How To: PhysicalDisks on Vista and Server 2008 (Windows7)

How To: PhysicalDisks on Vista and Server 2008 (Windows7)

Because of nt6.x and nt7.x new security mechanisms, it is not possible to write directly to fs sectors on mounted volumes. In turn, it is not possible to use physical disks in virtual machines under vmware on Vista, Server 2008 and Windows7. It appears that several other applications also struggle with the same thing on those newer Windows platforms. This issue only applies to filesystems supported by MS. Relevant link on msdn;

To cut short on this, it is still possible to use that advanced feature in vm's, we just need to make a workaround and trick the OS a little. The solution was actually triggered and inspired by this thread; and the fact that there is no tool (at least known to me) that can easily do this, for people unfamiliar with the structure of the mbr. Therefore I made a little tool that can give rawdisk access.

I can verify that it works on Vista and Server 2008. I have not tested on Windows7, but assume the workaround required is still the same.

To use the whole physical disk under Server 2008 and Windows7, the most easy way is to put the disk offline. To do that start diskpart.exe and select your disk, then enter "offline disk", then "attribute disk clear readonly", then "rescan". That's how simple (and safe) it can be!

But, that option is not available on Vista's version of diskpart (and it is also not possible to use other versions on vista either), and so a workaround is required. Basically just erase the disk signature (55AA) in the mbr, then let diskpart rescan the disks, so that it now believes the disk without the signature is not partitioned. Now write back the signature onto disk's mbr and vmware is ready to boot from the physical disk. It is now in perfect shape although vista believes it is not partitioned. Very important to NOT let diskpart now rescan the disks as that will destroy the fun.

Now the more tricky bit of this is when using individual physical partitions. The solution is to temporarily erase the entry for the specific partition ID in the mbr, then let diskpart rescan the disks. Now the OS will think the partition does not exist, and thus has no need to lock it. Then write back the partition ID to the mbr and vmware is ready to boot from it. It is not possible to put individual partitions offline, so this trick must be used on Vista, Server 2008 and Windows7. However, with the offline trick, you can still use individual partitions with vmware. So how does it actually work? The partition table in the mbr starts at decimal offset 448 and ends at offset 511 (including the signature which is the last 2 bytes). Each primary partition entry is 16 bytes and there are 4 primary partitions. The first partition is from offset 448 - 463, the second is from offset 464 - 479, the third is from offset 480 - 497, anf the fourth is from offset 494 - 509. The disk signature is from offset 510 - 511. So when erasing the partition ID, we replace the hex values at decimal offsets 450, 466, 482 and 498 respectively with 00's. This tool utilizes 2 small apps, dsfi.exe and dsfo.exe, that comes from the dsfok package. It only reads and writes blocks of data from the first sector in
.\PhysicalDriveN. Note that setting partition ID to some other bogus value, like linux or unused, will not work. At least on Server 2008. There is now implemented backup functionality in the app. The mbr of the disk in question, will be backed up to a uniqe name containing computer name, the 4 byte hex disk signature and a timestamp. It will be named something like MBR-Dell-0x7139661B-20090809150610.bak. The patched partition ID's are also backed up inside the mbr itself. The backup offsets are 434 for partition1, 435 for partition2, 444 for partition3, and 445 for partition4. These offsets are very rarely used and is almost always 00. If something was mistakenly overwritten at those offsets, the original ones will be in the mbr backup anyway. This was only implemented to calm the paranoid users. The app is still just modifying the first sector, and does not touch the bootsector at all.

Here is a screenshot from VistaPE, where VMware Workstation is installed;

The secondary partition on a flashstick has booted MOA, whereas the virtual machine itself is located on the first partition on the same flashstick. Notice the diskmanager inside and outside of the vm.

That is basically what the tool does. It has an extremely simple GUI, just make sure you know what disk you want to add to a virtual machine.

The OS may under certain circumstances offer to format "non-partitioned" partitions, or initialize "fresh raw disks". It is EXTREMELY IMPORTANT to abort ANY such offers by the OS, as it is just an illusion to the OS while the disks are still in perfect shape.

When you don't need this tool:

If you configure to use a physical disk and take a snapshot of it with vmrun.exe prior to starting the virtual machine.

