Can I get write access to raw disk sectors under Vista and Windows 7 in user mode?

Question

From the RawDisk website:

The new security model of Windows Vista puts tight restrictions on applications executed in user mode. Even with elevated administrative rights, the application can’t get write access to raw disk sectors.

Is this true?

From the Microsoft doc:

The changes to the file system and to the storage stack do not apply if the volume is not mounted or if the volume has no file system.

Please give

• either a link to the official Microsoft doc confirming the RawDisk website
• or a working code example. (I obviously failed to create one, CreateFile() call fails with ERROR_ACCESS_DENIED if GENERIC_WRITE is set.)

Other relevant Microsoft docs that I have so far found:

• Blocking Direct Write Operations to Volumes and Disks
• IRP_MJ_WRITE at SL_FORCE_DIRECT_WRITE
• FLT_IO_PARAMETER_BLOCK structure at SL_FORCE_DIRECT_WRITE

Answer 1

Yes. The first article you link to provides a longer list of exceptions:

• if the file system is not mounted
• if the file system has been locked.
• if the sectors being written to reside outside file system space (this includes the boot sectors, and the "no file system" case where obviously all sectors are outside the file system)
• if the write request has been flagged by a kernel-mode driver.

Obviously, the last exception is irrelevant to you. User mode is the opposite of kernel mode. The other exceptions still apply.