Wednesday, September 26, 2012

Latest ShadowCopy Research - Part 2


The latest Volume Shadow Copy Code Samples from Microsoft


So i just posted Part 1 discussing diskshadow. Now I'm excited to discuss some new code samples from Microsoft. We all hate the upgrade cycle. Microsoft is going to drag us down the update cycle kicking and screaming, but perhaps there are some good reasons for us to look at upgrading in the near future.


While seaching in vain for code examples of VSC API code for exposing Shadows that actually work I found MSDN code samples for VSC's. The code samples are in C++ and only work in Windows 8 (unfortunately). The code is a rare glimmer of hope... Too bad they aren't in C# or VB.NET. I'm not much of a C++ guy.

A few examples below have me really excited. Keep reading and you'll see why. The examples speak for themselves so I won't regurgitate here. I can't wait to play around with these more once I have a better Win 8 environment.

I compiled and tested the code on my Windows 7 box (in VS 2012) and the samples really do only run on Windows 8. The code checks the OS version. I tried removing the check, re-compiled but then got COM+ exceptions; so it's clear the COM in Windows 8 has changed. The code samples have mostly the same features as diskshadow but of course you get to see how they invoke the COM which could be useful. Hopefully some C# or VB samples are released soon.

  
That's all for now. If you find more send me a link. I am starting to think about ShadowKit v2 and I'm in the research phase right now.  If i end up having to go Windows 8 + dot net 4.5 to get what I want then that is where I'll go.

Enjoy!


Some exciting Windows 8 Examples:

 

VShadow Tool Examples

http://msdn.microsoft.com/en-us/library/windows/desktop/Bb530726




Volume Shadow Copy Service hardware provider sample

http://code.msdn.microsoft.com/VSS-Sample-Provider-3096be2a


Posted by at No comments:

Latest ShadowCopy Research - Part 1

Latest ShadowCopy Research - Part 1


It's been a while since I posted anything new regarding shadow copies. Microsoft never fails to drive me to despondent frustration because of poorly documented api's, broken examples and circular links. Putting that aside I have a few new discoveries that I really wanted to get down in writing before they went poof due to work priorities. I broke the posts up in to two parts to keep it simple.


So diskshadow looks very promising. According to this Technet article it is in Windows Server 2008 and now in Windows 8. The article was publish in April however it looks like diskshadow was introduced with Windows Server 2008 so it's not new (it's new to me though).  I was not able to find it in my Win8 Enterprise RTM virtual machine (what's up with that?) but verified it exists on Server 2008. It's possible it ships with a different Win 8 package than RTM.

diskshadow
Write up #1
Write up #2

Why you should care...
 
According to the link diskshadow will allow you to expose a shadow as a drive letter*. Diskshadow also supports some basic scripting which will should get you all gitty with excitement. For recovering shadows this app could make a lot of Digital Forensics and Incident Response peoples days a little easier.






*Let me say that I have not had a chance to do testing yet. It's possible Microsoft stiffed us and only made diskshadow work with Win8 ShadowCopies. I'm looking forward to finding out if i can mount a vhd from Win7 in Windows 8 and Expose the shadow's as drive letter using diskshadow.
Posted by at No comments:

Thursday, September 6, 2012

ShadowKit 1.5 update released

ShadowKit 1.5 update released. More bug squashing.

To review Changelog
To Download


Enjoy!
Dave
Posted by at No comments:

Tuesday, August 14, 2012

ShadowKit 1.4 released

ShadowKit 1.4 released. UI improvements and bug squashing. Hopefully the last 1.x version before new features. Please upgrade.

To review Changelog
To Download


Enjoy!
Dave
Posted by at No comments:

Tuesday, August 7, 2012

ShadowKit v1.3 released!

ShadowKit v1.3 has been released. This is all bug fixes. Highly recommend upgrading.

Download
*I'm now providing stand alone exe for portable use. You will still need .Net 4 installed run it.


To review Changelog
 *Major bug fix related to clicking export on an empty directory. If you do so windows dumped a directory from the host machine not the Shadow Copy (since there wasn't anything to export?), very bizarre. Now if directory is empty export is disabled. Always check your work.

It's too hot in Texas for coding right now..
Enjoy!
Posted by at No comments:

Wednesday, July 4, 2012

ShadowKit v1.2 Released!

ShadowKit v1.2 has been released. This version includes bug fixes and a few minor user interface enhancements. Below is list of changes in the new version.

Changelog
v1.2
Bug Squashing
-Added double quotes to CSV output for better data handling.
-Added header to CSV output.
-Added cleanup of temp files created by file open, clean at application exit.
UI changes
-Extension filter now auto refreshes.
-Added textbox to show a Shadows local mount point, size and serial.
-Moved extension filter.
-Fixed incorrect "Object Count" shown in status bar during export in some cases.
-Added logging of error to manifest when file in use by os... still throws error as before after logging.

Download Link
ShadowKit_v1.2.msi



Happy 4th.
Enjoy!
Posted by at No comments:
Subscribe to: Comments (Atom)