Obtaining the current IDE ATA transfer mode

Greetings,

does someone know how to obtain the current DMA/PIO transfer mode of the
IDE/ATA devices? Our application must be made aware of any potential
settings/configurations affecting the disk access performance. I thought a
well-documented IOCTL would be available, but I googled for a while and
looked in the NTDev archives without success.

Thanks,

Patrick

Send ATA command to disk by ATA_PASS_THROUGH,
but ATA_PASS_THROUGH have a 48bit command bug on current os (xp sp2, x64. ect).

On 6/11/05, Patrick Laniel wrote:
> Greetings,
>
> does someone know how to obtain the current DMA/PIO transfer mode of the
> IDE/ATA devices? Our application must be made aware of any potential
> settings/configurations affecting the disk access performance. I thought a
> well-documented IOCTL would be available, but I googled for a while and
> looked in the NTDev archives without success.
>
> Thanks,
>
> Patrick
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@gmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

Try WMI.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “Patrick Laniel”
To: “Windows System Software Devs Interest List”
Sent: Saturday, June 11, 2005 2:11 AM
Subject: [ntdev] Obtaining the current IDE ATA transfer mode

> Greetings,
>
> does someone know how to obtain the current DMA/PIO transfer mode of the
> IDE/ATA devices? Our application must be made aware of any potential
> settings/configurations affecting the disk access performance. I thought a
> well-documented IOCTL would be available, but I googled for a while and
> looked in the NTDev archives without success.
>
> Thanks,
>
> Patrick
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

Thanks Maxim and Leo,

I already had a look at the WMI capabilities before posting. I looked again
but still can`t find anything that specifies the current DMA/PIO mode of the
ATA drives. Did you have any particular class in mind?

I found some specifications of the ATA_IDENTIFY command (using the IOCTL
ATA_PASS_THROUGH as Leo suggested, or a SMART command). It seems to contain
the selected DMA mode. I’ll give it a try.

Patrick

Maxim wrote:
Try WMI.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

IDENTIFY DEVICE always contains the currently selected PIO and DMA
transfer modes. (See ATA/ATAPI-7 if you want the gory details).

Note - IOCTL_ATA_PASS_THROUGH won’t work on all OS’s and with all
drivers. (It’s a security hole that some people close)

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Patrick Laniel
Sent: Tuesday, June 14, 2005 3:58 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Obtaining the current IDE ATA transfer mode
Importance: Low

Thanks Maxim and Leo,

I already had a look at the WMI capabilities before posting. I looked
again
but still can`t find anything that specifies the current DMA/PIO mode of
the
ATA drives. Did you have any particular class in mind?

I found some specifications of the ATA_IDENTIFY command (using the IOCTL
ATA_PASS_THROUGH as Leo suggested, or a SMART command). It seems to
contain
the selected DMA mode. I’ll give it a try.

Patrick

Maxim wrote:
Try WMI.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@nvidia.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

I’m intimately familiar with how little ATA_PASS_THROUGH is available
today. And how nonfunctional some implementations are. However, your
statement about it being a security hole is, frankly, full of holes.

How is it a security hole? You have to be admin to use it. Admins already
can do whatever they like with the system, even taking all the data,
including in-memory decrypted data from encrypted files.

By definition, there is no protection from an admin. If you don’t trust
your admin, you need to get a new admin.

So again, how is ATA_PASS_THROUGH a security hole?

Phil

Philip D. Barila
Seagate Technology LLC
(720) 684-1842

“Mark Overby”
om> To
Sent by: “Windows System Software Devs
bounce-211877-643 Interest List”
xxxxx@lists.osr.com
No Phone Info cc
Available
Subject
RE: [ntdev] Obtaining the current
06/14/2005 12:08 IDE ATA transfer mode
PM

Please respond to
“Windows System
Software Devs
Interest List”
com>

IDENTIFY DEVICE always contains the currently selected PIO and DMA
transfer modes. (See ATA/ATAPI-7 if you want the gory details).

