Checking access to Boot Sector

Hello, I want to check every access is made to the boot sector on the
hard drive. I was told to check the example “diskperf.c” on the NTDDK. But
with what parameters do I have to install it?. I mean parameters sucj as
start, type , etc.

There is a command-line utility (‘diskperf’) that configures diskperf.sys
to load during boot:

DISKPERF [-Y[E] | -N] [\computername]

-Y[E] Sets the system to start disk performance counters
when the system is restarted.

E Enables the disk performance counters used for measuring
performance of the physical drives in striped disk set
when the system is restarted.
Specify -Y without the E to restore the normal disk
performance counters.

-N Sets the system disable disk performance counters
when the system is restarted.

\computername Is the name of the computer you want to
see or set disk performance counter use.


Dave Cox
Hewlett-Packard Co.
HPSO/SSMO (Santa Barbara)
https://ecardfile.com/id/Dave+Cox

-----Original Message-----
From: Ratmil Torres Vargas [mailto:xxxxx@ghost.matcom.uh.cu]
Sent: Monday, April 03, 2000 12:27 PM
To: File Systems Developers
Subject: [ntfsd] Checking access to Boot Sector

Hello, I want to check every access is made to the boot sector on the
hard drive. I was told to check the example “diskperf.c” on the NTDDK. But
with what parameters do I have to install it?. I mean parameters sucj as
start, type , etc.


You are currently subscribed to ntfsd as: david_cox2@hp.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

Thank you a lot but my intention is not to install the diskperf
application. What I want is to control access to Boot Sector. So I have to
attach a device to “HardDisk0\Partition0” (or something like it). But for
a driver to do that it must be started in the proper time. So what I want
to know is how I have to set the parameters “Start”, “Group” and “Tag”
when I call CreateService. I was told to see the “Diskperf” example in the
NT DDK not the Diskperf app.
I saw the parameters that uses the Diskperf app. and tried to use the
same ones but I got error “INVALID PARAMETER”.

On Mon, 3 Apr 2000, COX,DAVID (HP-Roseville,ex1) wrote:

There is a command-line utility (‘diskperf’) that configures diskperf.sys
to load during boot:

DISKPERF [-Y[E] | -N] [\computername]

-Y[E] Sets the system to start disk performance counters
when the system is restarted.

E Enables the disk performance counters used for measuring
performance of the physical drives in striped disk set
when the system is restarted.
Specify -Y without the E to restore the normal disk
performance counters.

-N Sets the system disable disk performance counters
when the system is restarted.

\computername Is the name of the computer you want to
see or set disk performance counter use.


Dave Cox
Hewlett-Packard Co.
HPSO/SSMO (Santa Barbara)
https://ecardfile.com/id/Dave+Cox

Do you need use Start = 0, because your device need be loaded before volume be
mounted.

Best regards,

Heldai

Ratmil Torres Vargas wrote:

Thank you a lot but my intention is not to install the diskperf
application. What I want is to control access to Boot Sector. So I have to
attach a device to “HardDisk0\Partition0” (or something like it). But for
a driver to do that it must be started in the proper time. So what I want
to know is how I have to set the parameters “Start”, “Group” and “Tag”
when I call CreateService. I was told to see the “Diskperf” example in the
NT DDK not the Diskperf app.
I saw the parameters that uses the Diskperf app. and tried to use the
same ones but I got error “INVALID PARAMETER”.

On Mon, 3 Apr 2000, COX,DAVID (HP-Roseville,ex1) wrote:

> There is a command-line utility (‘diskperf’) that configures diskperf.sys
> to load during boot:
>
> DISKPERF [-Y[E] | -N] [\computername]
>
> -Y[E] Sets the system to start disk performance counters
> when the system is restarted.
>
> E Enables the disk performance counters used for measuring
> performance of the physical drives in striped disk set
> when the system is restarted.
> Specify -Y without the E to restore the normal disk
> performance counters.
>
> -N Sets the system disable disk performance counters
> when the system is restarted.
>
> \computername Is the name of the computer you want to
> see or set disk performance counter use.
>
> -----------------------------------------------------------------------
> Dave Cox
> Hewlett-Packard Co.
> HPSO/SSMO (Santa Barbara)
> https://ecardfile.com/id/Dave+Cox
>
>


You are currently subscribed to ntfsd as: xxxxx@seil.com.br
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

Hello ,
I’m making harddisk filter driver and
I want to check every access is made to BootSector and I’m revising the
“Diskperf.c” example in the DDK. But I want to know what sector is being
accessed in an IRP_MJ_READ or IRP_MJ_WRITE call.
Thank you.

