Skip to content

Latest commit

 

History

History
12 lines (10 loc) · 592 Bytes

README.md

File metadata and controls

12 lines (10 loc) · 592 Bytes

DumpReparsePoints

This is a simple tool to dump all the reparse points on an NTFS volume.

It uses the \\$Extend\\$Reparse directory which can then be queried using NtQueryDirectoryFile and the FileReparsePointInformation info class to enumerate all reparse points on the volume without actually recursively interating through all files and directories. You need to run this tool as an Administrator.

Some filter drivers will actively remove their reparse tags so it's possible that not everything will be visible but it'll identity standard tags such as MOUNT_POINT and SYMLINK.