This is likely the more important remaining issue of ImDisk.
A user of ProxyCrypt reported various data losses related to the fact he did not dismount the volume with administrative privileges:
When I initially written ImDisk Toolkit, I modified the drive letter context menu to make sure all operations were elevated. I did that to fix the issue of remaining volumes in "imdisk -l", and it worked so far.
As a side effect, it also fixed the risk of data loss, at least as long as the user does not directly use the control panel applet.
For ProxyCrypt, I also can recommend to use the Toolkit, but for users who are looking for a minimalist and/or portable solution, it may not be the best choice.
Of course, we need to leave a possibility for those who want to lose their data, for instance with the command line tool.
But for the control panel, I think we should find a way to auto-elevate it. I just saw that using "requireAdministrator" in a (external) manifest does not work. But it should be possible to use ShellExecute with "runas" as verb in the default entry point.
Another point. You use DBT_DEVICEQUERYREMOVE as first notification. But we are supposed to be able to return BROADCAST_QUERY_DENY.
However, as you use SendMessageTimeout with HWND_BROADCAST, I wonder how you could take this return value into account.
This notification seems useless if we cannot respond to it.
If I was able to stop the volume unmount with that, I would have a way to let ProxyCrypt do the unmount properly...