Thread: [sleuthkit-developers] win32 device opening
Brought to you by:
carrier
Menu
▾
▴
sleuthkit-developers
|
From: Brian C. <ca...@sl...> - 2008-10-27 17:46:24
|
Any win32 developers know why TSK is getting a sharing error (0x20)
with this statement:
raw_info->fd = CreateFile(image, GENERIC_READ,
FILE_SHARE_READ | FILE_SHARE_WRITE, 0,
OPEN_EXISTING, 0, 0);
when trying to open "\\.\PhysicalDrive0" ?
|
|
From: Michael C. <scu...@gm...> - 2008-10-27 23:52:43
|
Hi Brian,
I normally do this:
device_handle = CreateFileA(image, GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL, OPEN_EXISTING, 0, NULL);
To get write access to the raw device. Im not sure what it means to
specify FILE_SHARE_WRITE without specifying GENERIC_WRITE. The code
that I got it from was running fine on WinXP - not tested on Vista.
Why would sk need to open with FILE_SHARE_WRITE anyway?
It may also be possible that another program has the raw device
already open for writing without sharing permitted.
Hope this helps,
Michael.
On Tue, Oct 28, 2008 at 4:46 AM, Brian Carrier <ca...@sl...> wrote:
> Any win32 developers know why TSK is getting a sharing error (0x20)
> with this statement:
>
> raw_info->fd = CreateFile(image, GENERIC_READ,
> FILE_SHARE_READ | FILE_SHARE_WRITE, 0,
> OPEN_EXISTING, 0, 0);
>
> when trying to open "\\.\PhysicalDrive0" ?
>
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> sleuthkit-developers mailing list
> sle...@li...
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-developers
>
|
|
From: Brian C. <ca...@sl...> - 2008-10-28 14:13:37
|
Hi Michael, I only want read access, but I tried adding GENERIC_WRITE and it still failed. I recently added the FILE_SHARE_WRITE because someone reported that it was needed when the device has already been opened with write access because I am then willing to "share" the device with that program. I don't get the sharing violation when I use \\.\C: though, so perhaps the CreateFile arguments are correct and it is simply that PhysicalDrive0 is opened and not being shared. thanks, brian On Oct 27, 2008, at 7:52 PM, Michael Cohen wrote: > Hi Brian, > > I normally do this: > > device_handle = CreateFileA(image, GENERIC_READ | GENERIC_WRITE, > FILE_SHARE_READ | FILE_SHARE_WRITE, > NULL, OPEN_EXISTING, 0, NULL); > > To get write access to the raw device. Im not sure what it means to > specify FILE_SHARE_WRITE without specifying GENERIC_WRITE. The code > that I got it from was running fine on WinXP - not tested on Vista. > Why would sk need to open with FILE_SHARE_WRITE anyway? > > It may also be possible that another program has the raw device > already open for writing without sharing permitted. > > Hope this helps, > > Michael. > > On Tue, Oct 28, 2008 at 4:46 AM, Brian Carrier > <ca...@sl...> wrote: >> Any win32 developers know why TSK is getting a sharing error (0x20) >> with this statement: >> >> raw_info->fd = CreateFile(image, GENERIC_READ, >> FILE_SHARE_READ | FILE_SHARE_WRITE, 0, >> OPEN_EXISTING, 0, 0); >> >> when trying to open "\\.\PhysicalDrive0" ? >> >> >> --------------------------------------------------------------------- >> ---- >> This SF.Net email is sponsored by the Moblin Your Move Developer's >> challenge >> Build the coolest Linux based applications with Moblin SDK & win >> great prizes >> Grand prize is a trip for two to an Open Source event anywhere in >> the world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> _______________________________________________ >> sleuthkit-developers mailing list >> sle...@li... >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-developers >> |
|
From: Christophe G. <gr...@cg...> - 2008-10-29 07:35:18
|
On Tue, 28 Oct 2008, Brian Carrier wrote:
> Hi Michael,
>
> I only want read access, but I tried adding GENERIC_WRITE and it
> still failed.
>
> I recently added the FILE_SHARE_WRITE because someone reported that
> it was needed when the device has already been opened with write
> access because I am then willing to "share" the device with that
> program.
>
> I don't get the sharing violation when I use \\.\C: though, so
> perhaps the CreateFile arguments are correct and it is simply that
> PhysicalDrive0 is opened and not being shared.
>> device_handle = CreateFileA(image, GENERIC_READ | GENERIC_WRITE,
>> FILE_SHARE_READ | FILE_SHARE_WRITE,
>> NULL, OPEN_EXISTING, 0, NULL);
Hello,
Windows version of TestDisk is using
device_handle = CreateFileA(image, FILE_READ_DATA | FILE_WRITE_DATA,
FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL, OPEN_EXISTING, 0, NULL);
FILE_READ_DATA requires less privileges than GENERIC_READ,
see http://msdn.microsoft.com/fr-fr/aa364399(en-us).aspx
So far, it works well under Vista as long as you run TestDisk
using right-click "Run as Administrator".
