About the system restore.

  • Thread starter Thread starter George
  • Start date Start date
G

George

I want use the system restore function through my own application in the
XPE, and I check the system restore in the MSDN.There are two functions
about the system restore. One is SRRemoveRestorePoint() and the other is
SRSetRestorePoint().
I see the SRSetRestorePoint() function, it says "Specifies the beginning and
the ending of a set of changes so that System Restore can create a restore
point".
1. In the code sample of the MSDN, it says the beginning of the restore
point should be marked. What does the beginning restore point do when it
marked. I see it already create the restore point, and I use the file
monitor, it also save the files in the _restore folder.
2. In the code sample of the MSDN, at the end it marked the ending of the
restore point. What does the end do?I see nothing in the File monitor
function. And if I not end the restore point it seems also no effect about
the system restore.
3. If I use the system restore in the Windows XP, not use code, what does it
really do in the OS? Does it alse have the begin and end system restore
point?

I guess in the system restore, if I set the beginning of the restore point,
it then create the restore point, and save the protected file. If I set the
ending of the restore point, it then to check the saved file when at the
beginning poing setted, if changed it will save the unchanged and changed
file, this situation just like install the drivers and so on. If no ending
of the restore poing set, it just save the file in the XML list, this
situation just like to use the Windows XP UI to set the system restore. Am I
right?

Where I can find the resource about the syetem restore, I find it in the
MSDN, but i still have some puzzles.
 
George,

Beside the fact that you want to use the System Restore feature on XPe, why
don't you ask this questions in some programming newsgroup (like
win32.programming or etc.)?

I guess the answers to your questions are simple enough for me to answer (I
am not an expert in System Restore, though):

1. You mark the beginning of the respore point using the SRSetRestorePoint
function. Just pass BEGIN_SYSTEM_CHANGE event type.
2. Passing END_SYSTEM_CHANGE event you notify the system that your
operations are finished and it is good to save the restore point. I haven't
actually tried this on XPe with filemon logging on.
3. Don't know the answer to this question. Although I am also guessing it
all happens through the same API. (WMI system restore scripting likely calls
to the SrService service exported API). It is unfortunate only those two API
functions (SRSetRestorePoint and SRRemoveRestorePoint) are documented within
Platform SDK. There seems to be no APIs availalble to cover more complicated
system restore scenerios like, for instance, Winlogon/RestoreInProgress
restore with a reboot required.
With drivers you also have a Driver Rollback feature but it is different
from System Restore.

Could not quite get the rest of you message.

As for the info about the XP System Restore, I must admit it is not much out
there :-(
Alghough a while ago I liked this article from Mark Russinovich and David
Solomon http://www.tomax7.com/winxp/Windows XP Paper.doc (check out
System Restore section - very helpful to get some good solid understanding
about how the feature works).

Also, beside the standard sample for system restore API usage on MSND, have
you see this tutorial:
http://support.microsoft.com/default.aspx?scid=kb;en-us;315530 ? it helps
you to start with the APIs.

KM
 
KM,

1. When the beginning of the restore point be marked, the files are all
saved, even without to end the restore point. You can use the sample in the
MSDN and without the marking the ending of the point, and check the file in
the .\\System Volume Information\\_restore{...},some files have been saved,
just like the registry files.
So I guess the backup files just be created when the restore point be marked
beginning, and it has a file list, if there are some protected files have
been changed before ending marked, it will save the changed
file(change.log). Just like install the drivers.
2. But if there is no ending of the point marked (Maybe in the situation
that some people writes code forget to add the ending mark). I guess it will
last to the lasted restore point? But when I set the beginning mark, and
modify the registry, then set the ending mark, system restore to the point.
it restore to the beginning mark state, not the ending mark state.
3. Does the system restore through Windows XP UI just save the registry
file? Through the .\\System Volume Information\\_restore{...} , it seems
yes.

I don't know whether I right or not?
 
KM,

Here is our test result,I think it's the right conclusion. Maybe something
helpful to you :-)
The restore point creation includes begin and end. When the beginning
of the restore point marked, the Restore System save the registry files, and
then begin to monitor the protected files. When the protected files changed,
it will save the changed file. When the ending of the restore point marked,
the Restore System ends to save. The protected files just see 4.

And if we use the beginning mark twice, before the second beginning
mark, the system will first end the first point. For example:
begin->begin->end = begin->end->begin->end.

If we use the system restore through Windows XP (use the
%SystemRoot%\System32

\restore\rstrui.exe file), it will first mark the ending of the point (just
end the last restore point), and then begin the new point.

The test result: create the .\windows\system32\test.ini file:

1. Begin->end : no change

2. Begin->modify->end : save the modify file

3. Begin->begin->end : actually begin->end->begin->end

4. Begin->begin->modify->end: actuallly begin->end->begin->modify->end, and
save the moodily file in the second point.

Note: And there only lest then 1 system restore thread can at one time. If
the restore point begin without end, when the next point create, it will
first end the first point.
 
George,
You can use the system restore using the WMI:

--------
Set a Restore point:
'use WMI moniker and SystemRestore class
set SRP = getobject("winmgmts:\\.\root\default:Systemrestore")
CSRP = SRP.createrestorepoint ("RESTORE_POINT_NAME", 0, 100)

---------
Enumerate your existing restore points:
set SRP = getobject("winmgmts:\\.\root\default").InstancesOf
("systemrestore")
for each Point in SRP
msgbox point.creationtime & vbcrlf & point.description & vbcrlf & "Sequence
Number= " & point.sequencenumber
next

---------
Restore to a specific point:
set SRP = getobject("winmgmts:\\.\root\Default:SystemRestore")
eSRP = SRP.Restore(SPECIFY_A_POINT) 'parameter passed is the sequence
number of the restore point you want to roll back to.

