]> wimlib.net Git - wimlib/blobdiff - src/win32_capture.c
win32_capture: recognize STATUS_NOT_SUPPORTED (fixes for WinXP)
[wimlib] / src / win32_capture.c
index d6be1124204312a73152fa87e376cf2263631646..d62f7d07ef20c08c9bec93f261131033e39b159b 100644 (file)
@@ -5,7 +5,7 @@
  */
 
 /*
- * Copyright (C) 2013-2016 Eric Biggers
+ * Copyright (C) 2013-2018 Eric Biggers
  *
  * This file is free software; you can redistribute it and/or modify it under
  * the terms of the GNU Lesser General Public License as published by the Free
 
 #include "wimlib/assert.h"
 #include "wimlib/blob_table.h"
-#include "wimlib/capture.h"
 #include "wimlib/dentry.h"
 #include "wimlib/encoding.h"
 #include "wimlib/endianness.h"
 #include "wimlib/error.h"
+#include "wimlib/object_id.h"
 #include "wimlib/paths.h"
 #include "wimlib/reparse.h"
+#include "wimlib/scan.h"
 #include "wimlib/win32_vss.h"
 #include "wimlib/wof.h"
+#include "wimlib/xattr.h"
 
 struct winnt_scan_ctx {
-       struct capture_params *params;
+       struct scan_params *params;
        bool is_ntfs;
        u32 vol_flags;
        unsigned long num_get_sd_access_denied;
@@ -57,10 +59,10 @@ struct winnt_scan_ctx {
 };
 
 static inline const wchar_t *
-printable_path(const wchar_t *full_path)
+printable_path(const struct winnt_scan_ctx *ctx)
 {
        /* Skip over \\?\ or \??\  */
-       return full_path + 4;
+       return ctx->params->cur_path + 4;
 }
 
 /* Description of where data is located on a Windows filesystem  */
@@ -240,39 +242,37 @@ get_windows_file_path(const struct windows_file *file)
 }
 
 /*
- * If cur_dir is not NULL, open an existing file relative to the already-open
- * directory cur_dir.
- *
- * Otherwise, open the file specified by @path, which must be a Windows NT
- * namespace path.
+ * Open the file named by the NT namespace path @path of length @path_nchars
+ * characters.  If @cur_dir is not NULL then the path is given relative to
+ * @cur_dir; otherwise the path is absolute.  @perms is the access mask of
+ * permissions to request on the handle.  SYNCHRONIZE permision is always added.
  */
 static NTSTATUS
 winnt_openat(HANDLE cur_dir, const wchar_t *path, size_t path_nchars,
             ACCESS_MASK perms, HANDLE *h_ret)
 {
-       UNICODE_STRING name;
-       OBJECT_ATTRIBUTES attr;
+       UNICODE_STRING name = {
+               .Length = path_nchars * sizeof(wchar_t),
+               .MaximumLength = path_nchars * sizeof(wchar_t),
+               .Buffer = (wchar_t *)path,
+       };
+       OBJECT_ATTRIBUTES attr = {
+               .Length = sizeof(attr),
+               .RootDirectory = cur_dir,
+               .ObjectName = &name,
+       };
        IO_STATUS_BLOCK iosb;
        NTSTATUS status;
+       ULONG options = FILE_OPEN_REPARSE_POINT | FILE_OPEN_FOR_BACKUP_INTENT;
 
-       name.Length = path_nchars * sizeof(wchar_t);
-       name.MaximumLength = name.Length;
-       name.Buffer = (wchar_t *)path;
-
-       attr.Length = sizeof(attr);
-       attr.RootDirectory = cur_dir;
-       attr.ObjectName = &name;
-       attr.Attributes = 0;
-       attr.SecurityDescriptor = NULL;
-       attr.SecurityQualityOfService = NULL;
-
+       perms |= SYNCHRONIZE;
+       if (perms & (FILE_READ_DATA | FILE_LIST_DIRECTORY)) {
+               options |= FILE_SYNCHRONOUS_IO_NONALERT;
+               options |= FILE_SEQUENTIAL_ONLY;
+       }
 retry:
-       status = (*func_NtOpenFile)(h_ret, perms, &attr, &iosb,
-                                   FILE_SHARE_VALID_FLAGS,
-                                   FILE_OPEN_REPARSE_POINT |
-                                           FILE_OPEN_FOR_BACKUP_INTENT |
-                                           FILE_SYNCHRONOUS_IO_NONALERT |
-                                           FILE_SEQUENTIAL_ONLY);
+       status = NtOpenFile(h_ret, perms, &attr, &iosb,
+                           FILE_SHARE_VALID_FLAGS, options);
        if (!NT_SUCCESS(status)) {
                /* Try requesting fewer permissions  */
                if (status == STATUS_ACCESS_DENIED ||
@@ -316,7 +316,7 @@ windows_file_to_string(const struct windows_file *file, u8 *buf, size_t bufsize)
 
 static int
 read_winnt_stream_prefix(const struct windows_file *file,
-                        u64 size, const struct read_blob_callbacks *cbs)
+                        u64 size, const struct consume_chunk_callback *cb)
 {
        IO_STATUS_BLOCK iosb;
        UNICODE_STRING name = {
@@ -334,14 +334,14 @@ read_winnt_stream_prefix(const struct windows_file *file,
        u64 bytes_remaining;
        int ret;
 
-       status = (*func_NtOpenFile)(&h, FILE_READ_DATA | SYNCHRONIZE,
-                                   &attr, &iosb,
-                                   FILE_SHARE_VALID_FLAGS,
-                                   FILE_OPEN_REPARSE_POINT |
-                                           FILE_OPEN_FOR_BACKUP_INTENT |
-                                           FILE_SYNCHRONOUS_IO_NONALERT |
-                                           FILE_SEQUENTIAL_ONLY |
-                                           (file->is_file_id ? FILE_OPEN_BY_FILE_ID : 0));
+       status = NtOpenFile(&h, FILE_READ_DATA | SYNCHRONIZE,
+                           &attr, &iosb,
+                           FILE_SHARE_VALID_FLAGS,
+                           FILE_OPEN_REPARSE_POINT |
+                               FILE_OPEN_FOR_BACKUP_INTENT |
+                               FILE_SYNCHRONOUS_IO_NONALERT |
+                               FILE_SEQUENTIAL_ONLY |
+                               (file->is_file_id ? FILE_OPEN_BY_FILE_ID : 0));
        if (unlikely(!NT_SUCCESS(status))) {
                if (status == STATUS_SHARING_VIOLATION) {
                        ERROR("Can't open %ls for reading:\n"
@@ -361,37 +361,57 @@ read_winnt_stream_prefix(const struct windows_file *file,
                IO_STATUS_BLOCK iosb;
                ULONG count;
                ULONG bytes_read;
+               const unsigned max_tries = 5;
+               unsigned tries_remaining = max_tries;
 
                count = min(sizeof(buf), bytes_remaining);
 
-               status = (*func_NtReadFile)(h, NULL, NULL, NULL,
-                                           &iosb, buf, count, NULL, NULL);
+       retry_read:
+               status = NtReadFile(h, NULL, NULL, NULL,
+                                   &iosb, buf, count, NULL, NULL);
                if (unlikely(!NT_SUCCESS(status))) {
                        if (status == STATUS_END_OF_FILE) {
                                ERROR("%ls: File was concurrently truncated",
                                      windows_file_to_string(file, buf, sizeof(buf)));
                                ret = WIMLIB_ERR_CONCURRENT_MODIFICATION_DETECTED;
                        } else {
-                               winnt_error(status, L"Error reading data from %ls",
-                                           windows_file_to_string(file, buf, sizeof(buf)));
+                               winnt_warning(status, L"Error reading data from %ls",
+                                             windows_file_to_string(file, buf, sizeof(buf)));
+
+                               /* Currently these retries are purely a guess;
+                                * there is no reproducible problem that they solve.  */
+                               if (--tries_remaining) {
+                                       int delay = 100;
+                                       if (status == STATUS_INSUFFICIENT_RESOURCES ||
+                                           status == STATUS_NO_MEMORY) {
+                                               delay *= 25;
+                                       }
+                                       WARNING("Retrying after %dms...", delay);
+                                       Sleep(delay);
+                                       goto retry_read;
+                               }
+                               ERROR("Too many retries; returning failure");
                                ret = WIMLIB_ERR_READ;
                        }
                        break;
+               } else if (unlikely(tries_remaining != max_tries)) {
+                       WARNING("A read request had to be retried multiple times "
+                               "before it succeeded!");
                }
 
                bytes_read = iosb.Information;
 
                bytes_remaining -= bytes_read;
-               ret = call_consume_chunk(buf, bytes_read, cbs);
+               ret = consume_chunk(cb, buf, bytes_read);
                if (ret)
                        break;
        }
-       (*func_NtClose)(h);
+       NtClose(h);
        return ret;
 }
 
 struct win32_encrypted_read_ctx {
-       const struct read_blob_callbacks *cbs;
+       const struct consume_chunk_callback *cb;
        int wimlib_err_code;
        u64 bytes_remaining;
 };
@@ -406,7 +426,7 @@ win32_encrypted_export_cb(unsigned char *data, void *_ctx, unsigned long len)
        if (bytes_to_consume == 0)
                return ERROR_SUCCESS;
 
