本文代碼在Win2k下試驗成功.
#include <WinIOCtl.h>
#include <stdio.h>
#pragma inline
//---------------------------------------------------------------------------
// IDE NT/2000/XP專用變量
#define GETVERSIONOUTPARAMS GETVERSIONINPARAMS
#define DFP_GET_VERSION SMART_GET_VERSION
#define DFP_SEND_DRIVE_COMMAND SMART_SEND_DRIVE_COMMAND
#define DFP_RCV_DRIVE_DATA SMART_RCV_DRIVE_DATA
const WORD IDE_ATAPI_IDENTIFY = 0xA1; // 讀取ATAPI設備的命令
const WORD IDE_ATA_IDENTIFY = 0xEC; // 讀取ATA設備的命令
const int MAX_IDE_DRIVES = 4;
// SCSI專用變量
const DWORD FILE_DEVICE_SCSI = 0x0000001B;
const DWORD IOCTL_SCSI_MINIPORT_IDENTIFY = ((FILE_DEVICE_SCSI << 16) + 0x0501);
const DWORD IOCTL_SCSI_MINIPORT = 0x0004D008; // see NTDDSCSI.H for definition
const DWORD SENDIDLENGTH = sizeof(SENDCMDOUTPARAMS) + IDENTIFY_BUFFER_SIZE;
typedef struct _SRB_IO_CONTROL
{
ULONG HeaderLength;
UCHAR Signature[8];
ULONG Timeout;
ULONG ControlCode;
ULONG ReturnCode;
ULONG Length;
}SRB_IO_CONTROL, *PSRB_IO_CONTROL;
// 讀取的主函數
void __fastcall ReadPhysicalDrive(TStrings *pSerList, TStrings *pModeList);
// 輔助函數
char *__fastcall ConvertToString(DWORD dwDiskData[256], int nFirstIndex, int nLastIndex);
// NT/2000/XP函數
void __fastcall ReadPhysicalDriveOnNT(TStrings *pSerList, TStrings *pModeList);
bool __fastcall DoIdentify(HANDLE hPhysicalDriveIOCTL, PSENDCMDINPARAMS pSCIP,
PSENDCMDOUTPARAMS pSCOP, BYTE btIDCmd,
BYTE btDriveNum, PDWORD lpcbBYTEsReturned);
// Windows 9X函數
void __fastcall ReadPhysicalDriveOnW9X(TStrings *pSerList, TStrings *pModeList);
void __fastcall ReadPhysicalDriveOnW9X_Ring0(bool IsFirst, WORD BaseAddress,
BYTE MoS, bool &IsIDEExist, bool &IsDiskExist, WORD *OutData);
// SCSI讀取函數(for NT/2000/XP)
String __fastcall ReadIDEDriveAsScsiDriveOnNT();
//---------------------------------------------------------------------------
// ReadPhysicalDrive
void __fastcall ReadPhysicalDrive(TStrings *pSerList, TStrings *pModeList)
{
switch(Win32Platform)
{
case VER_PLATFORM_WIN32_WINDOWS:
ReadPhysicalDriveOnW9X(pSerList, pModeList);
break;
case VER_PLATFORM_WIN32_NT:
ReadPhysicalDriveOnNT(pSerList, pModeList);
break;
default:
break;
}
}
//---------------------------------------------------------------------------
// ConvertToString
char *__fastcall ConvertToString(DWORD dwDiskData[256], int nFirstIndex, int nLastIndex)
{
static char szResBuf[1024];
int nIndex = 0;
int nPosition = 0;
// Each integer has two characters stored in it backwards
for(nIndex = nFirstIndex; nIndex <= nLastIndex; nIndex++)
{
// Get high BYTE for 1st character
szResBuf[nPosition] = (char)(dwDiskData[nIndex] / 256);
nPosition++;
// Get low BYTE for 2nd character
szResBuf[nPosition] = (char)(dwDiskData[nIndex] % 256);
nPosition++;
}
// End the string
szResBuf[nPosition] = '\0';
// Cut off the trailing blanks
for(nIndex = nPosition - 1; nIndex > 0 && ' ' == szResBuf[nIndex]; nIndex--)
szResBuf[nIndex] = '\0';
return szResBuf;
}
//---------------------------------------------------------------------------
// Winndows NT4/2000/XP 代碼
//---------------------------------------------------------------------------
// ReadPhysicalDriveOnNT
void __fastcall ReadPhysicalDriveOnNT(TStrings *pSerList, TStrings *pModeList)
{
// 輸出參數
BYTE btIDOutCmd[sizeof(SENDCMDOUTPARAMS) + IDENTIFY_BUFFER_SIZE - 1];
for(int nDrive=0; nDrive < MAX_IDE_DRIVES; nDrive++)
{
HANDLE hPhysicalDriveIOCTL;
char szDriveName[32];
sprintf(szDriveName, "\\\\.\\PhysicalDrive%d", nDrive);
hPhysicalDriveIOCTL = CreateFile(szDriveName,
GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE, NULL,
OPEN_EXISTING, 0, NULL);
if(hPhysicalDriveIOCTL != INVALID_HANDLE_VALUE)
{
DWORD dwBytesReturned = 0;
GETVERSIONOUTPARAMS gvopVersionParams;
// Get the version, etc of PhysicalDrive IOCTL
ZeroMemory(&gvopVersionParams, sizeof(GETVERSIONOUTPARAMS));
if(!DeviceIoControl(hPhysicalDriveIOCTL, DFP_GET_VERSION,
NULL, 0, &gvopVersionParams, sizeof(gvopVersionParams),
&dwBytesReturned, NULL))
{
continue;
}
if(gvopVersionParams.bIDEDeviceMap > 0)
{
// IDE or ATAPI IDENTIFY cmd
BYTE btIDCmd = 0;
SENDCMDINPARAMS InParams;
// Now, get the ID sector for all IDE devices in the system.
