Jump to content











Photo

Updated WinRE Extractor

winre winpe windows 8 wimboot

  • Please log in to reply
60 replies to this topic

#51 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 13 February 2015 - 06:28 PM

And here I think I need the declaration of _disk_geometry.

PDISK_GEOMETRY_EX = ^DISK_GEOMETRY_EX;
  {$EXTERNALSYM PDISK_GEOMETRY_EX}
  _DISK_GEOMETRY_EX = record
    Geometry: DISK_GEOMETRY;    // Standard disk geometry: may be faked by driver.
    DiskSize: int64; //LARGE_INTEGER;    // Must always be correct
    Data: array [0..0] of BYTE; // Partition, Detect info
  end;
  DISK_GEOMETRY_EX = _DISK_GEOMETRY_EX;

  • simonking likes this

#52 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 13 February 2015 - 06:29 PM

Thanks! What do I spec as the partition number? Got declares for the TDriveLayoutInformation_Ex2?

 

you can get the layout with IOCTL_DISK_GET_DRIVE_LAYOUT_EX.

type
    TDriveLayoutInformation_Ex2 = record
    PartitionStyle: DWORD;
    PartitionCount: DWORD;
    Union: record
      case Integer of
        0: (Mbr: DRIVE_LAYOUT_INFORMATION_MBR);
        1: (Gpt: DRIVE_LAYOUT_INFORMATION_GPT);
    end;
    PartitionEntry: array [0..31] of PARTITION_INFORMATION_EX;
    end;

  • simonking likes this

#53 simonking

simonking

    Frequent Member

  • Advanced user
  • 236 posts
  •  
    Australia

Posted 14 February 2015 - 03:27 PM

I've got some disturbing results on the chkdsk front:

 

Here is the output with the Magenta demo app, the same technology we both use, whether I invoke it from DoubleSpace or the Magenta default demo app:

 

