I want to access Windows MFT(Master File Table) to speed up my Searchprogram, which uses
FindFirstFile,
FindNextFile
That is directly read the Master File Table.
Obviously all professional search programs do that.
There is very little useful info in Google except for one example written in C.
Conceptually - this looks like:
First step, you have to have and assert sufficient privileges to access the MFT.
Second step, you have to get a handle to a file/folder on the volume.
Third step, you have to call a Windows API (called DeviceIOControl) in a loop and read the entries.
Second step ... here is the access problem;
include \masm32\include\masm32rt.inc
.data
MFT_file db "C:\$MFT",0
SVOLINFO db "System Volume Informationen",0
Read_theMFT proc
INVOKE CreateFile,offset MFT_file,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM or FILE_ATTRIBUTE_HIDDEN,0
INVOKE GetLastError
;Error 5 = Access denied
;ofcourse denied ...you can't even see it on your disk.
;"
;"
ret
Read_theMFT endp
Someone has an idea on how to read the FMT or can give me more useful links.
Thanks
Clamicun
I don't think you need to invoke the kernel.
I think that you will get to the MFT from the boot record doing some calculations.
So, first stage is to get a handle to \\.\PhysicalDrive0 with CreateFile and read the boot sector.
Thanks a lot... That is not much of an answer !
"So, first stage is to get a handle to \\.\PhysicalDrive0 with CreateFile and read the boot sector."
I saw this 5 times searching with Google ...
Please, show me how to create a file using "\\.\PhysicalDrive0"
Visit http://www.atelierweb.com
This is just one more of lots of search programs
Quote from: clamicun on September 18, 2017, 09:50:32 AM
Please, show me how to create a file using "\\.\PhysicalDrive0"
Your doubts transcend the imaginable for someone set work on a recognized difficult subject like the NTFS file system. :dazzled:
Quote from: clamicun on September 18, 2017, 09:50:32 AM
Please, show me how to create a file using "\\.\PhysicalDrive0"
include \masm32\MasmBasic\MasmBasic.inc ; download (http://masm32.com/board/index.php?topic=94.0)
Init
LenBoot=200h
Open "I", 1, "\\.\PhysicalDrive0"
deb 4, "Handle", eax, $Err$()
Let esi=Input$(1, LenBoot)
push esi
xor ecx, ecx
.Repeat
test cl, 31
.if Zero?
Print CrLf$, Hex$(ecx), " "
.endif
lodsb
Print Hex$(al), " "
inc ecx
.Until ecx>=LenBoot
pop esi
FileWrite "BootSector.dat", esi, LenBoot
Close 1
Inkey CrLf$, "bye"
EndOfCodeOutput:Handle
eax 208
$Err$() Operazione completata.
00000000 33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00 06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00
00000020 BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10 E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00
00000040 B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09 F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74
00000060 26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00 7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13
00000080 9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00 8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE
000000A0 4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84 55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55
000000C0 AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64 E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75
000000E0 00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00
00000100 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66
00000120 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4
00000140 05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD 10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8
00000160 24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72
00000180 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E
000001A0 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 63 7B 9A BE 36 E8 A1 00 00 00 20
000001C0 21 00 27 FE FF FF 00 08 00 00 00 00 40 02 80 FE FF FF 07 FE FF FF 00 08 40 02 00 20 03 00 00 FE
000001E0 FF FF 07 FE FF FF 00 28 43 02 00 30 F5 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA
Have a look at https://www.mikrocontroller.net/
There are a lot of people with knowledge of file systems and reading the MFT.
Und es ist in deiner Sprache.
You can also use the "SCSI Pass Through" Interface to read and write sectors.
In this thread are some examples to get you started, http://masm32.com/board/index.php?topic=3244.0
Thank you all-
I'll check it out and probably ask again.
aw27
"on a recognized difficult subject like the NTFS file system"
Think you are very wright.
