[python-win32] DeviceIOControl calls respond with parameter incorrect

Eryk Sun eryksun at gmail.com
Tue Feb 9 01:24:10 EST 2021 

On 2/8/21, Doug Campbell <wdouglascampbell at hotmail.com> wrote:
> In my python 2 script, I am trying to connect to the VeraCrypt device driver
> to get some information on my mounted volumes.

The VeraCrypt repo on GitHub [1] indicates that all structures are
defined with #pragma pack(1). In ctypes this is the _pack_ directive.
Try the following:

import ctypes
import winioctlcon
import win32file

def VC_IOCTL(CODE):
    return winioctlcon.CTL_CODE(winioctlcon.FILE_DEVICE_UNKNOWN,
            0x800 + CODE, winioctlcon.METHOD_BUFFERED,
            winioctlcon.FILE_ANY_ACCESS)

VC_IOCTL_GET_MOUNTED_VOLUMES = VC_IOCTL(6)
VC_IOCTL_GET_VOLUME_PROPERTIES = VC_IOCTL(7)
VC_IOCTL_GET_BOOT_ENCRYPTION_STATUS = VC_IOCTL(18)
VC_IOCTL_GET_BOOT_DRIVE_VOLUME_PROPERTIES = VC_IOCTL(22)
VC_IOCTL_EMERGENCY_CLEAR_KEYS = VC_IOCTL(41)

MAX_PATH = 260
VOLUME_LABEL_LENGTH = 33 # 32 + null
VOLUME_ID_SIZE = 32
WIN32_ROOT_PREFIX DRIVER_STR = r'\\.\VeraCrypt'

class VOLUME_PROPERTIES_STRUCT(ctypes.Structure):
    _pack_ = 1
    _fields_ = (
        ('driveNo', ctypes.c_int),
        ('uniqueId', ctypes.c_int),
        ('wszVolume', ctypes.c_wchar * MAX_PATH),
        ('diskLength', ctypes.c_uint64),
        ('ea', ctypes.c_int),
        ('mode', ctypes.c_int),
        ('pkcs5', ctypes.c_int),
        ('pkcs5Iterations', ctypes.c_int),
        ('hiddenVolume', ctypes.c_int),
        ('readOnly', ctypes.c_int),
        ('removable', ctypes.c_int),
        ('partitionInInactiveSysEncScope', ctypes.c_int),
        ('volFormatVersion', ctypes.c_uint32),
        ('totalBytesRead', ctypes.c_uint64),
        ('totalBytesWritten', ctypes.c_uint64),
        ('hiddenVolProtection', ctypes.c_int),
        ('volFormatVersion', ctypes.c_int),
        ('volumePim', ctypes.c_int),
        ('wszLabel', ctypes.c_wchar * VOLUME_LABEL_LENGTH),
        ('bDriverSetLabel', ctypes.c_int),
        ('volumeID', ctypes.c_wchar * VOLUME_ID_SIZE),
        ('mountDisabled', ctypes.c_int))


prop = VOLUME_PROPERTIES_STRUCT(driveNo = ord('F') - ord('A'))

hDevice = win32file.CreateFile(WIN32_ROOT_PREFIX DRIVER_STR, 0, 0, None,
    win32file.OPEN_EXISTING, 0, None)
try:
    info = win32file.DeviceIoControl(hDevice,
        VC_IOCTL_GET_VOLUME_PROPERTIES, prop, prop)
finally:
    hDevice.close()

---
[1] https://github.com/veracrypt/VeraCrypt/blob/master/src/Common/Apidrvr.h

More information about the python-win32 mailing list