Created
February 26, 2021 14:23
-
-
Save anderssonjohan/482ef06f5b40fc1c36c7d4f2ac1a107b to your computer and use it in GitHub Desktop.
Revisions
-
anderssonjohan created this gist
Feb 26, 2021 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,33 @@ $pinvokes = @' [DllImport("Kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] public extern static bool GetVolumeInformationW( string rootPathName, System.Text.StringBuilder volumeNameBuffer, int volumeNameSize, out uint volumeSerialNumber, out uint maximumComponentLength, out uint fileSystemFlags, System.Text.StringBuilder fileSystemNameBuffer, int nFileSystemNameSize); [DllImport("Kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)] public static extern uint GetLogicalDriveStringsW(uint nBufferLength, [Out] char[] lpBuffer); '@ $Kernel32 = Add-Type -MemberDefinition $pinvokes -Name 'Kernel32' -Namespace 'Win32' -PassThru $drives = [char[]]::new(512) $Kernel32::GetLogicalDriveStringsW($drives.length, $drives) | out-null $drives = (new-object System.String(,$drives)) $drives = $drives.Split("`0", [System.StringSplitOptions]::RemoveEmptyEntries) Write-Host "Drives found by GetLogicalDriveStringsW: $drives" $drives | %{ $volumeNameBuffer = New-Object -TypeName "System.Text.StringBuilder" $fileSystemNameBuffer = New-Object -TypeName "System.Text.StringBuilder" $res = $Kernel32::GetVolumeInformationW($_, $volumeNameBuffer, 255, [ref]0, [ref]0, [ref]0, $fileSystemNameBuffer, 255) Write-Host "GetVolumeInformationW for $_ returned $res" Write-Host "$_ volume name: $($volumeNameBuffer.ToString())" Write-Host "$_ filesystem name: $($fileSystemNameBuffer.ToString())" } This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,20 @@ Metricbeat fails using version 7.11 when GetVolumeInformationW returns false, which it does for floppy and cd-rom volumes. Example output from this script: ``` PS> get-volumeinformation.ps1 Drives found by GetLogicalDriveStringsW: A:\ C:\ D:\ L:\ GetVolumeInformationW for A:\ returned False A:\ volume name: A:\ filesystem name: GetVolumeInformationW for C:\ returned True C:\ volume name: C:\ filesystem name: NTFS GetVolumeInformationW for D:\ returned False D:\ volume name: D:\ filesystem name: GetVolumeInformationW for L:\ returned True L:\ volume name: Logs L:\ filesystem name: NTFS ```