Calling FSCTL_CREATE_OR_GET_OBJECT_ID from Python

StackOverflow https://stackoverflow.com/questions/21812523

Question

I'm trying to get NTFS object IDs to use in a Python backup program. I'm in way over my head, but managed to create a function that returns... something.

import sys
import win32file
import winioctlcon


def object_id(filename):
    """
    NTFS OBJECT_ID
    """
    fhandle = win32file.CreateFileW(
        # FileName
        filename,

        # DesiredAccess
        win32file.GENERIC_READ,

        # ShareMode
        win32file.FILE_SHARE_READ | win32file.FILE_SHARE_WRITE,

        # SecurityAttributes
        None,

        # CreationDisposition
        win32file.OPEN_EXISTING,

        # FlagsAndAttributes
        0
        )

    obj_id = win32file.DeviceIoControl(
        # Device : PyHANDLE
        # Handle to a file, device, or volume
        fhandle,

        # IoControlCode : int
        # IOControl Code to use, from winioctlcon
        winioctlcon.FSCTL_CREATE_OR_GET_OBJECT_ID,

        # InBuffer : str/buffer
        # The input data for the operation, can be None for some operations.
        None,

        # OutBuffer : int/buffer
        # Size of the buffer to allocate for output, or a writeable buffer as
        # returned by win32file::AllocateReadBuffer.
        64,

        # Overlapped=None : PyOVERLAPPED An overlapped object for async
        # operations. Device handle must have been opened with
        # FILE_FLAG_OVERLAPPED.
        None
        )
    fhandle.Close()
    return obj_id

Some sample output from calling this function is a str like, "↑·∟âkòπ◄êδ %dΘπ╧hMêc▌Æ╧J¿/╧y╠┘ôπ↑·∟âkòπ◄êδ %dΘπ╧". That would be fine for the purposes of my program, as long as it's consistent for each file I'm backing up. But am I doing anything horribly wrong here? Ideally I'd like to implement this as correctly as possible.

Was it helpful?

Solution 2

Using binascii.hexify() on the output str from my question yields: "18fa1c836b95e31188eb002564e9e3cf684d8863dd92cf4aa82fcf79ccd993e318fa1c836b95e31188eb002564e9e3cf00000000000000000000000000000000". This is the same result as:

C:\Windows\system32>fsutil.exe objectid query "myfile.txt"
Object ID :        18fa1c836b95e31188eb002564e9e3cf
BirthVolume ID :   684d8863dd92cf4aa82fcf79ccd993e3
BirthObjectId ID : 18fa1c836b95e31188eb002564e9e3cf
Domain ID :        00000000000000000000000000000000

So I have independent verification from fsutil.exe that my Python function is producing the right output.

I still don't know whether the Windows functions were used absolutely correctly, and would appreciate any corrections if they weren't.

OTHER TIPS

Yes. This is 100% valid.

You are returns three OBJECT_ID:

Object ID: 3FB73FE2-6BF2-3F3F-EA3F-2025643F3F3F

Birth Volume ID: 684DEA63-A6C6-2D4A-BF2F-2D79A62BF470

Birth Object ID: 3FB73FE2-6BF2-3F3F-EA3F-2025643F3F3F

This output is as expected. :)

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top