Note - IOCTL_ATA_PASS_THROUGH won’t work on all OS’s and with all
drivers. (It’s a security hole that some people close)

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Patrick Laniel
Sent: Tuesday, June 14, 2005 3:58 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Obtaining the current IDE ATA transfer mode
Importance: Low

Thanks Maxim and Leo,

I already had a look at the WMI capabilities before posting. I looked
again
but still can`t find anything that specifies the current DMA/PIO mode of
the
ATA drives. Did you have any particular class in mind?

I found some specifications of the ATA_IDENTIFY command (using the IOCTL
ATA_PASS_THROUGH as Leo suggested, or a SMART command). It seems to
contain
the selected DMA mode. I’ll give it a try.

Patrick

Maxim wrote:
Try WMI.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@nvidia.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Specificity, specificity. I does not work on 2000 up through XP SP1. On XP
SP2 and Server 2003 it does work, … well, lets say it works more better
since you cannot do DMA with ATA pass-through. And I agree with Phil, when
the only one that can use it is an Admin, how can it possibly be a security
hole?


The personal opinion of
Gary G. Little

“Mark Overby” wrote in message news:xxxxx@ntdev…
IDENTIFY DEVICE always contains the currently selected PIO and DMA
transfer modes. (See ATA/ATAPI-7 if you want the gory details).

Note - IOCTL_ATA_PASS_THROUGH won’t work on all OS’s and with all
drivers. (It’s a security hole that some people close)

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Patrick Laniel
Sent: Tuesday, June 14, 2005 3:58 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Obtaining the current IDE ATA transfer mode
Importance: Low

Thanks Maxim and Leo,

I already had a look at the WMI capabilities before posting. I looked
again
but still can`t find anything that specifies the current DMA/PIO mode of
the
ATA drives. Did you have any particular class in mind?

I found some specifications of the ATA_IDENTIFY command (using the IOCTL
ATA_PASS_THROUGH as Leo suggested, or a SMART command). It seems to
contain
the selected DMA mode. I’ll give it a try.

Patrick

Maxim wrote:
Try WMI.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@nvidia.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Here’s a good example. I can turn your drive into a complete and total
brick with one command through the ATA security feature set.

Sure, an admin could erase and/or wipe data - agreed.

However, IOCTL_ATA_PASS_THROUGH does NOT require administrator privilege
(at least on XP it doesn’t). (Any more than SCSI pass through does (if
it did 99% of your cd-burning apps would stop working).

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Philip D Barila
Sent: Tuesday, June 14, 2005 11:49 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Obtaining the current IDE ATA transfer mode

I’m intimately familiar with how little ATA_PASS_THROUGH is available
today. And how nonfunctional some implementations are. However, your
statement about it being a security hole is, frankly, full of holes.

How is it a security hole? You have to be admin to use it. Admins
already
can do whatever they like with the system, even taking all the data,
including in-memory decrypted data from encrypted files.

By definition, there is no protection from an admin. If you don’t trust
your admin, you need to get a new admin.

So again, how is ATA_PASS_THROUGH a security hole?

Phil

Philip D. Barila
Seagate Technology LLC
(720) 684-1842

“Mark Overby”


om>
To
Sent by: “Windows System Software Devs

bounce-211877-643 Interest List”

xxxxx@lists.osr.com

No Phone Info
cc
Available

Subject
RE: [ntdev] Obtaining the current

06/14/2005 12:08 IDE ATA transfer mode

PM

Please respond to

“Windows System

Software Devs

Interest List”


com>

IDENTIFY DEVICE always contains the currently selected PIO and DMA
transfer modes. (See ATA/ATAPI-7 if you want the gory details).

Note - IOCTL_ATA_PASS_THROUGH won’t work on all OS’s and with all
drivers. (It’s a security hole that some people close)

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Patrick Laniel
Sent: Tuesday, June 14, 2005 3:58 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Obtaining the current IDE ATA transfer mode
Importance: Low

Thanks Maxim and Leo,

I already had a look at the WMI capabilities before posting. I looked
again
but still can`t find anything that specifies the current DMA/PIO mode of
the
ATA drives. Did you have any particular class in mind?

