Jump to content











Photo
- - - - -

How to get partitions path in command prompt?


  • Please log in to reply
68 replies to this topic

#51 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15046 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 06 January 2015 - 02:05 PM

Tell me, is it correct to denote one extended partition as one "container partition" for volumes (requirement: driveletter assigned)?

Yep :thumbsup:, if you want it more "expanded" see this thread starting from around here:
http://reboot.pro/to...e-4#entry122274
and the "final statement" here:
http://reboot.pro/to...e-6#entry123056
and check also this where the matter is re-discussed.
http://reboot.pro/to...isk-management/

Don't worry :), it is complex, and a large part of computer users and even of those considering themselves "advanced" computer users have this not fully clear.

 

And in regard to an extended partition that contains e.g. two volumes -
what about this output/writing:
    Disk #0, Partition #0 | (\Disk0\Partition1)  C:
    Disk #0, Partition #1 | (\Disk0\Partition2)  G:
    Disk #0, Partition #2 | (\Disk0\Partition3\Volume1)  D:
    Disk #0, Partition #2 | (\Disk0\Partition3\Volume2)  E:

Well, no.
You cannot invent syntax/paths. :w00t: :ph34r:

Example:
PhysicalDrive6
First partition is primary and has letter K: associated to the volume inside it
Second partition is Extended and contains TWO volumes.
First volume in Second (Extended) partition has letter L: associated
Second volume in Second (Extended) partition has letter M: associated
Third partition is primary and has letter U: associated to the volume inside it

Find attached what comes out using dd --list (snippet) right after having created the disk/partition and after having fiddled a bit with other disks/volumes, having unmounted and remounted the disk (in the same session, i.e. without rebooting), Harddiskvolume# change, but NT block objects remain the same:
K: \\?\Device\Harddisk6\Partition1 \\?\Device\HarddiskVolume6
L: \\?\Device\Harddisk6\Partition3 \\?\Device\HarddiskVolume8
M: \\?\Device\Harddisk6\Partition4 \\?\Device\HarddiskVolume9
U: \\?\Device\Harddisk6\Partition2 \\?\Device\HarddiskVolume7

Become:
K: \\?\Device\Harddisk6\Partition1 \\?\Device\HarddiskVolume24
L: \\?\Device\Harddisk6\Partition3 \\?\Device\HarddiskVolume26
M: \\?\Device\Harddisk6\Partition4 \\?\Device\HarddiskVolume27
U: \\?\Device\Harddisk6\Partition2 \\?\Device\HarddiskVolume25

BUT IF I remove the third partition, unmount and remount I get:
K: \\?\Device\Harddisk6\Partition1 \\?\Device\HarddiskVolume28
L: \\?\Device\Harddisk6\Partition2 \\?\Device\HarddiskVolume29
M: \\?\Device\Harddisk6\Partition3 \\?\Device\HarddiskVolume30

Are you starting to see a pattern? :unsure:

:duff:
Wonko

Attached Files



#52 Peter80

Peter80

    Frequent Member

  • Advanced user
  • 115 posts

Posted 06 January 2015 - 02:47 PM


Peter80, please report.

 

This is the output:

E:\Desktop>ZShowDrives.bat

Disk #0, Partition #0 --> \Disk0\Partition1 --> \Disk0\Partition1\Volume1  C:
Disk #0, Partition #2 --> \Disk0\Partition3 --> \Disk0\Partition3\Volume1  D:
Disk #0, Partition #2 --> \Disk0\Partition3 --> \Disk0\Partition3\Volume2  E:
Disk #0, Partition #1 --> \Disk0\Partition2 --> \Disk0\Partition2\Volume1  G:


#53 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15046 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 06 January 2015 - 03:52 PM

 

This is the output:

 

 

... which is - as said before - an "invented" notation, as useful to get the right path for Truecrypt (which was the original question) as a bicycle is to a fish, particularly when it is snowing:

fish-on-a-bicycle-o.gif

 

:duff:

Wonko



#54 Zharif

Zharif

    Frequent Member

  • .script developer
  • 153 posts
  • Location:Germany
  •  
    Germany

Posted 06 January 2015 - 04:16 PM

Wonko,

your first answer reliefs me.

