[收藏]在Win9x/NT下获取硬盘物理序列号

天云上人

  #include <WinIOCtl.h>
#include <stdio.h>

#pragma inline
4 i: X8 S' t, |//---------------------------------------------------------------------------
; j% s6 X4 w' F) ~3 E' d2 N: b// IDE NT/2000/XP专用变量
#define GETVERSIONOUTPARAMS     GETVERSIONINPARAMS
- |. y2 \$ X- S7 _2 a3 |+ w- @/ f#define DFP_GET_VERSION         SMART_GET_VERSION
$ `+ p, E; ?( O#define DFP_SEND_DRIVE_COMMAND  SMART_SEND_DRIVE_COMMAND
& M: |. {* l5 H0 o5 g7 I( k#define DFP_RCV_DRIVE_DATA      SMART_RCV_DRIVE_DATA

+ H% _# }  l& M! F( o5 Pconst WORD IDE_ATAPI_IDENTIFY = 0xA1;   // 读取ATAPI设备的命令
const WORD IDE_ATA_IDENTIFY   = 0xEC;   // 读取ATA设备的命令
" K, W4 g; W  o) A8 Q# S! U
const int MAX_IDE_DRIVES = 4;

0 Y" s2 S7 }! @* `2 H  `// SCSI专用变量
% U0 [1 H: O0 u1 [& Xconst DWORD FILE_DEVICE_SCSI             = 0x0000001B;
7 ?% K1 Z7 b& `; l0 ^2 m6 N( jconst DWORD IOCTL_SCSI_MINIPORT_IDENTIFY = ((FILE_DEVICE_SCSI << 16) + 0x0501);
& ^% I6 f5 L" Y5 d5 Econst DWORD IOCTL_SCSI_MINIPORT          = 0x0004D008; // see NTDDSCSI.H for definition
const DWORD SENDIDLENGTH  = sizeof(SENDCMDOUTPARAMS) + IDENTIFY_BUFFER_SIZE;
% k+ W( u; s7 B3 U$ F; N
" K  J8 Y8 w, \typedef struct _SRB_IO_CONTROL
{
   ULONG HeaderLength;
   UCHAR Signature[8];
   ULONG Timeout;
$ |. z  J$ G' C- r0 c1 p& i' R+ `    ULONG ControlCode;
   ULONG ReturnCode;
   ULONG Length;
}SRB_IO_CONTROL, *PSRB_IO_CONTROL;
3 Q; G& C  x6 H4 X9 q- f
. E5 W* y* I5 M8 N4 {// 读取的主函数
void __fastcall ReadPhysicalDrive(TStrings *pSerList, TStrings *pModeList);
1 Y+ W( K  h5 x2 ~
// 辅助函数
: k3 c1 G8 t; d  V- {# k# dchar *__fastcall ConvertToString(DWORD dwDiskData[256], int nFirstIndex, int nLastIndex);
// NT/2000/XP函数
void __fastcall ReadPhysicalDriveOnNT(TStrings *pSerList, TStrings *pModeList);
: O0 a' i+ @9 b$ A: I+ d* Vbool __fastcall DoIdentify(HANDLE hPhysicalDriveIOCTL, PSENDCMDINPARAMS pSCIP,
       PSENDCMDOUTPARAMS pSCOP, BYTE btIDCmd,
1 n& Y6 t+ Z8 H3 w. y9 I/ w4 F' U        BYTE btDriveNum, PDWORD lpcbBYTEsReturned);
// Windows 9X函数
/ N7 I, i% x3 wvoid __fastcall ReadPhysicalDriveOnW9X(TStrings *pSerList, TStrings *pModeList);
/ n/ X  s, E# qvoid __fastcall ReadPhysicalDriveOnW9X_Ring0(bool IsFirst, WORD BaseAddress,
       BYTE MoS, bool &IsIDEExist, bool &IsDiskExist, WORD *OutData);
& R: o& i, p% X: ?" X
  K8 e1 ~" L6 U) G( N// SCSI读取函数(for NT/2000/XP)
6 G4 F  I8 p0 a% DString __fastcall ReadIDEDriveAsScsiDriveOnNT();
//---------------------------------------------------------------------------
1 N/ w, K- ^7 ~7 ^' o- C7 {// ReadPhysicalDrive
void __fastcall ReadPhysicalDrive(TStrings *pSerList, TStrings *pModeList)
3 Y# ?: M) @) C- a/ T/ {1 \7 q7 X# `{
   switch(Win32Platform)
   {
       case VER_PLATFORM_WIN32_WINDOWS:
           ReadPhysicalDriveOnW9X(pSerList, pModeList);
           break;
       case VER_PLATFORM_WIN32_NT:
           ReadPhysicalDriveOnNT(pSerList, pModeList);
           break;
1 U+ t* Q- ~0 U- u- x        default:
           break;
   }
+ y0 d4 D! I* v% ?$ _}
6 v2 g6 e8 q1 @( p//---------------------------------------------------------------------------
// ConvertToString
6 _  }2 e( k6 h6 \% E) vchar *__fastcall ConvertToString(DWORD dwDiskData[256], int nFirstIndex, int nLastIndex)
3 ?9 }) L: b' T! ?1 W# D# n5 q{
1 c6 F' I' s6 @/ ?  q    static char szResBuf[1024];
/ \$ t* ]; h  U+ v, s; r) D    int nIndex = 0;
( S/ n5 u* k9 F: Z3 i- D$ S; H    int nPosition = 0;

