Note: In this case I want to send the 07000 (0xEC)
command. The device will respond with
a 512-byte block of data. (In
particular I’m interested in bit 0 of
word 119 – the device’s 07001).
我知道我需要使用CreateFile打开设备:
handle = CreateFile(
"\\.\PhysicalDrive0",GENERIC_READ,FILE_SHARE_READ,nil,// no security attributes
OPEN_EXISTING,// flags and attributes
nil // no template file
);
但是之后我被阻止怎么办
我想到使用[DeviceIoControl] [4]发送0xEC:
// const ATACommand_IdentifyDevice = 0xEC;
uint bytesReturned = 0;
DeviceIoControl(handle,0xEC,// IO Control Code
nil,// input buffer not needed
0,// input buffer is zero bytes
@buffer,// output buffer to store the returned 512-bytes
512,// output buffer is 512 bytes long
out bytesReturned,nil // not an overlapped operation
);
但这是完全错误的。发送到DeviceIoControl的IoControlCode必须是有效的IO_CTL,它们是built using the macro:
#define CTL_CODE(DeviceType,Function,Method,Access) ( ((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method) )
看看SDK,有一些有效的Disk Management Control Codes,如:
> IOCTL_DISK_CREATE_DISK
> IOCTL_DISK_GET_DRIVE_GEOMETRY
> IOCTL_DISK_GET_DRIVE_GEOMETRY_EX
> IOCTL_DISK_GET_PARTITION_INFO
> IOCTL_STORAGE_QUERY_PROPERTY
但是没有一个是IDENTIFY DEVICE命令,或返回任何返回的东西。
所以我相信我必须使用一些“原始”的发送命令的方法。
搜索到的时候,我遇到了IOCTL的无证件
#define DFP_RECEIVE_DRIVE_DATA 0x0007c088
当您分解IOCTL片段时,意味着:
Custom: (0) Device Type: (7) FILE_DEVICE_DISK required Access: (3) METHOD_NEITHER Custom: (0) Function Code: (34) Transfer Type: (0)
但是,inputBuffer必须包含哪些内容,其大小以及outputBuffer将包含哪些内容或其所需的任何文档。我也不能弄清楚functionCode 34(0x22)是什么。
我的问题:如何将原始ATA命令(例如0xEC)发送到ATA设备,并读取其响应?
也可以看看
> IOCTL_ATA_PASS_THROUGH Control Code
> IOCTL_ATA_PASS_THROUGH_DIRECT Control Code
> ATA_PASS_THROUGH_EX Structure
回答片断
用ReadWrite访问打开驱动器:
handle = CreateFile(
"\\.\PhysicalDrive0",GENERIC_READ or GENERIC_WRITE,// IOCTL_ATA_PASS_THROUGH requires read-write
FILE_SHARE_READ,// flags and attributes
nil // no template file
);
设置一个ATA_PASS_THROUGH_EX结构作为IOCTL_ATA_PASS_THROUGH IO控制代码使用的输入缓冲区:
ATA_PASS_THROUGH_EX inputBuffer; inputBuffer.Length = sizeof(ATA_PASS_THROUGH_EX); inputBuffer.AtaFlags = ATA_FLAGS_DATA_IN; inputBuffer.DataTransferLength = 0; inputBuffer.DataBufferOffset = 0; // todo: put the ATA command (e.g. 0xEC) somewhere uint inputBufferSize = sizeof(ATA_PASS_THROUGH_EX);
设置一个输出缓冲区来保存驱动器中预期的512字节响应:
Byte[] outputBuffer = new Byte[512]; uint outputBufferSize = 512;
调用DeviceIoControl:
int ioControlCode = IOCTL_ATA_PASS_THROUGH; // or maybe IOCTL_ATA_PASS_THROUGH_DIRECT uint bytesReturned = 0; DeviceIoControl(handle,ioControlCode,inputBuffer,inputBufferSize,outputBuffer,outputBufferSize,out bytesReturned,nil // not an overlapped operation );
handle.Close();
请注意,pre XP SP2不正确支持这些。另外,如果您有一个基于nForce的MB与nvidia驱动程序,您的SATA驱动器将显示为SCSI,您不能使用此通过。
在某些情况下,SMART IOCTL(例如SMART_RCV_DRIVE_DATA)将适用于nForce驱动程序。您可以使用这些来获取IDENTIFY和SMART数据,但不能太多。
开源smartmontools是开始寻找示例代码的好地方。
编辑:来自与ATA设备交谈的应用程序的示例。
EResult DeviceOperationManagerWin::executeATACommandIndirect(ATACommand & Cmd) {
const uint32 FillerSize = 0;
Utils::ByteBuffer B;
B.reserve(sizeof(ATA_PASS_THROUGH_EX) + 4 + Cmd.bufferSize());
ATA_PASS_THROUGH_EX & PTE = * (ATA_PASS_THROUGH_EX *) B.appendPointer(sizeof(ATA_PASS_THROUGH_EX) + FillerSize + Cmd.bufferSize());
uint8 * DataPtr = ((uint8 *) &PTE) + sizeof(ATA_PASS_THROUGH_EX) + FillerSize;