I went through your provided links and at first glance I think I understood the usage of terms

(common problem is to keep the correct terminology in mind if you don't use it often).

 

About your second answer:

I didn't try to invent a new syntax.

My simple intent was to find a method to track somehow that a partition which appears more than once in the output must? be an extended one.

But you're completely right - my spelling method implies a common syntax, which is certainly wrong.

I should have used  a short, additional info string - nothing else.

Furthermore, and in accordance to your links I should have used the term of "logical drive" rather than "Volume".

Will remove this in the next version of the script.

 

About your question:

I see that inside one logon session the HarddiskVolume Nr. is reserved/stored somehow whenever you mount a logical drive.

Dismounting it does not discard the stored HarddiskVolume Nr.

Moreover, whenever you remount a logical drive the next free available Nr. in ascending order will be used/assigned?

It's some kind of up-counting.?

 

 

What is the value of this notation "\\?\Device\HarddiskVolume24" as used in dd?

By (up-)counting the HarddiskVolume<n> no useful info about the partition is provided, although the other two lines link to the type and the assigned driveletter (e.g. "fixed media" and "Mounted on \\.\k:").

 

With the feel of a scholar, I suppose that this notation "Disk #0, Partition #0 | (\Disk0\Partition1)" is much more useful to retrieve the logical drive(s) (mounted) associated with the corresponding partition(s) that refer(s) to the corresponding harddisk(s).

And - thanks much for your patience so far.



#55 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15046 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 06 January 2015 - 05:47 PM

Yep, it's tricky business :(.

 

A further hint.

The Disk #0, Partition #0 kind of syntax is "objective" and simply respects the physical position of the partition entries in the MBR of each disk.

 

All the other notations are somehow "volatile" or "subjective", in the sense that when a Windows NT system is booted (or a device is added to it or the partitioning/formatting of the device is changed) disks are "scanned" (by the mount manager or *whatever*) and a number of "links" are created, the actual number of the volume that has drive letter L:\ in my above last example changes because the "situation" of the device changed.

Windows NT "senses" that a new device is connected and scans it.

It looks first thing for primary partitions, hence "normally" the 

K: \\?\Device\Harddisk6\Partition1

will always be true (first primary)

and if there is a second primary, it gets #2:
U: \\?\Device\Harddisk6\Partition2

and consequently the volumes inside extended get #3 and #4:

L: \\?\Device\Harddisk6\Partition3
M: \\?\Device\Harddisk6\Partition4

 

If I remove the second primary and remount I get:

K: \\?\Device\Harddisk6\Partition1
L: \\?\Device\Harddisk6\Partition2
M: \\?\Device\Harddisk6\Partition3

and when I recreate the second primary I get obviously:

 

K: \\?\Device\Harddisk6\Partition1
L: \\?\Device\Harddisk6\Partition2
M: \\?\Device\Harddisk6\Partition3

U: \\?\Device\Harddisk6\Partition4

BUT if I unmount and remount the device I get back obviously:

 

K: \\?\Device\Harddisk6\Partition1

U: \\?\Device\Harddisk6\Partition2

L: \\?\Device\Harddisk6\Partition3
M: \\?\Device\Harddisk6\Partition4

 

See also how drive letters are automatically assigned (which is slightly different between DOS and NT, to further make things more difficult):

http://www.msfn.org/...n-why/?p=581082

 

And drive letters are "kept" and assigned/reassigned (for "known" volumes)  using yet another approach (Disk Signature + Offset) see:

http://www.911cd.net...showtopic=19663

 

And we have not even slightly touched Dynamic disks :w00t: :ph34r: or the stupid GPT scheme, as a matter of fact the GPT has only 1 (one) smart :thumbsup: feature, all partitions are primary so partition=volume=drive BUT (isn't there always a but?) the complication with known and unknown GUID's and permissions on them :frusty: creates a whole bunch of new possible issues.

