Hi,
I am trying to port a module on Windows Vista which uses CreateFile(…) Windows API for opening physical drive to perform low level sector read/write. Has anyone successfully done this? On Vista this API returns invalid handle. From GetLastError() it shows “Access is denied” even though the user is an administrator on Vista.
Code snippet:
HANDLE hVolume = CreateFileW(L"\\.\C:", /*LPCTSTR lpFileName*/
GENERIC_READ | GENERIC_WRITE, /*DWORD dwDesiredAccess*/
FILE_SHARE_READ | FILE_SHARE_WRITE, /*DWORD dwShareMode*/
NULL, /*LPSECURITY_ATTRIBUTES lpSecurityAttributes*/
OPEN_EXISTING, /*DWORD dwCreationDisposition*/
FILE_FLAG_WRITE_THROUGH, /*DWORD dwFlagsAndAttributes*/
0); /*HANDLE hTemplateFile*/
This piece of code is working fine on Windows XP. Any help in this direction would be great.
Vista blocks write-access to raw disk sectors for user mode
applications. For details see:
http://theinvisiblethings.blogspot.com/2006/10/vista-rc2-vs-pagefile-attack-and-some.html
But there is a driver patch for resolving this problem. See comments in
the above-stated article.
–
Best regards,
Vladimir Zinin
xxxxx@gmail.com
xxxxx@yahoo.co.in wrote:
Hi,
I am trying to port a module on Windows Vista which uses CreateFile(…) Windows API for opening physical drive to perform low level sector read/write. Has anyone successfully done this? On Vista this API returns invalid handle. From GetLastError() it shows “Access is denied†even though the user is an administrator on Vista.
Code snippet:
HANDLE hVolume = CreateFileW(L"\\.\C:", /*LPCTSTR lpFileName*/
GENERIC_READ | GENERIC_WRITE, /*DWORD dwDesiredAccess*/
FILE_SHARE_READ | FILE_SHARE_WRITE, /*DWORD dwShareMode*/
NULL, /*LPSECURITY_ATTRIBUTES lpSecurityAttributes*/
OPEN_EXISTING, /*DWORD dwCreationDisposition*/
FILE_FLAG_WRITE_THROUGH, /*DWORD dwFlagsAndAttributes*/
0); /*HANDLE hTemplateFile*/
This piece of code is working fine on Windows XP. Any help in this direction would be great.
> I am trying to port a module on Windows Vista which uses CreateFile(…) Windows
API for opening physical drive to perform low level sector read/write.
Your code does not try to open a physical drive…
What it tries to open is a logical volume, mounted on disk partition. If you want to open a physical disk, you have to specify “\\.\Harddisk0” in CreateFile() call. This is how you open *physical* drives. If you specify a drive letter or volume ID in CreateFile() call, you are trying to open either a disk partition ( if the disk is removable), or a logical volume, mounted on disk partition (if the disk is basic)
Anton Bassov
Thanks to Vladimir Zinin and Anton bassov
Vladimir, links that you sent are really useful…good ones
Anton, yes you are correct,mistakenly I put physical drive there… 
Maximuxs - I know you are logged in as Administrator - but its not clear from the post whether the process is running as administrator. I am guessing its not - and the process is running as Statndard User - and that is the reason for access denied message. Standard Users do not have “GENERIC_WRITE” right on C:. Check "icacls c:".
On Vista questions - it would be good if people specify both what they are logged in as and what privileges is the Process running as. Either Logged in as Administrator and Process running as Administrator OR logged in as Administrator and process running as StandardUser. I use the shorthand - LoginGroup-ProcessPriv.
- Administrator-Administrator which you get either by elevating the process, turning UAC off or logged in using the built-in administrator account.
- Administrator-SU which you get by default by just launching the process under UAC.
My 2 cents towards bringing clarity in a split token world.
— Crajyman - NathCorp.