1

I'm trying to write directly to an offset on a disk (I'm running it inside a virtual machine, but nontheless) using the following code:

int main()
{
    OVERLAPPED overlapped;


    char DataBuffer[] = "AAAAAAA";
    HANDLE dHandle = CreateFile(_T("\\\\.\\PhysicalDrive0"),
        GENERIC_READ | GENERIC_WRITE,
        0,
        NULL,
        OPEN_EXISTING,
        FILE_FLAG_NO_BUFFERING,
        NULL
    );

    // LOCK DISK
    int err;
    DWORD stuff = 0;
    if (!DeviceIoControl
    (
        dHandle,
        FSCTL_LOCK_VOLUME,
        NULL,
        0,
        NULL,
        0,
        &stuff,
        NULL
    ))
    {
        err = GetLastError();
        fprintf(stderr, "Error %u locking volume.\n", err);
        return err;
    }


    DWORD lpBytesReturned;
    if (!DeviceIoControl(
        dHandle,            // handle to a volume
        (DWORD)FSCTL_DISMOUNT_VOLUME,   // dwIoControlCode
        NULL,                        // lpInBuffer
        0,                           // nInBufferSize
        NULL,                        // lpOutBuffer
        0,                           // nOutBufferSize
        &lpBytesReturned,   // number of bytes returned
        NULL  // OVERLAPPED structure
    )) {
        err = GetLastError();
        fprintf(stderr, "Error %u dismount volume.\n", err);
        return err;
    }


    printf("Handle is : %d\n", dHandle);
    int set_res = SetFilePointer(dHandle, 791908352, NULL, FILE_BEGIN);
    if (set_res == INVALID_SET_FILE_POINTER) {
        printf("invalid set_file pointer\n");
        printf("Last error was : %d\n", GetLastError());

    }
    DWORD written = 0;
    int res2 = WriteFile(dHandle, DataBuffer, 4096, &written, NULL);
    if (!res2) {
        printf("Last error was : %d\n", GetLastError());
        printf("Written : %d", written);
    }
    printf("Written : %d", written);

    return 0;

When I run the following code I get: 

5 (0x5)
Access is denied.

After trying to WriteFile. I've run the program as administrator. I know the offset is valid, because I could read relevant data from that offset.

Any idea why I'm getting it? And how could I make it work?

Kara
  • 6,115
  • 16
  • 50
  • 57
t0m9er
  • 143
  • 2
  • 11
  • read in [`WriteFile`](https://msdn.microsoft.com/en-us/library/windows/desktop/aa365747(v=vs.85).aspx) - *A write on a disk handle will succeed if one of the following conditions is true: The sectors to be written to do not fall within a volume's extents. The sectors to be written to fall within a mounted volume, but you have explicitly locked or dismounted the volume by using FSCTL_LOCK_VOLUME or FSCTL_DISMOUNT_VOLUME. The sectors to be written to fall within a volume that has no mounted file system other than RAW.* – RbMm Dec 18 '17 at 23:39
  • and as separate note - for what you use `SetFilePointer` ? set offset direct in call `WriteFile`. of course this not change access denied - simply in general – RbMm Dec 18 '17 at 23:41
  • Thanks a lot for your comment. I tried finding the offset in MSDN WriteFile but couldn't find it https://msdn.microsoft.com/en-us/library/windows/desktop/aa365747(v=vs.85).aspx any chance you can elaborate? Also, I've edited the code to lock and dismount the volume, but still it did not help. Am I doing it wrong? – t0m9er Dec 21 '17 at 00:30
  • offset inside `OVERLAPPED` - here you need set offset, from where you want read or write – RbMm Dec 21 '17 at 00:33
  • and about lock/dismount you not understand - you need lock or dismount volume which containing sectors to which you try write, but not disk itself. disk != volume (partition) - so you try lock wrong device – RbMm Dec 21 '17 at 00:59
  • you need `IOCTL_DISK_GET_DRIVE_LAYOUT[_EX]` for get `PARTITION_INFORMATION[_EX]` array. found in which partition your offset. look for `PartitionNumber`. then look for disk number via `IOCTL_STORAGE_GET_DEVICE_NUMBER`. format name `\Device\Harddisk%d\Partition%d` - open it - this was volume(partition) and you need send lock/dismount control exactly to this device – RbMm Dec 21 '17 at 01:09
  • Thanks a lot for the helpful comments! really appreciate it. – t0m9er Dec 23 '17 at 17:36

0 Answers0