 

:duff:

Wonko



#56 cdob

cdob

    Gold Member

  • Expert
  • 1440 posts

Posted 07 January 2015 - 04:22 PM

I wonder:
does DeviceID=Disk #D, Partition #P+1 matches \Device\HarddiskD\PartitionP ?


@Peter80
Try: cscript.exe ShowPartition.vbs

Attached Files



#57 Peter80

Peter80

    Frequent Member

  • Advanced user
  • 115 posts

Posted 07 January 2015 - 05:04 PM

@Peter80
Try: cscript.exe ShowPartition.vbs

This is the output:

E:\Desktop>cscript ShowPartition.vbs
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.

Hitachi HTS542516K9SA00 ATA Device (\\.\PHYSICALDRIVE0)
\Device\Harddisk0\Partition1    Disk #0, Partition #0    C:
\Device\Harddisk0\Partition2    Disk #0, Partition #1    G:
\Device\Harddisk0\Partition3    Disk #0, Partition #2    D: E:


#58 cdob

cdob

    Gold Member

  • Expert
  • 1440 posts

Posted 07 January 2015 - 06:33 PM

This is the output:
\Device\Harddisk0\Partition3    Disk #0, Partition #2    D: E:

Thanks for the report. It's a broken idea and supports primary partitions only.
Delete the script.
I don't know a reliable solution within OS default files.
A third party tool is recommended still.

#59 Zharif

Zharif

    Frequent Member

  • .script developer
  • 153 posts
  • Location:Germany
  •  
    Germany

Posted 07 January 2015 - 09:34 PM

Post edited:

cdob,

 


...It's a broken idea and supports primary partitions only.

No, it doesn't.

As mine (which is working I think), it indeed supports e.g. extended partitions.

It's simply a question WHERE you put the string variables inside the for each loops.

Remember, the created objects are collections of disks, partitions and logicaldisks found by the wmi.

But because of the "assoc" thing it does not go through all items of the next collection (as in nested for lopps via cmd),

instead it finds/accesses the associated item directly.

 

It's something like this:

- create collection of all drives

- for the first item found in this this collection (first drive found)=(for each..)

  - create a collection of all associated partitions refering to this drive

  - for the first item found in this collection (first partition found...) = (nested for each statement)

    - create a collection of all associated logical disk refereing to this partition

    - for the first item found in this collection (first logical disk found) = (nested for each statement)

      - do some action (e.g. print)

    - goto next logical drive

  - got to next partition

- go to the next drive found

 

I just came from work, my spare time is really limited, but new scripts will follow.

I'm very sure that it is possible to create a reliable script (in regard to wmi  - and all of its issues which were previously metioned by Wonko).

 

Wonko,

I made some tests (at work with WinXP home PCs :-) ), but I'm unsure about the results.

I wanna be dressed up a little bit before talking to you. I hope you're still willing to teach me.

You won an interested "student".



#60 cdob

cdob

    Gold Member

  • Expert
  • 1440 posts

Posted 07 January 2015 - 11:37 PM

It's simply a question WHERE you put the string variables inside the for each loops.
Remember, the created objects are collections of disks, partitions and logicaldisks found by the wmi.

The question is: how to translate given numbers to \Device\HarddiskD\PartitionP layout?

http://colinux.wikia.com/wiki/FAQ

Note: if you only have 4 partitions on a drive, it is possible that they are all primary partitions, although this usually only happens if you do it on purpose. In that case, all 4 partitions would have the same number on Linux and Windows.

