I am writing a Powershell script to make a raw copy of a drive and I have been unable to find a way to complete this.
On Linux, I would use 'dd' to perform this copy.
There are a handful of tools that can do this on Windows but none that I can control directly from the command line. (All have GUI interfaces)
Is there a method to make a physical copy of a drive through Powershell?
Thanks.
I've been trying to do this for a while myself and I finally found a good answer.
Git for windows ships with the whole set of GNU core utilities (updated vs what you can find separately) including dd!
Just install Git for Windows or extract the portable version, from there inside of the install directory in git\usr\bin\ you will find the binaries for all of the GNU utils including dd (tested working)
Some further notes on usage in windows since \dev\sda\ isn't a thing:
$DiskDrives = Gwmi Win32_diskdrive | select DeviceID,BytesPerSector,Index,Caption,InterfaceType,Size,TotalSectors,SerialNumber | Out-GridView -OutputMode Multiple -Title 'Select Source Drive(s)'
$BaseOutputPath = 'D:\'
$DiskDrives | %{
. ('C:\Program Files\Git\usr\bin\dd.exe if={0} of={1} bs={2}' -f $_.DeviceID,(-join($BaseOutputPath,(-
join($Env:ComputerName,$_.Index)),'.img')),$_.BytesPerSector)
}
The included filename logic is just a placeholder, you can replace that parenthetical with a call to Read-Host if you want it to prompt you for the filename/path.
It is a bit annoying but you really do have to use WMI as the values returned by Get-Disk don't seem to work.
You might already know that cygwin on Windows supports some Linux commands including dd. I have used it on several occasions to copy disks and load ISOs to USB and it works perfectly.
Windows 10 comes with linux now. Windows Subsystem for Linux. You can enable it as a feature. You can even get WSL 2 with the real kernel in 1903 & 1909: https://devblogs.microsoft.com/commandline/whats-new-in-the-windows-subsystem-for-linux-september-2020/
Get-CimInstance -ClassName Win32_DiskDrive | Format-List -Property DeviceID,BytesPerSector,Index,Caption,InterfaceType,Size,TotalSectors,SerialNumber
Following up #Chirishman answer, for Powershell 7.2, The Gwmi may missing from the powershell.
The alternative command to get the DeviceId and other info is available as above.
Then you can use dd if={DeviceId} of=<target_file>.
Preferably a command line tool to do this...
I understand that there is a program called tasklist.exe in Windows systems, and it has many powerful features to view processes currently running on the system.
Unfortunately it does not have the functionality to view the path of the .exe file that created or spawned the process in the first place.
I finally decided to take a tour of my system and I've noticed some shady looking processes and I want to check if they live in equally shady looking places on my system.
Any ideas?
You can use PowerShell.
Click Start -> Run, and type powershell to invoke Power Shell.
View all processes currently:
tasklist
Show full path of .exe file (Example command for Notepad++):
Get-Process notepad++ | Select-Object Path
You will see output:
Path
C:\Program Files (x86)\Notepad++\notepad++.exe
I'm trying to write a batch file that will open computer management as an administrator (on a Windows 7 64 bit system). I have done this successfully with cmd but cannot get it to work with computer management.
The command I have for cmd is:
runas /profile /env /user:username#domain cmd
After I authenticate with my pw, I'm good to go.
The commands I've tried for computer mgmt are:
runas /profile /env /user:username#domain compmgmt.msc
After I authenticate I get an error telling me "compmgmt.msc is not a valid Win32 application.
runas /profile /env /user:username#domain mmc
After I authenticate I get an error telling me "The requested operation requires elevation"
If I run the good cmd option then type in either mmc or compmgmt.msc, the program will open as admin because I'm in cmd as admin already. I'm assuming there's a way to add onto the good cmd command to autopopulate that text into cmd and run it, but I don't know what it is. I'm also open to trying other options, really I just want a tool that works. I know that I can run my batch as admin and avoid all of this but the purpose of this tool is to not have to provide my admin username.
Suggestions?
runas /user:username#domain "cmd.exe /c \"start compmgmt.msc\""
If the .msc runs correctly from cmd, start cmd under the adecuated account and, from here, start the .msc
The problem is that you cannot run an .msc plugin without calling mmc.
