layout.h

ReactOS是一些高手根据Windows XP的内核编写出的类XP。内核实现机理和API函数调用几乎相同。甚至可以兼容XP的程序。喜欢研究系统内核的人可以看一看。

		/* Non-resident attributes. */
		struct {
/* 16*/			VCN lowest_vcn;	/* Lowest valid virtual cluster number
				for this portion of the attribute value or
				0 if this is the only extent (usually the
				case). - Only when an attribute list is used
				does lowest_vcn != 0 ever occur. */
/* 24*/			VCN highest_vcn; /* Highest valid vcn of this extent of
				the attribute value. - Usually there is only one
				portion, so this usually equals the attribute
				value size in clusters minus 1. Can be -1 for
				zero length files. Can be 0 for "single extent"
				attributes. */
/* 32*/			u16 mapping_pairs_offset; /* Byte offset from the
				beginning of the structure to the mapping pairs
				array which contains the mappings between the
				vcns and the logical cluster numbers (lcns).
				When creating, place this at the end of this
				record header aligned to 8-byte boundary. */
/* 34*/			u8 compression_unit; /* The compression unit expressed
				as the log to the base 2 of the number of
				clusters in a compression unit. 0 means not
				compressed. (This effectively limits the
				compression unit size to be a power of two
				clusters.) WinNT4 only uses a value of 4. */
/* 35*/			u8 reserved[5];		/* Align to 8-byte boundary. */
/* The sizes below are only used when lowest_vcn is zero, as otherwise it would
   be difficult to keep them up-to-date.*/
/* 40*/			s64 allocated_size;	/* Byte size of disk space
				allocated to hold the attribute value. Always
				is a multiple of the cluster size. When a file
				is compressed, this field is a multiple of the
				compression block size (2^compression_unit) and
				it represents the logically allocated space
				rather than the actual on disk usage. For this
				use the compressed_size (see below). */
/* 48*/			s64 data_size;	/* Byte size of the attribute
				value. Can be larger than allocated_size if
				attribute value is compressed or sparse. */
/* 56*/			s64 initialized_size;	/* Byte size of initialized
				portion of the attribute value. Usually equals
				data_size. */
/* sizeof(uncompressed attr) = 64*/
/* 64*/			s64 compressed_size;	/* Byte size of the attribute
				value after compression. Only present when
				compressed. Always is a multiple of the
				cluster size. Represents the actual amount of
				disk space being used on the disk. */
/* sizeof(compressed attr) = 72*/
		} __attribute__ ((__packed__)) non_resident;
	} __attribute__ ((__packed__)) data;
} __attribute__ ((__packed__)) ATTR_RECORD;

typedef ATTR_RECORD ATTR_REC;

/*
 * File attribute flags (32-bit).
 */
typedef enum {
	/*
	 * These flags are only present in the STANDARD_INFORMATION attribute
	 * (in the field file_attributes).
	 */
	FILE_ATTR_READONLY		= const_cpu_to_le32(0x00000001),
	FILE_ATTR_HIDDEN		= const_cpu_to_le32(0x00000002),
	FILE_ATTR_SYSTEM		= const_cpu_to_le32(0x00000004),
	/* Old DOS volid. Unused in NT.	= cpu_to_le32(0x00000008), */

	FILE_ATTR_DIRECTORY		= const_cpu_to_le32(0x00000010),
	/* FILE_ATTR_DIRECTORY is not considered valid in NT. It is reserved
	   for the DOS SUBDIRECTORY flag. */
	FILE_ATTR_ARCHIVE		= const_cpu_to_le32(0x00000020),
	FILE_ATTR_DEVICE		= const_cpu_to_le32(0x00000040),
	FILE_ATTR_NORMAL		= const_cpu_to_le32(0x00000080),

	FILE_ATTR_TEMPORARY		= const_cpu_to_le32(0x00000100),
	FILE_ATTR_SPARSE_FILE		= const_cpu_to_le32(0x00000200),
	FILE_ATTR_REPARSE_POINT		= const_cpu_to_le32(0x00000400),
	FILE_ATTR_COMPRESSED		= const_cpu_to_le32(0x00000800),

	FILE_ATTR_OFFLINE		= const_cpu_to_le32(0x00001000),
	FILE_ATTR_NOT_CONTENT_INDEXED	= const_cpu_to_le32(0x00002000),
	FILE_ATTR_ENCRYPTED		= const_cpu_to_le32(0x00004000),

	FILE_ATTR_VALID_FLAGS		= const_cpu_to_le32(0x00007fb7),
	/* FILE_ATTR_VALID_FLAGS masks out the old DOS VolId and the
	   FILE_ATTR_DEVICE and preserves everything else. This mask
	   is used to obtain all flags that are valid for reading. */
	FILE_ATTR_VALID_SET_FLAGS	= const_cpu_to_le32(0x000031a7),
	/* FILE_ATTR_VALID_SET_FLAGS masks out the old DOS VolId, the
	   F_A_DEVICE, F_A_DIRECTORY, F_A_SPARSE_FILE, F_A_REPARSE_POINT,
	   F_A_COMPRESSED and F_A_ENCRYPTED and preserves the rest. This mask
	   is used to to obtain all flags that are valid for setting. */

