Jump to content











Photo
- - - - -

FAQs and How-Tos


  • Please log in to reply
83 replies to this topic

#51 Guest_AnonVendetta_*

Guest_AnonVendetta_*
  • Guests

Posted 14 February 2016 - 07:47 AM

A few questions:

 

Does anyone have any opinion on ImDisk vs other popular image-mounting tools (OSFMount)?

 

Is ImDisk available in a portable format? I would like to avoid cluttering my system if possible, which includes any softwares that add entries in Control Panel or integrate into Explorer. I just believe portable softwares are cleaner.

 

Do I need to enable Test Signing Mode/disable driver signature enforcement for ImDisk to work properly and fully? If so, can I just enable TSM, install ImDisk, reboot, disable TSM, and ImDisk's driver will continue loading? It appears the answers to these questions are no (from what little I've tried so far), but figured I would ask anyway, just in case.



#52 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 14 February 2016 - 09:01 AM

Well, OFSMount:
http://www.osforensi...isk-images.html
is not AFAIK that much popular outside the forensics "circle" and anyway is (or at least was originally) based on IMDISK:

v1.3.1000, 25 Oct 2010
First version based on ImDisk V1.3 by Olof Lagerkvist. Branched to support forensic file formats.


IMDISK being a driver cannot be "portable" (a driver MUST be installed), but integration in control panel/explorer can be avoided (and you can use the command line executable to configure it), by installing it as a "normal" service/driver manually, see:
http://reboot.pro/to...table-software/

A signed driver needs not Test Signing mode, a non-signed driver needs it.

:duff:
Wonko

#53 Guest_AnonVendetta_*

Guest_AnonVendetta_*
  • Guests

Posted 14 February 2016 - 09:25 AM

@ Wonko: I'm not so sure that a driver must be installed. An encryption program I use, called VeraCrypt (based on TrueCrypt), has an option in its' installer for either installed or portable mode (I.e. just extract the files). In portable mode VC's driver lives inside VC's directory. Only admin rights are required to run as portable. OSFMount can also be run as portable. The definition of a true portable app, is an app that only writes inside its' own directory and nowhere else (files, Registry, etc). So I figure the same must be feasible with ImDisk.



#54 v77

v77

    Silver Member

  • Team Reboot
  • 602 posts
  •  
    France

Posted 14 February 2016 - 09:47 AM

a driver MUST be installed

Yes, but it can also be installed temporarily, and then automatically uninstalled by the software as soon as the driver is no longer required.
Therefore, we could create scripts to do the same with imdisk: install the driver with the sc create command, and then remove it with sc delete. But of course, this depends on what we want to do in the meanwhile.



#55 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 14 February 2016 - 11:12 AM

@v77

Sure :thumbsup:, but automagically (temporarily) installing and (later) uninstalling is not the same thing as not installing.

 

@Anonvendetta

A driver MUST be installed, there is actually (normally) no need to have the service/driver living in the System directory (i.e. it can stay in the program "own folder") but the Registry must be written.

 

A large amount of "portable" applications are not "true portable" as per your definition, they are "fake portable" or "only seemingly portable", they do write to the Registry but then they are clever enough to remove what modifications they made, as v77 hinted.

 

:duff:

Wonko



#56 fzzzt

fzzzt
  • Members
  • 6 posts
  •  
    United States

Posted 19 June 2016 - 12:38 PM

The link in FAQ #14 no longer works.



#57 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 19 June 2016 - 02:12 PM

The link in FAQ #14 no longer works.

Via Wayback Machine:
https://web.archive....ftware/1834.htm

Another stupid web forum that changed the way threads are indexed/referred to, anyway, these both work:
http://thessdreview..../threads/.1834/
http://thessdreview....a-ramdisk.1834/

:duff:
Wonko

#58 Olof Lagerkvist

Olof Lagerkvist

    Gold Member

  • Developer
  • 1448 posts
  • Location:Borås, Sweden
  •  
    Sweden

Posted 20 June 2016 - 08:37 AM

Via Wayback Machine:
https://web.archive....ftware/1834.htm

Another stupid web forum that changed the way threads are indexed/referred to, anyway, these both work:
http://thessdreview..../threads/.1834/
http://thessdreview....a-ramdisk.1834/

 

Thanks for the new links! I have updated the link in the FAQ.