Starting Check Disk for C:
C:\ Volume Label: Spectrum SSD, File System: NTFS
Volume label is Spectrum SSD.
Stage 1: Examining basic file system structure ...
1633280 file records processed.
File verification completed.
40251 large file records processed.
0 bad file records processed.
Stage 2: Examining file name linkage ...
Error detected in index $I30 for file 29543.
Error detected in index $I30 for file 29543.
Index entry ~backup.pst.tmp in index $I30 of file 88699 is incorrect.
Index entry ~BACKU~1.TMP in index $I30 of file 88699 is incorrect.
Index entry 7LHTNWIL.txt in index $I30 of file 88946 is incorrect.
Index entry safebrowsing in index $I30 of file 89011 is incorrect.
Index entry SAFEBR~2 in index $I30 of file 89011 is incorrect.
Index $I30 in file 89015 is incorrectly sorted.
Index entry 07761BBA437B697D2E3392CCD2134C0796B0CB3F in index $I30 of file 89015 is incorrect.
Index entry 07761B~1 in index $I30 of file 89015 is incorrect.
Index entry 135B703A6EE706D4C678E595D70BA7D58A1A8440 in index $I30 of file 89015 is incorrect.
Index entry 135B70~1 in index $I30 of file 89015 is incorrect.
Index entry 1DAA39D82E615503715A40AA5A13233A940449E3 in index $I30 of file 89015 is incorrect.
Index entry 1DAA39~1 in index $I30 of file 89015 is incorrect.
Index entry 3015E6A4097FEE720F7F392FDE4C37BE74113F4B in index $I30 of file 89015 is incorrect.
Index entry 3015E6~1 in index $I30 of file 89015 is incorrect.
Index entry 4643E7854B53D9A2699BC3E0AE181EBD8E553413 in index $I30 of file 89015 is incorrect.
Index entry 4643E7~1 in index $I30 of file 89015 is incorrect.
Index entry 4A6C54CF03F3F11483A09C7C5E46711DDFE568AD in index $I30 of file 89015 is incorrect.
Index entry 4A6C54~1 in index $I30 of file 89015 is incorrect.
Index entry 50E11A9DE7C525DE9BFAF60F82375DD479504524 in index $I30 of file 89015 is incorrect.
Index entry 50E11A~1 in index $I30 of file 89015 is incorrect.
Index entry 567EE31B324C90F26512D78D8254705EDFA99509 in index $I30 of file 89015 is incorrect.
Index entry 567EE3~1 in index $I30 of file 89015 is incorrect.
Index entry 5D22D0DA4FBAB74638A6206C6FF11790B5A27CDB in index $I30 of file 89015 is incorrect.
Index entry 5D22D0~1 in index $I30 of file 89015 is incorrect.
Index entry 647D2D28DB2C1C10B69E270728E7464317E5DAF5 in index $I30 of file 89015 is incorrect.
Index entry 647D2D~1 in index $I30 of file 89015 is incorrect.
Index entry 6EA99AE8ADAAB37030C699B526761EDDC0ABCC14 in index $I30 of file 89015 is incorrect.
Index entry 6EA99A~1 in index $I30 of file 89015 is incorrect.
Index entry 76B495E78A4D989E43EAEB7BA618C906BF9F8CFF in index $I30 of file 89015 is incorrect.
Index entry 76B495~1 in index $I30 of file 89015 is incorrect.
Index entry EA7A31D71CA6BE88892D51AFE125A0621C7335D1 in index $I30 of file 89015 is incorrect.
Index entry EA7A31~1 in index $I30 of file 89015 is incorrect.
Index entry etilqs_BDI2lbPoMEgtLJJ in index $I30 of file 93497 is incorrect.
Index entry etilqs_daPVdgvqx1tQeYW in index $I30 of file 93497 is incorrect.
Index entry ETILQS~1 in index $I30 of file 93497 is incorrect.
Index entry ETILQS~2 in index $I30 of file 93497 is incorrect.
Index entry cookies.sqlite-shm in index $I30 of file 95272 is incorrect.
Index entry cookies.sqlite-wal in index $I30 of file 95272 is incorrect.
Index entry COOKIE~2.SQL in index $I30 of file 95272 is incorrect.
Index entry COOKIE~3.SQL in index $I30 of file 95272 is incorrect.
Index entry webappsstore.sqlite-shm in index $I30 of file 95272 is incorrect.
Index entry webappsstore.sqlite-wal in index $I30 of file 95272 is incorrect.
Index entry WEBAPP~2.SQL in index $I30 of file 95272 is incorrect.
Index entry WEBAPP~3.SQL in index $I30 of file 95272 is incorrect.
1940406 index entries processed.
Index verification completed.
Errors found.  CHKDSK cannot continue in read-only mode.
Check Disk Callback: 32
Check Disk: Unable to Finish
!!! Check Disk Found Problems with C:

 

Here's the results with CloneDisk, 64-bit version:

 

Starting Check Disk for C:
C:\ Volume Label: Spectrum SSD, File System: NTFS
Volume label is Spectrum SSD.
Stage 1: Examining basic file system structure ...
1633280 file records processed.
File verification completed.
40249 large file records processed.
0 bad file records processed.
Stage 2: Examining file name linkage ...
1940402 index entries processed.
Index verification completed.
Stage 3: Examining security descriptors ...
Security descriptor verification completed.
153562 data files processed.
CHKDSK is verifying Usn Journal...
39538976 USN bytes processed.
Usn Journal verification completed.
The Volume Bitmap is incorrect.
Windows has checked the file system and found problems.
Please run chkdsk /scan to find the problems and queue them for repair.
249708543 KB total disk space.
226929436 KB in 1418426 files.
2771436 KB in 153563 indexes.
Check Disk Callback: 26
1750411 KB in use by the system.
65536 KB occupied by the log file.
18257260 KB available on disk.
4096 bytes in each allocation unit.
62427135 total allocation units on disk.
4564315 allocation units available on disk.
Check Disk: Finished OK
!!! Check Disk Found Problems with C:
 

And, here's the results with the command line chkdsk.exe:

 

C:\windows\system32>chkdsk c:
The type of the file system is NTFS.
Volume label is Spectrum SSD.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...


  1633280 file records processed.

File verification completed.


  40252 large file records processed.


  0 bad file records processed.

Stage 2: Examining file name linkage ...


  1940404 index entries processed.

Index verification completed.


  0 unindexed files scanned.


  0 unindexed files recovered.

