Jump to content











Photo
- - - - -

[Resolved]mount hidden partition command line possible ?


  • Please log in to reply
29 replies to this topic

#1 Acris

Acris

    Member

  • Members
  • 72 posts
  • Location:Switzerland
  •  
    Switzerland

Posted 11 January 2010 - 10:08 AM

Hello
I want to mount a hidden partition temporarily in command line.
It is the beginning of the disk is in raw format (partition backup recovery)
I would like access to copy some files to a USB key.

I tried the diskpart command but it does not see the hidden partition

can you tell me if is it possible or not ?

I have to use an external command if so which one?

information mbr :

MBRWiz - Version 2.0 **beta** for Windows XP/2K3/PE		 April 30, 2006

   Copyright (c) 2002-2006 Roger Layton					http://mbr.bigr.net



Disk: 0   Size: 153G CHS: 19457 255 63

Pos MBRndx Type/Name  Size Active Hide Start Sector   Sectors	DL Vol Label

--- ------ ---------- ---- ------ ---- ------------ ------------ -- ----------

  0	0	12-DIAG	6.1G   No	No			63   12,594,897 -- <None>  

  1	1	07-NTFS	146G   Yes   No	12,595,200  299,982,848 C&#58; ACER
Thank a lot
Acris

#2 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 11 January 2010 - 10:36 AM

Be careful with "12" partition types:
http://www.win.tue.n...on_types-1.html

They can contain almost "any" filesystem.

Since it is 6.1 Gb it is probably FAT32 (or NTFS, but usually Recovery partitions are made FAT32).

Check it's bootsector to determine actual filesystrem with a hex/disk editor, like, as an example, TinyHexer:
http://www.boot-land...?showtopic=8734


Then use MBRfix:
http://www.sysint.no...ting/mbrfix.htm

to SET partition type to either 0B or 0C (if FAT32) or 07 (if NTFS).

I would first backup the MBR with dsfo/dsfi or dd-for-windows, or any similar utility.

:confused1:

Wonko

#3 Acris

Acris

    Member

  • Members
  • 72 posts
  • Location:Switzerland
  •  
    Switzerland

Posted 11 January 2010 - 11:51 AM

partition PQSERVICE is EISA type (type 12 in Ptedit32)

#4 Acris

Acris

    Member

  • Members
  • 72 posts
  • Location:Switzerland
  •  
    Switzerland

Posted 13 January 2010 - 07:50 AM

The tool mbrwrwin.exe can mount the partition PQSERVICE easily

If your PC use Vista or Seven

you can use diskpart command line.

diskpart
rescan
list disk
select disk 0
detail disk
list partition
select partition 1
detail partition
set id=07 override
list disk
select disk 0
list volume
select volume 0
assign letter=d

for exemple...
setid parameter (diskpart) is not available in xp

#5 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 13 January 2010 - 11:52 AM

partition PQSERVICE is EISA type (type 12 in Ptedit32)

Sure, and as said it is normally using a FAT32 filesystem, but it may have been converted to NTFS and also on some machines be NTFS from factory. :confused1:


The tool mbrwrwin.exe can mount the partition PQSERVICE easily


AFAIK mbrwrwin.exe does NOT "mount" anything, it is an utility to re-install the D2D MBR CODE:
http://www.wildersse.......8535&page=2
http://www.roundtrip...ecovery-broken/
http://www.fixya.com...47-d2d_recovery
in order to be able to boot the Recovery partition with ALT+F10

Wonko

#6 Acris

Acris

    Member

  • Members
  • 72 posts
  • Location:Switzerland
  •  
    Switzerland

Posted 14 January 2010 - 06:42 AM

Hi,

AFAIK mbrwrwin.exe does NOT "mount" anything, it is an utility to re-install the D2D MBR CODE:


Yes, but not only that, mbrwrwin fixes the mbr but it can also mount a partition! :rolleyes:

I created a batch that creates a bootable key with the recovery system factory for aspire one netbook. :confused1:
it works very well.

#7 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 14 January 2010 - 08:48 AM

Yes, but not only that, mbrwrwin fixes the mbr but it can also mount a partition! :rolleyes:


Let me try re-phrasing. :rolleyes:

Can you describe what happens when you use that tool? :)

As it is commonly used the term "mount" means that a driver of some kind is started to allow access to a filesystem or device otherwise UNmounted.

