I have a problem with ReadFile and overlapped.
first I use ReadFile with overlapped with 0
ZeroMemory(&overlapped ,sizeof(OVERLAPPED));
hDevice = CreateFileW(zwpath, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL | FILE_FLAG_OVERLAPPED, NULL);
if(hDevice != INVALID_HANDLE_VALUE){
ret = ReadFile(hDevice, buff, 1024, &numerobyte, &overlapped);
}
with a for(), I can see the bytes using a printf()
for (int n=0; n<sizeof(buff); n++)
{
printf("0x%02X ", buff[n]);
}
and now I have one variant with a large number
crbig = 322122547
d1 = (DWORD*)crbig;
overlapped.Offset = d1[1]; //22122547
overlapped.OffsetHigh = d1[0];// 00000003
I need use ReafFile twice, this second time is using overlapped() with offset and highoffset values
d1 = (DWORD*)&crbig;
overlapped.Offset = d1[1];
overlapped.OffsetHigh = d1[0];
ret = ReadFile(hDevice, buff, 1024, &numerobyte, &overlapped);
but the for() prints the same bytes that throws me the first ReadFile, I tried cleaning the buffer with memset() or use another buffer but always show me the same bytes
Supposedly Overlapped() says to ReadFile where should go, and read 1024 bytes, and save it in a buffer, but nothing happen, buffer has the same first bytes that overlapped() = 0
this is the complete code
int main(int argc, char *argv[]){
HANDLE hDevice;
OVERLAPPED overlapped;
DWORD crbig;
BYTE buff[1024] = {0};
DWORD numerobyte = 0, nbytes = 0;
UINT32 ret;
DWORD *d1;
int offset1 = 11, offset2 = 13, offset3 = 30;
long MFTCluster = 0, bytespercluster = 0, sectperclusters = 0, offet = 0;
unsigned long mult = 0;
ZeroMemory(&overlapped ,sizeof(OVERLAPPED));
hDevice = CreateFileW(zwpath, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL | FILE_FLAG_OVERLAPPED, NULL);
if(hDevice != INVALID_HANDLE_VALUE){
ret = ReadFile(hDevice, buff, 1024, &numerobyte, &overlapped);
}else
{
return NULL;
}
if(ret == 0){
ret = WaitForSingleObject(hDevice,INFINITE );
switch (ret)
{
case WAIT_OBJECT_0:break;
case WAIT_TIMEOUT:break;
default:
break;
}
}
else
{
return NULL;
}
if((int)buff[3] == 'N' && (int)buff[4] == 'T' && (int)buff[5] == 'F' && (int)buff[6] == 'S' ){
printf("Volumen es formato NTFS\n\n\n");
}
bytespercluster = endianhextodec(buff, offset1);
sectperclusters = endianhextodec(buff, offset2);
MFTCluster = endianhextodec(buff, offset3);
crbig = (sectperclusters * (bytespercluster * MFTCluster));
d1 = (DWORD*)&crbig;
overlapped.Offset = d1[1];
overlapped.OffsetHigh = d1[0];
ret = ReadFile(hDevice, buff, 1024, &numerobyte, &overlapped);
if(ret == 0){
ret = WaitForSingleObject(hDevice,INFINITE );
switch (ret)
{
case WAIT_OBJECT_0:break;
default:
break;
}
}
else
{
return NULL;
}
for (int n=0; n<sizeof(buff); n++)
{
printf("0x%02X ", buff[n]);
}
CloseHandle(hDevice);
getchar();
}
VB.NET
Private Sub SetReadFileOffset(ByRef NO As System.Threading.NativeOverlapped, ByRef curBig As Int64)
Dim lowoffset() As Byte = BitConverter.GetBytes(curBig)
Dim highoffset As Int32 = BitConverter.ToInt32(lowoffset, 0)
Dim high As Int32
Dim lastbytes(3) As Byte
Array.Copy(lowoffset, 4, lastbytes, 0, 4)
high = BitConverter.ToInt32(lastbytes, 0)
NO.OffsetLow = highoffset
NO.OffsetHigh = high
End Sub
SetReadFileOffset(NO, MFTCluster * SectperCluster * BytesPerSect)
ret = ReadFile(Hnd, Buffer, 1024, nRead, NO)
If ret = 0 Then
ret = WaitForSingleObject(Hnd, INFINITE)
Select Case ret
Case WAIT_OBJECT_0
Case Else
End Select
Else
Return Nothing
End If