Get Volume Path from Drive Name using Powershell script

by
I have been working with file access events in Clustered File Server. In event log, for every file access, we are getting 4663 and 4656 events with file path like: DeviceHarddiskVolume4MySharetest.txt instead of my local path F:MySharetest.txt. After I have analyzed , found the prefix path DeviceHarddiskVolume4 is mapped with the device F:. Finally, I found this link (http://poshcode.org/4768), it contains powershell script to list Device Name (Drive letter) and mapped Device Path (Volume Path).

List Device Name and Volume Path using Powershell script

We can get the Volume Path from Device Name using the Kernel32 module function QueryDosDevice and we can list the available device names (drive letter) using WMI class Win32_Volume. Use the the below Powershell script to list device path and device name.

   1. Copy the below Powershell script and paste in Notepad file.
   2. Save As the Notepad file with the extension .ps1 like List-Device-Name-and-Path.ps1

Powershell Script: Download List-Device-Name-and-Path.ps1

 # Biuild System Assembly in order to call Kernel32:QueryDosDevice. 
    $DynAssembly = New-Object System.Reflection.AssemblyName('SysUtils')
    $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly($DynAssembly, [Reflection.Emit.AssemblyBuilderAccess]::Run)
    $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('SysUtils', $False)

    # Define [Kernel32]::QueryDosDevice method
    $TypeBuilder = $ModuleBuilder.DefineType('Kernel32', 'Public, Class')
    $PInvokeMethod = $TypeBuilder.DefinePInvokeMethod('QueryDosDevice', 'kernel32.dll', ([Reflection.MethodAttributes]::Public -bor [Reflection.MethodAttributes]::Static), [Reflection.CallingConventions]::Standard, [UInt32], [Type[]]@([String], [Text.StringBuilder], [UInt32]), [Runtime.InteropServices.CallingConvention]::Winapi, [Runtime.InteropServices.CharSet]::Auto)
    $DllImportConstructor = [Runtime.InteropServices.DllImportAttribute].GetConstructor(@([String]))
    $SetLastError = [Runtime.InteropServices.DllImportAttribute].GetField('SetLastError')
    $SetLastErrorCustomAttribute = New-Object Reflection.Emit.CustomAttributeBuilder($DllImportConstructor, @('kernel32.dll'), [Reflection.FieldInfo[]]@($SetLastError), @($true))
    $PInvokeMethod.SetCustomAttribute($SetLastErrorCustomAttribute)
    $Kernel32 = $TypeBuilder.CreateType()

    $Max = 65536
    $StringBuilder = New-Object System.Text.StringBuilder($Max)

    Get-WmiObject Win32_Volume | ? { $_.DriveLetter } | % {
        $ReturnLength = $Kernel32::QueryDosDevice($_.DriveLetter, $StringBuilder, $Max)

        if ($ReturnLength)
        {
            $DriveMapping = @{
                DriveLetter = $_.DriveLetter
                DevicePath = $StringBuilder.ToString()
            }

            New-Object PSObject -Property $DriveMapping
        }
    }

   3. Now run the script file List-Device-Name-and-Path.ps1 from Powershell to list all the Device Name and Volume Path in local machine.

Get Device Path from Device Name using Powershell script

Get Device Path from Device Name (Drive Letter) using Powershell script

The below script displays Device Path for the given Device Name(Derive letter). The device name(drive letter) cannot have a trailing backslash; for example, use “C:“, not “C:“. Follow the below steps to get volume path from drive letter.

   1. Copy the below Powershell script and paste in Notepad file.
   2. Save As the Notepad file with the extension .ps1 like Get-DevicePath-from-DeviceName.ps1

Powershell Script: Download Get-DevicePath-from-DeviceName.ps1

    $driveLetter = Read-Host "Enter Drive Letter:"
    Write-Host " "
    $DynAssembly = New-Object System.Reflection.AssemblyName('SysUtils')
    $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly($DynAssembly, [Reflection.Emit.AssemblyBuilderAccess]::Run)
    $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('SysUtils', $False)

    # Define [Kernel32]::QueryDosDevice method
    $TypeBuilder = $ModuleBuilder.DefineType('Kernel32', 'Public, Class')
    $PInvokeMethod = $TypeBuilder.DefinePInvokeMethod('QueryDosDevice', 'kernel32.dll', ([Reflection.MethodAttributes]::Public -bor [Reflection.MethodAttributes]::Static), [Reflection.CallingConventions]::Standard, [UInt32], [Type[]]@([String], [Text.StringBuilder], [UInt32]), [Runtime.InteropServices.CallingConvention]::Winapi, [Runtime.InteropServices.CharSet]::Auto)
    $DllImportConstructor = [Runtime.InteropServices.DllImportAttribute].GetConstructor(@([String]))
    $SetLastError = [Runtime.InteropServices.DllImportAttribute].GetField('SetLastError')
    $SetLastErrorCustomAttribute = New-Object Reflection.Emit.CustomAttributeBuilder($DllImportConstructor, @('kernel32.dll'), [Reflection.FieldInfo[]]@($SetLastError), @($true))
    $PInvokeMethod.SetCustomAttribute($SetLastErrorCustomAttribute)
    $Kernel32 = $TypeBuilder.CreateType()

    $Max = 65536
    $StringBuilder = New-Object System.Text.StringBuilder($Max)
    $ReturnLength = $Kernel32::QueryDosDevice($driveLetter, $StringBuilder, $Max)

     if ($ReturnLength)
     {
         Write-Host "Device Path: "$StringBuilder.ToString()
      }
      else
      {
          Write-Host "Device Path: not found"
      }
    Write-Host " "

   3. Now run the script file Get-DevicePath-from-DeviceName.ps1 from Powershell, and give the Drive letter as argument which you want to get device path.

Get Volume Path from Drive Name using Powershell script

Thanks,
Morgan
Software Developer

Related Posts

Advertisement

1 thought on “Get Volume Path from Drive Name using Powershell script”

  1. i tried this first and saw some volume numbers didn’t match up with what was listed in Event Viewer, what does match is:
    diskpart
    list volume

    Reply

Leave a Comment