I decided that HexDump$ (http://masm32.com/board/index.php?topic=94.msg70201#msg70201) would be a handy new feature for assembler programmers:
include \masm32\MasmBasic\MasmBasic.inc
Init
Open "I", #1, "\\.\PhysicalDrive0"
deb 4, "Handle", eax, $Err$()
Let esi=Input$(#1, 200h)
Close
Inkey HexDump$(esi)
EndOfCode
Output:
Handle
eax 208
$Err$() The operation completed successfully.
00628C38 33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00 3ÀŽÐ¼.|ŽÀŽØ¾.|¿.
00628C48 06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00 .¹..üó¤Ph..Ëû¹..
00628C58 BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10 ½¾.€~..|.......ƒÅ.
00628C68 E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00 âñÍ.ˆV.UÆF..ÆF..
00628C78 B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09 ´A»ªUÍ.]r.ûUªu.
00628C88 F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74 ÷Á..t.þF.f`€~..t
00628C98 26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00 &fh....fÿv.h..h.
00628CA8 7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13 |h..h..´BŠV.‹ôÍ.
00628CB8 9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00 ŸƒÄ.žë.¸..».|ŠV.
00628CC8 8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE Šv.ŠN.Šn.Í.fas.þ
00628CD8 4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84 N.u.€~.€.,,Š.²€ë,,
00628CE8 55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55 U2äŠV.Í.]ëž>þ}U
00628CF8 AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64 ªunÿv.è.u.ú°Ñæd
00628D08 E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75 èƒ.°ßæ`è|.°ÿædèu
00628D18 00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54 .û¸.»Í.f#Àu;fûT
00628D28 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00 CPAu2ù..r,fh.».
00628D38 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 .fh....fh....fSf
00628D48 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66 SfUfh....fh.|..f
00628D58 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD ah...Í.Z2öê.|..Í
00628D68 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4 . ·.ë. ¶.ë. µ.2ä
00628D78 05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD ...‹ð¬<.t.»..´.Í
00628D88 10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8 .ëòôëý+Éädë.$.àø
00628D98 24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 $.ÃInvalid parti
00628DA8 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 tion table.Error
00628DB8 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 loading operati
00628DC8 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E ng system.Missin
00628DD8 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst
00628DE8 65 6D 00 00 00 63 7B 9A BE 36 E8 A1 00 00 00 20 em...c{š¾6è¡...
00628DF8 21 00 27 FE FF FF 00 08 00 00 00 00 40 02 80 FE !.'þÿÿ......@.€þ
00628E08 FF FF 07 FE FF FF 00 08 40 02 00 20 03 00 00 FE ÿÿ.þÿÿ..@.. ...þ
00628E18 FF FF 07 FE FF FF 00 28 43 02 00 30 F5 37 00 00 ÿÿ.þÿÿ.(C..0õ7..
00628E28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª
If you see "access denied", tell the OS "I am an assembler programmer, you cannot stop me" :icon_mrgreen:
Quote
If you see "access denied", tell the OS "I am an assembler programmer, you cannot stop me" :icon_mrgreen:
How do you specify in Visual Basic for Masm that you want to open in shared mode? :greensml:
You are confused, José - MasmBasic is inspired by GfaBasic, not by Visual Basic (which is a fine dialect btw, much underrated by the arrogant coders who produce crap such as Adobe Flash or Visual Studio).
As to shared mode, what would change if you could specify that mode?
Quote from: jj2007 on September 19, 2017, 03:00:49 AM
As to shared mode, what would change if you could specify that mode?
