将 TrueCrypt 容器挂载到驱动器号后,是否可以在批处理文件中确定驱动器号是从哪个容器挂载的,或者容器挂载到哪个驱动器号?
在批处理文件中,我想将指定的 TrueCrypt 容器挂载到指定的驱动器号。如果容器已安装或驱动器号不可用,则 TrueCrypt 错误,所以我只想在指定的容器尚未安装到指定的驱动器号时运行 TrueCrypt,也就是说,只有当操作没有t 已经完成了。
任何建议,将不胜感激。
赏金摘要简而言之,假设您有卷C:\Vol1.tc并C:\Vol2.tc安装到驱动器X和Y. 您如何通过批处理文件或 C# 代码将C:\Vol1.tc其安装到驱动器X和C:\Vol2.tc驱动器上?Y
一种方法是直接向 Truecrypt 驱动程序本人询问。这可以通过 DeviceIoControl 函数来实现。事实上,这正是 TrueCrypt GUI 正在做的事情。
请注意,在 c++ 中更容易做到这一点。 你会在这里找到一篇好文章。
这个想法是调用该DeviceIoControl函数,询问TC_IOCTL_GET_MOUNTED_VOLUMES
您将获得一个结构,其中包含所有已安装的卷路径和驱动器号。事实上,它是一个 26 个元素的数组(每个可能的驱动器号一个),称为 wszVolume,其中包含挂载的 truecrypt 卷的路径。
希望以下示例可以帮助您找到适合您的情况的方法。
C# 中的示例代码:
class Program
{
static void Main(string[] args)
{
uint size = (uint)Marshal.SizeOf(typeof(MOUNT_LIST_STRUCT));
IntPtr buffer = Marshal.AllocHGlobal((int)size);
uint bytesReturned;
IntPtr _hdev = CreateFile("\\\\.\\TrueCrypt", FileAccess.ReadWrite, FileShare.ReadWrite, IntPtr.Zero, FileMode.Open, 0, IntPtr.Zero);
bool bResult = DeviceIoControl(_hdev, TC_IOCTL_GET_MOUNTED_VOLUMES, buffer, size, buffer, size, out bytesReturned, IntPtr.Zero);
MOUNT_LIST_STRUCT mount = new MOUNT_LIST_STRUCT();
Marshal.PtrToStructure(buffer, mount);
Marshal.FreeHGlobal(buffer);
for (int i = 0; i < 26; i++)
Console.WriteLine("{0}: => {1}", (char)('A' + i), mount.wszVolume[i]);
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Ansi, Pack = 1)]
class MOUNT_LIST_STRUCT
{
public readonly UInt32 ulMountedDrives; /* Bitfield of all mounted drive letters */
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 26)]
public readonly MOUNT_LIST_STRUCT_VOLUME_NAME[] wszVolume; /* Volume names of mounted volumes */
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 26)]
public readonly UInt64[] diskLength;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 26)]
public readonly int[] ea;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 26)]
public readonly int[] volumeType; /* Volume type (e.g. PROP_VOL_TYPE_OUTER, PROP_VOL_TYPE_OUTER_VOL_WRITE_PREVENTED, etc.) */
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Ansi, Pack = 1)]
struct MOUNT_LIST_STRUCT_VOLUME_NAME
{
[MarshalAs(UnmanagedType.ByValArray, ArraySubType = UnmanagedType.I2, SizeConst = 260)]
public readonly char[] wszVolume; /* Volume names of mounted volumes */
public override string ToString()
{
return (new String(wszVolume)).TrimEnd('\0');
}
}
public static int CTL_CODE(int DeviceType, int Function, int Method, int Access)
{
return (((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2)
| (Method));
}
private static readonly uint TC_IOCTL_GET_MOUNTED_VOLUMES = (uint)CTL_CODE(0x00000022, 0x800 + (6), 0, 0);