Note: it seems that the partition numbers reported by the windows diskpart.exe utility (C:\Windows\system32\diskpart.exe) are not consistent with the partition numbers used by the operating system itself, under circumstances of extended partitions or out-of-order partition table entries.

sdb1 => \Harddisk1\Partition1
sdb2 => \Harddisk1\Partition2
sdb3 => extended PT is skipped
sdb4 => not existing PT is skipped
sdb5 => \Harddisk1\Partition3 !!!!!!!!!!!!!
sdb6 => \Harddisk1\Partition4 !!!!!!!!!!!!!
sdb7 => \Harddisk1\Partition5 !!!!!!!!!!!!!


Another example?
http://msmania.wordp.../get-wmiobject/

#61 Zharif

Zharif

    Frequent Member

  • .script developer
  • 153 posts
  • Location:Germany
  •  
    Germany

Posted 07 January 2015 - 11:39 PM

This is a commandline script, originally written by Wonko in post 48.

As reported by Peter80, his script overwrites variables if an extended partition with at least TWO or more logical drives is present. This, because it stores the found partition DeviceID as variable name.

I rewrote it a little bit but all credits go to Wonko.

This script needs a little bit more of code, but should store and output all logical drives of an extended partition (if mounted).

I tried to document all steps at best of my knowledge, so please read and test.

Reports are welcome and important.

Attached Files



#62 Zharif

Zharif

    Frequent Member

  • .script developer
  • 153 posts
  • Location:Germany
  •  
    Germany

Posted 08 January 2015 - 12:26 AM

 

The question is: how to translate given numbers to \Device\HarddiskD\PartitionP layout?

 

 

I hope I got your problem.

Just created my new vbs script (similar to yours).

I think it covers your question by the added info string.

 

Just to give info about my hardware/disk layout:

I do have three "internal" harddrives connected  at my PC.

- a SSD drive with 128GB, one primary partition, boot partition: one LogicalDrive: Letter C:

- a GPT Disk with two primary partitions, logical drives each: D: and E:

- a second GPT Disk with two primary partitions, logical drives each: F: and G:

- a bunch of 4 Card Readers, mounted as J: K: L: M:

- two optical drives, a blue ray reader (I:) and a  CD/DVD burner (H:)

 

Furthermore, I connected an USB3 drive and deleted all partitions. Then disconnect. Then reboot OS. Then reboot.

Without booting Win8.1 I created 3 partitions via bootable partition software:

- 1st:  Primary partition, logical drive N:

- 2nd: an extended partition with two logical drives: O: P:

- 3rd: a primary partition, logical drive Q:

Then boot into Win8.1

 

By running my script (output sorted by driveletter) I get this output:

E:\Zharif\Tools\Scripting\VBS>cscript /nologo zshowdrives.vbs

    C:  Disk #0, Partition #0 --> \Disk0\Partition1  LogicalDrv.1 of Part.1
    D:  Disk #1, Partition #0 --> \Disk1\Partition1  LogicalDrv.1 of Part.1
    E:  Disk #1, Partition #1 --> \Disk1\Partition2  LogicalDrv.1 of Part.2
    F:  Disk #2, Partition #0 --> \Disk2\Partition1  LogicalDrv.1 of Part.1
    G:  Disk #2, Partition #1 --> \Disk2\Partition2  LogicalDrv.1 of Part.2
    N:  Disk #7, Partition #0 --> \Disk7\Partition1  LogicalDrv.1 of Part.1
    O:  Disk #7, Partition #1 --> \Disk7\Partition2  LogicalDrv.1 of Part.2
    P:  Disk #7, Partition #1 --> \Disk7\Partition2  LogicalDrv.2 of Part.2
    Q:  Disk #7, Partition #2 --> \Disk7\Partition3  LogicalDrv.1 of Part.3

 

I would say, this seems to be convenient and gives info about extended partitions that contain more than one logical drives. But as always, it needs further testing. And as so often, I do not know exactly if I've overseen something.

Look at my code - did I get your question?

Attached Files



#63 ambralivio

ambralivio

    Frequent Member

  • Advanced user
  • 193 posts
  •  
    Italy

Posted 08 January 2015 - 12:23 PM

But as always, it needs further testing. And as so often, I do not know exactly if I've overseen something.