ASM programmers will never try to open in exclusive mode a device that is used across the system by multiple programs and claim that the OS can't stop them. It can! :badgrin:
Wow :t
OK, specifically for you I attach a version that opens the device in shared mode 8)
Eek :dazzled:
28 KB for a basic (or BASIC MASM?) console program. Is it the debug release?
I made an equivalent C++ program for 6KB (including MANIFEST for requireAdministrator). :badgrin:
This without any tricks, with tricks I can reduce it to less than 3KB. :badgrin:
Actually, to 1536 bytes if I remove the MANIFEST. :badgrin:
#include <stdio.h>
#include <Windows.h>
void hexDump(void *addr, int len) {
int i;
unsigned char buff[17];
unsigned char *pc = (unsigned char*)addr;
if (len <= 0) {
return;
}
for (i = 0; i < len; i++) {
if ((i % 16) == 0) {
if (i != 0)
printf(" %s\n", buff);
printf(" %04x ", i);
}
printf(" %02x", pc[i]);
if ((pc[i] < 0x20) || (pc[i] > 0x7e))
buff[i % 16] = '.';
else
buff[i % 16] = pc[i];
buff[(i % 16) + 1] = '\0';
}
while ((i % 16) != 0) {
printf(" ");
i++;
}
printf(" %s\n", buff);
}
int main()
{
unsigned char buff[512];
DWORD dwBytesRead;
HANDLE hFile = CreateFile(L"\\\\.\\PhysicalDrive0", GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_FLAG_NO_BUFFERING, NULL);
if (hFile == INVALID_HANDLE_VALUE)
printf("Can't open MBR. Are you launching as Administrator?");
else
{
if (!ReadFile(hFile, buff, sizeof buff, &dwBytesRead, NULL))
printf("Error reading MBR");
else
{
hexDump(buff, sizeof(buff));
}
}
CloseHandle(hFile);
getchar();
return 0;
}
I suspect that even in Delphi I could do it for less than 28KB, and Delphi does not use the C runtime by default. :lol:
Quote from: aw27 on September 19, 2017, 06:35:22 PM
including MANIFEST for requireAdministrator
Congrats, so you finally realised that shared access had nothing to do with the problem :bgrin:
M$ doesn't like your code:
Microsoft (R) C/C++ Optimizing Compiler Version 19.00.24215.1 for x86
Copyright (C) Microsoft Corporation. All rights reserved.
Tmp.cpp
c:\program files (x86)\microsoft visual studio 10.0\vc\include\codeanalysis\sourceannotations.h(78): warning C4467: usage of ATL attributes is deprecated
Tmp.cpp(42): error C2664: 'HANDLE CreateFileA(LPCSTR,DWORD,DWORD,LPSECURITY_ATTRIBUTES,DWORD,DWORD,HANDLE)': cannot convert argument 1 from 'const wchar_t [19]' to 'LPCSTR'
Tmp.cpp(42): note: Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style castGCC has different complaints:
Tmp.cpp: In function 'int main()':
Tmp.cpp:42:134: error: cannot convert 'const wchar_t*' to 'LPCSTR {aka const char*}' for argument '1' to 'void* CreateFileA(LPCSTR, DWORD, DWORD, LPSECURITY_ATTRIBUTES, DWORD, DWORD, HANDLE)'
HANDLE hFile = CreateFile(L"\\\\.\\PhysicalDrive0", GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_FLAG_NO_BUFFERING, NULL);
Having read JJ's last post, I know why I detest C++, endless clutter, unnecessary complexity and lousy performance.
Quote from: jj2007 on September 19, 2017, 08:30:04 PM
Congrats, so you finally realised that shared access had nothing to do with the problem :bgrin:
No wonder, your default is actually shared access.
Should be a bug somewhere in your libs. :idea:
Quote
M$ doesn't lile your code
I always use M$ and normally the latest version. Builds without warnings or errors.
Quote from: hutch-- on September 19, 2017, 08:38:18 PM
Having read JJ's last post, I know why I detest C++, endless clutter, unnecessary complexity and lousy performance.
I am not talking about C++ with objects, straight C++ is as performant as C and in many cases outperforms no optimized ASM. I have proven that and am still waiting for a contradiction.
Jose,
Forgive my humour here but I have heard this one many times.
Quote
performant as C and in many cases outperforms no optimized ASM
The simple answer is,
Quote
performant as [put any language you like here] and in many cases outperforms no optimized [put any language you like here]
:P
Quote from: hutch-- on September 19, 2017, 09:00:51 PM
Forgive my humour here but I have heard this one many times.