[DllImport("kernel32.dll", ExactSpelling = true, SetLastError = true, CharSet = CharSet.Auto)]
static extern bool DeviceIoControl(IntPtr hDevice, uint dwIoControlCode,
IntPtr lpInBuffer, uint nInBufferSize,
IntPtr lpOutBuffer, uint nOutBufferSize,
out uint lpBytesReturned, IntPtr lpOverlapped);
[DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern IntPtr CreateFile(
[MarshalAs(UnmanagedType.LPTStr)] string filename,
[MarshalAs(UnmanagedType.U4)] FileAccess access,
[MarshalAs(UnmanagedType.U4)] FileShare share,
IntPtr securityAttributes, // optional SECURITY_ATTRIBUTES struct or IntPtr.Zero
[MarshalAs(UnmanagedType.U4)] FileMode creationDisposition,
[MarshalAs(UnmanagedType.U4)] FileAttributes flagsAndAttributes,
IntPtr templateFile);
}
这是我到目前为止所拥有的:
我正在创建一个用 c# 编写的自定义应用程序,通知用户哪些卷已安装/卸载,如果它们已安装,我需要通知用户在哪个驱动器上。为了知道是否安装了卷,我有以下类:
注意我使用handle.exe该程序可以在http://technet.microsoft.com/en-us/sysinternals/bb896655.aspx 或从http://download.sysinternals.com/files/Handle.zip下载
另外我相信您必须以管理员身份运行该程序
class TrueCryptHelp
{
// I have that program on the working directory
// it can be downloaded from http://technet.microsoft.com/en-us/sysinternals/bb896655.aspx
const string HandleExeLocation = "handle.exe";
static string systemProcessFiles;
static DateTime dateFilesLockedInfo = new DateTime();
static string SystemProcessFiles
{
get
{
if ((DateTime.Now - dateFilesLockedInfo).TotalSeconds > 2)
{
Process p = new Process();
var psi = new ProcessStartInfo();
psi.RedirectStandardOutput = true;
psi.UseShellExecute = false;
psi.FileName = HandleExeLocation;
p.StartInfo = psi;
p.Start();
var output = p.StandardOutput.ReadToEnd();
systemProcessFiles = string.Empty;
foreach (Match m in Regex.Matches(output ?? "", @"(?sx) -{20} [^-] .+? -{20}"))
{
if (Regex.Match(m.Value ?? "", @"(?xi) -{10} [\s\r\n]+ System \s pid").Success)
{
if (Regex.Match(m.Value ?? "", @"(?xi) \) \s+ \\clfs \s* (\r|\n)").Success)
{
systemProcessFiles = m.Value.ToLower();
break;
}
}
}
}
dateFilesLockedInfo = DateTime.Now;
return systemProcessFiles;
}
}
public static bool IsVolumeMounted(string volumeLocation)
{
//DriveInfo d = new System.IO.DriveInfo(volume.DriveLetter);
//if (d == null)
//return false;
//if (d.DriveType != System.IO.DriveType.Fixed)
//return false;
//if ((d.DriveFormat ?? "").ToLower().Contains("fat") == false)
//return false;
if (SystemProcessFiles.Contains(volumeLocation.ToLower()))
{
return true;
}
else
{
return false;
}
}
}
那么如果我想知道位于的卷C:\Users\Tono\Desktop\v1.tc是否已安装,我将调用该方法:
var isVolMounted = TrueCryptHelp.IsVolumeMounted(@"A:\Users\Tono\Desktop\v1.tc");
现在我想回答这个问题!通过我发布的课程,我可以知道位于 C:\Users\etc... 的卷已安装但安装在哪个驱动器号中!?
