search

candera / shadowspawn

A Windows utility that mounts a shadow copy of the disk at a drive letter and then spawns an arbitrary command.
MIT License
184 stars 55 forks source link

Issue with not showing any files #16

Open Welberg opened 11 years ago

Welberg commented 11 years ago

The idea is to get a copy of the windows.edb file and copy it via robocopy. As robocopy does not copy any files I created a "DIR001".cmd. I start via Startup.cmd

Startup.cmd:

ShadowSpawn /verbosity=4 "C:\ProgramData\Microsoft\Search\Data\Applications\Windows" Q: DIR001.cmd > c:\vvh.txt 2>&1

DIR001.cmd dir C:\ProgramData\Microsoft\Search\Data\Applications\Windows dir Q:\ echo started Q:\vvh.txt echo started >Q:\vvh.txt

dir Q:\

OUTPUT vvh.txt ShadowSpawn (c) 2011 Craig Andera. shadowspawn@wangdera.com

Argument 0: ShadowSpawn Argument 1: /verbosity=4 Argument 2: C:\ProgramData\Microsoft\Search\Data\Applications\Windows Argument 3: Q: Argument 4: DIR001.cmd Calling CoInitialize ......... Calling SetBackupState Calling PrepareForBackup Waiting for call to PrepareForBackup to finish... Call to PrepareForBackup finished. Calling DoSnapshotSet Waiting for call to DoSnapshotSet to finish... Call to DoSnapshotSet finished. Calling GetSnapshotProperties Calling CalculateSourcePath Calling DefineDosDevice to mount device. Launching command: DIR001.cmd

I:\tools21>dir C:\ProgramData\Microsoft\Search\Data\Applications\Windows Het volume in station C heeft geen naam. Het volumenummer is 0ADF-2A7A

Map van C:\ProgramData\Microsoft\Search\Data\Applications\Windows

14/09/2013 21:11

. 14/09/2013 21:11 .. 17/06/2013 18:12 Config 17/06/2013 18:12 GatherLogs 14/09/2013 21:16 8.192 MSS.chk 14/09/2013 21:11 1.048.576 MSS.log 14/09/2013 21:11 1.048.576 MSS0081D.log 17/06/2013 18:12 1.048.576 MSSres00001.jrs 17/06/2013 18:12 1.048.576 MSSres00002.jrs 14/09/2013 21:11 0 MSStmp.log 17/06/2013 18:12 Projects 13/09/2013 19:22 8.454.144 tmp.edb 13/09/2013 19:22 310.444.032 Windows.edb 8 bestand(en) 323.100.672 bytes 5 map(pen) 86.148.792.320 bytes beschikbaar

I:\tools21>dir Q:\ Het volume in station Q heeft geen naam. Het volumenummer is 0ADF-2A7A

Map van Q:\

14/09/2013 21:55

. 14/09/2013 21:55 .. 17/06/2013 18:12 Config 17/06/2013 18:12 GatherLogs 17/06/2013 18:12 Projects 0 bestand(en) 0 bytes 5 map(pen) 85.656.838.144 bytes beschikbaar

I:\tools21>echo started Q:\vvh.txt started Q:\vvh.txt

I:\tools21>echo started 1>Q:\vvh.txt Het medium is tegen schrijven beveiligd.

I:\tools21>dir Q:\ Het volume in station Q heeft geen naam. Het volumenummer is 0ADF-2A7A

Map van Q:\

14/09/2013 21:55

. 14/09/2013 21:55 .. 17/06/2013 18:12 Config 17/06/2013 18:12 GatherLogs 17/06/2013 18:12 Projects 0 bestand(en) 0 bytes 5 map(pen) 85.656.838.144 bytes beschikbaar Launched command finished with exit code: 0. Calling DefineDosDevice to remove device. Calling BackupComplete Waiting for call to BackupComplete to finish... Call to BackupComplete finished. Shadowing successfully completed.

What am I doing wrong/is going wrong?

Vincent

candera commented 11 years ago

One possibility is that the Volume Shadow Service is skipping those files by design. The registry keys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToBackup and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot specify files that VSS - and therefore shadowspawn - will not put in a snapshot set. Does anything in there look like it's the problem?