Hutch,
This is small talk, actually with some sense of humour.
But I prefer this one for a good laugh:
Please translate this French sentence:
dans la cuisine=
Hi aw27 :biggrin:
nice proggy :t
It can be build as C or CPP
It builds instantly from the box with MSVS 2013 Community, however, it gives me:
Can't open MBR. Are you launching as Administrator? even though I run it as administrator
That doesn't mean tat it is something wrong with your proggy, it is probably my windows 8.1 fault
JJ, you need to set up your MSVS properly as it is obvious that it doesn't like you because it is aware that the filing is mutual :biggrin:
Quote from: habran on September 19, 2017, 09:16:59 PMJJ, you need to set up your MSVS properly as it is obvious that it doesn't like you because it is aware that the filing is mutual :biggrin:
My C or C++ stuff builds just fine with MS VC and GCC. Even José's code builds without errors with GCC if I add a "W":
CreateFile(L"\\\\.\\PhysicalDrive0", .... //WRONG
CreateFile
W(L"\\\\.\\PhysicalDrive0", .... //RIGHT
Which won't help for the M$ compiler, its linker complains about "error LNK2019: unresolved external symbol ___report_rangecheckfailure referenced in function "void __cdecl hexDump(void *,int)" (?hexDump@@YAXPAXH@Z)" :greensml:
Quote from: hutch-- on September 19, 2017, 08:38:18 PMHaving read JJ's last post, I know why I detest C++, endless clutter, unnecessary complexity and lousy performance.
But it keeps Google happy: Countless C/C++ coders searching the internet in a desperate attempt to understand their endless error messages. Trial and error as the ultimate programming paradigm. Even ML64 is more compatible and consistent than the average C++ compiler :biggrin:
aw27, I'd suggest you to rewrite it in asm 32 and 64 bit and post it here
we can include it in Sample folder for UASM
:biggrin:
JJ, you just said it wouldn't build and I have done it instantly, so, what conclusion we can draw from that?
:biggrin:
I am not trying to make you stupid or something, I appreciate you and your programming skills as well as your personality :t
However, if your M$ refuses to build such a simple proggy than I have to come to conclusion that something is wrong with it.
Wouldn't you agree with that logic?
Quote from: habran on September 19, 2017, 09:16:59 PM
That doesn't mean tat it is something wrong with your proggy, it is probably my windows 8.1 fault
Hi habran!
I tested in Windows 8.1 and it works, a possible cause might be security software.
Quote
I'd suggest you to rewrite it in asm 32 and 64 bit and post it here
All right, I will put on the agenda. :t
Quote from: habran on September 19, 2017, 09:35:57 PMHowever, if your M$ refuses to build such a simple proggy than I have to come to conclusion that something is wrong with it.
Wouldn't you agree with that logic?
Absolutely :t
Btw José's code works, when compiled with GCC and run as admin, see attachment. A bit bloated at 29k but ok, let's be generous :bgrin:
Quote from: jj2007 on September 19, 2017, 09:25:03 PM
CreateFileW(L"\\\\.\\PhysicalDrive0", .... //RIGHT
JJ, the default for M$ in this century is Use Unicode Character Set. But M$ is flexible and will let you use Multibytes (select it in Project Properties), in which case you need to remove the L", which means (guess what?)
Quote from: aw27 on September 19, 2017, 09:43:13 PM
JJ, the default for M$ in this century is Use Unicode Character Set.
Is it? My M$ C compiler is version 19.00.24215.1, 21st century. Besides, GCC uses another default. Aren't C compiler supposed to be "compatible", whatever that means...?
aw27,
I have no idea what is wrong with my system, there is quite a few issues with it, I was not even able to install MSVS 2017 because of some administrator's bull**it, however, other people had the same problem
However, I am happy for now with MSVS 2013 Community :t
Quote from: habran on September 19, 2017, 09:51:36 PMI have no idea what is wrong with my system
OMG, your M$ is also rotten? It seems the World is full of rotten M$ systems and compilers :dazzled:
(hint: Masm32 works out of the box on all Windows versions since the beginning of the 21st Century ;))
In my opinion only windows 7 was good M$ ;)
Quote from: jj2007 on September 19, 2017, 09:47:00 PM
Is it? My M$ C compiler is version 19.00.24215.1, 21st century. Besides, GCC uses another default. Aren't C compiler supposed to be "compatible", whatever that means...?
