Jump to content











Photo

Backup a live Windows system with strarc and volume shadow copy


  • Please log in to reply
19 replies to this topic

#1 Vortex

Vortex

    Frequent Member

  • Advanced user
  • 235 posts

Posted 02 June 2013 - 11:07 AM

With many thanks to Olof Lagerkvist, strarc can backup a full Windows installation including NTFS permissions, timestamps and file attributes.

 

http://www.ltr-data.....html/#CmdUtils

 

strarc can be used to do an on-line backup of Windows using the volume shadow service.

 

I coded a tool named vscopy similar to Microsoft's volume shadow copy client vshadow.exe :

 
Volume shadow copy creator for Windows XP \ Server 2003 \ 7 V1.0
 
 
For the moment, only the 32-bit version of vscopy is available for Windows XP, 2003 and Windows 7
 
Other alternatives are MS volume shadow copy client from various SDKs and the one from SourceForge :
 
 
Using my volume shadow copy creator, I was able to perform an on-line backup of my Windows XP SP3 installation with strarc.exe :
D:\>vscopy.exe C: V: wait.bat
Volume shadow copy path = \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1
 
wait.bat :
Pause
vscopy takes three parameters. The first indicating the partition to get the volume shadow copy. The second is the symbol of the volume shadow copy and the third is the batch \ script \ executable file to process the volume shadow copy.
 
The second command-line prompt :
strarc.exe -cd:V:\ -e:pagefile.sys \\fileserver\backup\winxpsp3.sa
The pagefile is excluded. Through a a pipe symbol, bzip2 can compress the backup stream.
 
Naturally, you can add this line to the batch file wait.bat
 
V is the symbol of the volume shadow copy. strarc created successfully the backup on the network share. Restoring is easy from a Windows PE environment :
 
Formatting partition C and connecting to the network share :
net use Z: \\fileserver\backup
Restore backup :
strarc.exe -xd:C:\ Z:\winxpsp3.sa
The restored Windows XP system restarted without any error message.
 
The -j parameter of strarc can be used to backup the junction points of Vista,7,8, Server 2008 \ 2012 

  • Olof Lagerkvist and wimb like this

#2 erwan.l

erwan.l

    Gold Member

  • Developer
  • 2278 posts
  • Location:Nantes - France
  •  
    France

Posted A week ago

This is an old thread but still was useful to me.

 

I thought I would share how strarc can be used with netcat and therefore backup files over the network.

 

On the "server" side : nc -v -l -p 9000 -e "strarc -cd:x:\my_folder\"

On the "client " side : nc 192.168.1.1 9000 > dump.sa  (update the IP obviously with your "server" IP).

 

This can probably be combined with bzip2/gzip/7zip(?) using the dos pipe (i.e "|") but being rather weak there I will leave that to others and will lamelessly use stdin/stdout with netcat for now (i.e ">").

 

EDIT:

on the client side, you can compress on the fly with: nc 192.168.1.1 9000 | 7z a backup.7z -si


  • Olof Lagerkvist likes this

#3 Olof Lagerkvist

Olof Lagerkvist

    Gold Member

  • Developer
  • 1358 posts
  • Location:Borås, Sweden
  •  
    Sweden

Posted A week ago

Thanks both of you for your useful "how-tos" for strarc!

 

Just one thing about the original post, you do not need to assign a drive letter for a shadow copy volume if you are backing up using a shadow copy. In the above example, V:\ can be replaced with the volume device path, like:

strarc.exe -cd:\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\ -e:pagefile.sys \\fileserver\backup\winxpsp3.sa

(Notice the trailing \ at the end of the volume path, so that you reference the root directory of the file system instead of the raw volume.)



#4 erwan.l

erwan.l

    Gold Member

  • Developer
  • 2278 posts
  • Location:Nantes - France
  •  
    France

Posted A week ago

Thanks both of you for your useful "how-tos" for strarc!

 

Just one thing about the original post, you do not need to assign a drive letter for a shadow copy volume if you are backing up using a shadow copy. In the above example, V:\ can be replaced with the volume device path, like:

strarc.exe -cd:\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\ -e:pagefile.sys \\fileserver\backup\winxpsp3.sa

(Notice the trailing \ at the end of the volume path, so that you reference the root directory of the file system instead of the raw volume.)

 

I have not tried yet but then I guess a volume name will work as well in the form of "\\?\Volume{e26e7b15-122a-11e7-82bf-806e6f6e6963}\" ?