Stage 3: Examining security descriptors ...
Security descriptor verification completed.


  153563 data files processed.
CHKDSK is verifying Usn Journal...


  39579296 USN bytes processed.

Usn Journal verification completed.

Windows has scanned the file system and found no problems.
No further action is required.

 249708543 KB total disk space.
 227004192 KB in 1418431 files.
   2771440 KB in 153564 indexes.
         0 KB in bad sectors.
   1750411 KB in use by the system.
     65536 KB occupied by the log file.
  18182500 KB available on disk.

      4096 bytes in each allocation unit.
  62427135 total allocation units on disk.
   4545625 allocation units available on disk.

 

All apps running elevated, of course.

 

Also, the GUI Windows chkdsk app reports no errors whatsoever.

 

Now, in trying to ensure that DoubleSpace doesn't run if there's any on-disk errors, with my current implementation, I will essentially be preventing people from running DoubleSpace at all, on a sound, healthy disk :)

 

Moreover, I do not understand the sizable differences between two Magenta-powered products...one reports only volume bitmap issues, while the other reports a lot of index corruption.

 

Most importantly, both CloneDisk and DoubleSpace, being Magenta powered, report errors - which do not reproduce with Windows's own built-in tools!

 

On a "simpler" drive (my drive containing just VMs), there are no errors reported with any of the above tools; the output of all is completely nominal.

 

Looks like we've got some fresh bugs to worry about - any thoughts?



#54 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 14 February 2015 - 04:19 PM

I've got some disturbing results on the chkdsk front:

 

Here is the output with the Magenta demo app, the same technology we both use, whether I invoke it from DoubleSpace or the Magenta default demo app:

 

Starting Check Disk for C:
C:\ Volume Label: Spectrum SSD, File System: NTFS
Volume label is Spectrum SSD.
Stage 1: Examining basic file system structure ...
1633280 file records processed.
File verification completed.
40251 large file records processed.
0 bad file records processed.
Stage 2: Examining file name linkage ...
Error detected in index $I30 for file 29543.
Error detected in index $I30 for file 29543.
Index entry ~backup.pst.tmp in index $I30 of file 88699 is incorrect.
Index entry ~BACKU~1.TMP in index $I30 of file 88699 is incorrect.
Index entry 7LHTNWIL.txt in index $I30 of file 88946 is incorrect.
Index entry safebrowsing in index $I30 of file 89011 is incorrect.
Index entry SAFEBR~2 in index $I30 of file 89011 is incorrect.
Index $I30 in file 89015 is incorrectly sorted.
Index entry 07761BBA437B697D2E3392CCD2134C0796B0CB3F in index $I30 of file 89015 is incorrect.
Index entry 07761B~1 in index $I30 of file 89015 is incorrect.
Index entry 135B703A6EE706D4C678E595D70BA7D58A1A8440 in index $I30 of file 89015 is incorrect.
Index entry 135B70~1 in index $I30 of file 89015 is incorrect.
Index entry 1DAA39D82E615503715A40AA5A13233A940449E3 in index $I30 of file 89015 is incorrect.
Index entry 1DAA39~1 in index $I30 of file 89015 is incorrect.
Index entry 3015E6A4097FEE720F7F392FDE4C37BE74113F4B in index $I30 of file 89015 is incorrect.
Index entry 3015E6~1 in index $I30 of file 89015 is incorrect.
Index entry 4643E7854B53D9A2699BC3E0AE181EBD8E553413 in index $I30 of file 89015 is incorrect.
Index entry 4643E7~1 in index $I30 of file 89015 is incorrect.
Index entry 4A6C54CF03F3F11483A09C7C5E46711DDFE568AD in index $I30 of file 89015 is incorrect.
Index entry 4A6C54~1 in index $I30 of file 89015 is incorrect.
Index entry 50E11A9DE7C525DE9BFAF60F82375DD479504524 in index $I30 of file 89015 is incorrect.
Index entry 50E11A~1 in index $I30 of file 89015 is incorrect.
Index entry 567EE31B324C90F26512D78D8254705EDFA99509 in index $I30 of file 89015 is incorrect.
Index entry 567EE3~1 in index $I30 of file 89015 is incorrect.
Index entry 5D22D0DA4FBAB74638A6206C6FF11790B5A27CDB in index $I30 of file 89015 is incorrect.
Index entry 5D22D0~1 in index $I30 of file 89015 is incorrect.
Index entry 647D2D28DB2C1C10B69E270728E7464317E5DAF5 in index $I30 of file 89015 is incorrect.
Index entry 647D2D~1 in index $I30 of file 89015 is incorrect.
Index entry 6EA99AE8ADAAB37030C699B526761EDDC0ABCC14 in index $I30 of file 89015 is incorrect.
Index entry 6EA99A~1 in index $I30 of file 89015 is incorrect.
Index entry 76B495E78A4D989E43EAEB7BA618C906BF9F8CFF in index $I30 of file 89015 is incorrect.
Index entry 76B495~1 in index $I30 of file 89015 is incorrect.
Index entry EA7A31D71CA6BE88892D51AFE125A0621C7335D1 in index $I30 of file 89015 is incorrect.
Index entry EA7A31~1 in index $I30 of file 89015 is incorrect.
Index entry etilqs_BDI2lbPoMEgtLJJ in index $I30 of file 93497 is incorrect.
Index entry etilqs_daPVdgvqx1tQeYW in index $I30 of file 93497 is incorrect.
Index entry ETILQS~1 in index $I30 of file 93497 is incorrect.
Index entry ETILQS~2 in index $I30 of file 93497 is incorrect.
Index entry cookies.sqlite-shm in index $I30 of file 95272 is incorrect.
Index entry cookies.sqlite-wal in index $I30 of file 95272 is incorrect.
Index entry COOKIE~2.SQL in index $I30 of file 95272 is incorrect.
Index entry COOKIE~3.SQL in index $I30 of file 95272 is incorrect.
Index entry webappsstore.sqlite-shm in index $I30 of file 95272 is incorrect.
Index entry webappsstore.sqlite-wal in index $I30 of file 95272 is incorrect.
Index entry WEBAPP~2.SQL in index $I30 of file 95272 is incorrect.
Index entry WEBAPP~3.SQL in index $I30 of file 95272 is incorrect.
1940406 index entries processed.
Index verification completed.
Errors found.  CHKDSK cannot continue in read-only mode.
Check Disk Callback: 32
Check Disk: Unable to Finish
!!! Check Disk Found Problems with C:

 

Here's the results with CloneDisk, 64-bit version:

 

Starting Check Disk for C:
C:\ Volume Label: Spectrum SSD, File System: NTFS
Volume label is Spectrum SSD.
Stage 1: Examining basic file system structure ...
1633280 file records processed.
File verification completed.
40249 large file records processed.
0 bad file records processed.
Stage 2: Examining file name linkage ...
1940402 index entries processed.
Index verification completed.
Stage 3: Examining security descriptors ...
Security descriptor verification completed.
153562 data files processed.
CHKDSK is verifying Usn Journal...
39538976 USN bytes processed.
Usn Journal verification completed.
The Volume Bitmap is incorrect.
Windows has checked the file system and found problems.
Please run chkdsk /scan to find the problems and queue them for repair.
249708543 KB total disk space.
226929436 KB in 1418426 files.
2771436 KB in 153563 indexes.
Check Disk Callback: 26
1750411 KB in use by the system.
65536 KB occupied by the log file.
18257260 KB available on disk.
4096 bytes in each allocation unit.
62427135 total allocation units on disk.
4564315 allocation units available on disk.
Check Disk: Finished OK
!!! Check Disk Found Problems with C:
 

And, here's the results with the command line chkdsk.exe:

 

C:\windows\system32>chkdsk c:
The type of the file system is NTFS.
Volume label is Spectrum SSD.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...


  1633280 file records processed.

File verification completed.


  40252 large file records processed.


  0 bad file records processed.

Stage 2: Examining file name linkage ...


  1940404 index entries processed.

Index verification completed.


  0 unindexed files scanned.


  0 unindexed files recovered.

Stage 3: Examining security descriptors ...
Security descriptor verification completed.


  153563 data files processed.
CHKDSK is verifying Usn Journal...


  39579296 USN bytes processed.

Usn Journal verification completed.