I was talking about the IDE, from command line you need to specify /D "_UNICODE" /D "UNICODE"
Quote from: habran on September 19, 2017, 09:51:36 PM
aw27,
I have no idea what is wrong with my system, there is quite a few issues with it, I was not even able to install MSVS 2017 because of some administrator's bull**it, however, other people had the same problem
However, I am happy for now with MSVS 2013 Community :t
I never used Windows 8.xx, I keep them in Virtual Boxes, as well as all OS since Windows 3.1 and DOS 6.0 onwards, for tests only. I have licenses for all of them since the time I was a subscriber of MSDN and it was worthwhile, not now anymore .
Quote from: aw27 on September 19, 2017, 10:36:14 PMfrom command line you need to specify /D "_UNICODE" /D "UNICODE"
More fun with M$ :t
There is even a dedicated SOF page: Why both UNICODE and _UNICODE? (https://stackoverflow.com/questions/7953025/why-both-unicode-and-unicode)
A propos: will it solve the little "error LNK2019: unresolved external symbol ___report_rangecheckfailure" problem, or does that require yet another magic trick?
deleted
@JJ,
cl /GS- /TC /GL /analyze- /W3 /Gy /Zc:wchar_t /Zi /Gm- /O1 /fp:precise /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_UNICODE" /D "UNICODE" /errorReport:prompt /WX- /Zc:forScope /Gd /Oy- /Oi /MD /nologo /Fe /Fombr.obj mbr.cpp /link /OUT:mbr.exe /ENTRY:main /SUBSYSTEM:CONSOLE /DYNAMICBASE:NO /FIXED /MACHINE:X86 /OPT:REF /SAFESEH:NO /INCREMENTAL:NO kernel32.lib ucrt.lib
Builds a 3 KB exe.
I am sure you will not get it to work, as usual. :badgrin:
:biggrin:
aw,
Quote
cl /GS- /TC /GL /analyze- /W3 /Gy /Zc:wchar_t /Zi /Gm- /O1 /fp:precise /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_UNICODE" /D "UNICODE" /errorReport:prompt /WX- /Zc:forScope /Gd /Oy- /Oi /MD /nologo /Fe /Fombr.obj mbr.cpp /link /OUT:mbr.exe /ENTRY:main /SUBSYSTEM:CONSOLE /DYNAMICBASE:NO /FIXED /MACHINE:X86 /OPT:REF /SAFESEH:NO /INCREMENTAL:NO kernel32.lib ucrtd.lib
Now you know why I write in MASM. :P
Because we are now at low level disk access routines, I'll post my SPTI disk routines.
For a microcontroller project I needed to have raw access to USB sticks and SD cards.
Made this utility ( 10 years ago ) for myself to read and write data as raw sectors from them in Windows using SPTI.
You can do really low level stuff with this....... ( even reading CDTEXT from an AUDIO CD if you want to. 8))
The program is now only enumerating exchangable media types.
Change the sources to use it for other storage media such as harddisks etc.
Be careful, don't write sectors, unless you know what you're doing.
