News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

How to read Windows MFT

Started by clamicun, September 17, 2017, 11:43:25 PM

Previous topic - Next topic

aw27

Quote from: jj2007 on September 20, 2017, 02:41:50 AM
you should have posted the whole "project" with *.sln etc,
It is not necessary in most cases, you simply make a new project and add the existing files to it. Then you play with the project properties as you wish. 

aw27

Quote from: habran on September 20, 2017, 08:40:34 AM
aw27, .FOR-.ENDFOR is fixed, will be soon(maybe today) uploaded, with some of other fixes and polishes,
it'll come shiny and functional, better than ever ;)
:t

jj2007

Quote from: aw27 on September 20, 2017, 04:36:06 PMThen you play with the project properties as you wish.

Yeah, this is the fascinating part: trial and error, and googling if somebody has seen the same absurd error messages. If you have too much free time, start C/C++ programming :badgrin:

clamicun

Glad I started this topic "How to read Windows MFT"
47 replies from members who understand 'lightyears' more than me.
Lots to read and to to learn.
I even  might be able o read the MFT at the end.     

Thank you all.

habran

Hi JJ, here is a  C/C++ project with everything included and built hexDump.exe
it can be built as 32bit or 64bit 8)

Cod-Father

jj2007

Quote from: habran on September 20, 2017, 08:07:45 PM
Hi JJ, here is a  C/C++ project with everything included and built hexDump.exe
it can be built as 32bit or 64bit 8)

Thanks :bgrin:1>------ Build started: Project: hexdump, Configuration: Debug Win32 ------
1>Project file contains ToolsVersion="12.0". This toolset may be unknown or missing, in which case you may be able to resolve this by installing the appropriate version of MSBuild, or the build may have been forced to a particular ToolsVersion for policy reasons. Treating the project as if it had ToolsVersion="4.0". For more information, please see http://go.microsoft.com/fwlink/?LinkId=291333.
1>C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\Platforms\Win32\Microsoft.Cpp.Win32.Targets(518,5): error MSB8008: Specified platform toolset (v120) is not installed or invalid. Please make sure that a supported PlatformToolset value is selected.
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========


OK, so that compiler was too old, it seems :icon_mrgreen:

Trying again with VS 2015, I see the error box below - your project is too old, Habran :eusa_naughty:

But, miracles happen, after slightly less than two minutes, VC succeeds in building this big project :t

My advice: Use UAsm - much less code, it loads in under 0.2 seconds and builds in about 0.3 seconds, and the resulting exe is much shorter :bgrin:

include \masm32\MasmBasic\MasmBasic.inc
  Init
  Open "I", #1, "\\.\PhysicalDrive0"
  deb 4, "Handle", eax, $Err$()
  Let esi=Input$(#1, 200h)
  Close
  Inkey HexDumpHeader$, HexDump$(esi, 200h, 0)
EndOfCode

habran

QuoteOK, so that compiler was too old, it seems :icon_mrgreen:

Trying again with VS 2015, I see the error box below - your project is too old, Habran :eusa_naughty:
I know, I am also old but still fully functional ;)
MSVS can easy upgrade to newer project but not backwards, so it is better to upload older project then newer
I prefer MSVS 2013 because it creates smaller exe :t
Anyhow, you succeeded to build it, didn't you? 8)
Cod-Father

aw27

Quote from: jj2007 on September 20, 2017, 08:31:11 PM
My advice: Use UAsm :bgrin:
include \masm32\MasmBasic\MasmBasic.inc
:greenclp:

Quote
resulting exe is much shorter :bgrin:
Only 28KB, I will add. Not bigger, because BASIC MASM is there to reduce it. :exclaim:

felipe

Quote from: clamicun on September 20, 2017, 07:50:30 PM
Glad I started this topic "How to read Windows MFT"
47 replies from members who understand 'lightyears' more than me.
Lots to read and to to learn.
I even  might be able o read the MFT at the end.     

Thank you all.

:biggrin:

clamicun

sinsi,
trying to get your program 1m.asm running.

What does mean ?

"Usage: readdrive drive: filename"

Whatever I write, it gives me ""Error opening D:"

sinsi

From what I remember, I used this program to copy a CD/DVD. Never tried it on a hard drive, maybe that's the problem?
Also I noticed that D: is hard coded in the error message, meaning if you try and open C: or E: it will still say D:  :icon_redface:

The original program was called readdrive.exe, testing out different buffer sizes gave me 1m.exe (uses a 1MB buffer)
Usage would be "1m D: c:\copy_of_cd.iso"
🍺🍺🍺

clamicun


clamicun

Goede dag Siekmanski,
Your example RawSectorsReaderWriter seems to be the most interesting.
But SD_Lezer.asm doesn't compile.
It gives me dozens of errors.

include     mijn_macros.inc is one of them.

What to do, please ?

Siekmanski

You're right,

The "mijn_macros.inc" was missing.
Included a make.bat file, you have to change the "SET PATH=D:\masm32\bin\" to C:\ if necessary.

Marinus
Creative coders use backward thinking techniques as a strategy.

clamicun

Marinus,
yes many thanks.

You obviously didn't check it.
Gives me 4 errors.

ASPI_SPTL.ASM
Line 429   .elseif

ASPI_SPTL.ASM
Line 443  invoke  sprintf

SD_Lezer.ASM
Line 111  invoke  sprintf

SD_Lezer.ASM
Line 554  invoke  sprintf

But no problem. It compiles now and is very well done.