Regards,
Christophe
--
,-~~-.___. ._.
/ | ' \ | |--------. Christophe GRENIER
( ) 0 | | | gr...@cg...
\_/-, ,----' | | |
==== !_!-v---v--.
/ \-'~; .--------. TestDisk & PhotoRec
/ __/~| ._-""|| | Data Recovery
=( _____|_|____||________| http://www.cgsecurity.org
|
|
From: Brian C. <ca...@sl...> - 2008-10-29 13:27:05
|
On Oct 29, 2008, at 3:12 AM, Christophe GRENIER wrote: > On Tue, 28 Oct 2008, Brian Carrier wrote: > >> Hi Michael, >> >> I only want read access, but I tried adding GENERIC_WRITE and it >> still failed. >> >> I recently added the FILE_SHARE_WRITE because someone reported that >> it was needed when the device has already been opened with write >> access because I am then willing to "share" the device with that >> program. >> >> I don't get the sharing violation when I use \\.\C: though, so >> perhaps the CreateFile arguments are correct and it is simply that >> PhysicalDrive0 is opened and not being shared. > >>> device_handle = CreateFileA(image, GENERIC_READ | GENERIC_WRITE, >>> FILE_SHARE_READ | FILE_SHARE_WRITE, >>> NULL, OPEN_EXISTING, 0, NULL); > > Hello, > > Windows version of TestDisk is using > device_handle = CreateFileA(image, FILE_READ_DATA | FILE_WRITE_DATA, > FILE_SHARE_READ | FILE_SHARE_WRITE, > NULL, OPEN_EXISTING, 0, NULL); > > FILE_READ_DATA requires less privileges than GENERIC_READ, > see http://msdn.microsoft.com/fr-fr/aa364399(en-us).aspx Hi Christophe, Thanks, but that didn't seem to change anything on my XP system when trying to open \\.\PhysicalDrive0. I still get a sharing violation. > So far, it works well under Vista as long as you run TestDisk > using right-click "Run as Administrator". It works on both \\.\C: and \\.\PhysicalDrive0? thanks, brian |
|
From: Christophe G. <gr...@cg...> - 2008-10-29 13:56:31
|
On Wed, 29 Oct 2008, Brian Carrier wrote:
> Hi Christophe,
>
> Thanks, but that didn't seem to change anything on my XP system when trying
> to open \\.\PhysicalDrive0. I still get a sharing violation.
>
>> So far, it works well under Vista as long as you run TestDisk
>> using right-click "Run as Administrator".
>
> It works on both \\.\C: and \\.\PhysicalDrive0?
Hi Brian,
TestDisk opens both but by default, it won't display C: if
PhysicalDrive0 has worked unless "testdisk /all" is used.
Does TestDisk work on your system ?
Is there another program already accessing \\.\PhysicalDrive0?
It may explain the sharing violation.
Christophe
--
,-~~-.___. ._.
/ | ' \ | |--------. Christophe GRENIER
( ) 0 | | | gr...@cg...
\_/-, ,----' | | |
==== !_!-v---v--.
/ \-'~; .--------. TestDisk & PhotoRec
/ __/~| ._-""|| | Data Recovery
=( _____|_|____||________| http://www.cgsecurity.org
|
|
From: Brian C. <ca...@sl...> - 2008-10-29 14:56:28
|
On Oct 29, 2008, at 9:56 AM, Christophe GRENIER wrote: > On Wed, 29 Oct 2008, Brian Carrier wrote: > >> Hi Christophe, >> >> Thanks, but that didn't seem to change anything on my XP system >> when trying to open \\.\PhysicalDrive0. I still get a sharing >> violation. >> >>> So far, it works well under Vista as long as you run TestDisk >>> using right-click "Run as Administrator". >> >> It works on both \\.\C: and \\.\PhysicalDrive0? > > Hi Brian, > > TestDisk opens both but by default, it won't display C: if > PhysicalDrive0 has worked unless "testdisk /all" is used. > Does TestDisk work on your system ? It does, but it reports it as /dev/sda. Is it actually using /dev/ sda or is it mapping to \\.\PhysicalDrive0 behind the scenes? > Is there another program already accessing \\.\PhysicalDrive0? > It may explain the sharing violation. Could be. Although, I seem to be able to open \\.\PhysicalDrive0 from within Cygwin without error (although TSK is not getting the correct size of the device through Cygwin...). thanks, brian |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X