在Windows中直接发送ATA命令到设备?

前端之家收集整理的这篇文章主要介绍了在Windows中直接发送ATA命令到设备?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我试图在Windows中将ATA命令发送到物理磁盘,并从设备获取响应。

Note: In this case I want to send the 07000 (0xEC)
command. The device will respond with
a 512-byte block of data. (In
particular I’m interested in bit 0 of
word 119 – the device’s 07001).

我知道我需要使用CreateFile打开设备:

handle = CreateFile(
    "\\.\PhysicalDrive0",GENERIC_READ,FILE_SHARE_READ,nil,// no security attributes
    OPEN_EXISTING,// flags and attributes
    nil             // no template file
);

但是之后我被阻止怎么办

我想到使用[DeviceIoControl] [4]发送0xEC:

// const ATACommand_IdentifyDevice = 0xEC;
uint bytesReturned = 0;

DeviceIoControl(handle,0xEC,// IO Control Code
    nil,// input buffer not needed
    0,// input buffer is zero bytes
    @buffer,// output buffer to store the returned 512-bytes
    512,// output buffer is 512 bytes long
    out bytesReturned,nil                 // not an overlapped operation
);

但这是完全错误的。发送到DeviceIoControl的IoControlCode必须是有效的IO_CTL,它们是built using the macro

#define CTL_CODE(DeviceType,Function,Method,Access) (
   ((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method)
)

看看SDK,有一些有效的Disk Management Control Codes,如:

> IOCTL_DISK_CREATE_DISK
> IOCTL_DISK_GET_DRIVE_GEOMETRY
> IOCTL_DISK_GET_DRIVE_GEOMETRY_EX
> IOCTL_DISK_GET_PARTITION_INFO
> IOCTL_STORAGE_QUERY_PROPERTY

但是没有一个是IDENTIFY DEVICE命令,或返回任何返回的东西。

所以我相信我必须使用一些“原始”的发送命令的方法

搜索到的时候,我遇到了IOCTL的无证件

#define  DFP_RECEIVE_DRIVE_DATA   0x0007c088

当您分解IOCTL片段时,意味着:

Custom: (0)
Device Type: (7) FILE_DEVICE_DISK
required Access: (3) METHOD_NEITHER
Custom: (0)
Function Code: (34)
Transfer Type: (0)

但是,inputBuffer必须包含哪些内容,其大小以及outputBuffer将包含哪些内容或其所需的任何文档。我也不能弄清楚functionCode 34(0x22)是什么。

我的问题:如何将原始ATA命令(例如0xEC)发送到ATA设备,并读取其响应?

也可以看看

> IOCTL_ATA_PASS_THROUGH Control Code
> IOCTL_ATA_PASS_THROUGH_DIRECT Control Code
> ATA_PASS_THROUGH_EX Structure

回答片断

用ReadWrite访问打开驱动器:

handle = CreateFile(
    "\\.\PhysicalDrive0",GENERIC_READ or GENERIC_WRITE,// IOCTL_ATA_PASS_THROUGH requires read-write
    FILE_SHARE_READ,// flags and attributes
    nil             // no template file
);

设置一个ATA_PASS_THROUGH_EX结构作为IOCTL_ATA_PASS_THROUGH IO控制代码使用的输入缓冲区:

ATA_PASS_THROUGH_EX inputBuffer;
inputBuffer.Length = sizeof(ATA_PASS_THROUGH_EX);
inputBuffer.AtaFlags = ATA_FLAGS_DATA_IN;
inputBuffer.DataTransferLength = 0;
inputBuffer.DataBufferOffset = 0;
// todo: put the ATA command (e.g. 0xEC) somewhere

uint inputBufferSize = sizeof(ATA_PASS_THROUGH_EX);

设置一个输出缓冲区来保存驱动器中预期的512字节响应:

Byte[] outputBuffer = new Byte[512];
uint outputBufferSize = 512;

