Hi,
can any one provide me with the source code to read/write directly to a disk sector and how to mark a sector as bad.
Any tutorial is welcome.

mahajnani@rediffmail.com
Posted on 2001-09-20 21:56:48 by mahajnani
On nt/2k, you can open a partition or your driver by the use of
CreateFile... quoting MSDN:


String Meaning
\.\PHYSICALDRIVE2 Obtains a handle to the third physical drive on the user's computer.

The lpFileName string should be \.\x: to open a floppy drive x or a partition x on a hard disk. For example:
String Meaning
\.\A: Obtains a handle to drive A on the user's computer.
\.\C: Obtains a handle to drive C on the user's computer.


On win9x, I'm afraid you'll have to do some VXD messing. And marking
sectors as bad... you aren't writing a virus, are you?:mad: . Anyway,
marking a sector bad can be done by modifying the FAT table.
Posted on 2001-09-21 04:33:09 by f0dder
No No..... I am not writing Virus. I just want to learn how to hide some data in a sector and mark it as bad its for some security application. Can you send me the source code (C is prefered) if you are having it?
Posted on 2001-09-21 05:39:04 by mahajnani
No No..... I am not writing Virus. I just want to learn how to hide some data in a sector and mark it as bad its for some security application. Can you send me the source code (C is prefered) if you are having it?
Posted on 2001-09-21 05:49:31 by mahajnani
Hello mahajnani

I am wondering could this be done an a computer hard drive itself. If so do you know how?
Posted on 2001-09-30 22:50:15 by cmax
I think that some hard drives have internal bad sector -> good
sector mappings. At least I think I read that somewhere.
Even IDE disks. My IBM deskstar is supposed to have it,
I think.

/me shrugs.
Posted on 2001-09-30 23:06:18 by f0dder
You people are CRAZY!

Not mahajnani and others, but you f0dder. This is same style of question, but without the please! What the HELL is going on here. Where the hell is Hutch to make such arrogant assumsions about this message. Huh?

THIS IS CLEARLY THE SAME ASKING WITHOUT ALL THE FINGER POINTING AND PLEASE! (See File Routines)

I am not saying that people should not help him, but why did I not get the same treatment.... very, very strange. Actually I do not really want to know what you THINK has been done, however I is very clear to me that this is a juvenille board.. and I am out of here for SURE....


:tongue:
Posted on 2001-10-01 09:30:01 by SpEcIeS
Reading the initial posts from each thread, it seems from an impartial observers perspective that while mahajnani asked for any snipets, tutorials, or code of any description that pertained to his topic, you asked for very specific code (non - GUI, no dialog boxes etc.).

This sets the tone of the post as more of a demand on the reader than a request. I can fully understand that this may not be the intended meaning, but from my point of view that is how it struck me.

By strictly defining the code you are looking for, you appear to be making a demand. As the requester of the code, it is your job to pick the relevance of the information others give (and belive me in this world there are plenty of people willing to give you the wrong information but don't get me started on that)!

When faced with text as the medium of contact it is very difficult to convey any emotional content, this is where misunderstanding comes from.

I would advise you not to ignore Hutch, he's a very capable and wise old man (with a long beard, and stories of how life was before the war). He does get grumpy, and he likes to shake his fist in the air exclaiming "you kids nowadays, you've got no respect for your elders", but he does know a whole lot about assembly.

Mirno

P.S. Your post to this thread was entirely unnecessary, and only likely to cause further conflict.
In order to stop the spread of fire, please keep flames local to the relevant thread!
Posted on 2001-10-01 10:23:28 by Mirno
I don't mean to spread the fire, but now that he's gone, I wanted to comment and say he seemed to insult people (hutch and f0dder) when they tried to help him, and further he accused hutch of insulting him, when he clearly didn't. It's funny though because my views are completely different than hutches, and many other people on this board, and the whole thing about asm programming is the ability to be different and have different opinions.

But, back to the topic!

I never tried, and I don't really want to, but is it possible in the windows environment to use the 16bit asm approach of accessing the disk using cylinders, heads, and sectors? I know this is a virus waiting to happen, but I was just wondering. I know there is that one program called partcopy which works in the shell, and could easily be used for malicious use, but how did he make that program, and can windows programs make stuff like that simmilar?
Posted on 2001-10-01 12:58:01 by Kenny
Sorry, I just thought of a HORRIBLE virus that's quite simple to make: Make a partcopy like executable where it can write to the bootsector, and then write to the bootsector in the booting device a boot sector that searches out all HDD drives and erases them using a handy lodsd routine.

Good thing I don't have evil intent :)
Posted on 2001-10-01 13:00:02 by Kenny
This snippet from APJ 9 really scared the hell out of me:

NOTE: DO NOT RUN THIS SNIPPET! I REPEAT: DO NOT RUN THIS SNIPPET!



I'll have to agree with f0dder on it. We all know where to find the snippet, but at least it can't be found by google and the likes this way :-/


This deletes your boot sector!!! Even from within windows, even if your BIOS has that handy anti-virus protection that even disables the win98 setup program from replacing the boot sector!
And with this tiny size, it could be hidden inside almost *any* executable within the section padding (so executable does not grow)! :eek:

If ME doesn't have this vulnerability, I'm upgrading today...


PS: I agree that it is normally very unwise to post this kind of virus code to the internet, but since this was already published in the Assmbler Programming Journal, I thought I'd share my opinion with the rest of you.
Posted on 2001-10-04 05:10:34 by Qweerdy
I'm not going to run the code, so I can't verify this, BUT... I suspect
that NT/2k/XP would be immune to this code, as it tends to disallow
direct access to ports. I have my doubts about WinMe, as it's just
a win9x - and the worst win9x....

Btw, I think you should delete the code from the post and just
mention you saw the horror in APJ9.
Posted on 2001-10-04 06:17:03 by f0dder
Dunno why I didn't think of just mentioning it was in APJ 9 :rolleyes:

Anyway, I did know it only works on win95/98, just forgot to mention it.
Posted on 2001-10-04 11:10:25 by Qweerdy