' L. Z- |& U6 k( b    // Each integer has two characters stored in it backwards
   for(nIndex = nFirstIndex; nIndex <= nLastIndex; nIndex++)
   {
" t% B" h, J9 x5 ?        // Get high BYTE for 1st character
       szResBuf[nPosition] = (char)(dwDiskData[nIndex] / 256);
& x) v+ g$ R; Z        nPosition++;

       // Get low BYTE for 2nd character
       szResBuf[nPosition] = (char)(dwDiskData[nIndex] % 256);
       nPosition++;
7 ~: }5 f3 r9 b( n9 H$ S; F( b- ^( F! h    }
/ J8 i& E, F  p+ M
) _( |3 A6 I$ s$ m    // End the string
   szResBuf[nPosition] = '\0';
& t4 }1 g0 Q+ T1 s1 t/ o1 u
   // Cut off the trailing blanks
6 J7 ^# N& H6 g+ I" h, H    for(nIndex = nPosition - 1; nIndex > 0 && ' ' == szResBuf[nIndex]; nIndex--)
9 a  z, ^+ ^! x4 g. c+ A% x        szResBuf[nIndex] = '\0';
3 Z4 M, X% @* b, c& l; F
2 V) Y/ _( b+ D% I% U' z* M" b: N7 F    return szResBuf;
, o9 S8 T9 a* o}
1 F. w& n( M- O7 v, r//---------------------------------------------------------------------------
// Winndows NT4/2000/XP 代码
- R5 ?) L% \5 h! ?0 i  _//---------------------------------------------------------------------------
$ V% J( {, G! M$ Q- F7 A+ y// ReadPhysicalDriveOnNT
void __fastcall ReadPhysicalDriveOnNT(TStrings *pSerList, TStrings *pModeList)
/ @  @6 c3 V$ K) X+ b{
   // 输出参数
   BYTE btIDOutCmd[sizeof(SENDCMDOUTPARAMS) + IDENTIFY_BUFFER_SIZE - 1];
2 ^8 q2 C/ F2 |) q
5 T9 q3 L3 j% h    for(int nDrive=0; nDrive < MAX_IDE_DRIVES; nDrive++)
   {
       HANDLE hPhysicalDriveIOCTL;
, e3 H. R+ o2 a' B  c- F8 b5 J7 v: C        char szDriveName[32];

       sprintf(szDriveName, "\\\\.\\PhysicalDrive%d", nDrive);
6 g, r! B" }! t" I' c        hPhysicalDriveIOCTL = CreateFile(szDriveName,
- q9 w* \  p9 j$ ?( ~/ I3 s) @, R4 r                        GENERIC_READ | GENERIC_WRITE,
& R* E) u: O3 M7 p6 p% u                        FILE_SHARE_READ | FILE_SHARE_WRITE, NULL,
                       OPEN_EXISTING, 0, NULL);