I am sorry, is there something hidden in your message that I am not seeing.
What is the purpose of your assertion?

Jamey

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Ratmil Torres
Vargas
Sent: Monday, April 17, 2000 6:22 AM
To: File Systems Developers
Subject: [ntfsd] Checking access to Boot Sector

Hello ,
I’m making harddisk filter driver and
I want to check every access is made to BootSector and I’m revising the
“Diskperf.c” example in the DDK. But I want to know what sector is being
accessed in an IRP_MJ_READ or IRP_MJ_WRITE call.
Thank you.


You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

Ok, I want to control the access to Boot Sector and Partition Table.
What do I have to do? I have an example that attach to every
\harddiskN\PartitionN and receive IRPs like MJ_READ and MJ_WRITE but I
can’t know what sector number is being read or written.

On Mon, 17 Apr 2000, Jamey Kirby wrote:

I am sorry, is there something hidden in your message that I am not seeing.
What is the purpose of your assertion?

Jamey

> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]On Behalf Of Ratmil Torres
> Vargas
> Sent: Monday, April 17, 2000 6:22 AM
> To: File Systems Developers
> Subject: [ntfsd] Checking access to Boot Sector
>
>
> Hello ,
> I’m making harddisk filter driver and
> I want to check every access is made to BootSector and I’m revising the
> “Diskperf.c” example in the DDK. But I want to know what sector is being
> accessed in an IRP_MJ_READ or IRP_MJ_WRITE call.
> Thank you.
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>


You are currently subscribed to ntfsd as: xxxxx@ghost.matcom.uh.cu
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

It will be great if some body tell us how to get the sector and track number
is being read and written.
-----Original Message-----
From: Ratmil Torres Vargas
To: File Systems Developers
Date: Wednesday, April 19, 2000 3:40 PM
Subject: [ntfsd] RE: Checking access to Boot Sector

> Ok, I want to control the access to Boot Sector and Partition Table.
>What do I have to do? I have an example that attach to every
>\harddiskN\PartitionN and receive IRPs like MJ_READ and MJ_WRITE but I
>can’t know what sector number is being read or written.
>
>On Mon, 17 Apr 2000, Jamey Kirby wrote:
>
>> I am sorry, is there something hidden in your message that I am not
seeing.
>> What is the purpose of your assertion?
>>
>> Jamey
>>
>> > -----Original Message-----
>> > From: xxxxx@lists.osr.com
>> > [mailto:xxxxx@lists.osr.com]On Behalf Of Ratmil Torres
>> > Vargas
>> > Sent: Monday, April 17, 2000 6:22 AM
>> > To: File Systems Developers
>> > Subject: [ntfsd] Checking access to Boot Sector
>> >
>> >
>> > Hello ,
>> > I’m making harddisk filter driver and
>> > I want to check every access is made to BootSector and I’m revising
the
>> > “Diskperf.c” example in the DDK. But I want to know what sector is
being
>> > accessed in an IRP_MJ_READ or IRP_MJ_WRITE call.
>> > Thank you.
>> >
>> >
>> > —
>> > You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
>> > To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>> >
>>
>>
>> —
>> You are currently subscribed to ntfsd as: xxxxx@ghost.matcom.uh.cu
>> To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>>
>
>
>—
>You are currently subscribed to ntfsd as: amitg@i3-micro.com
>To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>
>

Hello,

Try use :
FirstSector = (ULONG)IrpStack->Parameters.Read.ByteOffset.LowPart>>9;
LastSector = (ULONG)(FirstSector + (IrpStack->Parameters.Read.Length)>>9);

to get the first and last sector on dispatch function.

