Hi all,
How can i do read/write on MBR?
I want to modify byte 440 in MBR.
I looked at halXXX routines , but don’t get any related routines.
There is routine called HalExamineMbr() which reads MBR,
but what values i suppose to give for “MBRTypeIdentifier” and “DeviceObject” parameter?
Thanks in anticipation!!
Otherwise how can i write to byte 440(decimal) of first sector of disk?
ReadFile and then WriteFile on sector 0 of the disk opened as
\.\PhysicalDrive%d
Call IOCTL_DISK_UPDATE_PROPERTIES after this so that Disk.sys will fetch
the new patched MBR from the drive.
–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
wrote in message news:xxxxx@ntdev…
> Otherwise how can i write to byte 440(decimal) of first sector of disk?
>
Thanks Maxim!!
I am aware of this approach, but i can’t use it.
I have to modify first sector of disk in a context where i can’t use these API’s.
It’s the case when i schedule chkdsk on boot partition, and after reboot when chkdsk finishes it’s work i have to do my job i.e. writing to first sector of disk. That’s the reason i want halXXX specific API’s.
Can u elaborate on the same like how should i progress on this front?
Hi,
ifyou need to run right after chkdsk, you need a boot-executable
You can use Zw(Nt)ReadFile / Zw(Nt)WriteFile then.
There’s something on OSR Online:
Going Native - Using the NT API for File I/O.
Regards
Else
|---------±-------------------------------->
| | xxxxx@yahoo.com |
| | Sent by: |
| | bounce-316115-16691@li|
| | sts.osr.com |
| | |
| | |
| | 02/29/2008 09:33 AM |
| | Please respond to |
| | “Windows System |
| | Software Devs Interest|
| | List” |
|---------±-------------------------------->
>-------------------------------------------------------------------------------------------------------------|
| |
| To: “Windows System Software Devs Interest List” |
| cc: |
| Subject: RE:[ntdev] How to read/write MBR |
>-------------------------------------------------------------------------------------------------------------|
Thanks Maxim!!
I am aware of this approach, but i can’t use it.
I have to modify first sector of disk in a context where i can’t use these
API’s.
It’s the case when i schedule chkdsk on boot partition, and after reboot
when chkdsk finishes it’s work i have to do my job i.e. writing to first
sector of disk. That’s the reason i want halXXX specific API’s.
Can u elaborate on the same like how should i progress on this front?
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
>>ifyou need to run right after chkdsk, you need a boot-executable
>You can use Zw(Nt)ReadFile / Zw(Nt)WriteFile then.
>There’s something on OSR Online:
>Going Native - Using the NT API for File I/O.
I already tried this. It wont work for me. Any file i/o is useless for me.
Are there any API’s which do direct write to first sector of disk?
If you open the physical device (as Maxim already said), you are able to
access via NtReadFile/WriteFile sectorwise.
What is the result when you try to do so ? Are you doing it sectorwise ?
Else
|---------±-------------------------------->
| | xxxxx@yahoo.com |
| | Sent by: |
| | bounce-316119-16691@li|
| | sts.osr.com |
| | |
| | |
| | 02/29/2008 10:14 AM |
| | Please respond to |
| | “Windows System |
| | Software Devs Interest|
| | List” |
|---------±-------------------------------->
>-------------------------------------------------------------------------------------------------------------|
| |
| To: “Windows System Software Devs Interest List” |
| cc: |
| Subject: RE:[ntdev] How to read/write MBR |
>-------------------------------------------------------------------------------------------------------------|
>>ifyou need to run right after chkdsk, you need a boot-executable
>>You can use Zw(Nt)ReadFile / Zw(Nt)WriteFile then.
>>There’s something on OSR Online:
>>Going Native - Using the NT API for File I/O.
I already tried this. It wont work for me. Any file i/o is useless for me.
Are there any API’s which do direct write to first sector of disk?
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
I tried to open \device\harddiskvolume1\ but it returns STATUS_ACCESS_DENIED.
When CHKDSK finishes it’s work on reboot then it sends IRP_MJ_SHUTDOWN and at this dispatch i am trying to write to MBR/first sector, because there is no other place available at this movement to write.
Any idea!!!
The MBR is outside of harddiskvolume1.