8 a9 Y; a; k9 I# Z8 h, D        if(hPhysicalDriveIOCTL != INVALID_HANDLE_VALUE)
9 k8 o$ y/ B/ W9 P/ I        {
2 c! B  h0 R5 p            DWORD dwBytesReturned = 0;
5 t: ]& q6 `8 s; w$ A1 ~- w            GETVERSIONOUTPARAMS gvopVersionParams;
6 {% q0 g( R( u' S& `5 @3 T: t& X! V
% B( o. W- A5 l# A( z4 Z  t            // Get the version, etc of PhysicalDrive IOCTL
% f8 G( A$ a3 Q! [6 R) G            ZeroMemory(&gvopVersionParams, sizeof(GETVERSIONOUTPARAMS));

2 H4 W0 Y; c4 B; n% {; B* i" K3 s            if(!DeviceIoControl(hPhysicalDriveIOCTL, DFP_GET_VERSION,
                   NULL, 0, &gvopVersionParams, sizeof(gvopVersionParams),
                   &dwBytesReturned, NULL))
           {
3 |# [; H- y; ^3 G" A+ h                continue;
% `) f- O7 {* J6 q2 U! `            }
/ N. ]2 o% U0 F" `
           if(gvopVersionParams.bIDEDeviceMap > 0)
           {
2 Z4 r; h5 J& x2 I9 d* w                // IDE or ATAPI IDENTIFY cmd
               BYTE btIDCmd = 0;
               SENDCMDINPARAMS InParams;
               // Now, get the ID sector for all IDE devices in the system.
* K  r- ?9 Y7 Y                // If the device is ATAPI use the IDE_ATAPI_IDENTIFY command,
               // otherwise use the IDE_ATA_IDENTIFY command
               // 具体所得结果请参考头文件中的说明
' l+ q0 R8 V$ H2 w& d: g9 k$ ]$ U                btIDCmd = (gvopVersionParams.bIDEDeviceMap >> nDrive & 0x10) ?
                       IDE_ATAPI_IDENTIFY : IDE_ATA_IDENTIFY;
               ZeroMemory(&InParams, sizeof(SENDCMDINPARAMS));
               ZeroMemory(btIDOutCmd, sizeof(btIDOutCmd));

