Finding ALL files regardless of permissions (Windows XP, C#)

I have a need to find ALL files on my hard drive (in the C: partition), regardless of permissions. (Windows XP Pro, using C#)

In an earlier question, I was told:

The "C:\System Volume Inforamtion" folder cannot be viewed because i开发者_运维问答t is assigned only to the SYSTEM user. In order to see inside of it you need to take ownership of it. However, this is not recommended for security reasons. – Alex Mendez

I've worked with Windows for years, and this is the first time that I have heard about a SYSTEM user (which explains many frustrations I have had in the past). I had assumed that the "Administrator" was similar to the "root" user in UNIX, that has access to everything.

In Windows, is there an ultimate user that owns EVERYTHING?

If so, how do I run my C# program as that user so I can see all the files?

If not, is there some other method? (Other programs do it.)

I believe FILE_FLAG_BACKUP_SEMANTICS can mostly do what you need.

I'm pretty sure that the only way to get access to those folders* is to run as Ring-0 which is the CPU's own partition for a kernel level user; it's also the way that some Malware/Rootkits can get their hooks into your system.

I'm pretty confident that this is not something you can achieve in .Net, and I'm not sure you can actually achieve it at all without writing a system level driver (a .sys file).

Regardless, the Filesystem works for the OS, If you're on an NTFS formatted drive and the contents are encrypted, have a super read-all driver won't decrypt the file for you.

Edit: Those folders being the system folders, If you can PInvoke the BackupRead/Write functions, you might get access to the other data.

No, there is no root user who has access to everything. Running as SYSTEM or Administrator or any other user will not solve your problem. You've taken on a very complex problem, and accomplishing it in C# is going to be an added challenge. I recommend rethinking the use of C#.

Start here and read the description of the FILE_FLAG_BACKUP_SEMANTICS flag and the link there on how to change privileges on a token. Basically, you're going to have to temporarily change the access privileges on each file/directory you don't have read access to.

You can run the application (or a command prompt) interactively (as SYSTEM). See, for instance, the accepted answer to this question. Once the application runs the interactive context, it can open System Volume Information directly.

[Edited to add clarification:]

In Windows, is there an ultimate user that owns EVERYTHING?

No. There is a privilege, SeTakeOwnershipPrivilege, that is by default granted to administrators (and implicitly System) that allows ownership of objects to be taken. The object owner can always change the ACL to give himself access.

There is another privilege, SeBackupPrivilege, granted to administrators and backup operators (and, again, System). It is intended to allow files to be read to conduct backups, and bypasses normal read operations. This effectively allows read access to any file, bypassing normal access control restrictions.

If so, who is that user?

There is not such a user. By default, Windows grants only SYSTEM access to C:\System Volume Information by an ACL on that directory.

If so, how do I run my C# program as that user so I can see all the files?

You can run the program as SYSTEM specifically to view System Volume Information (per above), although this won't let you view all the files necessarily. I think having Backup Operator privileges and conducting read operations with the backup flag is the only mechanism for seeing all files regardless of permissions.