Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
688 views
in Technique[技术] by (71.8m points)

windows - Accessing Volume Shadow Copy (VSS) Snapshots from powershell

I am attempting to create and access a Volume Shadow Copy snapshot using the Windows Power Shell in Windows 7. I found that I can create snapshots using the following via a previous superuser question:

(Get-WmiObject -list win32_shadowcopy).create("C:","ClientAccessible")

I am unable to find any documentation indicating that it is possible to set a shadow copy to "Exposed" so that it can be mapped to a drive letter using WMI. An article linked in the same question shows a hack using a junction to access the snapshot.

When I try to access the symlink, I get the following:

PS C:Windowssystem32> ls C:shadowcopy
Get-ChildItem : The parameter is incorrect.

At line:1 char:3
+ ls <<<<  C:shadowcopy
    + CategoryInfo          : ReadError: (C:shadowcopy:String) [Get-ChildItem], IOException
    + FullyQualifiedErrorId : DirIOError,Microsoft.PowerShell.Commands.GetChildItemCommand

Attempting to access the snapshot directly gives the following:

PS C:Windowssystem32> ls '\?GLOBALROOTDeviceHarddiskVolumeShadowCopy14'
Get-ChildItem : Paths that begin with \?GlobalRoot are internal to the kernel and should not be opened by managed applications.
At line:1 char:3
+ ls <<<<  '\?GLOBALROOTDeviceHarddiskVolumeShadowCopy14'
    + CategoryInfo          : NotSpecified: (:) [Get-ChildItem], ArgumentException
    + FullyQualifiedErrorId : System.ArgumentException,Microsoft.PowerShell.Commands.GetChildItemCommand

How can I access a VSS snapshot from a powershell script?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

How did you create the symlink? As outlined in that article, you have to specify the device path with a trailing backslash:

$s1 = (Get-WmiObject -List Win32_ShadowCopy).Create("C:\", "ClientAccessible")
$s2 = Get-WmiObject Win32_ShadowCopy | Where-Object { $_.ID -eq $s1.ShadowID }
$d  = $s2.DeviceObject + "\"

Then $d is your volume letter specifier:

cmd /c mklink /d C:shadowcopy "$d"

After this, I was able to access the shadow copy mounted to C:shadowcopy just fine.

To unmount the shadow copy call $s2.Delete(), as @KeyszerS pointed out in the comments.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...