I found some specifications of the ATA_IDENTIFY command (using the IOCTL
ATA_PASS_THROUGH as Leo suggested, or a SMART command). It seems to
contain
the selected DMA mode. I’ll give it a try.

Patrick

Maxim wrote:
Try WMI.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@nvidia.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@nvidia.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

IOCTL_ATA_PASS_THROUGH does not force an admin on my machine. (XP SP2)

Assuming for the moment it is true … What prevents a virus writer (or
some other piece of malicious code) from attacking
IOCTL_ATA_PASS_THROUGH with system privilege and passing a SECURITY
ERASE UNIT command (for example). (Ok, they could attack it directly
through the registers too, but that’s a little harder). Or issuing a set
password sequence?

Perhaps a better phrasing would have been a drive integrity hole, but
the point is the same.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Tuesday, June 14, 2005 12:42 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Obtaining the current IDE ATA transfer mode

Specificity, specificity. I does not work on 2000 up through XP SP1. On
XP
SP2 and Server 2003 it does work, … well, lets say it works more
better
since you cannot do DMA with ATA pass-through. And I agree with Phil,
when
the only one that can use it is an Admin, how can it possibly be a
security
hole?


The personal opinion of
Gary G. Little

“Mark Overby” wrote in message news:xxxxx@ntdev…
IDENTIFY DEVICE always contains the currently selected PIO and DMA
transfer modes. (See ATA/ATAPI-7 if you want the gory details).

Note - IOCTL_ATA_PASS_THROUGH won’t work on all OS’s and with all
drivers. (It’s a security hole that some people close)

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Patrick Laniel
Sent: Tuesday, June 14, 2005 3:58 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Obtaining the current IDE ATA transfer mode
Importance: Low

Thanks Maxim and Leo,

I already had a look at the WMI capabilities before posting. I looked
again
but still can`t find anything that specifies the current DMA/PIO mode of
the
ATA drives. Did you have any particular class in mind?

I found some specifications of the ATA_IDENTIFY command (using the IOCTL
ATA_PASS_THROUGH as Leo suggested, or a SMART command). It seems to
contain
the selected DMA mode. I’ll give it a try.

Patrick

Maxim wrote:
Try WMI.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@nvidia.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@nvidia.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Yeah, we’ve been over that ATA SECURITY stuff already. I’m not getting
into that here.

I can see you are a bit confused about what you need to be admin for and
what you don’t…

IOCTL_ATA_PASS_THROUGH pretty much only works on disk devices, because
SCSI_PASS_THROUGH is a better interface for ATAPI devices.
SCSI_PASS_THROUGH works on any (pseudo) SCSI device for which you have an
open handle. You have to be admin to open a handle to \.\PhysicalDriveN,
but you do NOT need to be admin to open a handle to \.\CdRomN.

That’s why your CD burning stuff works, even if you’re not admin.

Phil

Philip D. Barila
Seagate Technology LLC
(720) 684-1842

“Mark Overby”
om> To
Sent by: “Windows System Software Devs
bounce-211969-643 Interest List”
xxxxx@lists.osr.com
No Phone Info cc
Available
Subject
RE: [ntdev] Obtaining the current
06/15/2005 01:38 IDE ATA transfer mode
PM

Please respond to
“Windows System
Software Devs
Interest List”
com>

Here’s a good example. I can turn your drive into a complete and total
brick with one command through the ATA security feature set.

Sure, an admin could erase and/or wipe data - agreed.

However, IOCTL_ATA_PASS_THROUGH does NOT require administrator privilege
(at least on XP it doesn’t). (Any more than SCSI pass through does (if
it did 99% of your cd-burning apps would stop working).

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Philip D Barila
Sent: Tuesday, June 14, 2005 11:49 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Obtaining the current IDE ATA transfer mode

I’m intimately familiar with how little ATA_PASS_THROUGH is available
today. And how nonfunctional some implementations are. However, your
statement about it being a security hole is, frankly, full of holes.

How is it a security hole? You have to be admin to use it. Admins
already
can do whatever they like with the system, even taking all the data,
including in-memory decrypted data from encrypted files.

By definition, there is no protection from an admin. If you don’t trust
your admin, you need to get a new admin.