 

 @ Zharif,

 

I checked your script applied to my case :

 

- First MBR disk - Primary partition (D:), Extended partition (E:), other 2 primary partitions (F: and G:)

- Second MBR disk - Primary partition, boot (C:), extended partition with 4 logicals (I:, J:, K: and L:) 

 

and it does work, giving the following output :

 

    C:  Disk #1, Partition #1 --> \Disk1\Partition2  LogicalDrv.1 of Part.2
    D:  Disk #0, Partition #0 --> \Disk0\Partition1  LogicalDrv.1 of Part.1
    E:  Disk #0, Partition #3 --> \Disk0\Partition4  LogicalDrv.1 of Part.4
    F:  Disk #0, Partition #1 --> \Disk0\Partition2  LogicalDrv.1 of Part.2
    G: Disk #0, Partition #2 --> \Disk0\Partition3  LogicalDrv.1 of Part.3
    I:   Disk #1, Partition #2 --> \Disk1\Partition3  LogicalDrv.1 of Part.3
    J:  Disk #1, Partition #2 --> \Disk1\Partition3  LogicalDrv.2 of Part.3
    K:  Disk #1, Partition #2 --> \Disk1\Partition3  LogicalDrv.3 of Part.3
    L:  Disk #1, Partition #2 --> \Disk1\Partition3  LogicalDrv.4 of Part.3

 

But I have a question for you, that is : <<Loking at the Disk #1, the missing partition #0 (in the list) is due to the fact that it is really unmounted (as it is just the Reserved Partition - generally hidden ?

 

ambralivio



#64 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15046 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 08 January 2015 - 02:39 PM

The point is still that through WMI the best that you can get is a guess (educated, but still a guess) and nothing more.
Facts (till now seemingly ignored :w00t: :ph34r:):
a.the Truecrypt wants a specific type of link
b.the specific type of link is the \Device\Harddiskm\Partitionn kind
c.the link is to a volume, i.e. something in the form of a GUID *like* \Volume{dcb73171-341c-11e3-b06c-001fc6bb76ce}\
d.the link is determined by 4 (four) factors

  • the PhysicalDrive where the volume resides (which is easy as the m in \Device\Harddiskm\Partitionn is the same as in the notation \\.\Physicaldrivem and in the notation Disk# m, Partitionx)
  • the nature of the actual volume (i.e. primary partition vs. logical volume)
  • the order in which the volumes are listed in the MBR and/or EPBR chain
  • AND/OR the actual order the partitions/volumes were created or deleted within the session

d.1 is not an issue, d.2 and d.3 can be recreated by parsing the MBR and EPBR chain (something that seemingly the posted .vbs does not do) BUT there is NO WAY on earth that d.4 can be reproduced, so, even if point d.3 will be satisfied by a next release of the .vbs, it will ONLY apply to disks that were NOT modified by creating or removing volumes partitions and reconnected during a same session.
 
 
@Ambralivio
Try the following modified batch (from the one already posted on #15 that makes use of dd --list, slightly modified to take into account volumes without a drive letter, removing removable drives and allow for more Harddiskvolumes):
 
 
 

@ECHO OFF
@ECHO OFF
SETLOCAL ENABLEEXTENSIONS ENABLEDELAYEDEXPANSION
::Links from \HardDiskM\PartitionN to drive letters
::myddlist2.cmd by jaclaz
::makes use of dd.exe for windows by John Newbigin