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Shutdown)}!\\" & strComputer &
"\root\cimv2")
Set colOperatingSystems = objWMIService.ExecQuery _
("Select * from Win32_OperatingSystem")
For Each objOperatingSystem in colOperatingSystems
ObjOperatingSystem.Reboot()
Next
-----------

You may not have the fine level of granularity by calling the api directly,
but WMI interface makes the restore functionality very easy.

Regards,

Sean Gahan
 
George,

I appreciate your input.
Here is our test result,I think it's the right conclusion. Maybe something
helpful to you :-)
Click to expand...

Any info is helpful, even if I don't use it at the moment :-)
The restore point creation includes begin and end. When the beginning
of the restore point marked, the Restore System save the registry files, and
then begin to monitor the protected files. When the protected files changed,
it will save the changed file. When the ending of the restore point marked,
the Restore System ends to save. The protected files just see 4.
Click to expand...

Let me quote Mark&David here : "When the System Restore service creates a new restore point it first creates a restore point
directory, then snapshots a set of critical system files, including the system and user-profile Registry hives, WMI configuration
information, the MicrosoftR Internet Information Services (IIS) metabase file (if IIS is installed), and the COM registration
database. Then the system restore driver, \Windows\System32\Drivers\Sr.sys, begins to track changes to files and directories, saving
copies of files that are being deleted or modified in the restore point, and noting other changes, such as directory creation and
deletion, in a restore point change log."
And if we use the beginning mark twice, before the second beginning
mark, the system will first end the first point. For example:
begin->begin->end = begin->end->begin->end.

If we use the system restore through Windows XP (use the
%SystemRoot%\System32

\restore\rstrui.exe file), it will first mark the ending of the point (just
end the last restore point), and then begin the new point.

The test result: create the .\windows\system32\test.ini file:

1. Begin->end : no change

2. Begin->modify->end : save the modify file

3. Begin->begin->end : actually begin->end->begin->end

4. Begin->begin->modify->end: actuallly begin->end->begin->modify->end, and
save the moodily file in the second point.

Note: And there only lest then 1 system restore thread can at one time. If
the restore point begin without end, when the next point create, it will first end the first point.
Click to expand...

This may look like obvious result since I can't imagine overlapping restore points. With such you would start creating a mess in the
Restore procedure.
Also, I guess, the Sr.sys implementation is probably simple enough and one threaded (again, a guess) and therefore no allowing you
to not close a restore point (closing it automatically).

Btw, what's the purpose of your testing? I mean why you concern so much how the system restore points ends?
There may be better solutions to what you are going to implement than XP System Restore.
 
KM said:
George,

I appreciate your input.


Any info is helpful, even if I don't use it at the moment :-)


Let me quote Mark&David here : "When the System Restore service creates a
Click to expand...
new restore point it first creates a restore point
directory, then snapshots a set of critical system files, including the
Click to expand...
system and user-profile Registry hives, WMI configuration
information, the MicrosoftR Internet Information Services (IIS) metabase
Click to expand...
file (if IIS is installed), and the COM registration
database. Then the system restore driver,
Click to expand...
\Windows\System32\Drivers\Sr.sys, begins to track changes to files and
directories, saving
copies of files that are being deleted or modified in the restore point,
Click to expand...
and noting other changes, such as directory creation and
deletion, in a restore point change log."
first end the first point.

This may look like obvious result since I can't imagine overlapping
Click to expand...
restore points. With such you would start creating a mess in the
Restore procedure.
Also, I guess, the Sr.sys implementation is probably simple enough and one
Click to expand...
threaded (again, a guess) and therefore no allowing you
to not close a restore point (closing it automatically).

Btw, what's the purpose of your testing? I mean why you concern so much
Click to expand...
how the system restore points ends?
There may be better solutions to what you are going to implement than XP
Click to expand...
System Restore.

We just survey it. :-)
Thanks for your answer.
 
Thanks very much!

Sean Gahan said:
George,
You can use the system restore using the WMI:

--------
Set a Restore point:
'use WMI moniker and SystemRestore class
set SRP = getobject("winmgmts:\\.\root\default:Systemrestore")
CSRP = SRP.createrestorepoint ("RESTORE_POINT_NAME", 0, 100)

---------
Enumerate your existing restore points:
set SRP = getobject("winmgmts:\\.\root\default").InstancesOf
("systemrestore")
for each Point in SRP
msgbox point.creationtime & vbcrlf & point.description & vbcrlf & "Sequence
Number= " & point.sequencenumber
next

---------
Restore to a specific point:
set SRP = getobject("winmgmts:\\.\root\Default:SystemRestore")
eSRP = SRP.Restore(SPECIFY_A_POINT) 'parameter passed is the sequence
number of the restore point you want to roll back to.

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Shutdown)}!\\" & strComputer &
"\root\cimv2")
Set colOperatingSystems = objWMIService.ExecQuery _
("Select * from Win32_OperatingSystem")
For Each objOperatingSystem in colOperatingSystems
ObjOperatingSystem.Reboot()
Next
-----------

You may not have the fine level of granularity by calling the api directly,
but WMI interface makes the restore functionality very easy.

Regards,

Sean Gahan



does Am
Click to expand...
 
Back
Top