Windows has scanned the file system and found no problems.
No further action is required.

 249708543 KB total disk space.
 227004192 KB in 1418431 files.
   2771440 KB in 153564 indexes.
         0 KB in bad sectors.
   1750411 KB in use by the system.
     65536 KB occupied by the log file.
  18182500 KB available on disk.

      4096 bytes in each allocation unit.
  62427135 total allocation units on disk.
   4545625 allocation units available on disk.

 

All apps running elevated, of course.

 

Also, the GUI Windows chkdsk app reports no errors whatsoever.

 

Now, in trying to ensure that DoubleSpace doesn't run if there's any on-disk errors, with my current implementation, I will essentially be preventing people from running DoubleSpace at all, on a sound, healthy disk :)

 

Moreover, I do not understand the sizable differences between two Magenta-powered products...one reports only volume bitmap issues, while the other reports a lot of index corruption.

 

Most importantly, both CloneDisk and DoubleSpace, being Magenta powered, report errors - which do not reproduce with Windows's own built-in tools!

 

On a "simpler" drive (my drive containing just VMs), there are no errors reported with any of the above tools; the output of all is completely nominal.

 

Looks like we've got some fresh bugs to worry about - any thoughts?

 

Rufus code might be of interest when it comes to format/chkdsk.

See format.c .

 

About chkdsk, it may be that we dont call the same parameters (compared to windows).

 

typedef VOID (__stdcall *PCHKDSK)( PWCHAR DriveRoot, 
PWCHAR Format,
BOOL CorrectErrors, 
BOOL Verbose, 
BOOL CheckOnlyIfDirty,
BOOL ScanDrive, 
PVOID Unused2, 
PVOID Unused3,
PFMIFSCALLBACK Callback );
 
edit : side note, have you tried the x32 and the x64 version of clonedisk on your x64 os? do they have the same behavior?


#55 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 14 February 2015 - 07:04 PM

It would be interesting to see the output of good ol' Vrfydsk.exe:

http://support.micro...kb/837326/en-us

 

However it is possible that the differences are due to the volume being online, as in:

Note Windows Server 2003 Service Pack 1 (SP1) contains new fuctionality that lets the Chkdsk.exe tool run in "read-only" mode to create and to use a snapshot to check the volume. This resembles what the Vrfydsk.exe tool does. 

 

 

Chkdsk.exe provides functionality that is similar to the Vrfydsk.exe functionality. However, if you run Chkdsk.exe on an active computer, on a startup volume, or on a data volume that another program or another process is using, Chkdsk.exe might report nonexistent errors. Vrfydsk.exe does not have this limitation.

If you run Chkdsk.exe on a volume that is being used, Chkdsk.exe might report nonexistent errors because the volume changes while Chkdsk.exe runs. To make sure that Chkdsk.exe receives a consistent view of the volume, you may have to take the volume offline. 

 

 

I.e., later than Server 2003 SP1 CHKDSK may include the new functionality that directly calling the library (or whatever the Magenta thingy calls) is not available. :unsure:

 

:duff:

Wonko



#56 simonking

simonking

    Frequent Member

  • Advanced user
  • 236 posts
  •  
    Australia

Posted 16 February 2015 - 12:32 PM

 

Rufus code might be of interest when it comes to format/chkdsk.

See format.c .

 

About chkdsk, it may be that we dont call the same parameters (compared to windows).

 

typedef VOID (__stdcall *PCHKDSK)( PWCHAR DriveRoot, 
PWCHAR Format,
BOOL CorrectErrors, 
BOOL Verbose, 
BOOL CheckOnlyIfDirty,
BOOL ScanDrive, 
PVOID Unused2, 
PVOID Unused3,
PFMIFSCALLBACK Callback );
 
edit : side note, have you tried the x32 and the x64 version of clonedisk on your x64 os? do they have the same behavior?