The correct call should be in this format:mmc.exe \location of plugin
runas /u:domain\user "mmc.exe \windows\system32\compmgmt.msc"
The start command will also work but relies on the extensions being properly entered in the registry. I usually do mmc \plugin location due to the different windows operating systems we use and the fact that usually half the plugins I want to use are not registered on the system for some reason.
better you travel to that location and then execute that file
You can write batch file which will run:
(CompMgmtLauncher.exe or CompMgmt.msc)
It'll look like
C:\Users\Admin>cd\
C:>cd Windows
C:\Windows>cd System32
C:\Windows\System32>CompMgmtLauncher.exe
C:\Windows\System32>compmgmt.msc
C:\Windows\System32>
The Problem
In one part of a batch file (kind of, see Extra Information) I need to restart
Explorer, so I use the, tried-and-tested method of
taskkill /f /im explorer.exe >nul
explorer.exe
Then this happens
explorer.exe is successfully terminated
explorer.exe is started (see Image 2), but only an
Explorer window opens, which I am left with indefinitely (see Image 1)
I can then only properly restart Explorer by starting a new task from Task
Manager, as, I'm assuming, Win + R is part of Explorer.
Extra Information
Now, I say "kind of" as I'm running the batch file from a self-executing SFX
archive, created with WinRAR. So, when executed, the contents of the archive are
extracted to %temp% and a user-defined file (usually a boot-strapper and, in
this case, my batch file) is run upon successful extraction.
So far, I've deduced
explorer.exe definitely is being fully killed.
The batch file definitely is called and executed correctly, as it runs and
everything else in the script works as designed, except for the line that
starts explorer.exe
The command to restart Explorer isn't "badly timed", or anything, as I've
tried delaying it.
The batch file works perfectly when manually extracted from the archive, so
it's not a problem with the compression or extraction processes.
Even with commands like start explorer.exe | cmd.exe Explorer doesn't
restart properly, so it's definitely not a problem with the .bat file.
I can confirm that it works on Windows XP and Windows 7 x86 but not Windows 7
x64 (which is my system).
Status
At the moment, I'm suspicious of WinRAR, as I've proved that the code itself
works. So, I'm creating the self-executing SFX with different versions of
WinRAR. So far, I've tried versions:
4.11 x86
4.11 x64
4.20b3 x86
4.20b3 x64
and had the same results every time.
I submitted a bug report to dev#rarlab.com yesterday and got a reply from
Eugene Roshal himself this morning
Hello,
SFX module uses ShellExecuteEx to start a setup application.
Normally it works well. I do not know why Explorer decides to switch
to windowed mode.
Now I built a small standalone program
#include <windows.h>
void main()
{
SHELLEXECUTEINFO si;
memset(&si,0,sizeof(si));
si.cbSize=sizeof(si);
si.lpFile="test.bat";
si.nShow=SW_SHOWNORMAL;
ShellExecuteEx(&si);
}
which runs test.bat with contents as in your sample. This program
shows exactly the same behavior as WinRAR SFX, so Explorer is started
in window.
and a second email this morning
Sorry, no advice now. I replaced ShellExecuteEx with CreateProcess
#include <windows.h>
void main()
{
STARTUPINFO si;
PROCESS_INFORMATION pi;
memset(&si,0,sizeof(si));
si.cb=sizeof(si);
CreateProcess(NULL,"test.bat",NULL,NULL,TRUE,0,NULL,NULL,&si,&pi);
}
but result is the same. I tried to use other SW_ flags like
SW_SHOWDEFAULT or SW_RESTORE with ShellExecuteEx also as "open"
and "explore" lpVerb, but it does not help. For now I do not
understand the logic behind this windowed versus desktop mode.
I realise the outlook is grim but, I hope that's of help to someone..
Proof / Evidence
Link to an SFX archive demonstrating this, if anyone wants it:
https://dl.dropbox.com/u/27573003/Social%20Distribution/restart-explorer.exe
You may notice here that I'm running the commands inside a VM (as denoted by
VMwareTray.exe) but it is not a VM-caused conflict. I've tested the exact same
files on my own host system (which is the same OS) and have had the same
results.
Update
I'm experiencing similar "works outside of an SFX archive but not from one"
problems when using REG ADD in a completely different project.
I just don't think SFX archives play nice with batch files.
I think user1631170 is on to something, "I wonder if some part of Win-RAR is running in 32-bit mode? Could you even start explorer64 running from a 32-bit process? I am pretty certain that Windows won't do that."
When I start explorer.exe from ProcessHacker (32-bit process manager), I get an explorer window.
But I can force it to start the 64-bit explorer with this:
%systemroot%\sysnative\cmd.exe /c start /B explorer.exe
sysnative is a keyword that Windows recognizes to bypass the file system redirection for 32-bit/64-bit (http://msdn.microsoft.com/en-us/library/windows/desktop/aa384187(v=vs.85).aspx
Enjoy!
I had this same problem and found that all the solutions here still didn't work from a batch script.
