bulk_extractor icon indicating copy to clipboard operation
bulk_extractor copied to clipboard
verified publisher icon simsong

Check whether C++17 can now read raw disk partitions, or if I need to put back in the WIN32-specific code

Open simsong opened this issue 4 years ago • 8 comments

  • [ ] Validate on WIN32
  • [ ] Validate on MacOS
  • [ ] Validate on Linux

simsong avatar Oct 10 '21 22:10 simsong

C++17 has no such support.

But, you can open volumes and physical disks as files in Windows. A physical device path would be like “\.\PhysicalDevice0”. You have to run the program with administrative privileges.

On Oct 10, 2021, at 6:38 PM, Simson L. Garfinkel @.***> wrote:

 — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

jonstewart avatar Oct 10 '21 23:10 jonstewart

The question is, if I open the physical disk as a Windows file, do the C++ intrinsics for getting the file length and seeking in the file work, or do I need to use this code that I've now deleted based on GetDiskGeometry() and ReadFile and Windows handles to read the raw device once it is opened?

simsong avatar Oct 10 '21 23:10 simsong

I… think… everything works. Let me verify the fseek(end), ftell() behavior.

Sent from my iPhone

On Oct 10, 2021, at 7:53 PM, Simson L. Garfinkel @.***> wrote:

 The question is, if I open the physical disk as a Windows file, do the C++ intrinsics for getting the file length and seeking in the file work, or do I need to use this code that I've now deleted based on GetDiskGeometry() and ReadFile and Windows handles to read the raw device once it is opened?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

jonstewart avatar Oct 11 '21 00:10 jonstewart

I'll be double checking! It would be great to get rid of the GetDiskGeometry() stuff.

simsong avatar Oct 11 '21 00:10 simsong

I wonder whether std::filesystem would work, too, with the \.\PhysicalDevice0 path. It may be a better way to go.

https://en.cppreference.com/w/cpp/filesystem/file_size

On Oct 10, 2021, at 8:20 PM, Simson L. Garfinkel @.***> wrote:

 I'll be double checking! It would be great to get rid of the GetDiskGeometry() stuff.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

jonstewart avatar Oct 11 '21 00:10 jonstewart

In fact, std::filesystem::file_size is what I moved to, and it really simplified a lot. But I need to test it with \\.\PhysicalDevice0

simsong avatar Oct 11 '21 01:10 simsong

I think getting file size is still an issue for block devices.

terminate called after throwing an instance of 'std::filesystem::__cxx11::filesystem_error'
  what():  filesystem error: cannot get file size: Operation not supported [/dev/sdb]

dfjxs avatar Jun 27 '22 01:06 dfjxs

Also note that \\.\C: behaves differently from \\.\PhysicalDevice0 and typically you'll need to issue the correct WINAPI calls to get it reading the full volume.

joachimmetz avatar Jun 27 '22 07:06 joachimmetz