从物理驱动器读取扇区

Posted

技术标签:

【中文标题】从物理驱动器读取扇区【英文标题】:Read a sector from physical drive 【发布时间】:2021-06-19 00:57:45 【问题描述】:

我正在尝试使用 SCSI 命令从我的物理驱动器中读取一个扇区。

我参考了别人的代码,修改了一些,下面是代码。

#include <stddef.h>
#include <stdio.h>
#include <iostream>
#include <windows.h>
#include <winioctl.h>
#define ULONG_PTR ULONG
//#include <ntddscsi.h> // SDK
//#include <spti.h>
#define wszDrive "\\\\.\\PhysicalDrive1"
// by using CreateFileW(), we need to add a L(means wchar_t) before the wszDrive string


#define SPT_CDB_LENGTH 32
#define SPT_SENSE_LENGTH 32
#define SPTWB_DATA_LENGTH 512




#define IOCTL_SCSI_BASE                 FILE_DEVICE_CONTROLLER
//
// NtDeviceIoControlFile IoControlCode values for this device.
//
// Warning:  Remember that the low two bits of the code specify how the
//           buffers are passed to the driver!
//
#define IOCTL_SCSI_PASS_THROUGH_DIRECT  CTL_CODE(IOCTL_SCSI_BASE, 0x0405, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)


//
// Define values for pass-through DataIn field.
//

#define SCSI_IOCTL_DATA_OUT          0
#define SCSI_IOCTL_DATA_IN           1
#define SCSI_IOCTL_DATA_UNSPECIFIED  2


typedef struct _SCSI_PASS_THROUGH_DIRECT 
    USHORT Length;// contains the value of sizeof(SCSI_PASS_THROUGH_DIRECT)
    UCHAR ScsiStatus;// reports the SCSI status that was returned by the HBA or the target device.
    UCHAR PathId;// indicate the SCSI port or bus for the request
    UCHAR TargetId;// indicates the target controller or device on the bus
    UCHAR Lun;// indicates the logical unit number of the device
    UCHAR CdbLength;//indicates the size in bytes of the SCSI command descriptor block
    UCHAR SenseInfoLength;// indicates the size in bytes of the request-sense buffer
    UCHAR DataIn;// indicates whether the SCSI command will read(SCSI_IOCTL_DATA_IN) or write(SCSI_IOCTL_DATA_OUT) data, or no data transferred(SCSI_IOCTL_DATA_UNSPECIFIED)
    ULONG DataTransferLength;//indicates the size in bytes of the data buffer.
    ULONG TimeOutValue;// indicates the interval in seconds that the request can execute before the OS-specific port driver might consider it timed out.
    PVOID DataBuffer;// pointer to the data buffer
    ULONG SenseInfoOffset;// contains an offset from the beginning of this structure to the request-sense buffer.
    UCHAR Cdb[16];// specifies the SCSI command descriptor block to be sent to the target drive.
SCSI_PASS_THROUGH_DIRECT, *PSCSI_PASS_THROUGH_DIRECT;




int main()

    HANDLE hDevice = INVALID_HANDLE_VALUE;
    
    SCSI_PASS_THROUGH_DIRECT sptd;
    
    ULONG length = 0; 
    DWORD bytesReturn; 
    BYTE myBuffer[512]; 
    int iRet;


    hDevice = CreateFile (wszDrive,
                          GENERIC_READ, // dwDesiredAccess: GENERIC_READ means allow read access
                          FILE_SHARE_READ | FILE_SHARE_WRITE, // dwShareMode: FILE_SHARE_READ | FILE_SHARE_WRITE means allow shared access
                          NULL, // lpSecurityAttributes: points to a SECURITY_ATTRIBUTE structure
                          OPEN_EXISTING, // dwCreationDisposition: OPEN_EXISTING(the opening file should be already existing)
                          0, // dwFlagsAndAttributes: some attributes
                          NULL); // hTemplateFile: if not 0, it points to a file handler. The newly created file will copy the attributes from this file.
    
    if(hDevice == INVALID_HANDLE_VALUE)
    
        printf("Get disk handle failed\n");
        return 0;
    
    else
    
        printf("Get disk handle successfully\n");
    

    
    
    int posSector = 14;   //starting at sector 14
    int readSectors = 1 ; // read 1 sector
    ZeroMemory(&sptd, sizeof(SCSI_PASS_THROUGH_DIRECT));
    sptd.Length = sizeof(SCSI_PASS_THROUGH_DIRECT);
    sptd.PathId = 0;
    sptd.TargetId = 1;
    sptd.Lun = 0;
    sptd.CdbLength = 10;
    sptd.DataIn = SCSI_IOCTL_DATA_IN;
    sptd.SenseInfoLength = 24;
    sptd.DataTransferLength = 512 * readSectors;
    sptd.TimeOutValue = 2;
    sptd.DataBuffer = myBuffer;

    
    sptd.Cdb[0] = 0x28 ;
    sptd.Cdb[2] = (posSector>>24)&0xff; // start at sector posSector
    sptd.Cdb[3] = (posSector>>16)&0xff;
    sptd.Cdb[4] = (posSector>>8)&0xff;
    sptd.Cdb[5] = posSector&0xff;
    sptd.Cdb[7] = (readSectors>>8)&0xff; 
    sptd.Cdb[8] = readSectors&0xff;   //
    length = sizeof(SCSI_PASS_THROUGH_DIRECT);
    
    
    
    iRet = DeviceIoControl(hDevice,
            IOCTL_SCSI_PASS_THROUGH_DIRECT,
            &sptd,
            length,
            &sptd,
            length,
            &bytesReturn,
            NULL);
    if (0 == iRet)
    
        printf("Get disk data failed\n");
        printf("Error message: %u\n", GetLastError());
        return 0;
    

    
    
    CloseHandle(hDevice);

    return 0;

我可以得到 HANDLE,我想将 SCSI_PASS_THROUGH_DIRECT 结构传递给设备。

看了微软的文档,还是不明白SCSI_PASS_THROUGH_DIRECT的参数(尤其是CDB)应该怎么设置。

GetLastError() 得到的错误码是 5(拒绝访问)。

有人可以解释一下或给我一些参考链接吗?谢谢。

【问题讨论】:

我把第二个参数改成了(GENERIC_READ | GENERIC_WRITE),错误变成了87(参数不正确) Edit 你的问题,而不是添加带有重要信息的 cmets。 【参考方案1】:

在管理员下运行您的代码。

访问物理驱动器需要管理员权限。

【讨论】:

感谢您的回复。我以管理员身份运行 cmd 并使用 cmd 执行代码,意思是一样的吗?

以上是关于从物理驱动器读取扇区的主要内容,如果未能解决你的问题,请参考以下文章

从物理硬盘读取数据

BIOS INT 13H 问题(从驱动器读取扇区)

读取重新映射的硬盘扇区

读取磁盘:CHS方式

了解硬盘扇区大小

如何确定 Windows 中的扇区大小?