Safety:

Close all open files and programs, and preferably unmount (remove drive letter) all volumes that you plan to prepare.

Limitations of this tool:

  • Not for 64-bit.

  • Not for logical partitions (if using individual partitions)

  • Will not work if you have any security mechanism that prevents writing to the mbr. Alternatively disable it.

  • Handles max 21 local disks for gui version, and max 100 local disks for cmd version. More can easily be added.

  • For partitions, currently only 1 primary partition will be prepared, but there is no problem in preparing for instance 2-3 individual primary partitions. Just tweak the extracted batches.

  • I am sure there is plenty more..

Extra:

To use multipartitioned flashsticks, install the Hitachi microfilter driver. Instructions are here; The screenshot above is from such. It works on Vista and Server 2008, but don't know about Windows7.

Last words:

I take no responsibility for your system. To be on the safe side though, backup the first sector of all your disks and put in a safe place. It has been tested thoroughly, and it works as expected. Try it in a virtual machine first to se how it works. Remember this is highly experimental stuff, that may cause harm to your first sector if the tool is interrupted while reading and writing the mbr. The AutoIt source is included in the download (which will reveal my low level of programming skills). Feedbacks are welcome.

The command line version takes three parameters:

- First parameter is the mode. There are three modes; 1, 2 and 3. 1 is the 55AA trick. 2 is the offline trick. 3 is the individual partition ID (00) trick.

- Second parameter is the disk number. It can be in between 0-99.

- Third parameter is the partition number. It can be in between 1-4.

Obviously mode 1 and 2 only takes disk number as parameter, but some bogus third parameter has to be supplied for it to work. The bogus parameter in the samples are "a". If parameters are supplied incorrectly the application will not execute anything.

Sample command line:

The 55AA trick on disk number 2;

"rawdisk_cmd.exe 1 2 a"

The 55AA trick on disk number 5;

"rawdisk_cmd.exe 1 5 a"

The offline trick on disk number 0;

"rawdisk_cmd.exe 2 0 a"

The offline trick on disk number 7;

"rawdisk_cmd.exe 2 7 a"

The partition ID trick on disk number 1 and partition number 1;

"rawdisk_cmd.exe 3 1 1"

The partition ID trick on disk number 4 and partition number 3;

"rawdisk_cmd.exe 3 4 3"

Joakim Schicht

Attachments
Comments

Thanks a lot Joakim

this is very useful work

Folks - really follow Joakim's tip to practice this in VMs first - this can be dangerous stuff if used without practice

My rating : 5 stars

Ulli

___________________________________

VMX-parameters - VMware-liveCD - VM-Sickbay

Great work indeed. Can I suggest that you not use partition type 00 to hide the partition, but instead to use 3C as then the OS will not offer to initialize/format it anymore. Look in this table on why i selected this particular type.

--

Wil

I did not only set partition type to 00, but merely replaced all 16 bytes (whole partition entry) with 00's so that OS believes partition does not exist. My early research showed that modifying partition type is not sufficient to let Vista/2008/Win7 completely unlock it.

Anyways, I will do more research on this, and maybe finetune and modify it a bit. Thanks for feedback.

Joakim

hello jokke

i have tried your nice program, but i didn't succeed and i don't know exactly why.

1.: i use win7 and after using the program to hide a partition, it disappeared in the diskpart program as it should.

2.: i did not hide a primary partition. you told, that it doesn't work for logical partitions, so i tried an extended partition. did you already try this? could it possibly work?

3.: i don't use vmware at the moment, but i have a similar problem with an other popular virtualisation software.

so, do you already know why it doesn't work? problems with win7, problems with extended partitions or problems with other virtualisation software?

thx,

Gootsch

Ive had some luck using a different approach without any 3rd party software or extreme tweaking... I use Windows 7 x64 Professional edition, here are the steps I used for adding a drive to a VM that was a partition.

I installed a new SATA drive dedicated for VM direct storage. I initialized the drive as a MBR and created a single partition the size I wanted but did not format the disk or assign it a drive letter. I then inside of "Disk Management", I right clicked the new drive and selected offline. Next I ran "diskpart.exe" found the drive after listing them with "list disk", for me it was 2, so i issued "select disk 2" followed by "attributes disk clear readonly" which removed the readonly flag that was placed on the disk.