#59 soggo

soggo
  • Members
  • 1 posts
  •  
    United States

Posted 06 September 2016 - 06:41 AM

Hi,

 

I followed the FAQ to create a RAM drive:

 

imdisk -a -s 400M -m R: -p "/fs:ntfs /q /y"

 

However, I notice that it creates a "virtual memory" disk.  I'd like to RAM drive to reside in physical memory.  How can I specify that from the command line?

 

Thanks!

 

 



#60 v77

v77

    Silver Member

  • Team Reboot
  • 602 posts
  •  
    France

Posted 06 September 2016 - 09:45 AM

Hi,

 

I followed the FAQ to create a RAM drive:

 

imdisk -a -s 400M -m R: -p "/fs:ntfs /q /y"

 

However, I notice that it creates a "virtual memory" disk.  I'd like to RAM drive to reside in physical memory.  How can I specify that from the command line?

 

Thanks!

 

Just add -o awe.



#61 smac

smac
  • Members
  • 3 posts
  •  
    United States

Posted 09 September 2016 - 10:37 PM

My application's  imdisk command string is:  cmd.exe /C imdisk.exe  -a -s 48M -m R: -p \"/fs:ntfs /q /y\".  What is annoying in Win10  is that every time I use this string I get a panel popup that requires me to format the drive.  How can I get the disk format operation to operate automatically and quietly hidden?



#62 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 10 September 2016 - 08:20 AM

Are you sure that the backslashes are needed?

i.e. what happens with:
cmd.exe /C imdisk.exe -a -s 48M -m R: -p "/fs:ntfs /q /y"

 

Maybe it is some queer behaviour specific to Windows 10?

I mean have you used the same command on other Windos OS's like 7 or 8/8.1 and it started not working on 10?

 

:duff:

Wonko



#63 smac

smac
  • Members
  • 3 posts
  •  
    United States

Posted 10 September 2016 - 01:14 PM

To explain the forward slashes the full context is:

LaunchExecutableEx ("cmd.exe /C c:\\windows\\system32\\imdisk.exe -a -s 48M -m R: -p \"/fs:ntfs /q /y \"", LE_HIDE, &handle);

This works fine with Win7 and Win8.  But Win10 brings up the Window's pop-up panel that requires the user to button start the format of the drive.



#64 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 10 September 2016 - 01:58 PM

Ok, but what happens if you just run that command from a command line (on Windows 10)?

 

Could it be a permission issue?

 

AFAIK what the IMDISK.EXE does is only to call Format.com passing the parameters.

But WIndows 10 did create issues (at least in the past) with the -p command:
http://reboot.pro/to...g-letter-drive/

 

If your case is similar AND you are running from a script or program, just separate the formatting command (this should avoid the issue even if stupid Windows 10 changes something again, as long as format commands do not change)

 

:duff:

Wonko



#65 nguyentu

nguyentu

    Frequent Member

  • Advanced user
  • 102 posts
  •  
    Vietnam

Posted 14 January 2017 - 06:40 AM

Hi,

ImDisk seem calculated incorrectly when using bytes. File size is always smaller than the size calculated by Windows, maybe that you count 1000 bytes = 1 kb instead 1024bytes

C:\Windows\system32>imdisk -a -s 52428800b -m G: -f "D:\Win7.img" -x 63 -y 255 -p "/FS:FAT32 /Q /Y"
Creating device...
Error creating virtual disk: There is not enough space on the disk. 
C:\Windows\system32>imdisk -a -s 1048576b -m G: -f "D:\Win7.img" -x 63 -y 255 -p "/FS:FAT32 /Q /Y"
Creating device...
Created device 2: G: -> D:\Win7.img
Formatting disk G:...
The type of the file system is FAT32.
QuickFormatting 512,0 MB
Initializing the File Allocation Table (FAT)...
Format complete.
     508,0 MB total disk space.
     508,0 MB are available.

        4.096 bytes in each allocation unit.
      130.047 allocation units available on disk.

           32 bits in each FAT entry.

Volume Serial Number is 26CE-AA69
Notifying applications...
Done.


