20 replies to this topic

[steve6375]

I have a USB drive that contains a WindowsToGo flat-file installation on a 16GB NTFS single partition.

So it has a normal Windows folder structure \Users, \Program Files, \Windows, etc.

I want to make a fixed VHD of 16GB containing all those files.

 

I don't want to use any VHD tools because the USB drive is a 500GB drive containing a 16GB NTFS partition. I need to make a fixed VHD from it of approx. 16GB (not a 500gb VHD!). i.e. I don't want a fixed VHD of the whole USB drive.

 

I created a new empty 16GB fixed .VHD file, attached it and formatted it as NTFS.

 

I am running on a normal MBR-booting Win10 x64 SSD system (it was Home but I have now upgraded it to Pro).

 

 

Now I want to copy all the files from the WinToGo USB drive to the VHD.

The problem is when the copy process hits certain files (mostly in the \Windows folder), it fails to copy them.

 

I have tried xcopy, robocopy, Hobocopy, Shadospawn, spyhunter, OSForensic, VSSCopy and many other tools - all without success. They all report copy errors. I suspect because Win10 may be getting confused and thinks that some of these files are actually it's own system OS files (i.e. it thinks it is running WinToGo) and so not allowing access to them?

 

I have not tried WinPE (or forensic PE), I suspect that these may work, but that is not the point. I want to copy the files from a normal Windows 10 system.

 

Does anyone have any ideas?

 

P.S. I am trying robocopy /B /MIR again and it seems to be working so far... I did try this before when I had Win 10 Home and I don't think it worked (if I remember correctly). So maybe /B requires Pro or higher for VSS???

Scratch that! - it is following the symbolic links- e.g. it hits the My Documents symbolic link and then tries to copy all my Windows OS's Documents folder! If I use the /sl switch, then I get 'program cannot access the file') when trying to access my Documents and Settings\Steve\ntuser.dat file, etc....

Edited by steve6375, 05 February 2017 - 10:14 AM.

[Wonko the Sane]

Sure, lot of them ideas, and also (hopefully) a solution.

Here:

http://reboot.pro/to...s-now-possible/

 

As a side note please take into account (you will have to check if this applies) that starting from Windows Vista (and increasingly in 7 and later) there is wide use of hardlinks, thus a file (even if copied correctly) may result in a new instance of the file, and as such will occupy more space than the original.

 

JFYI (if needed):
http://schinagl.priv...lextension.html

 

This said, in your specific case, I am pretty sure that you can easily create a RAW file containing a dd-like copy of the 16 Gb partition (+a MBR and hidden sectors) and then "convert" it to "fixed VHD" (i.e. add the CONECTIX footer), manually or using a dedicated tool *like* Clonedisk or the simpler:
http://reboot.pro/to...mand-line-tool/

http://reboot.pro/to...images/?p=83781

 

 

Wonko

[steve6375]

Yes, thanks, the symbolic link issue is the one I am hitting now! See P.S. on first post!

I either need to 'raw copy' the whole volume, or maybe somehow offline it and then copy all files?

 

I can make a dynamic VHD from the 500GB USB drive using tools like DisktoVHD (which makes a 500GB dynamic VHD of about 17GB in size) and then reduce\convert this to a fixed\static VHD but this gives me a 31GB VHD when I only want a 16GB VHD containing 10GB of files...

[Wonko the Sane]

Forget (temporarily) about the VHD.

 

Think RAW.

 

Use a sparse file (for the target image).

 

If the 16 Gb partition is first partition on the "source" disk then you can do a (partial) dd-like image just fine (nad then edit the MBR partition table to remove addresses of "other" partition(s)).

 

If the partition is not the first one, you can still create a (sparse) target image of suitable size, write to it the MBR and the "sectors before", dd the volume then correct the "sectors before" (as said I am pretty sure you can do that just fine), and finally convert the whole stuff to (static) VHD.

 

Wonko

[Wonko the Sane]

Alternatively, since you are into experimenting, see if strarc (possibly with a few tricks) can be used for 10 as well (it should):
https://tinyapps.org...eplacement.html

 

Strarc solves elegantly the link issues, in case you have errors with 8.3 compatibility messages:

http://serverfault.c...y/650290#650290

 

Wonko

[Zoso]

hi steve6375,

try earlier versions of clondisk, i use 1.9.6 for this (file copy option) and it has the option to also copy ACLs or not.

having wrote this, I have not used this method for w8 and later but it may be worth a try.