Best regards,

Heldai

Amit Gorantivar wrote:

It will be great if some body tell us how to get the sector and track number
is being read and written.
-----Original Message-----
From: Ratmil Torres Vargas
> To: File Systems Developers
> Date: Wednesday, April 19, 2000 3:40 PM
> Subject: [ntfsd] RE: Checking access to Boot Sector
>
> > Ok, I want to control the access to Boot Sector and Partition Table.
> >What do I have to do? I have an example that attach to every
> >\harddiskN\PartitionN and receive IRPs like MJ_READ and MJ_WRITE but I
> >can’t know what sector number is being read or written.
> >
> >On Mon, 17 Apr 2000, Jamey Kirby wrote:
> >
> >> I am sorry, is there something hidden in your message that I am not
> seeing.
> >> What is the purpose of your assertion?
> >>
> >> Jamey
> >>
> >> > -----Original Message-----
> >> > From: xxxxx@lists.osr.com
> >> > [mailto:xxxxx@lists.osr.com]On Behalf Of Ratmil Torres
> >> > Vargas
> >> > Sent: Monday, April 17, 2000 6:22 AM
> >> > To: File Systems Developers
> >> > Subject: [ntfsd] Checking access to Boot Sector
> >> >
> >> >
> >> > Hello ,
> >> > I’m making harddisk filter driver and
> >> > I want to check every access is made to BootSector and I’m revising
> the
> >> > “Diskperf.c” example in the DDK. But I want to know what sector is
> being
> >> > accessed in an IRP_MJ_READ or IRP_MJ_WRITE call.
> >> > Thank you.
> >> >
> >> >
> >> > —
> >> > You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> >> > To unsubscribe send a blank email to $subst(‘Email.Unsub’)
> >> >
> >>
> >>
> >> —
> >> You are currently subscribed to ntfsd as: xxxxx@ghost.matcom.uh.cu
> >> To unsubscribe send a blank email to $subst(‘Email.Unsub’)
> >>
> >
> >
> >—
> >You are currently subscribed to ntfsd as: amitg@i3-micro.com
> >To unsubscribe send a blank email to $subst(‘Email.Unsub’)
> >
> >
>
> —
> You are currently subscribed to ntfsd as: xxxxx@seil.com.br
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)

Which doesn’t work if you don’t have 512 byte sectors… like on a
cdrom…

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Heldai Lemos
Ferreira
Sent: Wednesday, April 19, 2000 12:58 PM
To: File Systems Developers
Subject: [ntfsd] RE: Checking access to Boot Sector

Hello,

Try use :
FirstSector = (ULONG)IrpStack->Parameters.Read.ByteOffset.LowPart>>9;
LastSector = (ULONG)(FirstSector +
(IrpStack->Parameters.Read.Length)>>9);

to get the first and last sector on dispatch function.

Best regards,

Heldai

Amit Gorantivar wrote:

> It will be great if some body tell us how to get the sector and
track number
> is being read and written.
> -----Original Message-----
> From: Ratmil Torres Vargas
> > To: File Systems Developers
> > Date: Wednesday, April 19, 2000 3:40 PM
> > Subject: [ntfsd] RE: Checking access to Boot Sector
> >
> > > Ok, I want to control the access to Boot Sector and Partition Table.
> > >What do I have to do? I have an example that attach to every
> > >\harddiskN\PartitionN and receive IRPs like MJ_READ and MJ_WRITE but I
> > >can’t know what sector number is being read or written.
> > >
> > >On Mon, 17 Apr 2000, Jamey Kirby wrote:
> > >
> > >> I am sorry, is there something hidden in your message that I am not
> > seeing.
> > >> What is the purpose of your assertion?
> > >>
> > >> Jamey
> > >>
> > >> > -----Original Message-----
> > >> > From: xxxxx@lists.osr.com
> > >> > [mailto:xxxxx@lists.osr.com]On Behalf Of Ratmil Torres
> > >> > Vargas
> > >> > Sent: Monday, April 17, 2000 6:22 AM
> > >> > To: File Systems Developers
> > >> > Subject: [ntfsd] Checking access to Boot Sector
> > >> >
> > >> >
> > >> > Hello ,
> > >> > I’m making harddisk filter driver and
> > >> > I want to check every access is made to BootSector and
> I’m revising
> > the
> > >> > “Diskperf.c” example in the DDK. But I want to know what sector is
> > being
> > >> > accessed in an IRP_MJ_READ or IRP_MJ_WRITE call.
> > >> > Thank you.
> > >> >
> > >> >
> > >> > —
> > >> > You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> > >> > To unsubscribe send a blank email to
> $subst(‘Email.Unsub’)
> > >> >
> > >>
> > >>
> > >> —
> > >> You are currently subscribed to ntfsd as: xxxxx@ghost.matcom.uh.cu
> > >> To unsubscribe send a blank email to $subst(‘Email.Unsub’)
> > >>
> > >
> > >
> > >—
> > >You are currently subscribed to ntfsd as: amitg@i3-micro.com
> > >To unsubscribe send a blank email to $subst(‘Email.Unsub’)
> > >
> > >
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@seil.com.br
> > To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@xiotech.com
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>