For complete sources: see Reply #58
Quote from: hutch-- on September 20, 2017, 12:36:09 AM
Now you know why I write in MASM. :P
I don't use much the command line, it is just for JJ cause he can't open the IDE. ;)
Quote from: aw27 on September 20, 2017, 01:02:43 AMI don't use much the command line, it is just for JJ cause he can't open the IDE. ;)
I
can open the Visual Crap "IDE", but why should I waste my time if I can do it in assembler? Besides, you should have posted the whole "project" with *.sln etc, otherwise the dumb "IDE" will not know what to do with your code :biggrin:
@habran,
Here is your order :t
; Requires UASM
.386
.MODEL FLAT, STDCALL
OPTION CASEMAP:NONE
OPTION LITERALS:ON
HANDLE typedef ptr
GENERIC_READ equ 80000000h
FILE_SHARE_READ equ 1
NULL equ 0
OPEN_EXISTING equ 3
FILE_FLAG_NO_BUFFERING equ 20000000h
INVALID_HANDLE_VALUE equ -1
includelib \masm32\lib\msvcrt.lib
printf proto C :ptr, :vararg
getchar proto C
includelib \masm32\lib\kernel32.lib
CreateFileA proto :ptr, :dword, :dword, :ptr, :dword, :dword, :HANDLE
ReadFile proto :HANDLE, :ptr, :dword, :ptr, :ptr
CloseHandle proto :HANDLE
.code
hexDump proc private uses ebx esi base:ptr, _len:sdword
LOCAL buff[17]:byte
mov esi, base
.if _len<=0
ret
.endif
.for (ebx=0 : ebx<_len : ebx++) ; Note: .for (ebx=0, ebx<_len, ebx++) crashes Assembler
.if !(ebx & 0Fh)
.if (ebx != 0)
INVOKE printf, " %s\n", addr buff
.endif
INVOKE printf, " %04x ", ebx
.endif
INVOKE printf, " %02x", byte ptr [esi+ebx]
mov eax, ebx
and eax, 0Fh
.if (byte ptr [esi+ebx]<20h) || (byte ptr [esi+ebx]>7eh)
mov byte ptr buff[eax], '.'
.else
mov dl, byte ptr [esi+ebx]
mov byte ptr buff[eax], dl
.endif
inc eax
mov byte ptr buff[eax], 0
.endfor
dec eax
mov ebx, eax
.while eax!=0
INVOKE printf, " "
inc ebx
mov eax, ebx
and eax, 0Fh
.endw
INVOKE printf, " %s\n", addr buff
ret
hexDump endp
main proc
LOCAL buff[512]:byte
LOCAL dwBytesRead : dword
LOCAL hFile : HANDLE
INVOKE CreateFileA, "\\.\PhysicalDrive0", GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_FLAG_NO_BUFFERING, NULL ; When/if UASM considers \ an escape char filename has to be changed to \\\\.\\PhysicalDrive0
.if eax==INVALID_HANDLE_VALUE
INVOKE printf, "Can't open MBR. Are you launching as Administrator?"
ret
.else
mov hFile, eax
INVOKE ReadFile, hFile, addr buff, sizeof buff, addr dwBytesRead, NULL
.if eax==0
INVOKE printf, "Error reading MBR"
.else
INVOKE hexDump, addr buff, sizeof buff
.endif
.endif
INVOKE CloseHandle, hFile
INVOKE getchar
ret
main endp
end main
Thanks aw27, nicely done :t
Quote.for (ebx=0 : ebx<_len : ebx++) ; Note: .for (ebx=0, ebx<_len, ebx++) crashes Assembler
The base for '.for' is .for ( : : ), it must have 2 ':', otherwise it will not work
we can use ',' for several initiators but they must be separated with ':'
.for (ebx=0,ecx=16 : ebx<_len : ebx++,ecx--)
However, as usual, you have pointed to an error in UASM, because it should not crash, it should give an error report. I'll look at it and fix it.
Nice proggy Siekmanski :t
I would suggest you to increase the size of window and characters :biggrin:
:biggrin:
You're right. It's an old proggy, made in the era of low resolution monitors.
aw27, .FOR-.ENDFOR is fixed, will be soon(maybe today) uploaded, with some of other fixes and polishes,
it'll come shiny and functional, better than ever ;)
Quote from: jj2007 on September 20, 2017, 02:41:50 AM
you should have posted the whole "project" with *.sln etc,
It is not necessary in most cases, you simply make a new project and add the existing files to it. Then you play with the project properties as you wish.