	/*
	 * These flags are only present in the FILE_NAME attribute (in the
	 * field file_attributes).
	 */
	FILE_ATTR_DUP_FILE_NAME_INDEX_PRESENT	= const_cpu_to_le32(0x10000000),
	/* This is a copy of the corresponding bit from the mft record, telling
	   us whether this is a directory or not, i.e. whether it has an
	   index root attribute or not. */
	FILE_ATTR_DUP_VIEW_INDEX_PRESENT	= const_cpu_to_le32(0x20000000),
	/* This is a copy of the corresponding bit from the mft record, telling
	   us whether this file has a view index present (eg. object id index,
	   quota index, one of the security indexes or the encrypting file
	   system related indexes). */
} FILE_ATTR_FLAGS;

/*
 * NOTE on times in NTFS: All times are in MS standard time format, i.e. they
 * are the number of 100-nanosecond intervals since 1st January 1601, 00:00:00
 * universal coordinated time (UTC). (In Linux time starts 1st January 1970,
 * 00:00:00 UTC and is stored as the number of 1-second intervals since then.)
 */

/*
 * Attribute: Standard information (0x10).
 *
 * NOTE: Always resident.
 * NOTE: Present in all base file records on a volume.
 * NOTE: There is conflicting information about the meaning of each of the time
 * 	 fields but the meaning as defined below has been verified to be
 * 	 correct by practical experimentation on Windows NT4 SP6a and is hence
 * 	 assumed to be the one and only correct interpretation.
 */
typedef struct {
/*Ofs*/
/*  0*/	s64 creation_time;		/* Time file was created. Updated when
					   a filename is changed(?). */
/*  8*/	s64 last_data_change_time;	/* Time the data attribute was last
					   modified. */
/* 16*/	s64 last_mft_change_time;	/* Time this mft record was last
					   modified. */
/* 24*/	s64 last_access_time;		/* Approximate time when the file was
					   last accessed (obviously this is not
					   updated on read-only volumes). In
					   Windows this is only updated when
					   accessed if some time delta has
					   passed since the last update. Also,
					   last access times updates can be
					   disabled altogether for speed. */
/* 32*/	FILE_ATTR_FLAGS file_attributes; /* Flags describing the file. */
/* 36*/	union {
	/* NTFS 1.2 */
		struct {
		/* 36*/	u8 reserved12[12];	/* Reserved/alignment to 8-byte
						   boundary. */
		} __attribute__ ((__packed__)) v1;
	/* sizeof() = 48 bytes */
	/* NTFS 3.x */
		struct {
/*
 * If a volume has been upgraded from a previous NTFS version, then these
 * fields are present only if the file has been accessed since the upgrade.
 * Recognize the difference by comparing the length of the resident attribute
 * value. If it is 48, then the following fields are missing. If it is 72 then
 * the fields are present. Maybe just check like this:
 * 	if (resident.ValueLength < sizeof(STANDARD_INFORMATION)) {
 * 		Assume NTFS 1.2- format.
 * 		If (volume version is 3.x)
 * 			Upgrade attribute to NTFS 3.x format.
 * 		else
 * 			Use NTFS 1.2- format for access.
 * 	} else
 * 		Use NTFS 3.x format for access.
 * Only problem is that it might be legal to set the length of the value to
 * arbitrarily large values thus spoiling this check. - But chkdsk probably
 * views that as a corruption, assuming that it behaves like this for all
 * attributes.
 */
		/* 36*/	u32 maximum_versions;	/* Maximum allowed versions for
				file. Zero if version numbering is disabled. */
		/* 40*/	u32 version_number;	/* This file's version (if any).
				Set to zero if maximum_versions is zero. */
		/* 44*/	u32 class_id;		/* Class id from bidirectional
				class id index (?). */
		/* 48*/	u32 owner_id;		/* Owner_id of the user owning
				the file. Translate via $Q index in FILE_Extend
				/$Quota to the quota control entry for the user
				owning the file. Zero if quotas are disabled. */
		/* 52*/	u32 security_id;	/* Security_id for the file.
				Translate via $SII index and $SDS data stream
				in FILE_Secure to the security descriptor. */
		/* 56*/	u64 quota_charged;	/* Byte size of the charge to
				the quota for all streams of the file. Note: Is
				zero if quotas are disabled. */
		/* 64*/	u64 usn;		/* Last update sequence number
				of the file. This is a direct index into the
				change (aka usn) journal file. It is zero if
				the usn journal is disabled.
				NOTE: To disable the journal need to delete
				the journal file itself and to then walk the
				whole mft and set all Usn entries in all mft
				records to zero! (This can take a while!)
				The journal is FILE_Extend/$UsnJrnl. Win2k
				will recreate the journal and initiate
				logging if necessary when mounting the
				partition. This, in contrast to disabling the
				journal is a very fast process, so the user
				won't even notice it. */
		} __attribute__ ((__packed__)) v3;
	/* sizeof() = 72 bytes (NTFS 3.x) */
	} __attribute__ ((__packed__)) ver;
} __attribute__ ((__packed__)) STANDARD_INFORMATION;

