Freigeben über

Get Files Out of a Running Virtual Machine

  • Artikel

Recently, I needed to copy some files out of a virtual machine – which I did not want to connect to the network.  After giving this some thought I realized that this would be trivially easy to do on Windows 8 / Windows 2012.  In fact – I could do it with a single line of PowerShell:

Get-VM "Test VM" | Checkpoint-VM -SnapshotName "Need to look at these disks" -Passthru | %{Get-VHD -VMId $_.vmid} | %{Mount-VHD $_.ParentPath -ReadOnly -Passthru} | Get-Disk | Get-Partition | Get-Volume

What this command does is:

  1. Create a new snapshot on the virtual machine (in this case I have called the snapshot “Need to look at these disks”
  2. Get the virtual hard disks that are associated with the snapshot
  3. Find the parent virtual hard disks and mount them read only
  4. Tell me the drive letters that have been assigned

I can now happily copy out any files I need – while the virtual machine continues to run. When I am done – I can clean things up with another line of PowerShell:

Get-VMSnapshot -VMName "Test VM" -Name "Need to look at these disks" | %{Get-VHD -VMId $_.vmid} | %{Dismount-VHD $_.ParentPath} ; Remove-VMSnapshot -VMName "Test VM" -Name "Need to look at these disks"

This command:

  1. Finds the snapshot I created with the first command
  2. Finds the virtual hard disks (again)
  3. Dismounts the parent virtual hard disks
  4. Deletes the snapshot that I created

And now the virtual machine is back to where it started.

Running in a PowerShell session – this simply looks like this:

image

Very handy.

Cheers,
Ben

Comments

  • Anonymous
    October 05, 2012
    so if I have a hyper-v host in domain A and guests that are in domain B without trust between them will hyper-v host administrator be able to copy files from the guest in domain B?

  • Anonymous
    October 05, 2012
    tonyr - Absolutely.  The Hyper-V administrator has complete control / access over the virtual machine (i.e. they could turn off the VM and mount the VHD). Cheers, Ben

  • Anonymous
    October 05, 2012
    yes seems like a stupid question but the two items you described would be detectable via the clients monitoring process but a host level snap shot could pass undetected, right?

  • Anonymous
    October 05, 2012
    tonyr - Correct. Cheers, Ben

  • Anonymous
    October 06, 2012
    I'm very new to PowerShell - more a lack of practice than anything - so my first thought was to use trusty old VShadow.exe to make a VSS snapshot of my host, mount that shadow as a drive letter and finally mount the VHD from the shadow. If the VHD is on a machine where I don't have rights I'd need to overwrite NTFS permissions on files within the mounted volume - that'd apply no matter what's done though. Removing the shadow at the end would undo any changes I did. Does that sound reasonable?  One advantage to making VSS snapshot is that inside the machine, if it was something like a SQL database file being copied, then I'd have a consistent copy of that file rather than merely a crash-consistent copy of the file...   Or am I wrong and a Hyper-V snapshot uses VSS in the client machine? Anyway, the future is PowerShell so thanks very much for posting.  I'll need to give it more of a go - after forcing myself to use it I think it ought to come naturally. Cheers, Ian

  • Anonymous
    October 06, 2012
    You're taking a snapshot, then simply deleting it.  As a result, I'm curious to why you're doing it in the first place.  Is this just a precautionary measure or is actually required?

  • Anonymous
    October 07, 2012
    It used to be even simpler... Do you remember when it was still called Virtual PC, and drag and drop between environments used to work? :-) Why not reinstate this behavior (via RDP)? We lost many other features, not just drag and drop. Among these the ability to resize the guest desktop by acting on the container window, and support for older guest systems. Aren't these important to Microsoft?

  • Anonymous
    October 08, 2012
    I see that somebody tweeted "Snapshot creation and disk mount events are filed in the event log." but that's at the host level nothings posted to the guest event log correct? thanks

  • Anonymous
    October 12, 2012
    The comment has been removed

  • Anonymous
    October 23, 2012
    We just installed a Virtual Pc/Virtual XP 32 bit computer, running within our Windows 7 Pro. We had one older program that we still use and didn't seem to run under WOW64 in windows 7 Pro. We are trying to get data from our hard drive on our Windows 7 machine and use it on the Virtual PC and save back to the Windows 7 hard drive. Also, we wanted to print from the virtual PC. So far we have been unable to even see the Windows 7 HD or printer in the Virtual PC. Any suggestions on overcoming that problem?

  • Anonymous
    November 24, 2012
    Nice post !

  • Anonymous
    December 16, 2012
    The comment has been removed

  • Anonymous
    February 25, 2014
    Data exchange between host and guest through the VMbus would be considered a security vulnerability and violate the intended isolation of guest operating systems. This is not likely to be changed as Hyper-V was designed for server consolidation in production Environments, unlike VirtualPC where such data exchange is possible and designed for application compatibility on end-user desktops.