Jump to content
Sign in to follow this  
Sundance

ShadowCopy creation

Recommended Posts

I just came to mind that for AddToSnapshotSet you need to distinguish between 32 and 64 bit.

32 bit:

; Definition
"AddToSnapshotSet hresult(wstr; uint64; uint64; ptr);"

; Call
Local $tElem = DllStructCreate("uint64[2];", DllStructGetPtr($GUID_NULL))
$oIVssBackupComponents.AddToSnapshotSet("D:\", DllStructGetData($tElem, 1, 1), DllStructGetData($tElem, 1, 2), $pID_D)

64 bit:

; Definition
"AddToSnapshotSet hresult(wstr; ptr; ptr);"

; Call
$oIVssBackupComponents.AddToSnapshotSet("D:\", DllStructGetPtr($GUID_NULL), $pID_D)

I'm pretty sure that this implementation will work for the second parameter.

And I think it's only one backslash. But this should not make the script crash.

By the way rain in Copenhagen.

Edit: Backslash

Edited by LarsJ

Share this post


Link to post
Share on other sites

when I find GUID structure it looks like this...

typedef struct _GUID {
    unsigned long  Data1;
    unsigned short Data2;
    unsigned short Data3;
    unsigned char  Data4[ 8 ];
} GUID;

Is yours the same?

 

Hi John,

yes it is the same. I also played with a byte[16] structure. Cause I don't know when using DllStructGet with selected element 1 will see the whole GUID struct or only the first long value.

Thanks for the tips John...!

Share this post


Link to post
Share on other sites

Hi Lars,

how the hell got you that knowledge from? It is adding the drive to the snapshotset!

How should I know to make the method with four parameters when under 32bit? Perfect!!!

Now I'am with the last command DoSnapShot with the double indirect pointer. Hope that at least this I can achive..

See you later guys. Hopefully with a shadowcopy :-)

happy sunday

Sundance

 

PS: 2 hours later: Puuhhh. I think I must create a Async interface cause the DoSnapShot returns a double indirect pointer to a Async interface.

(C++ sample code)

IVssAsync *async;

result = backupComponents->DoSnapshotSet(&async);

But I don't know how to create the interface without knowing the clsid. Or I'am completly on the wrong train. Can't imagine how to 'connect' the given double pointer to the interface which is an object type...

This is really bad. Microsft isn't really a help here. In c++ its much easier but I don't wan't to learn c++ again :-)

Hope that I get some light tomorrow...

; creating Async interface
=> WRONG => Global Const $sCLSID_IVssAsync = "{C7B98A22-222D-4e62-B875-1A44980634AF}"
Global Const $sIID_IVssAsync = "{507C37B4-CF5B-4e95-B0AF-14EB9767467E}"
Global Const $dtag_IVssAsync = _
  "Cancel hresult();" & _  ; <-- Add parameters for all methods
  "QueryStatus hresult(ptr; ptr);" & _
  "Wait hresult(int64);"
$oIVssAsync = ObjCreateInterface( $sCLSID_IVssAsync, $sIID_IVSSAsync, $dtag_IVssAsync )
Edited by Sundance

Share this post


Link to post
Share on other sites

Sundance, You master of the COM interfaces, you just use that returned interface pointer instead of $sCLSID_IVssAsync, and it'll work.

Share this post


Link to post
Share on other sites

LOL Lars. Thanks for the nice words but I'am lightyears away from mastering. :-)

The $sCLSID_IVssAsync GUID is wrong. I saw that its just the IID for Windows XP Async interface.

So now I'am stuck. I can't call ObjCreateInterface cause I have no $sCLSID_IVssAsync value. I have no returned interface pointer to use.

Its really disturbing but good to see I wasn't totally wrong...

Share this post


Link to post
Share on other sites

You don't need $sCLSID_IVssAsync. You use the returned interface pointer from DoSnapshotSet in the same way as you did for IVssBackupComponents:

 

$oIVssAsync = ObjCreateInterface( $pAsync, $sIID_IVSSAsync, $dtag_IVssAsync )

Note that the parameter from DoSnapshotSet is an output parameter.

