Windows 10 How to enumerate Storage Devices

ExylonFiber

Well-Known Member
I am trying to build a list of storage devices for this particular section of code found on MSDN page:


Code:
typedef struct _DEVICE_LIST {
    HANDLE                      Handle;
    STORAGE_ADAPTER_DESCRIPTOR  AdapterDescriptor;
} DEVICE_LIST, * PDEVICE_LIST;


BOOL
DeviceGetFirmwareInfo(
    _In_ PDEVICE_LIST DeviceList,
    _In_ DWORD        Index,
    _Inout_ PUCHAR    Buffer,
    _In_ DWORD        BufferLength,
    _In_ BOOLEAN      DisplayResult
)

In the DeviceGetFirmwareInfo function, there is a PDEVICE_LIST variable I have yet to satisfy.
I simply want to enumerate storage devices available on the machine and iterate through them all so I can get the information on all the available storage devices
I have searched google for hours and have not found one solution.

Any help would be very much appreciated!
 
I want to backup the firmware of the NVMe device, well actually, every single bit of hardware that has firmware so that I can have factory copies of the systems firmware in it's entirety. In the event that I get a firmware based infection I can just reflash the factory firmwares via an EFI Module, which ultimately boots before the Platform Controller Hub (Intel) and Fusion Controller Hub (AMD) locks down access to the firmware.
 
What's the end goal with this?

I want to backup the firmware of the NVMe device, well actually, every single bit of hardware that has firmware so that I can have factory copies of the systems firmware in it's entirety. In the event that I get a firmware based infection, I can just reflash the factory firmwares via an EFI Module, which ultimately boots before the Platform Controller Hub (Intel) and Fusion Controller Hub (AMD) locks down access to the firmware. Is this out of my reach?
 
Last edited:
Firmware infections are extremely rare and those type of attacks are generally reserved for well funded nation state threat actors. If the firmware does get infected, they would likely have control at a lower level than the OS which would allow the attack to mask itself, so 1. you likely would never know, and 2. you wouldn't be able to reflash the firmware with the assumption they intercept your attempt to do so.

Lastly if you have secure boot enabled it should offer quite a bit of protection from attacks like this although it is not impossible.
 
Firmware infections are extremely rare and those type of attacks are generally reserved for well funded nation state threat actors. If the firmware does get infected, they would likely have control at a lower level than the OS which would allow the attack to mask itself, so 1. you likely would never know, and 2. you wouldn't be able to reflash the firmware with the assumption they intercept your attempt to do so.

Lastly if you have secure boot enabled it should offer quite a bit of protection from attacks like this although it is not impossible.
I checked my bios by pulling it with an external spi flasher and compared it with a factory image downloaded from computer manufacturers website and checked every module by hex-comparing the backup and the factory image and it does not seem like this would be a SMM rootkit, as all modules found at each offset matched the factory image. Therefore, reads and writes to devices with firmware would not be circumvented. in which case, I was hoping to write an EFI module that boots before the Fusion Controller hub locks down access to those firmwares. Can EFI interface with device firmware? For example, an ethernet controller that resides on the PCI bus and also has rewritable firmware on it.
 
Back
Top