Quote from: habran on September 20, 2017, 08:40:34 AM
aw27, .FOR-.ENDFOR is fixed, will be soon(maybe today) uploaded, with some of other fixes and polishes,
it'll come shiny and functional, better than ever ;)
:t
Quote from: aw27 on September 20, 2017, 04:36:06 PMThen you play with the project properties as you wish.
Yeah, this is the fascinating part: trial and error, and googling if somebody has seen the same absurd error messages. If you have too much free time, start C/C++ programming :badgrin:
Glad I started this topic "How to read Windows MFT"
47 replies from members who understand 'lightyears' more than me.
Lots to read and to to learn.
I even might be able o read the MFT at the end.
Thank you all.
Hi JJ, here is a C/C++ project with everything included and built hexDump.exe
it can be built as 32bit or 64bit 8)
Quote from: habran on September 20, 2017, 08:07:45 PM
Hi JJ, here is a C/C++ project with everything included and built hexDump.exe
it can be built as 32bit or 64bit 8)
Thanks :bgrin:
1>------ Build started: Project: hexdump, Configuration: Debug Win32 ------
1>Project file contains ToolsVersion="12.0". This toolset may be unknown or missing, in which case you may be able to resolve this by installing the appropriate version of MSBuild, or the build may have been forced to a particular ToolsVersion for policy reasons. Treating the project as if it had ToolsVersion="4.0". For more information, please see http://go.microsoft.com/fwlink/?LinkId=291333.
1>C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\Platforms\Win32\Microsoft.Cpp.Win32.Targets(518,5): error MSB8008: Specified platform toolset (v120) is not installed or invalid. Please make sure that a supported PlatformToolset value is selected.
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========OK, so that compiler was too old, it seems :icon_mrgreen:
Trying again with VS 2015, I see the error box below - your project is too old, Habran :eusa_naughty:
But, miracles happen, after slightly less than two minutes, VC succeeds in building this big project :t
My advice:
Use UAsm - much less code, it loads in under 0.2 seconds and builds in about 0.3 seconds, and the resulting exe is much shorter :bgrin:
include \masm32\MasmBasic\MasmBasic.inc
Init
Open "I", #1, "\\.\PhysicalDrive0"
deb 4, "Handle", eax, $Err$()
Let esi=Input$(#1, 200h)
Close
Inkey HexDumpHeader$, HexDump$(esi, 200h, 0)
EndOfCode
QuoteOK, so that compiler was too old, it seems :icon_mrgreen:
Trying again with VS 2015, I see the error box below - your project is too old, Habran :eusa_naughty:
I know, I am also old but still fully functional ;)
MSVS can easy upgrade to newer project but not backwards, so it is better to upload older project then newer
I prefer MSVS 2013 because it creates smaller exe :t
Anyhow, you succeeded to build it, didn't you? 8)
Quote from: jj2007 on September 20, 2017, 08:31:11 PM
My advice: Use UAsm :bgrin:
include \masm32\MasmBasic\MasmBasic.inc
:greenclp:
Quote
resulting exe is much shorter :bgrin:
Only 28KB, I will add. Not bigger, because BASIC MASM is there to reduce it. :exclaim:
Quote from: clamicun on September 20, 2017, 07:50:30 PM
Glad I started this topic "How to read Windows MFT"
47 replies from members who understand 'lightyears' more than me.
Lots to read and to to learn.
I even might be able o read the MFT at the end.
Thank you all.
:biggrin:
sinsi,
trying to get your program 1m.asm running.
What does mean ?
"Usage: readdrive drive: filename"
Whatever I write, it gives me ""Error opening D:"
From what I remember, I used this program to copy a CD/DVD. Never tried it on a hard drive, maybe that's the problem?
