*** Vista RTM *** Writing to raw disk sectors.

OSR_Community_User

Hi,

I have an application that is accessing the physical drive to read and write
directly to the sectors.

Recently I've used the new Vista RTM, and unfortunately my application is not
working anymore. I get write access denied error when trying to write to sectors
in the physical drive. I use CREATEFILE to get the handle to the physical drive
(ie: \\.\c:), then the WRITEFILE to write directly to the sectors. I use
SETFILEPOINTER to point to which sector I want to write. The WRITEFILE always
fails with ERROR: 5 Access Denied.
I run the app in user mode, but I elevate my app to administrator level. The
problem still there.

I have found the following discussion in a blog by Joanna Rutkowska:
http://theinvisiblethings.blogspot.com/2006/10/vista-rc2-vs-pagefile-attack-
and-some.html

It seems that the only solution if I want to WRITEFILE directly to raw sectors
during normal windows running in user mode, is to write a KERNEL MODE DRIVER. As
Im not familiar with windows driver development I would like to know how do I go
about writing a KERNEL MODE DRIVER???

What I need to do is to write a simple KERNEL MODE DRIVER for WRITEFILE that
will give me the alternative operation of the WRITEFILE API that fails in normal
windows running mode.

What do I need to develop a KERNEL MODE DRIVER, and how can I build it? What
DDK/WDK will I need to use, and where can I find information that will point me
out where to start from???

Is there an alternative solution that someone knows about out there???
Please let me know of any suggestions solutions, Im completely lost...

Thank you,
Jim

OSR_Community_User

I don't recall where I read it, but with Vista you must have volume
FSCTL_LOCK_VOLUME-ed in order to do direct sector writes. Try and see.
WBR Primoz

-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of
[email protected]
Sent: 24. november 2006 14:37
To: Windows File Systems Devs Interest List
Subject: [ntfsd] *** Vista RTM *** Writing to raw disk sectors.

Hi,

I have an application that is accessing the physical drive to read and
write
directly to the sectors.

Recently I've used the new Vista RTM, and unfortunately my application
is not
working anymore. I get write access denied error when trying to write to
sectors
in the physical drive. I use CREATEFILE to get the handle to the
physical drive
(ie: \\.\c:), then the WRITEFILE to write directly to the sectors. I use

SETFILEPOINTER to point to which sector I want to write. The WRITEFILE
always
fails with ERROR: 5 Access Denied.
I run the app in user mode, but I elevate my app to administrator level.
The
problem still there.

I have found the following discussion in a blog by Joanna Rutkowska:
http://theinvisiblethings.blogspot.com/2006/10/vista-rc2-vs-pagefile-att
ack-
and-some.html

It seems that the only solution if I want to WRITEFILE directly to raw
sectors
during normal windows running in user mode, is to write a KERNEL MODE
DRIVER. As
Im not familiar with windows driver development I would like to know how
do I go
about writing a KERNEL MODE DRIVER???

What I need to do is to write a simple KERNEL MODE DRIVER for WRITEFILE
that
will give me the alternative operation of the WRITEFILE API that fails
in normal
windows running mode.

What do I need to develop a KERNEL MODE DRIVER, and how can I build it?
What
DDK/WDK will I need to use, and where can I find information that will
point me
out where to start from???

Is there an alternative solution that someone knows about out there???
Please let me know of any suggestions solutions, Im completely lost...

Thank you,
Jim


---
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as:
[email protected]
To unsubscribe send a blank email to [email protected]

Don_Burn_1

"Primoz Beltram" wrote in message
news:[email protected]
I don't recall where I read it, but with Vista you must have volume
FSCTL_LOCK_VOLUME-ed in order to do direct sector writes. Try and see.
WBR Primoz

I have done direct sector writes from user space on Vista without use of
FSCTL_LOCK_VOLUME, in fact if you had to lock the volume most of the apps I
know of which do these would not work. Sorry, but this is incorrect.


--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply

OSR_Community_User

I just can't find any more the doc where I read it. I should follow what
antics Romans already knew "Verba Volant, Scripta Manent" and saved it
locally.
But ..., on the other list (NTDEV) I saw there is the same thread, with
(trustworthy) reply that is saying (in other words): You do need to send
a successful FSCTL_LOCK_VOLUME (all handles to FS files/directories are
closed), to do direct writes to recognized FS volume via e.g. "\\.\c:"
handle.
I'm sure we will knew about this issue much more, when this kind of apps
will start to break on Vista RTM.
WBR Primoz

-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Don Burn
Sent: 24. november 2006 15:25
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] *** Vista RTM *** Writing to raw disk sectors.


"Primoz Beltram" <[email protected]> wrote in message
news:[email protected]
I don't recall where I read it, but with Vista you must have volume
FSCTL_LOCK_VOLUME-ed in order to do direct sector writes. Try and see.
WBR Primoz

I have done direct sector writes from user space on Vista without use of

FSCTL_LOCK_VOLUME, in fact if you had to lock the volume most of the
apps I
know of which do these would not work. Sorry, but this is incorrect.


--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply




---
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as:
[email protected]
To unsubscribe send a blank email to [email protected]

Gary_Little-2

I'm currently extending an applictaion we have writen to test disc drives to
copy a source drive from LBA 0 to Max LBA to another disc drive. Works fine,
by simply running the application as Administrator. Basically the drives
need to be unmounted, since writing to a mounted file system has
questionalbe results; e.g. can you spell BSOD? I for sure would not use the
boot drive as the target.

--
The personal opinion of
Gary G. Little


wrote in message news:[email protected]
> Hi,
>
> I have an application that is accessing the physical drive to read and
> write
> directly to the sectors.
>
> Recently I've used the new Vista RTM, and unfortunately my application is
> not
> working anymore. I get write access denied error when trying to write to
> sectors
> in the physical drive. I use CREATEFILE to get the handle to the physical
> drive
> (ie: \\.\c:), then the WRITEFILE to write directly to the sectors. I use
> SETFILEPOINTER to point to which sector I want to write. The WRITEFILE
> always
> fails with ERROR: 5 Access Denied.
> I run the app in user mode, but I elevate my app to administrator level.
> The
> problem still there.
>
> I have found the following discussion in a blog by Joanna Rutkowska:
> http://theinvisiblethings.blogspot.com/2006/10/vista-rc2-vs-pagefile-attack-
> and-some.html
>
> It seems that the only solution if I want to WRITEFILE directly to raw
> sectors
> during normal windows running in user mode, is to write a KERNEL MODE
> DRIVER. As
> Im not familiar with windows driver development I would like to know how
> do I go
> about writing a KERNEL MODE DRIVER???
>
> What I need to do is to write a simple KERNEL MODE DRIVER for WRITEFILE
> that
> will give me the alternative operation of the WRITEFILE API that fails in
> normal
> windows running mode.
>
> What do I need to develop a KERNEL MODE DRIVER, and how can I build it?
> What
> DDK/WDK will I need to use, and where can I find information that will
> point me
> out where to start from???
>
> Is there an alternative solution that someone knows about out there???
> Please let me know of any suggestions solutions, Im completely lost...
>
> Thank you,
> Jim
>
>