Direct read and write keywords on disk logic sectors under different Windows platforms: vwin32, interrupt, Deviceiocontrol
1. Overview Under the DOS operating system, it is very convenient to read and write the disk logic sector or physical sector through functional calls, INT26 (absolute writing), and int26 (absolute writing). There are also functions corresponding to the above function calls: BiosDisk, AbsRead, and AbsWrite, etc. However, when writing Win32 applications under Windows operating systems, it is no longer directly using the above interrupt calls or functions. So, can you implement the direct reading and writing of disk sectors under Windows operating systems? How to implement the reading and writing of the disk sector? In order to solve these problems, the author reviewed some relevant information found that the Windows operating system also provides methods of reading and writing disk sectors, just in different versions, there are different ways and limitations. Finally, the author wrote a disk sector to read and write, not dare noted, specially provided, hoping to help everyone. Note: Here INT13 represents INT 13h, other classs. Second, an example of reading the floppy sector Windows operating system implements unified management on all storage devices, and for security, the operating system is not allowed to directly call the interrupt function directly in the Win32 application (working in Ring3), such as INT13, INT21, INT25, INT26, etc. But it also provides some services to make up for this shortcoming, in Win95 / 98, the VWIN32 service is one of them. The VWIN32 service is implemented by a VXD that provides device IO functions that enable communication between Win32 applications and disk device drivers with API functions to implement communication between Win32 applications and disk devices. The service provided by the VWIN32 is a series of control command words that implement features such as INT13, INT25, INT26, and INT21, such as the DOS operating system. The following are some of the control command word it defines: VWIN32_DIOC_DOS_IOCTL (1) INT21 to realize functions VWIN32_DIOC_DOS_INT25 (2) to achieve the function INT25 VWIN32_DIOC_DOS_INT26 (3) implement functions INT26 VWIN32_DIOC_DOS_INT13 (4) implement functions INT13 VWIN32_DIOC_DOS_DRIVEINFO (6) to achieve the function INT21 730X
If you want to read and write a disk, just perform the corresponding command using DeviceIoControl, the following example is used to read a sector of the floppy disk (using INT13): Step: Open VWIN32 service, handle hdev = createfile ("./ / Vwin32 ", 0, 0, 0, 0, file_flag_delete_on_close, null); Step 2: Fill the relevant registers used in the interrupt. Here, the register is placed in a structure, the structure is defined as follows (see related information): TypeDef struct int13REGS {pvoid buffer; // EBX register
Byte drive; // disk number DL byte head; // magnetic head number DH Word edx_high; // EDX register
Byte sector; // Start sector cl Byte Track; // Channel number CH Word ECX_High; // ECX Register Byte Number; // To read and write the number of sectors Al byte cmd; // Command: 2-- Read, 3 - Write, 5 - Format AH Word Eax_high; // EAX Register
DWORD EDI; // EDI Register DWORD ESI; // ESI DWORD EFLAG; // Flags} INT13_REGISTERS;
Unsigned char buffer [512]; // Defines the buffer, place the read sector data INT13_REGISTERS REG = {0}; // Defines the register structure variable reg.buffer = (void *) buffer; reg.drive = 0; // 0-floppy disk A 1-floppy disk B 0x80-hard disk c reg.head = 0; reg.sector = 1; reg.Number = 1; reg.cmd = 2; // Read third step: calls the device IO API function DeviceIoControl performed 4 command (i.e. VWIN32_DIOC_DOS_INT13), BOOL b_ret = DeviceIoControl (hDev, 4, & reg, sizeof (INT13_REGISTERS), & reg, sizeof (INT13_REGISTERS), & lpRet, 0); if its return value is not equal to zero, The call is successful, further processed .... Otherwise, the call failed. Step 4: Close the service, CloseHandle (HDEV);
Third, the limitations or limitations are the complete step of reading the floppy sector using INT13, which is work in Win95 / 98. So, whether the DRIVE in the above register structure is set to 0x80 to read the sector of the logical hard disk C disk? The answer is negative. The function of INT13 is used to access the hard disk is ignored in Windows. In addition, int25, int26 can access hard drives, but they cannot work on the hard disk of the FAT32 format. The following list will detail the restriction of interrupt calls related to disk operation (not special instructions, referring to the WIN95 / 98 operating system):
