logo
down
shadow

FindFirstVolume does not return EFI system partition


FindFirstVolume does not return EFI system partition

By : Naveen
Date : November 21 2020, 11:01 PM
will be helpful for those in need volume GUID path (i.e. \??\Volume{..}) not exist if not returned by FindFirstVolume/FindNextVolume but we can enumerate all volumes in system by different ways. we say can use Virtual Disk Service com api . DISKPART> list volume use exactly this. another way(more 'low' and fast) - use CM_Get_Device_ID_ListW with pszFilter = "{71a27cdd-812a-11d0-bec7-08002be2092f}" (look GUID_DEVCLASS_VOLUME in devguid.h) than obtain a device instance handle by CM_Locate_DevNodeW and query for DEVPKEY_Device_PDOName with CM_Get_DevNode_PropertyW - we got string (like \Device\HarddiskVolume ) which we can use in ZwOpenFile and then use some ioctls (IOCTL_DISK_GET_PARTITION_INFO_EX and other) for get volume properties. code example:
code :
#include <initguid.h>
#include <cfgmgr32.h>
#include <devguid.h>
#include <devpkey.h>
#include <diskguid.h>

void DumpVolume(HANDLE hFile);

void VolEnum()
{
    STATIC_WSTRING(DEVCLASS_VOLUME, "{71a27cdd-812a-11d0-bec7-08002be2092f}");

    enum { flags = CM_GETIDLIST_FILTER_CLASS|CM_GETIDLIST_FILTER_PRESENT };

    ULONG len;
    ULONG cb = 0, rcb = 64;

    HANDLE hFile;
    IO_STATUS_BLOCK iosb;
    UNICODE_STRING ObjectName;
    OBJECT_ATTRIBUTES oa = { sizeof(oa), 0, &ObjectName, OBJ_CASE_INSENSITIVE };

    if (!CM_Get_Device_ID_List_SizeW(&len, DEVCLASS_VOLUME, flags))
    {
        PWSTR buf = (PWSTR)alloca(len << 1);
        if (!CM_Get_Device_ID_ListW(DEVCLASS_VOLUME, buf, len, flags))
        {
            PVOID stack = buf;
            while (*buf)
            {
                DbgPrint("%S\n", buf);
                DEVINST dnDevInst;
                if (!CM_Locate_DevNodeW(&dnDevInst, buf, CM_LOCATE_DEVNODE_NORMAL))
                {
                    DEVPROPTYPE PropertyType;
                    int err;

                    union {
                        PVOID pv;
                        PWSTR sz;
                        PBYTE pb;
                    };

                    do 
                    {
                        if (cb < rcb)
                        {
                            rcb = cb = RtlPointerToOffset(pv = alloca(rcb - cb), stack);
                        }

                        if (!(err = CM_Get_DevNode_PropertyW(dnDevInst, &DEVPKEY_Device_PDOName, &PropertyType, pb, &rcb, 0)))
                        {
                            if (PropertyType == DEVPROP_TYPE_STRING)
                            {
                                DbgPrint("%S\n", sz);

                                RtlInitUnicodeString(&ObjectName, sz);
                                if (0 <= ZwOpenFile(&hFile, FILE_GENERIC_READ, &oa, &iosb, FILE_SHARE_VALID_FLAGS, 0))
                                {
                                    DumpVolume(hFile);
                                    ZwClose(hFile);
                                }
                            }
                        }

                    } while (err == CR_BUFFER_SMALL);

                }
                buf += 1 + wcslen(buf);
            }
        }
    }
}

void DumpVolume(HANDLE hFile)
{
    NTSTATUS status;
    PARTITION_INFORMATION_EX pi;
    IO_STATUS_BLOCK iosb;

    if (0 <= (status = ZwDeviceIoControlFile(hFile, 0, 0, 0, &iosb, IOCTL_DISK_GET_PARTITION_INFO_EX, 0, 0, &pi, sizeof(pi))))
    {
        CHAR PartitionName[40], *szPartitionName;

        PCSTR szps = "??";
        switch (pi.PartitionStyle)
        {
        case PARTITION_STYLE_MBR: szps = "MBR";
            break;
        case PARTITION_STYLE_GPT: szps = "GPT";
            break;
        }

