Page 1 of 1
Missing VDI file
Posted: 16. Sep 2020, 17:55
by fit
Hi,
I have a missing VDI file (10-15GB) on one of the VM in my lab and the machine is still running fine. Since the machine is working perfectly fine, is there a way to dump the VM data that is running in memory to a new VDI file ? I would then stop the machine, mount the file and restart the machine. Any thoughts ?
In the meantime, I am running scalpel against the disk to find if it was deleted. Content of scalpel.conf:
Code: Select all
vdi y 25000000000 \x3c\x3c\x3c\x20\x4f\x72\x61\x63\x6c\x65\x20\x56\x4d\x20\x56\x69
Re: Missing VDI file
Posted: 16. Sep 2020, 18:01
by scottgus1
I don't think there is any way in Virtualbox to do this. Think of what you'd do on a real PC, the same method will probably work in the VM.
How do you know the VDI is missing?
Re: Missing VDI file
Posted: 16. Sep 2020, 19:19
by fit
I am not sure yet, I concentrated my efforts on trying to find it and see if there was any workaround.
I tested with a new machine, and if I can recover the file, I might suffer from data loss but that would be acceptable in this case. In my testing I renamed the vdi, created and modified some files and everything was still working. I renamed the file back to its original name, restarted the machine and the newly created files were still there on the OS.
My guess is if the VM can write to the file (same header, maybe ?!?), the data will be written to the new file. So creating an empty file with a similar header might help. Is that possible?
Re: Missing VDI file
Posted: 16. Sep 2020, 19:31
by scottgus1
Honestly, I don't know what to suggest. Computers typically don't tolerate having an active drive drop off without notice, unless the operating system is prepared ahead of time, such as "Safely Remove Hardware" in Windows, or hot-pluggable drives. Even RAID & such "fake" a hard drive that is really made of several physical drives, a certain number of which can drop out and the "drive" will still be there to the OS.
Unless you've done something special with your guest OS, I'd be careful not to interfere with its drive files on the host OS. I'm rather surprised this is possible. I'd figure there would be locks on guest files in the host OS to prevent changing guest file names while the guest was running.
As for dumping the guest memory, you'd need a program to copy the memory in the guest OS. Virtualbox doesn't have anything like that, and it is highly unlikely that the guest memory contains the entire contents of the VDI file.