "user" of the tool is the Administrator account (Tivoli)
so the privilege should be available and testable by running backup tool.

> > The only idea i have to go on at the moment is to use backup sematics in
> > CreateFile() to open the folder and then BackupRead() and BackupSeek()
> > to scan over end of stream and get actual size returned..
> > I tried this with this function:
> >
> > BOOL bGetFailedFolderSizes(char *p_szFolder, BOOL bInNoBackup)
> > {
> > HANDLE hDir;
> > WIN32_STREAM_ID *p_strid;
> > DWORD dw, dwOut;
> > VOID *p_Cont=NULL;
> >
> > hDir = CreateFile (p_szFolder, GENERIC_READ,
> > FILE_SHARE_READ|FILE_SHARE_DELETE,
> > NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL);
> > if (hDir==NULL) return FALSE;
> > dw=sizeof(WIN32_STREAM_ID) + 500000;
> > if ((p_strid=malloc(dw))==NULL) { CloseHandle(hDir); return FALSE; }
> > memset(p_strid, 0, dw);
> > while (BackupRead(hDir, p_strid, dw, &dwOut, FALSE, FALSE, &p_Cont))
> > {
> > // just debugging for now; not sure what the directory stream
> > contains...
> > }
> > CloseHandle(hDir);
> > return FALSE;
> > }
> >
> > BackupRead() returns "true" but still the buffer isn't touch and context
> > pointer is
> > set to 0xFFFFFFFF. Do one need to enable some Local Policy for it to
work?
>
> You will need to enable SeBackupPrivilege first for your process and
> then use FILE_FLAG_BACKUP_SEMANTICS flag in each call to CreateFile().

Ok, i'll try that if...

> However, in your example you open a directory and use BackupRead() to
> read everything but security information and that gives no data because
> there is no data but security to backup on directories. So, if you
> change the second last parameter to TRUE you will get a few hundred
> bytes of security information to the backup stream buffer.

.... if i could also get the names of files and folders in the folder then
this
is useful. I thought it would give records of filenames or links to files.

Note that somehow the Backup tools is able to enumerate files in all folders
so
i wonder if this is supposed to work or do they use something else?

So basically i guess my question is:
Is there some other way to find out size of files in a folder than using
FindFirstFile() etc? One that isn't restricted (too much) by Security...

- Sten
Related resources
Anonymous
March 15, 2005 5:46:43 PM

Archived from groups: comp.os.ms-windows.programmer.misc,comp.os.ms-windows.programmer.win32,microsoft.public.win2000.file_system,microsoft.public.win32.programmer.kernel,microsoft.public.win32.programmer.tools (More info?)

Sten Westerback wrote:

> "Olof Lagerkvist" <no@email.address> wrote in message
> news:ijBZd.132524$dP1.471028@newsc.telia.net...

>>You will need to enable SeBackupPrivilege first for your process and
>>then use FILE_FLAG_BACKUP_SEMANTICS flag in each call to CreateFile().
>
>
> Ok, i'll try that if...
>
>
>>However, in your example you open a directory and use BackupRead() to
>>read everything but security information and that gives no data because
>>there is no data but security to backup on directories. So, if you
>>change the second last parameter to TRUE you will get a few hundred
>>bytes of security information to the backup stream buffer.
>
>
> ... if i could also get the names of files and folders in the folder then
> this
> is useful. I thought it would give records of filenames or links to files.

No, BackupRead() on a directory only reads the meta data for the
directory itself and that can only be security information, alternate
data streams, reparse data etc, not information about the files in the
directory.

> Note that somehow the Backup tools is able to enumerate files in all folders
> so
> i wonder if this is supposed to work or do they use something else?
>
> So basically i guess my question is:
> Is there some other way to find out size of files in a folder than using
> FindFirstFile() etc? One that isn't restricted (too much) by Security...

FindFirstFile()/FindNextFile() are not restricted by security when
SeBackupPrivilege is enabled for the calling process.

If you want, you may look at my backup stream utility 'strarc':
http://here.is/olof/files/strarc.zip
Source is somewhere in this source archive:
http://here.is/olof/files/source.tar.lzma

--
Olof Lagerkvist sm6xmk
ICQ: 724451 @ssa.se
Web: http://here.is/olof
Anonymous
March 16, 2005 1:33:13 PM

Archived from groups: comp.os.ms-windows.programmer.misc,comp.os.ms-windows.programmer.win32,microsoft.public.win2000.file_system,microsoft.public.win32.programmer.kernel,microsoft.public.win32.programmer.tools (More info?)

I was thinking that "normal APIs'" like FindFirstFile would have same
restrictions as Exlorer does. Now i added the SeBackupPrivilege
enabling code and now it works. They could add a comment about
this to the description of FindFirstFile....

Thanks,
-Sten

"Olof Lagerkvist" <no@email.address> wrote in message
news:nzCZd.132534$dP1.471084@newsc.telia.net...
> Sten Westerback wrote:
>
> > "Olof Lagerkvist" <no@email.address> wrote in message
> > news:ijBZd.132524$dP1.471028@newsc.telia.net...
>
> >>You will need to enable SeBackupPrivilege first for your process and
> >>then use FILE_FLAG_BACKUP_SEMANTICS flag in each call to CreateFile().
> >
> >
> > Ok, i'll try that if...
> >
> >
> >>However, in your example you open a directory and use BackupRead() to
> >>read everything but security information and that gives no data because
> >>there is no data but security to backup on directories. So, if you
> >>change the second last parameter to TRUE you will get a few hundred
> >>bytes of security information to the backup stream buffer.
> >
> >
> > ... if i could also get the names of files and folders in the folder
then
> > this
> > is useful. I thought it would give records of filenames or links to
files.
>
> No, BackupRead() on a directory only reads the meta data for the
> directory itself and that can only be security information, alternate
> data streams, reparse data etc, not information about the files in the
> directory.
>
> > Note that somehow the Backup tools is able to enumerate files in all
folders
> > so
> > i wonder if this is supposed to work or do they use something else?
> >
> > So basically i guess my question is:
> > Is there some other way to find out size of files in a folder than using
> > FindFirstFile() etc? One that isn't restricted (too much) by Security...
>
> FindFirstFile()/FindNextFile() are not restricted by security when
> SeBackupPrivilege is enabled for the calling process.
>
> If you want, you may look at my backup stream utility 'strarc':
> http://here.is/olof/files/strarc.zip
> Source is somewhere in this source archive:
> http://here.is/olof/files/source.tar.lzma
>
> --
> Olof Lagerkvist sm6xmk
> ICQ: 724451 @ssa.se
> Web: http://here.is/olof
>
!