Skip to content

Improve VSS parsing: robust, language-agnostic handling and safe cleanup #2041

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Improve VSS parsing: robust, language-agnostic handling and safe cleanup #2041

wants to merge 1 commit into from

Conversation

@azoxlpf
Copy link

@azoxlpf azoxlpf commented Sep 18, 2025

Description

This PR improves the way secretsdump.py parses the output of vssadmin when retrieving shadow copies.

Previously, the code relied on English-specific keywords (e.g. "Shadow Copy ID:", "Volume:"), which caused failures on systems where vssadmin output is localized (e.g. French, German, Spanish).

This patch introduces a regex-based parsing mechanism that:

  • Extracts the GLOBALROOT path directly,

  • Searches for nearby GUIDs ({xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}),

  • Detects volume letters ((C:), (D:), …) independently of the language,

  • Adds fallbacks if parsing fails,

  • Improves error handling when deleting shadows.

This makes secretsdump more robust across non-English domain controllers.

Before :

avant

After :

apres

@anadrianmanrique anadrianmanrique added bug Unexpected problem or unintended behavior medium Medium priority item labels Sep 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug Unexpected problem or unintended behavior medium Medium priority item

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@azoxlpf @anadrianmanrique