调用DeviceIoControl:

int ioControlCode = IOCTL_ATA_PASS_THROUGH; // or maybe IOCTL_ATA_PASS_THROUGH_DIRECT
uint bytesReturned = 0;

DeviceIoControl(handle,ioControlCode,inputBuffer,inputBufferSize,outputBuffer,outputBufferSize,out bytesReturned,nil      // not an overlapped operation    
);

关闭文件句柄:

handle.Close();
您需要使用IOCTL_ATA_PASS_THROUGH / IOCTL_ATA_PASS_THROUGH_DIRECT,这些都有很好的记录。此外,您需要CreateFile的GENERIC_READ | GENERIC_WRITE访问。

请注意,pre XP SP2不正确支持这些。另外,如果您有一个基于nForce的MB与nvidia驱动程序,您的SATA驱动器将显示为SCSI,您不能使用此通过。

在某些情况下,SMART IOCTL(例如SMART_RCV_DRIVE_DATA)将适用于nForce驱动程序。您可以使用这些来获取IDENTIFY和SMART数据,但不能太多。

开源smartmontools是开始寻找示例代码的好地方。

编辑:来自与ATA设备交谈的应用程序的示例。

EResult DeviceOperationManagerWin::executeATACommandIndirect(ATACommand & Cmd) {
    const uint32 FillerSize = 0;
    Utils::ByteBuffer B;
    B.reserve(sizeof(ATA_PASS_THROUGH_EX) + 4 + Cmd.bufferSize());
    ATA_PASS_THROUGH_EX & PTE = * (ATA_PASS_THROUGH_EX *) B.appendPointer(sizeof(ATA_PASS_THROUGH_EX) + FillerSize + Cmd.bufferSize());
    uint8 * DataPtr = ((uint8 *) &PTE) + sizeof(ATA_PASS_THROUGH_EX) + FillerSize;

    memset(&PTE,sizeof(ATA_PASS_THROUGH_EX) + FillerSize);
    PTE.Length = sizeof(PTE);
    PTE.AtaFlags = 0;
    PTE.AtaFlags |= Cmd.requiresDRDY() ? ATA_FLAGS_DRDY_required : 0;
    switch (Cmd.dataDirection()) {
    case ddFromDevice: 
        PTE.AtaFlags |= ATA_FLAGS_DATA_IN; 
        break;
    case ddToDevice:
        PTE.AtaFlags |= ATA_FLAGS_DATA_OUT;
        memcpy(DataPtr,Cmd.buffer(),Cmd.bufferSize());
        break;
    default:
        break;
    }
    PTE.AtaFlags |= Cmd.is48Bit() ? ATA_FLAGS_48BIT_COMMAND : 0;
    PTE.AtaFlags |= Cmd.isDMA() ? ATA_FLAGS_USE_DMA : 0;
    PTE.DataTransferLength = Cmd.bufferSize();
    PTE.TimeOutValue = Cmd.timeout();
    PTE.DataBufferOffset = sizeof(PTE) + FillerSize;
    PTE.DataTransferLength = Cmd.bufferSize();
    PTE.CurrentTaskFile[0] = Cmd.taskFileIn0().Features;
    PTE.CurrentTaskFile[1] = Cmd.taskFileIn0().Count;
    PTE.CurrentTaskFile[2] = Cmd.taskFileIn0().LBALow;
    PTE.CurrentTaskFile[3] = Cmd.taskFileIn0().LBAMid;
    PTE.CurrentTaskFile[4] = Cmd.taskFileIn0().LBAHigh;
    PTE.CurrentTaskFile[5] = Cmd.taskFileIn0().Device;
    PTE.CurrentTaskFile[6] = Cmd.taskFileIn0().Command;
    PTE.CurrentTaskFile[7] = 0;
    if (Cmd.is48Bit()) {
        PTE.PrevIoUsTaskFile[0] = Cmd.taskFileIn1().Features;
        PTE.PrevIoUsTaskFile[1] = Cmd.taskFileIn1().Count;
        PTE.PrevIoUsTaskFile[2] = Cmd.taskFileIn1().LBALow;
        PTE.PrevIoUsTaskFile[3] = Cmd.taskFileIn1().LBAMid;
        PTE.PrevIoUsTaskFile[4] = Cmd.taskFileIn1().LBAHigh;
        PTE.PrevIoUsTaskFile[5] = Cmd.taskFileIn1().Device;
        PTE.PrevIoUsTaskFile[6] = 0;
        PTE.PrevIoUsTaskFile[7] = 0;
    }