-       ret = call_consume_chunk(data, bytes_to_consume, ctx->cbs);
+       ret = consume_chunk(ctx->cb, data, bytes_to_consume);
        if (ret) {
                ctx->wimlib_err_code = ret;
                /* It doesn't matter what error code is returned here, as long
@@ -419,7 +439,7 @@ win32_encrypted_export_cb(unsigned char *data, void *_ctx, unsigned long len)
 
 static int
 read_win32_encrypted_file_prefix(const wchar_t *path, bool is_dir, u64 size,
-                                const struct read_blob_callbacks *cbs)
+                                const struct consume_chunk_callback *cb)
 {
        struct win32_encrypted_read_ctx export_ctx;
        DWORD err;
@@ -430,7 +450,7 @@ read_win32_encrypted_file_prefix(const wchar_t *path, bool is_dir, u64 size,
        if (is_dir)
                flags |= CREATE_FOR_DIR;
 
-       export_ctx.cbs = cbs;
+       export_ctx.cb = cb;
        export_ctx.wimlib_err_code = 0;
        export_ctx.bytes_remaining = size;
 
@@ -438,7 +458,7 @@ read_win32_encrypted_file_prefix(const wchar_t *path, bool is_dir, u64 size,
        if (err != ERROR_SUCCESS) {
                win32_error(err,
                            L"Failed to open encrypted file \"%ls\" for raw read",
-                           printable_path(path));
+                           path);
                return WIMLIB_ERR_OPEN;
        }
        err = ReadEncryptedFileRaw(win32_encrypted_export_cb,
@@ -448,14 +468,14 @@ read_win32_encrypted_file_prefix(const wchar_t *path, bool is_dir, u64 size,
                if (ret == 0) {
                        win32_error(err,
                                    L"Failed to read encrypted file \"%ls\"",
-                                   printable_path(path));
+                                   path);
                        ret = WIMLIB_ERR_READ;
                }
        } else if (export_ctx.bytes_remaining != 0) {
                ERROR("Only could read %"PRIu64" of %"PRIu64" bytes from "
                      "encrypted file \"%ls\"",
                      size - export_ctx.bytes_remaining, size,
-                     printable_path(path));
+                     path);
                ret = WIMLIB_ERR_READ;
        } else {
                ret = 0;
@@ -468,16 +488,16 @@ read_win32_encrypted_file_prefix(const wchar_t *path, bool is_dir, u64 size,
  * described by @blob.  */
 int
 read_windows_file_prefix(const struct blob_descriptor *blob, u64 size,
-                        const struct read_blob_callbacks *cbs)
+                        const struct consume_chunk_callback *cb)
 {
        const struct windows_file *file = blob->windows_file;
 
        if (unlikely(file->is_encrypted)) {
                bool is_dir = (blob->file_inode->i_attributes & FILE_ATTRIBUTE_DIRECTORY);
-               return read_win32_encrypted_file_prefix(file->path, is_dir, size, cbs);
+               return read_win32_encrypted_file_prefix(file->path, is_dir, size, cb);
        }
 
-       return read_winnt_stream_prefix(file, size, cbs);
+       return read_winnt_stream_prefix(file, size, cb);
 }
 
 /*
@@ -494,8 +514,8 @@ winnt_get_short_name(HANDLE h, struct wim_dentry *dentry)
        u8 buf[128] _aligned_attribute(8);
        const FILE_NAME_INFORMATION *info;
 
-       status = (*func_NtQueryInformationFile)(h, &iosb, buf, sizeof(buf),
-                                               FileAlternateNameInformation);
+       status = NtQueryInformationFile(h, &iosb, buf, sizeof(buf),
+                                       FileAlternateNameInformation);
        info = (const FILE_NAME_INFORMATION *)buf;
        if (NT_SUCCESS(status) && info->FileNameLength != 0) {
                dentry->d_short_name = utf16le_dupz(info->FileName,
@@ -513,7 +533,6 @@ winnt_get_short_name(HANDLE h, struct wim_dentry *dentry)
  */
 static noinline_for_stack int
 winnt_load_security_descriptor(HANDLE h, struct wim_inode *inode,
-                              const wchar_t *full_path,
                               struct winnt_scan_ctx *ctx)
 {
        SECURITY_INFORMATION requestedInformation;
@@ -576,11 +595,11 @@ winnt_load_security_descriptor(HANDLE h, struct wim_inode *inode,
         * ntdll function and therefore not officially part of the Win32 API.
         * Oh well.
         */
-       while (!(NT_SUCCESS(status = (*func_NtQuerySecurityObject)(h,
-                                                                  requestedInformation,
-                                                                  (PSECURITY_DESCRIPTOR)buf,
-                                                                  bufsize,
-                                                                  &len_needed))))
+       while (!NT_SUCCESS(status = NtQuerySecurityObject(h,
+                                                         requestedInformation,
+                                                         (PSECURITY_DESCRIPTOR)buf,
+                                                         bufsize,
+                                                         &len_needed)))
        {
                switch (status) {
                case STATUS_BUFFER_TOO_SMALL:
@@ -616,8 +635,13 @@ winnt_load_security_descriptor(HANDLE h, struct wim_inode *inode,
                }
        }
 
+       /* We can get a length of 0 with Samba.  Assume that means "no security
+        * descriptor".  */
+       if (len_needed == 0)
+               goto out;
+
        /* Add the security descriptor to the WIM image, and save its ID in
-        * file's inode.  */
+        * the file's inode.  */
        inode->i_security_id = sd_set_add_sd(ctx->params->sd_set, buf, len_needed);
        if (unlikely(inode->i_security_id < 0))
                status = STATUS_NO_MEMORY;
@@ -626,26 +650,168 @@ out:
                FREE(buf);
        if (!NT_SUCCESS(status)) {
                winnt_error(status, L"\"%ls\": Can't read security descriptor",
-                           printable_path(full_path));
+                           printable_path(ctx));
+               return WIMLIB_ERR_STAT;
+       }
+       return 0;
+}
+
+/* Load a file's object ID into the corresponding WIM inode.  */
+static noinline_for_stack int
+winnt_load_object_id(HANDLE h, struct wim_inode *inode,
+                    struct winnt_scan_ctx *ctx)
+{
+       FILE_OBJECTID_BUFFER buffer;
+       NTSTATUS status;
+       u32 len;
+
+       if (!(ctx->vol_flags & FILE_SUPPORTS_OBJECT_IDS))
+               return 0;
+
+       status = winnt_fsctl(h, FSCTL_GET_OBJECT_ID, NULL, 0,
+                            &buffer, sizeof(buffer), &len);
+
+       if (status == STATUS_OBJECTID_NOT_FOUND) /* No object ID  */
+               return 0;
+
+       if (status == STATUS_INVALID_DEVICE_REQUEST ||
+           status == STATUS_NOT_SUPPORTED /* Samba volume, WinXP */) {
+               /* The filesystem claimed to support object IDs, but we can't
+                * actually read them.  This happens with Samba.  */
+               ctx->vol_flags &= ~FILE_SUPPORTS_OBJECT_IDS;
+               return 0;
+       }
+
+       if (!NT_SUCCESS(status)) {
+               winnt_error(status, L"\"%ls\": Can't read object ID",
+                           printable_path(ctx));
                return WIMLIB_ERR_STAT;
        }
+
+       if (len == 0) /* No object ID (for directories)  */
+               return 0;
+
+       if (!inode_set_object_id(inode, &buffer, len))
+               return WIMLIB_ERR_NOMEM;
+
        return 0;
 }
 