STATUS_ACCESS_DENIED - is this Vista ?
Else
|---------±-------------------------------->
| | xxxxx@yahoo.com |
| | Sent by: |
| | bounce-316123-16691@li|
| | sts.osr.com |
| | |
| | |
| | 02/29/2008 12:08 PM |
| | Please respond to |
| | “Windows System |
| | Software Devs Interest|
| | List” |
|---------±-------------------------------->
>-------------------------------------------------------------------------------------------------------------|
| |
| To: “Windows System Software Devs Interest List” |
| cc: |
| Subject: RE:[ntdev] How to read/write MBR |
>-------------------------------------------------------------------------------------------------------------|
I tried to open \device\harddiskvolume1\ but it returns
STATUS_ACCESS_DENIED.
When CHKDSK finishes it’s work on reboot then it sends IRP_MJ_SHUTDOWN and
at this dispatch i am trying to write to MBR/first sector, because there is
no other place available at this movement to write.
Any idea!!!
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
no it’s windows xp
Read what Else said. The MBR sectors and partition information are
outside of the scope of a volume, so there’s no chance whatsoever of
accessing them given the device name you’re using.
Explore mapping the volume device name you have to the raw disk it
resides on. Open the raw disk device and you can write to any sector you want.
Mark
At 11:49 AM 2/29/2008, xxxxx@yahoo.com wrote:
no it’s windows xp
NTDEV is sponsored by OSR
it is possible to read sector by using interrupt 13h.
Does anyone have idea about how can i use int 13h?
Any API’s?
int13h is Preboot / DOS
Else
|---------±-------------------------------->
| | xxxxx@yahoo.com |
| | Sent by: |
| | bounce-316131-16691@li|
| | sts.osr.com |
| | |
| | |
| | 02/29/2008 01:37 PM |
| | Please respond to |
| | “Windows System |
| | Software Devs Interest|
| | List” |
|---------±-------------------------------->
>-------------------------------------------------------------------------------------------------------------|
| |
| To: “Windows System Software Devs Interest List” |
| cc: |
| Subject: RE:[ntdev] How to read/write MBR |
>-------------------------------------------------------------------------------------------------------------|
it is possible to read sector by using interrupt 13h.
Does anyone have idea about how can i use int 13h?
Any API’s?
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
> I have to modify first sector of disk in a context where i can’t use these
API’s.
It’s the case when i schedule chkdsk on boot partition
ZwCreateFile, ZwReadFile, ZwWriteFile
–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
> it is possible to read sector by using interrupt 13h.
No.
It is dead after NTLDR (not even the kernel) is loaded.
–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
> The MBR is outside of harddiskvolume1.
Surely. Only \Device\Harddisk%d\Partition0 can help, which is named
\.\PhysicalDrive%d in user mode.
–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
It is pretty bizarre that no one on this thread paid any attention to the following excerpt:
[begin quote]
I have to modify first sector of disk in a context where i can’t use these API’s.
[end quote]
If you don’t mind, could you please tell us what you are trying to achieve, in the first place…
Anton Bassov
Anton,
See:
>>ifyou need to run right after chkdsk, you need a boot-executable
>>You can use Zw(Nt)ReadFile / Zw(Nt)WriteFile then.
>>There’s something on OSR Online:
>>Going Native - Using the NT API for File I/O.I already tried this. It wont work for me. Any file i/o is useless for me.
Are there any API’s which do direct write to first sector of disk?
And the reason why they don’t work for him is because he’s using the
wrong device name. And I think he’s got himself confused with the
API names, too.
Mark.
At 06:07 PM 2/29/2008, xxxxx@hotmail.com wrote:
It is pretty bizarre that no one on this thread paid any attention
to the following excerpt:[begin quote]
I have to modify first sector of disk in a context where i can’t use
these API’s.[end quote]
If you don’t mind, could you please tell us what you are trying to
achieve, in the first place…
> If you don’t mind, could you please tell us what you are trying to achieve,
in the first
He told. Native app context (AUTOCHK)
–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
Maxim and Mark,
This is not the question of accessing MBR. What I am wondering about is why the OP needs to *modify* it. If he just wanted to read MBR, I would not even think about it, but modifying it is not the kind of thing you would normally expect from a “good” driver…
Anton Bassov