📄 diskrw1.cpp
字号:
char dispFormatStr[]="\n %21s : %s";
char dispFormatInt[]="\n %21s : %Xh";
char dispFormatIntD[]="\n %21s : %d";
char dispFormatIntL[]="\n %21s : %ld";
char dispFormatIntH[]="\n %21s : %lXh";
char *bin2string(int length, unsigned char dat[])
{
int i,j;
for(i=0,j=0; i<length; i++)
{
buf[j++] = hexArr[(dat[i]>>4)&0x0f];
buf[j++] = hexArr[dat[i]&0x0f];
}
buf[j] = '\0';
return buf;
}
char *getString(int length, unsigned char dat[])
{
int i;
for(i=0; i<length; i++)
{
buf[i] = dat[i];
}
buf[i] = '\0';
return buf;
}
int detectBitLockDriver(BPB *pBpb)
{
if(pBpb == NULL)
return 0;
if((!memcmp(pBpb->Signature,"-FVE-FS-", 8)) /*|| (!memcmp(pBpb->Signature,"NTFS", 4))*/ )
if((pBpb->SectorsPerCluster==1) || (pBpb->SectorsPerCluster==2) ||
(pBpb->SectorsPerCluster==4) || (pBpb->SectorsPerCluster==8) ||
(pBpb->SectorsPerCluster==0x10) || (pBpb->SectorsPerCluster==0x20) ||
(pBpb->SectorsPerCluster==0x40) || (pBpb->SectorsPerCluster==0x80))
if(pBpb->ReservedClusters==0)
if(pBpb->FatCount==0)
if(pBpb->RootEntries==0)
if(pBpb->Sectors==0)
if(pBpb->SectorsPerFat==0)
if(pBpb->LargeSectors==0)
return 1;
else
printf("\n pBpb->LargeSectors = %d", pBpb->LargeSectors);
else
printf("\n pBpb->SectorsPerFat = %d", pBpb->SectorsPerFat);
else
printf("\n pBpb->Sectors = %d", pBpb->Sectors);
else
printf("\n pBpb->RootEntries = %d", pBpb->RootEntries);
else
printf("\n pBpb->FatCount = %d", pBpb->FatCount);
else
printf("\n pBpb->ReservedClusters = %d", pBpb->ReservedClusters);
else
printf("\n pBpb->SectorsPerCluster = %d", pBpb->SectorsPerCluster);
else
printf("\n pBpb->Signature = %s", bin2string(8, pBpb->Signature));
return 0;
}
/****************************************************************************
****************************************************************************/
int readSectors(HANDLE diskHandle, __int64 ReadStartSector, int dwReadSize, char *pBuf)
{
long readOffsetH;
long readOffsetL;
int res;
unsigned long BytesRead;
//printf("\n readSectors(%lx,", ReadStartSector); printf("%x)", dwReadSize);
readOffsetH = (long)(ReadStartSector>>32);
readOffsetL = (long)(ReadStartSector&0xffffffff);
res = ::SetFilePointer(diskHandle, readOffsetL, &readOffsetH, FILE_BEGIN);
if (res == -1)
{
printf(" SetFilePointer Error = %xh", GetLastError());
return res;
}
// 5) read sector from disk
res = ::ReadFile(diskHandle, pBuf, dwReadSize, &BytesRead, NULL);
if (res == 0)
{
printf(" ReadFile Error = %xh", GetLastError());
return res;
}
return res;
}
void dumpDiskPartInfo(DISK_PART *pDiskPart)
{
if(pDiskPart == NULL)
return;
printf("\n\ndumpDiskPartInfo ...");
printf(dispFormatInt, "Flag", pDiskPart->Flag);
if(pDiskPart->Flag == 0x80)
printf(" (Active)");
printf(dispFormatInt, "StartTrack", pDiskPart->StartTrack);
printf(dispFormatInt, "StartSector", pDiskPart->StartSector);
printf(dispFormatInt, "StartCylinder", pDiskPart->StartCylinder);
printf(dispFormatInt, "SysFlag", pDiskPart->SysFlag);
printf(dispFormatInt, "EndTrack", pDiskPart->EndTrack);
printf(dispFormatInt, "EndSector", pDiskPart->EndSector);
printf(dispFormatInt, "EndCylinder", pDiskPart->EndCylinder);
printf(dispFormatInt, "SectorAddress", pDiskPart->SectorAddress);
printf(dispFormatInt, "NumberOfSector", pDiskPart->NumberOfSector);
printf("\n DiskSize: %3d,%03d(MB)",pDiskPart->NumberOfSector/2/1024/1000, (pDiskPart->NumberOfSector/2/1024)%1000);
}
int readDiskPartTable(HANDLE diskHandle, DiskPartTableNode **pTable, int tableId, DISK_PART *pDiskPart)
{
int i, res;
DISK_PART *pSubDiskPart;
char readBuffer[BOOT_SECTOR_SIZE];
__int64 ReadStartSector=0;
//printf("\n\treadDiskPartTable(%xh, %d, %xh) ...", (int)pTable, tableId, (int)pDiskPart);
AddDiskPartTable(pTable, tableId, pDiskPart);
for(i=0; i<DISK_PART_TABLE_NUM; i++)