Interrupt function restrictions and usage
INT13 can not read and write hard drive, only to support the floppy disk INT25 / INT26 can not read / write FAT32 hard drive, support FAT12, FAT16 INT21 (440DH-41H / 61H) Unavailable (documentation saying supports FAT12, FAT16, FAT32, actually no Implementation) INT21 (7305H) can read and write floppy disks, hard drives, support FAT12, FAT16, FAT32, but require Win95OSR2 and later versions
It is worth mentioning that the INT21-7305H function in the above is specifically provided to support FAT32, and to replace int25 / int26, the corresponding control command word is 6 (ie vwin32_dioc_dos_driveInfo), it and INT13, INT25, INT26 A significant difference between the equal interrupt function is: it does not use the register to deliver parameters (INT21-440DH-41H / 61H class), but use a structure called DISKIO, the register EBX is used to save the address of the structure. Diskio is defined as follows: typedef struct _diskio {dword dWStartsector; // To read and write the start fan code word wsectors; // to read and write the number of sectors DWORD dwbuffer; // Used to save read / write data buffer} Diskio, * pdiskio; In addition, it is necessary to specifically set some registers when using this feature. If ECX must be -1, use ESI to reply to read and write. The following example is to use this feature to implement the above example function, that is, one sector of the floppy disk A. First define a new register structure for this example: typedef struct _dioc_registers {DWORD EBX; DWORD EDX; DWORD ECX; DWORD ESI; DWORD EDI; DWORD ESI; DWORD FLAGS;
In fact, the structure is the same, but INT13_registers opens the register and is more readable. This example is the same as the above example, and only the register setting is different from the content. Step 1: Open the VWIN32 service. Step 2: Set the register. DIOC_REGISTERS REG = {0}; diskio Dio; unsigned char buffer [512]; // Setting parameter structure Dio.dwstartsector = 0; // Note: and the above example, not 1, start number from 0 Dio.wsectors = 1; Dio.dwBuffer = (DWORD) BUFFER; // Setting Register Reg.EAX = 0x7305; // Function is similar to INT25, absolutely reading reg.ebx = (dword) & Dio; // parameter structure address REG.ECX = -1 ; // must be -1 reg.edx = 1; // Note: Different in the case, the driver number has changed, 0-- default 1 - a, 2 - b, 3 - creg.esi = 0; // ESI's bit0 means reading, 0-- reading, 1 - writing
In the write state, the bit1 - bit12, bit15 must be 0, bit13, bit14, bit15 together to represent the type of data written, see the table below: 15 14 13 Type Description 0 0 0 Others or I don't know. 0 0 1 FAT Data 0 1 0 Data 0 1 1 General Data 1 X x Reserved. Bit15 must be 0 Step 3: Call the API. Bool B_ret = DeviceioControl (HDEV, 6, & REG, SIZEOF (Dioc_registers), & Reg, Sizeof (Dioc_registers), & CB, 0); Step 4: Close service.
It can be found that the data read by the two methods is exactly the same.
Fourth, the disk sector in Win2000 is read and written in WinNT and Win2000 in the disk being viewed as a standard device, which can open and access it using the CreateFile icon to open. CreateFile supports two ways of disk devices - logical disks ("//./c:") and physical disks ("//pphysicaldrivex", where X is digital), such as open A: disk Reading operation, as long as this: Handle Hdev = CreateFile (".// A:", generic_read, file_share_write, 0, open_existing, 0,0); if the handle is valid, you can use readfile to read, readfile HDEV, Buffer, 512, & DWRET, 0); Read the end to turn off the handle, CloseHandle (HDEV); this is more convenient than the disk sector under Win95 / 98. In addition, the above example is the operation logic disk, which includes a floppy drive, a hard disk partition, and the like; the physical disk is an actual hard disk, which does not care about the hard disk into several zones, the number of the hard disk starts from 0, "/ /./PhysicalDrive0 "Represents the first hard disk, and others are pushed. Everyone may immediately remember that this mechanism can be accessed by the partition table of the hard disk. In this case, it is possible to operate the main guiding sector of the hard disk (one sector that exists independently, containing partition table information, Boot area different from disk partition). Unsigned char buffer [512] = {0}; handle hdev = createfile (".// PhysicalDrive0", Generic_Write, File_Share_Write, 0, Open_EXISTING, 0, 0); Writefile (HDEV, Buffer, 512, & dwret, 0); CloseHandle (HDEV);
Danger! ! ! Don't do this! ! !