#66 Olof Lagerkvist

Olof Lagerkvist

    Gold Member

  • Developer
  • 1448 posts
  • Location:Borås, Sweden
  •  
    Sweden

Posted 14 January 2017 - 01:45 PM

Hi,
ImDisk seem calculated incorrectly when using bytes. File size is always smaller than the size calculated by Windows, maybe that you count 1000 bytes = 1 kb instead 1024bytes

C:\Windows\system32>imdisk -a -s 52428800b -m G: -f "D:\Win7.img" -x 63 -y 255 -p "/FS:FAT32 /Q /Y"Creating device...Error creating virtual disk: There is not enough space on the disk. 
C:\Windows\system32>imdisk -a -s 1048576b -m G: -f "D:\Win7.img" -x 63 -y 255 -p "/FS:FAT32 /Q /Y"Creating device...Created device 2: G: -> D:\Win7.imgFormatting disk G:...The type of the file system is FAT32.QuickFormatting 512,0 MBInitializing the File Allocation Table (FAT)...Format complete.     508,0 MB total disk space.     508,0 MB are available.        4.096 bytes in each allocation unit.      130.047 allocation units available on disk.           32 bits in each FAT entry.Volume Serial Number is 26CE-AA69Notifying applications...Done.
The b suffix means number of 512 byte blocks. To mee it looks reasonable thar you get 1040376 bytes of allication units on a 1048576 bytes disk volume. There is always some space needed for meta data such as volume boot record, file allocation tables and similar.

#67 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 14 January 2017 - 06:17 PM

512 mB (actually in the new definition miB are:

1024*1024=1048576

512*1048576=536870912 bytes or 536870912/512=1048576 sectors or blocks.

 

If you right click on the image properties it should show you 512 MB (536.870.912 byte).

 

When you format that volume in FAT32 the Windows Format will use a number of reserved sectors, on my XP 36 sectors as reserved, plus 1022 sectors for each FAT table (2 times):

36+2*1022=2080 sectors 2080*512=1,064,960

 

As a matter of fact I have: 130812 allocation units:

chkdsk N:
Il file system è di tipo FAT32.
Numero di serie del volume: 8856-B432
Verifica dei file e delle cartelle in corso...
Verifica dei file e delle cartelle completata.
Verifica del file system effettuata.  Nessun problema rilevato.

  535.805.952 byte di spazio totale su disco.
  535.801.856 byte disponibili su disco.

        4.096 byte in ogni unità di allocazione.
      130.812 unità totali di allocazione su disco.
      130.811 unità di allocazione disponibili su disco.

130812*4096=535805952+1064960=536870912

 

Check the bootsector of the volume you formatted, it is entirely possible that a different OS uses a different number of reserved sectors (or whatever, maybe your image has an offset?) 

 

:duff:

Wonko



#68 nguyentu

nguyentu

    Frequent Member

  • Advanced user
  • 102 posts
  •  
    Vietnam

Posted 14 January 2017 - 11:07 PM

Thanks

I'm talking about the file size, not size of volume.

 

Command:

imdisk -a -s 40960k -m G: -f "D:\Win7.img" -x 63 -y 255 -p "/FS:FAT32 /Q /Y"

Output:

Creating device...
Created device 0: G: -> D:\Win7.img
Formatting disk G:...
The type of the file system is FAT32.
QuickFormatting 39,1 MB
Initializing the File Allocation Table (FAT)...
Format complete.
35,1 MB total disk space.
35,1 MB are available.

512 bytes in each allocation unit.
71.807 allocation units available on disk.

32 bits in each FAT entry.

Volume Serial Number is B838-9BC3
Notifying applications...
Done.

D:\Win7.img = 39,0 MB (40.960.000 bytes) = 40960k = 40960 * 1000

=> K = 1000 byte.

 

Command:

imdisk -a -s 40M -m G: -f "D:\Win7.img" -x 63 -y 255 -p "/FS:FAT32 /Q /Y"

Output:

Creating device...
Created device 1: G: -> D:\Win7.img
Formatting disk G:...
The type of the file system is FAT32.
QuickFormatting 40,0 MB
Initializing the File Allocation Table (FAT)...
Format complete.
36,0 MB total disk space.
36,0 MB are available.

512 bytes in each allocation unit.
73.727 allocation units available on disk.

32 bits in each FAT entry.

Volume Serial Number is 8445-CC8B
Notifying applications...
Done.

D:\Win7.img = 40,0 MB (41.943.040 bytes) = 40 * 1024 * 1024

=> M = 1024 * 1024

=> K = 1024 byte

 

ImDisk Help...