    DWORD BR; 
    if (!DeviceIoControl(FHandle,IOCTL_ATA_PASS_THROUGH,&PTE,B.size(),&BR,0)) {
        FLastOSError = GetLastError();
        LOG_W << "ioctl ATA_PT Failed for " << Cmd << ": " << FLastOSError << " (" << Utils::describeOSError(FLastOSError) << ")";
        return Utils::mapOSError(FLastOSError);
    }
    Cmd.taskFileOut0().Error = PTE.CurrentTaskFile[0];
    Cmd.taskFileOut0().Count = PTE.CurrentTaskFile[1];
    Cmd.taskFileOut0().LBALow = PTE.CurrentTaskFile[2];
    Cmd.taskFileOut0().LBAMid = PTE.CurrentTaskFile[3];
    Cmd.taskFileOut0().LBAHigh = PTE.CurrentTaskFile[4];
    Cmd.taskFileOut0().Device = PTE.CurrentTaskFile[5];
    Cmd.taskFileOut0().Status = PTE.CurrentTaskFile[6];
    Cmd.taskFileOut1().Error = PTE.PrevIoUsTaskFile[0];
    Cmd.taskFileOut1().Count = PTE.PrevIoUsTaskFile[1];
    Cmd.taskFileOut1().LBALow = PTE.PrevIoUsTaskFile[2];
    Cmd.taskFileOut1().LBAMid = PTE.PrevIoUsTaskFile[3];
    Cmd.taskFileOut1().LBAHigh = PTE.PrevIoUsTaskFile[4];
    Cmd.taskFileOut1().Device = PTE.PrevIoUsTaskFile[5];
    Cmd.taskFileOut1().Status = PTE.PrevIoUsTaskFile[6];
    if (Cmd.dataDirection() == ddFromDevice) {
        memcpy(Cmd.buffer(),DataPtr,Cmd.bufferSize());
    }
    return resOK;
    }

编辑:没有外部依赖关系的示例。

IDENTIFY需要一个512字节的数据缓冲区:

unsigned char Buffer[512 + sizeof(ATA_PASS_THROUGH_EX)] = { 0 };
ATA_PASS_THROUGH_EX & PTE = *(ATA_PASS_THROUGH_EX *) Buffer;
PTE.Length = sizeof(PTE);
PTE.TimeOutValue = 10;
PTE.DataTransferLength = 512;
PTE.DataBufferOffset = sizeof(ATA_PASS_THROUGH_EX);

根据ATA规范设置IDE寄存器。

IDEREGS * ir = (IDEREGS *) PTE.CurrentTaskFile;
ir->bCommandReg = 0xEC;
ir->bSectorCountReg = 1;

IDENTIFY既不是48位也不是DMA,它从设备读取:

PTE.AtaFlags = ATA_FLAGS_DATA_IN | ATA_FLAGS_DRDY_required;

做ioctl:

DeviceIOControl(Handle,sizeof(Buffer),0);

在这里,您应该插入错误检查,两者都来自DeviceIOControl,并通过查看IDEREGS来查看设备报告的错误

假设您已经定义了一个struct IdentifyData,获取IDENTIFY数据

IdentifyData * IDData = (IdentifyData *) (Buffer + sizeof(ATA_PASS_THROUGH_EX));

猜你在找的Windows相关文章