Reading raw data in batch has always been a hard task. You can’t read binary files (at least easily), because ASCII control characters will result in an absolute mess. File I/O is already a quite challenging task.

That is one of the reasons I decided to create my new plugin/tool: DiskRead. DiskRead allows you to read raw chunks of a disk or a file and display them in hexadecimal. There aren’t many tools to achieve this task, although it can be necessary for a variety of situations.

• Reading binary files in batch.
• Reading sectors of the hard drive to get their information.
• Create a hexadecimal dump of a certain file.
• And most importantly, create backups of your boot sectors.

The last-mentioned use is the most important one in my opinion. Having a backup of the MBR/GPT and the partition table of a drive is a very critical thing, which pretty much no users do. Backups are always indispensable, in case of drive corruption, unintended changes, malware… Without a partition table, you can’t access disk contents, thus making it unusable.

We can compare 2 different situations:

1. User A didn’t make any backup. He’s working on a very important programming project, and he has to hand over college work. One day, he accidentally gets malware into his system, and it corrupts the drive partition table and MBR. He lost all of his work, having no way to recover his projects & work.
2. User B makes backups regularly. He’s also working on his projects and the same disaster happens. Luckily, he made a backup of his drive’s bootsector and partition table using DiskRead, so he can just apply the backup and all work is recovered.

This is a possible case of what could happen to any computer user any day. This is the main reason why backups are important.

DiskRead usage

Usage:
diskread <drive | file> [read count] [export <file>]

Examples:
diskread \\.\PhysicalDrive0 512 export bootsect.bak
Reads 512 bytes from physical drive 0 and exports it to the file bootsect.bak

diskread file.txt 40
Reads the first 40 bytes from file.txt and prints it in hexadecimal.

Return code:
The number of bytes reads is returned in case of success, or an error code on failure.

First note: Due to Windows limitations, disk reading is performed in chunks of 512 bytes. Values will be rounded up to the nearest multiple of 512.
Second note: Reading from a disk/partition requires administrator privileges. You’ll get the error “Access is denied. (0x5)” if you don’t have them.

To open a drive, use \\.\PhysicalDrive0 where 0 is the number on the physical drive.
To do the same with a partition, use \\.\C: where C is the partition letter. Don’t add a trailing backslash to interpret it as a partition rather than a directory.

Examples and screenshots