Obtaining Raw Data from a PC's OS Drives

[Dan-TheStarman]

OK, so this is my first post here!  I joined for two reasons:

1) To get some help in creating some quick to use applications for helping people with boot issues who don't even want to take the time to learn how to use a utility program to fix their issue!  I found some MASM32 code somewhere on the Net back in 2018; which also included the executable that can actually work under Windows 10 as well as back to Windows XP for simply obtaining a copy of the first sector of the first disk drive. There was no name in the ASM source code, so I have no idea now where it came from.

And 2) To pass along some spelling/grammar suggestions to Hutch, 'cuz due to SPAM there's no way to just do that through a contact form!
Unless Hutch contacts me, I'll just have to post those here somewhere.

[Dan-TheStarman]

Moving on from my basic intro post... This is the code I found for reading the MBR sector from the first disk:

Code Select Expand

include     ReadMBR.inc

.data

szFileName  db '\\.\PhysicalDrive0',0
CmdPar      db 'Usage :',13,10,13,10
            db 'ReadMBR.exe master_boot_record_file.ext',13,10,0

.data?

buffer      db 512 dup(?)
buffer2     db 512 dup(?)
bytes       dd ?
hFile       dd ?

.code

start:

    call    main
    invoke  ExitProcess,0

main PROC uses esi

    mov     esi,OFFSET buffer
    invoke  ParseCmdLine,esi
    cmp     eax,2
    jz      @f
    invoke  StdOut,ADDR CmdPar
    ret
@@:
    invoke  CreateFile,ADDR szFileName,GENERIC_READ,FILE_SHARE_READ or FILE_SHARE_WRITE,0,\
            OPEN_EXISTING,0,0   
    mov     hFile,eax
   
    invoke  ReadFile,eax,ADDR buffer2,512,ADDR bytes,0
    invoke  CloseHandle,hFile

    invoke  WriteFileToDisc,DWORD PTR [esi+4],ADDR buffer2,512

    ret

main ENDP

END start

   If anyone knows who wrote this, I'd like to place a credit in the code before making changes to it!  It also depends upon ParseCmdLine.asm ("Coded by Vortex") and WriteFile.asm (nothing about a coder in here either).  Maybe that last one is considered so simple by everyone else here that they think it would be ridiculous to put their name in it? Or it was on the web page I can't find now.

Anyway, my plan is to make this program a bit more flexible by allowing users to ENTER the Sector number (starting with "0") of the sector they wish to make a copy of, or a range of sectors!

   IDEALLY, I would really like to create a Windows program for all those people who haven't a clue how to even open a Command Prompt, let alone navigate inside one!  Or at the very least, make sure executing the program pops up an interactive console window that does not close until told to do so.

[hutch--]

And 2) To pass along some spelling/grammar suggestions to Hutch, 'cuz due to SPAM there's no way to just do that through a contact form!
Unless Hutch contacts me, I'll just have to post those here somewhere.

It may be wise not to hold your breath waiting. 

[Dan-TheStarman]

OK Hutch, not a lot... But here are some suggested spelling/grammar changes to the Myths of MASM:  http://masm32.com/myths.htm

"The name MASM has [an] earlier usage as..."  (add "an" as indicated; or if "the Unisys Meta Assembler" was the very first usage, then change the sentence to:  "The earliest usage of the name MASM was as...")

"It is upgraded on a needs basic by Microsoft..."  (should be "basis")

"...who could not ever write assembler code in MASM."  I think you meant to say:  "who could not even write..."  However, the correct word for "not ever" would be: "never".

"...some of the other assemblers around that don't have the parsing power that of MASM."  (just remove the word in RED)

[Dan-TheStarman]

Well, I'm off to a good start: Installed MASM32, put the code in a subfolder to it, and was able to assemble an executable from the code.

I changed the name, and did edits to the "usage" display, so there's no question about how to use it, nor what it will do:

https://thestarman.pcministry.com/asm/masm32/CopyMBR.exe

Dan

[hutch--]

 

Dan,

I shood worn yew thet mi sphelling iss nott awlwaiz wot itt shood bee. 

[Vortex]

Hi Dan-TheStarman,

Welcome to the Masm Forum.