// If the device is ATAPI use the IDE_ATAPI_IDENTIFY command,
// otherwise use the IDE_ATA_IDENTIFY command
// 具體所得結果請參考頭文件中的說明
btIDCmd = (gvopVersionParams.bIDEDeviceMap >> nDrive & 0x10) ?
IDE_ATAPI_IDENTIFY : IDE_ATA_IDENTIFY;
ZeroMemory(&InParams, sizeof(SENDCMDINPARAMS));
ZeroMemory(btIDOutCmd, sizeof(btIDOutCmd));
if(DoIdentify(hPhysicalDriveIOCTL,
&InParams, (PSENDCMDOUTPARAMS)btIDOutCmd,
(BYTE)btIDCmd, (BYTE)nDrive, &dwBytesReturned))
{
DWORD dwDiskData[256];
USHORT *pIDSector; // 對應結構IDSECTOR,見頭文件
char szSerialNumber[21];
char szModelNumber[41];
pIDSector = (USHORT*)((SENDCMDOUTPARAMS*)btIDOutCmd)->bBuffer;
for(int i=0; i < 256; i++)
dwDiskData[i] = pIDSector[i];
// 取系列號
ZeroMemory(szSerialNumber, sizeof(szSerialNumber));
strcpy(szSerialNumber, ConvertToString(dwDiskData, 10, 19));
// 取模型號
ZeroMemory(szModelNumber, sizeof(szModelNumber));
strcpy(szModelNumber, ConvertToString(dwDiskData, 27, 46));
pSerList->Add(szSerialNumber);
pModeList->Add(szModelNumber);
}
}
CloseHandle (hPhysicalDriveIOCTL);
}
}
}
//---------------------------------------------------------------------------
// DoIdentify
bool __fastcall DoIdentify(HANDLE hPhysicalDriveIOCTL, PSENDCMDINPARAMS pSCIP,
PSENDCMDOUTPARAMS pSCOP, BYTE btIDCmd, BYTE btDriveNum,
PDWORD pdwBytesReturned)
{
// Set up data structures for IDENTIFY command.
pSCIP->cBufferSize = IDENTIFY_BUFFER_SIZE;
pSCIP->irDriveRegs.bFeaturesReg = 0;
pSCIP->irDriveRegs.bSectorCountReg = 1;
pSCIP->irDriveRegs.bSectorNumberReg = 1;
pSCIP->irDriveRegs.bCylLowReg = 0;
pSCIP->irDriveRegs.bCylHighReg = 0;
// Compute the drive number.(主盤和從盤所對應的值是不一樣的)
pSCIP->irDriveRegs.bDriveHeadReg = (btDriveNum & 1) ? 0xB0 : 0xA0;
// The command can either be IDE identify or ATAPI identify.
