Here is my new tool vscopy.exe , the volume shadow copy creator for Windows XP.
The volume shadow copy feature is a service to make a consistent backup of a volume. Accessing the volume shadow copy, you can copy files locked by the operating system and even backup a complete volume. The volume shadow copy ( VSC ) has an attribute of read-only and just one VSC instance per volume can be created. Windows XP cannot create persistant shadow copies surviving reboots.
The tool takes three command line parameters :
vscopy <volume_letter> <assigned_letter> <file_to_execute>The volume_letter represents the volume from which you wish to create the volume shadow copy.
The assigned_letter parameter is the letter assigned to the volume shadow copy. The symbolic name of a volume shadow copy is like the following :
\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1Assigning a letter to this path makes easier the access to the volume shadow copy.
The file_to_execute parameter can be any batch, .vbs or exe file handling the volume shadow copy. For example, a batch file named backup.bat could access the VSC to copy locked files.
Example usage:
vscopy.exe C: M: test.batC: is the volume selected to shadow copy.
M: is the letter assigned to the volume shadow copy.
Test.bat is a batch file to read the content of the VSC.
A typical output of the tool :
QuoteVolume shadow copy path = \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1
Snapshot release status = 0x0
Notice that the release status displaying a value of 0x0 indicates that the resources used by the VSC service is released successfully.
Test.bat can be coded to view the content of the VSC fixed to be "persistant" for a while :
@echo Assign a second letter to the VSC to view it via Windows Explorer
subst R: M:\
explorer R:
@echo Wait while the user reads data from the VSC
Pause
subst /D R:
Notice that this version works only on Windows XP as the methods exposed by the IvssBackupComponents interface are different across
different versions of Windows.
As I mentioned above, a typical usage of the volume shadow copy service is to access locked files. Another example, copying the current user hive
of the registry, copy_ntuser_dat.bat
@echo Copy ntuser.dat to the current directory
xcopy "M:\%homepath%\ntuser.dat" . /H /Y
@echo Remove the hidden attribute
attrib -h ntuser.datAnother interesting usage of the tool is the complete backup of the system volume with ntbackup. I noticed thatntbackup does not read all the files
in the system directory and restoring the .bkf file in a preinstallation environment like BartPE creates an unbootable volume because of missing files.
The script below can be used to backup the system volume. You can use a BartPE disc to restore the operating system :
Backup_volume.bat
C:\WINDOWS\system32\ntbackup.exe backup "@D:\vscopy\Backup_job.bks" /n "Backup.bkf Date: 11.01.2010 , 10:10" /d "11.01.2010 - 10:42" /v:no /r:no /rs:no /hc:off /m normal /j "Backup_job" /l:s /Snap:Off /f "Z:\Backup.bkf"
Backup_job.bks ( UNICODE file )
M:\
M:\RECYCLER\ /Exclude
M:\System Volume Information\ /ExcludeThe only trick in the script is to avoid running ntbackup in volume shadow copy mode as ntbackup is instructed to read the "M volume" containing the
shadow copy. You need to modify the source directory D:\vscopy to run the tool and the destination directory Z:\ to reflect the correct paths in your system.
vscopy.exe C: M: Backup_volume.batProject built with Solar Assembler version 0.33.04
http://vortex.masmcode.com/files/vscopy10b1.zip
Hi Vortex,
Thanks for creating another small and simple interesting sample .... and thanks for using Sol_Asm :U
very cool Erol :U
Here is V1.0 supporting both Windows XP and Server 2003.
http://vortex.masmcode.com/files/vscopy10.zip
Thank you again :U
very useful tool, Vortex :)
just to let you know, it didn't work for me on windows 7 64-bit.
maybe it's a windows 7 issue or maybe it's problem with 32-bit/64-bit code..not sure really.
i was running cmd.exe as administrator but the error i got back was:
Volume shadow could not be created - InitializeForBackup error = 0x80042302
in the application event logs were 2 entries
QuoteVolume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered. This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider. The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name IVssCoordinatorEx2 is [0x80040154, Class not registered
].
Operation:
Instantiating VSS server
QuoteVolume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154, Class not registered
.
Operation:
Instantiating VSS server
Kernel_Gaddafi,
Quote from: VortexNotice that this version works only on Windows XP
later
Quote from: VortexHere is V1.0 supporting both Windows XP and Server 2003.
