Write to and read from free disk space using Windows API

Question

Is it possible to write to free clusters on disk or read data from them using Windows APIs? I found Defrag API: https://docs.microsoft.com/en-gb/windows/desktop/FileIO/defragmenting-files

FSCTL_GET_VOLUME_BITMAP can be used to obtain allocation state of each cluster, FSCTL_MOVE_FILE can be used to move clusters around. But I couldn't find a way of reading data from free clusters or writing data to them.

Update: one of the workarounds which comes to mind is creating a small new file, writing some data to it, then relocating it to desired position and deleting the file (the data will remain in freed cluster). But that still doesn't solve reading problem.

What I'm trying to do is some sort of transparent cache, so user could still use his NTFS partition as usual and still see these clusters as free space, but I could store some data in them. Data safety is not of concern, it can be overwritten by user actions and will just be regenerated / redownloaded later when clusters become free again.

Answer 1

There is no easy solution in this way.

First of all, you should create own partition of the drive. It prevents from an accidental access to your data from OS or any process. Then call CreateFileA() with name of the partition. You will get raw access to the data. Please bear in mind that the function will fail for any partition accessed by OS.

You can perform the same trick with a physical drive too.

The docs

Answer 2

One way could be to open the volume directly via using CreateFile with the volumes UNC path as filename arguement (e.g.: \\.\C:). You now can directly read and write to the volume.

So you maybe can achieve your desired goal with:

• get the cluster size in bytes with GetDiskFreeSpace
• get the map of free clusters with DeviceIoControl and FSCTL_GET_VOLUME_BITMAP
• open the volume with CreateFile with its UNC path \\.\F:
  (take a careful look into the documentation, especially the Remarks sections part about opening drives and volumes)
• seek to the the offset of a free cluster (clusterindex * clusterByteSize) by using SetFilePointer
• write/read your data with WriteFile/ReadFile on the handle, retreived by above CreateFile
  (Also note that read/write access has to be sector aligned, otherwise the ReadFile/WriteFile calls fail)

Please note:

this is only meant as a starting point for your own research. This is not a bullet proof cooking receipt.
Backup your data before messing with the file system!!!

Also keep in mind that the free cluster bitmap will be outdated as soon as you get it (especially if using the system volume). So I would strongly advise against use of such techniques in production or customer environments.