We have one snapshot volume and we would like to know a volume whose snapshot it is.
Thanks in advance.
Rohit
> We have one snapshot volume and we would like to know a volume whose
snapshot it is.
You’ll need to pop up to usermode and use the VSS apis. There’s an SDK
kicking around somewhere. Last time I looked it was quite old, but nothing
should have changed.
R
Rod,
We do not have user mode component is there any kernel mode equivalent way of achieving this.
Thanks,
R
> is there any kernel mode equivalent way of achieving this.
Well there probably is if you are Microsoft :-), but I know of none and
certainly of no supported mechanism (I’d grep include\km for “vss” to be
double sure).
I’m pretty sure that this has cropped up in this list every year or too and
I’ve never heard of a supported mechanism.
R
#define IOCTL_VOLSNAP_QUERY_ORIGINAL_VOLUME_NAME
CTL_CODE(VOLSNAPCONTROLTYPE, 100, METHOD_BUFFERED, FILE_READ_ACCESS)
Output buffer:
typedef struct _VOLSNAP_NAMES {
ULONG MultiSzLength;
WCHAR Names[1];
} VOLSNAP_NAMES, *PVOLSNAP_NAMES;
On Mon, May 28, 2018 at 8:28 AM Rod Widdowson <
xxxxx@lists.osr.com> wrote:
> > is there any kernel mode equivalent way of achieving this.
>
> Well there probably is if you are Microsoft :-), but I know of none and
> certainly of no supported mechanism (I’d grep include\km for “vss” to be
> double sure).
>
> I’m pretty sure that this has cropped up in this list every year or too
> and
> I’ve never heard of a supported mechanism.
>
> R
>
>
> —
> NTFSD is sponsored by OSR
>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer>
>
–
Jamey Kirby
Disrupting the establishment since 1964
This is a personal email account and as such, emails are not subject to
archiving. Nothing else really matters.</http:>
Thank You James,
I will try this method.
R
> #define IOCTL_VOLSNAP_QUERY_ORIGINAL_VOLUME_NAME CTL_CODE(VOLSNAPCONTROLTYPE, 100, METHOD_BUFFERED, FILE_READ_ACCESS)
Jamey Kirby
Thanks Jamey, I’m educated…
Jamey,
I tried this way but still not working.
my code snippet:
pvolsnapNames = ExAllocatePoolWithTag(PagedPool, (sizeof(VOLSNAP_NAMES) + (MAX_PATH * sizeof(WCHAR))), TEST_TAG);
if (NULL == pvolsnapNames)
{
return STATUS_INSUFFICENT_RESOURCES;
}
RtlZeroMemory(pvolsnapNames, (sizeof(VOLSNAP_NAMES) + (MAX_PATH * sizeof(WCHAR))));
pvolsnapNames->MultiSzLength = MAX_PATH * sizeof(WCHAR);
status = TestSendIoctl(
DeviceObject,
IOCTL_VOLSNAP_QUERY_ORIGINAL_VOLUME_NAME,
&pvolsnapNames,
(sizeof(VOLSNAP_NAMES)* MAX_PATH * sizeof(WCHAR))
);
if (!NT_SUCCESS(status)) {
return status;
}
Rohit
What does “not working” mean? Crashes? Hangs? Fails? Returns the wrong name?
IIRC this query won’t succeed until some time after the shadow volume instantiates.
-scott
OSR
Scott,
Not working means the structure still remains empty after IOCTL success.
typedef struct _VOLSNAP_NAMES {
ULONG MultiSzLength;
WCHAR Names[1];
} VOLSNAP_NAMES, *PVOLSNAP_NAMES;
Names parameters remains empty.
-Rohit
Let me see if I can dig up some old code. I used this IOCTL for a while to
bind the snapshot to the volume in my filter until I realized there was no
need, so I stopped using the code.
On Wed, Jun 6, 2018 at 3:49 AM xxxxx@gmail.com <
xxxxx@lists.osr.com> wrote:
Scott,
Not working means the structure still remains empty after IOCTL success.
typedef struct _VOLSNAP_NAMES {
ULONG MultiSzLength;
WCHAR Names[1];
} VOLSNAP_NAMES, *PVOLSNAP_NAMES;Names parameters remains empty.
