Re: Accessing a RAW partition!

Granted you "are using windows," and I hate to make this suggestion because it seems so typical, but if that changed this task would be trivial. On Linux you can access your hd as a block device, without mounting it (which would require a format). So you could literally read the device at /dev/hda1 directly. (assuming your root)

This might be easier than getting it to work in windows NT/2k/XP, which to my knowledge won't allow direct access to *any* device. And it won't allow any access to a hard drive until you format it.
There is also a tool called "testdisk" for linux which might be able to restore your partitions, and help recover your data. Check for a local Linux sig if you don't know how to use linux.

Evan Carroll
www.EvanCarroll.com

Comment on Re: Accessing a RAW partition!

Replies are listed 'Best First'.
Re^2: Accessing a RAW partition! by Ace128 (Hermit) on Oct 02, 2005 at 00:06 UTC
Even if it's there as "P:" ?	[reply]
Re^3: Accessing a RAW partition! by EvanCarroll (Chaplain) on Oct 02, 2005 at 00:39 UTC
I believe it is there as P:/ so you can format it, not so you can access it. As I said before I don't believe windows allows access to the hard drive as a block device. To my knowledge you have to have a filesystem on it in windows. Accessing a hard drive as a block device is completely different than at the level of a filesystem. And if you could access it as a block device it would almost surly be some administration trickery not something a regular user can do. Accessing your hd as block means you could for instance grep the contents for the sting 'password.' There are no per file permissions, because your not at the file level, you could write right over kernel.dll or explorer.exe and by reading the device at that level those two files will be included in the dump in their entirety. I have since moved off of windows but I wasn't able to figure out how this was done when I was using it. You might have to install a driver to give you this functionality. The upside to this is no more bootsector viruses, and you can accidentally wipe your MBR. Evan Carroll www.EvanCarroll.com	[reply]
Re^4: Accessing a RAW partition! by Corion (Patriarch) on Oct 02, 2005 at 09:06 UTC
Under Win32, you can open a special device to get at the harddisk as a raw device. Unsurprisingly, you need Administrator priviledges to do so, but opening `\\.\device\harddisk0\partition0` will give you raw access to the first harddisk. But there are some restrictions, like you must read/write in sizes of whole sectors, see the MS Knowledge Base on that.	[reply]
Re^5: Accessing a RAW partition! by Ace128 (Hermit) on Oct 02, 2005 at 13:41 UTC
Re^4: Accessing a RAW partition! by Ace128 (Hermit) on Oct 02, 2005 at 00:59 UTC
Well, dont wanna mess (format), until I've copied the data! :). And it is possible since you can install applications like HxD that can access this...	[reply]