Yes, I can read Greg Lyon.
thanks
Quote from: Kernel_GaddafiYes, I can read Greg Lyon.
Then why are you wondering why it isn't working on Windows 7 64-bit?
some 32-bit programs can run on 64-bit windows without any problem at all, as you probably know.
i assumed my post might be useful information for Vortex if he ever wanted functionality on 64-bit o/s.
32-bit version of hobocopy (http://sourceforge.net/projects/wangdera/files/HoboCopy/) for win2k3 will also run on 32-bit vista and win7.
I wasn't attempting to belittle the usefulness of the program because IT IS definitely very useful..just not on 64-bit operating systems.
Kernel_Gaddafi,
I see. I misunderstood.
Peace.
no worries :bg
Hi Kernel_Gaddafi,
The methods of the interface IVssBackupComponents are not the same on every version of Windows. I have to modify the source code to work on Windows 7. Thanks for your kind words. I hope I will be able to release a new version for Windows 7.
It probably makes sense to do an OS version detect and have different code for different OS versions. So far almost everything has run on Win7 64 bit but I have yet to do any serious testing on it yet.
just thought i'd mention Win32_ShadowCopy (http://msdn.microsoft.com/en-us/library/aa394428(VS.85).aspx) for anyone interested.
there's a method to create shadow copy of drive for local or remote machine so long as the class is supported..
i tried using VBScript running on Windows 7 Ultimate x64 and it worked fine..
against win2k8 32-bit remotely, it worked fine..but not XP 32-bit locally or remotely.
probably some patch or software is missiing on my xp 32-bit because vscopy and hobocopy didn't work either.
anyway, the vbscript was this.
Set loc = CreateObject("WbemScripting.SWbemLocator")
Set svc = loc.ConnectServer("192.168.1.2", "root\cimv2", "corp\administrator", "password")
Set shadow = svc.Get("Win32_ShadowCopy")
errResult = shadow.Create("C:\", "ClientAccessible", strShadowID)
if errResult <> 0 Then
wscript.echo "Error:" & errResult
else
wscript.echo "Created Shadow successfully"
Set colItems = svc.ExecQuery("Select * From Win32_ShadowCopy Where ID = '" & strShadowID & "'")
For Each objItem in colItems
Set objFSO = CreateObject("Scripting.FileSystemObject")
WScript.Echo "Path to files is " & objItem.DeviceObject
objItem.Delete_
Next
end if
although the above is for a remote machine..some examples which i worked off show local access here (http://www.activexperts.com/activmonitor/windowsmanagement/scripts/shadowcopy/)
btw, i didn't copy files from the remote machine, don't know how you could do it.
CopyFile / CopyFolder from FileSystemObject don't seem to like UNC paths such as \\?\GLOBALROOT
maybe someone will figure out how to solve this, but i'm guessing it would be better to write app in HLL which uses CopyFile() and then execute remotely using something like psexec.
Hi Kernel_Gaddafi,
First of all, many thanks for the links. Much appreciated.
The volume shadow copy is a read-only portion of the hard disc which cannot be shared.
I tried to run the Create a Shadow Copy example on my XP SP3 machine but the script displayed an error mesage. I checked the Win32_ShadowCopy Class to see the requirements for usage :
http://msdn.microsoft.com/en-us/library/aa394428%28VS.85%29.aspx
QuoteMinimum supported client
None supported
Minimum supported server
Windows Server 2003
At work, I can try the script on a server running Windows 2003. The same requirements applies for the other class Win32_ShadowStorage, no any supported client OS.
hey Vortex
yeah, seems anything predating windows 2003 doesn't support Win32_ShadowCopy class which is a pity.
to tell the truth, i was looking for myself what would be the best way to implement volume shadow copy given the differences between XP
and Win2k3..etc for both 32-bit/64-bit architectures.
i was leaning towards Win32_ShadowCopy but unfortunately it isn't available on XP.
Hi Kernel_Gaddafi,
Yes, it's sad there is no support for XP regarding this area. It looks like that Windows 7 can benefit more the Volume Shadow Copy Service.
Here is a new release supporting Windows 7
Version 1.01 fixing some bugs in vscopy for Windows XP and Server 2003
http://vortex.masmcode.com/files/vscopy101.zip