读取USN日记给出错误1784
[英]Reading the USN journal gives error 1784
问题描述
I want to read the Windows USN (file system) journal using the Java JNA library. 
我想使用Java JNA库阅读Windows USN(文件系统)日志。 I can open a handle to the drive and query the journal info. 我可以打开驱动器的句柄并查询日志信息。 But when I try to read the journal data (FSCTL_READ_USN_JOURNAL) I get error 1784 (The supplied user buffer is not valid for the requested operation). 但是,当我尝试读取日志数据(FSCTL_READ_USN_JOURNAL)时,出现错误1784(提供的用户缓冲区对于请求的操作无效)。 Windows 7/64, JNA version 4.5.1, java 8/32. Windows 7/64,JNA版本4.5.1,Java 8/32。 I tried the same using C++, and it worked just fine. 我使用C ++进行了相同的尝试,并且效果很好。
import java.io.IOException;
import java.util.List;
import com.sun.jna.Memory;
import com.sun.jna.Structure;
import com.sun.jna.platform.win32.Kernel32;
import com.sun.jna.platform.win32.Kernel32Util;
import com.sun.jna.platform.win32.WinNT;
import com.sun.jna.platform.win32.Winioctl;
import com.sun.jna.platform.win32.WinioctlUtil;
import com.sun.jna.ptr.IntByReference;
public class NtfsUsnJournal2
{
public static void main(String[] args)
{
try
{
WinNT.HANDLE hDevice = openDisk('C');
try
{
USN_JOURNAL_INFO_V0 journalInfo = queryJournal(hDevice);
System.out.println(journalInfo);
//
Memory buffer = new Memory(4096);
buffer.clear();
IntByReference numBytesReturned = new IntByReference(0);
READ_USN_JOURNAL_DATA_V0 journalData = new READ_USN_JOURNAL_DATA_V0();
journalData.clear();
journalData.ReasonMask = 0xFFFFFFFF;
journalData.UsnJournalID = journalInfo.UsnJournalID;
journalData.write();
System.out.println(journalData);
boolean ok = Kernel32.INSTANCE.DeviceIoControl(hDevice,
FSCTL_READ_USN_JOURNAL, // = 590011
journalData.getPointer(),journalData.size(),
buffer.getPointer(0),(int)buffer.size(),
numBytesReturned,null);
if( !ok )
{
System.out.println("ERROR "+Kernel32.INSTANCE.GetLastError()+" "+Kernel32Util.getLastErrorMessage());
return;
}
System.out.println(numBytesReturned.getValue());
System.out.println(buffer.getInt(8));
}
finally
{
Kernel32.INSTANCE.CloseHandle(hDevice);
}
}
catch( Exception e )
{
e.printStackTrace();
}
}
static USN_JOURNAL_INFO_V0 queryJournal(WinNT.HANDLE hDevice) throws IOException
{
USN_JOURNAL_INFO_V0 journalInfo = new USN_JOURNAL_INFO_V0();
journalInfo.clear();
//
IntByReference numBytesReturned = new IntByReference(0);
boolean ok = Kernel32.INSTANCE.DeviceIoControl(hDevice,
FSCTL_QUERY_USN_JOURNAL,null,0,
journalInfo.getPointer(),journalInfo.size(),
numBytesReturned,null);
if( !ok )
{
throw new IOException(
"ERROR "+Kernel32.INSTANCE.GetLastError()+": "+Kernel32Util.getLastErrorMessage());
}
journalInfo.read();
return journalInfo;
}
static WinNT.HANDLE openDisk(char drive)
{
return Kernel32.INSTANCE.CreateFile("\\\\.\\"+drive+":",
WinNT.GENERIC_READ|WinNT.GENERIC_WRITE,
WinNT.FILE_SHARE_READ|WinNT.FILE_SHARE_WRITE,null,WinNT.OPEN_EXISTING,0,null);
}
static public class USN_JOURNAL_INFO_V0 extends Structure
{
public static final List<String> FIELDS = createFieldsOrder(
"UsnJournalID","FirstUsn","NextUsn","LowestValidUsn","MaxUsn","MaximumSize","AllocationDelta");
protected List<String> getFieldOrder() { return FIELDS; }
//
public long UsnJournalID;
public long FirstUsn;
public long NextUsn;
public long LowestValidUsn;
public long MaxUsn;
public long MaximumSize;
public long AllocationDelta;
}
static public class READ_USN_JOURNAL_DATA_V0 extends Structure
{
public static final List<String> FIELDS = createFieldsOrder(
"StartUsn","ReasonMask","ReturnOnlyOnClose","Timeout","BytesToWaitFor","UsnJournalID");
protected List<String> getFieldOrder() { return FIELDS; }
//
public long StartUsn;
public int ReasonMask;
public int ReturnOnlyOnClose;
public long Timeout;
public long BytesToWaitFor;
public long UsnJournalID;
}
static final int FSCTL_QUERY_USN_JOURNAL =
WinioctlUtil.CTL_CODE(Winioctl.FILE_DEVICE_FILE_SYSTEM, 61,
Winioctl.METHOD_BUFFERED,Winioctl.FILE_ANY_ACCESS);
static final int FSCTL_READ_USN_JOURNAL =
WinioctlUtil.CTL_CODE(Winioctl.FILE_DEVICE_FILE_SYSTEM, 46,
Winioctl.METHOD_NEITHER,Winioctl.FILE_ANY_ACCESS);
}
1 个解决方案
解决方案1
0 2018-08-30 08:15:38
Memory extends Pointer, not need getPointer 内存扩展了Pointer,不需要getPointer
boolean ok = Kernel32.INSTANCE.DeviceIoControl(hDevice,
FSCTL_READ_USN_JOURNAL, // = 590011
journalData.getPointer(),journalData.size(),
buffer,(int)buffer.size(),
numBytesReturned,null);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
读取已经训练有素的SMO模型会产生StreamoutofException错误 - Reading Already Trained SMO Model Gives StreamoutofException Error
读取程序的值为0 - Reading programs gives values of 0
读取文本文件会导致访问被拒绝错误 - 也尝试授予文件夹权限 - Reading a text file gives access denied error -Tried giving permissions to folder as well
从文件中读取数据会出错,提示系统找不到指定的文件 - Reading a data from file gives error says the system cannot find the file specified
从pdf文件读取特定位置的itext在intellij中运行,并提供所需的输出,但是可执行jar抛出错误 - itext reading specific location from pdf file runs in intellij and gives desired output but executable jar throws error
读取Avro文件会产生AvroTypeException:缺少必需的字段错误(即使新字段在架构中声明为null) - Reading Avro file gives AvroTypeException: missing required field error (even though the new field is declared null in schema)
读入文本文件给出ArrayIndexOutOfBoundsException - Reading in text file gives ArrayIndexOutOfBoundsException
Evernote初始同步中的USN值较大 - Large USN value in Evernote initial sync
在Windows中使用Java读取UTF-8格式的xml -file会给出“ IOException:2字节UTF-8序列的无效字节2。” -error - Reading xml -file in UTF-8 format in Windows with Java gives “IOException: Invalid byte 2 of 2-byte UTF-8 sequence.” -error
Apache Cassandra读取数据给出ReadFailureException - Apache Cassandra reading data gives ReadFailureException
相关标签