Typical examples of "mounting" apps are VDK, or IMDISK or Firadisk or WinVblock, i.e. disk/partition drivers.

Or does it behave similar to the MOUNTVOL command or the good ol' mnt/unmnt by Christoph H. Hochstaetter or software like the one by Uwe Sieber:
http://www.uwe-siebe...ivetools_e.html
http://www.uwe-siebe...btrouble_e.html

:confused1:

Wonko

#8 Acris

Acris

    Member

  • Members
  • 72 posts
  • Location:Switzerland
  •  
    Switzerland

Posted 14 January 2010 - 12:09 PM

When I use the tool mbrmrwin.exe with option mount
the hidden partition is visible and accessible for reading and writing in my computer

I copy my files on my USB key bootable

To unmount the drive I close my session and I restart the pc

Anyway I solved my problem to access this hidden partition PQSERVICE and make a bootable key with files on it to restore the pc

#9 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 14 January 2010 - 03:30 PM

It would be interesting if you could check if (after you have issued the /mount command) the MBR data has changed /and is re-set at re-boot) or if somehow the tool changes "something" in memory. :confused1:

Wonko

#10 ireneuszp

ireneuszp

    Frequent Member

  • Advanced user
  • 191 posts
  •  
    Poland

Posted 14 January 2010 - 06:45 PM

Mount Storage PE
http://www.kare-net....MountStorPe.zip

Mount Storage PE

Mount Storage Pe weist Laufwerksbuchstaben eines mobilen Datenträgers unter BartPE zu.

So kann z.B. eine mobile Festplatte nachträglich angeschlossen werden.

:confused1:

#11 Acris

Acris

    Member

  • Members
  • 72 posts
  • Location:Switzerland
  •  
    Switzerland

Posted 15 January 2010 - 06:24 AM

Wonko the Sane
Sorry if my answers are long but the forum was often inaccessible these days
The MBR is not changed before, during or after using the utility mbrwrwin.exe mount

I saved My MBR with MBRWizard and i used tinyHEX
I used the option "Compare" "Compare to file"

mbr.bin to mbr2.bin
mbr2.bin to mbr3.bin
mbr.bin to mbr3.bin

No difference

Before :
mbr.bin
Posted Image

During :
mbr2.bin
Posted Image

After :
mbr3.bin
Posted Image

Download = 3 mbr.bin

ireneuszp > Thank a lot

#12 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 15 January 2010 - 07:56 AM

VERY interesting. :rolleyes:

This should mean that (and I wonder how) it is possible to let Windows "see" an "alternate" MBR.

Or somehow "force" a given volume inside /DosDevices key in the Registry (which would be another place to chack before/during/after).

Another check you could do is to "watch" the didk in Disk Management (updating manually the view) during the process.

Is there an "unmount" command or once mounted the only way to unmount is to reboot?

:confused1:

Wonko

#13 Acris

Acris

    Member

  • Members
  • 72 posts
  • Location:Switzerland
  •  
    Switzerland

Posted 15 January 2010 - 08:23 AM

Hi

i used regshot : http://sourceforge.n...ojects/regshot/
to compare before and after :

Regshot 1.8.2
Comments:
Datetime:2010/1/15 08:05:47 , 2010/1/15 08:06:49
Computer:ACER-ASPIREONED150 , ACER-ASPIREONED150
Username:Acris , Acris

----------------------------------
Keys added:6
----------------------------------
HKU\S-1-5-21-4217759621-436321949-3341562259-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32
HKU\S-1-5-21-4217759621-436321949-3341562259-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
HKU\S-1-5-21-4217759621-436321949-3341562259-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
HKU\S-1-5-21-4217759621-436321949-3341562259-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*
HKU\S-1-5-21-4217759621-436321949-3341562259-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe
HKU\S-1-5-21-4217759621-436321949-3341562259-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

----------------------------------
Values added:6
----------------------------------
HKU\S-1-5-21-4217759621-436321949-3341562259-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe\a: "C:\Documents and Settings\Acris\Bureau\MBRwrWin.exe"
HKU\S-1-5-21-4217759621-436321949-3341562259-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe\MRUList: "a"
HKU\S-1-5-21-4217759621-436321949-3341562259-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\a: "C:\Documents and Settings\Acris\Bureau\MBRwrWin.exe"
HKU\S-1-5-21-4217759621-436321949-3341562259-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*\MRUList: "a"
HKU\S-1-5-21-4217759621-436321949-3341562259-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\a: 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 2E 00 45 00 58 00 45 00 00 00 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00 6E 00 64 00 20 00 53 00 65 00 74 00 74 00 69 00 6E 00 67 00 73 00 5C 00 43 00 61 00 72 00 69 00 6E 00 65 00 5C 00 42 00 75 00 72 00 65 00 61 00 75 00 00 00
HKU\S-1-5-21-4217759621-436321949-3341562259-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU\MRUList: "a"

