Windows物理驱动器访问fopen和fseek [英] Windows physical drive access fopen and fseek
问题描述
我目前正在尝试以C中的二进制数据流的形式访问物理硬盘.我已经安装了映像(.img),并且可以从OS(Win 7)读取.
I'm currently trying to access a physical hard disk as a stream of binary data in C. I've mounted an image (.img), and it's readable from the OS (Win 7).
我的C程序只是尝试以只读二进制模式打开物理驱动器,然后从驱动器中读取一些数据.
My C program simply attempts to open the physical drive in read-only binary mode, then read some data from the drive.
但是,如果我只是简单地从流中读取数据而没有寻找任何地方,那一切都很好,我会取回存储在驱动器中的数据,并且由于我位于流中的偏移量0处,所以我能够读取磁盘上的MBR.
However, if I simply read data from the stream without seeking anywhere, all is well, I get back the data that is stored in the drive, and as I'm at offset 0 in the stream, I'm able to read the MBR on the disk.
但是,如果我尝试fseek到原点的任何偏移量(零),则fseek返回-1,表明它无法执行此操作.
However, if I try to fseek to any offset from the origin (zero), fseek return -1, indicating that it couldn't do it.
我猜想这可能是访问物理磁盘的权限/ring 3/用户级别的问题,我可能不得不写一个驱动程序来获取内核级别的访问权限,我对此感到困惑为什么我可以从第一个扇区读取一些数据,但是却找不到其他偏移量.我已经包括了下面编写的C程序的一部分.
I'm guessing this might be a permission/ring 3/user level problem with accessing physical disks, and I'm probably going to have to write a driver to get kernel level access to do this, I'm just confused why I can read some data fine from the first sector, but I can't seek to any other offsets. I've included part of the C program I've written below.
FILE *disk = fopen("\\\\.\\PhysicalDrive1, "rb+");
if (disk == NULL) {
**error handle
}
else { //Opened the drive sucessfully
fread(buffer, 1, 100, disk);
printf("Reading the first byte from buffer, it's:%d\n", buffer[0]);
//This works fine and I can read any byte within the initial buffer
int test = fseek(disk, 100, SEEK_SET);
printf("The value of fseek is:%d\n", test);
//This always returns -1, indicating the seek failed
fclose(disk);
}
推荐答案
从msdn引用:
如果成功,fseek返回0.否则,它返回非零值.在无法搜索的设备上,返回值为 undefined .如果stream是空指针,或者origin不是下面描述的允许值之一,则fseek调用无效的参数处理程序,如参数验证中所述.如果允许执行继续,这些函数会将errno设置为EINVAL并返回-1.
If successful, fseek returns 0. Otherwise, it returns a nonzero value. On devices incapable of seeking, the return value is undefined. If stream is a null pointer, or if origin is not one of allowed values described below, fseek invoke the invalid parameter handler, as described in Parameter Validation. If execution is allowed to continue, these functions set errno to EINVAL and return -1.
以二进制模式打开二进制文件时,C标准[ISO/IEC 9899:2011]的7.21.9.2节为fseek()指定了以下行为:
Section 7.21.9.2 of the C standard [ISO/IEC 9899:2011] specifies the following behavior for fseek() when opening a binary file in binary mode:
二进制流不需要使用来有意义地支持fseek调用 SEEK_END的原始值.
A binary stream need not meaningfully support fseek calls with a whence value of SEEK_END.
此外,第7.21.3节的脚注268表示:
In addition, footnote 268 of Section 7.21.3 has this to say:
将文件位置指示符设置为文件结尾,与 fseek(file,0,SEEK_END),具有二进制流的未定义行为 (由于可能带有结尾的空字符)或任何具有 状态相关的编码,不能确保以初始形式结束 转移状态.
Setting the file position indicator to end-of-file, as with fseek(file, 0, SEEK_END), has undefined behavior for a binary stream (because of possible trailing null characters) or for any stream with state-dependent encoding that does not assuredly end in the initial shift state.
许多低级的内容很重要,例如扇区对齐,文件系统等.还需要考虑哪些驱动程序需要特定的驱动程序来帮助浏览驱动器.
A lot of low-level stuff matters, like sector alignment, file systems,etc. which needs a specific driver program to help navigating through the drives also need to be considered.
希望这会有所帮助.
这篇关于Windows物理驱动器访问fopen和fseek的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