So again, how is ATA_PASS_THROUGH a security hole?

Phil

Philip D. Barila
Seagate Technology LLC
(720) 684-1842

“Mark Overby”


om>
To
Sent by: “Windows System Software Devs

bounce-211877-643 Interest List”

xxxxx@lists.osr.com

No Phone Info
cc
Available

Subject
RE: [ntdev] Obtaining the current

06/14/2005 12:08 IDE ATA transfer mode

PM

Please respond to

“Windows System

Software Devs

Interest List”


com>

IDENTIFY DEVICE always contains the currently selected PIO and DMA
transfer modes. (See ATA/ATAPI-7 if you want the gory details).

Note - IOCTL_ATA_PASS_THROUGH won’t work on all OS’s and with all
drivers. (It’s a security hole that some people close)

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Patrick Laniel
Sent: Tuesday, June 14, 2005 3:58 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Obtaining the current IDE ATA transfer mode
Importance: Low

Thanks Maxim and Leo,

I already had a look at the WMI capabilities before posting. I looked
again
but still can`t find anything that specifies the current DMA/PIO mode of
the
ATA drives. Did you have any particular class in mind?

I found some specifications of the ATA_IDENTIFY command (using the IOCTL
ATA_PASS_THROUGH as Leo suggested, or a SMART command). It seems to
contain
the selected DMA mode. I’ll give it a try.

Patrick

Maxim wrote:
Try WMI.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@nvidia.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@nvidia.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

If a malicious individual can do that, they can also issue a FORMAT UNIT to
a SCSI disk using SCSI_PASS_THROUGH, then immediately force a power-off,
and create yet another brick. Brick production is not limited to ATA
devices. Or they could FORMAT with a different sector size, let the FORMAT
succeed, and it’s still a royal pain to get back. Data’s sure gone.

See my other message. Run your ATA_PASS_THROUGH widget against an ATA disk
in a non-privileged account. I have, and I couldn’t get a valid handle to
the device. I wasn’t trying maliciously to get a handle I shouldn’t have,
mind you, that wasn’t my purpose. I was simply verifying that if I colored
inside the lines, the access was denied as documented. In my experience,
it was.

If I had a valid handle, I’m sure it would have worked, because, AFAIK, the
only permission check is on open, not on every access, but I could be wrong
about that.

Phil

Philip D. Barila
Seagate Technology LLC
(720) 684-1842

“Mark Overby”
om> To
Sent by: “Windows System Software Devs
bounce-211971-643 Interest List”
xxxxx@lists.osr.com
No Phone Info cc
Available
Subject
RE: [ntdev] Obtaining the current
06/15/2005 01:41 IDE ATA transfer mode
PM

Please respond to
“Windows System
Software Devs
Interest List”
com>

IOCTL_ATA_PASS_THROUGH does not force an admin on my machine. (XP SP2)

Assuming for the moment it is true … What prevents a virus writer (or
some other piece of malicious code) from attacking
IOCTL_ATA_PASS_THROUGH with system privilege and passing a SECURITY
ERASE UNIT command (for example). (Ok, they could attack it directly
through the registers too, but that’s a little harder). Or issuing a set
password sequence?

Perhaps a better phrasing would have been a drive integrity hole, but
the point is the same.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Tuesday, June 14, 2005 12:42 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Obtaining the current IDE ATA transfer mode

Specificity, specificity. I does not work on 2000 up through XP SP1. On
XP
SP2 and Server 2003 it does work, … well, lets say it works more
better
since you cannot do DMA with ATA pass-through. And I agree with Phil,
when
the only one that can use it is an Admin, how can it possibly be a
security
hole?


The personal opinion of
Gary G. Little

“Mark Overby” wrote in message news:xxxxx@ntdev…
IDENTIFY DEVICE always contains the currently selected PIO and DMA
transfer modes. (See ATA/ATAPI-7 if you want the gory details).