  • Olof Lagerkvist likes this

#5 Olof Lagerkvist

Olof Lagerkvist

    Gold Member

  • Developer
  • 1358 posts
  • Location:Borås, Sweden
  •  
    Sweden

Posted A week ago

Yes exactly, that works too!



#6 erwan.l

erwan.l

    Gold Member

  • Developer
  • 2278 posts
  • Location:Nantes - France
  •  
    France

Posted 5 days ago

With the this command : strarc.exe -crjd:c:\ | strarc.exe -xd:d:\ , I was able (under xp) to copy all files from one disk to another in a short few mns.

The only extra step I had to perform was to take care of my boot loader on the target disk (old good grub4dos in my case) and I was able to reboot my system on this disk, without a glitch.

I could (should?) have gone for a snapshoted drive as source but did not bother.

 

The "r" parameter is a must have as it will handle loaded registry hives (locked and therefore skipped by default).



#7 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14135 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 5 days ago

With the this command : strarc.exe -crjd:c:\ | strarc.exe -xd:d:\ , I was able (under xp) to copy all files from one disk to another in a short few mns.

The only extra step I had to perform was to take care of my boot loader on the target disk (old good grub4dos in my case) and I was able to reboot my system on this disk, without a glitch.

I could (should?) have gone for a snapshoted drive as source but did not bother.

 

The "r" parameter is a must have as it will handle loaded registry hives (locked and therefore skipped by default).

Hmmm. :dubbio:

 

How was the Disk Signature managed?  :w00t:

 

Normally you have to delete DosDevices key to let the "first boot after copy" recreate it with the "new" Disk Signature.

 

:duff:

Wonko 



#8 erwan.l

erwan.l

    Gold Member

  • Developer
  • 2278 posts
  • Location:Nantes - France
  •  
    France

Posted 5 days ago

Hmmm. :dubbio:

 

How was the Disk Signature managed?  :w00t:

 

Normally you have to delete DosDevices key to let the "first boot after copy" recreate it with the "new" Disk Signature.

 

:duff:

Wonko 

 

Indeed, had not realised that, surprisingly, i created the part table myself (chs, hidden sectors, total sectors, ...), injected G4D boot code and "basta".

Meaning the disk id was a blank one.

And still XP booted fine.

 

I can easily reproduce the steps to double check it.

 

Edit : below the steps (from my notes) i followed and indeed ignoring the disk id part.

create a 2GB "raw" image file
mount with imdisk at offset 63
format
copy files (with strarc)
manually copy grldr+menu.lst
unmount
instal g4d to MBR 
manually create an active (0x80) ntfs (0x07) part in MBR (dummy chs, hidden sectors=63, total sectors=bs.total_sectors+1)
fix hidden sector (=63) in BS (imdisk sets to 1 by default) 


#9 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14135 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 5 days ago

Well, if you used IMDISK, then it is clear :), IMDISK mounts ONLY volumes (NOT disks) at a "higher" level than Disk Manager.

 

The "target" disk (the whole disk) is never mounted (at the same time as the original), so there is no conflict with the "source" disk's signature.

 

In your case the disk signature is blank, so the XP assigns one to it and since it cannot find the disk on which it was originally installed it (evidently :unsure:) defaults to recreate on its own the MountedDevices drive lettering on the base of the newly assigned Disk Signature.

 

If you check the disk signatures of the "source" and of the "target" disks they will be different, that any NT system as soon as it finds a diskwith a blank signature writes one to it is well documented, that it can auto-fix a set of Registry keys (in case the Disk Signature in them is not available) is AFAICR "news".

 

It has to be checked whether this only works if a set of conditions apply, like "single active primary partiton that is both "System" and "Boot" volume. :dubbio:

 

 

:duff:

Wonko



#10 erwan.l

erwan.l

    Gold Member

  • Developer
  • 2278 posts
  • Location:Nantes - France
  •  
    France

Posted 5 days ago

Ok, being either ignorant or sloppy, I got lucky :)

I used ImDisk here because XP does not handle VHD natively.

Had I been under windows 7, i would probably have used the built in VHD feature for my experiment and would then have found myself with possible disk signatures conflicts (or rather the infamous 0x7b boot error...).

There I should then add an extra step i.e reset the MountedDevices key.

 

Now, looking at it afterwards, using ImDisk to avoid disk signatures conflicts is actually convenient .

 

My XP system was a single partition.



