// ConsoleApplication8.cpp : 此文件包含 "main" 函数。程序执行将在此处开始并结束。
//
#include
#include
#include
#include
#include
BOOL IsBitlockerPartition(IN LPCWSTR lpDiskName, ULONGLONG ullOffset);
typedef struct _BOOT_SECTOR_BITLOCKER {
BYTE jump[3];
BYTE oemID[8];
WORD bytePerSector;
BYTE sectorPerCluster;
WORD reserved0;
BYTE fatCount;
WORD rootMaxEntries;
WORD totalSectorsSmall;
BYTE mediaType;
WORD sectorsPerFatSmall;
WORD sectorsPerTrack;
WORD headCount;
DWORD fsOffset;
DWORD totalSectors;
DWORD sectorsPerFat;
WORD fatFlags;
WORD version;
DWORD rootCluster;
WORD fsInfoSector;
WORD backupSector;
ULONG32 reserved1[3];
BYTE driveNumber;
BYTE reserved2;
BYTE extSig;
ULONG32 serial;
CHAR label[11];
CHAR fsName[8];
CHAR bootCode[70];
GUID partitionGUID;
DWORD64 fveBlockOffset[3];
CHAR bootCode2[307];
BYTE stringOffsets[3];
BYTE endMarker[2];
} BOOT_SECTOR_BITLOCKER, * PBOOT_SECTOR_BITLOCKER;
static BOOL IsBitlocker(WCHAR Volume)
{
WCHAR szVolumeDosName[50] = {};
::StringCchPrintfW(szVolumeDosName, ARRAYSIZE(szVolumeDosName), L"\\\\.\\%c:", Volume);
HANDLE hFile = ::CreateFile(szVolumeDosName, GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if (INVALID_HANDLE_VALUE == hFile)
return FALSE;
BOOL bRet = FALSE;
do
{
BYTE bBuffer[sizeof(VOLUME_DISK_EXTENTS) + 5 * sizeof(DISK_EXTENT)] = {};
ULONG ulReturnedLength = 0;
if (!::DeviceIoControl(hFile, IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS, NULL, 0, &bBuffer, sizeof(bBuffer), &ulReturnedLength, NULL))
break;
PVOLUME_DISK_EXTENTS pVolumeDiskExt = (PVOLUME_DISK_EXTENTS)bBuffer;
if (1 == pVolumeDiskExt->NumberOfDiskExtents)
{
WCHAR szPhysicalDiskName[100] = {};
::StringCchPrintfW(szPhysicalDiskName, ARRAYSIZE(szPhysicalDiskName), L"\\\\.\\PhysicalDrive%d",
pVolumeDiskExt->Extents[0].DiskNumber);
bRet = IsBitlockerPartition(szPhysicalDiskName, pVolumeDiskExt->Extents[0].StartingOffset.QuadPart);
}
} while (FALSE);
::CloseHandle(hFile);
return bRet;
}
BOOL IsBitlockerPartition(IN LPCWSTR lpDiskName, ULONGLONG ullOffset)
{
BOOL bRet = FALSE;
HANDLE hFile = INVALID_HANDLE_VALUE;
do
{
hFile = CreateFileW(lpDiskName, GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
if (INVALID_HANDLE_VALUE == hFile)
break;
LARGE_INTEGER liOffset = {};
liOffset.QuadPart = ullOffset;
LARGE_INTEGER NewFilePointer = {};
if (0 == ::SetFilePointerEx(hFile, liOffset, &NewFilePointer, FILE_BEGIN))
break;
BYTE bDbr[512] = {};
DWORD dwRead = 0;
if (!::ReadFile(hFile, bDbr, sizeof(bDbr), &dwRead, NULL))
break;
PBOOT_SECTOR_BITLOCKER pBitlockerBootSector = (PBOOT_SECTOR_BITLOCKER)bDbr;
bRet = (0 == _strnicmp((char*)pBitlockerBootSector->oemID, "-FVE-FS-", 8));
} while (FALSE);
if (INVALID_HANDLE_VALUE != hFile)
::CloseHandle(hFile);
return bRet;
}
int main()
{
if (IsBitlocker('C')) {
//开启
std::cout
nttwqz 发表于 2025-6-30 16:01
前几日,我也查了API文档,想着用NSIS写一个查询哪个盘加密,然后揭秘的小工具,感觉太复杂了,于是用批处 ...
贡献出来
