How To: PhysicalDisks on Vista and Server 2008 (Windows7)

Version 3

    Because of nt6.x and nt7.x new security mechanisms, it is not possible to write directly to fs sectors on mounted volumes. In turn, it is not possible to use physical disks in virtual machines under vmware on Vista, Server 2008 and Windows7. It appears that several other applications also struggle with the same thing on those newer Windows platforms. This issue only applies to filesystems supported by MS. Relevant link on msdn;


    To cut short on this, it is still possible to use that advanced feature in vm's, we just need to make a workaround and trick the OS a little. The solution was actually triggered and inspired by this thread; and the fact that there is no tool (at least known to me) that can easily do this, for people unfamiliar with the structure of the mbr. Therefore I made a little tool that can give rawdisk access.


    I can verify that it works on Vista and Server 2008. I have not tested on Windows7, but assume the workaround required is still the same.


    To use the whole physical disk under Server 2008 and Windows7, the most easy way is to put the disk offline. To do that start diskpart.exe and select your disk, then enter "offline disk", then "attribute disk clear readonly", then "rescan". That's how simple (and safe) it can be!


    But, that option is not available on Vista's version of diskpart (and it is also not possible to use other versions on vista either), and so a workaround is required. Basically just erase the disk signature (55AA) in the mbr, then let diskpart rescan the disks, so that it now believes the disk without the signature is not partitioned. Now write back the signature onto disk's mbr and vmware is ready to boot from the physical disk. It is now in perfect shape although vista believes it is not partitioned. Very important to NOT let diskpart now rescan the disks as that will destroy the fun.


    Now the more tricky bit of this is when using individual physical partitions. The solution is to temporarily erase the entry for the specific partition ID in the mbr, then let diskpart rescan the disks. Now the OS will think the partition does not exist, and thus has no need to lock it. Then write back the partition ID to the mbr and vmware is ready to boot from it. It is not possible to put individual partitions offline, so this trick must be used on Vista, Server 2008 and Windows7. However, with the offline trick, you can still use individual partitions with vmware. So how does it actually work? The partition table in the mbr starts at decimal offset 448 and ends at offset 511 (including the signature which is the last 2 bytes). Each primary partition entry is 16 bytes and there are 4 primary partitions. The first partition is from offset 448 - 463, the second is from offset 464 - 479, the third is from offset 480 - 497, anf the fourth is from offset 494 - 509. The disk signature is from offset 510 - 511. So when erasing the partition ID, we replace the hex values at decimal offsets 450, 466, 482 and 498 respectively with 00's. This tool utilizes 2 small apps, dsfi.exe and dsfo.exe, that comes from the dsfok package. It only reads and writes blocks of data from the first sector in
    .\PhysicalDriveN. Note that setting partition ID to some other bogus value, like linux or unused, will not work. At least on Server 2008. There is now implemented backup functionality in the app. The mbr of the disk in question, will be backed up to a uniqe name containing computer name, the 4 byte hex disk signature and a timestamp. It will be named something like MBR-Dell-0x7139661B-20090809150610.bak. The patched partition ID's are also backed up inside the mbr itself. The backup offsets are 434 for partition1, 435 for partition2, 444 for partition3, and 445 for partition4. These offsets are very rarely used and is almost always 00. If something was mistakenly overwritten at those offsets, the original ones will be in the mbr backup anyway. This was only implemented to calm the paranoid users. The app is still just modifying the first sector, and does not touch the bootsector at all.


    Here is a screenshot from VistaPE, where VMware Workstation is installed;  

    The secondary partition on a flashstick has booted MOA, whereas the virtual machine itself is located on the first partition on the same flashstick. Notice the diskmanager inside and outside of the vm.


    That is basically what the tool does. It has an extremely simple GUI, just make sure you know what disk you want to add to a virtual machine.


    The OS may under certain circumstances offer to format "non-partitioned" partitions, or initialize "fresh raw disks". It is EXTREMELY IMPORTANT to abort ANY such offers by the OS, as it is just an illusion to the OS while the disks are still in perfect shape.


    When you don't need this tool:

    If you configure to use a physical disk and take a snapshot of it with vmrun.exe prior to starting the virtual machine.



    Close all open files and programs, and preferably unmount (remove drive letter) all volumes that you plan to prepare.


    Limitations of this tool:

    • Not for 64-bit.

    • Not for logical partitions (if using individual partitions)

    • Will not work if you have any security mechanism that prevents writing to the mbr. Alternatively disable it.

    • Handles max 21 local disks for gui version, and max 100 local disks for cmd version. More can easily be added.

    • For partitions, currently only 1 primary partition will be prepared, but there is no problem in preparing for instance 2-3 individual primary partitions. Just tweak the extracted batches.

    • I am sure there is plenty more..




    To use multipartitioned flashsticks, install the Hitachi microfilter driver. Instructions are here; The screenshot above is from such. It works on Vista and Server 2008, but don't know about Windows7.


    Last words:

    I take no responsibility for your system. To be on the safe side though, backup the first sector of all your disks and put in a safe place. It has been tested thoroughly, and it works as expected. Try it in a virtual machine first to se how it works. Remember this is highly experimental stuff, that may cause harm to your first sector if the tool is interrupted while reading and writing the mbr. The AutoIt source is included in the download (which will reveal my low level of programming skills). Feedbacks are welcome.



    The command line version takes three parameters:



    - First parameter is the mode. There are three modes; 1, 2 and 3. 1 is the 55AA trick. 2 is the offline trick. 3 is the individual partition ID (00) trick.



    -  Second parameter is the disk number. It can be in between 0-99.



    - Third parameter is the partition number. It can be in between 1-4.



    Obviously mode 1 and 2 only takes disk number as parameter, but some bogus third parameter has to be supplied for it to work. The bogus parameter in the samples are "a". If parameters are supplied incorrectly the application will not execute anything.



    Sample command line:



    The 55AA trick on disk number 2;

    "rawdisk_cmd.exe 1 2 a"


    The 55AA trick on disk number 5;

    "rawdisk_cmd.exe 1 5 a"


    The offline trick on disk number 0;

    "rawdisk_cmd.exe 2 0 a"


    The offline trick on disk number 7;

    "rawdisk_cmd.exe 2 7 a"


    The partition ID trick on disk number 1 and partition number 1;

    "rawdisk_cmd.exe 3 1 1"


    The partition ID trick on disk number 4 and partition number 3;

    "rawdisk_cmd.exe 3 4 3"






    Joakim Schicht