% B" ~7 {7 h* F; P                if(DoIdentify(hPhysicalDriveIOCTL,
8 t! h, [: H" c5 H                     &InParams, (PSENDCMDOUTPARAMS)btIDOutCmd,
                    (BYTE)btIDCmd, (BYTE)nDrive, &dwBytesReturned))
( H, q- N6 U& U7 U                {
" \$ `" r' E/ e. Q                    DWORD dwDiskData[256];
$ x0 Z/ e- P1 C& a3 I                    USHORT *pIDSector; // 对应结构IDSECTOR，见头文件
                   char szSerialNumber[21];
. {5 r1 t4 Y9 B6 s                    char szModelNumber[41];
$ R/ [, ^& H' R6 {$ }
                   pIDSector = (USHORT*)((SENDCMDOUTPARAMS*)btIDOutCmd)->bBuffer;
                   for(int i=0; i < 256; i++)
1 f4 V3 ~/ t( U1 G% z: e1 D' M                        dwDiskData = pIDSector;
                   // 取系列号
                   ZeroMemory(szSerialNumber, sizeof(szSerialNumber));
& T4 x4 _, \1 c) u; `2 _                    strcpy(szSerialNumber, ConvertToString(dwDiskData, 10, 19));
8 j2 x$ x) ]8 y$ e# {
6 g7 V- v* h: [                    // 取模型号
                   ZeroMemory(szModelNumber, sizeof(szModelNumber));
! {5 _, _0 {7 y% d0 s! @" Q                    strcpy(szModelNumber, ConvertToString(dwDiskData, 27, 46));
' ]5 \2 o5 n5 v: s; |- y( F' P
. T; H4 ^7 W, ?- D                    pSerList->Add(szSerialNumber);
3 }$ L0 s+ V7 j% P" Z0 }                    pModeList->Add(szModelNumber);
% O/ X0 `, z' h0 l3 [. `) ]: k, z                }
           }
           CloseHandle (hPhysicalDriveIOCTL);
: o9 V3 o5 _# [2 g, b9 [/ A        }
4 |, G1 N9 U! l    }
. V4 c0 E4 i/ @9 ^1 w  r% K" S}
//---------------------------------------------------------------------------
! g2 n7 [9 e3 Q0 G) D// DoIdentify
bool __fastcall DoIdentify(HANDLE hPhysicalDriveIOCTL, PSENDCMDINPARAMS pSCIP,
5 s! Z, |4 y  v8 s" C              PSENDCMDOUTPARAMS pSCOP, BYTE btIDCmd, BYTE btDriveNum,
             PDWORD pdwBytesReturned)
{
8 {- P3 s8 v7 {+ L    // Set up data structures for IDENTIFY command.
   pSCIP->cBufferSize = IDENTIFY_BUFFER_SIZE;
   pSCIP->irDriveRegs.bFeaturesReg = 0;
% j$ j4 Q; J$ g; [7 T7 q" N' ?    pSCIP->irDriveRegs.bSectorCountReg  = 1;
9 E: J5 j$ [) Y' d) e1 q7 B    pSCIP->irDriveRegs.bSectorNumberReg = 1;
   pSCIP->irDriveRegs.bCylLowReg  = 0;
% f' G) ~+ Z3 e  H( l    pSCIP->irDriveRegs.bCylHighReg = 0;

   // Compute the drive number.（主盘和从盘所对应的值是不一样的）
   pSCIP->irDriveRegs.bDriveHeadReg = (btDriveNum & 1) ? 0xB0 : 0xA0;

3 j( P2 p/ \1 n0 x' _2 j) n    // The command can either be IDE identify or ATAPI identify.
8 E$ B' B" h" u, n! N: M    pSCIP->irDriveRegs.bCommandReg = btIDCmd;
) b5 E  i: K' a1 Y) H$ H    pSCIP->bDriveNumber = btDriveNum;
   pSCIP->cBufferSize = IDENTIFY_BUFFER_SIZE;
, I- C* [, ^! z8 ?" b) V! l
   return DeviceIoControl(hPhysicalDriveIOCTL, DFP_RCV_DRIVE_DATA,
          (LPVOID)pSCIP,
          sizeof(SENDCMDINPARAMS) - 1,
          (LPVOID)pSCOP,
; [6 a. d$ e) s: [" ?3 I* d' [           sizeof(SENDCMDOUTPARAMS) + IDENTIFY_BUFFER_SIZE - 1,
0 s4 _* Q* u. F/ N" z: E. s           pdwBytesReturned, NULL);
; J8 f! c: U; W; `7 M: h* \}
//---------------------------------------------------------------------------
// Windows 95/98/ME 代码
3 }9 @$ |: J8 x/ J5 ?//---------------------------------------------------------------------------
// ReadPhysicalDriveOnW9X
! j+ f0 Z- b$ [void __fastcall ReadPhysicalDriveOnW9X(TStrings *pSerList, TStrings *pModeList)
( K- W9 {9 u) k{
. M& W) m5 }9 }4 ~    WORD wOutData[256];
   SetPriorityClass(GetCurrentProcess(), REALTIME_PRIORITY_CLASS);

- i1 y2 u; g5 C# S6 E1 ^+ ]5 E    // 经过测试，发现第一次调用而且Drive >= 2时会在Ring0代码中出现错误，导致蓝屏。
   // 经过N（N > 15）次的蓝屏后仍找不到原因：（，不得不在这里增加一段无用代码以
   // 避免蓝屏的出现。（期待高人能指出原因）
   for(int nDrive = 0; nDrive < 8; nDrive++)
+ Q( {2 w6 ^: A* T    {
       WORD dwBaseAddress;
( H+ c3 `9 _+ c, a        BYTE btMasterSlave;         // Master Or Slave
+ ?, E0 B  \% `        bool bIsIDEExist;
       bool IsDiskExist;
8 w( C! M7 H# [$ x
1 K0 f" @" u1 D& o4 f        switch(nDrive / 2)
0 a9 U& C4 c6 r/ g8 E; J        {
+ m: a+ `. ~) ]* m% z  O            case 0: dwBaseAddress = 0x01F0; break;
: h! l6 Y  H. l$ \7 r/ y: ~" o6 C5 b. @            case 1: dwBaseAddress = 0x0170; break;
           case 2: dwBaseAddress = 0x01E8; break;
           case 3: dwBaseAddress = 0x0168; break;
% D$ x8 W- M, w2 h  h        }

       btMasterSlave = (BYTE)(((nDrive % 2) == 0) ? 0xA0 : 0xB0);
: h' Q/ u& p& G2 W
       // 进入Ring0
  u2 Q# S0 Q1 ]8 ^, y, V0 K        ReadPhysicalDriveOnW9X_Ring0(true, dwBaseAddress, btMasterSlave,
               bIsIDEExist, IsDiskExist, wOutData);
% m: z  r" _9 j: T& ^( H    }
$ c3 w8 T4 _# ]% r3 u3 z/ V
   // 开始读取
   for(int nDrive = 0; nDrive < 8; nDrive++)
: [# n2 k4 b& \3 \: c$ X    {
       WORD dwBaseAddress;
       BYTE btMasterSlave;         // Master Or Slave
       bool bIsIDEExist;
, y" o  @2 i5 `) h        bool bIsDiskExist;
       switch(nDrive / 2)
) N, k9 G( E6 Z        {
+ ?1 d+ }6 a  {8 w- G$ O3 T  _6 t            case 0: dwBaseAddress = 0x01F0; break;
# ]% t- [  X# c. |$ H, a0 d/ X6 M            case 1: dwBaseAddress = 0x0170; break;
7 Y- q) y. i* G, d8 r* b            case 2: dwBaseAddress = 0x01E8; break;
           case 3: dwBaseAddress = 0x0168; break;
9 G2 E4 X- e/ D& C        }

       btMasterSlave = (BYTE)(((nDrive % 2) == 0) ? 0xA0 : 0xB0);

       // 进入Ring0
- W9 t8 I+ `+ I5 G3 I, ?        bIsIDEExist  = false;
       bIsDiskExist = false;
       ZeroMemory(wOutData, sizeof(wOutData));

7 I3 B* \; ]2 ^6 \        ReadPhysicalDriveOnW9X_Ring0(false, dwBaseAddress, btMasterSlave,
               bIsIDEExist, bIsDiskExist, wOutData);

       if(bIsIDEExist && bIsDiskExist)
4 z% U/ T# X: A$ n. e        {
5 `; Q7 ~7 J$ ~( ~5 `1 g            DWORD dwDiskData[256];
. ?" W6 m, Y6 ?0 Y. V( u            char  szSerialNumber[21];
           char  szModelNumber[41];
! z$ c% ^0 i. T5 P/ b2 D, T0 |
: L1 \8 ^1 T/ [; y# ]: n# B            for(int k=0; k < 256; k++)
               dwDiskData[k] = wOutData[k];

           // 取系列号
  R% _1 \# G5 G. k' m1 `            ZeroMemory(szSerialNumber, sizeof(szSerialNumber));
           strcpy(szSerialNumber, ConvertToString(dwDiskData, 10, 19));

, G- y# R+ A3 p1 ^& d9 i            // 取模型号
( P( c; Q9 B* e8 \$ @            ZeroMemory(szModelNumber, sizeof(szModelNumber));
: k2 M/ ^" ?/ i6 o( J+ ]8 S! m            strcpy(szModelNumber, ConvertToString(dwDiskData, 27, 46));

$ w( p# r1 w) H/ O- Y            pSerList->Add(szSerialNumber);
           pModeList->Add(szModelNumber);
) q/ g. \, X* H% }' f$ z0 t        }
   }
/ ~5 u7 K! u/ G) v    SetPriorityClass(GetCurrentProcess(), NORMAL_PRIORITY_CLASS);
}
: \7 R# Y4 k& O# s- Y& l//---------------------------------------------------------------------------
// ReadPhysicalDriveOnW9X_Ring0()
- v( e$ Q) ?2 r: D//
// dwBaseAddress = IDE(0,1,2,3) : 1F0h, 170h, 1E8h, 168h
// btMasterSlave = Master(0xA0) Or Slave(0xB0)
//---------------------------------------------------------------------------
: S# L+ _' [/ r: {void __fastcall ReadPhysicalDriveOnW9X_Ring0(bool bIsFirst, WORD dwBaseAddress,
+ O; p; j' C2 f3 h- p2 I3 f        BYTE btMasterSlave, bool &bIsIDEExist, bool &bIsDiskExist, WORD *pOutData)
{
4 L. K" u5 m! a  f    BYTE  btIDTR1[6];
   DWORD dwOldExceptionHook;
. w$ v& x1 H, A5 K# [    const int nHookExceptionNo = 5;
6 g+ |/ z  B# f9 H9 M& R" s& k
  |  |1 f7 p! B# h# d    BYTE  btIsIDEExist = 0;
% b8 t+ K  t& b- Z* f    BYTE  btIsDiskExist = 0;
, |2 V% E+ f9 A! Y: D; T    WORD  wOutDataBuf[256];
" h; c# V; W: L) {' _( e$ w
   BYTE  btIsFirst = (BYTE)bIsFirst;
5 x; X' Q. s2 D) a: G! a+ b. }0 J2 _9 R
3 w7 f4 `) R$ e    const BYTE btBit00 = 0x01;
) t: Y2 y" V+ c5 x" Y7 i' y/ ?- J) m    // const BYTE btBit02 = 0x04;
   const BYTE btBit06 = 0x40;
4 J# o0 I$ P+ ^7 w$ Q    const BYTE btBit07 = 0x80;
   // const BYTE btERR  = btBit00;
( c% ~+ l" t4 U3 |' M  u    const BYTE btBusy = btBit07;
6 V$ }( O* R& i; }% |    const BYTE btAtaCmd   = 0xEC;
   const BYTE btAtapiCmd = 0xA1;

   __asm
   {
* L7 e. [4 c) _; N& u' q        // 必须先执行这条语句
0 N: y1 s& N% b        JMP EnterRing0
1 ?1 \, I0 y$ X5 {" C
3 u  u$ j0 }$ }9 m% ^2 M* ~' {4 _3 t) T( w        // 定义过程
       // 等待IDE设备直到其不为忙为止
0 F$ j; ?. ~7 k- `: t        WaitWhileBusy proc
! _6 r* A$ @- w0 L1 ~& G5 c, p' R
       MOV  EBX, 100000
* C6 p* s+ H7 ?& N: q; E        MOV  DX, dwBaseAddress
       ADD  DX, 7