+/* Load a file's extended attributes into the corresponding WIM inode.  */
+static noinline_for_stack int
+winnt_load_xattrs(HANDLE h, struct wim_inode *inode,
+                 struct winnt_scan_ctx *ctx, u32 ea_size)
+{
+       IO_STATUS_BLOCK iosb;
+       NTSTATUS status;
+       u8 _buf[1024] _aligned_attribute(4);
+       u8 *buf = _buf;
+       const FILE_FULL_EA_INFORMATION *ea;
+       struct wim_xattr_entry *entry;
+       int ret;
+
+
+       /*
+        * EaSize from FILE_EA_INFORMATION is apparently supposed to give the
+        * size of the buffer required for NtQueryEaFile(), but it doesn't
+        * actually work correctly; it can be off by about 4 bytes per xattr.
+        *
+        * So just start out by doubling the advertised size, and also handle
+        * STATUS_BUFFER_OVERFLOW just in case.
+        */
+retry:
+       if (unlikely(ea_size * 2 < ea_size))
+               ea_size = UINT32_MAX;
+       else
+               ea_size *= 2;
+       if (unlikely(ea_size > sizeof(_buf))) {
+               buf = MALLOC(ea_size);
+               if (!buf) {
+                       if (ea_size >= (1 << 20)) {
+                               WARNING("\"%ls\": EaSize was extremely large (%u)",
+                                       printable_path(ctx), ea_size);
+                       }
+                       return WIMLIB_ERR_NOMEM;
+               }
+       }
+
+       status = NtQueryEaFile(h, &iosb, buf, ea_size,
+                              FALSE, NULL, 0, NULL, TRUE);
+
+       if (unlikely(!NT_SUCCESS(status))) {
+               if (status == STATUS_BUFFER_OVERFLOW) {
+                       if (buf != _buf) {
+                               FREE(buf);
+                               buf = NULL;
+                       }
+                       goto retry;
+               }
+               if (status == STATUS_NO_EAS_ON_FILE) {
+                       /*
+                        * FILE_EA_INFORMATION.EaSize was nonzero so this
+                        * shouldn't happen, but just in case...
+                        */
+                       ret = 0;
+                       goto out;
+               }
+               winnt_error(status, L"\"%ls\": Can't read extended attributes",
+                           printable_path(ctx));
+               ret = WIMLIB_ERR_STAT;
+               goto out;
+       }
+
+       ea = (const FILE_FULL_EA_INFORMATION *)buf;
+       entry = (struct wim_xattr_entry *)buf;
+       for (;;) {
+               /*
+                * wim_xattr_entry is not larger than FILE_FULL_EA_INFORMATION,
+                * so we can reuse the same buffer by overwriting the
+                * FILE_FULL_EA_INFORMATION with the wim_xattr_entry in-place.
+                */
+               FILE_FULL_EA_INFORMATION _ea;
+
+               STATIC_ASSERT(offsetof(struct wim_xattr_entry, name) <=
+                             offsetof(FILE_FULL_EA_INFORMATION, EaName));
+               wimlib_assert((u8 *)entry <= (const u8 *)ea);
+
+               memcpy(&_ea, ea, sizeof(_ea));
+
+               entry->value_len = cpu_to_le16(_ea.EaValueLength);
+               entry->name_len = _ea.EaNameLength;
+               entry->flags = _ea.Flags;
+               memmove(entry->name, ea->EaName, _ea.EaNameLength);
+               entry->name[_ea.EaNameLength] = '\0';
+               memmove(&entry->name[_ea.EaNameLength + 1],
+                       &ea->EaName[_ea.EaNameLength + 1], _ea.EaValueLength);
+               entry = (struct wim_xattr_entry *)
+                        &entry->name[_ea.EaNameLength + 1 + _ea.EaValueLength];
+               if (_ea.NextEntryOffset == 0)
+                       break;
+               ea = (const FILE_FULL_EA_INFORMATION *)
+                       ((const u8 *)ea + _ea.NextEntryOffset);
+       }
+       wimlib_assert((u8 *)entry - buf <= ea_size);
+
+       ret = WIMLIB_ERR_NOMEM;
+       if (!inode_set_xattrs(inode, buf, (u8 *)entry - buf))
+               goto out;
+       ret = 0;
+out:
+       if (unlikely(buf != _buf))
+               FREE(buf);
+       return ret;
+}
+
 static int
 winnt_build_dentry_tree_recursive(struct wim_dentry **root_ret,
                                  HANDLE cur_dir,
-                                 wchar_t *full_path,
-                                 size_t full_path_nchars,
-                                 wchar_t *relative_path,
+                                 const wchar_t *relative_path,
                                  size_t relative_path_nchars,
                                  const wchar_t *filename,
                                  struct winnt_scan_ctx *ctx);
 
 static int
 winnt_recurse_directory(HANDLE h,
-                       wchar_t *full_path,
-                       size_t full_path_nchars,
                        struct wim_dentry *parent,
                        struct winnt_scan_ctx *ctx)
 {
@@ -662,43 +828,37 @@ winnt_recurse_directory(HANDLE h,
        /* Using NtQueryDirectoryFile() we can re-use the same open handle,
         * which we opened with FILE_FLAG_BACKUP_SEMANTICS.  */
 
-       while (NT_SUCCESS(status = (*func_NtQueryDirectoryFile)(h, NULL, NULL, NULL,
-                                                               &iosb, buf, bufsize,
-                                                               FileNamesInformation,
-                                                               FALSE, NULL, FALSE)))
+       while (NT_SUCCESS(status = NtQueryDirectoryFile(h, NULL, NULL, NULL,
+                                                       &iosb, buf, bufsize,
+                                                       FileNamesInformation,
+                                                       FALSE, NULL, FALSE)))
        {
                const FILE_NAMES_INFORMATION *info = buf;
                for (;;) {
                        if (!should_ignore_filename(info->FileName,
                                                    info->FileNameLength / 2))
                        {
-                               wchar_t *p;
-                               wchar_t *filename;
                                struct wim_dentry *child;
-
-                               p = full_path + full_path_nchars;
-                               /* Only add a backslash if we don't already have
-                                * one.  This prevents a duplicate backslash
-                                * from being added when the path to the capture
-                                * dir had a trailing backslash.  */
-                               if (*(p - 1) != L'\\')
-                                       *p++ = L'\\';
-                               filename = p;
-                               p = wmempcpy(filename, info->FileName,
-                                            info->FileNameLength / 2);
-                               *p = '\0';
+                               size_t orig_path_nchars;
+                               const wchar_t *filename;
+
+                               ret = WIMLIB_ERR_NOMEM;
+                               filename = pathbuf_append_name(ctx->params,
+                                                              info->FileName,
+                                                              info->FileNameLength / 2,
+                                                              &orig_path_nchars);
+                               if (!filename)
+                                       goto out_free_buf;
 
                                ret = winnt_build_dentry_tree_recursive(
                                                        &child,
                                                        h,
-                                                       full_path,
-                                                       p - full_path,
                                                        filename,
                                                        info->FileNameLength / 2,
                                                        filename,
                                                        ctx);
 
-                               full_path[full_path_nchars] = L'\0';
+                               pathbuf_truncate(ctx->params, orig_path_nchars);
 
                                if (ret)
                                        goto out_free_buf;
@@ -714,7 +874,7 @@ winnt_recurse_directory(HANDLE h,
 
        if (unlikely(status != STATUS_NO_MORE_FILES)) {
                winnt_error(status, L"\"%ls\": Can't read directory",
-                           printable_path(full_path));
+                           printable_path(ctx));
                ret = WIMLIB_ERR_READ;
        }
 out_free_buf:
@@ -733,18 +893,17 @@ file_has_ino_and_dev(HANDLE h, u64 ino, u64 dev)
        FILE_INTERNAL_INFORMATION int_info;
        FILE_FS_VOLUME_INFORMATION vol_info;
 
-       status = (*func_NtQueryInformationFile)(h, &iosb,
-                                               &int_info, sizeof(int_info),
-                                               FileInternalInformation);
+       status = NtQueryInformationFile(h, &iosb, &int_info, sizeof(int_info),
+                                       FileInternalInformation);
        if (!NT_SUCCESS(status))
                return false;
 
        if (int_info.IndexNumber.QuadPart != ino)
                return false;
 
-       status = (*func_NtQueryVolumeInformationFile)(h, &iosb,
-                                                     &vol_info, sizeof(vol_info),
-                                                     FileFsVolumeInformation);
+       status = NtQueryVolumeInformationFile(h, &iosb,
+                                             &vol_info, sizeof(vol_info),
+                                             FileFsVolumeInformation);
        if (!(NT_SUCCESS(status) || status == STATUS_BUFFER_OVERFLOW))
                return false;
 
@@ -816,17 +975,17 @@ winnt_relativize_link_target(const wchar_t *target, size_t target_nbytes,
                name.MaximumLength = name.Length;
 
                /* Try opening the file  */
-               status = (*func_NtOpenFile) (&h,
-                                            FILE_READ_ATTRIBUTES | FILE_TRAVERSE,
-                                            &attr,
-                                            &iosb,
-                                            FILE_SHARE_VALID_FLAGS,
-                                            FILE_OPEN_FOR_BACKUP_INTENT);
+               status = NtOpenFile(&h,
+                                   FILE_READ_ATTRIBUTES | FILE_TRAVERSE,
+                                   &attr,
+                                   &iosb,
+                                   FILE_SHARE_VALID_FLAGS,
+                                   FILE_OPEN_FOR_BACKUP_INTENT);
 
                if (NT_SUCCESS(status)) {
                        /* Reset root directory  */
                        if (attr.RootDirectory)
-                               (*func_NtClose)(attr.RootDirectory);
+                               NtClose(attr.RootDirectory);
                        attr.RootDirectory = h;
                        name.Buffer = (wchar_t *)p;
                        name.Length = 0;
@@ -840,14 +999,14 @@ winnt_relativize_link_target(const wchar_t *target, size_t target_nbytes,
 
 out_close_root_dir:
        if (attr.RootDirectory)
-               (*func_NtClose)(attr.RootDirectory);
+               NtClose(attr.RootDirectory);
        while (p > target && *(p - 1) == L'\\')
                p--;
        return p;
 }
 
 static int
-winnt_rpfix_progress(struct capture_params *params, const wchar_t *path,
+winnt_rpfix_progress(struct scan_params *params,
                     const struct link_reparse_point *link, int scan_status)
 {
        size_t print_name_nchars = link->print_name_nbytes / sizeof(wchar_t);
@@ -856,14 +1015,13 @@ winnt_rpfix_progress(struct capture_params *params, const wchar_t *path,
        wmemcpy(print_name0, link->print_name, print_name_nchars);
        print_name0[print_name_nchars] = L'\0';
 
-       params->progress.scan.cur_path = printable_path(path);
        params->progress.scan.symlink_target = print_name0;
-       return do_capture_progress(params, scan_status, NULL);
+       return do_scan_progress(params, scan_status, NULL);
 }
 
 static int
 winnt_try_rpfix(struct reparse_buffer_disk *rpbuf, u16 *rpbuflen_p,
-               const wchar_t *path, struct capture_params *params)
+               struct scan_params *params)
 {
        struct link_reparse_point link;
        const wchar_t *rel_target;
@@ -907,7 +1065,7 @@ winnt_try_rpfix(struct reparse_buffer_disk *rpbuf, u16 *rpbuflen_p,
        if (rel_target == link.substitute_name) {
                /* Target points outside of the tree being captured or had an
                 * unrecognized path format.  Don't adjust it.  */
-               return winnt_rpfix_progress(params, path, &link,
+               return winnt_rpfix_progress(params, &link,
                                            WIMLIB_SCAN_DENTRY_NOT_FIXED_SYMLINK);
        }
 