只是为了将答案扩展到 VeraCrypt,从 Gerard Walace 的帖子中修改:
在 MSFT_Helpers.cs @ https://github.com/BananaAcid/Selfcontained-C-Sharp-WPF-compatible-utility-classes中使用 TrueCrypt 和 VeraCrypt
这里的简单用法示例:http: //github.com/BananaAcid/VeraCrypt-Cmd
public static class VcGetMounts
{
public static async Task<Dictionary<char, string>> getMounted()
{
return await Task.Run<Dictionary<char, string>>(() =>
{
var ret = new Dictionary<char, string>();
uint size = (uint)Marshal.SizeOf(typeof(MOUNT_LIST_STRUCT));
IntPtr buffer = Marshal.AllocHGlobal((int)size);
uint bytesReturned;
IntPtr _hdev = CreateFile("\\\\.\\VeraCrypt", FileAccess.ReadWrite, FileShare.ReadWrite, IntPtr.Zero, FileMode.Open, 0, IntPtr.Zero);
bool bResult = DeviceIoControl(_hdev, TC_IOCTL_GET_MOUNTED_VOLUMES, buffer, size, buffer, size, out bytesReturned, IntPtr.Zero);
// IMPORTANT! Otherwise, the struct fills up with random bytes from memory, if no VeraCrypt is available
if (!bResult) return ret;
MOUNT_LIST_STRUCT mount = new MOUNT_LIST_STRUCT();
Marshal.PtrToStructure(buffer, mount);
Marshal.FreeHGlobal(buffer);
for (int i = 0; i < 26; i++)
if (mount.wszVolume[i].ToString().Length > 0)
ret.Add((char)('A' + i), mount.wszVolume[i].ToString());
return ret;
});
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Ansi, Pack = 1)]
class MOUNT_LIST_STRUCT
{
public readonly UInt32 ulMountedDrives; /* Bitfield of all mounted drive letters */
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 26)]
public readonly MOUNT_LIST_STRUCT_VOLUME_NAME[] wszVolume; /* Volume names of mounted volumes */
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 26)]
public readonly MOUNT_LIST_STRUCT_VOLUME_LABEL[] wszLabel; /* Volume labels of mounted volumes */
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 26)]
public readonly MOUNT_LIST_STRUCT_VOLUME_ID[] volumeID; /* Volume labels of mounted volumes */
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 26)]
public readonly UInt64[] diskLength;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 26)]
public readonly int[] ea;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 26)]
public readonly int[] volumeType; /* Volume type (e.g. PROP_VOL_TYPE_OUTER, PROP_VOL_TYPE_OUTER_VOL_WRITE_PREVENTED, etc.) */
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 26)]
public readonly bool[] truecryptMode;
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Ansi, Pack = 1)]
struct MOUNT_LIST_STRUCT_VOLUME_NAME
{
[MarshalAs(UnmanagedType.ByValArray, ArraySubType = UnmanagedType.I2, SizeConst = 260)]
public readonly char[] wszVolume; /* Volume names of mounted volumes */
public override string ToString()
{
return (new String(wszVolume)).TrimEnd('\0');
}
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Ansi, Pack = 1)]
struct MOUNT_LIST_STRUCT_VOLUME_ID
{
[MarshalAs(UnmanagedType.ByValArray, ArraySubType = UnmanagedType.I2, SizeConst = 32)]
public readonly char[] volumeID; /* Volume ids of mounted volumes */
public override string ToString()
{
return (new String(volumeID)).TrimEnd('\0');
}
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Ansi, Pack = 1)]
struct MOUNT_LIST_STRUCT_VOLUME_LABEL
{
[MarshalAs(UnmanagedType.ByValArray, ArraySubType = UnmanagedType.I2, SizeConst = 33)]
public readonly char[] wszLabel; /* Volume labels of mounted volumes */
public override string ToString()
{
return (new String(wszLabel)).TrimEnd('\0');
}
}
public static int CTL_CODE(int DeviceType, int Function, int Method, int Access)
{
return (((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2)
| (Method));
}
private static readonly uint TC_IOCTL_GET_MOUNTED_VOLUMES = (uint)CTL_CODE(0x00000022, 0x800 + (6), 0, 0);
[DllImport("kernel32.dll", ExactSpelling = true, SetLastError = true, CharSet = CharSet.Auto)]
static extern bool DeviceIoControl(IntPtr hDevice, uint dwIoControlCode,
IntPtr lpInBuffer, uint nInBufferSize,
IntPtr lpOutBuffer, uint nOutBufferSize,
out uint lpBytesReturned, IntPtr lpOverlapped);
[DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern IntPtr CreateFile(
[MarshalAs(UnmanagedType.LPTStr)] string filename,
[MarshalAs(UnmanagedType.U4)] FileAccess access,
[MarshalAs(UnmanagedType.U4)] FileShare share,
IntPtr securityAttributes, // optional SECURITY_ATTRIBUTES struct or IntPtr.Zero
[MarshalAs(UnmanagedType.U4)] FileMode creationDisposition,
[MarshalAs(UnmanagedType.U4)] FileAttributes flagsAndAttributes,
IntPtr templateFile);
}
我不确定通过查询驱动器号或反之亦然来确定卷名。根据您的需要,可以接受的一种解决方法是查询卷上的文件锁定。如果卷被锁定,则很有可能已安装。如果您愿意,您可以变得更花哨,并使用 for /f 检查它是否被系统进程专门锁定。
我应该提到,在调用 truecrypt.exe 时将 /quit background 与 /silent 结合使用,如果驱动器已安装,则只会静默失败。不确定这是否只是您关心的错误显示。不确定您是否注意到命令行参考。
这是一个简单的 cmd 脚本,用于仅在尚未安装卷时安装卷,从而防止由 truecrypt.exe 触发错误。它做了一些幼稚的假设,但应该给出一个想法。
@echo off
setlocal enableextensions enabledelayedexpansion
:: Dependencies: Truecrypt obviously, and sysinternals handles.exe (live.sysinternals.com).