#11 IAmTheTrueMeaningOfCovfefe

IAmTheTrueMeaningOfCovfefe

    Silver Member

  • Advanced user
  • 619 posts
  • Location:In hiding
  • Interests:An investigation is underway to determine whether Trump has any ties to America.
  •  
    United States

Posted 4 days ago

I've been looking for a good file-based backup program, though I still rely on disk/partition imaging for backups that are near 100% guaranteed to restore and boot successfully. My main interest is in using strarc to back up/restore BestCrypt/VeraCrypt encrypted volumes. I can simply mount the volume, restore or back up, then dismount, probably from a PE environment or similar.

 

I had previously considered Windows-based rsync variations for this task, it works great on Linux but has too many downsides in Windows. Being able to back up and restore a file/directory's various attributes/permissions/ownership/etc is important. I would also like to be able to cover the targets of NTFS junctions, symbolic links, and hardlinks, without actually following them and pulling data from outside the volume into the backup.

 

Is there a possibility of being able to run from Linux? It would be useful to be able to perform operations on Windows and its' associated volumes.

 

What about the disk signature, as Wonko mentioned? How should it be handled? Is it safe to assume I'm safe as long as I dont format the volume, restore it, then try to boot it? I have certain volume lettering associations that I need to remain intact, as many of my installed programs "remember" where they are. And my Users volume, which I separated from the C drive with a unattend script, is also dependent on its' letter being the same.

 

I would also like to be able to restore encrypted volumes without having to decrypt/encrypt/reencrypt after every restore. And not having to back up free and used space. CloneZilla etc can handle this, but it does an exact copy of the partition, which encompasses free/used space, but takes forever to back up/restore.

 

I also find it useful to be able to back up volumes while Windows is running. To date I've found that Drive Snapshot and ShadowProtect do this faithfully, and work well with encryption (with BestCrypt very well, VeraCrypt not so well, there are issues with restoring).

 

Would something else like wimlib be better suited to my needs?

 

Thanks!

 

Edit: I forgot to ask earlier, but what about the possibility of excluding files/directories from being backed up or restored, perhaps via wildcards or just explicitly specifying them? An example was mentioned regarding the pagefile, but I would also like to exclude others like hiberfil.sys, swapfile.sys, Windows Temp directory, Recycle Bin, System Volume Information, etc.

 

What is strarc's average compression ratio? Or is this wholly dependent on what is being backed up?

 

Is there a complete list of accepted commands? Or something like "strarc --help" to get a list?



#12 erwan.l

erwan.l

    Gold Member

  • Developer
  • 2278 posts
  • Location:Nantes - France
  •  
    France

Posted 4 days ago

Is there a complete list of accepted commands? Or something like "strarc --help" to get a list?

 

http://www.ltr-data....iles/strarc.txt



#13 erwan.l

erwan.l

    Gold Member

  • Developer
  • 2278 posts
  • Location:Nantes - France
  •  
    France

Posted 4 days ago

What is strarc's average compression ratio? Or is this wholly dependent on what is being backed up?

 

There is no compression with strarc.

But you can combine it with bzip, etc.



#14 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14135 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 4 days ago

Typically one would use a non NT system (grub4dos is more than enough, but you can use *any* Linux with dd) to restore either a copy of the whole MBR or just the Disk Signature.

The drive letter assignment in the Registry depends on two values:

1) Disk Signature
2) Offset to the partition/volume

 

So, for the first partition/volume (provided that it has the same "OS standard" offset of either 63 or 2048 sectors) there are no issues, while for following partitions/volumes the need to be at the same offset (hence also the same size) of the original.

 

So one could make a (partition based) "clone" (that Windows will anyway make non-identical by changing the Disk Signature), then use strarc to update the content of volumes file-based.

 

As long as the disk can boot to grub4dos, in case of disaster one could restore the Disk Signature (or the whole MBR) and have thus a "replacement clone".

 

As a matter of fact (sire-side note) it could be possible (at least in theory) to mount using IMDISK direct offset mounting a volume:

http://reboot.pro/to...image/?p=192170

 on a "cloned" hard disk on which the MBR "Magic Bytes" have been wiped (i.e. that won't get mounted in Windows and that would prompt for initializing in Disk Manager).

It has to be checked if the Disk Signature conflict happens even for that or only at mounting time. :unsure:

 

This would have the advantage of keeping in normal state the volume(s) unmounted, mounting it/them only when needed for the strarc sync/backup [1], AND having them virtually "untouchable" by Windows and anything normally running in it, as the disk would remain uninitialized. 