@@ -943,7 +1101,7 @@ winnt_try_rpfix(struct reparse_buffer_disk *rpbuf, u16 *rpbuflen_p,
        if (make_link_reparse_point(&link, rpbuf, rpbuflen_p))
                return 0;
 
-       ret = winnt_rpfix_progress(params, path, &link,
+       ret = winnt_rpfix_progress(params, &link,
                                   WIMLIB_SCAN_DENTRY_FIXED_SYMLINK);
        if (ret)
                return ret;
@@ -956,39 +1114,54 @@ winnt_try_rpfix(struct reparse_buffer_disk *rpbuf, u16 *rpbuflen_p,
  * capture root.  */
 static noinline_for_stack int
 winnt_load_reparse_data(HANDLE h, struct wim_inode *inode,
-                       const wchar_t *full_path, struct capture_params *params)
+                       struct winnt_scan_ctx *ctx)
 {
        struct reparse_buffer_disk rpbuf;
-       DWORD bytes_returned;
+       NTSTATUS status;
+       u32 len;
        u16 rpbuflen;
        int ret;
 
        if (inode->i_attributes & FILE_ATTRIBUTE_ENCRYPTED) {
                /* See comment above assign_stream_types_encrypted()  */
                WARNING("Ignoring reparse data of encrypted file \"%ls\"",
-                       printable_path(full_path));
+                       printable_path(ctx));
                return 0;
        }
 
-       if (!DeviceIoControl(h, FSCTL_GET_REPARSE_POINT,
-                            NULL, 0, &rpbuf, REPARSE_POINT_MAX_SIZE,
-                            &bytes_returned, NULL))
-       {
-               win32_error(GetLastError(), L"\"%ls\": Can't get reparse point",
-                           printable_path(full_path));
+       status = winnt_fsctl(h, FSCTL_GET_REPARSE_POINT,
+                            NULL, 0, &rpbuf, sizeof(rpbuf), &len);
+       if (!NT_SUCCESS(status)) {
+               winnt_error(status, L"\"%ls\": Can't get reparse point",
+                           printable_path(ctx));
                return WIMLIB_ERR_READLINK;
        }
 
-       rpbuflen = bytes_returned;
+       rpbuflen = len;
 
        if (unlikely(rpbuflen < REPARSE_DATA_OFFSET)) {
                ERROR("\"%ls\": reparse point buffer is too short",
-                     printable_path(full_path));
+                     printable_path(ctx));
                return WIMLIB_ERR_INVALID_REPARSE_DATA;
        }
 
-       if (params->add_flags & WIMLIB_ADD_FLAG_RPFIX) {
-               ret = winnt_try_rpfix(&rpbuf, &rpbuflen, full_path, params);
+       if (le32_to_cpu(rpbuf.rptag) == WIM_IO_REPARSE_TAG_DEDUP) {
+               /*
+                * Windows treats Data Deduplication reparse points specially.
+                * Reads from the unnamed data stream actually return the
+                * redirected file contents, even with FILE_OPEN_REPARSE_POINT.
+                * Deduplicated files also cannot be properly restored without
+                * also restoring the "System Volume Information" directory,
+                * which wimlib excludes by default.  Therefore, the logical
+                * behavior for us seems to be to ignore the reparse point and
+                * treat the file as a normal file.
+                */
+               inode->i_attributes &= ~FILE_ATTRIBUTE_REPARSE_POINT;
+               return 0;
+       }
+
+       if (ctx->params->add_flags & WIMLIB_ADD_FLAG_RPFIX) {
+               ret = winnt_try_rpfix(&rpbuf, &rpbuflen, ctx->params);
                if (ret == RP_FIXED)
                        inode->i_rp_flags &= ~WIM_RP_FLAG_NOT_FIXED;
                else if (ret)
@@ -1003,7 +1176,7 @@ winnt_load_reparse_data(HANDLE h, struct wim_inode *inode,
                                        NO_STREAM_NAME,
                                        rpbuf.rpdata,
                                        rpbuflen - REPARSE_DATA_OFFSET,
-                                       params->blob_table))
+                                       ctx->params->blob_table))
                return WIMLIB_ERR_NOMEM;
 
        return 0;
@@ -1032,7 +1205,7 @@ win32_get_encrypted_file_size(const wchar_t *path, bool is_dir, u64 *size_ret)
        if (err != ERROR_SUCCESS) {
                win32_error(err,
                            L"Failed to open encrypted file \"%ls\" for raw read",
-                           printable_path(path));
+                           path);
                return WIMLIB_ERR_OPEN;
        }
        *size_ret = 0;
@@ -1041,7 +1214,7 @@ win32_get_encrypted_file_size(const wchar_t *path, bool is_dir, u64 *size_ret)
        if (err != ERROR_SUCCESS) {
                win32_error(err,
                            L"Failed to read raw encrypted data from \"%ls\"",
-                           printable_path(path));
+                           path);
                ret = WIMLIB_ERR_READ;
        } else {
                ret = 0;
@@ -1052,9 +1225,10 @@ win32_get_encrypted_file_size(const wchar_t *path, bool is_dir, u64 *size_ret)
 
 static int
 winnt_scan_efsrpc_raw_data(struct wim_inode *inode,
-                          wchar_t *path, size_t path_nchars,
                           struct winnt_scan_ctx *ctx)
 {
+       wchar_t *path = ctx->params->cur_path;
+       size_t path_nchars = ctx->params->cur_path_nchars;
        const bool is_dir = (inode->i_attributes & FILE_ATTRIBUTE_DIRECTORY);
        struct windows_file *windows_file;
        u64 size;
@@ -1114,8 +1288,7 @@ get_data_stream_name(const wchar_t *raw_stream_name, size_t raw_stream_name_ncha
 }
 
 static int
-winnt_scan_data_stream(const wchar_t *path, size_t path_nchars,
-                      wchar_t *raw_stream_name, size_t raw_stream_name_nchars,
+winnt_scan_data_stream(wchar_t *raw_stream_name, size_t raw_stream_name_nchars,
                       u64 stream_size, struct wim_inode *inode,
                       struct winnt_scan_ctx *ctx)
 {
@@ -1133,7 +1306,8 @@ winnt_scan_data_stream(const wchar_t *path, size_t path_nchars,
 
        stream_name[stream_name_nchars] = L'\0';
 
-       windows_file = alloc_windows_file(path, path_nchars,
+       windows_file = alloc_windows_file(ctx->params->cur_path,
+                                         ctx->params->cur_path_nchars,
                                          stream_name, stream_name_nchars,
                                          ctx->snapshot, false);
        return add_stream(inode, windows_file, stream_size, STREAM_TYPE_DATA,
@@ -1155,8 +1329,7 @@ winnt_scan_data_stream(const wchar_t *path, size_t path_nchars,
  *   already present in Windows XP.
  */
 static noinline_for_stack int
-winnt_scan_data_streams(HANDLE h, const wchar_t *path, size_t path_nchars,
-                       struct wim_inode *inode, u64 file_size,
+winnt_scan_data_streams(HANDLE h, struct wim_inode *inode, u64 file_size,
                        struct winnt_scan_ctx *ctx)
 {
        int ret;
@@ -1174,11 +1347,11 @@ winnt_scan_data_streams(HANDLE h, const wchar_t *path, size_t path_nchars,
                goto unnamed_only;
 
        /* Get a buffer containing the stream information.  */
-       while (!NT_SUCCESS(status = (*func_NtQueryInformationFile)(h,
-                                                                  &iosb,
-                                                                  buf,
-                                                                  bufsize,
-                                                                  FileStreamInformation)))
+       while (!NT_SUCCESS(status = NtQueryInformationFile(h,
+                                                          &iosb,
+                                                          buf,
+                                                          bufsize,
+                                                          FileStreamInformation)))
        {
 
                switch (status) {
@@ -1205,7 +1378,7 @@ winnt_scan_data_streams(HANDLE h, const wchar_t *path, size_t path_nchars,
                default:
                        winnt_error(status,
                                    L"\"%ls\": Failed to query stream information",
-                                   printable_path(path));
+                                   printable_path(ctx));
                        ret = WIMLIB_ERR_READ;
                        goto out_free_buf;
                }
@@ -1221,8 +1394,7 @@ winnt_scan_data_streams(HANDLE h, const wchar_t *path, size_t path_nchars,
        info = (FILE_STREAM_INFORMATION *)buf;
        for (;;) {
                /* Load the stream information.  */
-               ret = winnt_scan_data_stream(path, path_nchars,
-                                            info->StreamName,
+               ret = winnt_scan_data_stream(info->StreamName,
                                             info->StreamNameLength / 2,
                                             info->StreamSize.QuadPart,
                                             inode, ctx);
@@ -1252,8 +1424,8 @@ unnamed_only:
 
        {
                wchar_t stream_name[] = L"::$DATA";
-               ret = winnt_scan_data_stream(path, path_nchars, stream_name, 7,
-                                            file_size, inode, ctx);
+               ret = winnt_scan_data_stream(stream_name, 7, file_size,
+                                            inode, ctx);
        }
 out_free_buf:
        /* Free buffer if allocated on heap.  */
@@ -1276,12 +1448,9 @@ get_sort_key(HANDLE h)
 {
        STARTING_VCN_INPUT_BUFFER in = { .StartingVcn.QuadPart = 0 };
        RETRIEVAL_POINTERS_BUFFER out;
-       DWORD bytesReturned;
 
