Sign in to follow this  
Followers 0
llewxam

RAW write to flash drives fails

6 posts in this topic

I can do a raw write to a hard drive, even when hooked up through a USB bridge, but can not to a flash drive. Any theories??

**PLEASE BE CAREFUL WITH THIS TEST SCRIPT!!!!!!!!

I have it hard-coded for \\.\PHYSICALDRIVE2, if you are unsure of what that is, or how to determine which drive that may be for you, or care at all about the data on that drive should you be able to identify it, then DO NOT RUN THIS TEST!!

#include <WinAPI.au3>

$ChunkSize = 8 * 1024 * 1024

ConsoleWrite("building zero fill data, be patient" & @CR)
$ZeroFill = ""
For $a = 1 To $ChunkSize
$ZeroFill &= Chr(0)
Next

$Destination = _WinAPI_CreateFile("\\.\PHYSICALDRIVE2", 2, 4); CAREFUL!!!!!!!!  BE SURE TO CHECK THIS!!!!!

Local $nBytes, $nBytesWritten
Local $tBuffer = DllStructCreate("byte[" & $ChunkSize & "]")
Local $pBuffer = DllStructGetPtr($tBuffer)
DllStructSetData($tBuffer, 1, $ZeroFill)

$Write = _WinAPI_WriteFile($Destination, $pBuffer, $ChunkSize, $nBytesWritten)

MsgBox(0, "Status", "Open Destination: " & $Destination & @CR & "Write: " & $Write)

Setting the PHYSICALDRIVE number to a hard drive will return 1 for $Write. Any ideas would be appreciated, I have a suite of drive tools nearing completion and this issue has been stopping me for long enough! :) Forensic images, disk-to-disk cloning, testing, and wiping will be included in the suite.

Thanks for any help!

Ian


My projects:

  • IP Scanner - Multi-threaded ping tool to scan your available networks for used and available IP addresses, shows ping times, resolves IPs in to host names, and allows individual IPs to be pinged.
  • INFSniff - Great technicians tool - a tool which scans DriverPacks archives for INF files and parses out the HWIDs to a database file, and rapidly scans the local machine's HWIDs, searches the database for matches, and installs them.
  • PPK3 (Persistent Process Killer V3) - Another for the techs - suppress running processes that you need to keep away, helpful when fighting spyware/viruses.
  • Sync Tool - Folder sync tool with lots of real time information and several checking methods.
  • USMT Front End - Front End for Microsoft's User State Migration Tool, including all files needed for USMT 3.01 and 4.01, 32 bit and 64 bit versions.
  • Audit Tool - Computer audit tool to gather vital hardware, Windows, and Office information for IT managers and field techs. Capabilities include creating a customized site agent.
  • CSV Viewer - Displays CSV files with automatic column sizing and font selection. Lines can also be copied to the clipboard for data extraction.
  • MyDirStat - Lists number and size of files on a drive or specified path, allows for deletion within the app.
  • 2048 Game - My version of 2048, fun tile game.
  • Juice Lab - Ecigarette liquid making calculator.
  • Data Protector - Secure notes to save sensitive information.
  • VHD Footer - Add a footer to a forensic hard drive image to allow it to be mounted or used as a virtual machine hard drive.
  • Find in File - Searches files containing a specified phrase.

Share this post


Link to post
Share on other sites



What does _Winapi_CreateFile() return when trying to write to the flash? Also the use of _WinAPI_GetLastError() is useful for these functions as any errors would be being set by the system.

Share this post


Link to post
Share on other sites

What does _Winapi_CreateFile() return when trying to write to the flash? Also the use of _WinAPI_GetLastError() is useful for these functions as any errors would be being set by the system.

True, I should have been including _WinAPI_GetLastError() so will now. All functions, Create, SetPointer, Read were always good, but the Write would fail. Occasionally it will work fine like immediately after rebooting, so I may look in to finding a way to lock the drive from access by other apps....

