File Submitter: joakim
File Submitted: 01 Jun 2013
File Category: Tools
This tool is a powerful low level dir command specialized for NTFS volumes. It parse and resolve NTFS independently and completely on its own. Technically it resolve and print information decoded from INDX records (of $I30 type). But to get that far, you obviously also must parse $MFT. It has 2 modes, one verbose and one slim output. This tool will print every file (or folder) in a folder, no matter how hidden it is on the filesystem. Actually what you see in the verbose mode, is everything that is possible to get from $I30 INDX records. $INDEX_ROOT attribute is also decoded, and is a sort of a resident INDX records.
Usage:
RawDir.exe mode path
- mode can be 1 or 2. 1 is verbose output. 2 is more compact output.
- path is the path to perform directory listing on.
Example printing verbose output on the path C:\tmp
RawDir.exe 1 C:\tmp
Example printing compact output on the root of the C: volume
RawDir.exe 2 C:\
Click here to download this file