Once those steps were performed, i was able to add the new partition to the VM and have complete read/write access without any issue. It still works for me even after a reboot of the host OS. Hopefully this might work for you guys...

About logical partitions:

I can't remember what I found out. Maybe it was too complicated to bother with. If you want to give it a try, you will need to look up offsets for EPBR, for those in the experimental mode. Beware of the risk with this. I accidentally lost my own partition table when doing these tests..and had a hard time rebuilding.

For Windows 7 64-bit:

I don't know about 64-bit, but will assume the new security mechanisms of nt6 and nt7 are still the same. Then like I already described in the main doc, putting disk offline may be sufficient in certain scenarios. Namely those about full disk attachment in vmware, or as Naicisum mention, when there is only one primary partition with rest unallocated. I doubt it would work in your setup if you had more than one primary partition (except if you chose to attach whole disk). For that you would need some sort of 3.rd party tool to manually hex edit the partition table.

Honestly, I still have not tried workstation 7, so I don't know if this bug/missing feature has been fixed or added. I still have not seen any official statement about this, but have been waiting for it. It is after all, highly possible to fix if implemented correctly..

Joakim

Hi,

Just a quick note to say that I used your rawdisk utility on a W7 x64 build with VMWare Workstation 7 for a NTFS primary partition (not the whole disk) and it worked fine.

Thanks for your efforts on this.

Naicisum, this worked great for me on my Windows 7 x64! Very much appreciated.

I have two Windows 7 x64 machines and the first accepted the physical disk attachment (with about 6 hours of messing around) but the second machine just would not work and I assumed the above was not the case in my situation as it worked on machine 1 but not machine 2.

It turns out in Device Manager depending on your BIOS (tested SATA in IDE mode, AHCI mode & RAID mode) & hardware controller HDDs will appear as one of the below variations:

1) "ST310003 33AS SCSI Disk Device" - Machine 1, worked if added as a Generic SCSI Device and did not need the above utility

2) "ST310003 33AS ATA Device" - Machine 2 in IDE mode

3) "ST310003 33AS" - Machine 2 in AHCI mode

The machine 2 finally worked with the above utility. VMware would do well to place a warning in the next version of the Add Hardware Wizard that while Physical disks may be an ' for Advanced users' technique the virtual hardware type you choose and the hardware controller present on the host play a greater role than just the complexity of going into Disk Management and removing the drive letter. I literally went down to the level of searching for open handles in Sysinternals Process Explorer and after comparing between the working machine and not working machine found that both only had Vmware Workstation and the System process handling \Device\Harddisk1.

Thanks Naicisum. This solution worked best for me as well. Running the lockdismount.exe everytime I wanted to use the guest was not a viable option.

I succeeded using rawdisk_cmd on Win7 64bit for an extended partition.

The extended partition contains two logical ext3 partitions, the guest OS ist OpenSUSE 11.2.

The command was "rawdisk_cmd.exe 3 0 4", I'm using VMWare Player 3.1.3.

Unbelievable that this problem is still not fixed by VMWare.

This is great stuff Joakim!

Worked on W7 x64 (or at least, I got further than I did before)

Edit: A reboot 'undid' the changes and the partition was visible once again.

This is really outdated, but it should be about time for a real fix now. Until then, you should consider safer alternatives that uses win api to lock the volume, instead of this dirty & risky hack. LockDismount by TheK has been around for quite some. Lately I made my own version and called it LockVolume. Both are found at http://reboot.pro forums. Some small differences only.

I had the same issue in my Windows 8 Host and Ubuntu 12.04 as a Guest.

What I discovered, is by hiding the partition using the Minitool Partition Wizard it started to work.

Just to be sure, that the scenario is the same, I have configured the /boot and MBR in other virtual disk, which is the file, and only "/" is mounted as a raw disk. I believe having the MBR in the different virtual disk gives you more chance to have the main Windows partition in worked state.

Version history
Revision #:
1 of 1
Last update:
‎08-03-2009 12:40 PM
Updated by: