Menu
I'm currently using FindFirstFile, FindNextFile API to recursively iterate through directories for searching files based on a given criteria. I noticed that "dir /s" command gives better performance than my program. I'm tried checking out the events in process monitor and it looks like cmd.exe/dir command is directly querying the disk device driver. Is there any way I can achieve some thing similar with DeviceIOControl() ?. I'm very new to device drivers though not new to programming. Attaching procmon output for reference:
Regards,
630
Use FindFirstFile and FindNextFile. That's the API, using DeviceIOControl directly is either a mess or not possible (don't know exactly).
Have you tried FindFirstFileEx and it's FIND_FIRST_EX_LARGE_FETCH flag and FindExInfoBasic info level?
182
You can call ZwQueryDirectoryFile directly. Going further down to the driver level would require sending a bunch of IRPs and would probably be an overkill.
2
"dir /s" is using FindFirst/Next. It doesn't do any special magic to enumerate the files.
QueryDirectory appears to be how Procmon exposes what FindFirst/Next does to get its data from the file system.
2
http://ntfs-search.sourceforge.net/
It works well. And faster.
It opens a volume, and parses directly.
But it only works on NTFS.
1
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
