Accessing HDD drive
-
How is the way to open a HDD drive with _open function in such a way to read even the boot section of this drive ? Here is the code:
int hd_h = _open(device, O_BINARY | O_RDWR | O_EXCL);
device is provided with
"\\\\?\\E:"
This is the code from ntfs library GitHub - vitalif/ntfs-3g: Fork of git://ntfs-3g.git.sourceforge.net/gitroot/ntfs-3g/ntfs-3g with FIEMAP support patch[^] Why I am asking that ? Even if _open return 3, further more, the reading of boot section has failed. Function
ntfs_boot_sector_is_ntfs
say that my boot device is not NTFS:
if (! ntfs\_boot\_sector\_is\_ntfs(bs)) { errno = EINVAL; goto error\_exit; }BOOL ntfs_boot_sector_is_ntfs(NTFS_BOOT_SECTOR* b)
{
u32 i;
BOOL ret = FALSE;
ntfs_log_debug("Beginning bootsector check.\n");ntfs\_log\_debug("Checking OEMid, NTFS signature.\\n"); if (b->oem\_id != const\_cpu\_to\_le64(0x202020205346544eULL)) // "NTFS " { ntfs\_log\_error("NTFS signature is missing.\\n"); // <--- my code run by here goto not\_ntfs; }....
Of course, this debugging session ran as admin mode.
-
How is the way to open a HDD drive with _open function in such a way to read even the boot section of this drive ? Here is the code:
int hd_h = _open(device, O_BINARY | O_RDWR | O_EXCL);
device is provided with
"\\\\?\\E:"
This is the code from ntfs library GitHub - vitalif/ntfs-3g: Fork of git://ntfs-3g.git.sourceforge.net/gitroot/ntfs-3g/ntfs-3g with FIEMAP support patch[^] Why I am asking that ? Even if _open return 3, further more, the reading of boot section has failed. Function
ntfs_boot_sector_is_ntfs
say that my boot device is not NTFS:
if (! ntfs\_boot\_sector\_is\_ntfs(bs)) { errno = EINVAL; goto error\_exit; }BOOL ntfs_boot_sector_is_ntfs(NTFS_BOOT_SECTOR* b)
{
u32 i;
BOOL ret = FALSE;
ntfs_log_debug("Beginning bootsector check.\n");ntfs\_log\_debug("Checking OEMid, NTFS signature.\\n"); if (b->oem\_id != const\_cpu\_to\_le64(0x202020205346544eULL)) // "NTFS " { ntfs\_log\_error("NTFS signature is missing.\\n"); // <--- my code run by here goto not\_ntfs; }....
Of course, this debugging session ran as admin mode.
-
I not sure that you can access the boot sector using a drive letter. I think you need to address it as something like Device\Partition0. Google can probably find the correct syntax.
-
Good point, I have tried in this way:
"\\\\.\\PHYSICALDRIVE2"
... but with exactly the same result ... strange ...
-
Good point, I have tried in this way:
"\\\\.\\PHYSICALDRIVE2"
... but with exactly the same result ... strange ...
I haven't gotten around to check this out myself yet, but I am studying the "Windows Internals" book by Mark Russinovich (the guy creating the Sysinternals suite). There I found that the object name \Device\HarddiskX\DRX (with 'X' being replaced by a digit from 0 upwards; you can find it using the Sysinternals WinObj utility). It is not clear to me when to use this name and when to use the \Global??\PhysicalDriveX name. Russinovich writes that "The Windows application layer converts the name to \Global??\PhysicalDriveX berofe handling the name to the Windwows object manager" - it seems like that PhysicalDriveX format is some old legacy format. It is far from clear to me! So you may try a Global??\ prefix, or you might try \Device\HarddiskX\DRX (appearently with X replaced by 2 in your case). When you find out what works, tell it, and I will use it when I get that far myself!
-
Good point, I have tried in this way:
"\\\\.\\PHYSICALDRIVE2"
... but with exactly the same result ... strange ...
Given that you're looking at ntfs, can we assume you're doing this under Windows? According to https://support.microsoft.com/en-us/help/100027/info-direct-drive-access-under-win32[^], you can't open the raw drive with exclusive access.
Be wary of strong drink. It can make you shoot at tax collectors - and miss. Lazarus Long, "Time Enough For Love" by Robert A. Heinlein
-
Given that you're looking at ntfs, can we assume you're doing this under Windows? According to https://support.microsoft.com/en-us/help/100027/info-direct-drive-access-under-win32[^], you can't open the raw drive with exclusive access.
Be wary of strong drink. It can make you shoot at tax collectors - and miss. Lazarus Long, "Time Enough For Love" by Robert A. Heinlein
-
Are you sure that is a valid disk name? If you enter the command
Get-PhysicalDiskin a PowerShell window, you will get a list of the known physical disks on your system. See Get-PhysicalDisk[^]. [edit] Here is a better command:Get-WmiObject Win32_DiskDrive
[/edit]
-
I just tried the following code and it returns a valid handle. Note that this must run with administrator privileges:
HANDLE hFile = CreateFileW(L"\\\\\\\\.\\\\PhysicalDrive0", GENERIC\_READ, FILE\_SHARE\_READ | FILE\_SHARE\_WRITE, NULL, OPEN\_EXISTING, FILE\_ATTRIBUTE\_NORMAL, NULL ); cout << "Handle: " << hex << hFile << endl; CloseHandle(hFile); -
I was not pointing out the name to be used -- I was pointing out the access that must be used. Since your disk name is correct (assuming that drive 2 exists :) ), the access mode seems like a good subject for investigation. A quick google indicates this is OS-dependent when using the open function.
Be wary of strong drink. It can make you shoot at tax collectors - and miss. Lazarus Long, "Time Enough For Love" by Robert A. Heinlein
-
I just tried the following code and it returns a valid handle. Note that this must run with administrator privileges:
HANDLE hFile = CreateFileW(L"\\\\\\\\.\\\\PhysicalDrive0", GENERIC\_READ, FILE\_SHARE\_READ | FILE\_SHARE\_WRITE, NULL, OPEN\_EXISTING, FILE\_ATTRIBUTE\_NORMAL, NULL ); cout << "Handle: " << hex << hFile << endl; CloseHandle(hFile);Yes, the name of the drive is correct, that is for sure. And I have tried:
HANDLE hFile = CreateFileW(L"\\\\\\\\.\\\\PhysicalDrive2", GENERIC\_READ, FILE\_SHARE\_READ | FILE\_SHARE\_WRITE, NULL, OPEN\_EXISTING, FILE\_ATTRIBUTE\_NORMAL, NULL ); TRACE("Handle: %X %p", hFile, hFile); CloseHandle(hFile);and the result was:
Handle: 434 00000434. So this prove that I have read it successfully ?