c# - Treesize 可以看到它无权访问的文件夹和文件

Question

我在我的一台工作机器上运行的程序有问题。

Treesize pro 是一个程序，它将扫描一个区域(C:\、\\nasdrive\home 等)并为您提供 TreeView 以及该区域的其他信息。

现在我在一个具有管理员权限的帐户上运行这个程序，当我吃午饭时，它会弹出用户帐户控制。

但是，如果我搜索我的管理员帐户无权访问的区域(有几个)，它将正常工作并向我显示文件、文件夹、大小、修改和创建日期的所有信息。我无法打开文件，但我可以看到它们的名称并进入子文件夹。如果我在资源管理器中尝试这个，我会得到 access denied .

我尝试使用我编写的 C# 脚本来执行此操作，但是如果我尝试执行 Directory.getDirectories();和 Directory.GetFiles();但即使我以管理员身份运行我的程序(右键单击以管理员身份运行)它也会给 access denied Catch 块中的命令。

我真的很想知道 Treesize 如何设法列出我的帐户无权访问的文件夹、子文件夹和文件。

谢谢

Answer 1

TreeSize 通过 NTFS 备份 API 读取数据(参见 https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories)。
从 treesize 的注释中:
https://manuals.jam-software.de/treesize/EN/notesonntfs.html

Access Control ListsThe way users can access files and folders can be restricted. One can grant or deny other users or groups certain rights [...]. That way one can even deny administrators to access files and folders. If an administrator tries to access a folder in the Windows Explorer to which the owner denied any other users reading access, an "Access Denied" error message will be displayed. However, TreeSize is able to scan such folders, if you are logged in as administrator or as a user that has the right to perform backups (This option can be changed at "Control Panel > Administrative Tools > Local Security Policy" and with the user editor of Windows).

访问权限的深入研究可以在 https://docs.microsoft.com/en-us/windows/win32/fileio/file-security-and-access-rights 中找到。

The SE_BACKUP_NAME and SE_RESTORE_NAME access privileges were specifically created to provide this ability to backup applications. If these privileges have been granted and enabled in the access token of the backup application process, it can then call CreateFile to open your file or directory for backup, specifying the standard READ_CONTROL access right as the value of the dwDesiredAccess parameter. However, to identify the calling process as a backup process, the call to CreateFile must include the FILE_FLAG_BACKUP_SEMANTICS flag in the dwFlagsAndAttributes parameter. This will allow the backup application process to open your file and override the standard security checking.

HANDLE hFile = CreateFile( fileName,                   // lpFileName
                       READ_CONTROL,               // dwDesiredAccess
                       0,                          // dwShareMode
                       NULL,                       // lpSecurityAttributes
                       OPEN_EXISTING,              // dwCreationDisposition
                       FILE_FLAG_BACKUP_SEMANTICS, // dwFlagsAndAttributes
                       NULL );                     // hTemplateFile

你可以找到更多信息

https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-backupread

https://docs.microsoft.com/en-us/windows/win32/backup/creating-a-backup-application