ReadFile using winapi with pinvoke (image a physical disk)

-

i'm trying read files powershell using winapi (createfile, readfile, closehandle). of course there exist easier ways read files, ultimetaly want read physical disk, that's why. familiar api's , have done many times in other script language. i'm learning powershell.. anyways, believe problem in creation of structure readfile put content. i've put getlasterror in there return code 5 (access denied). other api's seem work fine. appreciated. code;

$pinvoke = add-type -name pinvoke21 -passthru -memberdefinition @'    [dllimport("kernel32.dll", charset = charset.auto, callingconvention = callingconvention.stdcall, setlasterror = true)]    public static extern intptr createfile(          string lpfilename,          uint dwdesiredaccess,          uint dwsharemode,          intptr securityattributes,          uint dwcreationdisposition,          uint dwflagsandattributes          );            [dllimport("kernel32.dll", setlasterror = true)]  public static extern bool readfile(intptr hfile, [out] byte[] lpbuffer, uint nnumberofbytestoread, ref int lpnumberofbytesread, intptr lpoverlapped);         [dllimport("kernel32.dll", charset = charset.auto, setlasterror=true)]  public static extern bool closehandle(intptr hobject);    [dllimport("kernel32.dll", charset = charset.auto, setlasterror=true)]  public static extern uint getfilesize(intptr hfile, intptr lpfilesizehigh);    [dllimport("kernel32.dll", setlasterror = true)]  public static extern uint getlasterror();    '@    $lpfilename = "c:\tmp\dummytest.txt"  $dwdesiredaccess = 0x2  $dwsharemode = 0x6  $lpsecurityattributes = 0  $dwcreationdisposition = 0x4  $dwflagsandattributes = 0x0   $hfile = $pinvoke::createfile($lpfilename, $dwdesiredaccess, $dwsharemode, $lpsecurityattributes, $dwcreationdisposition, $dwflagsandattributes)  $hfile  $filesize = $pinvoke::getfilesize($hfile,0)  $filesize  add-type @"  public struct teststruct {  public byte filebuff;  }  "@  $filebuffer1 = new-object teststruct  $filebuffer = new-object $filebuffer1.filebuff  $rfile = $pinvoke::readfile($hfile, $filebuffer, $filesize, [ref]$nbytes, 0)  $pinvoke::getlasterror()  $rfile  $filebuffer  $pinvoke::closehandle($hfile)

 

joakim



$pinvoke = add-type -name pinvoke -passthru -memberdefinition @'  [dllimport("kernel32.dll", charset = charset.auto, callingconvention = callingconvention.stdcall, setlasterror = true)]   public static extern intptr createfile(         string lpfilename,         uint dwdesiredaccess,         uint dwsharemode,         intptr securityattributes,         uint dwcreationdisposition,         uint dwflagsandattributes         );           [dllimport("kernel32.dll", charset = charset.auto, setlasterror=true)] public static extern bool closehandle(intptr hobject);  [dllimport("kernel32.dll", setlasterror = true)] public static extern uint getlasterror();  [dllimport("kernel32.dll", charset = charset.auto, setlasterror=true)] public static extern uint getfilesize(intptr hfile, intptr lpfilesizehigh);  [dllimport("kernel32.dll", setlasterror = true)] public static extern bool writefile(intptr hfile, byte [] lpbuffer, uint nnumberofbytestowrite, out uint lpnumberofbyteswritten, intptr lpoverlapped);  [dllimport("kernel32.dll", setlasterror = true)] public static extern bool readfile(intptr hfile, [out] byte[] lpbuffer, uint nnumberofbytestoread, ref int lpnumberofbytesread, intptr lpoverlapped); '@  $lpfilename = "f:\test.txt" $dwdesiredaccess = 2147483648 $dwsharemode = 0x1 $lpsecurityattributes = 0 $dwcreationdisposition = 3 $dwflagsandattributes = 0x0  $hfile = $pinvoke::createfile($lpfilename, $dwdesiredaccess, $dwsharemode, $lpsecurityattributes, $dwcreationdisposition, $dwflagsandattributes) $filesize = $pinvoke::getfilesize($hfile,0)  $buffer = new-object byte[] $filesize $read = [uint32]::minvalue $pinvoke::readfile($hfile,$buffer,$filesize,[ref]$read,0) [text.encoding]::ascii.getstring($buffer)
test.txt contains
ps >  gc f:\test.txt hello! how you?
output:
ps >  $buffer = new-object byte[] $filesize ps >  $read = [uint32]::minvalue ps >  $pinvoke::readfile($hfile,$buffer,$filesize,[ref]$read,0) true ps >  [text.encoding]::ascii.getstring($buffer) hello! how you?





Windows Server  >  Windows PowerShell



Comments

Post a Comment

Popular posts from this blog

Group Policy Event ID 1058 Error Code 1326 (The user name or password is incorrect)

-
i seeing odd error on 1 of our domain controllers. have dealt event id 1058 errors whereby policy (or policies) not replicating, receiving error along error code 1326 on server, , apparently happening default domain policy: log name:      system source:        microsoft-windows-grouppolicy date:          8/10/2015 3:09:54 pm event id:      1058 task category: none level:         error keywords:      user:          s-1-5-21-1484152634-2550175353-3916092219-3287 computer:      <dc name>.<domainname> description: processing of group policy failed. windows attempted read file http://schemas.microsoft.com/win/2004/08/events/event ">   <system>     <provi...
Read more

Suspicious event log Event ID: 4905

-
hi thr, could please me understand causing such event logs generate ? as  i understand, vssvc.exe pertains volume shadow copy used backup purpose.  we have third party application used taking backup of servers. the event longs generated following messages: 1) attempt made unregister security event source. 2) attempt made register security event source. these events not regular generated on random days. standard fields: date:               2013/10/19 time:               02:32:19 importance:         critical rule name:          security event monitored machine:  <domain controller> log format:         windows log name:           security event id:           4905 in work hours:      yes dynamic fields: internal timestamp: 2013/10/19 ...
Read more

DCOM received error "2147746132" from...

-
hi everybody, i have dc (my windows essentials 2012 server) , windows 2012 server in network.  the windows server 2012 inside domain. on server, got "non stopping" error says in event logs : ===> dcom received error "2147746132" fromd computer xxxx(my dc computer) while server trying activation : {6df8cb71-153b-4c66-8fc4-e59301b8011b} it never stops, got 11000+ new events :s i found : http://support.microsoft.com/kb/971153/fr i'm not sure should ? does got idea ? matthieu. hi, please try solution mentioned in below link: http://www.eventid.net/display-eventid-10006-source-dcom-eventno-272-phase-1.htm regards, cicely Windows Server  >  Windows Server 2012 General ...
Read more