Note - IOCTL_ATA_PASS_THROUGH won’t work on all OS’s and with all
drivers. (It’s a security hole that some people close)

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Patrick Laniel
Sent: Tuesday, June 14, 2005 3:58 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Obtaining the current IDE ATA transfer mode
Importance: Low

Thanks Maxim and Leo,

I already had a look at the WMI capabilities before posting. I looked
again
but still can`t find anything that specifies the current DMA/PIO mode of
the
ATA drives. Did you have any particular class in mind?

I found some specifications of the ATA_IDENTIFY command (using the IOCTL
ATA_PASS_THROUGH as Leo suggested, or a SMART command). It seems to
contain
the selected DMA mode. I’ll give it a try.

Patrick

Maxim wrote:
Try WMI.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@nvidia.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@nvidia.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Well, sorry, but it most certainly does. Phil and I have spent two years
working on a project that requires ATA pass through as implemented in SP2
for XP, or Server 2003. I personally tested it with a system set for
non-admin accounts ande it simply does NOT work. Besides that project I also
develope diagnostics for Seagate in XP SP2 and all of that code requires
admin login … else the attempt to create a handle as non-admin is denied.
Note that Seagate being a HARD DISC company, we only care about access to
hard disc. Tapes and CR’s make good back ups HDDs . (I say … I say that’s
a joke son!)

As to SCSI pass through, the docs do say that admin is not required. Yes but
… you have to create the file handle and if I’m not mistaken opening
\PhysicalDriveN using GENERIC_READ/WRITE requires admin … but on that I
am shaky since all of my testing has been as Admin and on ATA until
recently.

Goo’ness where’s Nathan Obr when you need him. Some body set this po’
misguided soul straight!!!

:slight_smile:


Gary G. Little

“Mark Overby” wrote in message news:xxxxx@ntdev…
Here’s a good example. I can turn your drive into a complete and total
brick with one command through the ATA security feature set.

Sure, an admin could erase and/or wipe data - agreed.

However, IOCTL_ATA_PASS_THROUGH does NOT require administrator privilege
(at least on XP it doesn’t). (Any more than SCSI pass through does (if
it did 99% of your cd-burning apps would stop working).

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Philip D Barila
Sent: Tuesday, June 14, 2005 11:49 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Obtaining the current IDE ATA transfer mode

I’m intimately familiar with how little ATA_PASS_THROUGH is available
today. And how nonfunctional some implementations are. However, your
statement about it being a security hole is, frankly, full of holes.

How is it a security hole? You have to be admin to use it. Admins
already
can do whatever they like with the system, even taking all the data,
including in-memory decrypted data from encrypted files.

By definition, there is no protection from an admin. If you don’t trust
your admin, you need to get a new admin.

So again, how is ATA_PASS_THROUGH a security hole?

Phil

Philip D. Barila
Seagate Technology LLC
(720) 684-1842

“Mark Overby”


om>
To
Sent by: “Windows System Software Devs

bounce-211877-643 Interest List”

xxxxx@lists.osr.com

No Phone Info
cc
Available

Subject
RE: [ntdev] Obtaining the current

06/14/2005 12:08 IDE ATA transfer mode

PM

Please respond to

“Windows System

Software Devs

Interest List”


com>

IDENTIFY DEVICE always contains the currently selected PIO and DMA
transfer modes. (See ATA/ATAPI-7 if you want the gory details).

Note - IOCTL_ATA_PASS_THROUGH won’t work on all OS’s and with all
drivers. (It’s a security hole that some people close)

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Patrick Laniel
Sent: Tuesday, June 14, 2005 3:58 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Obtaining the current IDE ATA transfer mode
Importance: Low

Thanks Maxim and Leo,

I already had a look at the WMI capabilities before posting. I looked
again
but still can`t find anything that specifies the current DMA/PIO mode of
the
ATA drives. Did you have any particular class in mind?

I found some specifications of the ATA_IDENTIFY command (using the IOCTL
ATA_PASS_THROUGH as Leo suggested, or a SMART command). It seems to
contain
the selected DMA mode. I’ll give it a try.

Patrick

Maxim wrote:
Try WMI.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@nvidia.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@nvidia.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

We’re going to have to agree to disagree. (Which is OK :slight_smile: )

I’ve got an XP SP2 system right here where I can get a handle to the HDD
to do this as a power user. (No, I can’t share the code). I will admin
it is not simple or intuitive, but it is possible.

On top of which, how many people do you know that run as Admin anyway?
I’d be unsuprised if it were many. After all, isn’t that why Microsoft
at WinHec said they’re creating a new level of permissions for longhorn
that isn’t admin, but let’s you do much of what people have to run as
admin for?

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Wednesday, June 15, 2005 9:06 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Obtaining the current IDE ATA transfer mode

Well, sorry, but it most certainly does. Phil and I have spent two years

working on a project that requires ATA pass through as implemented in
SP2
for XP, or Server 2003. I personally tested it with a system set for
non-admin accounts ande it simply does NOT work. Besides that project I
also
develope diagnostics for Seagate in XP SP2 and all of that code requires

admin login … else the attempt to create a handle as non-admin is
denied.
Note that Seagate being a HARD DISC company, we only care about access
to
hard disc. Tapes and CR’s make good back ups HDDs . (I say … I say
that’s
a joke son!)

As to SCSI pass through, the docs do say that admin is not required. Yes
but
… you have to create the file handle and if I’m not mistaken opening
\PhysicalDriveN using GENERIC_READ/WRITE requires admin … but on that
I
am shaky since all of my testing has been as Admin and on ATA until
recently.

Goo’ness where’s Nathan Obr when you need him. Some body set this po’
misguided soul straight!!!

:slight_smile:


Gary G. Little

“Mark Overby” wrote in message news:xxxxx@ntdev…
Here’s a good example. I can turn your drive into a complete and total
brick with one command through the ATA security feature set.

Sure, an admin could erase and/or wipe data - agreed.

However, IOCTL_ATA_PASS_THROUGH does NOT require administrator privilege
(at least on XP it doesn’t). (Any more than SCSI pass through does (if
it did 99% of your cd-burning apps would stop working).

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Philip D Barila
Sent: Tuesday, June 14, 2005 11:49 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Obtaining the current IDE ATA transfer mode

I’m intimately familiar with how little ATA_PASS_THROUGH is available
today. And how nonfunctional some implementations are. However, your
statement about it being a security hole is, frankly, full of holes.

How is it a security hole? You have to be admin to use it. Admins
already
can do whatever they like with the system, even taking all the data,
including in-memory decrypted data from encrypted files.

By definition, there is no protection from an admin. If you don’t trust
your admin, you need to get a new admin.

So again, how is ATA_PASS_THROUGH a security hole?

Phil

Philip D. Barila
Seagate Technology LLC
(720) 684-1842

“Mark Overby”


om>
To
Sent by: “Windows System Software Devs

bounce-211877-643 Interest List”

xxxxx@lists.osr.com

No Phone Info
cc
Available

Subject
RE: [ntdev] Obtaining the current

06/14/2005 12:08 IDE ATA transfer mode

PM

Please respond to

“Windows System

Software Devs

Interest List”


com>

IDENTIFY DEVICE always contains the currently selected PIO and DMA
transfer modes. (See ATA/ATAPI-7 if you want the gory details).

Note - IOCTL_ATA_PASS_THROUGH won’t work on all OS’s and with all
drivers. (It’s a security hole that some people close)

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Patrick Laniel
Sent: Tuesday, June 14, 2005 3:58 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Obtaining the current IDE ATA transfer mode
Importance: Low

Thanks Maxim and Leo,

I already had a look at the WMI capabilities before posting. I looked
again
but still can`t find anything that specifies the current DMA/PIO mode of
the
ATA drives. Did you have any particular class in mind?

I found some specifications of the ATA_IDENTIFY command (using the IOCTL
ATA_PASS_THROUGH as Leo suggested, or a SMART command). It seems to
contain
the selected DMA mode. I’ll give it a try.

Patrick

Maxim wrote:
Try WMI.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@nvidia.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@nvidia.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@nvidia.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Mark,

You’ve changed your tune. First you said ATA_PASS_THROUGH is a security
hole.