memset(&PTE,sizeof(ATA_PASS_THROUGH_EX) + FillerSize);
PTE.Length = sizeof(PTE);
PTE.AtaFlags = 0;
PTE.AtaFlags |= Cmd.requiresDRDY() ? ATA_FLAGS_DRDY_required : 0;
switch (Cmd.dataDirection()) {
case ddFromDevice:
PTE.AtaFlags |= ATA_FLAGS_DATA_IN;
break;
case ddToDevice:
PTE.AtaFlags |= ATA_FLAGS_DATA_OUT;
memcpy(DataPtr,Cmd.buffer(),Cmd.bufferSize());
break;
default:
break;
}
PTE.AtaFlags |= Cmd.is48Bit() ? ATA_FLAGS_48BIT_COMMAND : 0;
PTE.AtaFlags |= Cmd.isDMA() ? ATA_FLAGS_USE_DMA : 0;
PTE.DataTransferLength = Cmd.bufferSize();
PTE.TimeOutValue = Cmd.timeout();
PTE.DataBufferOffset = sizeof(PTE) + FillerSize;
PTE.DataTransferLength = Cmd.bufferSize();
PTE.CurrentTaskFile[0] = Cmd.taskFileIn0().Features;
PTE.CurrentTaskFile[1] = Cmd.taskFileIn0().Count;
PTE.CurrentTaskFile[2] = Cmd.taskFileIn0().LBALow;
PTE.CurrentTaskFile[3] = Cmd.taskFileIn0().LBAMid;
PTE.CurrentTaskFile[4] = Cmd.taskFileIn0().LBAHigh;
PTE.CurrentTaskFile[5] = Cmd.taskFileIn0().Device;
PTE.CurrentTaskFile[6] = Cmd.taskFileIn0().Command;
PTE.CurrentTaskFile[7] = 0;
if (Cmd.is48Bit()) {
PTE.PrevIoUsTaskFile[0] = Cmd.taskFileIn1().Features;
PTE.PrevIoUsTaskFile[1] = Cmd.taskFileIn1().Count;
PTE.PrevIoUsTaskFile[2] = Cmd.taskFileIn1().LBALow;
PTE.PrevIoUsTaskFile[3] = Cmd.taskFileIn1().LBAMid;
PTE.PrevIoUsTaskFile[4] = Cmd.taskFileIn1().LBAHigh;
PTE.PrevIoUsTaskFile[5] = Cmd.taskFileIn1().Device;
PTE.PrevIoUsTaskFile[6] = 0;
PTE.PrevIoUsTaskFile[7] = 0;
}
DWORD BR;
if (!DeviceIoControl(FHandle,IOCTL_ATA_PASS_THROUGH,&PTE,B.size(),&BR,0)) {
FLastOSError = GetLastError();
LOG_W << "ioctl ATA_PT Failed for " << Cmd << ": " << FLastOSError << " (" << Utils::describeOSError(FLastOSError) << ")";
return Utils::mapOSError(FLastOSError);
}
Cmd.taskFileOut0().Error = PTE.CurrentTaskFile[0];
Cmd.taskFileOut0().Count = PTE.CurrentTaskFile[1];
Cmd.taskFileOut0().LBALow = PTE.CurrentTaskFile[2];
Cmd.taskFileOut0().LBAMid = PTE.CurrentTaskFile[3];
Cmd.taskFileOut0().LBAHigh = PTE.CurrentTaskFile[4];
Cmd.taskFileOut0().Device = PTE.CurrentTaskFile[5];
Cmd.taskFileOut0().Status = PTE.CurrentTaskFile[6];
Cmd.taskFileOut1().Error = PTE.PrevIoUsTaskFile[0];
Cmd.taskFileOut1().Count = PTE.PrevIoUsTaskFile[1];
Cmd.taskFileOut1().LBALow = PTE.PrevIoUsTaskFile[2];
Cmd.taskFileOut1().LBAMid = PTE.PrevIoUsTaskFile[3];
Cmd.taskFileOut1().LBAHigh = PTE.PrevIoUsTaskFile[4];
Cmd.taskFileOut1().Device = PTE.PrevIoUsTaskFile[5];
Cmd.taskFileOut1().Status = PTE.PrevIoUsTaskFile[6];
if (Cmd.dataDirection() == ddFromDevice) {
memcpy(Cmd.buffer(),DataPtr,Cmd.bufferSize());
}
return resOK;
}
编辑:没有外部依赖关系的示例。
IDENTIFY需要一个512字节的数据缓冲区:
unsigned char Buffer[512 + sizeof(ATA_PASS_THROUGH_EX)] = { 0 };
ATA_PASS_THROUGH_EX & PTE = *(ATA_PASS_THROUGH_EX *) Buffer;
PTE.Length = sizeof(PTE);
PTE.TimeOutValue = 10;
PTE.DataTransferLength = 512;
PTE.DataBufferOffset = sizeof(ATA_PASS_THROUGH_EX);
根据ATA规范设置IDE寄存器。
IDEREGS * ir = (IDEREGS *) PTE.CurrentTaskFile; ir->bCommandReg = 0xEC; ir->bSectorCountReg = 1;
IDENTIFY既不是48位也不是DMA,它从设备读取:
PTE.AtaFlags = ATA_FLAGS_DATA_IN | ATA_FLAGS_DRDY_required;
做ioctl:
DeviceIOControl(Handle,sizeof(Buffer),0);
在这里,您应该插入错误检查,两者都来自DeviceIOControl,并通过查看IDEREGS来查看设备报告的错误。
假设您已经定义了一个struct IdentifyData,获取IDENTIFY数据
IdentifyData * IDData = (IdentifyData *) (Buffer + sizeof(ATA_PASS_THROUGH_EX));