Hello.
I’m writing a driver to control access to boot sector. So I attach to
\HardDiskN\PartitionN. I was told that to know if boot sector was being
accessed to check
currentIrpStack->Parameters.Read.ByteOffset

ByteOffset is a LARGE_INTEGER that indicates the sector being accessed.
So if this number is 0 I got an access to boot sector. But in the a normal
file save (a .txt for example) I get (ByteOffset == 0). As well
ByteOffset.LowPart as ByteOffset.LowPart.
Am I doing something wrong?
Thank you.

The question is how you attach the target device.

I think you’re attached to mounted File System and not
to physical disk device.

Paul

-----P?vodn? zpr?va-----
Od: Ratmil Torres Vargas [SMTP:xxxxx@ghost.matcom.uh.cu]
Odesl?no: 5. kv?tna 2000 15:44
Komu: File Systems Developers
P?edm?t: [ntfsd] Checking access to boot sector

Hello.
I’m writing a driver to control access to boot sector. So I attach to
\HardDiskN\PartitionN. I was told that to know if boot sector was being
accessed to check
currentIrpStack->Parameters.Read.ByteOffset

ByteOffset is a LARGE_INTEGER that indicates the sector being accessed.
So if this number is 0 I got an access to boot sector. But in the a normal
file save (a .txt for example) I get (ByteOffset == 0). As well
ByteOffset.LowPart as ByteOffset.LowPart.
Am I doing something wrong?
Thank you.


You are currently subscribed to ntfsd as: xxxxx@sodatsw.cz
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

I think your driver loads after the File System, So you are attached to the
heigest driver device in driver chain, that will be the FS driver and not to
physical disk device.

In that case, the byteoffset is the logical byte offset of the file, and
not of the disk. The FSD will convert this “logical byte offset” to physical
disk offset, which will be non zero. You need to attach below the FSD, so
that you can actually see the physical byte offsets.

Shweta.

-----P?vodn? zpr?va-----
Od: Ratmil Torres Vargas [SMTP:xxxxx@ghost.matcom.uh.cu]
Odesl?no: 5. kv?tna 2000 15:44
Komu: File Systems Developers
P?edm?t: [ntfsd] Checking access to boot sector

Hello.
I’m writing a driver to control access to boot sector. So I attach to
\HardDiskN\PartitionN. I was told that to know if boot sector was being
accessed to check
currentIrpStack->Parameters.Read.ByteOffset

ByteOffset is a LARGE_INTEGER that indicates the sector being accessed.
So if this number is 0 I got an access to boot sector. But in the a normal
file save (a .txt for example) I get (ByteOffset == 0). As well
ByteOffset.LowPart as ByteOffset.LowPart.
Am I doing something wrong?
Thank you.


FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup

My driver is set to start at boot time, and it does attach to hard drive
before the File System.
THANK YOU.

On Fri, 5 May 2000, Pavel Hrdina wrote:

The question is how you attach the target device.

I think you’re attached to mounted File System and not
to physical disk device.