pSCIP->irDriveRegs.bCommandReg = btIDCmd;
pSCIP->bDriveNumber = btDriveNum;
pSCIP->cBufferSize = IDENTIFY_BUFFER_SIZE;
return DeviceIoControl(hPhysicalDriveIOCTL, DFP_RCV_DRIVE_DATA,
(LPVOID)pSCIP,
sizeof(SENDCMDINPARAMS) - 1,
(LPVOID)pSCOP,
sizeof(SENDCMDOUTPARAMS) + IDENTIFY_BUFFER_SIZE - 1,
pdwBytesReturned, NULL);
}
//---------------------------------------------------------------------------
// Windows 95/98/ME 代碼
//---------------------------------------------------------------------------
// ReadPhysicalDriveOnW9X
void __fastcall ReadPhysicalDriveOnW9X(TStrings *pSerList, TStrings *pModeList)
{
WORD wOutData[256];
SetPriorityClass(GetCurrentProcess(), REALTIME_PRIORITY_CLASS);
// 經過測試,發現第一次調用而且Drive >= 2時會在Ring0代碼中出現錯誤,導致藍屏。
// 經過N(N > 15)次的藍屏後仍找不到原因:(,不得不在這裡增加一段無用代碼以
// 避免藍屏的出現。(期待高人能指出原因)
for(int nDrive = 0; nDrive < 8; nDrive++)
{
WORD dwBaseAddress;
BYTE btMasterSlave; // Master Or Slave
bool bIsIDEExist;
bool IsDiskExist;
switch(nDrive / 2)
{
case 0: dwBaseAddress = 0x01F0; break;
case 1: dwBaseAddress = 0x0170; break;
case 2: dwBaseAddress = 0x01E8; break;
case 3: dwBaseAddress = 0x0168; break;
}
btMasterSlave = (BYTE)(((nDrive % 2) == 0) ? 0xA0 : 0xB0);
// 進入Ring0
ReadPhysicalDriveOnW9X_Ring0(true, dwBaseAddress, btMasterSlave,
bIsIDEExist, IsDiskExist, wOutData);
}
// 開始讀取
for(int nDrive = 0; nDrive < 8; nDrive++)
{
WORD dwBaseAddress;
BYTE btMasterSlave; // Master Or Slave
bool bIsIDEExist;
bool bIsDiskExist;
switch(nDrive / 2)
{
case 0: dwBaseAddress = 0x01F0; break;
case 1: dwBaseAddress = 0x0170; break;
case 2: dwBaseAddress = 0x01E8; break;
case 3: dwBaseAddress = 0x0168; break;
}
btMasterSlave = (BYTE)(((nDrive % 2) == 0) ? 0xA0 : 0xB0);
// 進入Ring0
bIsIDEExist = false;
bIsDiskExist = false;
ZeroMemory(wOutData, sizeof(wOutData));
ReadPhysicalDriveOnW9X_Ring0(false, dwBaseAddress, btMasterSlave,
bIsIDEExist, bIsDiskExist, wOutData);
if(bIsIDEExist && bIsDiskExist)
{
DWORD dwDiskData[256];
char szSerialNumber[21];
char szModelNumber[41];
for(int k=0; k < 256; k++)
dwDiskData[k] = wOutData[k];
// 取系列號
ZeroMemory(szSerialNumber, sizeof(szSerialNumber));
strcpy(szSerialNumber, ConvertToString(dwDiskData, 10, 19));
// 取模型號
ZeroMemory(szModelNumber, sizeof(szModelNumber));
strcpy(szModelNumber, ConvertToString(dwDiskData, 27, 46));
pSerList->Add(szSerialNumber);
pModeList->Add(szModelNumber);
}
}
SetPriorityClass(GetCurrentProcess(), NORMAL_PRIORITY_CLASS);
}
//---------------------------------------------------------------------------
// 為防止不負責任的轉載者,在此注明原出處信息,請見諒。
// 資料收集整理:ccrun(老妖),歡迎光臨C++Builder研究: http://www.ccrun.com
//---------------------------------------------------------------------------
// ReadPhysicalDriveOnW9X_Ring0()
//
// dwBaseAddress = IDE(0,1,2,3) : 1F0h, 170h, 1E8h, 168h
// btMasterSlave = Master(0xA0) Or Slave(0xB0)
//---------------------------------------------------------------------------
void __fastcall ReadPhysicalDriveOnW9X_Ring0(bool bIsFirst, WORD dwBaseAddress,
BYTE btMasterSlave, bool &bIsIDEExist, bool &bIsDiskExist, WORD *pOutData)
