Hy....
I am trying to read the boot sector of my C: drive formatted with NTFS...but i am not getting the right information....can any1 help me finding the reason behind it..thanx

here is the code:

#include "stdafx.h"
#include "sunday_version.h"
#include <conio.h>
HANDLE	h;
#ifdef _DEBUG
#define new DEBUG_NEW
#endif

#define PHYSICAL_DRIVE "\\\\.\\PhysicalDrive0"


CWinApp theApp;

using namespace std;
#pragma pack(1)
////////////////////////////  boot sector info ///////////////////////////////////////
typedef struct BSec
{
   
   BYTE jumpCode[3];
   BYTE oemName[8];
   WORD Bytes_Per_Sector;
   BYTE sec_Cluster;
   WORD size_Sector_Reserved; 
   BYTE mount1[3];
   WORD mount2;
   BYTE Media_Type;
   WORD mount3;
   WORD unused1;
   WORD  unused2;
   DWORD unused3;
   DWORD mount4;
   DWORD unused4;
   BYTE tot_Sectors[8];
   BYTE MFT_Cluster_Address[8];
   BYTE mir_MFT_Cluster_Address[8];
   BYTE cluster_Per_MFT;
   BYTE unused5[3];
   BYTE cluster_Per_Index_Buffer;
   BYTE unused6[3];
   BYTE vol_Serial_No[8];
   DWORD unused7;
   char	chBootstrapCode[426];
   WORD	wSecMark;

   
 
   
};
#pragma pack()

BSec _bs;

void Open_HANDLE()
{	     
	h = CreateFile(_T(PHYSICAL_DRIVE ),    
                GENERIC_READ|GENERIC_WRITE,              
                FILE_SHARE_READ|FILE_SHARE_WRITE,           
                0,                     
                OPEN_EXISTING,            
                0,                        
                0);                     
		  
		  
}



int _tmain(int argc, TCHAR* argv[], TCHAR* envp[])
{
	int nRetCode = 0;

	// initialize MFC and print and error on failure
	if (!AfxWinInit(::GetModuleHandle(NULL), NULL, ::GetCommandLine(), 0))
	{
		// TODO: change error code to suit your needs
		_tprintf(_T("Fatal Error: MFC initialization failed\n"));
		nRetCode = 1;
	}
	else
	{
	  BYTE bBootSector[512];
      memset(bBootSector, 0, 512);
      DWORD dwBytesRead(0);
	  Open_HANDLE();
	  
      if(h!= NULL)
       {

    	DWORD dwFilePointer = SetFilePointer(h,0,0, FILE_BEGIN);	         
	    
		 // Read boot sector
         if (!ReadFile(h, bBootSector, 512, &dwBytesRead, NULL))
         {
            cout<<"Error in reading boot sector\n";
         }
         else
         {
			
            memcpy(&_bs, bBootSector, sizeof(_bs));
			printf("\n file system is %s ",_bs.oemName);
				
							
				
           
         }

         CloseHandle(h);
        
	  }
 

   getch();
   return nRetCode;
}

}

You need administrative rights to do this under NT operating systems. And doesn't the device name has to be all lower case (can't remember...)??

#define PHYSICAL_DRIVE "\\\\.\\physicaldrive0"

Found it. Device name is case insensitive. So just ignore the last part of my answer above.

DWORD dwFilePointer = SetFilePointer(h,0,0, FILE_BEGIN);

That gives you the master boot record (MBR).

Based on the partition tables within the MBR, you can locate the boot sector that you are looking for (i.e. figure out the number of sectors you have to bypass before landing on the boot sector).

This article has been dead for over six months. Start a new discussion instead.