1 #include <windows.h>
2 #include <winioctl.h>
3 #include <stdio.h>
4
5 int main(int argc,char *argv[]){
6 BOOL result;
7 HANDLE rawDevice;
8 LPCTSTR deviceName;
9 char *buffer;
10 int driveNumber;
11 union{
12 unsigned long long ull;
13 unsigned long ul[2];
14 }startSector;
15 int sectorsPerBlock;
16 int numberOfBytesRead;
17 int i,j,k,l,m;
18 int match;
19 unsigned searchBuffer[512*2];
20
21
22
23
24 /*
25 * Everything inside this do while...to have a single exit point!
26 */
27 do{
28
29 /*
30 * Usage:
31 * RawSearch drive skip block_size [signature]
32 *
33 * drive: 0 for PhysicalDrive0, 1 for PhysicalDrive1 etc
34 * skip: Number of sectors to skip
35 * block_size: Sectors to read at a time
36 * signature: What to look for in the sectors. Pairs
37 * of numbers are expected, the first number being the
38 * offset within the sector and the second one being the
39 * value.
40 */
41 if(argc < 5 || argc&1){
42 printf("Error: Incorrect usage.");
43 printf("\n\
44 Usage:\n\
45 %s drive skip block_size [signature]\n\
46 \n\
47 drive: 0 for PhysicalDrive0, 1 for PhysicalDrive1 etc\n\n\
48 skip: Number of sectors to skip\n\n\
49 block_size: Sectors to read at a time\n\n\
50 signature: What to look for in the sectors. Pairs\n\
51 of numbers are expected, the first number being the\n\
52 offset within the sector and the second one being the\n\
53 value.\n\n",argv[0]);
54 break;
55
56 }
57
58 /*
59 * Allocate 256 bytes for the device name
60 */
61 deviceName=(LPCTSTR)malloc(256);
62
63 driveNumber=atoi(argv[1]);
64 sprintf(deviceName,"\\\\.\\PhysicalDrive%d",driveNumber);
65 startSector.ull=atoll(argv[2]);
66 sectorsPerBlock=atoi(argv[3]);
67
68 for(i=0;i<512*2;i++)searchBuffer[i]=0;
69 for(i=4;i<argc-1;i+=2){
70 searchBuffer[i-4]=atoi(argv[i]);
71 searchBuffer[i-4+1]=atoi(argv[i+1]);
72
73 printf("%d -> %d\n", searchBuffer[i-4],searchBuffer[i-4+1]);
74 }
75
76 if(sectorsPerBlock < 1){
77 printf("sectors per block must be greater than 0\n");
78 break;
79 }
80
81
82 /*
83 * Check
84 * http://msdn.microsoft.com/library/default.asp?url=/library/en-us/fileio/base/createfile.asp
85 * for details on the parameters to CreateFile
86 *
87 * Just a point here, don't know the reason though, you have to give
88 * both read and write access in order for this CreateFile to succeed
89 */
90 rawDevice = CreateFile(deviceName, // drive to open
91 FILE_SHARE_READ | FILE_SHARE_WRITE, // no access to the drive
92 0,
93 NULL, // default security attributes
94 OPEN_EXISTING, // disposition
95 0, // file attributes
96 NULL); // do not copy file attributes
97
98
99
100 /*
101 * If CreateFile returns INVALID_HANDLE_VALUE then we know that
102 * it failed...gotta bail out
103 */
104 if (rawDevice == INVALID_HANDLE_VALUE){
105 printf("Could not open the device\n");
106 break;
107 }
108
109 printf("%s has been opened successfully\n",deviceName);
110
111 buffer=(LPVOID)malloc(512*sectorsPerBlock);
112
113 if(buffer==NULL){
114 printf("Could not allocate the buffer\n");
115 break;
116 }
117
118 startSector.ull*=512;
119 SetFilePointer(rawDevice, startSector.ul[0], &startSector.ul[1], FILE_BEGIN);
120
121 //for(l=0;l<2;l++){
122 while(1){
123 result=ReadFile(rawDevice, (LPVOID)buffer, 512*sectorsPerBlock, &numberOfBytesRead,(LPOVERLAPPED)NULL);
124 if(!result){
125 printf("Error while reading\n");
126 break;
127 }
128 //for(i=0;i<512*2;i++){
129 // printf("%d ",searchBuffer[i]);
130 //}
131 //printf("\n---\n");
132 //for(i=0;i<512;i++){
133 // printf("%d(%02X) ",buffer[i],buffer[i]&0xff);
134 //}
135 k=0;
136 for(i=0;i<sectorsPerBlock;i++){
137 match=1;
138 for(j=0;j<512*2;j+=2){
139 if(searchBuffer[j]==0)break;
140 //printf("Looking for %d at %d %d k=%d\n",searchBuffer[j+1],searchBuffer[j],buffer[k+searchBuffer[j]],k);
141 if((unsigned char)buffer[k+searchBuffer[j]] != searchBuffer[j+1]){
142 match=0;
143 break;
144 }
145 }
146 if(match){
147 printf("Sector number %016X matched the signature\n",startSector.ull+(k/512));
148 }
149 k+=512;
150 }
151 startSector.ull+=sectorsPerBlock;
152 //break;
153 }
154 }while(0);
155
156
157 return 0;
158
159
160 }
|