数据隔离>> TxF>> 返回
项目作者: lorenzoinvidia

项目描述 :
PoCs about Transactional NTFS
高级语言: C++
项目地址: git://github.com/lorenzoinvidia/TxF.git
创建时间: 2020-08-03T15:16:46Z
项目社区:https://github.com/lorenzoinvidia/TxF
开源协议:
下载


TxF

PoCs about Transactional NTFS

TL;DR

Transactional NTFS (TxF) introduces atomicity in file operations on an NTFS file system volume. These run within transactions, protecting data integrity and rollbacking the operations across any failure.

TxF binds a file handle to a transaction: in this way, API function working on handles like ReadFile or WriteFile run without any change.
However, APIs expecting file names have their counterpart, e.g.

CreateFile -> CreateFileTransacted

CreateDirectory -> CreateDirectoryTransacted

TxF provides isolation. A file or directory created within a transaction is not visible to anything outside the current transaction. Likewise, file updates are not seen outside the transaction, even from AVs.

After a file is locked by a transaction, other file system operations external to the locking transaction that try to modify the transactionally locked file will fail with either ERROR_SHARING_VIOLATION or ERROR_TRANSACTIONAL_CONFLICT.

Moreover, any attempt to create a file with the same name fails with the error ERROR_TRANSACTIONAL_CONFLICT, effectively reserving the file name for when the transaction commits or is rolled back.

Getting started

  1. Create a transaction by calling CreateTransaction
    ```cpp
    HANDLE hTr = CreateTransaction(
    NULL, // No inheritance
    0, // Reserved
    TRANSACTION_DO_NOT_PROMOTE, // The transaction cannot be distributed
    0, // Reserved
    0, // Reserved
    0, // Abort after timeout (ms), 0 = infinite
    (LPWSTR)DESC // Description
    );

if (hTr == INVALID_HANDLE_VALUE) {
cout << “CreateTransaction failed with err: “ << GetLastError() << endl;
return EXIT_FAILURE;
}

  2. 2. Get transacted file handle(s) by calling [CreateFileTransacted](https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createfiletransacteda)
  3. ```cpp
  4. HANDLE hTrFile = CreateFileTransactedA(
  5.     "C:\\Users\\t\\Desktop\\TrFile.txt",    // Path
  6.     GENERIC_READ | GENERIC_WRITE,        // R+W
  7.     0,                    // Do not share
  8.     NULL,                    // Default security
  9.     CREATE_ALWAYS,                // Overwrite if file exists
  10.     FILE_ATTRIBUTE_NORMAL,            // Normal file
  11.     NULL,                    // No template file
  12.     hTr,                    // Transaction handle
  13.     NULL,                    // Miniversion (?)
  14.     NULL                    // Reserved
  15. );
  17. if (hTrFile == INVALID_HANDLE_VALUE) {
  18.     cout << "CreateFile failed with err: " << GetLastError() << endl;
  19.     return EXIT_FAILURE;
  20. }
  1. Modify the file(s) as necessary e.g. with WriteFile
  2. Close all transacted file handles associated with the transaction
    1. CloseHandle(hTrFile);
  3. Commit or abort the transaction
    1. CommitTransaction(hTr);
  4. Close transaction handle
    1. CloseHandle(hTr);

Ref. https://docs.microsoft.com/en-us/windows/win32/fileio/transactional-ntfs-portal