if((pDiskPart[i].SysFlag == 0x05) || (pDiskPart[i].SysFlag == 0x0F)) //extend disk
{
memset(readBuffer, 0, sizeof(readBuffer));
ReadStartSector = pDiskPart[i].SectorAddress;
ReadStartSector *= Geometry.BytesPerSector;
res = readSectors(diskHandle, ReadStartSector, BOOT_SECTOR_SIZE, readBuffer);
if((res==-1)||(res==0))
return res;
pSubDiskPart = (DISK_PART *)&readBuffer[0x1BE];
readDiskPartTable(diskHandle, &((*pTable)->pNext[i]), i, pSubDiskPart);
}
//dumpDiskPartTable(gDiskPartTable);
return 1;
}
/****************************************************************************
****************************************************************************/
int readPhyDisk(int phyDiskId, int &partNum, char *bootSectors)
{
char diskString[64];
HANDLE diskHandle;
DWORD dwOutBytes;
int res;
__int64 dwReadStart=0;
char *pBuffer;
sprintf(diskString, "\\\\.\\PhysicalDrive%d", phyDiskId);
partNum = 0;
if(bootSectors == NULL)
return -1;
// 1) Open Disk
diskHandle = ::CreateFile(diskString, //
GENERIC_READ | GENERIC_WRITE, //
FILE_SHARE_READ | FILE_SHARE_WRITE, //
NULL, //
OPEN_EXISTING, //
0, //
NULL); //
if(diskHandle == INVALID_HANDLE_VALUE)
{
printf("\nOpen Disk[%d] Fail !", phyDiskId);
return -1;
}
// 2) LockVolume;
res = ::DeviceIoControl(diskHandle, //
FSCTL_LOCK_VOLUME, //
NULL, 0, //
NULL, 0, //
&dwOutBytes, //
(LPOVERLAPPED)NULL); //
if(res == 0)
{
printf("\nLockVolume Disk[%d] Fail !", phyDiskId);
return -1;
}
// 3) get disk parameters
res = ::DeviceIoControl(diskHandle, //
IOCTL_DISK_GET_DRIVE_GEOMETRY, //
NULL, 0, //
&Geometry, sizeof(DISK_GEOMETRY), //
&dwOutBytes, //
(LPOVERLAPPED)NULL); //
if(res == 0)
{
printf("\nGeometry Disk[%d] Fail !", phyDiskId);
return -1;
}
// 4) read MBR
pBuffer = bootSectors;
memset(pBuffer, 0, BOOT_SECTOR_SIZE);
res = readSectors(diskHandle, dwReadStart, BOOT_SECTOR_SIZE, pBuffer);
if((res==-1)||(res==0))
return res;
partNum++;
// 5) read partition information
int index, hasSubPartTable=0;
DISK_PART *pDiskPart;
pDiskPart = (DISK_PART *)&pBuffer[0x1BE];
printf("\n check partition ...");
if(((UINT8)pBuffer[0x1fe]==(UINT8)0x55)&&((UINT8)pBuffer[0x1ff]==(UINT8)0xaa))
{
for(index=0; index<DISK_PART_TABLE_NUM; index++)
if(pDiskPart[index].Flag == 0x80) //active prime partition
hasSubPartTable = 1;
}
else
printf(" []= %02Xh %02Xh", (UINT8)pBuffer[0x1fe], (UINT8)pBuffer[0x1ff]);
if(hasSubPartTable)
{
printf("\n read partition ...");
readDiskPartTable(diskHandle, &gDiskPartTable , 0, pDiskPart);
}
else
{
printf("no partition.");
}
// 6) UnlockVolume
res = ::DeviceIoControl(diskHandle, //
FSCTL_UNLOCK_VOLUME, //
NULL, 0, //
NULL, 0, //
&dwOutBytes, //
(LPOVERLAPPED)NULL); //
if(res == 0)
{
printf("\nUnlockVolume Disk[%d] Fail !", phyDiskId);
return -1;
}
// 7) close
res = ::CloseHandle(diskHandle);
if(res == 0)
{
printf("\nCloseHandle Disk[%d] Fail !", phyDiskId);
return -1;
}
return res;
}
/****************************************************************************
****************************************************************************/
int main(int argc, char* argv[], char* envp[])
{
int nRetCode = 0;
char buffer[8192];
int res, diskId=0, partNum;
char filename[64];
FILE *fp;
res = DetectTpmDevice();
printf("\n DetectTpmDevice() %s bitLocker !", (res==1?"found":"not found"));
//for(diskId=0; diskId<4; diskId++)
{
res = readPhyDisk(diskId, partNum, buffer);
dumpDiskPartTable(gDiskPartTable);
freeDiskPartTable(gDiskPartTable);
printf("\n\n readPhyDisk(%d) = %Xh", diskId, res);
if(res == 1)
{
/*
sprintf(filename, "disk_%d.dat", diskId);
printf("\n partNum = %d", partNum);
fp = fopen(filename, "wb");
if(fp != NULL)
{
fwrite(buffer, partNum*BOOT_SECTOR_SIZE, 1, fp);
fclose(fp);
}
*/
}
}
return nRetCode;
} ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -