我该如何从 Windows 中擦除硬盘上的特定扇区?我指的是正在使用的硬盘...
要么用零擦除,要么用随机数据替换。是否有任何脚本或程序可以在 Windows 启动时可靠地执行此操作?我正在运行 Windows 7 64 位,我想要擦除的扇区是扇区 62。Winhex 可以吗?
答案1
我为你写了一个:
#include <stdio.h>
#include <limits.h>
#include <wchar.h>
#include <io.h>
#include <tchar.h>
#include <Windows.h>
#define _O_U16TEXT 0x20000
static PVOID DisableWow64FsRedirection()
{
HMODULE hKernel32 = LoadLibrary(_T("kernel32.dll"));
__try
{
BOOL (WINAPI * pIsWow64Process)(HANDLE, PBOOL) = (BOOL (WINAPI *)(HANDLE, PBOOL))GetProcAddress(hKernel32, "IsWow64Process");
if (pIsWow64Process != NULL)
{
BOOL isWow64;
if ((*pIsWow64Process)(GetCurrentProcess(), &isWow64) && isWow64)
{
PVOID old;
return ((BOOL (WINAPI*)(PVOID*))GetProcAddress(hKernel32, "Wow64DisableWow64FsRedirection"))(&old) ? old : NULL;
}
}
}
__finally { FreeLibrary(hKernel32); }
return NULL;
}
int _tmain(int argc, TCHAR *argv[])
{
_setmode(_fileno(stdout), _O_U16TEXT);
DisableWow64FsRedirection();
if (argc == 1 + 3)
{
long long offset, length;
int a = _stscanf(argv[2], _T("%lld"), &offset);
int b = _stscanf(argv[3], _T("%lld"), &length);
if (a == 1 && b == 1)
{
HANDLE hFile = CreateFile(argv[1], FILE_READ_ATTRIBUTES | FILE_WRITE_DATA, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, NULL, OPEN_EXISTING, FILE_FLAG_RANDOM_ACCESS, NULL);
if (hFile != NULL && hFile != INVALID_HANDLE_VALUE)
{
__try
{
PBYTE pMem = (PBYTE)calloc((size_t)length, sizeof(BYTE));
//Assume we had enough memory...
__try
{
DWORD nw;
OVERLAPPED ov = {0};
ov.Offset = (DWORD)(offset & ULONG_MAX);
ov.OffsetHigh = (DWORD)((offset >> (CHAR_BIT * sizeof(ov.Offset))) & ULONG_MAX);
if (WriteFile(hFile, pMem, (DWORD)length, &nw, &ov))
{
SetLastError(ERROR_SUCCESS);
}
else { _ftprintf(stderr, _T("Error writing data: %d"), GetLastError()); }
}
__finally
{
CloseHandle(pMem);
}
}
__finally { CloseHandle(hFile); }
}
else { _ftprintf(stderr, _T("Error opening file: %d"), GetLastError()); }
}
else
{
SetLastError(ERROR_INVALID_COMMAND_LINE);
_ftprintf(stderr, _T("Invalid start or length value: %s, %s."), argv[2], argv[3]);
}
}
else
{
SetLastError(ERROR_INVALID_COMMAND_LINE);
_tprintf(_T("Usage:\n wipe <file> <start> <length>"));
}
return GetLastError();
}
这是编译后的版本(base64 编码;解码这里):
TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABaiq8kHuvBdx7rwXce68F33eTOdx/rwXfd5J53E+vBdx7rwHc468F33eScdxvrwXfd5KJ3H+vBd93km3cf68F3UmljaB7rwXcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAATAECADafBU4AAAAAAAAAAOAADwELAQcKAAoAAAACAAAAAAAAqRQAAAAQAAAAIAAAAABAAAAQAAAAAgAABAAAAAAAAAAEAAAAAAAAAAAwAAAABAAAAAAAAAMAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAKwWAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgSAABAAAAAAAAAAAAAAAAAEAAAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAANgkAAAAQAAAACgAAAAQAAAAAAAAAAAAAAAAAACAAAGAuZGF0YQAAACQAAAAAIAAAAAIAAAAOAAAAAAAAAAAAAAAAAABAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgZAAD2GAAA5hgAANYYAADIGAAAuBgAAKwYAACYGAAAihgAAAAAAAAoGAAAOBgAAEgYAABWGAAAFBgAAHwYAAAIGAAA9hcAAOgXAADgFwAA1hcAAMgXAADAFwAAthcAAJ4XAACWFwAAJBkAAIwXAACCFwAAdhcAAGgYAABsFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//////EVQAAFFkAAAAAAAFUAcwBhAGcAZQA6AAoAIAAgAHcAaQBwAGUAIAA8AGYAaQBsAGUAPgAgADwAcwB0AGEAcgB0AD4AIAA8AGwAZQBuAGcAdABoAD4AAAAAAAAASQBuAHYAYQBsAGkAZAAgAHMAdABhAHIAdAAgAG8AcgAgAGwAZQBuAGcAdABoACAAdgBhAGwAdQBlADoAIAAlAHMALAAgACUAcwAuAAAAAABFAHIAcgBvAHIAIABvAHAAZQBuAGkAbgBnACAAZgBpAGwAZQA6ACAAJQBkAAAAAABFAHIAcgBvAHIAIAB3AHIAaQB0AGkAbgBnACAAZABhAHQAYQA6ACAAJQBkAAAAAAAlAGwAbABkAAAAAABXb3c2NERpc2FibGVXb3c2NEZzUmVkaXJlY3Rpb24AAElzV293NjRQcm9jZXNzAABrAGUAcgBuAGUAbAAzADIALgBkAGwAbAAAAAAA/////wAAAAD6EkAAAAAAAP////8AAAAAMBRAAAAAAAAAAAAAJhRAAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQgQABwEkAAAQAAAJgWAABqGGgAEkAA6MwDAABo5BFAAP8VFBBAAIlF5INl/ABo1BFAAFCLNQQQQAD/1olF4IXAdEKNRdxQ/xUcEEAAUP9V4IXAdDCDfdwAdCqNRdhQaLQRQAD/deT/1v/Qi/D33hv2I3XYav+NRfBQ6MEDAABZWYvG6wuDTfz/6AgAAAAzwOiOAwAAw/915P8VIBBAAMNqPGgQEkAA6DwDAABoAAACAKFkEEAA/3Aw/xVgEEAAWVnoSv///4N9CAQPhVIBAACLdQyNRdBQu6gRQABT/3YIiz18EEAA/9eJReCNRchQU/92DP/Xg8QYM/9HOX3gD4X0AAAAO8cPhewAAAAz21NoAAAAEGoDU2oHaIIAAAD/dgT/FRAQQACL8Il13DvzD4SkAAAAg/7/D4SbAAAAiV38V/91yP8VcBBAAFlZiUXkiX38iV20M8CNfbirq6uri0XQiUW8i0XUi8jB+R+JRcCNRbRQjUXYUP91yP915Fb/FRgQQACFwHQJU/8VCBBAAOse/xUMEEAAUGh4EUAAoWQQQACDwEBQ/xV0EEAAg8QMiV386AsAAACDTfz/6AwAAADrd/915P8VABBAAMP/ddz/FQAQQADD62H/FQwQQABQaEgRQAChZBBAAIPAQFD/FXQQQACDxAzrQWhnBgAA/xUIEEAA/3YM/3YIaPgQQAChZBBAAIPAQFD/FXQQQACDxBDrF2hnBgAA/xUIEEAAaKgQQAD/FWwQQABZ/xUMEEAA6N8BAADDaihomBBAAOiXAQAAZoE9AABAAE1adSehPABAAI2AAABAAIE4UEUAAHUUD7dIGIH5CwEAAHQhgfkLAgAAdAaDZeQA6yeDuIQAAAAOdvEzyTmI+AAAAOsOg3h0DnbhM8k5iOgAAAAPlcGJTeSDZfwAagH/FTQQQABZgw0YIEAA/4MNHCBAAP//FTAQQACLDRQgQACJCP8VLBBAAIsNECBAAIkIoSgQQACLAKMgIEAA6OwAAACDPQAgQAAAdQxoSBZAAP8VOBBAAFnowAAAAGiQEEAAaIwQQADoqwAAAKEMIEAAiUXcjUXcUP81CCBAAI1F4FCNRdhQjUXUUP8VRBBAAIlFzGiIEEAAaIQQQADodQAAAItF4IsNSBBAAIkB/3Xg/3XY/3XU6DD9//+DxDCL8Il1yIN95AB1B1b/FUwQQAD/FVAQQADrLYtF7IsIiwmJTdBQUegoAAAAWVnDi2Xoi3XQg33kAHUHVv8VWBBAAP8VXBBAAINN/P+LxuheAAAAw/8lVBBAAP8lQBBAAGgAAAMAaAAAAQDoWQAAAFlZwzPAw8xomBZAAGShAAAAAFCLRCQQiWwkEI1sJBAr4FNWV4tF+Ill6FCLRfzHRfz/////iUX4jUXwZKMAAAAAw4tN8GSJDQAAAABZX15byVHD/yV4EEAA/yU8EEAA/yVoEEAAzMwQFwAAAAAAAAAAAACqFwAAKBAAAOgWAAAAAAAAAAAAABYZAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIGQAA9hgAAOYYAADWGAAAyBgAALgYAACsGAAAmBgAAIoYAAAAAAAAKBgAADgYAABIGAAAVhgAABQYAAB8GAAACBgAAPYXAADoFwAA4BcAANYXAADIFwAAwBcAALYXAACeFwAAlhcAACQZAACMFwAAghcAAHYXAABoGAAAbBcAAAAAAAAfA3N3c2NhbmYAuAJmd3ByaW50ZgAAkwJjYWxsb2MAAEgDd3ByaW50ZgBGAV9pb2IAAOoBX3NldG1vZGUAAG1zdmNydC5kbGwAAMwAX2NfZXhpdAD9AF9leGl0AE8AX1hjcHRGaWx0ZXIAzwBfY2V4aXQAAJwCZXhpdAAAqwBfX3dpbml0ZW52AACqAF9fd2dldG1haW5hcmdzAABCAV9pbml0dGVybQCgAF9fc2V0dXNlcm1hdGhlcnIAAL0AX2FkanVzdF9mZGl2AACFAF9fcF9fY29tbW9kZQAAigBfX3BfX2Ztb2RlAACeAF9fc2V0X2FwcF90eXBlAAD0AF9leGNlcHRfaGFuZGxlcjMAAN0AX2NvbnRyb2xmcAAA8ABGcmVlTGlicmFyeQA7AUdldEN1cnJlbnRQcm9jZXNzAIsDV3JpdGVGaWxlAEQCTG9hZExpYnJhcnlXAABSAENyZWF0ZUZpbGVXAGgBR2V0TGFzdEVycm9yAAATA1NldExhc3RFcnJvcgAAlwFHZXRQcm9jQWRkcmVzcwAAMQBDbG9zZUhhbmRsZQBLRVJORUwzMi5kbGwAAG8BX2xvY2FsX3Vud2luZDIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAQLsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
你可以像这样运行它:
wipe \\.\PhysicalDrive0 0 512
其中第一个参数是文件名,第二个参数是偏移量,第三个参数是字节数。字节数可能不会超过 ~63 MiB。
当然,如果您不小心删除了磁盘,请不要怪我……