I run it from XP most of the time also and find XP does not have as many issues with copy/paste operations as the later MS version do.

[steve6375]

I can make a partition image using RMPrepUSB - Drive->File - P1 (actually it is a .imgPTN file already).

7zip can open this image as an archive.

I can then extract the files to the new 16GB VHD.

But 7zip does not like some files, e.g. \System Volume Information\WPSettings.dat (which doesn't matter) and cannot create \Users\All Users symbolic link, etc. 

 

I think the only way this is going to work properly is by working with raw images (as WtS says)...
 

[Vortex]

Hi steve6375,

 

You can try the the strarc tool with the volume shadow copy client to copy locked files :

 

http://ltr-data.se/opencode.html/

 

http://vscsc.sourceforge.net/

 

About strarc :

 

The command line switches and parameters are quite similar to the *nix tar utility and it can easily be used to clone an entire NTFS volume including everything, files, directories, their time stamps, attributes and security information, compression attribute, alternate data streams, junctions, hard links etc.

 

 

Example:

  strarc -cjd:C:\dir | strarc -xd:D:\dirbk

This will clone the C:\dir directory tree to D:\dirbk but will not follow
junctions in the C:\dir directory tree but instead clone the junction itself to
the D:\dirbk location. Example: If there is a volume mount point C:\dir\mnt
then a new junction D:\dirbk\mnt will be created to point to the same volume,
the contents of the target volume of the mount point will not be copied.

 

http://ltr-data.se/files/strarc.txt
 

[steve6375]

Thanks! 

strarc works perfectly!

 

I had a Windows Server 2016 installation as a flat file inside a .imgPTN file and I wanted to convert this to a .VHD file.

 

I switched to the .imgPTN file ( seen as D: by Windows) and mounted a new 16GB fixed VHD as Q:

 

C:\temp>strarc.exe -cjd:d:\ | strarc -xd:q:\
strarc: Cannot create 'System Volume Information\IndexerVolumeGuid': Cannot create a file when that file already exists.
strarc: Cannot create 'System Volume Information\WPSettings.dat': Cannot create a file when that file already exists.

 

 

 

I copied the VHD file to my E2B drive and I can now boot from the VHD file to Windows Server 2016!

 

[Vortex]

Hi steve6375,

 

Olof Lagerkvist's strarc is very powerful. There is an option to exlude paths and files :

 

strarc -c [-afjnr] [-z:CMD] [-m:f|d|i] [-l|v] [-s:ls8] [-b:SIZE]
       [-e:EXCLUDE[,...]] [-i:INCLUDE[,...]] [-d:DIR] [ARCHIVE] [LIST ...]

-e     Exclude paths and files where any part of the relative path matches any
       string in specified comma-separated list.

[Wonko the Sane]

Those "System Voiume Information" related errors may most probably be avoided by stopping the Windows Search service, that seems like a *new* thing in windows 8.x and later, coincidentally:
http://www.msfn.org/...-attached-vhds/

 

From what I can understand, as soon as you attach the .vhd, the OS (the Windows Search service) instantly creates the "System Volume Information" folder, and when strarc copies it those files are already present.

 

And, just to keep things as together as possible, the original report by Vortex about using VSS (also cited in the given tinyapps page):
http://reboot.pro/to...-copy/?p=173053

 

Wonko

[steve6375]

Yes, there is a way of stopping it by deleting the folder and then quickly making a file of the same name...

[Wonko the Sane]

Yes, there is a way of stopping it by deleting the folder and then quickly making a file of the same name...

Yep , but that doesn't solve the issue at all, that way it will anyway prevent the strarc from copying the original one, disabling the Windows Search before attaching the target vhd should allow strarc to operate correctly and copy the original to the target.

 

Wonko

[Olof Lagerkvist]

Missed this thread yesterday but you have already found strarc and it looks like you got it to work correctly for you. What I usually do in these cases is also using a shadow copy and then use strarc to copy all files but adding the -e switch to skip some. In particular I usually:

 

strarc -c -j -e:"System Volume Information,\Temp\,\Temporary Internet Files\,\Cache\,.tmp,pagefile.sys,hiberfil.sys,\$NtUninstall"

 

Don't forget the -j switch. It is important to use that switch to get all symbolic links, junctions etc correct. It is not needed for hard links though, they are archived only once even without special switches. (You can select if you want to archive or extract them as separate files using -s:l switch though.)

