VDVolkov
Full Member | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору
RemoveDrive DriveSpec [-47][-v][-d][-f][-l][-h][-a][-b][-i][-s][-na][-w:nnnn]
DriveSpec is the drive to remove, e.g. U: or an NTFS mountpoint as "C:\CardReader\Multi Reader SD"
or . for the current drive
or \ for the drive of the RemoveDrive.exe
or a volume name like \\?\Volume{433619ed-c6ea-11d9-a3b2-806d6172696f}
or a kernel name like \Device\HarddiskVolume2 (Volume)
or a kernel name like \Device\Harddisk2\DR0 (Disk)
or a partition name like \Device\Harddisk2\Partition1
or a device ID
or a friendly name like 'Corsair Voyager'
Wildcards can be used.
-47 perform safe removal resulting in problem code 47
-v remove the volume only instead of the drive or whole device (needs admin privileges)
-d remove the drive only instead of the whole device (needs admin privileges)
-f force safe removal when failed (needs admin privileges, Vista+)
-L loop until success
-t 'eject' TrueCrypt volumes hosted by the drive to remove
-vhd detach VHD/VHDX/ISO the removed drive is hosted on (Win7+)
-h show open handles
-h:X show open handles on a different drive (e.g. a TrueCrypt volume whose container is on the drive to remove)
-a activates Windows of applications owning the open handles
-w:nnnn wait nnnn milliseconds before close
-s self delete removedrive.exe
-b show the "Safe now to remove Hardware" balloon tip
-i stop Windows indexing service (XP: CiSvc, Vista+: WSearch) for a moment if required (need admin privileges)
-na no about info
-dbg show debug information
Parameters are case-insensitive.
Only one drive or device is prepared for safe removal.
Sample:
removedrive U: -L -H -A -W:1000
Returns Errorlevels:
0 - successfully removed a device
1 - device identified but not removed
2 - device not found
3 - parameters are invalid
4 - RemoveDrive.exe located on the drive to remove -> temporary copy
created and executed
If the removal fails then someone still accesses the drive. This can be
something banal like an open Word document, a mounted TrueCrypt container
or some kind of monitoring tool like a virus scanner.
If removedrive -h does not show a handle then maybe the SysInternals
ProcessExplorer can. Using a kernel driver it finds handles of restritive
system processes too which RemoveDrive cannot:
http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer.html
After starting it go to 'Find' -> 'Find Handle or DLL', enter the drive letter
and search. Old versions did not resolve drive letter, here the handles kernel
name had to be searched for, as volume12 or disk5. RemoveDrives gives a hint
what to search for.
When started with parameter -L and the removal failed then the F key can
be pressed to force the safe removal (Vista+) or perform a media eject after
locking and dismounting the volume (XP).
Forcing the safe removal under Vista+ is done by setting the "offline" disk
attribute for the disk to remove. This kicks out all its volume without
damage.
When a TrueCrypt (or VeraCrypt) volume is found which is hosted by the drive
to remove and the -T parameter is set then RemoveDrive tries to 'eject' the
TrueCrypt volume in a loop. By pressing the F key this can be forced. Open file
handles on the TrueCrypt volume become invalid and the TrueCrypt container is
released.
If started with admin privileges or the USBDLM command interface available,
then a removed USB drive ends up with problem code 21 and can be reactivated
by means of RestartSrDev:
http://www.uwe-sieber.de/drivetools_e.html#restart
Or in UsbDriveInfo by right-clicking the device -> Restart:
http://www.uwe-sieber.de/usbdriveinfo_e.html
On some USB3 controllers the USB device completely disappears after safe
removal instead staying present with a problem code.
Here you can use the parameter -d to remove the drive only which then gets
problem code 21 and can be reactivated.
If as drive identifier a device ID, volume name, friendly name etc is given
then either
- a full match
- a wildcard match (* 0..n chars, ? exactly one char)
- a length >= 8 and appearance of the given string
is required to get a match.
For volume labels either
- a full match
- a wildcard match
is required.
Since V3.2 it can detach VHDs under Windows 7 and higher. Admin privileges or
USBDLM V5.4.6 with enabled command interface is required for that.
About open handles
RemoveDrive does no use a driver for gaterhing handle information. Therefore
when hitting the handle of a waiting pipe under XP the function for getting
the handle name does not return, the thread freezes. Since V3.0 RemoveDrive
uses the Win32 call GetFileType to filter out pipes before calling NtQueryObject.
GetFileType freezes too when hitting a pipe but when the RemoveDrive process
ends Windows sucessfully kills it in contrast to a hanging NtQueryObject call.
Since Vista GetFileType doesn't freeze at all, so no more problem since V3.0.
RemoveDrive finds handles of processes of the same or lower trust level. So if
it is called restricted then it finds handles of restricted processes only.
Since V3.1 it gets handles of system processes too if started with admin previleges.
Windows Task Manager blocks the safe removal
The Windows Task-Manager holds an open handle to each disk device shown on its
"Performance" tab. Since Windows 10 Release 20/04 it shows all drives here,
before only drives configured for "optimize for performance".
Usually the Taskmanger closes the handle on first safe removal attempt but
sometimes it does not. If not then this blocks the safe removal, it succeeds
after closing the Task Manager.
The -f (force) option does not help here, it can overrule only open handles
on the volume but not on the disk device.
RemoveDrive since V3.4 therefore can close the Task Manager (-tm) and optionally
start it again afterwards (-tmr). This needs admin privileges if the Task Manager
is running "As Admin".
When started the Task Manager ignores the SW_SHOWNOACTIVATE flag, it gets active
anyway even when minimized by SW_SHOWMINNOACTIVE. RemoveDrive tries to activate
the window again that was active when it restarted the Task Manager.
About the "It's safe now" balloon tip (parameter -b)
Windows XP .. Windows 7:
To get the balloon tip CM_Request_Device_Eject is used, so the result is
problem code 47, even when started with admin privileges.
Windows 8..11:
Even the documentation for CM_Request_Device_Eject still says that "If pszVetoName
is NULL, the PnP manager displays a message to the user indicating the device was
removed", this does not work anymore since Windows 8.
On Windows 8 and higher RemoveDrive since V3.4 shows its own balloon tip in english
language for 5 seconds. Time and message can be changed like so:
-bt:10000 -bm:"It is safe now to remove the device" |
Всего записей: 488 | Зарегистр. 17-08-2006 | Отправлено: 09:44 20-04-2024 | Исправлено: VDVolkov, 09:47 20-04-2024 |
|
