2

I call CreateFile() and I open \\.\PhysicalDrive0, then I read the sectors of a BitLocker-encrypted volume, and everything works fine. This way I create a backup copy of the physical (encrypted) sectors of a volume that is encrypted with BitLocker.

Then, I call CreateFile() again and I open \\.\PhysicalDrive0 again, then I try to write the sectors of said BitLocker-encrypted volume (I'm trying to restore the backup), and it doesn't work.

If the volume is unlocked, I get an IOException with HResult = 0x80370000 and text "This drive is locked by BitLocker Drive Encryption. You must unlock this drive from Control Panel."

After I unlock the volume from the UI, the exception changes to HResult = 0x80070013 and text "The media is write protected."

Question: What do I have to do to be allowed to write the physical sectors of a BitLocker-encrypted volume? I mention that I do run the code as an admin, and I do lock the volume, to no avail. The same code works fine with non-encrypted volumes.

So far, I only have 2 options, and neither of them is good:

  1. Writing the physical sectors of the BitLocker volume works fine if I take the ENTIRE drive offline (calling DeviceIOControl()), but I cannot do this, since the drive also contains other volumes, that need to be online.

  2. It also works if (before restoring) I format the volume as a non-encrypted volume, thus removing the BitLocker encryption. After doing this, writing the physical sectors works fine, but Windows does not detect the new written sectors as a BitLocker volume. However, after removing and re-inserting the drive (or after a restart if the drive is fixed) it does detect the volume as a BitLocker encrypted volume.

Thanks a lot.

TheodoreJohn
  • 21
  • 3
  • Do you mind sharing the reason for writing BitLocker-encrypted volume? – Rita Han Apr 15 '20 at 03:29
  • @RitaHan-MSFT: It's stated in the text above: "I'm trying to restore the backup". So I'm creating a backup copy of the physical sectors, and then I'm trying to restore it, but Windows won't let me. Thanks. – TheodoreJohn Apr 15 '20 at 14:23
  • Which API results in error: `0x80070013`? Can you show a mini, complete and reproducible sample? – Rita Han Apr 16 '20 at 06:37
  • @RitaHan-MSFT `h = CreateFile("\\\\.\\PhysicalDrive1", ...); SetFilePointer(h, position); WriteFile(h, buffer, ...);` If position falls within a non-encrypted volume, it works. If position falls within a BitLocker-encrypted volume, it doesn't work (unless I take the entire drive offline, but I cannot do that). – TheodoreJohn Apr 28 '20 at 11:19
  • I can't reproduce your issue using the following code, it works for me. `HANDLE h = CreateFile( L"\\\\.\\PhysicalDrive1", GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_ARCHIVE, NULL); BYTE readBuf[1024]; DWORD bytesRead; ReadFile(h, readBuf, sizeof(readBuf), &bytesRead, NULL); WriteFile(h, readBuf, sizeof(readBuf), &bytesRead, NULL);` – Rita Han Apr 30 '20 at 02:04
  • @RitaHan-MSFT: Are you writing the actual sectors of a BitLocker-encrypted volume? The first byes on the drive may not belong to any volume at all. Does it still work if you set the file pointer few hundreds of kilobytes into the volume? In your example it liiks like you're writing the first sectors of the drive, which may be the partition table, not a BitLocker encrypted volume. Thanks. – TheodoreJohn May 07 '20 at 05:36
  • I get "Access is denied" error returned from `CreateFile` when writing 600 KB (500 KB works). If you are developing user level application for backing up you can refer to [Backup Functions](https://learn.microsoft.com/en-us/windows/win32/backup/backup-functions). Direct access to disk may need like [`DeviceIoControl`](https://learn.microsoft.com/en-us/windows/win32/api/ioapiset/nf-ioapiset-deviceiocontrol), driver related APIs. – Rita Han May 08 '20 at 05:41

0 Answers0