微软3层有一个格式化磁盘API--SHFormatDrive,但是这只是一个窗体API,不能实现后台自动格式化,于是反汇编了一下它的具体实现。
Header.h
typedef enum
{
FMIFS_UNKNOWN0,
FMIFS_UNKNOWN1,
FMIFS_UNKNOWN2,
FMIFS_UNKNOWN3,
FMIFS_UNKNOWN4,
FMIFS_UNKNOWN5,
FMIFS_UNKNOWN6,
FMIFS_UNKNOWN7,
FMIFS_FLOPPY,
FMIFS_UNKNOWN9,
FMIFS_UNKNOWN10,
FMIFS_REMOVABLE,
FMIFS_HARDDISK,
FMIFS_UNKNOWN13,
FMIFS_UNKNOWN14,
FMIFS_UNKNOWN15,
FMIFS_UNKNOWN16,
FMIFS_UNKNOWN17,
FMIFS_UNKNOWN18,
FMIFS_UNKNOWN19,
FMIFS_UNKNOWN20,
FMIFS_UNKNOWN21,
FMIFS_UNKNOWN22,
FMIFS_UNKNOWN23,
} FMIFS_MEDIA_FLAG;
typedef enum
{
PROGRESS,
DONEWITHSTRUCTURE,
UNKNOWN2,
UNKNOWN3,
UNKNOWN4,
UNKNOWN5,
INSUFFICIENTRIGHTS,
FSNOTSUPPORTED,
VOLUMEINUSE,
UNKNOWN9,
UNKNOWNA,
DONE,
UNKNOWNC,
UNKNOWND,
OUTPUT,
STRUCTUREPROGRESS,
CLUSTERSIZETOOSMALL,
} CALLBACKCOMMAND;
typedef BOOLEAN
(NTAPI* PFMIFSCALLBACK)(
IN CALLBACKCOMMAND Command,
IN ULONG SubAction,
IN PVOID ActionInfo);
typedef struct
{
int Unknow;
BOOLEAN QuickFormat;
PWCHAR Label;
ULONG ClusterSize;
}FORMAT_INFO;
typedef LONG (WINAPI *ActiveHookFun)(PVOID *ppPointer, PVOID pDetour);
FormatDevice.cpp
#include <Windows.h>
#include <stdio.h>
#include <assert.h>
#include <tchar.h>
#include "FormatDevice.h"
BOOLEAN NTAPI callBack(
IN CALLBACKCOMMAND Command,
IN ULONG SubAction,
IN PVOID ActionInfo)
{
if(Command == DONE)
{
if(*(bool*)ActionInfo)
{
printf("成功");
}
else
{
printf("失败");
}
}
return TRUE;
}
void __fastcall callBack2(DWORD a1, DWORD a2, signed int a3, signed int a4, char * a5)
{
return;
}
void (WINAPI* FormatDevice)(
IN PWCHAR DriveRoot,
IN FMIFS_MEDIA_FLAG MediaFlag,
IN PWCHAR Format,
IN PWCHAR Label,
IN BOOLEAN QuickFormat,
IN ULONG ClusterSize,
IN PFMIFSCALLBACK Callback
);
void (WINAPI* FormatDevice2)(
IN PWCHAR DriveRoot,
IN FMIFS_MEDIA_FLAG MediaFlag,
IN PWCHAR Format,
FORMAT_INFO* FormatInfo,
void* callBack);
//L"D:\\"
int _tmain(int argc, _TCHAR* argv[])
{
TCHAR VolumeLabel[MAX_PATH] = {0};
wcscpy(VolumeLabel, lpcVolumeLabel);
HMODULE hModFmifs = LoadLibrary(TEXT("FMIFS.DLL"));
(FARPROC&)FormatDevice = GetProcAddress(hModFmifs, "FormatEx");
(FARPROC&)FormatDevice2 = GetProcAddress(hModFmifs, "FormatEx2");
//方式1 XP
if(!isBigerThanXp)
{
FormatDevice(VolumeLabel, FMIFS_HARDDISK, L"NTFS", L"OK", TRUE, 4096, callBack);
}
else
{
//方式2 Win7
FORMAT_INFO FormatInfo = {0};
FormatInfo.Unknow = 1;
FormatInfo.QuickFormat = 1;
FormatInfo.Label = L"formatex2";
FormatInfo.ClusterSize = 4096;
FormatDevice2(VolumeLabel, FMIFS_HARDDISK, L"NTFS", &FormatInfo, callBack2);
}
return 0;
}
在Xp系统,调用FMIFS的FormatEx,在Win7上,调用的是FMIFS的FormatEx2
参数很简单,根据变量名就能明白是什么意思,这里就不解释了~
对于FormatEx2的最后一个回调函数没弄懂具体的参数,但是定义一个空的函数体还是可行的
留言