EjectUSB

[spacemonkey]

Queue, I don't post very often at all. I like most people just download and go without a word of thanks. I "play" at making apps portable when I can and use this site as its a most excellent resource for direction and tips. But having just downloaded your "EjectUSB" and used it for a while today I would like to say a big "Thank you"

I run my USB key apps with PStart, and I've set EjectUSB to auto run when I close PStart. Its working great! Fast and with no errors. Excellent work

I know this isn't really the testing report you were probably after, but just just wanted to pass some deserved gushing praise your way.

[Queue]

Honestly, I appreciate it; much of the feedback I get is when something DOESN'T work, so hearing that everything's working as expected for someone is very encouraging. Thank you.

I'll have some hands-on time with a Vista SP1 machine today to personally double check that there aren't any bugs with revision 15 on Vista. If everything goes well, release version 1.2 will be uploaded with full documentation tonight.

Queue

[guinness]

What else needs to be done? The App is amazing. I have been trying to think of other stealth options that could be applied to the application. I am a basic autoit user but how easy would be it be to monitor the registry entries that are added from the portable drive and then deleted upon exit? I understand this would require an API injection?
Cheers

**A fan from day 12 of the development**

[Queue]

Well, enhancement of EjectUSB's current feature set is my objective. For example, API-based ejection on Win9x (which I know ''how'' to accomplish, but I'm not sure yet if it's safe; it may force the drive to eject even if data's still being written) and non-admin file cache flushing (I think I know how to do this as well, but it would be slow and I don't have a very good way of testing if the cache flushing is successful). If more common Windows MRU/MUI locations exist in the registry, I'd also like to add them to EjectUSB's cleanup function.

I would like to implement a mechanism like you describe for the registry as well as a similar one to check current programs running when drive is inserted and then close anything except those when ejecting, but thinking about it, I'm not sure how safe or reasonable either would be to implement. An example problem scenario: I run a Windows settings tweaker off my flash drive which changes important Windows registry settings and adds others; when I go to eject my drive, how do I know that those registry changes and additions were intentional and should be left? If I only watch for added registry entries, the potential damage will be less, but the possibility is still there. Similar problems arise with a snapshot method for running processes; some might be closed that were started by Windows or that have no relation to the removable drive (not running off it nor using a file from it). Basically, registry wrappers that are custom tailored to non-stealth programs serve this purpose and are safer, in my opinion.

While EjectUSB is built for ''damage control'' (you run it after everything else, let it clean up and eject), I fully expect I could add a mode where it's run when you insert your drive to monitor for changes. It's just a matter of whether it's worthwhile which I haven't convinced myself of yet.

Queue

P.S. - API hooking would be the most accurate and efficient way of getting registry changes, but raw snapshots of the registry, the way RegShot does it, would also be an option.

[Queue]

Ok, so I'm kinda trudging through a mess on 1.3; I have quite a few improvements I'm working on implementing, but I just don't have the right hardware for some of the tests, so I need some help.

I could use some help from someone who has one of those flash card / USB combination drives where you can either put it in a card reader or plug it into a USB port. I need you to download http://www.uwe-sieber.de/files/listdosdevices.zip from http://www.uwe-sieber.de/drivetools_e.html and tell me what the DOS device name is for the drive when in a card reader and when plugged into a USB slot.

My current plans are for proper card reader support (mostly done... I think), a bug fix for Win9x (already done), TrueCrypt support (working on it right now!) and Subst support (not started but I also know it's gonna be easy).

Queue

[Queue]

I will also need an interested TrueCrypt user to help me double check that TrueCrypt volume unmounting and drive ejection works.

A response here that you're interested would be appreciated, and I'll need a few questions answered as to how you use TrueCrypt to make sure I give you a suitable beta test version. Do you mount your TC volume to the same letter every time or do you let TC automatically pick a letter? Do you have more than one TC volume mounted at a time, and if so, are some on the local hard drive and others on a removable drive?

I think that covers it. Basically, whether or not a fixed drive letter is used, and whether or not there is more than one TC volume mounted makes a difference in which script to test. I'm pretty excited about this functionality and I'm PRETTY sure I nailed it, but I need at least one person to help me test it otherwise I'll have to release a best guess!

Queue

[guinness]

Hi I am able to help! I have created an App in Autoit 3 which mounts automatically and dismounts and yes i use the same drive letter as derived by what is contained in the .ini file. I have 1 container that doesn't use any filetype at the end e.g. .tc, .jpg to hide the fact its a TrueCypt fle. I had a look at the links provide yesterday to delete all non present storage devices and this worked a treat as I was having to do this manually! Thanks.

For ease and speed I use the program on my hard drive which is in 1 folder, but I do use a usb drive when out and about. My interest is how you delete the TrueCrypt reg key as this is very difficult to delete after the drive has been dismounted (using commandline switches.)