Size of the virtual disk. Size is number of bytes unless suffixed with
a b, k, m, g, t, K, M, G or T which denotes number of 512-byte blocks,
thousand bytes, million bytes, billion bytes, trillion bytes,
kilobytes, megabytes, gigabytes and terabytes respectively.

Edited by nguyentu, 14 January 2017 - 11:21 PM.


#69 Olof Lagerkvist

Olof Lagerkvist

    Gold Member

  • Developer
  • 1448 posts
  • Location:Borås, Sweden
  •  
    Sweden

Posted 14 January 2017 - 11:57 PM

Yes

Size of the virtual disk. Size is number of bytes unless suffixed with
a b, k, m, g, t, K, M, G or T which denotes number of 512-byte blocks,
thousand bytes, million bytes, billion bytes, trillion bytes,
kilobytes, megabytes, gigabytes and terabytes respectively.

 
In your first example you use a small letter k, which means 1000 bytes. In your second example you use capital letter M which means 1024 x 1024 bytes.

 

Let me split the help text into a table instead, maybe that is easier to follow:

b = 512-byte blocks

k = thousand bytes (1000)

m = million bytes (1000 * 1000)

g = billion bytes (1000 * 1000 * 1000)

t = trillion bytes (1000 * 1000 * 1000 * 1000)

K = kilobytes (1024)

M = megabytes (1024 * 1024)

G = gigabytes (1024* 1024 * 1024)

T = terabytes (1024 * 1024 * 1024 * 1024)


  • nguyentu likes this

#70 nguyentu

nguyentu

    Frequent Member

  • Advanced user
  • 102 posts
  •  
    Vietnam

Posted 15 January 2017 - 12:48 AM

Yes

 
In your first example you use a small letter k, which means 1000 bytes. In your second example you use capital letter M which means 1024 x 1024 bytes.

 

Let me split the help text into a table instead, maybe that is easier to follow:

b = 512-byte blocks

k = thousand bytes (1000)

m = million bytes (1000 * 1000)

g = billion bytes (1000 * 1000 * 1000)

t = trillion bytes (1000 * 1000 * 1000 * 1000)

K = kilobytes (1024)

M = megabytes (1024 * 1024)

G = gigabytes (1024* 1024 * 1024)

T = terabytes (1024 * 1024 * 1024 * 1024)

 

Thanks!


  • Olof Lagerkvist likes this

#71 nguyentu

nguyentu

    Frequent Member

  • Advanced user
  • 102 posts
  •  
    Vietnam

Posted 16 January 2017 - 11:13 PM

Hi,

How to calculate the free space when creating file?

For example, I want to create an image with 80MB free space, how to calculate the -s parameter?

Thanks!

imdisk -a -s 80M -m G: -f "D:\Win7.img" -x 63 -y 255 -p "/FS:NTFS /Q /Y"


#72 Olof Lagerkvist

Olof Lagerkvist

    Gold Member

  • Developer
  • 1448 posts
  • Location:Borås, Sweden
  •  
    Sweden

Posted 16 January 2017 - 11:45 PM

Don't know really. First of all it depends on which file system you select. For example NTFS has larger overhead than FAT32. It also depends on some settings you can select when you format, such as allocation size etc. I am no expert when it comes to file systems, but maybe someone else knows how to calculate this. But please start a new thread for that question instead of discussing here in the FAQ thread!

#73 v77

v77

    Silver Member

  • Team Reboot
  • 602 posts
  •  
    France

Posted 07 April 2017 - 02:36 PM

Don't know if this is intentional, but the point 8 of the FAQ does no longer contain the links to the files.
There is also a small anomaly in the point 4.



#74 Olof Lagerkvist

Olof Lagerkvist

    Gold Member

  • Developer
  • 1448 posts
  • Location:Borås, Sweden
  •  
    Sweden

Posted 07 April 2017 - 04:27 PM

Thanks, I'll fix that! It happens when I forget that this post can only be edited in Mozilla based browsers. Any other browser messes up the contents badly and what you see there is rests of that which I have just missed to fix.

#75 yfau@freealtgen.com

yfau@freealtgen.com
  • Members
  • 1 posts
  •  
    Norfolk Island

Posted 23 March 2018 - 02:29 PM

Hello!

 

Maybe anybody know how to start ram-disk (imdisk) with delay (on windows startup)?

 

I configure my RAM-disk with RamDiskUI.exe






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users