mountvol.exe
- File Path:
C:\Windows\system32\mountvol.exe - Description: Mount Volume Utility
Hashes
| Type | Hash |
|---|---|
| MD5 | 7FDBD108C947065E1CDD7A94C08E7B67 |
| SHA1 | 79F4D3E65ABC3C7345FD3263DE9F837A6D83A558 |
| SHA256 | 0B6BBFD83C4A34DF78289470FF338E93F5A769317015043A121349A7836D8862 |
| SHA384 | 5C7F8E6334E94D3DE95C77764BE96A9C7B1E21728A882C0C11F13E0336694208EB08D56CE4AEF3077E5259DBF69B6383 |
| SHA512 | 281B0EB721B914356E8B1EEDF3C5012FC57B6CAC783A767ED17E61709D4E47791BD76A92CD87FB23D9091DDC6914D84A11D97845142CC8FB5559A9EABBD1C2BB |
| SSDEEP | 384:SUWTPFjINDIAUlJhiNljlyGVEnW/3Rl1laIxNves8WQFW:SUWTPADElenJUWvRl1TNvesm |
| IMP | 97872558B429C0A84C0AE62A365088F3 |
| PESHA1 | 39EF4249C30E87AC2A8234D19F2859407E05741F |
| PE256 | 6DAC1439A33AA6AD667AB1687E5FEA0557B374507EA76A8228BF3DE833033C42 |
Runtime Data
Usage (stdout):
Creates, deletes, or lists a volume mount point.
MOUNTVOL [drive:]path VolumeName
MOUNTVOL [drive:]path /D
MOUNTVOL [drive:]path /L
MOUNTVOL [drive:]path /P
MOUNTVOL /R
MOUNTVOL /N
MOUNTVOL /E
path Specifies the existing NTFS directory where the mount
point will reside.
VolumeName Specifies the volume name that is the target of the mount
point.
/D Removes the volume mount point from the specified directory.
/L Lists the mounted volume name for the specified directory.
/P Removes the volume mount point from the specified directory,
dismounts the volume, and makes the volume not mountable.
You can make the volume mountable again by creating a volume
mount point.
/R Removes volume mount point directories and registry settings
for volumes that are no longer in the system.
/N Disables automatic mounting of new volumes.
/E Re-enables automatic mounting of new volumes.
Possible values for VolumeName along with current mount points are:
\\?\Volume{7c775138-0000-0000-0000-100000000000}\
C:\
Loaded Modules:
| Path |
|---|
| C:\Windows\System32\KERNEL32.DLL |
| C:\Windows\System32\KERNELBASE.dll |
| C:\Windows\system32\mountvol.exe |
| C:\Windows\SYSTEM32\ntdll.dll |
Signature
- Status: Signature verified.
- Serial:
33000001C422B2F79B793DACB20000000001C4 - Thumbprint:
AE9C1AE54763822EEC42474983D8B635116C8452 - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: MOUNTVOL.EXE.MUI
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.17763.1 (WinBuild.160101.0800)
- Product Version: 10.0.17763.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/71
- VirusTotal Link: https://www.virustotal.com/gui/file/0b6bbfd83c4a34df78289470ff338e93f5a769317015043a121349a7836d8862/detection/
File Similarity (ssdeep match)
| File | Score |
|---|---|
| C:\WINDOWS\system32\mountvol.exe | 61 |
Additional Info*
*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.
mountvol
Creates, deletes, or lists a volume mount point. You can also link volumes without requiring a drive letter.
Syntax
mountvol [<drive>:]<path volumename>
mountvol [<drive>:]<path> /d
mountvol [<drive>:]<path> /l
mountvol [<drive>:]<path> /p
mountvol /r
mountvol [/n|/e]
mountvol <drive>: /s
Parameters
| Parameter | Description |
|---|---|
[<drive>:]<path> |
Specifies the existing NTFS directory where the mount point will reside. |
<volumename> |
Specifies the volume name that is the target of the mount point. The volume name uses the following syntax, where GUID is a globally unique identifier: \\?\volume\{GUID}\. The brackets { } are required. |
| /d | Removes the volume mount point from the specified folder. |
| /l | Lists the mounted volume name for the specified folder. |
| /p | Removes the volume mount point from the specified directory, dismounts the basic volume, and takes the basic volume offline, making it unmountable. If other processes are using the volume, mountvol closes any open handles before dismounting the volume. |
| /r | Removes volume mount point directories and registry settings for volumes that are no longer in the system, preventing them from being automatically mounted and given their former volume mount point(s) when added back to the system. |
| /n | Disables automatic mounting of new basic volumes. New volumes are not mounted automatically when added to the system. |
| /e | Re-enables automatic mounting of new basic volumes. |
| /s | Mounts the EFI system partition on the specified drive. |
| /? | Displays help at the command prompt. |
Remarks
-
If you dismount your volume while using the /p parameter, the volume list will show the volume as not mounted until a volume mount point is created.
-
If your volume has more than one mount point, use /d to remove the additional mount points before using /p. You can make the basic volume mountable again by assigning a volume mount point.
-
If you need to expand your volume space without reformatting or replacing a hard drive, you can add a mount path to another volume. The benefit of using one volume with several mount paths is that you can access all local volumes by using a single drive letter (such as
C:). You don’t need to remember which volume corresponds to which drive letter—although you can still mount local volumes and assign them drive letters.
Examples
To create a mount point, type:
mountvol \sysmount \\?\volume\{2eca078d-5cbc-43d3-aff8-7e8511f60d0e}\
Additional References
MIT License. Copyright (c) 2020-2021 Strontic.