-       if (!DeviceIoControl(h, FSCTL_GET_RETRIEVAL_POINTERS,
-                            &in, sizeof(in),
-                            &out, sizeof(out),
-                            &bytesReturned, NULL))
+       if (!NT_SUCCESS(winnt_fsctl(h, FSCTL_GET_RETRIEVAL_POINTERS,
+                                   &in, sizeof(in), &out, sizeof(out), NULL)))
                return 0;
 
        return extract_starting_lcn(&out);
@@ -1300,8 +1469,7 @@ set_sort_key(struct wim_inode *inode, u64 sort_key)
 
 static inline bool
 should_try_to_use_wimboot_hash(const struct wim_inode *inode,
-                              const struct winnt_scan_ctx *ctx,
-                              const struct capture_params *params)
+                              const struct winnt_scan_ctx *ctx)
 {
        /* Directories and encrypted files aren't valid for external backing. */
        if (inode->i_attributes & (FILE_ATTRIBUTE_DIRECTORY |
@@ -1313,7 +1481,7 @@ should_try_to_use_wimboot_hash(const struct wim_inode *inode,
         * fixup if WOF may be attached. */
        if (inode->i_attributes & FILE_ATTRIBUTE_REPARSE_POINT)
                return (inode->i_reparse_tag == WIM_IO_REPARSE_TAG_WOF) &&
-                       (params->add_flags & WIMLIB_ADD_FLAG_WIMBOOT);
+                       (ctx->params->add_flags & WIMLIB_ADD_FLAG_WIMBOOT);
        return !ctx->wof_not_attached;
 }
 
@@ -1335,7 +1503,7 @@ should_try_to_use_wimboot_hash(const struct wim_inode *inode,
  */
 static noinline_for_stack int
 try_to_use_wimboot_hash(HANDLE h, struct wim_inode *inode,
-                       struct winnt_scan_ctx *ctx, const wchar_t *full_path)
+                       struct winnt_scan_ctx *ctx)
 {
        struct blob_table *blob_table = ctx->params->blob_table;
        struct wim_inode_stream *reparse_strm = NULL;
@@ -1377,14 +1545,12 @@ try_to_use_wimboot_hash(HANDLE h, struct wim_inode *inode,
                        struct wof_external_info wof_info;
                        struct wim_provider_external_info wim_info;
                } out;
-               IO_STATUS_BLOCK iosb;
                NTSTATUS status;
 
                /* WOF may be attached.  Try reading this file's external
                 * backing info.  */
-               status = (*func_NtFsControlFile)(h, NULL, NULL, NULL, &iosb,
-                                                FSCTL_GET_EXTERNAL_BACKING,
-                                                NULL, 0, &out, sizeof(out));
+               status = winnt_fsctl(h, FSCTL_GET_EXTERNAL_BACKING,
+                                    NULL, 0, &out, sizeof(out), NULL);
 
                /* Is WOF not attached?  */
                if (status == STATUS_INVALID_DEVICE_REQUEST ||
@@ -1406,7 +1572,7 @@ try_to_use_wimboot_hash(HANDLE h, struct wim_inode *inode,
                if (status != STATUS_SUCCESS) {
                        winnt_error(status,
                                    L"\"%ls\": FSCTL_GET_EXTERNAL_BACKING failed",
-                                   full_path);
+                                   printable_path(ctx));
                        return WIMLIB_ERR_STAT;
                }
 
@@ -1459,6 +1625,7 @@ struct file_info {
        u64 last_access_time;
        u64 ino;
        u64 end_of_file;
+       u32 ea_size;
 };
 
 static noinline_for_stack NTSTATUS
@@ -1468,9 +1635,8 @@ get_file_info(HANDLE h, struct file_info *info)
        NTSTATUS status;
        FILE_ALL_INFORMATION all_info;
 
-       status = (*func_NtQueryInformationFile)(h, &iosb, &all_info,
-                                               sizeof(all_info),
-                                               FileAllInformation);
+       status = NtQueryInformationFile(h, &iosb, &all_info, sizeof(all_info),
+                                       FileAllInformation);
 
        if (unlikely(!NT_SUCCESS(status) && status != STATUS_BUFFER_OVERFLOW))
                return status;
@@ -1482,12 +1648,12 @@ get_file_info(HANDLE h, struct file_info *info)
        info->last_access_time = all_info.BasicInformation.LastAccessTime.QuadPart;
        info->ino = all_info.InternalInformation.IndexNumber.QuadPart;
        info->end_of_file = all_info.StandardInformation.EndOfFile.QuadPart;
+       info->ea_size = all_info.EaInformation.EaSize;
        return STATUS_SUCCESS;
 }
 
 static void
-get_volume_information(HANDLE h, const wchar_t *full_path,
-                      struct winnt_scan_ctx *ctx)
+get_volume_information(HANDLE h, struct winnt_scan_ctx *ctx)
 {
        u8 _attr_info[sizeof(FILE_FS_ATTRIBUTE_INFORMATION) + 128] _aligned_attribute(8);
        FILE_FS_ATTRIBUTE_INFORMATION *attr_info = (void *)_attr_info;
@@ -1497,22 +1663,22 @@ get_volume_information(HANDLE h, const wchar_t *full_path,
        NTSTATUS status;
 
        /* Get volume flags  */
-       status = (*func_NtQueryVolumeInformationFile)(h, &iosb, attr_info,
-                                                     sizeof(_attr_info),
-                                                     FileFsAttributeInformation);
+       status = NtQueryVolumeInformationFile(h, &iosb, attr_info,
+                                             sizeof(_attr_info),
+                                             FileFsAttributeInformation);
        if (NT_SUCCESS(status)) {
                ctx->vol_flags = attr_info->FileSystemAttributes;
                ctx->is_ntfs = (attr_info->FileSystemNameLength == 4 * sizeof(wchar_t)) &&
                                !wmemcmp(attr_info->FileSystemName, L"NTFS", 4);
        } else {
                winnt_warning(status, L"\"%ls\": Can't get volume attributes",
-                             printable_path(full_path));
+                             printable_path(ctx));
        }
 
        /* Get volume ID.  */
-       status = (*func_NtQueryVolumeInformationFile)(h, &iosb, &vol_info,
-                                                     sizeof(vol_info),
-                                                     FileFsVolumeInformation);
+       status = NtQueryVolumeInformationFile(h, &iosb, &vol_info,
+                                             sizeof(vol_info),
+                                             FileFsVolumeInformation);
        if ((NT_SUCCESS(status) || status == STATUS_BUFFER_OVERFLOW) &&
            (iosb.Information >= offsetof(FILE_FS_VOLUME_INFORMATION,
                                          VolumeSerialNumber) +
@@ -1521,7 +1687,7 @@ get_volume_information(HANDLE h, const wchar_t *full_path,
                ctx->params->capture_root_dev = vol_info.VolumeSerialNumber;
        } else {
                winnt_warning(status, L"\"%ls\": Can't get volume ID",
-                             printable_path(full_path));
+                             printable_path(ctx));
        }
 
        /* Get inode number.  */
@@ -1530,16 +1696,14 @@ get_volume_information(HANDLE h, const wchar_t *full_path,
                ctx->params->capture_root_ino = file_info.ino;
        } else {
                winnt_warning(status, L"\"%ls\": Can't get file information",
-                             printable_path(full_path));
+                             printable_path(ctx));
        }
 }
 
 static int
 winnt_build_dentry_tree_recursive(struct wim_dentry **root_ret,
                                  HANDLE cur_dir,
-                                 wchar_t *full_path,
-                                 size_t full_path_nchars,
-                                 wchar_t *relative_path,
+                                 const wchar_t *relative_path,
                                  size_t relative_path_nchars,
                                  const wchar_t *filename,
                                  struct winnt_scan_ctx *ctx)
@@ -1550,47 +1714,41 @@ winnt_build_dentry_tree_recursive(struct wim_dentry **root_ret,
        int ret;
        NTSTATUS status;
        struct file_info file_info;
-       ACCESS_MASK requestedPerms;
        u64 sort_key;
 
-       ret = try_exclude(full_path, ctx->params);
+       ret = try_exclude(ctx->params);
        if (unlikely(ret < 0)) /* Excluded? */
                goto out_progress;
        if (unlikely(ret > 0)) /* Error? */
                goto out;
 
-       /* Open the file.  */
-       requestedPerms = FILE_READ_DATA |
-                        FILE_READ_ATTRIBUTES |
-                        READ_CONTROL |
-                        ACCESS_SYSTEM_SECURITY |
-                        SYNCHRONIZE;
-retry_open:
+       /* Open the file with permission to read metadata.  Although we will
+        * later need a handle with FILE_LIST_DIRECTORY permission (or,
+        * equivalently, FILE_READ_DATA; they're the same numeric value) if the
+        * file is a directory, it can significantly slow things down to request
+        * this permission on all nondirectories.  Perhaps it causes Windows to
+        * start prefetching the file contents...  */
        status = winnt_openat(cur_dir, relative_path, relative_path_nchars,
-                             requestedPerms, &h);
+                             FILE_READ_ATTRIBUTES | FILE_READ_EA |
+                               READ_CONTROL | ACCESS_SYSTEM_SECURITY,
+                             &h);
        if (unlikely(!NT_SUCCESS(status))) {
                if (status == STATUS_DELETE_PENDING) {
                        WARNING("\"%ls\": Deletion pending; skipping file",
-                               printable_path(full_path));
+                               printable_path(ctx));
                        ret = 0;
                        goto out;
                }
-               if (status == STATUS_ACCESS_DENIED &&
-                   (requestedPerms & FILE_READ_DATA)) {
-                       /* This happens on encrypted files.  */
-                       requestedPerms &= ~FILE_READ_DATA;
-                       goto retry_open;
-               }
                if (status == STATUS_SHARING_VIOLATION) {
                        ERROR("Can't open \"%ls\":\n"
                              "        File is in use by another process! "
                              "Consider using snapshot (VSS) mode.",
-                             printable_path(full_path));
+                             printable_path(ctx));
                        ret = WIMLIB_ERR_OPEN;
                        goto out;
                }
                winnt_error(status, L"\"%ls\": Can't open file",
-                           printable_path(full_path));
+                           printable_path(ctx));
                if (status == STATUS_FVE_LOCKED_VOLUME)
                        ret = WIMLIB_ERR_FVE_LOCKED_VOLUME;
                else
@@ -1602,20 +1760,11 @@ retry_open:
        status = get_file_info(h, &file_info);
        if (!NT_SUCCESS(status)) {
                winnt_error(status, L"\"%ls\": Can't get file information",
-                           printable_path(full_path));
+                           printable_path(ctx));
                ret = WIMLIB_ERR_STAT;
                goto out;
        }
 