Queue as ever I am interested in how you are implementing new features in this program so am happy to help!

The program I created uses your EjectUSB.exe that is on the mounted TrueCrypt drive i.e. X:\ to ensure a safe dismount (which works very very well) I haven't edited any code because what isn't broke doesn't need fixing!! Let me know the link to Beta Version.

[Queue]

Hurray! Ok, so I have a version ready for you to test, but I've got a little bit of a let-down: it DOESN'T do any registry or file cleanup specific to TrueCrypt yet. I plan to add that, but I just want to get EjectUSB automatically dismounting a TrueCrypt volume first.

The other bad news is for it to do everything automatically, you have to put EjectUSB in the same folder as TrueCrypt.exe, not within the TrueCrypt volume. The only work-around for this would be basically just as insecure since EjectUSB would have to copy itself to the local temporary files folder if run from within the TrueCrypt volume.

If you're still interested in testing this, here's the download:
Link removed, 1.3 beta 2 posted later in thread.

Put EjectUSB_beta.exe and EjectUSB_beta.bat in the same folder as TrueCrypt.exe and run EjectUSB_beta.exe. Running the BAT file will do nothing as it's built specifically to be used by EjectUSB. If your TrueCrypt volume is mounted to drive letter X:, you shouldn't need to adjust anything, it should just work. If your TrueCrypt volume ISN'T mounted to drive letter X:, open EjectUSB_beta.bat with a text editor, scroll to the end of the first line where it says ''target x'' and change ''x'' to the drive letter your TrueCrypt volume is mounted to.

This is the first glimpse at the simple scripting mechanism I've added to EjectUSB to allow more complex interfacing with various programs. I've already also made a script that automatically searches for the first mounted TrueCrypt volume and sets it as the drive to dismount. You said your TC volume is a specific letter though so the included script is tailored for that.

Honestly, I have no experience with TrueCrypt, I simply read their documentation and prepared what I think will work. At worst, it won't do anything. It shouldn't be able to break or harm anything; if it doesn't work, programs running from the TrueCrypt volume should still be closed and registry MRU and MUI entries related to the TrueCrypt volume drive letter should be cleaned up from the registry and recent documents, but the TrueCrypt volume won't dismount.

The specific feedback I want is:
1) do programs running out of the TrueCrypt volume close?
2) does the TrueCrypt volume dismount?
3) if run from a removable drive, does the drive successfully eject?

Any other information would be great as well.

Queue

[guinness]

Hi, I have some bad news. As per your request I only tested if TrueCrypt would be executed to dismount the mounted device.
The steps I took (to check if I was correct were...)
1. Mounted <TRUECRYPT CONTAINER> to the drive letter Y:
2. Copied EjectUSB_beta.exe and EjectUSB_beta.bat in the same folder where TrueCrypt.exe, truecrypt.sys, truecrypt-x64.sys and <TRUECRYPT CONTAINER> are located.
3. Because I dont use X: but Y: instead I opened the .bat file and changed the line "nobat wait force target x" to "nobat wait force target y"
4. From there I selected that .bat file and nothing happened!!

I then continued with...

1. Mounted <TRUECRYPT CONTAINER> to the drive letter X:
2. From there I selected that .bat file and nothing happened!!

I didn't replace the EjectUSB.exe that I currently have installed in my <TRUECRYPT CONTAINER> as currently I am happy with how the programs close that are running from the Y: drive.

How are you dismounting the TrueCrypt and do you use IF statements to save if truecrypt-x64.sys and truecrypt.sys are present then TrueCrypt must be installed. As the end user can change the program name to whatever they like but the above files have to stay the same.

This is what I use...

Code: Select all

$PortableDrive = "Y"
ShellExecute( "TrueCrypt.exe", "/d " & $PortableDrive & " /f /w /q /s" )

The difficult part as explained previous is the reg keys! but that will come at a later stage.

[Queue]

4. From there I selected that .bat file and nothing happened!!

Did you ever try running EjectUSB_beta.exe or did you only try EjectUSB_beta.bat? You're not supposed to double click EjectUSB_beta.bat; that will do nothing. When you run EjectUSB_beta.exe it will use the .bat file. I'll modify the .bat file to show a simple explanation message if double clicked to help avoid this confusion.

I didn't replace the EjectUSB.exe that I currently have installed in my <TRUECRYPT CONTAINER> as currently I am happy with how the programs close that are running from the Y: drive.

Not a problem and I didn't expect you to. This beta shouldn't interfere with the normal copy of EjectUSB you have inside the volume.

How are you dismounting the TrueCrypt and do you use IF statements to save if truecrypt-x64.sys and truecrypt.sys are present then TrueCrypt must be installed. As the end user can change the program name to whatever they like but the above files have to stay the same.

