尝试从Python 3获取MFT表 [英] Trying to get MFT table from Python 3

问题描述

我尝试从python从本地磁盘读取MFT表.当然，如果我写这样的话:

I try to read MFT table from my local disk from python. Of course, if I write something like this:

input_file = open('C:\$MFT', "rb")

我会得到

[Errno 13]权限被拒绝:'C:\ $ MFT'

[ Errno 13] Permission denied: 'C:\$MFT'

我尝试使用pyMFTGrabber，但是它不起作用；我遇到了很多"socket.errors".

I tried to use pyMFTGrabber, but it doesn't work; I got a lot of "socket.errors".

使用Python读取此文件的最佳简便方法是什么?
也许是某些WinAPI或其他? 阅读后，我想用"analyzeMFT"

What the best and easy way to read this file, using Python?
Maybe it is some WinAPI, or something else? After reading I want to analyze it with "analyzeMFT"

推荐答案

使用python相当麻烦，因为它不是完全底层的.

It's rather painful with python, since it's not exactly low-level.

我认为您应该从此开始:

I think you should start with this though:

L"\\?\ C:\ $ MFT" 是您需要在MS的VC ++ API中使用的名称空间，以便创建MFT的句柄.

L"\\?\C:\$MFT" is the namespace you need to use in MS's VC++ API in order to create a handle to the MFT.

您应该考虑浏览您提到的抓取器的源代码 pyMFTGrabber 并向下滚动至底部，它向您展示了作者如何访问文件(看起来准确-读取扇区而不是尝试直接访问$ MFT，并且注释也不错).如果您阅读了该项目的详细信息，则说明它是从实时系统中检索NTFS文件系统的主文件表(MFT)记录的脚本."

You should consider looking through the source code of the grabber you mentioned pyMFTGrabber and scroll down to the bottom and it shows you how the author accessed the file (it looks accurate - reads sectors instead of trying to directly access $MFT, and it looks pretty well commented too). If you read the details of the project, it says that it is a 'Script to retrieve the Master File Table (MFT) record for an NTFS file system from a live system.'

这篇关于尝试从Python 3获取MFT表的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！