Search code examples
pythonwindowsbackupntfspywin32

Calling FSCTL_CREATE_OR_GET_OBJECT_ID from Python

I'm trying to get NTFS object IDs to use in a Python backup program. I'm in way over my head, but managed to create a function that returns... something.

import sys
import win32file
import winioctlcon


def object_id(filename):
    """
    NTFS OBJECT_ID
    """
    fhandle = win32file.CreateFileW(
        # FileName
        filename,

        # DesiredAccess
        win32file.GENERIC_READ,

        # ShareMode
        win32file.FILE_SHARE_READ | win32file.FILE_SHARE_WRITE,

        # SecurityAttributes
        None,

        # CreationDisposition
        win32file.OPEN_EXISTING,

        # FlagsAndAttributes
        0
        )

    obj_id = win32file.DeviceIoControl(
        # Device : PyHANDLE
        # Handle to a file, device, or volume
        fhandle,

        # IoControlCode : int
        # IOControl Code to use, from winioctlcon
        winioctlcon.FSCTL_CREATE_OR_GET_OBJECT_ID,

        # InBuffer : str/buffer
        # The input data for the operation, can be None for some operations.
        None,

        # OutBuffer : int/buffer
        # Size of the buffer to allocate for output, or a writeable buffer as
        # returned by win32file::AllocateReadBuffer.
        64,

        # Overlapped=None : PyOVERLAPPED An overlapped object for async
        # operations. Device handle must have been opened with
        # FILE_FLAG_OVERLAPPED.
        None
        )
    fhandle.Close()
    return obj_id

Some sample output from calling this function is a str like, "↑·∟âkòπ◄êδ %dΘπ╧hMêc▌Æ╧J¿/╧y╠┘ôπ↑·∟âkòπ◄êδ %dΘπ╧". That would be fine for the purposes of my program, as long as it's consistent for each file I'm backing up. But am I doing anything horribly wrong here? Ideally I'd like to implement this as correctly as possible.

Solution

  • Using binascii.hexify() on the output str from my question yields: "18fa1c836b95e31188eb002564e9e3cf684d8863dd92cf4aa82fcf79ccd993e318fa1c836b95e31188eb002564e9e3cf00000000000000000000000000000000". This is the same result as:

    C:\Windows\system32>fsutil.exe objectid query "myfile.txt"
Object ID :        18fa1c836b95e31188eb002564e9e3cf
BirthVolume ID :   684d8863dd92cf4aa82fcf79ccd993e3
BirthObjectId ID : 18fa1c836b95e31188eb002564e9e3cf
Domain ID :        00000000000000000000000000000000

    So I have independent verification from fsutil.exe that my Python function is producing the right output.

    I still don't know whether the Windows functions were used absolutely correctly, and would appreciate any corrections if they weren't.