----------------------------------
Values modified:7
----------------------------------
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 0B 22 EE A1 10 73 BC 88 EA C1 FC FB 9C E4 E6 76 85 84 A1 43 BD 23 1F 52 00 12 44 55 AD BB 42 20 04 F5 11 46 05 A3 3F E9 7A 76 ED 0A 52 B1 AE 85 7C 6F 16 8F 69 CB 6A AA 2F F8 8E BD FE B7 07 2F 43 EB 5C F1 C8 BD 2E E6 15 DC 31 F8 E7 9C 6E 3E
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 32 2B F4 D8 A6 60 C3 C3 77 7F 2F BD DC 85 78 51 90 91 7B 59 AE 76 9E A2 E5 DD E3 3D 39 84 19 4F B9 55 3F 1C 70 9E 86 F4 16 EC C0 61 00 91 00 4C 8A A4 15 C2 C6 11 4F 4C C2 97 F1 54 47 E9 8C EB E2 D4 CD 98 64 23 F7 93 B1 36 05 5F FF 9A A6 24
HKU\S-1-5-21-4217759621-436321949-3341562259-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 06 01 00 00 8D 0B 00 00 80 D0 E2 5B B9 95 CA 01
HKU\S-1-5-21-4217759621-436321949-3341562259-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 06 01 00 00 8F 0B 00 00 C0 77 B1 A5 B9 95 CA 01
HKU\S-1-5-21-4217759621-436321949-3341562259-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_HVDPHG: 06 01 00 00 06 08 00 00 70 E0 B2 5E B9 95 CA 01
HKU\S-1-5-21-4217759621-436321949-3341562259-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_HVDPHG: 06 01 00 00 07 08 00 00 20 33 6A 9A B9 95 CA 01
HKU\S-1-5-21-4217759621-436321949-3341562259-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\ABGRCNQ.RKR: 06 01 00 00 19 02 00 00 70 E7 21 17 A9 95 CA 01
HKU\S-1-5-21-4217759621-436321949-3341562259-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\ABGRCNQ.RKR: 06 01 00 00 1A 02 00 00 D0 E3 20 9C B9 95 CA 01
HKU\S-1-5-21-4217759621-436321949-3341562259-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Pnevar\Ohernh\ZOEjeJva.rkr: 05 01 00 00 09 00 00 00 90 41 D5 30 4F 94 CA 01
HKU\S-1-5-21-4217759621-436321949-3341562259-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Pnevar\Ohernh\ZOEjeJva.rkr: 06 01 00 00 0A 00 00 00 C0 77 B1 A5 B9 95 CA 01
HKU\S-1-5-21-4217759621-436321949-3341562259-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\MRUListEx: 01 00 00 00 00 00 00 00 A4 00 00 00 0C 00 00 00 20 00 00 00 9E 00 00 00 A3 00 00 00 0D 00 00 00 A2 00 00 00 04 00 00 00 A1 00 00 00 A0 00 00 00 9F 00 00 00 9D 00 00 00 9C 00 00 00 9B 00 00 00 9A 00 00 00 99 00 00 00 97 00 00 00 98 00 00 00 96 00 00 00 62 00 00 00 95 00 00 00 94 00 00 00 93 00 00 00 92 00 00 00 90 00 00 00 91 00 00 00 8D 00 00 00 85 00 00 00 8F 00 00 00 8E 00 00 00 8C 00 00 00 8B 00 00 00 89 00 00 00 8A 00 00 00 86 00 00 00 88 00 00 00 87 00 00 00 84 00 00 00 83 00 00 00 5B 00 00 00 6C 00 00 00 82 00 00 00 81 00 00 00 7F 00 00 00 80 00 00 00 7E 00 00 00 7D 00 00 00 3A 00 00 00 59 00 00 00 09 00 00 00 6E 00 00 00 7C 00 00 00 76 00 00 00 66 00 00 00 2F 00 00 00 69 00 00 00 61 00 00 00 7B 00 00 00 79 00 00 00 7A 00 00 00 78 00 00 00 77 00 00 00 75 00 00 00 72 00 00 00 73 00 00 00 74 00 00 00 71 00 00 00 70 00 00 00 6F 00 00 00 6D 00 00 00 68 00 00 00 6B 00 00 00 6A 00 00 00 67 00 00 00 5D 00 00 00 64 00 00 00 65 00 00 00 63 00 00 00 60 00 00 00 3D 00 00 00 5F 00 00 00 5E 00 00 00 5C 00 00 00 5A 00 00 00 58 00 00 00 56 00 00 00 57 00 00 00 16 00 00 00 53 00 00 00 55 00 00 00 54 00 00 00 52 00 00 00 51 00 00 00 50 00 00 00 4F 00 00 00 4E 00 00 00 4C 00 00 00 4D 00 00 00 48 00 00 00 4B 00 00 00 4A 00 00 00 49 00 00 00 47 00 00 00 46 00 00 00 45 00 00 00 43 00 00 00 44 00 00 00 42 00 00 00 41 00 00 00 40 00 00 00 3F 00 00 00 3E 00 00 00 3B 00 00 00 3C 00 00 00 39 00 00 00 38 00 00 00 03 00 00 00 37 00 00 00 33 00 00 00 35 00 00 00 36 00 00 00 34 00 00 00 32 00 00 00 31 00 00 00 30 00 00 00 2E 00 00 00 2D 00 00 00 2C 00 00 00 2B 00 00 00 2A 00 00 00 29 00 00 00 28 00 00 00 27 00 00 00 26 00 00 00 25 00 00 00 24 00 00 00 22 00 00 00 1F 00 00 00 1C 00 00 00 23 00 00 00 21 00 00 00 1E 00 00 00 1D 00 00 00 17 00 00 00 15 00 00 00 18 00 00 00 1B 00 00 00 1A 00 00 00 19 00 00 00 14 00 00 00 13 00 00 00 12 00 00 00 10 00 00 00 11 00 00 00 0A 00 00 00 0B 00 00 00 0F 00 00 00 0E 00 00 00 08 00 00 00 07 00 00 00 06 00 00 00 05 00 00 00 02 00 00 00 FF FF FF FF
HKU\S-1-5-21-4217759621-436321949-3341562259-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\MRUListEx: 00 00 00 00 01 00 00 00 A4 00 00 00 0C 00 00 00 20 00 00 00 9E 00 00 00 A3 00 00 00 0D 00 00 00 A2 00 00 00 04 00 00 00 A1 00 00 00 A0 00 00 00 9F 00 00 00 9D 00 00 00 9C 00 00 00 9B 00 00 00 9A 00 00 00 99 00 00 00 97 00 00 00 98 00 00 00 96 00 00 00 62 00 00 00 95 00 00 00 94 00 00 00 93 00 00 00 92 00 00 00 90 00 00 00 91 00 00 00 8D 00 00 00 85 00 00 00 8F 00 00 00 8E 00 00 00 8C 00 00 00 8B 00 00 00 89 00 00 00 8A 00 00 00 86 00 00 00 88 00 00 00 87 00 00 00 84 00 00 00 83 00 00 00 5B 00 00 00 6C 00 00 00 82 00 00 00 81 00 00 00 7F 00 00 00 80 00 00 00 7E 00 00 00 7D 00 00 00 3A 00 00 00 59 00 00 00 09 00 00 00 6E 00 00 00 7C 00 00 00 76 00 00 00 66 00 00 00 2F 00 00 00 69 00 00 00 61 00 00 00 7B 00 00 00 79 00 00 00 7A 00 00 00 78 00 00 00 77 00 00 00 75 00 00 00 72 00 00 00 73 00 00 00 74 00 00 00 71 00 00 00 70 00 00 00 6F 00 00 00 6D 00 00 00 68 00 00 00 6B 00 00 00 6A 00 00 00 67 00 00 00 5D 00 00 00 64 00 00 00 65 00 00 00 63 00 00 00 60 00 00 00 3D 00 00 00 5F 00 00 00 5E 00 00 00 5C 00 00 00 5A 00 00 00 58 00 00 00 56 00 00 00 57 00 00 00 16 00 00 00 53 00 00 00 55 00 00 00 54 00 00 00 52 00 00 00 51 00 00 00 50 00 00 00 4F 00 00 00 4E 00 00 00 4C 00 00 00 4D 00 00 00 48 00 00 00 4B 00 00 00 4A 00 00 00 49 00 00 00 47 00 00 00 46 00 00 00 45 00 00 00 43 00 00 00 44 00 00 00 42 00 00 00 41 00 00 00 40 00 00 00 3F 00 00 00 3E 00 00 00 3B 00 00 00 3C 00 00 00 39 00 00 00 38 00 00 00 03 00 00 00 37 00 00 00 33 00 00 00 35 00 00 00 36 00 00 00 34 00 00 00 32 00 00 00 31 00 00 00 30 00 00 00 2E 00 00 00 2D 00 00 00 2C 00 00 00 2B 00 00 00 2A 00 00 00 29 00 00 00 28 00 00 00 27 00 00 00 26 00 00 00 25 00 00 00 24 00 00 00 22 00 00 00 1F 00 00 00 1C 00 00 00 23 00 00 00 21 00 00 00 1E 00 00 00 1D 00 00 00 17 00 00 00 15 00 00 00 18 00 00 00 1B 00 00 00 1A 00 00 00 19 00 00 00 14 00 00 00 13 00 00 00 12 00 00 00 10 00 00 00 11 00 00 00 0A 00 00 00 0B 00 00 00 0F 00 00 00 0E 00 00 00 08 00 00 00 07 00 00 00 06 00 00 00 05 00 00 00 02 00 00 00 FF FF FF FF
HKU\S-1-5-21-4217759621-436321949-3341562259-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\MRUListEx: 02 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 05 00 00 00 06 00 00 00 04 00 00 00 FF FF FF FF
HKU\S-1-5-21-4217759621-436321949-3341562259-1005\Software\Microsoft\Windows\ShellNoRoam\BagMRU\0\MRUListEx: 01 00 00 00 02 00 00 00 00 00 00 00 03 00 00 00 05 00 00 00 06 00 00 00 04 00 00 00 FF FF FF FF

