Hello again.
Seems that little code works! 
I guess this isn't powerful, but this is a beginning...
What about TLD? is it strong enough?
Code: Select allvoid readSector()
{
	UNICODE_STRING	diskdevice;
	PFILE_OBJECT	pFileObj = NULL;
	PDEVICE_OBJECT	pDevObj  = NULL;
	PIRP			pIrp = NULL;
	IO_STATUS_BLOCK	ioStatus;
	NTSTATUS		status, returnStatus;
	LARGE_INTEGER	lDiskOffset;
	KEVENT			Event;
	CHAR			*sBuf; //Buffer
	SIZE_T			size = 512; //Sector size
	int 			i = 0;
	
	RtlInitUnicodeString(&diskdevice, L"\\Device\\Harddisk0\\DR0");
	
	// Get device object
	status = IoGetDeviceObjectPointer(&diskdevice, FILE_ALL_ACCESS, &pFileObj, &pDevObj);
	
	if (!NT_SUCCESS(status)) 
	{
		DbgPrint("IoGetDeviceObjectPointer Failed\n");
	} 
	
	else 
	{
		DbgPrint("IoGetDeviceObjectPointer Succceded");
		lDiskOffset.QuadPart = 0;
		
		// Allocate buffer
		sBuf = ExAllocatePool(NonPagedPool, size);		
		if (!sBuf) 
		{
			ObDereferenceObject(pFileObj);
			DbgPrint("Not enough ressources\n");
			return STATUS_INSUFFICIENT_RESOURCES;
		}
		
		KeInitializeEvent(&Event, NotificationEvent, FALSE);
		memset(sBuf, 'C', size);
		
		// Build IRP
		pIrp = IoBuildSynchronousFsdRequest(IRP_MJ_READ, pDevObj, sBuf, size, &lDiskOffset, &Event, &ioStatus);		
		if (!pIrp) 
		{
			ExFreePool(sBuf);
			ObDereferenceObject(pFileObj);		
			DbgPrint("Not enough ressources\n");			
			return STATUS_INSUFFICIENT_RESOURCES;
		}
		
		// Call disk driver
		status = IoCallDriver(pDevObj, pIrp);
		
		// Wait response
		if (status == STATUS_PENDING) 
		{
			DbgPrint("waiting response\n");
			returnStatus = KeWaitForSingleObject(&Event, Executive, KernelMode, FALSE,	NULL);
			DbgPrint("Read status : 0x%x\n", returnStatus);
			// Print buffer
			for (i = 0 ; i < size ; i++)
			{
				DbgPrint("%c", sBuf[i]);
			}
			DbgPrint("\n");
			
			status = ioStatus.Status;
		}
		
		//--- Dereference PFile / free ressources
		ExFreePool(sBuf);
		ObDereferenceObject(pFileObj);
	}
}
 
			
				
				
			
						 mbrDumpGMER.png (20.17 KiB) Viewed 326 times
		 
				
		
		 
			
				
				
			
						 dumpWithMyCode.png (22.79 KiB) Viewed 326 times