/*
 * Attribute: Attribute list (0x20).
 *
 * - Can be either resident or non-resident.
 * - Value consists of a sequence of variable length, 8-byte aligned,
 * ATTR_LIST_ENTRY records.
 * - The list is not terminated by anything at all! The only way to know when
 * the end is reached is to keep track of the current offset and compare it to
 * the attribute value size.
 * - The attribute list attribute contains one entry for each attribute of
 * the file in which the list is located, except for the list attribute
 * itself. The list is sorted: first by attribute type, second by attribute
 * name (if present), third by instance number. The extents of one
 * non-resident attribute (if present) immediately follow after the initial
 * extent. They are ordered by lowest_vcn and have their instace set to zero.
 * It is not allowed to have two attributes with all sorting keys equal.
 * - Further restrictions:
 * 	- If not resident, the vcn to lcn mapping array has to fit inside the
 * 	  base mft record.
 * 	- The attribute list attribute value has a maximum size of 256kb. This
 * 	  is imposed by the Windows cache manager.
 * - Attribute lists are only used when the attributes of mft record do not
 * fit inside the mft record despite all attributes (that can be made
 * non-resident) having been made non-resident. This can happen e.g. when:
 *  	- File has a large number of hard links (lots of file name
 *  	  attributes present).
 *  	- The mapping pairs array of some non-resident attribute becomes so
 *	  large due to fragmentation that it overflows the mft record.
 *  	- The security descriptor is very complex (not applicable to
 *  	  NTFS 3.0 volumes).
 *  	- There are many named streams.
 */
typedef struct {
/*Ofs*/
/*  0*/	ATTR_TYPES type;	/* Type of referenced attribute. */
/*  4*/	u16 length;		/* Byte size of this entry (8-byte aligned). */
/*  6*/	u8 name_length;		/* Size in Unicode chars of the name of the
				   attribute or 0 if unnamed. */
/*  7*/	u8 name_offset;		/* Byte offset to beginning of attribute name
				   (always set this to where the name would
				   start even if unnamed). */
/*  8*/	VCN lowest_vcn;		/* Lowest virtual cluster number of this portion
				   of the attribute value. This is usually 0. It
				   is non-zero for the case where one attribute
				   does not fit into one mft record and thus
				   several mft records are allocated to hold
				   this attribute. In the latter case, each mft
				   record holds one extent of the attribute and
				   there is one attribute list entry for each
				   extent. NOTE: This is DEFINITELY a signed
				   value! The windows driver uses cmp, followed
				   by jg when comparing this, thus it treats it
				   as signed. */
/* 16*/	MFT_REF mft_reference;	/* The reference of the mft record holding
				   the ATTR_RECORD for this portion of the
				   attribute value. */
/* 24*/	u16 instance;		/* If lowest_vcn = 0, the instance of the
				   attribute being referenced; otherwise 0. */
/* 26*/	uchar_t name[0];	/* Use when creating only. When reading use
				   name_offset to determine the location of the
				   name. */
/* sizeof() = 26 + (attribute_name_length * 2) bytes */
} __attribute__ ((__packed__)) ATTR_LIST_ENTRY;

/*
 * The maximum allowed length for a file name.
 */
#define MAXIMUM_FILE_NAME_LENGTH	255

/*
 * Possible namespaces for filenames in ntfs (8-bit).
 */
typedef enum {
	FILE_NAME_POSIX			= 0x00,
		/* This is the largest namespace. It is case sensitive and
		   allows all Unicode characters except for: '\0' and '/'.
		   Beware that in WinNT/2k files which eg have the same name
		   except for their case will not be distinguished by the
		   standard utilities and thus a "del filename" will delete
		   both "filename" and "fileName" without warning. */
	FILE_NAME_WIN32			= 0x01,
		/* The standard WinNT/2k NTFS long filenames. Case insensitive.
		   All Unicode chars except: '\0', '"', '*', '/', ':', '<',
		   '>', '?', '\' and '|'. Further, names cannot end with a '.'
		   or a space. */
	FILE_NAME_DOS			= 0x02,
		/* The standard DOS filenames (8.3 format). Uppercase only.
		   All 8-bit characters greater space, except: '"', '*', '+',
		   ',', '/', ':', ';', '<', '=', '>', '?' and '\'. */
	FILE_NAME_WIN32_AND_DOS		= 0x03,
		/* 3 means that both the Win32 and the DOS filenames are
		   identical and hence have been saved in this single filename
		   record. */
} __attribute__ ((__packed__)) FILE_NAME_TYPE_FLAGS;

/*
 * Attribute: Filename (0x30).
 *
 * NOTE: Always resident.
 * NOTE: All fields, except the parent_directory, are only updated when the
 *	 filename is changed. Until then, they just become out of sync with
 *	 reality and the more up to date values are present in the standard
 *	 information attribute.
 * NOTE: There is conflicting information about the meaning of each of the time