        DbgPrint("%u %s %I64u(%I64x) %I64u ", 
            pi.PartitionNumber, 
            szps, 
            pi.StartingOffset.QuadPart, pi.StartingOffset.QuadPart, 
            pi.PartitionLength.QuadPart);

        switch (pi.PartitionStyle)
        {

        case PARTITION_STYLE_MBR: 
            DbgPrint("type=%x boot=%x", pi.Mbr.PartitionType, pi.Mbr.BootIndicator);
            break;

        case PARTITION_STYLE_GPT:

            if (IsEqualGUID(pi.Gpt.PartitionType, PARTITION_ENTRY_UNUSED_GUID))
            {
                szPartitionName = "UNUSED";
            }
            else if (IsEqualGUID(pi.Gpt.PartitionType, PARTITION_SYSTEM_GUID))
            {
                szPartitionName = "SYSTEM";
            }
            else if (IsEqualGUID(pi.Gpt.PartitionType, PARTITION_MSFT_RESERVED_GUID))
            {
                szPartitionName = "RESERVED";
            }
            else if (IsEqualGUID(pi.Gpt.PartitionType, PARTITION_BASIC_DATA_GUID))
            {
                szPartitionName = "DATA";
            }
            else if (IsEqualGUID(pi.Gpt.PartitionType, PARTITION_MSFT_RECOVERY_GUID))
            {
                szPartitionName = "RECOVERY";
            }
            else if (IsEqualGUID(pi.Gpt.PartitionType, PARTITION_MSFT_SNAPSHOT_GUID))
            {
                szPartitionName = "SNAPSHOT";
            }
            else
            {
                sprintf(szPartitionName = PartitionName, "{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}", 
                    pi.Gpt.PartitionType.Data1,
                    pi.Gpt.PartitionType.Data2,
                    pi.Gpt.PartitionType.Data3,
                    pi.Gpt.PartitionType.Data4[0],
                    pi.Gpt.PartitionType.Data4[1],
                    pi.Gpt.PartitionType.Data4[2],
                    pi.Gpt.PartitionType.Data4[3],
                    pi.Gpt.PartitionType.Data4[4],
                    pi.Gpt.PartitionType.Data4[5],
                    pi.Gpt.PartitionType.Data4[6],
                    pi.Gpt.PartitionType.Data4[7]);
            }
            DbgPrint("[%s] %I64x \"%S\"", 
                szPartitionName,
                pi.Gpt.Attributes,
                pi.Gpt.Name);
            break;
        }

        ULONG cb = FIELD_OFFSET(FILE_FS_ATTRIBUTE_INFORMATION, FileSystemName[32]);
        PFILE_FS_ATTRIBUTE_INFORMATION pffai = (PFILE_FS_ATTRIBUTE_INFORMATION)alloca(cb);

        switch (ZwQueryVolumeInformationFile(hFile, &iosb, pffai, cb, FileFsAttributeInformation))
        {
        case STATUS_SUCCESS:
        case STATUS_BUFFER_OVERFLOW:
            DbgPrint(" \"%.*S\"", pffai->FileSystemNameLength >> 1 , pffai->FileSystemName);
            break;
        }

        DbgPrint("\n");
    }
    else
    {
        DbgPrint("status=%x\n", status);
    }
}
STORAGE\Volume\{d2bfdb30-4d04-11e5-824e-806e6f6e6963}#0000000012D00000
\Device\HarddiskVolume2
2 GPT 315621376(12d00000) 104857600 [SYSTEM] 8000000000000000 "EFI system partition" "FAT32"
STORAGE\Volume\{d2bfdb30-4d04-11e5-824e-806e6f6e6963}#0000000000100000
\Device\HarddiskVolume1
1 GPT 1048576(100000) 314572800 [RECOVERY] 8000000000000001 "Basic data partition" "NTFS"
STORAGE\Volume\{d2bfdb30-4d04-11e5-824e-806e6f6e6963}#0000000021100000
\Device\HarddiskVolume4
4 GPT 554696704(21100000) 255506513920 [DATA] 0 "Basic data partition" "NTFS"
STORAGE\Volume\{d2bfdb30-4d04-11e5-824e-806e6f6e6963}#0000000019100000
\Device\HarddiskVolume3
3 GPT 420478976(19100000) 134217728 [RESERVED] 8000000000000000 "Microsoft reserved partition" "RAW"
STORAGE\Volume\{a4d55aa5-4d7f-11e5-8256-5cc5d4ea6270}#0000000000007E00
\Device\HarddiskVolume5
1 MBR 32256(7e00) 32017013248 type=7 boot=1 "NTFS"


Share : facebook icon twitter icon
Use unmanaged FindFirstVolume to enumerate volumes with .NET in C#

Use unmanaged FindFirstVolume to enumerate volumes with .NET in C#


By : hitle69
Date : March 29 2020, 07:55 AM
wish help you to fix your issue I am trying to enumerate drives that are mounted without a direve letter so I can obtain the remaining space on each of the drives. This application must work with Windows XP so the Win32_Volume class is not available. , Remove out from before StringBuilder:
code :
[DllImport( "kernel32.dll", EntryPoint = "FindFirstVolume", SetLastError = true, CallingConvention = CallingConvention.StdCall )]
public static extern int FindFirstVolume(
  StringBuilder lpszVolumeName,
  int cchBufferLength );


[DllImport( "kernel32.dll", EntryPoint = "FindNextVolume", SetLastError = true, CallingConvention = CallingConvention.StdCall )]
public static extern bool FindNextVolume(
  int hFindVolume,
  StringBuilder lpszVolumeName,
  int cchBufferLength );
What if we partition a C+A distributed system?

