When the MFT is too large to fix in one entry, the second $DATA stream
VCN is stored in another MFT entry and an ATTRIBUTE_LIST points to
it. There was a bug where the second VCN was added without applying
suitable fixups and therefore the runlist was sometimes corrupted.
This PR adds more debugging and visibility to allow tracking the
physical sector on the disk where a file resides. There is also a
"check" command added to run a host of sanity checks. Currently we check
that the MFT ID we try to open is the same one we receive.
When the MFT is too large to fix in one entry, the second $DATA stream VCN is stored in another MFT entry and an ATTRIBUTE_LIST points to it. There was a bug where the second VCN was added without applying suitable fixups and therefore the runlist was sometimes corrupted.
This PR adds more debugging and visibility to allow tracking the physical sector on the disk where a file resides. There is also a "check" command added to run a host of sanity checks. Currently we check that the MFT ID we try to open is the same one we receive.