To some extent, beginning with Win98, and increasingly so for WinXP, Win2K, and Vista, it requires an immense degree of manipulation by any Windows program to manipulate any hardware directly.

All "modern" Windows operating systems include a "protection layer" that passes everything from the processor to hardware devices, and the protections built in prohibit/prevent direct access to the hardware - such as the access needed to look at drive clusters directly. (By "hardware addresses" rather than by filenames.)

Some protections can be bypassed in Safe Mode(s) but there still is not necessarily a "clean" direct hardware access.

One of the main reasons many WinXP drivers can not be used in Vista is that WinXP allowed limited "protection layer bypass" so that some device drivers could talk directly to the hardware (drives, printers, scanners, etc.) but Vista incorporated a "stronger protection layer" so the conversation failed for any drivers that attempted to use direct device access.

Most programs intended for hardware manipulation should always be booted from a drive other than the Windows System Drive (usually C:\), and for many purposes they must boot to an operating system other than Windows. The "Command Prompt" that has replaced DOS in Windows may look the same, but is not really DOS and may not be able to run "old DOS" programs.

In olden times you could boot from a floppy (often to DOS), but the programs needed for the larger drives and bigger RAM on recent computers have outstripped floppy capacity (and floppies can only be formatted FAT8 (or is it FAT12?), which makes it difficult to run programs compatible with FAT32 and NTFS formatted hard drives.)

Obviously, partitioning an existing drive to add a new boot partition is likely to destroy much of the potentially recoverable information on the drive, and installing a new program on the drive is highly likely to obliterate what you want to recover.

You can boot from a CD, but for the processor to operate it must "see" only a program small enough to fit entirely in RAM unless it has a place to write temporary files. If it can't write to the boot device (as is the case if it/s a CD) it has to page memory on and off a hard drive, and if C:\ is all that's there you again risk obliterating at least some of the places where you might otherwise find what you're looking for.

To manipulate a large hard drive, the processor has to keep track of where it's looking, and the "memory paging" to traverse the drive one cluster at a time and keep track of where it is, where it's been, and what comes next can take a rather large amount of "paging temp" memory on a writable drive, which must be the one with the stuff you want to recover unless the "temporary" boot drive provides writable space that the processor recognizes as "temp space" it can use, or if the initial program "load" can direct it to use temp space on another drive - assuming another one is connected and is known at the time of program (OS) loading.

If a recovery is to be successful, the program also has to keep track of the hardware location (at least the cluster address) of every "empty" cluster that has bits written anywhere inside it.

Thus for a file recovery program, it is very much advised that you boot the recovery program and it's program-specific OS from a separate drive (or partition) with sufficient free writable space for the program to operate from the booting drive and to store and manipulate all the data it will transit during the recovery on that drive.

Older programs that suggested pre-installing on a separate partition used to suggest that the partition in which the program was installed should have at least half as much free space as the largest (in terms of free space) drive from which you might want to attempt to recover data. Efficiency probably has improved since then, but being generous with the space is probably better than coming up short.

As it's been quite a while since I've used one of these programs, there may be some new fairy snot or whiffle dust that does magic things with newer systems; but the above is my impression from some programs that used to do good recoveries.

John