Check whether C++17 can now read raw disk partitions, or if I need to put back in the WIN32-specific code

simsong / bulk_extractor

This is the development tree. Production downloads are at:

https://github.com/simsong/bulk_extractor/releases

Other

1.08k stars 185 forks source link

Check whether C++17 can now read raw disk partitions, or if I need to put back in the WIN32-specific code #258

Open simsong opened 2 years ago

simsong commented 2 years ago

[ ] Validate on WIN32
[ ] Validate on MacOS
[ ] Validate on Linux

jonstewart commented 2 years ago

C++17 has no such support.

But, you can open volumes and physical disks as files in Windows. A physical device path would be like “\.\PhysicalDevice0”. You have to run the program with administrative privileges.

On Oct 10, 2021, at 6:38 PM, Simson L. Garfinkel @.***> wrote:

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

simsong commented 2 years ago

The question is, if I open the physical disk as a Windows file, do the C++ intrinsics for getting the file length and seeking in the file work, or do I need to use this code that I've now deleted based on GetDiskGeometry() and ReadFile and Windows handles to read the raw device once it is opened?

jonstewart commented 2 years ago

I… think… everything works. Let me verify the fseek(end), ftell() behavior.

Sent from my iPhone

On Oct 10, 2021, at 7:53 PM, Simson L. Garfinkel @.***> wrote:

The question is, if I open the physical disk as a Windows file, do the C++ intrinsics for getting the file length and seeking in the file work, or do I need to use this code that I've now deleted based on GetDiskGeometry() and ReadFile and Windows handles to read the raw device once it is opened?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

simsong commented 2 years ago

I'll be double checking! It would be great to get rid of the GetDiskGeometry() stuff.

jonstewart commented 2 years ago

I wonder whether std::filesystem would work, too, with the \.\PhysicalDevice0 path. It may be a better way to go.

https://en.cppreference.com/w/cpp/filesystem/file_size

On Oct 10, 2021, at 8:20 PM, Simson L. Garfinkel @.***> wrote:

I'll be double checking! It would be great to get rid of the GetDiskGeometry() stuff.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

simsong commented 2 years ago

In fact, std::filesystem::file_size is what I moved to, and it really simplified a lot. But I need to test it with \\.\PhysicalDevice0

dfjxs commented 2 years ago

I think getting file size is still an issue for block devices.

terminate called after throwing an instance of 'std::filesystem::__cxx11::filesystem_error'
  what():  filesystem error: cannot get file size: Operation not supported [/dev/sdb]

joachimmetz commented 2 years ago

Also note that \\.\C: behaves differently from \\.\PhysicalDevice0 and typically you'll need to issue the correct WINAPI calls to get it reading the full volume.