Reading partitions via the backdoorThere is some kind of bug/feature in Windows XP SP2 which prevents DASD IO on some partitions, even if they are not mounted. The workaround involves obtaining the disk extents for the partition and doing the IO on the disk object, with the correct offsets for the partition. It is a dirty hack and removes the protection you get by using the partition object, but it seems necessary. ProcedureOpen a partition object and use the IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS IOCTL. This returns a structure which tells you which disk and offsets the partition exists on. It is possible that there are multiple but most partitions only have one extent. You can then open the disk object as returned by the IOCTL and read & write at the specified offset. Nothing is stopping you from accessing outside the partition so you must take care. This has been implemented in Explore2fs and Virtual Volumes. It will be implemented in dd soon. Until it does, you can download SysInternals DiskExt which will tell you the extents for your partitions. This is an example on how to read the boot sector off drive D:. First check the disk number and extent offset
diskext
Extents for C:
Extent [1]:
Disk: 0
Offset: 57576960
Length: 20974464000
Extents for D:
Extent [1]:
Disk: 0
Offset: 21139001856
Length: 58860071424
Divide the offset by your block size
|