-       if (unlikely(!(requestedPerms & FILE_READ_DATA)) &&
-           !(file_info.attributes & FILE_ATTRIBUTE_ENCRYPTED))
-       {
-               ERROR("\"%ls\": Permission to read data was denied",
-                     printable_path(full_path));
-               ret = WIMLIB_ERR_OPEN;
-               goto out;
-       }
-
        /* Create a WIM dentry with an associated inode, which may be shared.
         *
         * However, we need to explicitly check for directories and files with
@@ -1667,14 +1816,26 @@ retry_open:
        if (!(ctx->params->add_flags & WIMLIB_ADD_FLAG_NO_ACLS)
            && (ctx->vol_flags & FILE_PERSISTENT_ACLS))
        {
-               ret = winnt_load_security_descriptor(h, inode, full_path, ctx);
+               ret = winnt_load_security_descriptor(h, inode, ctx);
+               if (ret)
+                       goto out;
+       }
+
+       /* Get the file's object ID.  */
+       ret = winnt_load_object_id(h, inode, ctx);
+       if (ret)
+               goto out;
+
+       /* Get the file's extended attributes.  */
+       if (unlikely(file_info.ea_size != 0)) {
+               ret = winnt_load_xattrs(h, inode, ctx, file_info.ea_size);
                if (ret)
                        goto out;
        }
 
        /* If this is a reparse point, load the reparse data.  */
        if (unlikely(inode->i_attributes & FILE_ATTRIBUTE_REPARSE_POINT)) {
-               ret = winnt_load_reparse_data(h, inode, full_path, ctx->params);
+               ret = winnt_load_reparse_data(h, inode, ctx);
                if (ret)
                        goto out;
        }
@@ -1690,10 +1851,9 @@ retry_open:
                 * ERROR_SHARING_VIOLATION if there are any open handles to the
                 * file, we have to close the file and re-open it later if
                 * needed.  */
-               (*func_NtClose)(h);
+               NtClose(h);
                h = NULL;
-               ret = winnt_scan_efsrpc_raw_data(inode, full_path,
-                                                full_path_nchars, ctx);
+               ret = winnt_scan_efsrpc_raw_data(inode, ctx);
                if (ret)
                        goto out;
        } else {
@@ -1708,8 +1868,6 @@ retry_open:
                 * the EFSRPC data and the named data stream(s)...!
                 */
                ret = winnt_scan_data_streams(h,
-                                             full_path,
-                                             full_path_nchars,
                                              inode,
                                              file_info.end_of_file,
                                              ctx);
@@ -1717,8 +1875,8 @@ retry_open:
                        goto out;
        }
 
-       if (unlikely(should_try_to_use_wimboot_hash(inode, ctx, ctx->params))) {
-               ret = try_to_use_wimboot_hash(h, inode, ctx, full_path);
+       if (unlikely(should_try_to_use_wimboot_hash(inode, ctx))) {
+               ret = try_to_use_wimboot_hash(h, inode, ctx);
                if (ret)
                        goto out;
        }
@@ -1729,44 +1887,37 @@ retry_open:
 
                /* Directory: recurse to children.  */
 
-               if (unlikely(!h)) {
-                       /* Re-open handle that was closed to read raw encrypted
-                        * data.  */
-                       status = winnt_openat(cur_dir,
-                                             relative_path,
-                                             relative_path_nchars,
-                                             FILE_LIST_DIRECTORY | SYNCHRONIZE,
-                                             &h);
-                       if (!NT_SUCCESS(status)) {
-                               winnt_error(status,
-                                           L"\"%ls\": Can't re-open file",
-                                           printable_path(full_path));
-                               ret = WIMLIB_ERR_OPEN;
-                               goto out;
-                       }
+               /* Re-open the directory with FILE_LIST_DIRECTORY access.  */
+               if (h) {
+                       NtClose(h);
+                       h = NULL;
                }
-               ret = winnt_recurse_directory(h,
-                                             full_path,
-                                             full_path_nchars,
-                                             root,
-                                             ctx);
+               status = winnt_openat(cur_dir, relative_path,
+                                     relative_path_nchars, FILE_LIST_DIRECTORY,
+                                     &h);
+               if (!NT_SUCCESS(status)) {
+                       winnt_error(status, L"\"%ls\": Can't open directory",
+                                   printable_path(ctx));
+                       ret = WIMLIB_ERR_OPEN;
+                       goto out;
+               }
+               ret = winnt_recurse_directory(h, root, ctx);
                if (ret)
                        goto out;
        }
 
 out_progress:
-       ctx->params->progress.scan.cur_path = printable_path(full_path);
        if (likely(root))
-               ret = do_capture_progress(ctx->params, WIMLIB_SCAN_DENTRY_OK, inode);
+               ret = do_scan_progress(ctx->params, WIMLIB_SCAN_DENTRY_OK, inode);
        else
-               ret = do_capture_progress(ctx->params, WIMLIB_SCAN_DENTRY_EXCLUDED, NULL);
+               ret = do_scan_progress(ctx->params, WIMLIB_SCAN_DENTRY_EXCLUDED, NULL);
 out:
        if (likely(h))
-               (*func_NtClose)(h);
+               NtClose(h);
        if (unlikely(ret)) {
                free_dentry_tree(root, ctx->params->blob_table);
                root = NULL;
-               ret = report_capture_error(ctx->params, ret, full_path);
+               ret = report_scan_error(ctx->params, ret);
        }
        *root_ret = root;
        return ret;
@@ -1926,6 +2077,10 @@ typedef struct {
 #define NTFS_IS_SPECIAL_FILE(ino)                      \
        (NTFS_MFT_NO(ino) <= 15 && !NTFS_IS_ROOT_FILE(ino))
 
+#define NTFS_SPECIAL_STREAM_OBJECT_ID          0x00000001
+#define NTFS_SPECIAL_STREAM_EA                 0x00000002
+#define NTFS_SPECIAL_STREAM_EA_INFORMATION     0x00000004
+
 /* Intermediate inode structure.  This is used to temporarily save information
  * from FSCTL_QUERY_FILE_LAYOUT before creating the full 'struct wim_inode'.  */
 struct ntfs_inode {
@@ -1939,6 +2094,7 @@ struct ntfs_inode {
        u32 security_id;
        u32 num_aliases;
        u32 num_streams;
+       u32 special_streams;
        u32 first_stream_offset;
        struct ntfs_dentry *first_child;
        wchar_t short_name[13];
@@ -2109,6 +2265,10 @@ is_valid_stream_entry(const STREAM_LAYOUT_ENTRY *stream)
                         stream->StreamIdentifierLength / 2);
 }
 
+/* assumes that 'id' is a wide string literal */
+#define stream_has_identifier(stream, id)                              \
+       ((stream)->StreamIdentifierLength == sizeof(id) - 2 &&          \
+        !memcmp((stream)->StreamIdentifier, id, sizeof(id) - 2))
 /*
  * If the specified STREAM_LAYOUT_ENTRY represents a DATA stream as opposed to
  * some other type of NTFS stream such as a STANDARD_INFORMATION stream, return
@@ -2145,14 +2305,18 @@ use_stream(const FILE_LAYOUT_ENTRY *file, const STREAM_LAYOUT_ENTRY *stream,
 
 /* Validate the STREAM_LAYOUT_ENTRYs of the specified file and compute the total
  * length in bytes of the ntfs_stream structures needed to hold the stream
- * information.  */
+ * information.  In addition, set *special_streams_ret to a bitmask of special
+ * stream types that were found.  */
 static int
 validate_streams_and_compute_total_length(const FILE_LAYOUT_ENTRY *file,
-                                         size_t *total_length_ret)
+                                         size_t *total_length_ret,
+                                         u32 *special_streams_ret)
 {
        const STREAM_LAYOUT_ENTRY *stream =
                (const void *)file + file->FirstStreamOffset;
        size_t total = 0;
+       u32 special_streams = 0;
+
        for (;;) {
                const wchar_t *name;
                size_t name_nchars;
@@ -2172,6 +2336,12 @@ validate_streams_and_compute_total_length(const FILE_LAYOUT_ENTRY *file,
                if (use_stream(file, stream, &name, &name_nchars)) {
                        total += ALIGN(sizeof(struct ntfs_stream) +
                                       (name_nchars + 1) * sizeof(wchar_t), 8);
+               } else if (stream_has_identifier(stream, L"::$OBJECT_ID")) {
+                       special_streams |= NTFS_SPECIAL_STREAM_OBJECT_ID;
+               } else if (stream_has_identifier(stream, L"::$EA")) {
+                       special_streams |= NTFS_SPECIAL_STREAM_EA;
+               } else if (stream_has_identifier(stream, L"::$EA_INFORMATION")) {
+                       special_streams |= NTFS_SPECIAL_STREAM_EA_INFORMATION;
                }
                if (stream->NextStreamOffset == 0)
                        break;
@@ -2179,6 +2349,7 @@ validate_streams_and_compute_total_length(const FILE_LAYOUT_ENTRY *file,
        }
 
