You just need to open the volume descriptor using CreateFile () in \. \ X: where X is the drive letter (check the MSDN documentation on CreateFile (), this is mentioned in the Remarks section).
Read the first sector in the NTFS boot record structure (you can find it on the Internet, find Richard "Flatcap" Russon, change: I found it, http://www.flatcap.org/ntfs/ntfs/files/boot.html ). One of the fields in the boot sector structure gives the initial MFT location in the clusters (LCN VCN 0 of $ MFT), you must setFilePointer () so that this place is read in multiple sectors. The first 1024 bytes from this location are the $ MFT file entry, again you can analyze this structure to find a data attribute that is always non-resident, and the size of this file is the actual size of the MFT file at this time.
The basic structures for $ Boot, File Record, and basic attributes (standard information, file name, and data) along with the parsing code must contain less than 1000 lines of code.