I created a little program on python that reads the boot sector at a low level so it will not corrupt the device. I successfully ran this program yesterday in Linux and I got the idea to do the same thing in Windows. But the only problem that came was that I wasn't enabled to read for example:\Device\Harddisk0\Partition1, the boot partition or \Device\Harddisk0\DR0, the raw disk 0. Each time that I try it throws an error: No such a file or a directory
What I am doing wrong?
On
all depended from NT or WIN32 api you using. ZwOpenFile or CreateFileW ?
\Device\Harddisk0\Partition1 is NT name format and must be used in ZwOpenFile or ZwCreateFile only.
for use this name in CreateFileW you must prefix it by \\?\globalroot
so code example - (using both NT and win32 calls in single function)
void xxx()
{
HANDLE hFile;
IO_STATUS_BLOCK iosb;
UNICODE_STRING ObjectName;
OBJECT_ATTRIBUTES oa = { sizeof(oa), 0, &ObjectName, OBJ_CASE_INSENSITIVE };
RtlInitUnicodeString(&ObjectName, L"\\Device\\Harddisk0\\Partition1");
UCHAR buf[0x200];
if (0 <= ZwOpenFile(&hFile, FILE_GENERIC_READ, &oa, &iosb, FILE_SHARE_VALID_FLAGS, FILE_SYNCHRONOUS_IO_NONALERT))
{
LARGE_INTEGER ByteOffset = {};
ZwReadFile(hFile, 0, 0, 0, &iosb, buf, sizeof(buf), &ByteOffset, 0);
ZwClose(hFile);
}
hFile = CreateFile(L"\\\\?\\globalroot\\Device\\Harddisk0\\Partition1", FILE_GENERIC_READ, FILE_SHARE_VALID_FLAGS,
0, OPEN_EXISTING, 0, 0);
if (hFile != INVALID_HANDLE_VALUE)
{
OVERLAPPED ov = {};
ULONG n;
ReadFile(hFile, buf, sizeof(buf), &n, &ov);
CloseHandle(hFile);
}
}
also you can use next SymbolicLinks with CreateFileW :
\\?\Harddisk<X>Partition<Y> - for partition (1,2,..) on HardDisk
(0,1,..)\\?\PhysicalDrive<X> for HardDisk (0,1,..)all depend from - how you got this paths ? or you simply hardcode it ?
The Correct Way To Do It Is:
Thanks To @eryksun