6

From the RawDisk website:

The new security model of Windows Vista puts tight restrictions on applications executed in user mode. Even with elevated administrative rights, the application can’t get write access to raw disk sectors.

Is this true?

From the Microsoft doc:

The changes to the file system and to the storage stack do not apply if the volume is not mounted or if the volume has no file system.

Please give

  • either a link to the official Microsoft doc confirming the RawDisk website
  • or a working code example. (I obviously failed to create one, CreateFile() call fails with ERROR_ACCESS_DENIED if GENERIC_WRITE is set.)

Other relevant Microsoft docs that I have so far found:

Jeff McJunkin
  • 128
  • 6
Ali
  • 56,466
  • 29
  • 168
  • 265
  • What happens when you try (with a sacrificial volume of course)? – Richard Jan 05 '12 at 12:05
  • @Richard I get `ERROR_ACCESS_DENIED` (0x5). I am testing on a raw SD card. – Ali Jan 05 '12 at 12:13
  • @Richard Just because I failed it does not mean it is not possible. I do not understand `SL_FORCE_DIRECT_WRITE`, I have no idea how to use it. – Ali Jan 05 '12 at 12:27
  • I assume you got access denied from `WriteFile`? Did `CreateFile` succeed? – avakar Jan 05 '12 at 12:53
  • @avakar The `CreateFile()` call fails if `GENERIC_WRITE` is set. There is no filesystem, the device is a raw SD card. How would this information change your answer? – Ali Jan 05 '12 at 13:06
  • @Ali, that would seem to indicate that you don't have the write access to the device (as in security descriptor). IRP_MJ_WRITE is not issued on CreateFile. – avakar Jan 05 '12 at 13:07
  • @avakar OK, what should I pass to CreateFile as a security descriptor? I am Linux guy, I do not know the winapi :( – Ali Jan 05 '12 at 13:10
  • @avakar OK, I updated the question. The doc says it should be possible for raw devices / devices having no filesystem. – Ali Jan 05 '12 at 13:31
  • @Richard OK, I updated the question. The doc says it should be possible for raw devices / devices having no filesystem. But how? – Ali Jan 05 '12 at 13:31

1 Answers1

1

Yes. The first article you link to provides a longer list of exceptions:

  • if the file system is not mounted
  • if the file system has been locked.
  • if the sectors being written to reside outside file system space (this includes the boot sectors, and the "no file system" case where obviously all sectors are outside the file system)
  • if the write request has been flagged by a kernel-mode driver.

Obviously, the last exception is irrelevant to you. User mode is the opposite of kernel mode. The other exceptions still apply.

MSalters
  • 173,980
  • 10
  • 155
  • 350
  • The `CreateFile()` fails for `GENERIC_WRITE`. You do **not** have a handle to call `DeviceIoControl()` and issue `FSCTL_ALLOW_EXTENDED_DASD_IO`. If the other exceptions still apply then how should I call `CreateFile()` so that I do not get an `ERROR_ACCESS_DENIED`? The process is properly elevated. Please give a working code example. – Ali Jan 05 '12 at 14:09
  • Well, that's an unrelated matter anyway. You don't have a sector number at that point, so sector-based restrictions don't matter yet. You _did_ specify both `OPEN_EXISTING` and `FILE_SHARE_WRITE`, did you? And you're opening the volume (`\\.\X:`), not its file system (`\\.\X:\ `) ? – MSalters Jan 05 '12 at 14:24
  • Yes, I do exactly that. I have no idea what security attributes are, I just pass NULL. – Ali Jan 05 '12 at 14:27
  • "Optional...`CreateFile` ignores the `lpSecurityDescriptor` member when opening an existing file or device, but continues to use the `bInheritHandle` member". I.e. `NULL` is OK since you don't need to pass the handle to child processes. Can you create an additional queston for your `CreateFile` problem? – MSalters Jan 05 '12 at 14:30
  • Yes, it's already [here](http://stackoverflow.com/q/8694713/341970), just not receiving enough attention... – Ali Jan 05 '12 at 14:35
  • Sorry, I still need more clarification. Why do I read this on the RawDisk website? "We have developed kernel-mode drivers for both 32-bit and 64-bit versions of Windows. Demand for such a solution is high, because preparing the applications for Windows Vista appeared to be a daunting task for many developers”, - said Eugene Mayevski, CTO of EldoS Corporation. Why did they write a driver if you can do it in user mode? – Ali Jan 05 '12 at 16:08
  • 1
    @Ali: I presume because it's easy for them. It's the last exception on the list, and the one that imposes the least requirements on other components. However, you can get the biggest surprises that way exactly because it ignores what other applications are doing. That's not unusual for drivers though, and explains why 99% of BSOD's are caused by drivers. – MSalters Jan 05 '12 at 16:13