 

 

OK, here's some results - 64 bit Clone Disk (by the way the Outlook-style right-navigation pane is curiously buggy in the x64 build only [highlights for buttons are off-rectangle, in addition to the control looking almost completely different from its 32-bit version]; it works fine in the 32 bit build):

 

Starting Check Disk for C:
C:\ Volume Label: Spectrum SSD, File System: NTFS
Volume label is Spectrum SSD.
Stage 1: Examining basic file system structure ...
1633280 file records processed.
File verification completed.
40217 large file records processed.
0 bad file records processed.
Stage 2: Examining file name linkage ...
1940140 index entries processed.
Index verification completed.
Stage 3: Examining security descriptors ...
Security descriptor verification completed.
153431 data files processed.
CHKDSK is verifying Usn Journal...
39998368 USN bytes processed.
Usn Journal verification completed.
The master file table's (MFT) BITMAP attribute is incorrect.
The Volume Bitmap is incorrect.
Windows has checked the file system and found problems.
Please run chkdsk /scan to find the problems and queue them for repair.
249708543 KB total disk space.
226421912 KB in 1419544 files.
2770328 KB in 153432 indexes.
Check Disk Callback: 26
1750923 KB in use by the system.
65536 KB occupied by the log file.
18765380 KB available on disk.
4096 bytes in each allocation unit.
62427135 total allocation units on disk.
4691345 allocation units available on disk.
Check Disk: Finished OK
!!! Check Disk Found Problems with C:
 

Here's the 32 bit CloneDisk result:

 

Starting Check Disk for C:
C:\ Volume Label: Spectrum SSD, File System: NTFS
Volume label is Spectrum SSD.
Stage 1: Examining basic file system structure ...
1633280 file records processed.
File verification completed.
40217 large file records processed.
0 bad file records processed.
Stage 2: Examining file name linkage ...
Index entry ~backup.pst.tmp in index $I30 of file 88699 is incorrect.
Index entry ~BACKU~1.TMP in index $I30 of file 88699 is incorrect.
Index entry 7742MBXS.txt in index $I30 of file 88946 is incorrect.
1940142 index entries processed.
Index verification completed.
Errors found.  CHKDSK cannot continue in read-only mode.
Check Disk Callback: 32
Check Disk: Unable to Finish
!!! Check Disk Found Problems with C:
 

With both tests, scan drive and correct errors are un-checked.

 

Here's the 64-bit Magenta demo app result: [non-verbose mode, no drive surface scan, no error correction]

 

Starting Check Disk for C:
C:\ Volume Label: Spectrum SSD, File System: NTFS
Volume label is Spectrum SSD.
Stage 1: Examining basic file system structure ...
Attribute record (128, "") from file record segment 1134134
is corrupt.
1633280 file records processed.
File verification completed.
40217 large file records processed.
Errors found.  CHKDSK cannot continue in read-only mode.
Check Disk Callback: 32
Check Disk: Unable to Finish
!!! Check Disk Found Problems with C:
 

And, 32 bit Magenta output:

 

Starting Check Disk for C:
C:\ Volume Label: Spectrum SSD, File System: NTFS
Volume label is Spectrum SSD.
Stage 1: Examining basic file system structure ...
1633280 file records processed.
File verification completed.
40217 large file records processed.
0 bad file records processed.
Stage 2: Examining file name linkage ...
Index entry ~backup.pst.tmp in index $I30 of file 88699 is incorrect.
Index entry ~BACKU~1.TMP in index $I30 of file 88699 is incorrect.
Index entry L1ISLAF4.txt in index $I30 of file 88946 is incorrect.
Index entry 969252ce11249fdd.customDestinations-ms in index $I30 of file 95233 is incorrect.
Index entry 969252~1.CUS in index $I30 of file 95233 is incorrect.
Index entry recovery.bak in index $I30 of file 95282 is incorrect.
Index entry recovery.js in index $I30 of file 95282 is incorrect.
1940142 index entries processed.
Index verification completed.
Errors found.  CHKDSK cannot continue in read-only mode.
Check Disk Callback: 32
Check Disk: Unable to Finish
!!! Check Disk Found Problems with C:
 

In my own testing cases, I also use the non-verbose mode, and no surface scan, and no error correction. So I am at a loss to understand what the issue(s) might be. Some points for consideration?

 

1) Are you using a separate thread for the operation? Callbacks happening on the main VCL thread may be problematic.

 

2) Maybe one needs to manually invoke VSS to create a volume snapshot before scanning - to ensure changes made to disk in the interim do not result in false positive errors?

