Author Topic: How to read Windows MFT  (Read 784 times)

aw27

  • Member
  • ****
  • Posts: 706
Re: How to read Windows MFT
« Reply #45 on: September 20, 2017, 04:36:06 PM »
you should have posted the whole "project" with *.sln etc,
It is not necessary in most cases, you simply make a new project and add the existing files to it. Then you play with the project properties as you wish. 

aw27

  • Member
  • ****
  • Posts: 706
Re: How to read Windows MFT
« Reply #46 on: September 20, 2017, 04:40:29 PM »
aw27, .FOR-.ENDFOR is fixed, will be soon(maybe today) uploaded, with some of other fixes and polishes,
it'll come shiny and functional, better than ever ;)
:t

jj2007

  • Member
  • *****
  • Posts: 7552
  • Assembler is fun ;-)
    • MasmBasic
Re: How to read Windows MFT
« Reply #47 on: September 20, 2017, 04:51:45 PM »
Then you play with the project properties as you wish.

Yeah, this is the fascinating part: trial and error, and googling if somebody has seen the same absurd error messages. If you have too much free time, start C/C++ programming :badgrin:

clamicun

  • Member
  • **
  • Posts: 240
Re: How to read Windows MFT
« Reply #48 on: September 20, 2017, 07:50:30 PM »
Glad I started this topic "How to read Windows MFT"
47 replies from members who understand 'lightyears' more than me.
Lots to read and to to learn.
I even  might be able o read the MFT at the end.     

Thank you all.

habran

  • Member
  • *****
  • Posts: 1107
    • uasm
Re: How to read Windows MFT
« Reply #49 on: September 20, 2017, 08:07:45 PM »
Hi JJ, here is a  C/C++ project with everything included and built hexDump.exe
it can be built as 32bit or 64bit 8)

Cod-Father

jj2007

  • Member
  • *****
  • Posts: 7552
  • Assembler is fun ;-)
    • MasmBasic
Re: How to read Windows MFT
« Reply #50 on: September 20, 2017, 08:31:11 PM »
Hi JJ, here is a  C/C++ project with everything included and built hexDump.exe
it can be built as 32bit or 64bit 8)

Thanks :bgrin:
Code: [Select]
1>------ Build started: Project: hexdump, Configuration: Debug Win32 ------
1>Project file contains ToolsVersion="12.0". This toolset may be unknown or missing, in which case you may be able to resolve this by installing the appropriate version of MSBuild, or the build may have been forced to a particular ToolsVersion for policy reasons. Treating the project as if it had ToolsVersion="4.0". For more information, please see http://go.microsoft.com/fwlink/?LinkId=291333.
1>C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\Platforms\Win32\Microsoft.Cpp.Win32.Targets(518,5): error MSB8008: Specified platform toolset (v120) is not installed or invalid. Please make sure that a supported PlatformToolset value is selected.
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========

OK, so that compiler was too old, it seems :icon_mrgreen:

Trying again with VS 2015, I see the error box below - your project is too old, Habran :eusa_naughty:

But, miracles happen, after slightly less than two minutes, VC succeeds in building this big project :t

My advice: Use UAsm - much less code, it loads in under 0.2 seconds and builds in about 0.3 seconds, and the resulting exe is much shorter :bgrin:

include \masm32\MasmBasic\MasmBasic.inc
  Init
  Open "I", #1, "\\.\PhysicalDrive0"
  deb 4, "Handle", eax, $Err$()
  Let esi=Input$(#1, 200h)
  Close
  Inkey HexDumpHeader$, HexDump$(esi, 200h, 0)
EndOfCode

habran

  • Member
  • *****
  • Posts: 1107
    • uasm
Re: How to read Windows MFT
« Reply #51 on: September 20, 2017, 08:44:15 PM »
Quote
OK, so that compiler was too old, it seems :icon_mrgreen:

Trying again with VS 2015, I see the error box below - your project is too old, Habran :eusa_naughty:
I know, I am also old but still fully functional ;)
MSVS can easy upgrade to newer project but not backwards, so it is better to upload older project then newer
I prefer MSVS 2013 because it creates smaller exe :t
Anyhow, you succeeded to build it, didn't you? 8)
Cod-Father

aw27

  • Member
  • ****
  • Posts: 706
Re: How to read Windows MFT
« Reply #52 on: September 20, 2017, 08:54:19 PM »
My advice: Use UAsm :bgrin:
include \masm32\MasmBasic\MasmBasic.inc
:greenclp:

Quote
resulting exe is much shorter :bgrin:
Only 28KB, I will add. Not bigger, because BASIC MASM is there to reduce it. :exclaim:

felipe

  • Member
  • ***
  • Posts: 282
  • I love assembly language programming.
Re: How to read Windows MFT
« Reply #53 on: September 20, 2017, 10:40:40 PM »
Glad I started this topic "How to read Windows MFT"
47 replies from members who understand 'lightyears' more than me.
Lots to read and to to learn.
I even  might be able o read the MFT at the end.     

Thank you all.

 :biggrin:
Felipe.

clamicun

  • Member
  • **
  • Posts: 240
Re: How to read Windows MFT
« Reply #54 on: September 23, 2017, 03:58:50 AM »
sinsi,
trying to get your program 1m.asm running.

What does mean ?

"Usage: readdrive drive: filename"

Whatever I write, it gives me ""Error opening D:"

sinsi

  • Member
  • ****
  • Posts: 996
Re: How to read Windows MFT
« Reply #55 on: September 23, 2017, 06:52:00 AM »
From what I remember, I used this program to copy a CD/DVD. Never tried it on a hard drive, maybe that's the problem?
Also I noticed that D: is hard coded in the error message, meaning if you try and open C: or E: it will still say D:  :icon_redface:

The original program was called readdrive.exe, testing out different buffer sizes gave me 1m.exe (uses a 1MB buffer)
Usage would be "1m D: c:\copy_of_cd.iso"
I can walk on water but stagger on beer.

clamicun

  • Member
  • **
  • Posts: 240
Re: How to read Windows MFT
« Reply #56 on: September 23, 2017, 11:25:55 PM »
sinsy,
thank you ...I get it now

clamicun

  • Member
  • **
  • Posts: 240
Re: How to read Windows MFT
« Reply #57 on: September 27, 2017, 09:57:01 PM »
Goede dag Siekmanski,
Your example RawSectorsReaderWriter seems to be the most interesting.
But SD_Lezer.asm doesn't compile.
It gives me dozens of errors.

include     mijn_macros.inc is one of them.

What to do, please ?

Siekmanski

  • Member
  • *****
  • Posts: 1094
Re: How to read Windows MFT
« Reply #58 on: September 28, 2017, 01:50:24 AM »
You're right,

The "mijn_macros.inc" was missing.
Included a make.bat file, you have to change the "SET PATH=D:\masm32\bin\" to C:\ if necessary.

Marinus

clamicun

  • Member
  • **
  • Posts: 240
Re: How to read Windows MFT
« Reply #59 on: September 28, 2017, 08:49:45 AM »
Marinus,
yes many thanks.

You obviously didn't check it.
Gives me 4 errors.

ASPI_SPTL.ASM
Line 429   .elseif

ASPI_SPTL.ASM
Line 443  invoke  sprintf

SD_Lezer.ASM
Line 111  invoke  sprintf

SD_Lezer.ASM
Line 554  invoke  sprintf

But no problem. It compiles now and is very well done.