News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

How to read Windows MFT

Started by clamicun, September 17, 2017, 11:43:25 PM

Previous topic - Next topic

habran

In my opinion only windows 7 was good M$ ;)
Cod-Father

aw27

Quote from: jj2007 on September 19, 2017, 09:47:00 PM
Is it? My M$ C compiler is version 19.00.24215.1, 21st century. Besides, GCC uses another default. Aren't C compiler supposed to be "compatible", whatever that means...?
I was talking about the IDE, from command line you need to specify  /D "_UNICODE" /D "UNICODE"

aw27

Quote from: habran on September 19, 2017, 09:51:36 PM
aw27,
I have no idea what is wrong with my system, there is quite a few issues with it, I was not even able to install MSVS 2017 because of some administrator's bull**it, however, other people had the same problem
However, I am happy for now with MSVS 2013 Community :t
I never used Windows 8.xx, I keep them in Virtual Boxes, as well as all OS since Windows 3.1 and DOS 6.0 onwards,  for tests only. I have licenses for all of them since the time I was a subscriber of MSDN and it was worthwhile, not now anymore .

jj2007

Quote from: aw27 on September 19, 2017, 10:36:14 PMfrom command line you need to specify  /D "_UNICODE" /D "UNICODE"

More fun with M$ :t
There is even a dedicated SOF page: Why both UNICODE and _UNICODE?

A propos: will it solve the little "error LNK2019: unresolved external symbol ___report_rangecheckfailure" problem, or does that require yet another magic trick?

nidud

#34
deleted

aw27

@JJ,
cl /GS- /TC /GL /analyze- /W3 /Gy /Zc:wchar_t /Zi /Gm- /O1 /fp:precise /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_UNICODE" /D "UNICODE" /errorReport:prompt /WX- /Zc:forScope /Gd /Oy- /Oi /MD /nologo /Fe /Fombr.obj mbr.cpp /link /OUT:mbr.exe /ENTRY:main /SUBSYSTEM:CONSOLE /DYNAMICBASE:NO /FIXED /MACHINE:X86 /OPT:REF /SAFESEH:NO /INCREMENTAL:NO kernel32.lib ucrt.lib

Builds a 3 KB exe.

I am sure you will not get it to work, as usual. :badgrin:

hutch--

 :biggrin:

aw,
Quote
cl /GS- /TC /GL /analyze- /W3 /Gy /Zc:wchar_t /Zi /Gm- /O1 /fp:precise /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_UNICODE" /D "UNICODE" /errorReport:prompt /WX- /Zc:forScope /Gd /Oy- /Oi /MD /nologo /Fe /Fombr.obj mbr.cpp /link /OUT:mbr.exe /ENTRY:main /SUBSYSTEM:CONSOLE /DYNAMICBASE:NO /FIXED /MACHINE:X86 /OPT:REF /SAFESEH:NO /INCREMENTAL:NO kernel32.lib ucrtd.lib

Now you know why I write in MASM.  :P

Siekmanski

#37
Because we are now at low level disk access routines, I'll post my SPTI disk routines.
For a microcontroller project I needed to have raw access to USB sticks and SD cards.
Made this utility ( 10 years ago ) for myself to read and write data as raw sectors from them in Windows using SPTI.
You can do really low level stuff with this....... ( even reading CDTEXT from an AUDIO CD if you want to.  8))
The program is now only enumerating exchangable media types.
Change the sources to use it for other storage media such as harddisks etc.
Be careful, don't write sectors, unless you know what you're doing.