:: To use command line arguments instead of static assignments like these, reference %1 %2 from within script..
set driveletter=x
set yourvolume=c:\temp\your_volume.vol
set yourpassword=your_password
set truecrypt_loc=c:\program files\truecrypt\truecrypt.exe
set handle_loc=c:\temp\handle.exe
:: - check if volume already mounted
"%handle_loc%" -a "%yourvolume%" /accepteula >nul
if %errorlevel% EQU 0 echo This volume is already mounted. && goto :EOF
:: - check if drive letter is in use
if exist %driveletter% echo This drive is already mounted. && goto :EOF
:: - mount tc volume to a specified drive letter
:: silent flag suppresses errors being displayed to user
"%truecrypt_loc%" /letter %driveletter% /password "%yourpassword%" /volume "%yourvolume%" /mountoption rm /quit background /silent
:: - check if drive letter is in use
if exist %driveletter%:\ echo Drive was mounted successfully as %driveletter%: && goto :EOF
echo Drive could not be mounted.
请注意,由于某些版本的 TrueCrypt 可能存在错误,从 GUI 卸载会导致驱动器号在以后的安装中不可用。一种解决方法是使用以下命令从命令行卸载:truecrypt.exe /q /dx(其中 x 是驱动器号)。
只是为了确保我做对了:您要确保 TrueCrypt 通过脚本将某个卷安装到某个驱动器号,并且如果该卷已经安装,它不会尝试做任何事情。
也许有几个潜在的解决方案。我将尝试在下面突出显示一些选项;让我知道是否值得进一步研究,我将继续研究和更新更多细节。
TrueCrypt 支持“最喜欢的卷”。
从页面 - 在以下情况下使用收藏卷:
- 您有一个始终需要安装到特定驱动器号的卷。
- 您有一个卷需要在其主机设备连接到计算机时自动挂载(例如,位于 USB 闪存驱动器或外部 USB 硬盘驱动器上的容器)。
- 您有一个需要在登录操作系统时自动挂载的卷。
- 您有一个始终需要作为只读或可移动介质安装的卷。
一些值得注意的事情:
"TrueCrypt.exe /a favorites /quit"以自动安装您喜欢的卷,然后退出。您可能想对此进行测试,因为 truecrypt 收藏夹页面指出If it is already mounted, an Explorer window is opened for it.如果您总是将卷安装到某个驱动器号,您可以做出合理的假设,即该驱动器号上不会有任何其他内容。
如果这是一个合理的假设,您可以随时使用 PowerShell 检查驱动器:
$DriveLetterToCheck = "s:"
$DriveLetterMounted = Test-Path $DriveLetterToCheck #true if it exists
if(!$DriveLetterMounted)
{
# Run your TrueCrypt mount command
}
如果我想到更好的东西,我会更新。让我知道我是否走在正确的轨道上。
我可能过于简单化了,但已安装驱动器上的驱动器标签是唯一的吗?如果是这样,您可以使用简单的查找,例如:
private string GetDriveLetter(string volumeLabel)
{
string driveLetter = "";
DriveInfo[] dis = DriveInfo.GetDrives();
foreach (DriveInfo di in dis)
{
var dt = di.DriveType;
if (dt == DriveType.Fixed || dt == DriveType.Removable)
{
if (di.VolumeLabel == volumeLabel)
{
driveLetter = di.Name.Substring(0, 1).ToUpper();
break;
}
}
}
return driveLetter;
}