Paul

> -----P?vodn? zpr?va-----
> Od: Ratmil Torres Vargas [SMTP:xxxxx@ghost.matcom.uh.cu]
> Odesl?no: 5. kv?tna 2000 15:44
> Komu: File Systems Developers
> P?edm?t: [ntfsd] Checking access to boot sector
>
> Hello.
> I’m writing a driver to control access to boot sector. So I attach to
> \HardDiskN\PartitionN. I was told that to know if boot sector was being
> accessed to check
> currentIrpStack->Parameters.Read.ByteOffset
>
> ByteOffset is a LARGE_INTEGER that indicates the sector being accessed.
> So if this number is 0 I got an access to boot sector. But in the a normal
> file save (a .txt for example) I get (ByteOffset == 0). As well
> ByteOffset.LowPart as ByteOffset.LowPart.
> Am I doing something wrong?
> Thank you.
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@sodatsw.cz
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)


You are currently subscribed to ntfsd as: xxxxx@ghost.matcom.uh.cu
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

Isn’t there a Boot Sector in in the first sector of every partition of a
hard drive? And isn’t the first sector on hard drive the partition table?
I have another question. I have noticed that Partition0 (and only
Partition0) gets called when I access any phisical sector (by Cylinder,
Side etc), no matter in what partition that sector is. How do I get
information in that call?
THANK YOU.

On Fri, 5 May 2000, David Jones wrote:

Ratmil:

Here is how partitions work in a file system situation. One the
drive is broken into partitions 0 through x. Now if you attach to all
the partitions like you say the following happens. In partition 1 when
the ByteOffset is 0 then that is not the begining of the physical disk
but the begining of partition 1. ( Which if you let the Windisk set it
up is usually 32 sectors in. ) Now to control access to the boot sector
you MUST ATTACH TO PARTITION 0 of the desired harddrive. Then you can
look for access to BYTEOFFSET = 0. The ByteOffset is a large integer
and a check to the QUADPART that results in 0 is what your looking for.
A good way to test your code is to set up your driver on a test
hard drive. Then partition that hard drive with windisk (Which will
affect the boot sector ) and see if your code intercepts the call.

I hope this is helpful

David Jones
CharisMac Engineering

> -----Original Message-----
> From: Ratmil Torres Vargas [SMTP:xxxxx@ghost.matcom.uh.cu]
> Sent: Friday, May 05, 2000 7:05 AM
> To: David Jones; Wyler Furgeson
> Subject: [ntfsd] Checking access to boot sector
>
> Hello.
> I’m writing a driver to control access to boot sector. So I attach to
> \HardDiskN\PartitionN. I was told that to know if boot sector was
> being
> accessed to check
> currentIrpStack->Parameters.Read.ByteOffset
>
> ByteOffset is a LARGE_INTEGER that indicates the sector being
> accessed.
> So if this number is 0 I got an access to boot sector. But in the a
> normal
> file save (a .txt for example) I get (ByteOffset == 0). As well
> ByteOffset.LowPart as ByteOffset.LowPart.
> Am I doing something wrong?
> Thank you.
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@Charismac.com
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)

Ratmil:

No the first sector of every partition is not the boot sector.
The partition is the complete domain of the file system. So booting
from NTFS, FAT, or any file system plug in could be completely
different. ( Microsoft does not give information out on its NTFS file
system ). Now sector 0 is scared for all Microsoft operating systems.
Not only does it contain the partition information, but also the boot
information for the disk. The structure for partition 0 is as follows:

struct p_entry
{
UCHAR boot_ID;
UCHAR boot_HSC[3]
UCHAR system_ID
UCHAR end_HSC[3];
ULONG sector_offset;
ULONG sector_length;
};

struct BootSector
{
UCHAR entry_point[3];
UCHAR oem[8];
UINT bps;
UCHAR spau;
UINT res_sectors;
UCHAR num_fats;
UINT root_files;
UINT volume_size;
UCHAR media_byte;
UINT spf;
UINT spt;
UINT hpc;
ULONG hidden;
ULONG volume_size;
};

struct Partition
{
UCHAR code[446] //Boot code for device
p_entry p_tbl[MAXPART]; // partition entries
UINT signature;
};

David Jones
CharisMac Engineering

-----Original Message-----
From: Ratmil Torres Vargas [SMTP:xxxxx@ghost.matcom.uh.cu]
Sent: Monday, May 08, 2000 10:15 AM
To: David Jones; Wyler Furgeson
Subject: [ntfsd] RE: Checking access to boot sector

Isn’t there a Boot Sector in in the first sector of every partition
of a
hard drive? And isn’t the first sector on hard drive the partition
table?
I have another question. I have noticed that Partition0 (and only
Partition0) gets called when I access any phisical sector (by
Cylinder,
Side etc), no matter in what partition that sector is. How do I get
information in that call?
THANK YOU.

