2

I searched a lot to get write - access to the boot sector (Master File Table ). I used CreateFile function with write access parameters like, GENERIC_WRITE. Then used SetFilePointer and WriteFile to write on a particular memory address. But what I always get is System.AccessViolationException (Windows 7). Am I doing something wrong here ?

I want to know if there is any alternative to CreateFile - WriteFile functions to get wrtie - access to boot sector ?

OR I was thinking if there is any way to use Interrup Service Routine to write on particular disk sectors in VC++ (C++/Cli) ?

rkosegi
  • 14,165
  • 5
  • 50
  • 83
Hemendra Sharma
  • 1,063
  • 9
  • 21

1 Answers1

3

According to Microsoft KB you have to call CreateFile with FILE_SHARE_READ and FILE_SHARE_WRITE on "\\.\PhysicalDriveN", where N is zero-based physical drive index. Then you can access the entire drive as one huge file. You have to be an administrator on your machine for this to work!

You can open a physical or logical drive using the CreateFile() application programming interface (API) with these device names provided that you have the appropriate access rights to the drive (that is, you must be an administrator). You must use both the CreateFile() FILE_SHARE_READ and FILE_SHARE_WRITE flags to gain access to the drive.

Once the logical or physical drive has been opened, you can then perform direct I/O to the data on the entire drive. When performing direct disk I/O, you must seek, read, and write in multiples of sector sizes of the device and on sector boundaries. Call DeviceIoControl() using IOCTL_DISK_GET_DRIVE_GEOMETRY to get the bytes per sector, number of sectors, sectors per track, and so forth, so that you can compute the size of the buffer that you will need.

Update: I did some research and I found out that starting Vista you have to obtain the lock on the volume or dismount it. Otherwise the writes would fail. In the docs Microsoft says:

If you write directly to a volume that has a mounted file system, you must first obtain exclusive access to the volume. Otherwise, you risk causing data corruption or system instability, because your application's writes may conflict with other changes coming from the file system and leave the contents of the volume in an inconsistent state. To prevent these problems, the following changes have been made in Windows Vista and later:

A write on a volume handle will succeed if the volume does not have a mounted file system, or if one of the following conditions is true:

  • The sectors to be written to are boot sectors.
  • The sectors to be written to reside outside of file system space.
  • You have explicitly locked or dismounted the volume by using FSCTL_LOCK_VOLUME or FSCTL_DISMOUNT_VOLUME.
  • The volume has no actual file system. (In other words, it has a RAW file system mounted.)

A write on a disk handle will succeed if one of the following conditions is true:

  • The sectors to be written to do not fall within a volume's extents.
  • The sectors to be written to fall within a mounted volume, but you have explicitly locked or dismounted the volume by using FSCTL_LOCK_VOLUME or FSCTL_DISMOUNT_VOLUME.
  • The sectors to be written to fall within a volume that has no mounted file system other than RAW.
detunized
  • 15,059
  • 3
  • 48
  • 64
  • About your update: that says you don't need to lock/dismount the volume if you're only writing boot sectors, as long as you're writing through a volume handle, does it not? –  Oct 17 '12 at 07:57
  • @hvd, there's not enough information in the original question. It's not clear of OP is opening a volume or a physical drive. He could also be writing into some other area by mistake. It's easy to lock the volume and see if the problem goes away. – detunized Oct 17 '12 at 08:02
  • Sure, although I don't see how attempting to write to the file system data can result in an `AccessViolationException`: that almost certainly indicates an incorrect use of pointers. –  Oct 17 '12 at 08:05
  • I say, this is the best and exact answer to my problem, which is solved now. Thanks @detunized – Hemendra Sharma Oct 17 '12 at 10:41