Now you’re admitting that you can get a handle with admin privilege as a
Power User. Would it be safe to state that you can write any sector on
\.\PhysicalDrive0 with that handle? If so, you should probably share your
exploit code with Microsoft, I suspect they’d like to plug that hole. If
all the above is true, the hole has nothing to do with ATA_PASS_THROUGH.

Phil

Philip D. Barila
Seagate Technology LLC
(720) 684-1842

“Mark Overby”
om> To
Sent by: “Windows System Software Devs
bounce-212067-643 Interest List”
xxxxx@lists.osr.com
No Phone Info cc
Available
Subject
RE: [ntdev] Obtaining the current
06/16/2005 12:58 IDE ATA transfer mode
PM

Please respond to
“Windows System
Software Devs
Interest List”
com>

We’re going to have to agree to disagree. (Which is OK :slight_smile: )

I’ve got an XP SP2 system right here where I can get a handle to the HDD
to do this as a power user. (No, I can’t share the code). I will admin
it is not simple or intuitive, but it is possible.

On top of which, how many people do you know that run as Admin anyway?
I’d be unsuprised if it were many. After all, isn’t that why Microsoft
at WinHec said they’re creating a new level of permissions for longhorn
that isn’t admin, but let’s you do much of what people have to run as
admin for?

It seems that my original question has been lost with all these discussions about the potential security hole with ATA_PASS_THROUGH, so I will restate it again.

Like I mentioned earlier, we would like to determine the transfer mode (PIO/DMA/UDMA) that a W2k machine is using at a given time when accessing the IDE hard drives. Our application cannot afford the CPU penalty of running in PIO mode and we want to find a way to notify the user. Note that our application is not sold as a product by itself, but part of an integrated hardware/software solution.

Some IDENTIFY_DEVICE fields do show which DMA/UDMA mode is selected, but they are not updated when Windows switch to PIO. We therefore need to obtain the Windows current transfer mode from some higher level component in the system.

Thanks,

Patrick

What problem are you really trying to solve that you think you need to know
the transfer mode of these devices?

How do you know you can’t afford the CPU hit? Do you have a CPU bound
foreground app running 24x7? Do you have unreasonable latency requirements
on something else?

Keep in mind that the reason the OS throttles down the ATA transfer rate
from UDMA 5 to 4 to 3 to PIO, is that errors are detected. If your
hardware is fully functional, the only other cause for Windows to do that
is a flaky cable. If you have this happening more frequently than once in
a blue moon, find yourself a new cable vendor with better QA. If it’s the
hardware failing, you need to replace it anyway. Since you are part of a
package, this is a matter of QA for the package assembler, more than
anything else.

I don’t think the IOCTLs that the property page DLL (storprop.dll?) and
atapi.sys share are documented, but you might check the DDK, as I not too
sure about that. If they aren’t, you could probably get them from
Microsoft PSS if you make a sound business case for having them. If that
fails, you could try sorting them out yourself. Do you have a
source-license? Just look there. If not, you could probably do it with a
filter. I don’t know if IrpTracker is sufficient for this, or if you will
need something more focussed.

If your CPU utilization is really this critical, then perhaps you might
need to consider that an embedded SCSI adapter might be appropriate, for
the reason that modern SCSI controllers don’t do PIO, they just DMA at
whatever speed is running on the bus. So even if the OS throttles down the
transfer speed to minimum, the CPU hit is still approximately zero.

Phil

Philip D. Barila
Seagate Technology LLC
(720) 684-1842

“Patrick Laniel”

Sent by: To
bounce-212136-643 “Windows System Software Devs
xxxxx@lists.osr.com Interest List”
No Phone Info
Available cc

Subject
06/17/2005 05:50 RE:[ntdev] Obtaining the current
AM IDE ATA transfer mode

Please respond to
“Windows System
Software Devs
Interest List”
com>

It seems that my original question has been lost with all these discussions
about the potential security hole with ATA_PASS_THROUGH, so I will restate
it again.

Like I mentioned earlier, we would like to determine the transfer mode
(PIO/DMA/UDMA) that a W2k machine is using at a given time when accessing
the IDE hard drives. Our application cannot afford the CPU penalty of
running in PIO mode and we want to find a way to notify the user. Note that
our application is not sold as a product by itself, but part of an
integrated hardware/software solution.

