c++visual-c++c++-clintfs-mft

VC++ - How to get permission to write on NTFS boot sector?


I searched a lot to get write - access to the boot sector (Master File Table ). I used CreateFile function with write access parameters like, GENERIC_WRITE. Then used SetFilePointer and WriteFile to write on a particular memory address. But what I always get is System.AccessViolationException (Windows 7). Am I doing something wrong here ?

I want to know if there is any alternative to CreateFile - WriteFile functions to get wrtie - access to boot sector ?

OR I was thinking if there is any way to use Interrup Service Routine to write on particular disk sectors in VC++ (C++/Cli) ?


Solution

  • According to Microsoft KB you have to call CreateFile with FILE_SHARE_READ and FILE_SHARE_WRITE on "\\.\PhysicalDriveN", where N is zero-based physical drive index. Then you can access the entire drive as one huge file. You have to be an administrator on your machine for this to work!

    You can open a physical or logical drive using the CreateFile() application programming interface (API) with these device names provided that you have the appropriate access rights to the drive (that is, you must be an administrator). You must use both the CreateFile() FILE_SHARE_READ and FILE_SHARE_WRITE flags to gain access to the drive.

    Once the logical or physical drive has been opened, you can then perform direct I/O to the data on the entire drive. When performing direct disk I/O, you must seek, read, and write in multiples of sector sizes of the device and on sector boundaries. Call DeviceIoControl() using IOCTL_DISK_GET_DRIVE_GEOMETRY to get the bytes per sector, number of sectors, sectors per track, and so forth, so that you can compute the size of the buffer that you will need.

    Update: I did some research and I found out that starting Vista you have to obtain the lock on the volume or dismount it. Otherwise the writes would fail. In the docs Microsoft says:

    If you write directly to a volume that has a mounted file system, you must first obtain exclusive access to the volume. Otherwise, you risk causing data corruption or system instability, because your application's writes may conflict with other changes coming from the file system and leave the contents of the volume in an inconsistent state. To prevent these problems, the following changes have been made in Windows Vista and later:

    A write on a volume handle will succeed if the volume does not have a mounted file system, or if one of the following conditions is true:

    • The sectors to be written to are boot sectors.
    • The sectors to be written to reside outside of file system space.
    • You have explicitly locked or dismounted the volume by using FSCTL_LOCK_VOLUME or FSCTL_DISMOUNT_VOLUME.
    • The volume has no actual file system. (In other words, it has a RAW file system mounted.)

    A write on a disk handle will succeed if one of the following conditions is true:

    • The sectors to be written to do not fall within a volume's extents.
    • The sectors to be written to fall within a mounted volume, but you have explicitly locked or dismounted the volume by using FSCTL_LOCK_VOLUME or FSCTL_DISMOUNT_VOLUME.
    • The sectors to be written to fall within a volume that has no mounted file system other than RAW.