       LoopWhileBusy:
6 T- g3 V6 k# q0 S
! s) q" U( J& R% B        DEC  EBX
5 M6 D) m+ x$ j1 X  x5 G        CMP  EBX, 0
       JZ   Timeout
       in   AL, DX
       TEST AL, btBusy
       JNZ  LoopWhileBusy
. j8 M5 t# ~* S1 U' y        JMP  DriveReady
& O7 \. {' i  v- f
# ^: ]. R1 s- B% q* x. C6 w        // 超时，直接退出
       Timeout:
3 L* ~, T5 x6 b% f5 Y; P, Y- v        JMP  LeaveRing0
7 c' C) B4 i% J        DriveReady:
       RET
       ENDP   // End of WaitWhileBusy Procedure
& l6 ^; c- V' i2 W9 r* D7 Q
       // 设置主盘和从盘标志
       SelectDevice proc
3 _: a; t$ ]) J9 J
       MOV  DX, dwBaseAddress
       ADD  DX, 6
6 @+ D/ ?5 `6 R; f7 Q" A  W        MOV  AL, btMasterSlave
8 B6 r% o4 j; b; n3 b5 j/ i( x
       out  DX, AL
       RET
0 f; m; r  d' B# J+ ~8 C' X
       ENDP  // End of SelectDevice Procedure
5 K7 E) X+ H  M6 g9 w: N
+ Y$ {* ~& X9 n" U, b& \; H1 }        // 向IDE设备发送存取指令
- @8 T: v% c( u* t" S8 ]$ S# c        SendCmd proc
2 M- U1 x4 t6 o: o( ]6 u. ~
       MOV DX, dwBaseAddress
       ADD DX, 7
8 Y5 @4 C8 Y; Q% h! v9 M; c% b        MOV AL, BL // BL是主从盘标识，在过程外设置
' [: E2 L* U7 b        out DX, AL
       RET
7 S4 g8 S) F" I7 K! g        ENDP  // End of SendCmd Procedure
. m& R* B: m5 a2 @
9 G2 p5 D# c" ]: `        // Ring0代码
       Ring0Proc:
8 e1 b2 d, h9 q# g        PUSHAD
       // 查询IDE设备是否存在
' b5 B' s# ~5 i3 X& L6 `        MOV DX, dwBaseAddress
/ y7 ]( r7 Z3 T: H7 e        ADD DX, 7
       in  AL,DX

4 P( h7 w, w: f6 {* y- ?        // 当AL的值是0xFF或者0x7F时，IDE设备不存在，这时候直接返回
       CMP AL,0xFF
       JZ  LeaveRing0
       CMP AL, 0x7F
7 O9 \$ N) C+ M  P9 S4 L        JZ  LeaveRing0

       // 设置IDE设备存在标志
. _  X+ c1 w( j4 q% \/ _. [" B: c        MOV btIsIDEExist, 1

) W  }: S' |; D5 D9 I! E- Y        // 查询IDE设备上的驱动器是否存在（有IDE插槽在主板上，但是却不一定有硬盘插在上面）
7 l$ @5 g# D- E8 g6 N7 x        CALL WaitWhileBusy
) E3 [! r4 ^* p5 a        CALL SelectDevice
  [) C, }; ?0 D% {! S- y1 ^
( H" t) b! U6 i        // 如果是第一次调用，则直接返回，否则执行下行语句时会出现蓝屏
5 a  y- k6 m5 o. K, m        CMP  btIsFirst, 1
( z$ [& u; q) |- h7 a5 i: O/ U  f        JZ   LeaveRing0
. F6 C9 P" G8 A
       // 第一次调用时，如果执行这行语句会导致蓝屏，Why？？？
       CALL WaitWhileBusy

) k5 ~+ X0 ^8 K0 w$ r. g0 T        // AL的值等于cBit06时，不存在驱动器，直接返回
       TEST AL, btBit06
       JZ   LeaveRing0
1 N2 W$ n% b. N' L9 Y
       // 设置驱动器存在标志
       MOV  btIsDiskExist, 1

       // 发送存取端口命令
, b, S/ G5 E  L$ j; h0 V. }        // 无法像NT/2000/XP那样可以通过查询VERSION的值得到驱动器的类型，
       // 所以只能一步一步地测试，如果不是ATA设备，再尝试使用ATAPI设备命令
' _+ d) w) h! d( L# _; P& e: _; c        CALL WaitWhileBusy
       CALL SelectDevice    // 设置主从盘标识
       MOV  BL, btAtaCmd      // 发送读取命令
# H% k* g& {! }4 O' e2 @        CALL SendCmd
       CALL WaitWhileBusy

