0

I create a backup of the physical (encrypted) sectors of a BitLocker-encrypted volume (by reading them directly from \\.\PhysicalDrive0).

Then I format the volume as a non-encrypted volume, thus removing the BitLocker encryption and converting the encrypted volume to a non-encrypted one.

After that, I restore the physical (encrypted) sectors by writing them directly to \\.\PhysicalDrive0. The writing works fine, but:

The problem: Windows does not realize the volume has changed from a non-encrypted one to a BitLocker-encrypted one. I tried calling DeviceIOControl() with IOCTL_DISK_UPDATE_PROPERTIES, to no avail.

Only after a restart (or removing and then re-inserting the drive, if it is removable) does Windows realize that there is a new BitLocker-encrypted volume in the system.

Question: Is there any way to programmatically force a refresh of the BitLocker volumes, after I'm done writing the physical sectors? So far, this only works if I take the ENTIRE drive offline and then back online, but I cannot do this, since that drive also contains other volumes, which I cannot take offline, not even temporarily.

PS: The code does run with admin privileges. I did lock/unlock the volume. I did dismount the volume's file system. To no avail. I'm out of ideas. Thanks.

TheodoreJohn
  • 21
  • 3
  • 1
    Out of curiosity, what is it you are actually trying to achieve by this? You describe what you are doing, but not why. By explaining why you are doing this, other people might suggest a different solution altogether. – gogognome Apr 14 '20 at 15:25
  • @gogognome: The other part of the story is here: https://stackoverflow.com/questions/61207309/how-to-write-the-physical-sectors-of-a-bitlocker-encrypted-volume So I'm trying to restore the physical sectors of a BitLocker-encrypted volume, but Windows won't let me as long as the volume is still BitLocker-encrypted. After I convert it to a non-encrypted volume, I am able to write the sectors, but I need a reboot (or remove & re-insert) in order for Windows to detect the volume change. Thanks. – TheodoreJohn Apr 15 '20 at 14:26
  • TheodoreJohn: why do you want to restore the physical sectors of a BitLocker-encrypted volume? I never had the need to do so, and I guess most readers of StackOverflow have neither had that need. Could you explain why you are doing this? Are you implementing ransomware? Or are you writing software to backup an encrypted drive? – gogognome Apr 16 '20 at 11:48

0 Answers0