磁盘镜像和本机MBR的c语言和python读取方法

  • 磁盘镜像格式为img格式,其内容与物理磁盘一致。前512个字节为MBR,特征为33C0开始,55AA结束

使用c语言读取MBR

#include <stdio.h>
void print(char c) {
    //将字符c转化成两位的16进制表示
    int m = c;
    int high = 0x000000f0, low = 0x0000000f;
    high &= m;
    high >>= 4;
    low &= m;
    printf("%1X%1X", high, low);
}
int main() {
    FILE* fd = fopen("/lab/vm01.img", "rb+");
    if (fd == NULL) {
        printf("failed to open img!\n");
        return 0;
    }
    fseek(fd, 0, SEEK_SET); //SEEK_SET表示文件头
    char buffer[512] = { 0 };
    fread(buffer, 512, 1, fd);  //读取512个字节
    int i = 1;
    for (; i <= 512; i++) {
        print(buffer[i - 1]);   //调用函数格式化输出
        //增加间距提高可读性
        if (i % 16 == 0) {
            printf("\n");
        }
        else if (i % 8 == 0) {
            printf("    ");
        }
        else if (i % 4 == 0) {
            printf("  ");
        }
        else if (i % 2 == 0) {
            printf(" ");
        }
    }
    fclose(fd);
    return 0;
}

使用python读取MBR

fd = open("\lab\vm01.img", "rb")
ans = fd.read(512)
for i, c in enumerate(ans):
    print "%02X" ord(c),    #将字符转化成16进制大写输出
    if (i+1) % 16 == 0:
        print "\n",
    elif (i+1) % 8 == 0:
        print "    ",
    elif (i+1) % 4 == 0:
        print "  ",
    elif (i+1) % 2 == 0:
        print " ",

直接读取本机MBR的方法

#include <stdio.h>
#include <windows.h>

void print(char c){
    int m = c;
    int high = 0x000000f0, low = 0x0000000f;
    high &= m;
    high >>= 4;
    low &= m;
    printf("%1X%1X ", high, low);
}


int main(){
    FILE* fd = fopen("\\\\.\\PHYSICALDRIVE0", "rb+");   //本机的磁盘地址
    char buffer[512] = {0};
    fseek(fd, 0, SEEK_SET);
    char buffer2[512] = {0};
    fread(buffer2, 512, 1, fd);
    int i = 1;
    for (; i <= 512; i++){
        print(buffer2[i-1]);
        if (i % 16 == 0){
            printf("\n");
        }
        else if (i % 8 == 0){
            printf("    ");
        }
    }
    fclose(fd);
    return 0;
}

输出样例如下:

33C0 8ED0  BC00 7CFB    5007 501F  FCBE 1B7C
BF1B 0650  57B9 E501    F3A4 CBBD  BE07 B104
386E 007C  0975 1383    C510 E2F4  CD18 8BF5
83C6 1049  7419 382C    74F6 A0B5  07B4 078B
F0AC 3C00  74FC BB07    00B4 0ECD  10EB F288
4E10 E846  0073 2AFE    4610 807E  040B 740B
807E 040C  7405 A0B6    0775 D280  4602 0683
4608 0683  560A 00E8    2100 7305  A0B6 07EB
BC81 3EFE  7D55 AA74    0B80 7E10  0074 C8A0
B707 EBA9  8BFC 1E57    8BF5 CBBF  0500 8A56
00B4 08CD  1372 238A    C124 3F98  8ADE 8AFC
43F7 E38B  D186 D6B1    06D2 EE42  F7E2 3956
0A77 2372  0539 4608    731C B801  02BB 007C
8B4E 028B  5600 CD13    7351 4F74  4E32 E48A
5600 CD13  EBE4 8A56    0060 BBAA  55B4 41CD
1372 3681  FB55 AA75    30F6 C101  742B 6160
6A00 6A00  FF76 0AFF    7608 6A00  6800 7C6A
016A 10B4  428B F4CD    1361 6173  0E4F 740B
32E4 8A56  00CD 13EB    D661 F9C3  496E 7661
6C69 6420  7061 7274    6974 696F  6E20 7461
626C 6500  4572 726F    7220 6C6F  6164 696E
6720 6F70  6572 6174    696E 6720  7379 7374
656D 004D  6973 7369    6E67 206F  7065 7261
7469 6E67  2073 7973    7465 6D00  0000 0000
0000 0000  0000 0000    0000 0000  0000 0000
0000 0000  0000 0000    0000 0000  0000 0000
0000 0000  0000 0000    0000 0000  0000 0000
0000 0000  002C 4463    4C6A 4C6A  0000 8001
0100 07FE  FFFF 3F00    0000 14AC  FF00 0000
0000 0000  0000 0000    0000 0000  0000 0000
0000 0000  0000 0000    0000 0000  0000 0000
0000 0000  0000 0000    0000 0000  0000 55AA

发表评论