Also I noticed that D: is hard coded in the error message, meaning if you try and open C: or E: it will still say D: :icon_redface:
The original program was called readdrive.exe, testing out different buffer sizes gave me 1m.exe (uses a 1MB buffer)
Usage would be "1m D: c:\copy_of_cd.iso"
sinsy,
thank you ...I get it now
Goede dag Siekmanski,
Your example RawSectorsReaderWriter seems to be the most interesting.
But SD_Lezer.asm doesn't compile.
It gives me dozens of errors.
include mijn_macros.inc is one of them.
What to do, please ?
You're right,
The "mijn_macros.inc" was missing.
Included a make.bat file, you have to change the "SET PATH=D:\masm32\bin\" to C:\ if necessary.
Marinus
Marinus,
yes many thanks.
You obviously didn't check it.
Gives me 4 errors.
ASPI_SPTL.ASM
Line 429 .elseif
ASPI_SPTL.ASM
Line 443 invoke sprintf
SD_Lezer.ASM
Line 111 invoke sprintf
SD_Lezer.ASM
Line 554 invoke sprintf
But no problem. It compiles now and is very well done.
QuoteYou obviously didn't check it.
I did. No errors here.
d:\RadASM2212\Masm\Projects\SDlezer engels\SD_lezer>SET FILE=SD_Lezer
d:\RadASM2212\Masm\Projects\SDlezer engels\SD_lezer>SET PATH=D:\masm32\bin\
Microsoft (R) Windows (R) Resource Compiler, Version 5.00.1823.1 - Build 1823
Copyright (C) Microsoft Corp. 1985-1998. All rights reserved.
Using codepage 1252 as default
Creating rsrc.RES
RC: RCPP -CP 1252 -f d:\RadASM2212\Masm\Projects\SDlezer engels\SD_lezer\RCa0802
8 -g d:\RadASM2212\Masm\Projects\SDlezer engels\SD_lezer\RDa08028 -DRC_INVOKED -
D_WIN32 -pc\:/ -E -I. -I .
rsrc.rc.
Writing DIALOG:1000, lang:0x409, size 1392.
Writing ICON:1, lang:0x409, size 2216
Writing GROUP_ICON:102, lang:0x409, size 20.
Writing 24:1, lang:0x409, size 533
Microsoft (R) Windows Resource To Object Converter Version 5.00.1736.1
Copyright (C) Microsoft Corp. 1992-1997. All rights reserved.
Microsoft (R) Macro Assembler Version 12.00.21005.1
Copyright (C) Microsoft Corporation. All rights reserved.
Assembling: SD_Lezer.asm
Microsoft (R) Incremental Linker Version 5.12.8078
Copyright (C) Microsoft Corp 1992-1998. All rights reserved.
Volume in drive D is DataSchijf
Volume Serial Number is 642F-B3AB
Directory of d:\RadASM2212\Masm\Projects\SDlezer engels\SD_lezer
27-09-2017 14:56 23.352 SD_Lezer.Asm
28-09-2017 05:40 15.360 SD_Lezer.exe
27-09-2017 21:51 1.032 SD_Lezer.rap
27-09-2017 17:41 20.090 SD_lezer.zip
4 File(s) 59.834 bytes
0 Dir(s) 2.620.570.652.672 bytes free
I do not understand,
I unzip SD_lezer.zip, correct the path in MAKE.BAT, run MAKE.BAT and get those 4 errors.
Line 429
.elseif
can't work
The other 3 errors are sprintf instead of wsprintf
You get stuck very easily. :badgrin:
What about this sprintf equ <_imp__sprintf> ?
You can try replacing this line "include \masm32\include\msvcrt.inc"
by this, "sprintf PROTO C :DWORD,:DWORD,:VARARG"
"You get stuck very easily"
ok. I give up trying to understand it .
Thank you
Hi,
I did not find ready-made implementations specifically for macro assembler, but in the attachment there is a very simple and interesting project with libraries that can be translated into a macro assembler without much effort.
Another interesting page - Master File Table Program Example 2: Reading and Dumping the Deleted Files - https://www.installsetupconfig.com/win32programming/windowsvolumeapis1_20.html