Cannot modify timestamp with an error in DeviceIoControl when an IDE storage is used

[tandasat]

SetMace cannot modify timestamp with an error like below (log.txt).

Error in DeviceIoControl: Incorrect function.
Error writing timestamps to disk with driver

I saw the driver printed below log entries, which seemed the same issue as one reported on the article referred on the README, except that this issue happens on both 32bit and 64bit of Windows 7 to me.
http://www.codeproject.com/Articles/28314/Reading-and-Writing-to-Raw-Disk-Sectors?msg=4081211#xx4081211xx

SectorIo: DriverEntry 
SectorIo: DriverIoDeviceDispatchRoutine
SectorIo: pDiskLoc->bIsRawDiskObj 0x00000001
SectorIo: pDiskLoc->ullSectorNum 0x0003A780
SectorIo: pDiskLoc->dwDiskOrdinal 0x00000000
SectorIo: pDiskObj->ulSectorSize 0x00000200
SectorIo: pDiskObj->dwDiskOrdinal 0x00000000
SectorIo: IOCTL_SECTOR_WRITE 0x8000E004
SectorIo: IOCTL_SECTOR_READ 0x8000E000
SectorIo: IoBuildSynchronousFsdRequest success
SectorIo: IoCallDriver: 0xC0000010
SectorIo: DriverUnload

I am testing on VirtualBox with an elevated command prompt (admin privileges), and the same error happens regardless of what file I specify (eg. C:\test.txt).

[tandasat]

Just noticed SetMace worked on Windows 7 x64 on VMware. It indicates that an issue is likely in code locating a right driver object to send IRP.
log_on_vmware.txt
log_on_vmware_k.txt

[jschicht]

I did all my tests in vmware during the development and never faced such
issues. So it appears you may have caught some weird behaviour with
VirtualBox. I don't have any good explanation for this issue, but if you
find out, please report it back.

On 27 July 2016 at 07:51, Satoshi Tanda notifications@github.com wrote:

Just noticed SetMace worked on Windows 7 x64 on VMware. It indicates that
an issue is likely in code locating a right driver object to send IRP.
log_on_vmware.txt
https://github.com/jschicht/SetMace/files/385369/log_on_vmware.txt
log_on_vmware_k.txt
https://github.com/jschicht/SetMace/files/385370/log_on_vmware_k.txt

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#2 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AGL7Yzmw_B_cAgN07UXuDuY9axvGT56Uks5qZvHRgaJpZM4JVpxW
.

Regards,
Joakim

[tandasat]

It appears that this issue happens when a drive is connected to IDE, and does not happen against SCSI devices.

I created a VM with SCSI on VirtualBox, and SetMace was able to change a timestamp of C:\Windows. Also, a test against an IDE drive on VMware failed. I added the new drive that was backed by IDE to an existing VM on VMware, and configured the system to place pagefile.sys onto the drive so that SetMace would not dismount the drive and the driver was used. In that case, I was able to see the same error code was returned from IoCallDriver().
IDE_on_VMware.txt
IDE_on_VMware_k.txt

As for the cause, it might be in code locating file metadata or/and communicating with a device (ie, requires something in kernel code), although I do not know much about storage devices and filesystems.

Any thoughts? Can I help you somehow?