On Fri, 5 May 2000, David Jones wrote:

> Ratmil:
>
> Here is how partitions work in a file system situation. One the
> drive is broken into partitions 0 through x. Now if you attach to
all
> the partitions like you say the following happens. In partition 1
when
> the ByteOffset is 0 then that is not the begining of the physical
disk
> but the begining of partition 1. ( Which if you let the Windisk set
it
> up is usually 32 sectors in. ) Now to control access to the boot
sector
> you MUST ATTACH TO PARTITION 0 of the desired harddrive. Then you
can
> look for access to BYTEOFFSET = 0. The ByteOffset is a large
integer
> and a check to the QUADPART that results in 0 is what your looking
for.
> A good way to test your code is to set up your driver on a test
> hard drive. Then partition that hard drive with windisk (Which will
> affect the boot sector ) and see if your code intercepts the call.
>
>
> I hope this is helpful
>
> David Jones
> CharisMac Engineering
>
>
> > -----Original Message-----
> > From: Ratmil Torres Vargas [SMTP:xxxxx@ghost.matcom.uh.cu]
> > Sent: Friday, May 05, 2000 7:05 AM
> > To: David Jones; Wyler Furgeson
> > Subject: [ntfsd] Checking access to boot sector
> >
> > Hello.
> > I’m writing a driver to control access to boot sector. So I
attach to
> > \HardDiskN\PartitionN. I was told that to know if boot sector
was
> > being
> > accessed to check
> > currentIrpStack->Parameters.Read.ByteOffset
> >
> > ByteOffset is a LARGE_INTEGER that indicates the sector being
> > accessed.
> > So if this number is 0 I got an access to boot sector. But in the
a
> > normal
> > file save (a .txt for example) I get (ByteOffset == 0). As well
> > ByteOffset.LowPart as ByteOffset.LowPart.
> > Am I doing something wrong?
> > Thank you.
> >
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@Charismac.com
> > To unsubscribe send a blank email to
$subst(‘Email.Unsub’)
>


You are currently subscribed to ntfsd as: xxxxx@Charismac.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

Your structs are a little confusing, and not the right size if compiled
by a Win32 compiler – UINT is unsigned int, and ints are 32 bits, not
16. And MAXPART = 4. And the “master boot record” describes sector 0,
not partition 0. As you say, the contents of the individual paritions
depends on the filesystem. The MBR struct is reused in extended partitions
to describe the “logical drives” (really nested partitions), though of
course the code area of the sector is unused. Here are structs I’ve used
sucessfully, derived from Linux code:

#ifdef _MSC_VER //MSVC
#pragma pack(push, 1)
#endif

// Partition record in MBR

struct DosMbrPartRec
{
uint8 active; // This flag is set for active partition
uint8 start_head; // (partition from which computer
boots)

uint8 start_sect:6;
uint8 start_cylH:2;
uint8 start_cylL;

uint8 fs_type; // Partition’s file system type (see
table)
uint8 end_head;

uint8 end_sect:6;
uint8 end_cylH:2;
uint8 end_cylL;

uint32 rel_sect; // Number of sectors prior to
partition
uint32 num_sect; // Number of sectors in the
partition
};

// Master Boot Record stored in the first sector on the disk

struct DosMbr
{
uint8 m_code[0x1BE]; // Initial Program Loader
(IPL) code
DosMbrPartRec m_partRecs[4];
uint16 m_nMagicNum; // Magic number (must be
0xAA55)
};

// Restore packing to default
#ifdef _MSC_VER //MSVC
#pragma pack(pop)
#endif


Dave Cox
Hewlett-Packard Co.
HPSO/SSMO (Santa Barbara)
https://ecardfile.com/id/Dave+Cox