What if we partition a C+A distributed system?


By : Henry Tejera
Date : March 29 2020, 07:55 AM
Does that help You can't have a C+A distributed system, that's the whole point of the CAP theorem. As explained here for instance, and I quote:
Easy ways to separate DATA (Dev-Environments/apps/etc) partition from Linux System minimal sized OS partition? Docker or

Easy ways to separate DATA (Dev-Environments/apps/etc) partition from Linux System minimal sized OS partition? Docker or


By : Fazzzer
Date : March 29 2020, 07:55 AM
like below fixes the issue After further research and testing/trying out docker for this, I've decided that "containers" like docker are the easy way to go to install apps you may want to purge later. It seems that this technique already uses the Overlayfs overlayroot kind of technique under the hood to make use of already installed dependencies in the host and installs other needed dependencies in the docker image. So basically I gain the same advantages as the other manual overlayroot technique I talked about and yet without having to work to set all that up.
So yep, I'm a believer in application containers now! Even works for GUI apps.
Oracle Partition - Error ORA14400 - inserted partition key does not map to any partition

Oracle Partition - Error ORA14400 - inserted partition key does not map to any partition


By : user18234
Date : March 29 2020, 07:55 AM
may help you . I'm trying to insert information in a partition table, but I don't know what I'm doing wrong! Show me this error: ORA-14400: inserted partition key does not map to any partition"
Difference between system and priv-app in system partition

Difference between system and priv-app in system partition


By : phiwe
Date : March 29 2020, 07:55 AM
Hope that helps System apps are just apps bundled with the system, which cannot be uninstalled. Nothing more. For instance, the YouTube app can be a system app.
On the other hand, system privileged apps are like system apps, but with superior permissions. For instance, the SystemUI app is privileged (at least on my device it is) because it requires elevated permissions to work.
Related Posts Related Posts :
  • Referring to a CMAKE variable from code
  • Convert a CString to an array of floats
  • Generating a sequence of zeros at compile time
  • Pass std::iterator pointing to a vector of Eigen types
  • Overloaded pointer to function
  • How to visualise a simple std::string with natvis?
  • OpenCV: can't access Mat elements
  • What happens when you redefine a macro?
  • use the TYPE from the tempate type argument list
  • Warning: Multiple copy constructors defined while deleting them
  • xgboost build error on CentOS 6.8
  • How can I sort elements of a vector by row using std::sort
  • Using an std::function for wrapping a function object
  • How to add a Combobox or browse option in one particular row of a grid control using CMFCPropertyGridProperty class
  • update curl on centos
  • How can I use Linguist in Qt without .pro file?
  • reduce data to be sent over UDP sockets
  • cudaModuleLoadData fails with error code 201
  • C++ code not compiling with gcc on Mac?
  • Editing the value in an unordered map for a given key
  • How do call C++ function through Delphi wrapper
  • How could I link the Boost (not in usr/include) in CMakeList.txt using find_package
  • C++, Linker Issue returning undefined reference
  • Can you use std::string in a 3rd party dll?
  • Why does this use of std::sort with a custom comparator not compile?
  • Fixed base address in MSVC2015
  • Armadillo C++ Matrix Library - simplest way to initialize all values in a matrix to 999?
  • How do you end while loop
  • C++ Basic While Loop: Unknown Inputs and Value Increment
  • Cmake build failed with CMAKE_AR-NOTFOUND (cr exe not found)
  • c++ typeid on class member operator() overloads
  • Different size of string showing when going by two different methods
  • what the meaning "source of entropy of sth." on stack
  • wxWidgets - wxStyledTextCtrl - Text alignment RTL
  • get the entry point to a 64bit process memory from a 32bit process
  • Stroustrup: For C++, how do I install FLTK library?
  • Getting a word after a certain character?
  • How can I convert a char vector to a char array?
  • Comparing vectors of different length c++
  • How do I add four seperate times together?
  • How to replace data in a certain node in a linked list?
  • Prepared statements in C++ libneo4j_client?
  • User Inputs Value, but Arbitrary Value Printed to Screen. Printed Value doesn't Match Entered Value
  • How to work with std::make_unique function and interface classes?
  • Refresh image in command line (C++)
  • How to flip a Char array with pointers in C++
  • Outputting time in minutes and seconds C++
  • Creating a for loop to continue to count
  • how to get to field of 2D object dynamic array?
  • Multiple class object share common variable
  • Why is my multi-threaded program not terminating properly?
  • How do I open a file in C++ using just the filename?
  • QT DOMXml - Change the name of a node
  • Using undeclared list as argument in c++
  • While loop won't continue
  • If/else if always goes to else statement
  • Why shared_timed_mutex is defined in c++14, but shared_mutex in c++17?
  • Confused by pipes. 'cat -A' seems to filter out part of output
  • Cannot open source file gtest/gtest.h
  • How to get a certain word in string of getline?
  • shadow
    Privacy Policy - Terms - Contact Us © soohba.com