For complete sources: see Reply #58
Creative coders use backward thinking techniques as a strategy.

aw27

Quote from: hutch-- on September 20, 2017, 12:36:09 AM
Now you know why I write in MASM.  :P
I don't use much the command line, it is just for JJ cause he can't open the IDE.  ;)

jj2007

Quote from: aw27 on September 20, 2017, 01:02:43 AMI don't use much the command line, it is just for JJ cause he can't open the IDE.  ;)

I can open the Visual Crap "IDE", but why should I waste my time if I can do it in assembler? Besides, you should have posted the whole "project" with *.sln etc, otherwise the dumb "IDE" will not know what to do with your code :biggrin:

aw27

@habran,

Here is your order  :t


; Requires UASM

.386
.MODEL FLAT, STDCALL
OPTION CASEMAP:NONE
OPTION LITERALS:ON

HANDLE typedef ptr

GENERIC_READ equ 80000000h
FILE_SHARE_READ equ 1
NULL equ 0
OPEN_EXISTING equ 3
FILE_FLAG_NO_BUFFERING equ 20000000h
INVALID_HANDLE_VALUE equ -1

includelib \masm32\lib\msvcrt.lib
printf proto C :ptr, :vararg
getchar proto C
includelib \masm32\lib\kernel32.lib
CreateFileA proto :ptr, :dword, :dword, :ptr, :dword, :dword, :HANDLE
ReadFile proto :HANDLE, :ptr, :dword, :ptr, :ptr
CloseHandle proto :HANDLE

.code

hexDump proc private uses ebx esi  base:ptr, _len:sdword
LOCAL buff[17]:byte

mov esi, base

.if _len<=0
ret
.endif

.for (ebx=0 : ebx<_len : ebx++) ; Note: .for (ebx=0, ebx<_len, ebx++) crashes Assembler
.if !(ebx & 0Fh)
.if (ebx != 0)
INVOKE printf, "  %s\n", addr buff
.endif
INVOKE printf, "  %04x ", ebx
.endif
INVOKE printf, " %02x", byte ptr [esi+ebx]

mov eax, ebx
and eax, 0Fh

.if (byte ptr [esi+ebx]<20h) || (byte ptr [esi+ebx]>7eh)
mov byte ptr buff[eax], '.'
.else
mov dl, byte ptr [esi+ebx]
mov byte ptr buff[eax], dl
.endif

inc eax
mov byte ptr buff[eax], 0

.endfor

dec eax
mov ebx, eax

.while eax!=0
INVOKE printf, "  "
inc ebx
mov eax, ebx
and eax, 0Fh
.endw
INVOKE printf, "  %s\n", addr buff

ret
hexDump endp

main proc
LOCAL buff[512]:byte
LOCAL dwBytesRead : dword
LOCAL hFile : HANDLE

INVOKE CreateFileA, "\\.\PhysicalDrive0",  GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_FLAG_NO_BUFFERING, NULL ; When/if UASM considers \ an escape char filename has to be changed to  \\\\.\\PhysicalDrive0

.if eax==INVALID_HANDLE_VALUE
INVOKE printf, "Can't open MBR. Are you launching as Administrator?"
ret
.else
mov hFile, eax
INVOKE ReadFile, hFile, addr buff, sizeof buff, addr dwBytesRead, NULL
.if eax==0
INVOKE printf, "Error reading MBR"
.else
INVOKE hexDump, addr buff, sizeof buff
.endif
.endif
INVOKE CloseHandle, hFile
INVOKE getchar
ret

main endp

end main

habran

Thanks aw27, nicely done :t
Quote.for (ebx=0 : ebx<_len : ebx++) ; Note: .for (ebx=0, ebx<_len, ebx++) crashes Assembler
The base for '.for' is .for ( : : ), it must have 2 ':', otherwise it will not work
we can use ',' for several initiators but they must be separated with ':'

.for (ebx=0,ecx=16 : ebx<_len : ebx++,ecx--)

However, as usual, you have pointed to an error in UASM, because it should not crash, it should give an error report. I'll look at it and fix it.
Cod-Father

habran

Nice proggy Siekmanski :t
I would suggest you to increase the size of window and characters :biggrin:
Cod-Father

Siekmanski

 :biggrin:

You're right. It's an old proggy, made in the era of low resolution monitors.
Creative coders use backward thinking techniques as a strategy.

habran

aw27, .FOR-.ENDFOR is fixed, will be soon(maybe today) uploaded, with some of other fixes and polishes,
it'll come shiny and functional, better than ever ;)
Cod-Father