        *total_length_ret = total;
+       *special_streams_ret = special_streams;
        return 0;
 }
 
@@ -2275,6 +2446,7 @@ load_one_file(const FILE_LAYOUT_ENTRY *file, struct ntfs_inode_map *inode_map)
        size_t n;
        int ret;
        void *p;
+       u32 special_streams = 0;
 
        inode_size = ALIGN(sizeof(struct ntfs_inode), 8);
 
@@ -2291,7 +2463,8 @@ load_one_file(const FILE_LAYOUT_ENTRY *file, struct ntfs_inode_map *inode_map)
        }
 
        if (file_has_streams(file)) {
-               ret = validate_streams_and_compute_total_length(file, &n);
+               ret = validate_streams_and_compute_total_length(file, &n,
+                                                               &special_streams);
                if (ret)
                        return ret;
                inode_size += n;
@@ -2309,6 +2482,7 @@ load_one_file(const FILE_LAYOUT_ENTRY *file, struct ntfs_inode_map *inode_map)
        ni->last_write_time = info->BasicInformation.LastWriteTime;
        ni->last_access_time = info->BasicInformation.LastAccessTime;
        ni->security_id = info->SecurityId;
+       ni->special_streams = special_streams;
 
        p = FIRST_DENTRY(ni);
 
@@ -2345,53 +2519,63 @@ load_files_from_mft(const wchar_t *path, struct ntfs_inode_map *inode_map)
                         QUERY_FILE_LAYOUT_INCLUDE_STREAMS_WITH_NO_CLUSTERS_ALLOCATED,
                .FilterType = QUERY_FILE_LAYOUT_FILTER_TYPE_NONE,
        };
-       const size_t outsize = 32768;
+       size_t outsize = 32768;
        QUERY_FILE_LAYOUT_OUTPUT *out = NULL;
-       DWORD bytes_returned;
        int ret;
-       DWORD err;
        NTSTATUS status;
 
        status = winnt_open(path, wcslen(path),
-                           FILE_READ_DATA | SYNCHRONIZE | FILE_READ_ATTRIBUTES,
-                           &h);
+                           FILE_READ_DATA | FILE_READ_ATTRIBUTES, &h);
        if (!NT_SUCCESS(status)) {
                ret = -1; /* Silently try standard recursive scan instead  */
                goto out;
        }
 
-       out = MALLOC(outsize);
-       if (!out) {
-               ret = WIMLIB_ERR_NOMEM;
-               goto out;
-       }
+       for (;;) {
+               /* Allocate a buffer for the output of the ioctl.  */
+               out = MALLOC(outsize);
+               if (!out) {
+                       ret = WIMLIB_ERR_NOMEM;
+                       goto out;
+               }
 
-       while (DeviceIoControl(h, FSCTL_QUERY_FILE_LAYOUT, &in, sizeof(in),
-                              out, outsize, &bytes_returned, NULL))
-       {
-               const FILE_LAYOUT_ENTRY *file =
-                       (const void *)out + out->FirstFileOffset;
-               for (;;) {
-                       ret = load_one_file(file, inode_map);
-                       if (ret)
-                               goto out;
-                       if (file->NextFileOffset == 0)
-                               break;
-                       file = (const void *)file + file->NextFileOffset;
+               /* Execute FSCTL_QUERY_FILE_LAYOUT until it fails.  */
+               while (NT_SUCCESS(status = winnt_fsctl(h,
+                                                      FSCTL_QUERY_FILE_LAYOUT,
+                                                      &in, sizeof(in),
+                                                      out, outsize, NULL)))
+               {
+                       const FILE_LAYOUT_ENTRY *file =
+                               (const void *)out + out->FirstFileOffset;
+                       for (;;) {
+                               ret = load_one_file(file, inode_map);
+                               if (ret)
+                                       goto out;
+                               if (file->NextFileOffset == 0)
+                                       break;
+                               file = (const void *)file + file->NextFileOffset;
+                       }
+                       in.Flags &= ~QUERY_FILE_LAYOUT_RESTART;
                }
-               in.Flags &= ~QUERY_FILE_LAYOUT_RESTART;
+
+               /* Enlarge the buffer if needed.  */
+               if (status != STATUS_BUFFER_TOO_SMALL)
+                       break;
+               FREE(out);
+               outsize *= 2;
        }
 
-       /* Normally, FSCTL_QUERY_FILE_LAYOUT fails with error code 38 after all
-        * files have been enumerated.  */
-       err = GetLastError();
-       if (err != 38) {
-               if (err == ERROR_INVALID_FUNCTION ||
-                   err == ERROR_INVALID_PARAMETER) {
+       /* Normally, FSCTL_QUERY_FILE_LAYOUT fails with STATUS_END_OF_FILE after
+        * all files have been enumerated.  */
+       if (status != STATUS_END_OF_FILE) {
+               if (status == STATUS_INVALID_DEVICE_REQUEST /* old OS */ ||
+                   status == STATUS_NOT_SUPPORTED /* Samba volume, WinXP */ ||
+                   status == STATUS_INVALID_PARAMETER /* not root directory */ )
+               {
                        /* Silently try standard recursive scan instead  */
                        ret = -1;
                } else {
-                       win32_error(err,
+                       winnt_error(status,
                                    L"Error enumerating files on volume \"%ls\"",
                                    path);
                        /* Try standard recursive scan instead  */
@@ -2402,7 +2586,7 @@ load_files_from_mft(const wchar_t *path, struct ntfs_inode_map *inode_map)
        ret = 0;
 out:
        FREE(out);
-       (*func_NtClose)(h);
+       NtClose(h);
        return ret;
 }
 
@@ -2477,6 +2661,9 @@ security_map_lookup(struct security_map *map, u32 disk_security_id)
        struct security_map_node tmp;
        const struct avl_tree_node *res;
 
+       if (disk_security_id == 0)  /* No on-disk security ID; uncacheable  */
+               return -1;
+
        tmp.disk_security_id = disk_security_id;
        res = avl_tree_lookup_node(map->root, &tmp.index_node,
                                   _avl_cmp_security_map_nodes);
@@ -2491,6 +2678,9 @@ security_map_insert(struct security_map *map, u32 disk_security_id,
 {
        struct security_map_node *node;
 
+       if (disk_security_id == 0)  /* No on-disk security ID; uncacheable  */
+               return 0;
+
        node = MALLOC(sizeof(*node));
        if (!node)
                return WIMLIB_ERR_NOMEM;
@@ -2527,7 +2717,6 @@ security_map_destroy(struct security_map *map)
  */
 static int
 generate_wim_structures_recursive(struct wim_dentry **root_ret,
-                                 wchar_t *path, size_t path_nchars,
                                  const wchar_t *filename, bool is_primary_name,
                                  struct ntfs_inode *ni,
                                  struct winnt_scan_ctx *ctx,
@@ -2548,21 +2737,20 @@ generate_wim_structures_recursive(struct wim_dentry **root_ret,
         * filter driver (WOF) hides reparse points from regular filesystem APIs
         * but not from FSCTL_QUERY_FILE_LAYOUT.  */
        if (ni->attributes & (FILE_ATTRIBUTE_REPARSE_POINT |
-                             FILE_ATTRIBUTE_ENCRYPTED))
+                             FILE_ATTRIBUTE_ENCRYPTED) ||
+           ni->special_streams != 0)
        {
                ret = winnt_build_dentry_tree_recursive(&root,
                                                        NULL,
-                                                       path,
-                                                       path_nchars,
-                                                       path,
-                                                       path_nchars,
+                                                       ctx->params->cur_path,
+                                                       ctx->params->cur_path_nchars,
                                                        filename,
                                                        ctx);
                goto out;
        }
 
        /* Test for exclusion based on path.  */
-       ret = try_exclude(path, ctx->params);
+       ret = try_exclude(ctx->params);
        if (unlikely(ret < 0)) /* Excluded? */
                goto out_progress;
        if (unlikely(ret > 0)) /* Error? */
@@ -2616,19 +2804,19 @@ generate_wim_structures_recursive(struct wim_dentry **root_ret,
                        /* Create a mapping for this security ID and insert it
                         * into the security map.  */
 
-                       status = winnt_open(path, path_nchars,
+                       status = winnt_open(ctx->params->cur_path,
+                                           ctx->params->cur_path_nchars,
                                            READ_CONTROL |
-                                               ACCESS_SYSTEM_SECURITY |
-                                               SYNCHRONIZE, &h);
+                                               ACCESS_SYSTEM_SECURITY, &h);
                        if (!NT_SUCCESS(status)) {
                                winnt_error(status, L"Can't open \"%ls\" to "
                                            "read security descriptor",
-                                           printable_path(path));
+                                           printable_path(ctx));
                                ret = WIMLIB_ERR_OPEN;
                                goto out;
                        }
-                       ret = winnt_load_security_descriptor(h, inode, path, ctx);
-                       (*func_NtClose)(h);
+                       ret = winnt_load_security_descriptor(h, inode, ctx);
+                       NtClose(h);
                        if (ret)
                                goto out;
 