SET IsVolume=0
SET IsNTBlock=0
FOR /F "tokens=*" %%A IN ('dd --list 2^>^&1') DO (
SET ThisLine=%%A
SET ThisIncipit=!ThisLine:~0,5!
IF "\\.\V"=="!ThisLine:~0,5!" SET IsVolume=1&SET Thisvolume=%%A
IF !IsVolume!==1 IF "!ThisLine:~0,7!"=="link to" CALL :volume %%A
IF !IsVolume!==1 IF "!ThisLine:~0,7!"=="Mounted" CALL :volume %%A
IF !IsVolume!==1 IF "!ThisLine:~0,7!"=="Not mou" CALL :volume %%A \\.N/A
IF "NT Block"=="!ThisLine:~0,8!" SET IsVolume=0& SET IsNTBlock=1
IF "\\?\Device\H"=="!ThisLine:~0,12!" SET IsVolume=0& SET IsNTBlock=1&SET ThisdeviceH=%%A
IF !IsNTBlock!==1 IF "!ThisLine:~0,7!"=="link to" CALL :deviceH =%%A
)
FOR /F "tokens=2,4 delims==?" %%A IN ('SET \\?\D') DO (
FOR /F "tokens=2,3,5 delims==." %%C IN ('SET \\.\V^|FIND "%%B=" ^|FIND /V "DP("') DO (
REM ECHO %%E %%A
ECHO %%E %%A %%C
)
)
GOTO :EOF

:volume
SET %Thisvolume%=!%Thisvolume%!=%3
GOTO :EOF

:deviceH
SET %ThisdeviceH%=!%ThisdeviceH%!%3
GOTO :EOF

@Zharif
this is the output of the latest .vbs you posted:
 

C:\appoggio\TestVista>cscript ZShowDrives3.vbs
Microsoft ® Windows Script Host Versione 5.6
Copyright © Microsoft Corporation 1996-2001. Tutti i diritti riservati.


C: Disk #0, Partition #0 --> \Disk0\Partition1 LogicalDrv.1 of Part.1
D: Disk #1, Partition #0 --> \Disk1\Partition1 LogicalDrv.1 of Part.1
K: Disk #6, Partition #0 --> \Disk6\Partition1 LogicalDrv.1 of Part.1
L: Disk #6, Partition #2 --> \Disk6\Partition3 LogicalDrv.1 of Part.3
N: Disk #6, Partition #1 --> \Disk6\Partition2 LogicalDrv.1 of Part.2

and this is the output of the posted batch (right):
 

\c: \Device\Harddisk0\Partition1 \Volume{83092730-6bfc-11df-b90c-806d6172696f}\
\d: \Device\Harddisk1\Partition1 \Volume{b0b284c4-8a33-11dd-8781-806d6172696f}\
\k: \Device\Harddisk6\Partition1 \Volume{9504b6d8-9348-11e4-b093-001fc6bb76ce}\
\l: \Device\Harddisk6\Partition2 \Volume{9504b715-9348-11e4-b093-001fc6bb76ce}\
N/A \Device\Harddisk6\Partition3 \Volume{9504b6d9-9348-11e4-b093-001fc6bb76ce}\
\n: \Device\Harddisk6\Partition4 \Volume{9504b6da-9348-11e4-b093-001fc6bb76ce}\


:duff:
Wonko



#65 ambralivio

ambralivio

    Frequent Member

  • Advanced user
  • 193 posts
  •  
    Italy

Posted 08 January 2015 - 05:19 PM

 

@Ambralivio
Try the following modified batch (from the one already posted on #15 that makes use of dd --list, slightly modified to take into account volumes without a drive letter, removing removable drives and allow for more Harddiskvolumes):

 

Thanks Wonko, I'll try it.

 

In the meantime, I honestly confess to have lost what is the final target of this discussion.

 

ambralivio



#66 cdob

cdob

    Gold Member

  • Expert
  • 1440 posts

Posted 08 January 2015 - 05:34 PM

BUT there is NO WAY on earth that d.4 can be reproduced, so, even if point d.3 will be satisfied by a next release of the .vbs, it will ONLY apply to disks that were NOT modified by creating or removing volumes partitions and reconnected during a same session.