{
BYTE btIDTR1[6];
DWORD dwOldExceptionHook;
const int nHookExceptionNo = 5;
BYTE btIsIDEExist = 0;
BYTE btIsDiskExist = 0;
WORD wOutDataBuf[256];
BYTE btIsFirst = (BYTE)bIsFirst;
const BYTE btBit00 = 0x01;
// const BYTE btBit02 = 0x04;
const BYTE btBit06 = 0x40;
const BYTE btBit07 = 0x80;
// const BYTE btERR = btBit00;
const BYTE btBusy = btBit07;
const BYTE btAtaCmd = 0xEC;
const BYTE btAtapiCmd = 0xA1;
__asm
{
// 必須先執行這條語句
JMP EnterRing0
// 定義過程
// 等待IDE設備直到其不為忙為止
WaitWhileBusy proc
MOV EBX, 100000
MOV DX, dwBaseAddress
ADD DX, 7
LoopWhileBusy:
DEC EBX
CMP EBX, 0
JZ Timeout
in AL, DX
TEST AL, btBusy
JNZ LoopWhileBusy
JMP DriveReady
// 超時,直接退出
Timeout:
JMP LeaveRing0
DriveReady:
RET
ENDP // End of WaitWhileBusy Procedure
// 設置主盤和從盤標志
SelectDevice proc
MOV DX, dwBaseAddress
ADD DX, 6
MOV AL, btMasterSlave
out DX, AL
RET
ENDP // End of SelectDevice Procedure
// 向IDE設備發送存取指令
SendCmd proc
MOV DX, dwBaseAddress
ADD DX, 7
MOV AL, BL // BL是主從盤標識,在過程外設置
out DX, AL
RET
ENDP // End of SendCmd Procedure
// Ring0代碼
Ring0Proc:
PUSHAD
// 查詢IDE設備是否存在
MOV DX, dwBaseAddress
ADD DX, 7
in AL,DX
// 當AL的值是0xFF或者0x7F時,IDE設備不存在,這時候直接返回
CMP AL,0xFF
JZ LeaveRing0
CMP AL, 0x7F
JZ LeaveRing0
// 設置IDE設備存在標志
MOV btIsIDEExist, 1
// 查詢IDE設備上的驅動器是否存在(有IDE插槽在主板上,但是卻不一定有硬盤插在上面)
CALL WaitWhileBusy
CALL SelectDevice
// 如果是第一次調用,則直接返回,否則執行下行語句時會出現藍屏
CMP btIsFirst, 1
JZ LeaveRing0
// 第一次調用時,如果執行這行語句會導致藍屏,Why???
CALL WaitWhileBusy
// AL的值等於cBit06時,不存在驅動器,直接返回
TEST AL, btBit06
JZ LeaveRing0
// 設置驅動器存在標志
MOV btIsDiskExist, 1
// 發送存取端口命令
// 無法像NT/2000/XP那樣可以通過查詢VERSION的值得到驅動器的類型,
// 所以只能一步一步地測試,如果不是ATA設備,再嘗試使用ATAPI設備命令
CALL WaitWhileBusy
CALL SelectDevice // 設置主從盤標識
MOV BL, btAtaCmd // 發送讀取命令
CALL SendCmd
CALL WaitWhileBusy
// 檢查是否出錯
MOV DX, dwBaseAddress
ADD DX, 7
in AL, DX
TEST AL, btBit00
JZ RetrieveInfo // 沒有錯誤時則讀數據
// 如果出錯,則進一步嘗試使用ATAPI設備命令
CALL WaitWhileBusy
CALL SelectDevice
MOV BL, btAtapiCmd
CALL SendCmd
CALL WaitWhileBusy
// 檢查是否還出錯
MOV DX, dwBaseAddress
ADD DX, 7
in AL, DX
TEST AL, btBit00
JZ RetrieveInfo // 沒有錯誤時則讀數據
JMP LeaveRing0 // 如果還是出錯,直接返回
// 讀取數據
RetrieveInfo:
LEA EDI, wOutDataBuf
MOV ECX, 256
MOV DX, dwBaseAddress
CLD
REP INSW
// 退出Ring0代碼
LeaveRing0:
POPAD
IRETD
// 激活Ring0代碼
EnterRing0:
// 修改中斷門
SIDT FWORD PTR btIDTR1
MOV EAX, DWORD PTR btIDTR1 + 02h
ADD EAX, nHookExceptionNo * 08h + 04h
CLI
// 保存原異常處理例程入口
MOV ECX, DWORD PTR [EAX]
MOV CX, WORD PTR [EAX-04h]
MOV dwOldExceptionHook, ECX
// 指定新入口
LEA EBX, Ring0Proc
MOV WORD PTR [EAX-04h],BX
SHR EBX, 10h
MOV WORD PTR[EAX+02h], BX
// 激活Ring0代碼
INT nHookExceptionNo
// 復原入口
MOV ECX,dwOldExceptionHook
MOV WORD PTR[EAX-04h], CX
SHR ECX,10h
MOV WORD PTR[EAX+02h], CX
STI
}
if(!bIsFirst)
{
bIsIDEExist = (bool)btIsIDEExist;
bIsDiskExist = (bool)btIsDiskExist;
CopyMemory(pOutData, wOutDataBuf, sizeof(wOutDataBuf));
}
}
//---------------------------------------------------------------------------
// 調用方法:
void __fastcall TForm1::Button1Click(TObject *Sender)
{
ReadPhysicalDrive(Memo1->Lines, Memo2->Lines);
}