-----Original Message-----
From: David Jones [mailto:xxxxx@Charismac.com]
Sent: Monday, May 08, 2000 10:39 AM
To: File Systems Developers
Subject: [ntfsd] RE: Checking access to boot sector

Ratmil:

No the first sector of every partition is not the boot sector.
The partition is the complete domain of the file system. So booting
from NTFS, FAT, or any file system plug in could be completely
different. ( Microsoft does not give information out on its NTFS file
system ). Now sector 0 is scared for all Microsoft operating systems.
Not only does it contain the partition information, but also the boot
information for the disk. The structure for partition 0 is as follows:

struct p_entry
{
UCHAR boot_ID;
UCHAR boot_HSC[3]
UCHAR system_ID
UCHAR end_HSC[3];
ULONG sector_offset;
ULONG sector_length;
};

struct BootSector
{
UCHAR entry_point[3];
UCHAR oem[8];
UINT bps;
UCHAR spau;
UINT res_sectors;
UCHAR num_fats;
UINT root_files;
UINT volume_size;
UCHAR media_byte;
UINT spf;
UINT spt;
UINT hpc;
ULONG hidden;
ULONG volume_size;
};

struct Partition
{
UCHAR code[446] //Boot code for device
p_entry p_tbl[MAXPART]; // partition entries
UINT signature;
};

David Jones
CharisMac Engineering

-----Original Message-----
From: Ratmil Torres Vargas [SMTP:xxxxx@ghost.matcom.uh.cu]
Sent: Monday, May 08, 2000 10:15 AM
To: David Jones; Wyler Furgeson
Subject: [ntfsd] RE: Checking access to boot sector

Isn’t there a Boot Sector in in the first sector of every partition
of a
hard drive? And isn’t the first sector on hard drive the partition
table?
I have another question. I have noticed that Partition0 (and only
Partition0) gets called when I access any phisical sector (by
Cylinder,
Side etc), no matter in what partition that sector is. How do I get
information in that call?
THANK YOU.

On Fri, 5 May 2000, David Jones wrote:

> Ratmil:
>
> Here is how partitions work in a file system situation. One the
> drive is broken into partitions 0 through x. Now if you attach to
all
> the partitions like you say the following happens. In partition 1
when
> the ByteOffset is 0 then that is not the begining of the physical
disk
> but the begining of partition 1. ( Which if you let the Windisk set
it
> up is usually 32 sectors in. ) Now to control access to the boot
sector
> you MUST ATTACH TO PARTITION 0 of the desired harddrive. Then you
can
> look for access to BYTEOFFSET = 0. The ByteOffset is a large
integer
> and a check to the QUADPART that results in 0 is what your looking
for.
> A good way to test your code is to set up your driver on a test
> hard drive. Then partition that hard drive with windisk (Which will
> affect the boot sector ) and see if your code intercepts the call.
>
>
> I hope this is helpful
>
> David Jones
> CharisMac Engineering
>
>
> > -----Original Message-----
> > From: Ratmil Torres Vargas [SMTP:xxxxx@ghost.matcom.uh.cu]
> > Sent: Friday, May 05, 2000 7:05 AM
> > To: David Jones; Wyler Furgeson
> > Subject: [ntfsd] Checking access to boot sector
> >
> > Hello.
> > I’m writing a driver to control access to boot sector. So I
attach to
> > \HardDiskN\PartitionN. I was told that to know if boot sector
was
> > being
> > accessed to check
> > currentIrpStack->Parameters.Read.ByteOffset
> >
> > ByteOffset is a LARGE_INTEGER that indicates the sector being
> > accessed.
> > So if this number is 0 I got an access to boot sector. But in the
a
> > normal
> > file save (a .txt for example) I get (ByteOffset == 0). As well
> > ByteOffset.LowPart as ByteOffset.LowPart.
> > Am I doing something wrong?
> > Thank you.
> >
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@Charismac.com
> > To unsubscribe send a blank email to
$subst(‘Email.Unsub’)
>


You are currently subscribed to ntfsd as: xxxxx@Charismac.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)


You are currently subscribed to ntfsd as: david_cox2@hp.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)