I am a newbie and I am working on a driver that tracks creation/write/modification on files. Now I have been told to work on Volume snapshot. I have seen the code of VSS that comes with Windows SDK. But I have been informed to work on VSS at the kernel level, means I have to find out how I can use or communicate Windows Volume snapshot service through my driver. Please can someone give some inputs on this and try to help me because i googled a lot for Volume snapshot but did not get much help from there. Should I implement VSS Writer at the kernel level or something else to use the feature of Windows VSS service. Thanks in advance.
Asked
Active
Viewed 763 times
1
-
Volume snapshots are essentially read-only volumes so there won't be create/write etc calls for files on it. What do you want to achieve? – Rohan Oct 09 '12 at 04:35
-
Thanks for replying. Basically the driver that tracks modification is an upper volume filter driver. I want to take block level backup, so I require a copy on write snapshot for this purpose. Should I go for mine own VSS driver implementation or the VSS service at the user space that comes with Microsoft will do? If I need to develop the VSS driver then can I get any help from anywhere or are there any samples or documentation that I can refer? Should I develop a VSS writer or VSS provider? Can I hold the write request and later allow the write request on a particular block? – Jorge Chon Oct 09 '12 at 07:58
-
I think you would have to do VSS provider. But I'm not much aware of volume filter drivers. – Rohan Oct 09 '12 at 08:28
2 Answers
1
I think you should implement the VSS Hardware Provider.
Get the development document
http://msdn.microsoft.com/en-us/library/windows/desktop/aa381601(v=vs.85).aspx
Get the Sample Code
You need to install the Microsoft SDK--for example--7.1
Assumed that the SDK is installed under default path, access the path C:\Program Files\Microsoft SDKs\Windows\v7.1\Samples\winbase\vss\vsssampleprovider Here you can find the sample codes.
Good Luck!
superlee
- 826
- 8
- 5
0
Should I develop a VSS writer or VSS provider : Neither. Incremental block level backup of files would require a FS mini-filter driver approach which, for the incremental time range Tn to Tn+1, should track block level writes happening on the live file. At time Tn+1, when the vss snapshot is taken, this minifilter should additionally track writes happening on the "file's view" sitting on the snapshot block device. The snap is not always read-only from birth. There is a brief time window in the VSS state machine during which the snapshot is actually writable so that various writers could do their thing (writes, updates, rollbacks etc). You could, in principle, also delete files from the snapshot while executing the onpostsnapshot callback (if you have a custom writer i.e.) The exact point in time when you'd need to stop live file tracking and start snapshot view tracking can be managed based on the completion of flush and hold writes IOCTL. So basically, at the end of snapshot, you'd have 2 change bitmaps : one that describes the writes on the live file and the other describing the writes on the snapshot view of the file. Merge these 2 bitmaps and then backup the changed blocks (based on the merged bitmap), off the snapshot block device. More or less similar scheme can also be applied for taking incremental block level backups of volumes.
Neelabh Mam
- 300
- 6
- 10