I am newbie in Pinvoke. I want get mft after I find root when I can access directories.
I want to use DeviceIoControl such as the code below:
BOOL DeviceIoControl(
(HANDLE) hDevice, // handle to device
FSCTL_GET_NTFS_VOLUME_DATA, // dwIoControlCode
NULL, // lpInBuffer
0, // nInBufferSize
(LPVOID) lpOutBuffer, // output buffer
(DWORD) nOutBufferSize, // size of output buffer
(LPDWORD) lpBytesReturned, // number of bytes returned
(LPOVERLAPPED) lpOverlapped // OVERLAPPED structure
);
I don't known what value of FSCTL_GET_NTFS_VOLUME_DATA.
The documentation lists WinIoCtl.h as being the relevant header. When we look there at the macro declaration we see:
#define FSCTL_GET_NTFS_VOLUME_DATA \
CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS)
Which leaves us with a little work to do. The lazy way to do this is to write a program to emit the value:
#include <Windows.h>
#include <iostream>
#include <iomanip>
int main()
{
DWORD code = FSCTL_GET_NTFS_VOLUME_DATA;
std::cout << "0x" << std::hex << std::setfill('0') << std::setw(8) << code;
return 0;
}
And this outputs our desired value:
0x00090064