       // 检查是否出错
       MOV  DX, dwBaseAddress
& }& C$ L2 H: Y; J4 D7 u. x" Z7 p        ADD  DX, 7

       in   AL, DX
( k' E+ M! I- r5 |+ ^
       TEST AL, btBit00
: n9 _- R6 l5 S( J3 h' {/ I0 |        JZ   RetrieveInfo   // 没有错误时则读数据
+ F. A1 f) x+ t4 p% T6 @
/ d, ?" ?' I7 y" k( F- O        // 如果出错，则进一步尝试使用ATAPI设备命令
       CALL WaitWhileBusy
) o6 Z6 Y0 H3 b0 J* v& w% b9 h: B        CALL SelectDevice
       MOV  BL, btAtapiCmd
, ?+ v$ }  U, o9 {& O! \' t        CALL SendCmd
       CALL WaitWhileBusy
7 D3 A9 j0 \( ]) F
       // 检查是否还出错
       MOV  DX, dwBaseAddress
5 s' K2 e4 n6 X$ q2 ]( F        ADD  DX, 7
+ v( ^6 v! D3 T1 _        in   AL, DX
       TEST AL, btBit00
+ g7 I8 ^' {# {1 I# D6 f& p& r        JZ   RetrieveInfo   // 没有错误时则读数据
' [# |' F! v# q6 w- x& I# ^% P/ ~  J        JMP  LeaveRing0     // 如果还是出错，直接返回

       // 读取数据
, @$ {  B" S' ?1 ~, F        RetrieveInfo:

       LEA  EDI, wOutDataBuf
       MOV  ECX, 256
       MOV  DX, dwBaseAddress
       CLD
# _0 j* Y2 c; B. w9 @/ F6 L2 m
       REP  INSW

$ N; A* e' S' X, W        // 退出Ring0代码
       LeaveRing0:

) J3 v* _4 Z7 ~7 h        POPAD
# k' C4 B+ J3 \7 g- U8 u$ k  e        IRETD

6 M* H; B# e  I: C7 m  q        // 激活Ring0代码
       EnterRing0:
2 z1 ], q& ~! W( N8 N+ G
8 e! _% S' f9 ~+ _' A2 g/ _        // 修改中断门
' E/ \7 i9 ?) W        SIDT FWORD PTR btIDTR1
       MOV EAX, DWORD PTR btIDTR1 + 02h
& u$ q+ w% h) i7 n# P# _' S* E        ADD EAX, nHookExceptionNo * 08h + 04h
       CLI
+ n7 d) M4 P5 h) `- y4 C( s6 M
8 L4 q2 I8 a0 J( N$ N        // 保存原异常处理例程入口
8 h$ F3 X3 g4 ?' {) R        MOV ECX, DWORD PTR [EAX]
  ^4 e# l# F6 k/ U        MOV CX, WORD PTR [EAX-04h]
" X9 ~/ K4 d9 `3 Y        MOV dwOldExceptionHook, ECX

! L$ t8 ^( B( ~) P. w5 F7 ]        // 指定新入口
       LEA EBX, Ring0Proc
& a0 j) c4 |& e0 t4 p# `        MOV WORD PTR [EAX-04h],BX
       SHR EBX, 10h
       MOV WORD PTR[EAX+02h], BX
8 P  J; `1 `- g; A$ j- ^1 r" B+ ?
       // 激活Ring0代码
9 A6 c3 @  A; `% i        INT nHookExceptionNo

       // 复原入口
! r1 v$ w+ V3 e: u. K0 V        MOV ECX,dwOldExceptionHook
       MOV WORD PTR[EAX-04h], CX
       SHR ECX,10h
       MOV WORD PTR[EAX+02h], CX
       STI
   }
   if(!bIsFirst)
$ Z$ {9 x3 _0 ]    {
2 Q0 I& A8 u( I6 r' o        bIsIDEExist  = (bool)btIsIDEExist;
       bIsDiskExist = (bool)btIsDiskExist;
! v( t- [( R) ?) e        CopyMemory(pOutData, wOutDataBuf, sizeof(wOutDataBuf));
   }
7 Y8 {# N6 K  F: V1 V. E9 j$ h}
//---------------------------------------------------------------------------
% @" B# r% D, @// 调用方法：
* m/ p) a9 {8 b8 |/ ~+ Z1 u) q" bvoid __fastcall TForm1::Button1Click(TObject *Sender)
2 s5 b( r' r6 u{
$ c& v9 W2 ?$ H6 s1 }* q- K    ReadPhysicalDrive(Memo1->Lines, Memo2->Lines);
}