Edited by LarsJ

Share this post


Link to post
Share on other sites

Sundance, Try this:

DoSnapshotSet:

; Definition
"DoSnapshotSet hresult(ptr*);"

; Call
Local $pAsync
$oIVssBackupComponents.DoSnapshotSet( $pAsync )
If $pAsync Then
  ConsoleWrite( "$pAsync = " & Ptr( $pAsync ) & @CRLF )
Else
  ConsoleWrite( "$pAsync ERR" & @CRLF )
EndIf

IVssAsync interface definition (in proper v-table order):

Global Const $sIID_IVssAsync = "{507C37B4-CF5B-4e95-B0AF-14EB9767467E}"
Global Const $dtag_IVssAsync = _
  "Cancel hresult();" & _
  "Wait hresult(dword);" & _             ; Read the docu about parameters
  "QueryStatus hresult(hresult*; int*);" ; Read the docu about parameters

Create IVssAsync interface with $pAsync above:

$oIVssAsync = ObjCreateInterface( $pAsync, $sIID_IVSSAsync, $dtag_IVssAsync )
If IsObj( $oIVssAsync ) Then
  ConsoleWrite( "$oIVssAsync OK" & @CRLF )
Else
  ConsoleWrite( "$oIVssAsync ERR" & @CRLF )
EndIf

Call IVssAsync.QueryStatus:

Local $hresult
$oIVssAsync.QueryStatus( $hresult, 0 )
ConsoleWrite( "$hresult = " & $hresult & @CRLF )

Share this post


Link to post
Share on other sites

So master Lars.

IT IS DONE!  :-)

After reading a nice sheet from MS which additional commands we need it now functions.

IC502117.png

The added script will take a shadow copy snapshot of drive C: and D:   (under a 32Bit >=Vista operating system)

I'am very thankfull of your valuable help Lars!!! Without you I hadn't no chance of doing this. :thumbsup:

 

:sorcerer:

 

Now we can do shadowcopies directly with AutoIt.

Thanks!

Sundance

COMshadow.au3

Edited by Sundance

Share this post


Link to post
Share on other sites

Hey sundance, this stuff is proper over my head, and even after a wiki read on shadow copy I'm still lost.

so in that vain I have a dumbass question, can this software tech be used to create and restore a drive image?


AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Share this post


Link to post
Share on other sites

Hi John,

yes. A shadowcopy is the base of a drive image. Even a running OS can be imaged with that.

After making a shadowcopy you should open the given volumename of the snaphot with _WinAPI_CreateFile and then read the whole volume with WinAPI_ReadFile. So you can then write the read data to a file with WinAPI_WriteFile :-)

Thats it :-) 

You also can copy single files which are in use by the operating system with the help of a shadowcopy.

Edited by Sundance

Share this post


Link to post
Share on other sites

Oh. Here is some additional code for deleting the shadow copys :-)

"DeleteSnapshots hresult(uint64;uint64; int; BOOL; ptr; ptr);"    ; method definition
MsgBox(0,"","Press okay to delete snapshotset")

    Local $DelSnapShots = DllStructCreate("long")
    Local $pDelSnapShots = DllStructGetPtr($DelSnapShots)
    Local $NonDelSnapShotGUID = DllStructCreate($tagGUID)
    $tElem = DllStructCreate("uint64[2];", DllStructGetPtr($SetIdentifier))
    $iResult = $oIVssBackupComponents.DeleteSnapshots(  DllStructGetData($tElem, 1, 1), DllStructGetData($tElem, 1, 2), $VSS_OBJECT_SNAPSHOT_SET, 1, $pDelSnapShots, DllStructGetPtr($NonDelSnapShotGUID))
    ConsoleWrite("deleting snapshotset " & _WinAPI_StringFromGUID(DllStructGetPtr($SetIdentifier,1)) & " returned with: " & Hex($iResult) & @CRLF)
    ConsoleWrite( "and " & DllStructGetData($DelSnapShots,1) & " deleted snapshots" & @CRLF )



Edited by Sundance

Share this post


Link to post
Share on other sites

Sundance, this is excellent. I did a test yesterday evening. It works on Win 7 64 bit, too (with the proper version of AddToSnapshotSet).

