Skip to main content

Locking a physical disk on windows....

In this, I've tried to lock a physical disk using a small Windows C++ program. The steps to follow to achieve this are:


1. Get the Physical Drive and volume mapping. Say, the computer is attached with three physical drives, and we're interested to lock the Physical Drive 1 ("\\\\.\\PhysicalDrive1"). Then we need to figure out how many volumes are there on that physical disk.

2. Then Lock that volume one by one using control code FSCTL_LOCK_VOLUME.

3. Do the stuff we'd like to perform on the disk and then unlock each volume using control code  FSCTL_UNLOCK_VOLUME.

4. Close disk and volume handle(s).

Few things to remember here. As per Microsoft documentation,

a. The NTFS file system treats a locked volume as a dismounted volume.
b. Lock volume call will fail with Access Code 5 (Access Denied) if the volume is in use. If we're not sure who's using the volume, just unmount it once.
c. The FSCTL_DISMOUNT_VOLUME control code functions similarly but does not check for open files before dismounting.
d. The operating system tries to mount an unmounted disk as soon as an attempt is made to access it. So, a call to GetLogicalDrives API will trigger the operating system to mount the disk.

Note: Since this deals with disk locks, please use it wisely.

Here is the code snippet, I tried to lock the drive here which has only one volume (J:).

void LockDisk()
{
    HANDLE    hDisk_Device = NULL;
    HANDLE    hDisk_Drive = NULL;
    DWORD    returnedLength;

    // Open the drive(s) associated with this disk and lock.
    hDisk_Drive = CreateFile(
            L"\\\\.\\J:",                                                     // device interface name
            GENERIC_READ | GENERIC_WRITE,            // dwDesiredAccess
            FILE_SHARE_READ | FILE_SHARE_WRITE, // dwShareMode
            NULL,                                                          // lpSecurityAttributes
            OPEN_EXISTING,                                        // dwCreationDistribution
            0,                                                                // dwFlagsAndAttributes
            NULL                                                         // hTemplateFile
            );

    if(hDisk_Drive != INVALID_HANDLE_VALUE)
    {
        BOOL status;
        status = DeviceIoControl( hDisk_Drive, FSCTL_LOCK_VOLUME, NULL, 0, NULL, 0, &returnedLength, NULL );

        if ( !status )
        {
            wprintf(L"IOCTL failed with error code: %d.\n\n", GetLastError() );
        }
        else
        {
            wprintf(L"IOCTL success, volume locked\n\n");
           
            status = DeviceIoControl( hDisk_Drive, FSCTL_UNLOCK_VOLUME, NULL, 0, NULL, 0, &returnedLength, NULL );
            if( !status)
                wprintf(L"IOCTL failed with error code: %d.\n\n", GetLastError() );

            CloseHandle(hDisk_Drive);
        }
    }
}

We can test this piece of code by using debug breakpoint to see if it really works. I've used Windows 7 (x64).

On successful lock, if we try to access the drive from Windows Explorer, we'll get the following error:



Comments

Popular posts from this blog

Variadic template class to add numbers recursively during compilation

 The idea of having a class to add numbers (variable parameters) during compilation time recursively. Also wanted to restrict types to a single type while sending parameters to class member function. That said, if we mix int, float and double types to add function shall result in compilation error. How do we achieve this. The below is the code which actually helps to achieve this: <code> #include < fmt/format.h > template < typename T> class MyVarSumClass{     private :         T _sum = 0 ;     public :         template < typename ... TRest>         T add(T num, TRest... nums){             static_assert (std::conjunction<std::is_same<TRest, T>...>{}); /* Assert fails                if types are different */             _sum += num;             return add(nums...); // Next parameter packs gets picked recursively         }         // Base case         T add(T num){             _sum += num;             return _sum;         } }; int main() {     My

A simple approach to generate Fibonacci series via multi-threading

T his is a very simple approach taken to generate the Fibonacci series through multithreading. Here instead of a function, used a function object. The code is very simple and self-explanatory.  #include <iostream> #include <mutex> #include <thread> class Fib { public:     Fib() : _num0(1), _num1(1) {}     unsigned long operator()(); private:     unsigned long _num0, _num1;     std::mutex mu; }; unsigned long Fib::operator()() {     mu.lock(); // critical section, exclusive access to the below code by locking the mutex     unsigned long  temp = _num0;     _num0 = _num1;     _num1 = temp + _num0;     mu.unlock();     return temp; } int main() {     Fib f;          int i = 0;     unsigned long res = 0, res2= 0, res3 = 0;     std::cout << "Fibonacci series: ";     while (i <= 15) {         std::thread t1([&] { res = f(); }); // Capturing result to respective variable via lambda         std::thread t2([&] { res2 = f(); });         std::thread t3(

A concept to a product (Kimidori [ 黄緑]) - Part 2

In the previous part , we have seen KIMIDORI [ 黄緑] detect if a URL is malicious. In this part, we will see the details that KIMIDORI [ 黄緑] fetches out of the URL provided. As an example, provided a safe URL, https://www.azuresys.com/, and let's see what it brings out: As we can see, the link is safe and the link is active, which means we can just click on the link to open it on IE.  Now it's time to look into the URL report (still under development):  We have URLs IP, Location, and HTTP Status code. The Report part is a sliding window, the Show Report button shows as well as hides the report. Show / Hide Report is a toggle button. Let's see if we get the same details for any bad (phishing / malicious) URL: Took an URL example from a phishing link and tested it. The tool detected it as not a good link (Screen Shot Below) & link does not activate unlike a safe URL: Now let's see the report part for more details including domain registration details: It looks like it&