You can see the dismount command line in the .bat file. Right now it's only:

Code: Select all

start /wait TrueCrypt.exe /q /d%1

%1 is the target drive letter to dismount.
It should probably be changed to:

Code: Select all

start /wait TrueCrypt.exe /d%1 /f /q /s /w

Right now I'm assuming the user is going to have the TrueCrypt executable on their removable drive. If you rename TrueCrypt.exe, you'll need to edit the .bat file (in two places: on the first line and on the fourth line) and change TrueCrypt.exe to whatever you named it. There is a simple check to make sure the executable exists. EjectUSB can detect if a drive itself is a mounted TrueCrypt volume, though checking if a specific .sys file exists can also be done. Look at the first line of the .bat file.

Code: Select all

ifnotexist %3%4TrueCrypt.exe nobat

%3%4 means the folder where EjectUSB is located, and TrueCrypt.exe is the file to check for. ''nobat'' means to abort executing the .bat file if TrueCrypt.exe doesn't exist.

The difficult part as explained previous is the reg keys!

If you can give me exact registry keys (and file locations if TrueCrypt copies anything to the system drive) I can start setting up stuff to clean them up, unless you mean it's hard to determine the exact reg keys because they aren't static...

You followed setup directions to the letter though, but I want to confirm whether or not you actually ran EjectUSB_beta.exe or if you just tried running EjectUSB_beta.bat; this will determine what I do next.

Queue

[guinness]

Did you ever try running EjectUSB_beta.exe or did you only try EjectUSB_beta.bat? You're not supposed to double click EjectUSB_beta.bat; that will do nothing. When you run EjectUSB_beta.exe it will use the .bat file. I'll modify the .bat file to show a simple explanation message if double clicked to help avoid this confusion.

I just did a retest and configured the .bat file to point to the Y: drive and selected the .exe nothing happened. As mentioned I even reverted back to mounting to X: which I know you have down as the default and still it didn't dismount. An error of System drive can't be dismounted even though Im not dismounting C:\. Could it be because I am testing on the hard drive and not a usb. But surely as you have said you expect it to work both on a static and removable drive.

The reg keys which I wish to delete are stored in
HKLM\SYSTEM\MountedDevice & HKLM\SYSTEM\MountedDevice1 or do you know of any software that can do this? I have used DriveCleanup from http://www.uwe-sieber.de/drivetools_e.html and this deleted some.

[Queue]

That error message is a problem I didn't account for with TC support. It's a fail-safe to make sure EjectUSB won't try and close anything running out of the system directory (namely C:\Windows). Basically, because you're running EjectUSB off of your system drive, it's aborting before it even tries to dismount your TrueCrypt volume.

I'll make changes to account for this. Until then, you should be able to test by running EjectUSB_beta.exe with the following switches:

Code: Select all

EjectUSB_beta.exe /force C:\nonexistantfolder

That should be enough to get the TrueCrypt ejection to try.

I'll make some changes and have a new beta available tomorrow evening.

Queue

[guinness]

Hi (sorry about the delay but we are in very different time zones)

I took your advice and used the command line switch, it worked this time! The first time I executed the program it closed everything apart from one icon wasn't still left over in the taskbar, but this is down to someone else's code! An error message of TrueCrypt could not dismount was shown, but using the dismount option I showed you will eradicate this problem as it had in fact dismounted correctly.
I then tried to log back into the <TRUECRYPT CONTAINER> but the Y: drive letter had been deleted as one of the mount points, so I restarted my machine and it was back in the drive letter pool.

I then repeated the above steps and this time the drive letter wasn't deleted but the same error message was shown. An idea would be to have the messages on silent (/s) and have an IF statement to keep checking that Y:\ drive for example has dismounted correctly. As I kept finding with my program the message of unsuccessful dismount was always showing!

Any more advice?
1) do programs running out of the TrueCrypt volume close? YES
2) does the TrueCrypt volume dismount? YES
3) if run from a removable drive, does the drive successfully eject? I WILL UPDATE AS I AM CHECKING NOW

[guinness]

I tried point 3 and again it seems to deleted reference of the Y: Drive so if I wish to open again without restarting I am unable too. Sorry about my poor image but these are the error messages I received when on a removable drive 1 and 2 showed when the <TRUECRYPT CONTAINER> was dismounting which it did successfully and the 3rd showed when the drive had been physically pulled out as it was removed without any problems. So these messages shouldn't have appeared as everything was successful.

[Queue]

Good, those are encouraging results, and don't worry about the timezone differences, it just gives me more time to think. =)

This problem of deleting the reference to drive Y has me confused. That shouldn't be from anything EjectUSB is doing, but something TrueCrypt is doing and I don't know why TrueCrypt would do that. I'm working on code to allow specifying a registry key (or value) or file that can be specified to delete after running the script.

Anyhow, gonna see what I can come up with and will try and have a new beta uploaded for you to try later this afternoon or evening.

Queue