'Reading Boot Sector on Windows

I created a little program on python that reads the boot sector at a low level so it will not corrupt the device. I successfully ran this program yesterday in Linux and I got the idea to do the same thing in Windows. But the only problem that came was that I wasn't enabled to read for example:\Device\Harddisk0\Partition1, the boot partition or \Device\Harddisk0\DR0, the raw disk 0. Each time that I try it throws an error: No such a file or a directory

What I am doing wrong?

pythonwindowsmbr


Solution 1:[1]

The Correct Way To Do It Is:

import os
disk_fd = os.open( r"\\.\PhysicalDrive0", os.O_RDONLY | os.O_BINARY)
data = os.read(disk_fd, 512)
os.close(disk_fd)

Thanks To @eryksun

Solution 2:[2]

all depended from NT or WIN32 api you using. ZwOpenFile or CreateFileW ?

\Device\Harddisk0\Partition1 is NT name format and must be used in ZwOpenFile or ZwCreateFile only.

for use this name in CreateFileW you must prefix it by \\?\globalroot

so code example - (using both NT and win32 calls in single function) 

void xxx()
{
    HANDLE hFile;
    IO_STATUS_BLOCK iosb;
    UNICODE_STRING ObjectName;
    OBJECT_ATTRIBUTES oa = { sizeof(oa), 0, &ObjectName, OBJ_CASE_INSENSITIVE };
    RtlInitUnicodeString(&ObjectName, L"\\Device\\Harddisk0\\Partition1");

    UCHAR buf[0x200];
    if (0 <= ZwOpenFile(&hFile, FILE_GENERIC_READ, &oa, &iosb, FILE_SHARE_VALID_FLAGS, FILE_SYNCHRONOUS_IO_NONALERT))
    {
        LARGE_INTEGER ByteOffset = {};
        ZwReadFile(hFile, 0, 0, 0, &iosb, buf, sizeof(buf), &ByteOffset, 0);
        ZwClose(hFile);
    }

    hFile = CreateFile(L"\\\\?\\globalroot\\Device\\Harddisk0\\Partition1", FILE_GENERIC_READ, FILE_SHARE_VALID_FLAGS,
        0, OPEN_EXISTING, 0, 0);

    if (hFile != INVALID_HANDLE_VALUE)
    {
        OVERLAPPED ov = {};
        ULONG n;
        ReadFile(hFile, buf, sizeof(buf), &n, &ov);
        CloseHandle(hFile);
    }
}

also you can use next SymbolicLinks with CreateFileW :

  • \\?\Harddisk<X>Partition<Y> - for partition (1,2,..) on HardDisk (0,1,..)
  • \\?\PhysicalDrive<X> for HardDisk (0,1,..)

all depend from - how you got this paths ? or you simply hardcode it ?

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Zeiad Badawy
Solution 2

Related Questions

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

pip issue installing almost any library

pip issue installing almost any library

pip issue installing almost any library

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

A simple SMTP server (in Python)

How to specify which pytorch to import, if I have two different versions installed?

How to specify which pytorch to import, if I have two different versions installed?

A simple SMTP server (in Python)

Python: get all months in range?

Python: get all months in range?

Python: get all months in range?

How to specify which pytorch to import, if I have two different versions installed?