Some IDENTIFY_DEVICE fields do show which DMA/UDMA mode is selected, but
they are not updated when Windows switch to PIO. We therefore need to
obtain the Windows current transfer mode from some higher level component
in the system.

Thanks,

Patrick

RE: Obtaining the current IDE ATA transfer modeSetting UDMA/PIO mode requires reading and writing PCI configuration information as well as setting the ATA configuration. I have looked but have so far not found a method of doing this using SMART or even an IOCTL. If you haven’t, you might try the SetupDXxxx commands to provide the data structure with the infallible information you need. Also, have you looked at the registry information for the disk drive class driver. I did a search on the KB for UDMA and found a reference to a registry key for transfer modes. There are kernel commands to attain the info you want such as HwIdeTransferModeSelect and HwIdeXUdmaModeSelect. How to get to those from user mode is the question and I haven’t the time to do much more than I have. Hope this gives you some ideas.


The personal opinion of
Gary G. Little
“Patrick Laniel” wrote in message news:xxxxx@ntdev…
It seems that my original question has been lost with all these discussions about the potential security hole with ATA_PASS_THROUGH, so I will restate it again.

Like I mentioned earlier, we would like to determine the transfer mode (PIO/DMA/UDMA) that a W2k machine is using at a given time when accessing the IDE hard drives. Our application cannot afford the CPU penalty of running in PIO mode and we want to find a way to notify the user. Note that our application is not sold as a product by itself, but part of an integrated hardware/software solution.

Some IDENTIFY_DEVICE fields do show which DMA/UDMA mode is selected, but they are not updated when Windows switch to PIO. We therefore need to obtain the Windows current transfer mode from some higher level component in the system.

Thanks,

Patrick

RE: Obtaining the current IDE ATA transfer mode Modern hardware and modern Windows nearly never run IDE disks in PIO mode. So, you can skip this feature in your app (which I think is not a disk management tool) and just try to run. If the CPU load will be too high and the app will fail due to this - then show the failure warning to the user and suggest him/her to switch the disks to DMA mode.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: Patrick Laniel
To: Windows System Software Devs Interest List
Sent: Friday, June 17, 2005 3:50 PM
Subject: RE:[ntdev] Obtaining the current IDE ATA transfer mode

It seems that my original question has been lost with all these discussions about the potential security hole with ATA_PASS_THROUGH, so I will restate it again.

Like I mentioned earlier, we would like to determine the transfer mode (PIO/DMA/UDMA) that a W2k machine is using at a given time when accessing the IDE hard drives. Our application cannot afford the CPU penalty of running in PIO mode and we want to find a way to notify the user. Note that our application is not sold as a product by itself, but part of an integrated hardware/software solution.

Some IDENTIFY_DEVICE fields do show which DMA/UDMA mode is selected, but they are not updated when Windows switch to PIO. We therefore need to obtain the Windows current transfer mode from some higher level component in the system.

Thanks,

Patrick


Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Maxim,

we had some systems that suddenly became very slow (but still functional) and the hard disk was found to be the culprit. Although we haven’t yet been able to confirm it 100%, the symptoms lead us to think that Windows felt back to PIO, presumably due to a high failure rate in the faster DMA mode. It is a very complex system and it would have been very convenient to automatically and positively detect that situation.

Patrick


Subject: Re: RE:Obtaining the current IDE ATA transfer mode
From: “Maxim S. Shatskih”
Date: Sun, 19 Jun 2005 01:42:01 +0400
X-Message-Number: 9

This is a multi-part message in MIME format.

------=_NextPart_000_021A_01C57470.16D23040
Content-Type: text/plain;
charset=“iso-8859-1”
Content-Transfer-Encoding: quoted-printable

RE: Obtaining the current IDE ATA transfer mode Modern hardware and =
modern Windows nearly never run IDE disks in PIO mode. So, you can skip =
this feature in your app (which I think is not a disk management tool) =
and just try to run. If the CPU load will be too high and the app will =
fail due to this - then show the failure warning to the user and suggest =
him/her to switch the disks to DMA mode.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com