----------------------------------
Total changes:19
----------------------------------


There is no trace of DosDevices\D:
There is no command to unmount
simply just reboot the pc or log off user

Acris

#14 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 15 January 2010 - 09:10 AM

"Before and after" or "Before and during"?

It's the "before and during" or the "during and after" cxomparison that may give some hint...

From the posted compare there are no differences in the areas of the Registry somehow connected to mounting devices or volumes. :confused1:

The mistery is thickening at every step....:cheers:

I do have an oldish Acer laptop (with a botched video card, thus unusable).
I may try to setup a VM on another machine with an image of it's disk, though I doubt it will be possible to easily make the install "portable" to the Vm in order to test. :rolleyes:

Wonko

#15 Acris

Acris

    Member

  • Members
  • 72 posts
  • Location:Switzerland
  •  
    Switzerland

Posted 15 January 2010 - 09:23 AM

Reg file with regshot is before and during.

I saw no trace in the registry on a volume mount

i used : diskpart in command line during (mount pqservice)

Posted Image


If you require additional information with specific tools
say to me I will

PTEDIT32 :

Posted Image

Acris

#16 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 15 January 2010 - 09:36 AM

I just checked the contents of the D2D (or "erecovery") install package, there are no "driver" files (.sys), exception made for:
  • int15.sys (but no .inf file :confused1: Interrupt 15 should be related to memory)
but there are however a number of interestingly named .dll's:
  • imagefile.dll
  • ImagFile.dll
  • READFILE.DLL

Would it be possible that a partition is mounted through a DLL in RAM only?

If I recall correctly the whole system was PQ (PowerQuest) originated (the original makers of Partition Magic) and sure those guys knew where their towel was when it came to partitions....

Let's see if karyonix or Sha0 or some of the other more knowledgeable guys have some ideas...

Wonko

#17 Acris

Acris

    Member

  • Members
  • 72 posts
  • Location:Switzerland
  •  
    Switzerland

Posted 15 January 2010 - 11:54 AM

Would it be possible that a partition is mounted through a DLL in RAM only?

How to check ?

#18 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 15 January 2010 - 12:06 PM

How to check ?

I don't really know :rolleyes:, but if it would be possible, we would have a new range of open possibilities. :cheers:

At the moment only semi-random ideas, as above to be run before/during or during/after:

:confused1:

Wonko

#19 was_JFX

was_JFX

    Frequent Member

  • Advanced user
  • 483 posts
  •  
    Germany

Posted 15 January 2010 - 12:35 PM

Hard to follow the problem of yours. Thought it was already solved?