@@ -2643,25 +2831,25 @@ generate_wim_structures_recursive(struct wim_dentry **root_ret,
        ns = FIRST_STREAM(ni);
        for (u32 i = 0; i < ni->num_streams; i++) {
                struct windows_file *windows_file;
-               size_t stream_name_nchars;
 
+               /* Reference the stream by path if it's a named data stream, or
+                * if the volume doesn't support "open by file ID", or if the
+                * application hasn't explicitly opted in to "open by file ID".
+                * Otherwise, only save the inode number (file ID).  */
                if (*ns->name ||
-                   !(ctx->vol_flags & FILE_SUPPORTS_OPEN_BY_FILE_ID))
+                   !(ctx->vol_flags & FILE_SUPPORTS_OPEN_BY_FILE_ID) ||
+                   !(ctx->params->add_flags & WIMLIB_ADD_FLAG_FILE_PATHS_UNNEEDED))
                {
-                       /* Named data stream: reference by path  */
-                       stream_name_nchars = wcslen(ns->name);
-                       windows_file = alloc_windows_file(path,
-                                                         path_nchars,
+                       windows_file = alloc_windows_file(ctx->params->cur_path,
+                                                         ctx->params->cur_path_nchars,
                                                          ns->name,
-                                                         stream_name_nchars,
+                                                         wcslen(ns->name),
                                                          ctx->snapshot,
                                                          false);
                } else {
-                       /* Unamed data stream: reference by file ID (inode number)  */
-                       stream_name_nchars = 0;
                        windows_file = alloc_windows_file_for_file_id(ni->ino,
-                                                                     path,
-                                                                     ctx->params->capture_root_nchars + 1,
+                                                                     ctx->params->cur_path,
+                                                                     ctx->params->root_path_nchars,
                                                                      ctx->snapshot);
                }
 
@@ -2682,20 +2870,18 @@ generate_wim_structures_recursive(struct wim_dentry **root_ret,
                const struct ntfs_dentry *nd = ni->first_child;
 
                while (nd != NULL) {
-                       const size_t name_len = wcslen(nd->name);
-                       wchar_t *p = path + path_nchars;
+                       size_t orig_path_nchars;
                        struct wim_dentry *child;
                        const struct ntfs_dentry *next = nd->next_child;
 
-                       if (*(p - 1) != L'\\')
-                               *p++ = L'\\';
-                       p = wmempcpy(p, nd->name, name_len);
-                       *p = '\0';
+                       ret = WIMLIB_ERR_NOMEM;
+                       if (!pathbuf_append_name(ctx->params, nd->name,
+                                                wcslen(nd->name),
+                                                &orig_path_nchars))
+                               goto out;
 
                        ret = generate_wim_structures_recursive(
                                        &child,
-                                       path,
-                                       p - path,
                                        nd->name,
                                        nd->is_primary,
                                        (void *)nd - nd->offset_from_inode,
@@ -2703,7 +2889,7 @@ generate_wim_structures_recursive(struct wim_dentry **root_ret,
                                        inode_map,
                                        security_map);
 
-                       path[path_nchars] = L'\0';
+                       pathbuf_truncate(ctx->params, orig_path_nchars);
 
                        if (ret)
                                goto out;
@@ -2714,11 +2900,10 @@ generate_wim_structures_recursive(struct wim_dentry **root_ret,
        }
 
 out_progress:
-       ctx->params->progress.scan.cur_path = printable_path(path);
        if (likely(root))
-               ret = do_capture_progress(ctx->params, WIMLIB_SCAN_DENTRY_OK, inode);
+               ret = do_scan_progress(ctx->params, WIMLIB_SCAN_DENTRY_OK, inode);
        else
-               ret = do_capture_progress(ctx->params, WIMLIB_SCAN_DENTRY_EXCLUDED, NULL);
+               ret = do_scan_progress(ctx->params, WIMLIB_SCAN_DENTRY_EXCLUDED, NULL);
 out:
        if (--ni->num_aliases == 0) {
                /* Memory usage optimization: when we don't need the ntfs_inode
@@ -2734,12 +2919,14 @@ out:
 }
 
 static int
-winnt_build_dentry_tree_fast(struct wim_dentry **root_ret, wchar_t *path,
-                            size_t path_nchars, struct winnt_scan_ctx *ctx)
+winnt_build_dentry_tree_fast(struct wim_dentry **root_ret,
+                            struct winnt_scan_ctx *ctx)
 {
        struct ntfs_inode_map inode_map = { .root = NULL };
        struct security_map security_map = { .root = NULL };
        struct ntfs_inode *root = NULL;
+       wchar_t *path = ctx->params->cur_path;
+       size_t path_nchars = ctx->params->cur_path_nchars;
        bool adjust_path;
        int ret;
 
@@ -2768,8 +2955,7 @@ winnt_build_dentry_tree_fast(struct wim_dentry **root_ret, wchar_t *path,
 
        root->num_aliases = 1;
 
-       ret = generate_wim_structures_recursive(root_ret, path, path_nchars,
-                                               L"", false, root, ctx,
+       ret = generate_wim_structures_recursive(root_ret, L"", false, root, ctx,
                                                &inode_map, &security_map);
 out:
        ntfs_inode_map_destroy(&inode_map);
@@ -2783,28 +2969,17 @@ out:
  *                 Entry point for directory tree scans on Windows            *
  *----------------------------------------------------------------------------*/
 
-#define WINDOWS_NT_MAX_PATH 32768
-
 int
 win32_build_dentry_tree(struct wim_dentry **root_ret,
                        const wchar_t *root_disk_path,
-                       struct capture_params *params)
+                       struct scan_params *params)
 {
-       wchar_t *path = NULL;
        struct winnt_scan_ctx ctx = { .params = params };
        UNICODE_STRING ntpath;
-       size_t ntpath_nchars;
        HANDLE h = NULL;
        NTSTATUS status;
        int ret;
 
-       /* WARNING: There is no check for overflow later when this buffer is
-        * being used!  But it's as long as the maximum path length understood
-        * by Windows NT (which is NOT the same as MAX_PATH).  */
-       path = MALLOC((WINDOWS_NT_MAX_PATH + 1) * sizeof(wchar_t));
-       if (!path)
-               return WIMLIB_ERR_NOMEM;
-
        if (params->add_flags & WIMLIB_ADD_FLAG_SNAPSHOT)
                ret = vss_create_snapshot(root_disk_path, &ntpath, &ctx.snapshot);
        else
@@ -2814,30 +2989,21 @@ win32_build_dentry_tree(struct wim_dentry **root_ret,
                goto out;
 
        if (ntpath.Length < 4 * sizeof(wchar_t) ||
-           ntpath.Length > WINDOWS_NT_MAX_PATH * sizeof(wchar_t) ||
            wmemcmp(ntpath.Buffer, L"\\??\\", 4))
        {
                ERROR("\"%ls\": unrecognized path format", root_disk_path);
                ret = WIMLIB_ERR_INVALID_PARAM;
        } else {
-               ntpath_nchars = ntpath.Length / sizeof(wchar_t);
-               wmemcpy(path, ntpath.Buffer, ntpath_nchars);
-               path[ntpath_nchars] = L'\0';
-
-               params->capture_root_nchars = ntpath_nchars;
-               if (path[ntpath_nchars - 1] == L'\\')
-                       params->capture_root_nchars--;
-               ret = 0;
+               ret = pathbuf_init(params, ntpath.Buffer);
        }
        HeapFree(GetProcessHeap(), 0, ntpath.Buffer);
        if (ret)
                goto out;
 
-       status = winnt_open(path, ntpath_nchars,
-                           FILE_TRAVERSE | FILE_READ_ATTRIBUTES | SYNCHRONIZE,
-                           &h);
+       status = winnt_open(params->cur_path, params->cur_path_nchars,
+                           FILE_READ_ATTRIBUTES, &h);
        if (!NT_SUCCESS(status)) {
-               winnt_error(status, L"Can't open \"%ls\"", printable_path(path));
+               winnt_error(status, L"Can't open \"%ls\"", root_disk_path);
                if (status == STATUS_FVE_LOCKED_VOLUME)
                        ret = WIMLIB_ERR_FVE_LOCKED_VOLUME;
                else
@@ -2845,14 +3011,13 @@ win32_build_dentry_tree(struct wim_dentry **root_ret,
                goto out;
        }
 
-       get_volume_information(h, path, &ctx);
+       get_volume_information(h, &ctx);
 
-       (*func_NtClose)(h);
+       NtClose(h);
 
 #ifdef ENABLE_FAST_MFT_SCAN
        if (ctx.is_ntfs && !_wgetenv(L"WIMLIB_DISABLE_QUERY_FILE_LAYOUT")) {
-               ret = winnt_build_dentry_tree_fast(root_ret, path,
-                                                  ntpath_nchars, &ctx);
+               ret = winnt_build_dentry_tree_fast(root_ret, &ctx);
                if (ret >= 0 && ret != WIMLIB_ERR_UNSUPPORTED)
                        goto out;
                if (ret >= 0) {
@@ -2863,12 +3028,11 @@ win32_build_dentry_tree(struct wim_dentry **root_ret,
        }
 #endif
        ret = winnt_build_dentry_tree_recursive(root_ret, NULL,
-                                               path, ntpath_nchars,
-                                               path, ntpath_nchars,
+                                               params->cur_path,
+                                               params->cur_path_nchars,
                                                L"", &ctx);
 out:
        vss_put_snapshot(ctx.snapshot);
-       FREE(path);
        if (ret == 0)
                winnt_do_scan_warnings(root_disk_path, &ctx);
        return ret;