Alternate working title… The super cool PERL backup script I wrote in 1997 doesn’t work on Windows Server 2003 x64 *&(#%^&^#
Back in the golden days of Windows NT 4 SP2 or maybe it was SP3 in or around 1997 by then I had a problem I had to solve with automatically backing up some file systems and put them somewhere safe so we could recover them quickly and easily. The quickly and easily meant that the standard backup methods likely weren’t the best way to go so I wrote a very wicked cool PERL script that would use ntbackup to backup the folders needing protection, then zip the file, then either use CIFS/SMB or FTP to copy the file to someplace else that I could quickly recover the file from. The main changes to this script over the years have simply been the support of backing up Active Directory and embedding it into an executable via ActiveState’s PerlApp application (very cool, if you write perl on Win32, you should have the Perl Dev Kit from ActiveState…).
Now just to be honest, I love love love love love this solution. I have used it in some way shape or form in every job I have had since 1997 and also use it at home for backing things up too.
Well for the first time I was running the script on an x64 machine and it adamantly refused to run. Specifically it kept spitting out “Windows cannot find ‘c:\winnt\system32\ntbackup.exe’ as shown below…
As you can imagine, this is a bit frustrating. Then I started thinking more and more about it and recalled that there is all sorts of redirection going on in x64 to “help” us lowly users find the “proper” versions of things. Specifically in this case, if you run an x86 application and it calls out to <WINDIR>\system32 the call is actually redirected to <WINDIR>\SysWow64 (sounds sort of like Sham Wow in my head). This is all well and good right up until you need to executable a binary from an x86 EXE embedded perl script and no x86 version of that binary is available… Say like ntbackup.exe… All you get then is “the file doesn’t exist” error and when you look at it from the x64 command prompt DIR says “THERE IT IS!!!” and you think… WTF.
So to refresh my memory I went and hunted down the appropriate resources which were
http://support.microsoft.com/kb/896456
http://msdn.microsoft.com/en-us/library/aa384249(VS.85).aspx
http://msdn.microsoft.com/en-us/library/aa384187(VS.85).aspx
which brings you to the conclusion that you need to write your app/script to take advantage of the Wow64DisableWow64FsRedirection function to work. Obviously I am not afraid to do that and whip up the needed app but I just kept thinking… I shouldn’t have to do this. So I kept looking and thinking.
After looking for awhile I found out that this annoyed enough people that in Windows Vista they added a new directory alias… <WINDIR>\SYSNATIVE which takes you to <WINDIR>\system32 regardless of the “bit-ness” of the application. This doesn’t help on Windows Server 2003 x64 though (nor Windows XP x64 if you are playing in that sandbox). So I kept looking and thinking.
After a while I thought… What if I just set up a file system linkage from <WINDIR>\SysWow64\ntbackup.exe to <WINDIR>\system32\ntbackup.exe. Would that work??
So I dug out fsutil to create a hardlink (UNIX people out there are like yeah no kidding, Windows people are like hard wha???)
E:\>fsutil hardlink create c:\winnt\syswow64\ntbackup.exe c:\winnt\system32\ntbackup.exe
Hardlink created for c:\winnt\syswow64\ntbackup.exe <<===>> c:\winnt\system32\ntbackup.exe
and voila… the script is working fine again.
I added the setup of this hard link to the script setup file…
if exist %windir%\syswow64 (
echo x64 Windows detected, creating ntbackup hardlink
fsutil hardlink create %WINDIR%\syswow64\ntbackup.exe %WINDIR%\system32\ntbackup.exe
)
So why don’t I link <WINDIR>\SysWow64 to <WINDIR>\system32… First hardlinks only work at the file level, but second even if it worked at the directory level that would be inherently dangerous as other things could get redirected that I didn’t intend. I know specifically how ntbackup is being used on the system which gives me a lot more info about that specific case than all of the thousands of files in the folder.
Next popular question will be… how do I display hardlinks? You do that with HLSCAN.EXE.
Another possible question will be… so joe, how do I know authoritatively if this is going on?? Well one of the best ways would be to start an x86 command prompt and look for the file you want via that. So type start %windir%\syswow64\cmd and then use dir to look for the file you need to find.
Oh yeah almost forgot… how do you get rid of a hardlink once created? You delete the “file”. i.e. In the example above, I would type del c:\winnt\syswow64\ntbackup.exe and that would remove the hardlink to c:\winnt\system32\ntbackup.exe
And yes… I know this will break again with Windows Server 2008 as NTBACKUP is sadly no longer available but I don’t have to deal with that exact issue quite yet… I honestly don’t know what I will do then as I don’t much like what I have seen of the new backup facility.
joe
