Solar Forums Forum Index Solar Forums
forums for: Solar OS, Solar Asm and Hostile Encounter RTS Game
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Using the volume shadow copy service to access locked files

 
Post new topic   Reply to topic    Solar Forums Forum Index -> Solar Assembler
View previous topic :: View next topic  
Author Message
Vortex



Joined: 01 Jan 2008
Posts: 81
PostPosted: Mon Jan 11, 2010 10:02 pm    Post subject: Using the volume shadow copy service to access locked files Reply with quote
Here is my new tool vscopy.exe , the volume shadow copy creator for Windows XP.

The volume shadow copy feature is a service to make a consistent backup of a volume. Accessing the volume shadow copy, you can copy files locked by the operating system and even backup a complete volume. The volume shadow copy ( VSC ) has an attribute of read-only and just one VSC instance per volume can be created. Windows XP cannot create persistant shadow copies surviving reboots.

The tool takes three command line parameters :

Code:
vscopy <volume_letter> <assigned_letter> <file_to_execute>


The volume_letter represents the volume from which you wish to create the volume shadow copy.

The assigned_letter parameter is the letter assigned to the volume shadow copy. The symbolic name of a volume shadow copy is like the following :

Code:
\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1


Assigning a letter to this path makes easier the access to the volume shadow copy.

The file_to_execute parameter can be any batch, .vbs or exe file handling the volume shadow copy. For example, a batch file named backup.bat could access the VSC to copy locked files.

Example usage:

Code:
vscopy.exe C: M: test.bat


C: is the volume selected to shadow copy.
M: is the letter assigned to the volume shadow copy.
Test.bat is a batch file to read the content of the VSC.

A typical output of the tool :

Quote:
Volume shadow copy path = \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1
Snapshot release status = 0x0


Notice that the release status displaying a value of 0x0 indicates that the resources used by the VSC service is released successfully.

Test.bat can be coded to view the content of the VSC fixed to be “persistant” for a while :

Code:
@echo Assign a second letter to the VSC to view it via Windows Explorer

subst R: M:\

explorer R:

@echo Wait while the user reads data from the VSC

Pause

subst /D R:


Notice that this version works only on Windows XP as the methods exposed by the IvssBackupComponents interface are different across
different versions of Windows.

As I mentioned above, a typical usage of the volume shadow copy service is to access locked files. Another example, copying the current user hive
of the registry, copy_ntuser_dat.bat

Code:
@echo Copy ntuser.dat to the current directory

xcopy "M:\%homepath%\ntuser.dat" . /H /Y

@echo Remove the hidden attribute

attrib -h ntuser.dat


Another interesting usage of the tool is the complete backup of the system volume with ntbackup. I noticed thatntbackup does not read all the files
in the system directory and restoring the .bkf file in a preinstallation environment like BartPE creates an unbootable volume because of missing files.
The script below can be used to backup the system volume. You can use a BartPE disc to restore the operating system :

Backup_volume.bat

Code:
C:\WINDOWS\system32\ntbackup.exe backup "@D:\vscopy\Backup_job.bks" /n "Backup.bkf Date: 11.01.2010 , 10:10" /d "11.01.2010 - 10:42" /v:no /r:no /rs:no /hc:off /m normal /j "Backup_job" /l:s /Snap:Off /f "Z:\Backup.bkf"


Backup_job.bks ( UNICODE file )

Code:
M:\
M:\RECYCLER\ /Exclude
M:\System Volume Information\ /Exclude


The only trick in the script is to avoid running ntbackup in volume shadow copy mode as ntbackup is instructed to read the "M volume" containing the
shadow copy. You need to modify the source directory D:\vscopy to run the tool and the destination directory Z:\ to reflect the correct paths in your system.

Code:
vscopy.exe C: M: Backup_volume.bat


http://vortex.masmcode.com/files/vscopy10b1.zip
Back to top
View user's profile Send private message Visit poster's website
bogdanontanu
Site Admin


Joined: 01 Apr 2006
Posts: 783
Location: Sol, Earth, Europe, Romania, Bucuresti
PostPosted: Tue Jan 12, 2010 8:42 pm    Post subject: Reply with quote
Hi Vortex,
Thanks for this new and interesting sample.
_________________
Ambition is a lame excuse for the ones not brave enough to be lazy.
Back to top
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger
Vortex



Joined: 01 Jan 2008
Posts: 81
PostPosted: Sun Jan 24, 2010 4:53 pm    Post subject: Reply with quote
Here is V1.0 supporting both Windows XP and Server 2003.

http://vortex.masmcode.com/files/vscopy10.zip
Back to top
View user's profile Send private message Visit poster's website
bogdanontanu
Site Admin


Joined: 01 Apr 2006
Posts: 783
Location: Sol, Earth, Europe, Romania, Bucuresti
PostPosted: Tue Jan 26, 2010 12:14 am    Post subject: Reply with quote
Thank you again Smile
_________________
Ambition is a lame excuse for the ones not brave enough to be lazy.
Back to top
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger
Display posts from previous:   
Post new topic   Reply to topic    Solar Forums Forum Index -> Solar Assembler All times are GMT + 2 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group