How to open disks in windows and read data at low level?

Asked 29/6, 2011 at 14:50 Answered 23/5 at 8:6

I know in linux it is as simple as /dev/sda but in Windows how do you open a disk and start reading data at the low level?

In python I've tried:

f = open("K:", "r")

and I get this error:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
IOError: [Errno 13] Permission denied: 'K:'

I get this error even as administrator.

Niveous answered 29/6, 2011 at 14:50 Comment(1)

I think I have to use the win32 extension win32file? Does anyone know? – Niveous 29/6, 2011 at 14:56

From http://support.microsoft.com/kb/100027

To open a physical hard drive for direct disk access (raw I/O) in a Win32-based application, use a device name of the form

\\.\PhysicalDriveN

where N is 0, 1, 2, and so forth, representing each of the physical drives in the system.

To open a logical drive, direct access is of the form

\\.\X:

where X: is a hard-drive partition letter, floppy disk drive, or CD-ROM drive.

Cetinje answered 29/6, 2011 at 15:36 Comment(4)

How do you know which drive is which? – Niveous 29/6, 2011 at 15:50

I would guess that disk manager is correct, but I'd double-check before doing anything destructive :-) – Cetinje 29/6, 2011 at 17:5

To do this with python: blog.lifeeth.in/2011/03/reading-raw-disks-with-python.html – Libbey 11/9, 2013 at 0:28

What are the other parameters to CreateFile? – Pochard 16/2, 2015 at 20:50

Remember that all objects in windows and other operating systems are files. To open and read 16 bytes of data from drive E: use the code below:

# Open a Disk in binary format read only 16 bytes
file = "\\\\.\\E:"
with open(file,'rb') as f:
    print("Disk Open")
    data = f.read(16)
    # Convert the binary data to upper case hex ascii code
    hex_data = " ".join("{:02X}".format(c) for c in data)
    print(hex_data)

Ferdinande answered 1/2, 2021 at 19:54 Comment(0)

Both worked for me. To gain access to Partition C: or the whole drive, administrator privileges are needed. Here an example as replacement for open():

def open_physical_drive(
    number,
    mode="rb",
    buffering=-1,
    encoding=None,
    errors=None,
    newline=None,
    closefd=True,
    opener=None,
):
    """
    Opens a physical drive in read binary mode by default
    The numbering starts with 0
    """
    return open(
        fr"\\.\PhysicalDrive{number}",
        mode,
        buffering,
        encoding,
        errors,
        newline,
        closefd,
        opener,
    )


def open_windows_partition(
    letter,
    mode="rb",
    buffering=-1,
    encoding=None,
    errors=None,
    newline=None,
    closefd=True,
    opener=None,
):
    """
    Opens a partition of a windows drive letter in read binary mode by default
    """
    return open(
        fr"\\.\{letter}:", mode, buffering, encoding, errors, newline, closefd, opener
    )


# first 16 bytes from partition C:
# on Linux it's like /dev/sda1
with open_windows_partition("C") as drive_c:
    print(drive_c.read(16))


# first 16 bytes of first drive
# on Linux it's like /dev/sda
with open_physical_drive(0) as drive_0:
    print(drive_0.read(16))

Giess answered 23/11, 2021 at 9:36 Comment(0)

This doesn't work for me on Windows 10, and indeed hasn't worked for me since Windows 7, whereas it DID work under Windows XP.

I am running CMD.EXE "As Administrator," my user account appears to be a member of the Administrators group, and I have no idea what else I could possibly do to give myself the ability to do this. I don't understand how so many people claim to be able to do it so casually.

Demeter answered 23/5 at 8:6 Comment(0)

Recommended topics

Hot tags