 

3) Last but not least, the ChkDskEx API, which fails spectacularly if called with the same parameters, may already be creating a volume snapshot and/or accounting for whatever is changed in Windows 8.x. Does anyone have any information or details on what is changed in this API so we can call it properly?

 

Thoughts?



#57 simonking

simonking

    Frequent Member

  • Advanced user
  • 236 posts
  •  
    Australia

Posted 16 February 2015 - 12:41 PM

 

you can get the layout with IOCTL_DISK_GET_DRIVE_LAYOUT_EX.

type
    TDriveLayoutInformation_Ex2 = record
    PartitionStyle: DWORD;
    PartitionCount: DWORD;
    Union: record
      case Integer of
        0: (Mbr: DRIVE_LAYOUT_INFORMATION_MBR);
        1: (Gpt: DRIVE_LAYOUT_INFORMATION_GPT);
    end;
    PartitionEntry: array [0..31] of PARTITION_INFORMATION_EX;
    end;

 

    DRIVE_LAYOUT.PartitionEntry [partition_number-1].PartitionStyle :=PARTITION_STYLE_MBR;
    DRIVE_LAYOUT.PartitionEntry [partition_number-1].Mbr.BootIndicator := false; //active
    DRIVE_LAYOUT.PartitionEntry [partition_number-1].Mbr.RecognizedPartition := false;
    DRIVE_LAYOUT.PartitionEntry [partition_number-1].Mbr.HiddenSectors :=0; // 63;//(arraypartinfn_x[0].StartingOffset.QuadPart - 1)/diskGeometry.BytesPerSector;
    DRIVE_LAYOUT.PartitionEntry [partition_number-1].Mbr.PartitionType := 0; //PARTITION_IFS
 

The values after [partition_number-1]. in the above code fragment are all coming up as unknowns. I've made the following type defines in my code:

 

  DRIVE_LAYOUT_INFORMATION_MBR = record
    Signature: ULONG;
  end;

  DRIVE_LAYOUT_INFORMATION_GPT = record
    DiskId: TGUID;
    StartingUsableOffset: LARGE_INTEGER;
    UsableLength: LARGE_INTEGER;
    MaxPartitionCount: ULONG;
  end;

  TPartitionStyle = (
    PARTITION_STYLE_MBR = 0,
    PARTITION_STYLE_GPT  = 1,
    PARTITION_STYLE_RAW  = 2);

  PARTITION_INFORMATION_EX = record
    PARTITION_STYLE: TPartitionStyle;
    StartingOffset: LARGE_INTEGER;
    PartitionLength: LARGE_INTEGER;
    PartitionNumber: DWORD;
    RewritePartition: Boolean;
    Union: record
    case Integer of
      0: (Mbr: DRIVE_LAYOUT_INFORMATION_MBR);
      1: (Gpt: DRIVE_LAYOUT_INFORMATION_GPT);
    end;
  end;

  TDriveLayoutInformation_Ex2 = record
    PartitionStyle: DWORD;
    PartitionCount: DWORD;
    Union: record
    case Integer of
      0: (Mbr: DRIVE_LAYOUT_INFORMATION_MBR);
      1: (Gpt: DRIVE_LAYOUT_INFORMATION_GPT);
    end;
    PartitionEntry: array [0..31] of PARTITION_INFORMATION_EX;
  end;
 

Anything I've missed?

 

May I also request an example for using IOCTL_DISK_GET_DRIVE_LAYOUT_EX?



#58 simonking

simonking

    Frequent Member

  • Advanced user
  • 236 posts
  •  
    Australia

Posted 16 February 2015 - 04:49 PM

Found a tool called CheckDiskGUI. It seems to feature more advanced parsing of the API callbacks, but suffers from the same false positive error report:

 

Checkdisk of C: (Read only mode) started !

Started on : 2015/02/16 18:46:59

The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is Spectrum SSD.
WARNING! F parameter not specified.
Running CHKDSK in read-only mode.
Stage 1: Examining basic file system structure ...
  1633280 file records processed.
File verification completed.
  40215 large file records processed.
  0 bad file records processed.
Stage 2: Examining file name linkage ...
Index entry CC1V5RW6.txt in index $I30 of file 88946 is incorrect.
  1940130 index entries processed.
Index verification completed.
Errors found. CHKDSK cannot continue in read-only mode.