Your tutorials and articles help me a lot to study the internals of hard drive organization and management. I offer you a better version of my WriteFileToDisc function. No need to add any credits to your code, please feel free to modify and use my routines. Please consider it as a modest thank you from my side.

A small suggesion : your tool can receive an extra parameter to specify the order \ number of hard drive - case of multiple hard disks. The tool could default to drive 0 if the user does not type any drive number. You can even add another option to read the partition boot sectors.

Thanks again for your website and keep up the good work

[jj2007]

Hi Dan,

Your site is rich in information, compliments. How come you never showed up here? Apparently you have been coding in Assembly for at least two decades now...

Jochen

[Dan-TheStarman]

Hi Dan, Your site is rich in information, compliments. How come you never showed up here? Apparently you have been coding in Assembly for at least two decades now...

Hi Jochen,

   Well, no, not like a real programmer would... more importantly, NOT AT ALL CONSISTENTLY... I learn how to do something, then life gets in the way, and I forget a lot of what I learned. I've hardly done any "really creative, all by myself" coding! I've mostly been a 'forensics guy' examining what others have done, and never learned any kind of 'macros' (all a bunch of crazy meaningless symbols to me compared to actual ASM instructions).  I got a little bit bummed out trying to use Vortex's code; the errors turned out to be due to a misunderstanding on my part... all fixed now.  BUT that caused me to head off in a completely different direction since I was here last, and I spent a whole lot of time (and too little sleep!) working with a 64-bit Assembly example under VS2019. If anyone's interested in taking a look at it, you can see what I've done here:
https://docs.microsoft.com/en-us/answers/questions/169851/error-lnk2001-unresolved-external-symbol-winmaincr.html#answer-170564
   BASICALLY, I believe M$ won't allow VS2019 to function correctly with only Assembly code that tries accessing any DESKTOP WINDOWS API (ALL BY ITSELF -- that is, without a C++ program involved)!!  Yet, they don't come right out and say that, and because there are a lot of simple ASM examples using ONLY the Console Mode, or that don't even create an actual program, it gives students the impression that an example like mine should work fine!  Anyway, that's my assumption so far. 
   Now I need to spend some time getting my head back to the MASM32 files...

Dan.

[jj2007]

I believe M$ won't allow VS2019 to function correctly with only Assembly code that tries accessing any DESKTOP WINDOWS API (ALL BY ITSELF -- that is, without a C++ program involved)!!

Perhaps VS makes it difficult, no idea - I use my own IDE for Assembly code. It's definitely possible to do GUI programming using the commandline or an editor that knows how to build an Assembly project. For 32-bit coding, I use OllyDbg, for 64-bit coding x64 does the job. IMHO VS is a behemoth, and an overkill. I rarely touch it.

[Vortex]

Hi Dan,

You can try Hutch's Masm64 SDK to do 64-bit programming :

http://masm32.com/board/index.php?board=53.0

The M$ IDE is too complicated and it consumes a lot of resources.

[quarantined]

Dan,

I shood worn yew thet mi sphelling iss nott awlwaiz wot itt shood bee. 

nah hutch, you just spell with an aussie accent. 
oops off topic.

[Vortex]

Hi Dan,

Here is the MBR reader built with Masm64.

[Caché GB]

Hi Dan. Welcome to the forum.

BASICALLY, I believe M$ won't allow VS2019 to function correctly with only Assembly code that tries accessing any DESKTOP WINDOWS API (ALL BY ITSELF -- that is, without a C++ program involved)!!

So you are getting the infamous fatal error LNK1120: (unresolved externals)
To fix this no .cpp file is needed.

First do this, which I think you have.
Configuration Properties -> Linker -> Advanced -> Entry Point  ==  WinMainW ( or any legal proc name )

Now for the important part, MAKE this entry proc PUBLIC.

Code Select Expand


.code

WinMainW proc public

bla bla

WinMainW endp

End


Hope this helps.

[TimoVJL]

WinMainCRTStartup or wWinMainCRTStartup for Windows program, /SUBSYSTEM:WINDOWS.
mainCRTStartup or wmainCRTStartup for console program, /SUBSYSTEM:CONSOLE.

link.exe and polink.exe support those.

https://docs.microsoft.com/en-us/cpp/build/reference/entry-entry-point-symbol?view=msvc-160