A example to show this behaviour:

Disk 2: one primary partition, and two logical

ZShowDrives.vbs

F: Disk #2, Partition #0 --> \Disk2\Partition1 LogicalDrv.1 of Part.1
H: Disk #2, Partition #1 --> \Disk2\Partition2 LogicalDrv.1 of Part.2
I: Disk #2, Partition #1 --> \Disk2\Partition2 LogicalDrv.2 of Part.2

Truecrypt

Harddisk 2:
\Device\HardDisk2\Partition1 F:
\Device\HardDisk2\Partition2 H:
\Device\HardDisk2\Partition3 I:

I: Partition number is equal


Logical Partition H: deleted

ZShowDrives.vbs

F: Disk #2, Partition #0 --> \Disk2\Partition1 LogicalDrv.1 of Part.1
I: Disk #2, Partition #1 --> \Disk2\Partition2 LogicalDrv.1 of Part.2

Truecrypt

Harddisk 2:
\Device\HardDisk2\Partition1 F:
\Device\HardDisk2\Partition3 I:

The I: number is different
 

Try the following modified batch

\f: \Device\Harddisk2\Partition1 \Volume{f02fbcb6-96ae-11e4-95a3-005056c00008}\
\i: \Device\Harddisk2\Partition3 \Volume{f02fbcb8-96ae-11e4-95a3-005056c00008}\

Yes, the batch does works correctly.


The disk 2 disconnected and reconnected:

\f: \Device\Harddisk2\Partition1 \Volume{f02fbcb6-96ae-11e4-95a3-005056c00008}\
\i: \Device\Harddisk2\Partition2 \Volume{f02fbcb8-96ae-11e4-95a3-005056c00008}\

Truecrypt

Harddisk 2:
\Device\HardDisk2\Partition1 F:
\Device\HardDisk2\Partition2 I:



#67 Zharif

Zharif

    Frequent Member

  • .script developer
  • 153 posts
  • Location:Germany
  •  
    Germany

Posted 08 January 2015 - 06:25 PM

 

Logical Partition H: deleted

ZShowDrives.vbs

F: Disk #2, Partition #0 --> \Disk2\Partition1 LogicalDrv.1 of Part.1
I: Disk #2, Partition #1 --> \Disk2\Partition2 LogicalDrv.1 of Part.2

Truecrypt

Harddisk 2:
\Device\HardDisk2\Partition1 F:
\Device\HardDisk2\Partition3 I:

The I: number is different

 

 

cdob, I don't understand what you're saying here.

For me, both outputs looks similar.

ZShowDrives (WMI) took care about, that H: and I: are two logical drives of ONE extended Partition. The WMI seems to have some kind of intelligence NOT to state that there're three partitions, but only two. Anyway, it displays each logical drive of ONE container partition but with the same partitionNr. This has some kind of logic for me.

According to the most interesting articles Wonko linked me to in his previous post, this provides conformity to common notations (correct me if I'm wrong). As many logical drives you create inside this container, they will always have the same partitionNr.

Problems seem to occur if you unmount one logical drive here. In fact, WMI does not give false results. By dismounting H:, it looses the state of a volume (requires an assigned driveletter) and ZShowDrives shows the remaining logcial drives that still have the same partitionNr. For what I understood, this is no wrong behaviour regarding the WMI-terms.

Moreover, it could be argued, that true crypt gives an unreliable output. Counting up the partitions inside the container (partition2 and 3), might/will imply that there're three primary partitions on a disk, which in fact is not the truth.

 

Edit: added

On the other hand, the mentioned WMI behaviour makes it different to get the real sequence of logical drives inside a container if one of it has been dismounted. But notation "Disk #2, Partition #1" still remains correct.

 

Anyway, for me "\Device\HardDisk2\Partition3 I:" (spoken in true crypt notation) remains the same as

I: Disk #2, Partition #1 --> \Disk2\Partition2 LogicalDrv.1 of Part.2 (spoken in WMI notation).



#68 Zharif

Zharif

    Frequent Member

  • .script developer
  • 153 posts
  • Location:Germany
  •  
    Germany

Posted 09 January 2015 - 10:57 AM

@Wonko,

I think I understand.

In regard to amralivio's latest post, I second his impression of loosing the initial target of this thread.

