Accessing shadow copies

Previously we talked about the fact that the backups created by the Vista, Windows 7 and Windows Server 2008 backup tool are actually virtual hard drives which can be mounted for access via drive letters. It is also possible to mount shadow copies as well, as documented at http://blogs.msdn.com/b/adioltean/archive/2005/01/20/357836.aspx

There are a couple scenarios where this is useful. The reason I wanted access was errors in a machine's logs that read The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy[N]. To allow chkdsk to run, I simply mounted that shadow copy, the details of which I found using vssadmin list shadows.

The code as presented in that blog creates new shadow copies. As we wish to access existing copies, the key is understanding what the line %~dp0\vshadow.exe -el=%SHADOW_ID_1%,%DESTINATION_VOLUME% is doing.

We can mount a shadow simply by dropping to an administrative command line and issuing vshadow.exe -el=[show copy guid] z: (vshadow.exe is available in the SDK mentioned in the original article: http://www.microsoft.com/download/en/details.aspx?id=23490)

A modern version of the copy scenario the original blog mentioned can be found here: http://tranxcoder.wordpress.com/2010/01/26/using-volume-shadow-services-to-copy-locked-files/ and an API for accessing shadow copies in C# can be found at http://alphavss.codeplex.com/