This is the output in Scite console:

CreateVssBackupComponentsInternal: 0   0x0000000000000000  0x0000000000B7AC60
$oIVssBackupComponents OK
Initializing done.
setting backup state done.
calling GatherWriterMetadata done. $pAsync: 0x0000000000AA9930
$oIVssAsync OK
waiting for asynchronous operation to finish ..........
Status:0x0004230A
setting context done.
starting snapshot set done. ( {5F86E2FD-7002-425A-A776-2D2EC2E93760} )
adding d:\ to snapshot set done. ({05355DD6-7326-4A6C-8A4D-0ACF3E38C202})
PrepareForBackup return: 00000000
$pAsync = 0x0000000000AA9B70
$pAsync = 0x0000000000AA9B70
$oIVssAsync OK
waiting for asynchronous operation to finish ............
Status:0x0004230A
GatherWriterStatus return: 00000000
$pAsync = 0x0000000000AA9930
$pAsync = 0x0000000000AA9930
$oIVssAsync OK
waiting for asynchronous operation to finish ........................
Status:0x0004230A
DoSnapshotSet return: 00000000
$pAsync = 0x0000000000AA9B70
$pAsync = 0x0000000000AA9B70
$oIVssAsync OK
waiting for asynchronous operation to finish .......................................................................................................................................................................................................................................
Status:0x0004230A

What do I do next? How do I make backup and restore? What do you do? Can you show some code?

Regards Lars.

Share this post


Link to post
Share on other sites

Hi Lars,

fine that it works also on Win7 64Bit.

I'am not that far but I wanted to create shadow copies and then to give the user the possibility in showing the shadow copy within the normal windows explorer. There are also methods for showing the created set IDs and which shadow copies they contain. But this can also be achieved with WMI. Its much easier. Then when having the shadow copy volume path you enter it in the windows explorer. :-)

Share this post


Link to post
Share on other sites

With the help of the GUIDs from the drive letters we can use WMI to get the volume path. At work I can take a look for some WMI code. I can write a function which will show you the volume path of a given shadow copy GUID.

Share this post


Link to post
Share on other sites

So I modified the script a little bit. Now the script will create to hardlinks on drive c called "shadowcopy_C" and "shadowcopy_D". They contain the shadowcopies. You can explore them and copy files from them. After acknowledge the messagebox the hardlinks and the shadow copies will be deleted.

This is the WMI function which returns the shadow copy volume path of a given ID.

Func ShowShadowcopyVolumepath($sGUID)

Local $objWMIService = ObjGet('winmgmts:{impersonationLevel=impersonate}!\\' & @ComputerName & '\root\cimv2')

$colItems = $objWMIService.ExecQuery("Select " & "*" & " from Win32_ShadowCopy")

For $oItem In $colItems
    If $oItem.ID = $sGUID Then
        ConsoleWrite("original volume name : " & $oItem.VolumeName & @CRLF)
        ConsoleWrite("shadowcopy volumepath: " & $oItem.DeviceObject & @CRLF)   ; volumepath of the shadowcopy
        Return $oItem.DeviceObject
    EndIf
Next

EndFunc

COMshadow.au3

Share this post


Link to post
Share on other sites

@Lars: The AddToSnapshotSet under 64bit method definition. Does it look like this? (Can't test it at the moment)

AddToSnapshotSet hresult(wstr; uint64; ptr);

And would this the corresponding code?

$tElem = DllStructCreate("uint64;", DllStructGetPtr($GUID_NULL))
$iResult = $oIVssBackupComponents.AddToSnapshotSet($sSource, DllStructGetData($tElem, 1), $pID)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...