-Rohit
NTFSD is sponsored by OSR
MONTHLY seminars on crash dump analysis, WDF, Windows internals and
software drivers!
Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer>
>
–
Jamey Kirby
Disrupting the establishment since 1964
This is a personal email account and as such, emails are not subject to
archiving. Nothing else really matters.</http:>
And remember the returned string is multiz.
Do you get a valid return size from the IOCTL?
On Wed, Jun 6, 2018 at 10:03 AM Jamey Kirby wrote:
> Let me see if I can dig up some old code. I used this IOCTL for a while to
> bind the snapshot to the volume in my filter until I realized there was no
> need, so I stopped using the code.
>
>
> On Wed, Jun 6, 2018 at 3:49 AM xxxxx@gmail.com <
> xxxxx@lists.osr.com> wrote:
>
>> Scott,
>>
>> Not working means the structure still remains empty after IOCTL success.
>>
>> typedef struct _VOLSNAP_NAMES {
>> ULONG MultiSzLength;
>> WCHAR Names[1];
>> } VOLSNAP_NAMES, *PVOLSNAP_NAMES;
>>
>> Names parameters remains empty.
>>
>> -Rohit
>>
>> —
>> NTFSD is sponsored by OSR
>>
>>
>> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
>> software drivers!
>> Details at http:
>>
>> To unsubscribe, visit the List Server section of OSR Online at <
>> http://www.osronline.com/page.cfm?name=ListServer>
>>
>
>
> –
> Jamey Kirby
> Disrupting the establishment since 1964
>
> This is a personal email account and as such, emails are not subject to
> archiving. Nothing else really matters.
>
–
Jamey Kirby
Disrupting the establishment since 1964
This is a personal email account and as such, emails are not subject to
archiving. Nothing else really matters.</http:>
Where/when are you making the call? I have run into the issue where I was
calling it too early; before VSS had completed setting up it’s internal
data structures; like in the add device completion handler. I don’t
remember the details, but the IOCTL does work. I’ve used it.
On Wed, Jun 6, 2018 at 10:05 AM Jamey Kirby wrote:
> And remember the returned string is multiz.
>
> Do you get a valid return size from the IOCTL?
>
>
> On Wed, Jun 6, 2018 at 10:03 AM Jamey Kirby wrote:
>
>> Let me see if I can dig up some old code. I used this IOCTL for a while
>> to bind the snapshot to the volume in my filter until I realized there was
>> no need, so I stopped using the code.
>>
>>
>> On Wed, Jun 6, 2018 at 3:49 AM xxxxx@gmail.com <
>> xxxxx@lists.osr.com> wrote:
>>
>>> Scott,
>>>
>>> Not working means the structure still remains empty after IOCTL
>>> success.
>>>
>>> typedef struct _VOLSNAP_NAMES {
>>> ULONG MultiSzLength;
>>> WCHAR Names[1];
>>> } VOLSNAP_NAMES, *PVOLSNAP_NAMES;
>>>
>>> Names parameters remains empty.
>>>
>>> -Rohit
>>>
>>> —
>>> NTFSD is sponsored by OSR
>>>
>>>
>>> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
>>> software drivers!
>>> Details at http:
>>>
>>> To unsubscribe, visit the List Server section of OSR Online at <
>>> http://www.osronline.com/page.cfm?name=ListServer>
>>>
>>
>>
>> –
>> Jamey Kirby
>> Disrupting the establishment since 1964
>>
>> This is a personal email account and as such, emails are not subject to
>> archiving. Nothing else really matters.
>>
>
>
> –
> Jamey Kirby
> Disrupting the establishment since 1964
>
> This is a personal email account and as such, emails are not subject to
> archiving. Nothing else really matters.
>
–
Jamey Kirby
Disrupting the establishment since 1964
This is a personal email account and as such, emails are not subject to
archiving. Nothing else really matters.</http:>