1

I need a simple, lightweight way to read the NTFS MFT on a Windows server, using only C. My goal is to return a collection of directories and their permissions in a programmatic way for an application my company is building.

Every other answer I've researched on StackOverflow and other places have involved using C++ or other languages, and are typically very bloated. I'm pretty sure that what I want can be done in just a few lines of code, using the Windows API to call CreateFile (to get a handle to the root volume) and DeviceIoControl (to read the MFT). But I can't find a simple C solution for doing this.

Note that, although I've been a C#/.NET developer for many years (and also know other languages including Java and Python), I am fairly new to low-level C programming and Windows API calls. I also realize that there is a free too, Mft2Csv, that does exactly this. But the actual source code isn't available for me to reverse-engineer (GitHub has only the executable and supporting files).

I also realize I could just parse the directory tree using C# the .NET namespaces System.IO and System.Security.AccessControl. But this is way too slow for my purposes.

Cade Bryant
  • 737
  • 2
  • 7
  • 19
  • Seen [How do we access MFT through C#](https://stackoverflow.com/questions/21661798/how-do-we-access-mft-through-c-sharp/45646777#45646777) ? Quite a lot of work is required to do this, I would not really think that a C implementation would be simpler than one in C++/#. – Alex K. Jan 08 '19 at 17:01
  • I've tried the instructions in https://stackoverflow.com/questions/21661798/how-do-we-access-mft-through-c-sharp/45646777#45646777 but kept running into permissions errors, even when I ran the code with elevated admin privileges. – Cade Bryant Jan 08 '19 at 17:14
  • Parsing the directory tress is not only slow...it's potentially problematic in that you can find yourself in a recursive traversal because of symbolic links. Reading the MFT is simply a pain in the neck, but it's way fast. The code in the above-mentioned answer can read the MFT in a couple of seconds. Any permissions issue may be because you have to assert some privileges in addition to being an admin. – Clay Jan 08 '19 at 18:50
  • @AlexK. I tried again using the code in [How do we access MFT through C#](https://stackoverflow.com/questions/21661798/how-do-we-access-mft-through-c-sharp/45646777#45646777) But still get a Windows error 5 (access denied). – Cade Bryant Jan 08 '19 at 19:39

0 Answers0