Thanks

Ian


My projects:

  • IP Scanner - Multi-threaded ping tool to scan your available networks for used and available IP addresses, shows ping times, resolves IPs in to host names, and allows individual IPs to be pinged.
  • INFSniff - Great technicians tool - a tool which scans DriverPacks archives for INF files and parses out the HWIDs to a database file, and rapidly scans the local machine's HWIDs, searches the database for matches, and installs them.
  • PPK3 (Persistent Process Killer V3) - Another for the techs - suppress running processes that you need to keep away, helpful when fighting spyware/viruses.
  • Sync Tool - Folder sync tool with lots of real time information and several checking methods.
  • USMT Front End - Front End for Microsoft's User State Migration Tool, including all files needed for USMT 3.01 and 4.01, 32 bit and 64 bit versions.
  • Audit Tool - Computer audit tool to gather vital hardware, Windows, and Office information for IT managers and field techs. Capabilities include creating a customized site agent.
  • CSV Viewer - Displays CSV files with automatic column sizing and font selection. Lines can also be copied to the clipboard for data extraction.
  • MyDirStat - Lists number and size of files on a drive or specified path, allows for deletion within the app.
  • 2048 Game - My version of 2048, fun tile game.
  • Juice Lab - Ecigarette liquid making calculator.
  • Data Protector - Secure notes to save sensitive information.
  • VHD Footer - Add a footer to a forensic hard drive image to allow it to be mounted or used as a virtual machine hard drive.
  • Find in File - Searches files containing a specified phrase.

Share this post


Link to post
Share on other sites

Yup - _WinAPI_GetLastError() "5" - "ACCESS_DENIED"..... but the same script works fine on mechanical drives.....

Ian


My projects:

  • IP Scanner - Multi-threaded ping tool to scan your available networks for used and available IP addresses, shows ping times, resolves IPs in to host names, and allows individual IPs to be pinged.
  • INFSniff - Great technicians tool - a tool which scans DriverPacks archives for INF files and parses out the HWIDs to a database file, and rapidly scans the local machine's HWIDs, searches the database for matches, and installs them.
  • PPK3 (Persistent Process Killer V3) - Another for the techs - suppress running processes that you need to keep away, helpful when fighting spyware/viruses.
  • Sync Tool - Folder sync tool with lots of real time information and several checking methods.
  • USMT Front End - Front End for Microsoft's User State Migration Tool, including all files needed for USMT 3.01 and 4.01, 32 bit and 64 bit versions.
  • Audit Tool - Computer audit tool to gather vital hardware, Windows, and Office information for IT managers and field techs. Capabilities include creating a customized site agent.
  • CSV Viewer - Displays CSV files with automatic column sizing and font selection. Lines can also be copied to the clipboard for data extraction.
  • MyDirStat - Lists number and size of files on a drive or specified path, allows for deletion within the app.
  • 2048 Game - My version of 2048, fun tile game.
  • Juice Lab - Ecigarette liquid making calculator.
  • Data Protector - Secure notes to save sensitive information.
  • VHD Footer - Add a footer to a forensic hard drive image to allow it to be mounted or used as a virtual machine hard drive.
  • Find in File - Searches files containing a specified phrase.

Share this post


Link to post
Share on other sites

This is most probably because your USB flash drive is not declaring itself as DASD devices (hard disk), just like many older USB flash drives. You should still be able to perform I/O on non-DASD devices (like tape drives, flash USB, and such) using the low-level IOCTL set of primitives. Your best friend here is MSDN.

I remember that a flash drive maker offered a utility to switch to DASD any devices in his range but I honestly don't recall which one.


This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

:bye: Greetings everyone, please refer to my post at the following link:

:oops: I suggest that you could get the USB Drive Letter using DriveGetDrive("REMOVABLE") and then passing on the return to Disk wiping function. Hard-Disks and a Pen-Drive are totally different (they both need different drivers)

Regards

Edited by MKISH

----------------------------------------

:bye: Hey there, was I helpful?

----------------------------------------

My Current OS: Win8 PRO (64-bit); Current AutoIt Version: v3.3.8.1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0