Checkdisk of C: (Read only mode) completed !

Ended on : 2015/02/16 18:48:23

Time elapsed : 84 seconds

 

When the native chkdsk output is:

 

C:\windows\system32>chkdsk c:
The type of the file system is NTFS.
Volume label is Spectrum SSD.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...


  1633280 file records processed.

File verification completed.


  40215 large file records processed.


  0 bad file records processed.

Stage 2: Examining file name linkage ...


  1940128 index entries processed.

Index verification completed.


  0 unindexed files scanned.


  0 unindexed files recovered.

Stage 3: Examining security descriptors ...
Security descriptor verification completed.


  153425 data files processed.
CHKDSK is verifying Usn Journal...


  34162328 USN bytes processed.

Usn Journal verification completed.

Windows has scanned the file system and found no problems.
No further action is required.

 249708543 KB total disk space.
 226370460 KB in 1419486 files.
   2770304 KB in 153426 indexes.
         0 KB in bad sectors.
   1745291 KB in use by the system.
     65536 KB occupied by the log file.
  18822488 KB available on disk.

      4096 bytes in each allocation unit.
  62427135 total allocation units on disk.
   4705622 allocation units available on disk.

 

I am inviting the developer to this thread.

 

Maybe, we can collaboratively solve the problem, or at least find out about newer callback parameters :)



#59 simonking

simonking

    Frequent Member

  • Advanced user
  • 236 posts
  •  
    Australia

Posted 17 February 2015 - 02:08 PM

Well, the plot thickens even more. I was thinking that I would get false positives only with the Magenta approach.

 

Now, testing on the fine 16 GB pre-WIMBoot'ed tablet, I got a "false positive" with DoubleSpace (using the Magenta approach), and then running the GUI ChkDsk program in Windows (from Explorer's disk properties tabs) reported NO errors - even when forced to manually scan; and then running the command like ChkDsk program from the command line in Windows FOUND and FIXED errors!

 

Windows itself is clearly inconsistent at this point - its GUI ChkDsk found zero issues and its command line ChkDsk found and fixed issues online. Unfortunately, running DoubleSpace again after the fix still reported "false positive" issues.

 

Rebooting the tablet and re-running DoubleSpace let it go through. I am thinking of applying the ChkDsk phase only after rebooting successfully to WinRE, and running on the volume offline. I thought this would be a nuisance, since any issues on disk would make this reboot in vain - but, apparently, Windows does not provide another recourse.

 

By the way, Erwan, I must point out that any ChkDsk session I launched from CloneDisk initially complained about being unable to take the volume offline.

 

I must also share that only when I ran ChkDsk inside a separate, dedicated thread, did I manage to avoid strange crashes and other strange issues occurring - at least with the x64 build of DoubleSpace. I don't believe the Magenta version does that at all; and it may be very unsafe to run ChkDsk, with callbacks coming from the system from unknown threads, and having those update the main VCL thread.

 

On the note of the partition deletions...I have run into another roadblock: reagentc.exe does NOT run under Windows RE. This necessitates me to do post-processing after rebooting and after a user has logged-on. Otherwise, even if I could delete the partitions/extend them (assuming the IOCtl's worked in WinRE), I would be unable to update the system to point to the saved copy of WinRE moved to the main partition.

 

I dislike this unclean strategy, but there appears to be no way to work around these issues; we're running into issues within Windows itself and if anyone has better ideas, please let me know.



#60 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 23 March 2015 - 12:30 PM

http://www.zipmagic....ic.php?f=4&t=82

Unfortunately, I no longer have in my heart to offer the free download for the Windows RE Extractor from the reboot.pro download link you clicked. I will not reinstate this download until reboot.pro reinstate my account, and restore my deleted posts.

 

 

Here:

http://reboot.pro/to...ssues/?p=191568

 

:duff:

Wonko



#61 TheHive

TheHive

    Platinum Member

  • .script developer
  • 4198 posts

Posted 24 March 2015 - 08:15 AM

Sorry to hear that.







Also tagged with one or more of these keywords: winre, winpe, windows 8, wimboot

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users