Windows: Copy and backup open files with a batchfile

Hi

sometimes you want to copy files which are exclusively locked by other processes.

This can be done s by using volume shadow copies. Out of the box it is not possible to do this at command line.

The Tool you need is vshadow.exe which is part of the Microsoft Windows SDK. Install the SDK. The executable can then be found in the folder “Microsoft SDKs\Windows\v7.1\Bin\vsstools”.

Note: You can copy all files by using volume shadow copies, but keep in mind you can only make consistent backups of files which are covered my a vss writer. Means if a snapshot is taken the vss writer ensures that the file(s) on the disk(s) is/are in a consistent state. For example an SQL Server. The vss writer of the SQL Server brings the whole database, and all files which belongs to, in an state where you can backup it by simply copying the files from the snapshot.

A list of files and folders which are affected by which writer can be get by

c:\> vshadow.exe -wm

Lets start backup. Create a snapshot of the drive on which the files resist you want to copy. In this example i will copy the HKEY_LOCAL_MACHINE\Software Registry hive. The correspondent file is %SystemRoot%\System32\config\SOFTWARE.

If you try to copy it you’ll get an error.

C:\>copy %SystemRoot%\System32\config\SOFTWARE D:\Temp
The process cannot access the file because it is being used by another process.
0 file(s) copied.

This file is part of the VSS “Registry Writer”


* WRITER "Registry Writer"
    - WriterId   = {afbab4a2-367d-4d15-a586-71dbb18f8485}
    - InstanceId = {6471eea9-f4ad-4ef4-88b7-b6b49dd29def}
    - Supports restore events = FALSE
    - Writer restore conditions = VSS_WRE_NEVER
    - Restore method = VSS_RME_RESTORE_AT_REBOOT_IF_CANNOT_REPLACE
    - Requires reboot after restore = TRUE
    ....
       - Affected paths by this component:
         - C:\WINDOWS\System32\SMI\Store\Machine
         - C:\WINDOWS\system32\config
    ....

Take a persitent (to expose it later) snapshot of the C: Drive. The script parameter creates a file which contains environment variables with information of the snapshot just created. If your file is not affected my any writer append the no writer switch -nw. This speeds up the creation of the snapshot.

C:\> vshadow.exe -p -script=env.cmd C:

Note: If you got an error “ERROR: COM call “m_pVssObject->InitializeForBackup()” failed. Then you use vshadow with the wrong CPU architecture. Only x64 binaries work on x64 system.

To use those variables simply execute the cmd file

C:\> env.cmd
[This script is generated by VSHADOW.EXE for the shadow set {bc471dd4-fdb6-4fd7-a3db-997639f59dae}]
SET SHADOW_SET_ID={bc471dd4-fdb6-4fd7-a3db-997639f59dae}
SET SHADOW_ID_1={a167f0ca-aa23-466b-839c-0f1a68e3866c}
SET SHADOW_DEVICE_1=\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1

Create an directory to expose the snapshot.

c:\> mkdir D:\mnt

And expose the snapshot in an (empty) folder. You can also expose the snapshot as a drive letter.

c:\ >vshadow.exe -el=%SHADOW_ID_1%,D:\mnt

Copy the file

c:\> copy D:\mnt\Windows\System32\config\SOFTWARE D:\Temp

Deleting snapshot will also remove the snapshot “mount”.

d:\> vshadow.exe -ds=%SHADOW_ID_1%

It’s also possible to “mount” a snapshot into the filesystem. Here D:\mnt. The folder mustn’t exists, it is created by mklink. Note the trailing “\” backslash at the end of the snapshot path. Otherwise the folder D:\mnt is empty.


d:\> mklink /d D:\mnt %SHADOW_DEVICE_1%\

Deleting the mount point and remove the link

d:\> rmdir D:\mnt

Michael

Leave a Reply Cancel reply