You define a dosdevice with mountstorPE or showdrive.exe.
And can delete it be with dosdev or reboot.

This doesn't effect MBR or registry.

#20 Acris

Acris

    Member

  • Members
  • 72 posts
  • Location:Switzerland
  •  
    Switzerland

Posted 15 January 2010 - 12:40 PM

I found the command back to see my hidden partition PQSERVICE

Wonko the Sane wants to know how it works

#21 Acris

Acris

    Member

  • Members
  • 72 posts
  • Location:Switzerland
  •  
    Switzerland

Posted 15 January 2010 - 01:10 PM

Wonko the Sane >
I used dosdev.exe :

dosdev.exe -a to compare before after.

The only difference is

D:\ = \Device\Harddisk0\Partition1 [Fixed]


Posted Image

#22 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 15 January 2010 - 04:19 PM

Hard to follow the problem of yours. Thought it was already solved?

You define a dosdevice with mountstorPE or showdrive.exe.
And can delete it be with dosdev or reboot.

This doesn't effect MBR or registry.


Yes, the original problem was solved.

You define a dosdevice with mountstorPE or showdrive.exe.
And can delete it be with dosdev or reboot.


ireneuszp was so kind as to post a link for MountStorePE, can you post one for "showdrive.exe"?
I never realized that MountStorePE was usable also on a "normal" XP (as opposed to a PE) :)


And can delete it be with dosdev or reboot.

Are you talking about the Microsoft dosdev or the one by Olof? :cheers:

This doesn't effect MBR or registry.

So, everything happens in a "volatile" area like the \device\Harddiskx\Partitiony\ ? :rolleyes:
http://www.boot-land...?...c=2425&st=5
if this is the case the "difference" should be detected by DMDIAG.EXE or WINOBJ
http://technet.micro...873(WS.10).aspx
http://technet.micro...385(WS.10).aspx
http://technet.micro...s/bb896657.aspx

:confused1:

Wonko

P.S.: Sorry Acris :rolleyes:, cross-posting, the Board is a bit unresponsive right now.

#23 was_JFX

was_JFX

    Frequent Member

  • Advanced user
  • 483 posts
  •  
    Germany

Posted 15 January 2010 - 05:00 PM

ireneuszp was so kind as to post a link for MountStorePE, can you post one for "showdrive.exe"?
I never realized that MountStorePE was usable also on a "normal" XP (as opposed to a PE) :rolleyes:

Sure, I had found it on wuyou board was also opensource :rolleyes:

Attached File  showdrive.7z   13.55KB   1186 downloads

Are you talking about the Microsoft dosdev or the one by Olof? :)

Did not know that Olof has a simular tool done :cheers: May it works also

So, everything happens in a "volatile" area like the \device\Harddiskx\Partitiony\ ? :cheers:

As far I understand DefineDosDevice, it can provide you an driveletter from an existing partition (well yes 'volatile')

:confused1:

#24 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 15 January 2010 - 05:15 PM

Sure, I had found it on wuyou board was also opensource :cheers:


Got it, though it doesn't do anything" maybe a missing requirement? (XP SP2)

I'll check with depends.exe, any form of documentation?
(and NO, Chinese documentation won't do :rolleyes:)

I'll try mountstore PE too.

As far I understand DefineDosDevice, it can provide you an driveletter from an existing partition (well yes 'volatile')

Good to know :), I had assumed that the "source" existing partition needed to be visible, or maybe it's just the "special" tool that changes the ID on the fly?

:confused1:

Wonko

#25 was_JFX

was_JFX

    Frequent Member

  • Advanced user
  • 483 posts
  •  
    Germany

Posted 15 January 2010 - 05:40 PM

Got it, though it doesn't do anything" maybe a missing requirement? (XP SP2)

If you don't have an hidden partition it will do nothing, if you have an partition that have no drive letter than it will silently get a drive letter.

Sample delete an driveletter with:

dosdev -d X&#58;

Than run showdrive.exe and drive will have a drive letter again. (Maybe needed to push F5 key in file browser)

Would say it's pretty much the same like MountStorPE but's more silent and smaller :rolleyes:

I had assumed that the "source" existing partition needed to be visible, or maybe it's just the "special" tool that changes the ID on the fly?

It doesn't change ID or anything.

:confused1:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users