 

 

:duff:

Wonko 

 

[1] With the diffusion of cryptoware, keeping backup volumes mounted to drive letters has proved to be not a failsafe procedure.



#15 IAmTheTrueMeaningOfCovfefe

IAmTheTrueMeaningOfCovfefe

    Silver Member

  • Advanced user
  • 619 posts
  • Location:In hiding
  • Interests:An investigation is underway to determine whether Trump has any ties to America.
  •  
    United States

Posted 4 days ago

@erwan.l: Next time you can just combine your answers into 1 post, no need for 2.

 

About the compression, since strarc doesn't do this natively, then I will need to install bzip from something like Cygwin (or a Windows port), then pipe from strarc to that so compression can occur? Or pipe to 7-Zip's command line utility (which supports alot of compression algorithms)?



#16 erwan.l

erwan.l

    Gold Member

  • Developer
  • 2278 posts
  • Location:Nantes - France
  •  
    France

Posted 4 days ago

@erwan.l: Next time you can just combine your answers into 1 post, no need for 2.

 

About the compression, since strarc doesn't do this natively, then I will need to install bzip from something like Cygwin (or a Windows port), then pipe from strarc to that so compression can occur? Or pipe to 7-Zip's command line utility (which supports alot of compression algorithms)?

 

Your welcome, as always :)

 

Native bzip can be found here (still on Olof web site).

7zip (using -si or  -so flags) can be used as well : strarc -cd:c:\folder | 7z a backup.7z -si

 

And if you look in the strarc doc which I pointed you to :

3.5 Archive compression.

The strarc program does not natively support compression of the archive it
creates or restores files from. However, because it by default uses stdin and
stdout as archive it is easy to use pipes to stream compression utilities such
as gzip och bzip2. Example:

strarc -cd:C:\ | bzip2 > D:\backup.sa.bz2

This will backup all of C: drive to a bzip2 compressed strarc archive at the D:
drive. To restore from such an archive, use bzcat the opposit way:

bzcat D:\backup.sa.bz2 | strarc -xd:C:\

This will extract all files from the bzip2 compressed strarc archive at the D:
drive back to the C: drive.



#17 IAmTheTrueMeaningOfCovfefe

IAmTheTrueMeaningOfCovfefe

    Silver Member

  • Advanced user
  • 619 posts
  • Location:In hiding
  • Interests:An investigation is underway to determine whether Trump has any ties to America.
  •  
    United States

Posted 4 days ago

@erwan.l: If I had split up each of the paragraphs in my post into multiple posts, someone certainly would have mentioned it. Your 2 posts contained a total of 2 quotes, 1 link (not counting the signature), and 2 sentences. That hardly jusifies 2 posts.

 

And from now on, I will stop appending "Thanks!" to the end of most of my posts here at reboot.pro. Mostly I do it out of personal habit without thinking about it, while rarely meaning it. I already dislike the majority of frequently posting members here, and I'm sure they feel the same about me.

 

The Americans have no reason to be grateful to the French anyway. Why should we be thankful to a militarily weak, insignificant nation, consisting mostly of stuck up prudes who think their language and silly accent are cute and funny?



#18 erwan.l

erwan.l

    Gold Member

  • Developer
  • 2278 posts
  • Location:Nantes - France
  •  
    France

Posted 4 days ago

Ah here we come :)

I was wondering how much time it would take you to insult someone around.

DId not take long.

 

This is what I like about you : you are constant !

 

Off I go.



#19 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14135 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 4 days ago

And from now on, I will stop appending "Thanks!" to the end of most of my posts here at reboot.pro.


Wow! :w00t:

What a cruel, scary way to punish people using 2 posts where 1 was enough, I am sure erwan.l (and all French, and non-French people ;)) will never post twice in a row again, for the utter fear of this or other form of retaliation.

 

:duff:

Wonko



#20 IAmTheTrueMeaningOfCovfefe

IAmTheTrueMeaningOfCovfefe

    Silver Member

  • Advanced user
  • 619 posts
  • Location:In hiding
  • Interests:An investigation is underway to determine whether Trump has any ties to America.
  •  
    United States

Posted 4 days ago

@Wonko: I can think of 3 members here in total that I respect:

1. Olof

2. Steve6375

3. Nuno

 

Olof and Steve, because they both post only info that is useful and informative, I haven't had any conflicts with either, and the latter shares my first name. Nuno, because he is a relatively laid-back, non-interfering laissez faire admin.


  • Olof Lagerkvist likes this




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users