[steve6375]

any ideas why this line in a cmd script which is run as admin causes the cmd shell to immediately close?

if "%BIT%"=="64" strarc.exe -ovcjd:%~dp0Files\x64 | strarc -oxd:%SystemDrive%\mount4

I can run the command from an Admin shell without problem (when the boot.wim is mounted).

 

The cmd file mounts a boot.wim to C:\mount4 using DISM and then attempts to copy over some files from the xotf folder on the Desktop. I am using strarc because xcopy will not copy winpeshl.ini to C:\mount4\windows\system32.

echo BIT=%BIT%
::if "%BIT%"=="32" xcopy /cherkyf "%~dp0Files\x86\*.*" "%SystemDrive%\mount4\*.*"
::if "%BIT%"=="64" xcopy /cherkyf "%~dp0Files\x64\*.*" "%SystemDrive%\mount4\*.*"
if "%BIT%"=="32" strarc.exe -ovcjd:%~dp0Files\x86 | strarc -oxd:%SystemDrive%\mount4
if "%BIT%"=="64" echo strarc.exe -ovcjd:%~dp0Files\x64 ^| strarc -oxd:%SystemDrive%\mount4
pause
if "%BIT%"=="64" strarc.exe -ovcjd:%~dp0Files\x64 | strarc -oxd:%SystemDrive%\mount4
pause

The blue console shows the result just before the strarc line is executed...

Any ideas appreciated...

 

P.S. Also not sure what the message about the setup.bmp file means and also not sure if I should enclose filespecs in double-quotes in case of spaces in paths\filenames?

 

Attached Thumbnails

• 
• 

[Wonko the Sane]

The "setup.bmp" seems like an issue with a reparse point, do check the source filesystem.

 

The closing of the cmd windows is "strange", I don't think anything "queer" at face value, does the "32 bit version" work or does it not?

 

Try:

if "%BIT%"=="64" strarc.exe -ovcjd:%~dp0Files\x64 | strarc -oxd:%SystemDrive%\mount4 && ECHO executed>temp.txt

if "%BIT%"=="64" strarc.exe -ovcjd:%~dp0Files\x64 | strarc -oxd:%SystemDrive%\mount4 || ECHO failed>temp.txt

 

and also:

if "%BIT%"=="64" strarc.exe -ovcjd:%~dp0Files\x64 | strarc -oxd:%SystemDrive%\mount4 >temp.txt

 

To hopefully see if the thing runs, and if it does where it chokes.

You'll have to check if strarc outputs to standard or error console (Olof's tools usually output to error).

 

Wonko

[steve6375]

I tried that and also

& echo xxx > C:\temp\a.log

and also

 2> C:\temp\a.log  to catch strarc errors

and also

> C:\temp\a.log

 

there was no file made, not even an empty file...

 

On a side note, I found a workaround using xcopy only...

If I rename the winpeshl.ini file first (e.g. winpeshl.txt)

then do the xcopy of the folder

then rename C:\mount4\windows\system32\winpeshl.txt to winpeshli.ini  Windows allows it!

[steve6375]

SOLVED!

I was debugging someone else's batch file and they had not set the current root folder!

So strarc.exe did not exist and the .cmd shell just bombed out!

The fact that no log file (not even an empty one) gave me the clue.

sorry for the hassle!

[Wonko the Sane]

I tried that and also

...

there was no file made, not even an empty file...

I guess it is an "edge case", due to the presence of the pipeline in the strarc command, something like:

NOPROG|NOPROG||ECHO FAILEDNOPROG>temp.txt

Won't work, as well as:

NOPROG|NOPROG>temp.txt

and not even:

NOPROG|NOPROG 2>temp.txt

 

The error is thrown in the first command, which is not redirected, because it is piped, and since it is piped to a non existing program, there is no redirected output...

 

 

SOLVED!

I was debugging someone else's batch file and they had not set the current root folder!

So strarc.exe did not exists and the .cmd shell just bombed out!

The fact that no log file (not even an empty one) gave me the clue.

sorry for the hassle!

All is well that is well , but still it shouldn't have "bombed out" should have printed a "xxxx is not recognized as an internal command ..."

 

Wonko

[steve6375]

very strange though that Windows xcopy will fail when copying winpeshl.ini to C:\mount4\windows\system32 !!!

 

Strange in that winpeshl.ini is not used by Windows AFAIK  (winpe yes, but not Windows OS) ???

Also that it does not check that it is a   (root)\windows\system32 path.

 

If it is supposed to be an AV measure, then why does it allow renaming winpeshl.txt to winpeshl.ini in the same folder?