Createfile: Direct Write Operation to Raw Disk "Access Is Denied" - Vista, Win7

CreateFile: direct write operation to raw disk Access is denied - Vista, Win7

It's quite rare to want only GENERIC_WRITE. You most likely want GENERIC_READ|GENERIC_WRITE.

Can I get write access to raw disk sectors under Vista and Windows 7 in user mode?

Yes. The first article you link to provides a longer list of exceptions:

• if the file system is not mounted
• if the file system has been locked.
• if the sectors being written to reside outside file system space (this includes the boot sectors, and the "no file system" case where obviously all sectors are outside the file system)
• if the write request has been flagged by a kernel-mode driver.

Obviously, the last exception is irrelevant to you. User mode is the opposite of kernel mode. The other exceptions still apply.

access denied error from WriteFile to physical disk, win7

I solved this problem several days ago and forgot to check my question here.
This is the code I used. We need GENERIC_READ also for block device when creating the file (for partitioned disk). and the key was dismount first and then lock.

u32 HDD_write(u8 drv, u32 SecAddr, u32 blocks, u8 *buf) {
  u32 ret = 0;
  u32 ldistanceLow, ldistanceHigh, dwpointer, bytestoread, numread;
  char cur_drv[100];
  HANDLE g_hDevice;
  DWORD status;

  //sprintf(cur_drv, "\\\\.\\PhysicalDrive%d", drv);
  sprintf(cur_drv, "\\\\.\\%c:",drv);
  g_hDevice = CreateFile(cur_drv, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);

  if(g_hDevice == INVALID_HANDLE_VALUE)
    return 0;

// dismout and lock added by ckim

  if (!DeviceIoControl(g_hDevice, FSCTL_DISMOUNT_VOLUME,
      NULL, 0, NULL, 0, &status, NULL))
  {
      DWORD err = GetLastError();
      printf("Error %d attempting to dismount volume, error code\n",err);
  }

  // lock volume
  if (!DeviceIoControl(g_hDevice, FSCTL_LOCK_VOLUME,
      NULL, 0, NULL, 0, &status, NULL))
  {
      printf("Error %d attempting to lock device\n", GetLastError());
  }

  ldistanceLow = SecAddr << 9;
  ldistanceHigh = SecAddr >> (32-9);
  dwpointer = SetFilePointer(g_hDevice, ldistanceLow, (long *)&ldistanceHigh, FILE_BEGIN);

  if(dwpointer != 0xFFFFFFFF) {
    bytestoread = blocks * 512;
    ret = WriteFile(g_hDevice, buf, bytestoread, (unsigned long *)&numread, NULL);
    if(ret)   ret = 1;
    else      {
        ret = 0;
        printf("error = %d", GetLastError());
    }
  }

  CloseHandle(g_hDevice);
  return ret;
}

can't write to physical drive in win 7?

This is almost certainly related to preventing the attack found against driver signing by changing sectors in the page file. It will prevent writing to the areas of the disk containing partitions.

See http://msdn.microsoft.com/en-us/library/aa365747%28VS.85%29.aspx and look at the information starting with the text "If you write directly to a volume that has a mounted file system", basically you have to lock the disk's volumes in order to write to their sectors.

Raw partition access in Windows Vista

You can do this on Vista, you may need admin rights, but no special kernel mode driver is needed.

This question shows how to do it How do I read a disk directly with .Net? I was reading the data off the USB stick directly as the file system on the stick was corrupted.

---

Related Topics