Maybe a new one should be opened? Following you latest post we shouldn't. At least we're at a point

you stated very early  in this thread (post 24).

 

But I feel like a fighting pitbull here (although intelligence of their behaviour is questionable). I couldn't resist to search for a possible command to get the Device\Harddisk<n> syntax.

 

Please have a look on what I found (works with XP and Win8.1):

Command1: WMIC.EXE Path Win32_PerfFormattedData_PerfDisk_LogicalDisk Get Name /Format:LIST

Command2: WMIC.EXE Path Win32_OSRecoveryConfiguration Get Name /Format:LIST

Command3: WMIC.EXE Path Win32_OperatingSystem Get SystemDevice /Format:List

 

The first one is most interesting.

It displays the Device\HarddiskNr for unmounted partitions. Whenever you remount, the assigned driveletter is displayed. The HarddiskNr is the same as for dd --list (cross-checked this).

 

It seems, that you can get the HarddiskNr of unmounted partitions as well as for the boot partition (commands 2+3).

- we now have the Harddisk1 for the boot partition

- we now have the Harddisk<n> for all unmounted partitions

- Concerning the article you linked me to (how windows 2000 assings, reserves and stores driveletters),

  may it be possible to calculate the harddiskNr. of the remaining partitions?

 

Please note, this is just an initial idea - nothing else.

Please teach me if you think it is a silly one.

 

 

 

 



#69 ambralivio

ambralivio

    Frequent Member

  • Advanced user
  • 193 posts
  •  
    Italy

Posted 09 January 2015 - 12:27 PM

 

@Ambralivio

Try the following modified batch (from the one already posted on #15 that makes use of dd --list, slightly modified to take into account volumes without a drive letter, removing removable drives and allow for more Harddiskvolumes):

 

 Wonko, as promised, this is the output in my case (please refers to configuration as in post #63) :

 

\d: \Device\Harddisk0\Partition1 \Volume{d51a936c-de08-11e1-8b7f-001966048b24}\
\f: \Device\Harddisk0\Partition2 \Volume{0e33fb78-f4d3-11df-8b21-806e6f6e6963}\
\g: \Device\Harddisk0\Partition3 \Volume{0e33fb79-f4d3-11df-8b21-806e6f6e6963}\
\e: \Device\Harddisk0\Partition4 \Volume{4a60cc21-de22-11e1-a51c-001966048b24}\
N/A \Device\Harddisk1\Partition1 \Volume{0e33fb7a-f4d3-11df-8b21-806e6f6e6963}\
\c: \Device\Harddisk1\Partition2 \Volume{1facf149-690e-11e4-91bf-806e6f6e6963}\
\j: \Device\Harddisk1\Partition3 \Volume{605b9ca2-690f-11e4-a423-806e6f6e6963}\
\i: \Device\Harddisk1\Partition4 \Volume{605b9ca5-690f-11e4-a423-806e6f6e6963}\
\k: \Device\Harddisk1\Partition5 \Volume{2b4b5b9b-caa3-11e2-9be1-001966048b24}\
\l: \Device\Harddisk1\Partition6 \Volume{2b4b5ba5-caa3-11e2-9be1-001966048b24}\
 
It seems to work, meaning that now we have :
 
1 - all the hard-disk & the partitions listed (even those unmounted, i.e. that named "N/A", which in my case, is the reserved partition in Win 7)
2 - the relevant UUID for each volume is also extracted
 
so, it seems that all the necessary information are finally captured (even if, as i said,, I am now a bit lost about what we are searching for !!!).
 
Even though, maybe, a bit OT, I seem there's only 1 point missing  (necessary for the target? :confused1:) : from the output of your cmd it is not clear what the extended partition are and the related sub-partitions !
 
Regarding the truecrypt volume case, I am not able to say nothing, since I do not use that tool at all, and I am not greatly sorry regarding to the last mysterious "sequence of events" related to that tool.
 
ambralivio





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users