I booted a Windows 7 machine via SystemRescueCd 4.8.1. I was interested accessing my data volume remotely from my laptop with ImDisk 2.0.9 using DevIo 3.04. Here are some details about the volume on the disk I want to access:
Posted 22 December 2016 - 08:09 PM
I booted a Windows 7 machine via SystemRescueCd 4.8.1. I was interested accessing my data volume remotely from my laptop with ImDisk 2.0.9 using DevIo 3.04. Here are some details about the volume on the disk I want to access:
Posted 22 December 2016 - 08:25 PM
Posted 22 December 2016 - 09:19 PM
I tried starting DevIo like this:
Posted 23 December 2016 - 10:25 AM
This seems fine:
C:\>imdisk -a -t proxy -o ip -f 10.0.194.101:666 -m Z: -b 264192 -s 15602524160
The issue with "automatic" commands may be connected with the GPT style of the disk.
But what happens if after issuing the above command you open a hex/disk viewer/editor and open frst sector of volume Z:?
Is it the actual bootsector?
EB 52 90 ... NTFS
Wonko
Posted 23 December 2016 - 12:32 PM
Posted 23 December 2016 - 01:15 PM
The offset "34" for the first (MSR) partition is "unusual", usually the first partition is on 2048 on *anything* partitioned under *any* Windows OS, *maybe* *something* assumes that no less than 63 sectors should be between the MBR (protective or not) and the first partition?
The represented value of 34 is the bare minimum as you have 1 sector for the MBR, 1 for the main GPT, and 32 sectors (with four entries each) for the 128 possible partiton entries.
The "protective MBR" addresses always starts from sector CHS 2/LBA 1, but if the right offset are specified manually that shouldn't matter.
Wonko
Posted 23 December 2016 - 01:36 PM
Posted 23 December 2016 - 02:21 PM
This seems fine:
C:\>imdisk -a -t proxy -o ip -f 10.0.194.101:666 -m Z: -b 264192 -s 15602524160
The issue with "automatic" commands may be connected with the GPT style of the disk.
But what happens if after issuing the above command you open a hex/disk viewer/editor and open frst sector of volume Z:?
Is it the actual bootsector?
EB 52 90 ... NTFS
Wonko
When I do this, I don't even have an option to open the drive in HxD:
Yet when I open an image normally in ImDisk, it shows up in this menu, and sector 0 begins just as described.
So, I'm pretty sure I'm not really "looking" at the right thing.
Sasha
Posted 23 December 2016 - 02:28 PM
I don't think we can trust the values printed by devio here. They are obviously not correct, there are for example negative values where such are not expected. Hopefully the variables actually have correct values when the application runs and that this problem only has to do with formatting the values when printing them to the console. For example printing 64 bit values to 32 bit positions which will cause field values to shift to other positions and parts of variable values printed in the wrong places.
I've made such mistakes in my own code before. But of course the other question here is are the command line arguments being parsed correctly.
Sasha
Posted 23 December 2016 - 04:11 PM
Well, if can dir Z:, it should mean that *something* is mounted , otherwise you should have an error *like* "cannot find specified path".
It is possible that HxD uses the mount manager (an IMDISK volume is transparent to it) or *whatever*.
Do another thing.
When you have :
Creating device...
Created device 0: Z: -> 10.0.194.101:666
Notifying applications...
Done.
Run:
dsfo \\.\z: 0 512 C:\mysector0.bin
Then try opening the C:\mysector0.bin in HxD.
Get dsfo from the dsfok toolkit here:
http://members.ozema...eezip/freeware/
or here:
http://www.softpedia...ery/dsfok.shtml
Or use a Windows port of dd.
Wonko
Posted 11 December 2018 - 05:56 AM
One idea here could be to use Arsenal Image Mounter at the client to expose the entire disk there. That would require manually specifying zeros as offset etc to devio and then manually specifying the exact disk size with -s switch to aim_ll command line (no offset). But in my experience this works very well.
D:\devio.exe 9000 \\.\PhysicalDrive0 0 0 Successfully opened '\\.\PhysicalDrive0'. Image size used: 500107862016 bytes. Total size: 500107862016 bytes. Using 500107862016 bytes from offset 0. Required alignment: 1 bytes. Buffer size: 67108864 bytes. Waiting for conection on port 9000. Press Ctrl+C to cancel.On the client, using aim_ll.exe, connect and specify the size output by DevIO when you started it:
C:\Users\User\Desktop\ArsenalImageMounter-2.6.40_Beta\CLI\x64>aim_ll.exe -a -t proxy -f 192.168.1.105 -o ip -s 500107862016 Creating device... Created device 000000 -> 192.168.1.105 Disk device is \\?\PhysicalDrive1 Attached disk volume \\?\Volume{ec9867a9-a4c3-4cb6-a9f4-0504053aa217} Mounted at F:\ Done.Even though I only needed the single partition, this made the entire device available on my client machine, including the EFI System Partition. Thanks for the suggestion Olof!
Edited by RulerOf, 11 December 2018 - 05:57 AM.
0 members, 0 guests, 0 anonymous users