V. A adaptive disk read and write class can be seen from the example. Different operating systems have different ways of reading and writing of disk sectors. In order to be able to use unified methods to read and write in various operating systems. A common class is designed. The design idea of this class is as follows: First, write the disk sector access function under various operating systems, and then determine the operating system through getVersionex, and then select the corresponding function to implement the read and write of the disk sector. From the above analysis, the Windows operating system is the worst for the INT13, so it is only used herein to implement interrupt calls such as INT25, INT26, INT21-7305. Class is defined as follows: class CDiskInfo {public: CDiskInfo (); ~ CDiskInfo (); private: HANDLE hDev; DWORD dwCurrentPlatform; void GetPlatform (); // obtain the operating system, and stored in the variable dwCurrentPlatform BOOL Win2000_AccessSectors (WORD CMD, BYTE bDrive, DWORD dwStartSector, WORD wSectors, LPBYTE lpSectBuff); // for WIN2000, WINNT operating systems, BOOL Int25_ReadSectors (BYTE bDrive, DWORD dwStartSector, WORD wSectors, LPBYTE lpSectBuff); BOOL Int26_WriteSectors (BYTE bDrive, DWORD dwStartSector, WORD wSectors , LPBYTE lpSectBuff); // for the previous operating system WIN95 BOOL Int21_AccessSectors (WORD CMD, BYTE bDrive, DWORD dwStartSector, WORD wSectors, LPBYTE lpSectBuff); // 7305 functions implemented for WIN95OSR2, WIN98 operating systems public: / / external unified offer Read and Write operations, the class is called internally BOOL ReadSectors (BYTE bDrive, DWORD dwStartSector, WORD wSectors, LPBYTE lpSectBuff) depending on the platform to use the appropriate function; BOOL WriteSectors (BYTE bDrive, DWORD dwStartSector, WORD wSectors, LPBYTE lpSectBuff); }
This class provides two interfaces, ie Readsectors and WriteSectors, which are the same, namely the disk number BDRIVE to read and write, to access the start sector number DWStartsector of the disk, to read the number of sectors to read Wsectors and read The buffer LPSECTBUFF of the write sector data. The disk number here is from 1, ie 1 representative A:, 2 represents B:, 3 represents C:, so on. The number of the sector starts from 0. It is also very simple to use, as long as you make the following statement: Byte Buffer [1024]; CDiskinfo A; Bool Bret = A.Readsectors (1,0, 2, buffer); See the included class files and test procedures. Sixth, additional instructions are strict, when reading and writing the disk, you should follow the following order: Open the device (Win95 / 98 is VWIN32 service, Win2000 is disk device), lock roll, verify the validity, read / Write, unlock, and turn off the device. Here, the operation of the lock / unlocking volume and verification effectiveness is ignored to the description. Interested friends can add themselves. In addition, this class only implements the reading and writing of the logical drive. To achieve reading and writing such as the main boot sector for the physical hard disk, other technologies, such as Thunk technology, write two dynamic libraries, one is Win32 dynamic library One is the Win16 dynamic library (Thunk technology can only be implemented with dynamic library), where Win16 dynamic library is transferred to DPMI mode, call INT13 (or extended INT13) to achieve reading and writing of physical disk sectors. For THUNK technology, please refer to the relevant documentation. All examples are debugged in the WIN98, WIN2000 operating system, and VC6 integrated environments.
Note: Example I don't know how to add it, put on my new website:
http://www.freewebs.com/tailake/pro/disk.zip