None of these worked completely:
start explorer.exe
start explorer
explorer.exe
explorer
because they all either opened a window (and didn't show the taskbar again), or the batch script then hung thereafter and couldn't execute any more commands
I found that this line in the batch file did work (after killing explorer.exe):
start "" "%windir%\explorer.exe"
and also allowed other commands to be executed after it in the script
This works in Windows 7:
taskkill /f /IM explorer.exe
start explorer.exe
exit
For restarting explorer.exe, this worked for me.
powershell.exe Stop-Process -processname explorer
When you run explorer.exe from an 32-bit application in 64-bit windows, the path will be redirected to the SysWOW64 directory which contains the 32-bit explorer.exe.
In XP64 it wasn't not such a big deal. In the taskmanager you can see the 32-bit explorer.exe running but it did start as the shell. In Windows 10 (as I came to this problem, it looks like it is introduced in Windows 7), the 32-bit explorer.exe is a stub which creates a new instance of the 64-bit explorer.exe. It probably passes a path on the commandline here so the 64-bit explorer.exe opens a window instead of starting the shell.
So it is still like before that you can control whether a window or a shell should be started by starting explorer.exe with or without a path as commandline parameter.
Instead, you should force starting the 64-bit explorer.exe from the 32-bit application and all is ok. To do this, one method is using the sysnative directory as mentioned above. But another method is to use Wow64DisableWow64FsRedirection/Wow64RevertWow64FsRedirection.
I did the latter and can confirm it works nicely. For both CreateProcess and ShellExecuteEx API.
Try
%windir%\explorer.exe
start %windir%\explorer.exe
start /d%windir% explorer.exe
I have seen similar problems before doing this in C#. The process had to be invoked by calling explorer shell rather than explorer window, but I haven't had any problems in batch.
Try using this:
taskkill /im explorer.exe /f
explorer
The difference between the other answers being explorer rather than explorer.exe which has caused problems before for me.
This works on my Win7 x64 PC.
Hope this helps!
The other day, I was having a look through some of WinRAR's more advanced options and came across this tab:
As soon as I saw that I suspected it to be part of the problem and solution, as this issue only ever occurs on Windows 7 x64.
As suspected, using the Default64.SFX module instead of the default Default.SFX module entirely fixed the issue. Finally.
I do not understand why, but it will only for me if using the full path, regardless of your PATH variable.
%windir%\explorer
Have same issue with Visual Studio.
What works for me (Win 7 Pro 64bit):
PPM on Project name select "Properties"
Configuration Properties > Build Events > Pre-Build Event
taskkill /im explorer.exe /f
Configuration Properties > Build Events > Post-Build Event
start "" "C:\Windows\explorer.exe"
But this make other problem (the IDE is frozen after the explorer runs) and now I'm only able to restart the IDE to run build command again...
Use this (.bat with administrative privileges) in x64 or x86
tasklist /fi "imagename eq explorer*" | find /i "explorer*"
if not errorlevel 1 (taskkill /f /im "explorer*") else (
start %windir%\explorer.exe
What worked for me in Windows 7 64 bit was
"C:\Windows\expstart.exe"
or just
expstart.exe
Try adding a explorer.exe key to App Paths in the registry.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\explorer.exe
(Default) C:\Windows\explorer.exe
Path C:\Windows
or copy the following to notepad and save it as a .reg file then run it:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\explorer.exe]
#="C:\Windows\explorer.exe"
"Path"="C:\Windows"
To see the start panel you need to execute the explorer.exe from the system32 folder
taskkill /im explorer.exe /f
cd %WINDIR%\system32
start %WINDIR%\explorer.exe
Easy Context Menu
Just right-click on the desktop and choose Restart Windows Explorer. Enjoy!
I have created a batch file to run an application automatically but it seems my CMD does not run it. I typed this (using notepad as an example):
CMD /C "C:\notepad2\notepad2.exe"
If I run this from Windows Vista it worked. But running this from Windows Server 2008 (64-bit) it just doesn't work. I even try using that line from the Run menu but no go.
What do I do? My aim is to run a scheduled task that runs the batch file every now and then.
Stupid question, but does the program you're trying to run actually exist on the Server 2k8 machine?
There are no differences in cmd between Vista and Server 2k8 whatsoever.
Besides, why do you need to execute it via cmd? Can't you just run the application directly? Using cmd /c is only necessary for shell built-ins, such as dir or start.
Also remember that there is no NTVDM on 64-bit Windows—you can't run 16-bit programs. I doubt one would still use them nowadays but it may be the only thing I can think of why it doesn't work in 64-bit.