Description of the Acronis SnapAPI module
Description
The SnapAPI module is in charge of all Acronis software I/O operations on the hard disk. It also allows to create backups under running Windows with an unlimited number of files open for reading and writing without the necessity to reboot the computer.
Once Acronis software initializes the backup process of a volume (a single partition or a dynamic disk), Acronis Snapshot Manager flushes the file system mounted to that volume temporarily freezing all the operations on the system volume. Immediately thereafter, the Snapshot Manager driver creates a point-in-time view of the system volume and a bitmap describing the used sectors on this volume. Once the bitmap is created, the filter driver unfreezes the I/O operations on the system volume. It generally takes just several seconds to create a point-in-time view of the volume. After that, the operating system continues working as the imaging process is under way.
Acronis software reads the sectors on the system volume according to the created bitmap. Once a sector is read, the appropriate bit in the bitmap is reset. In its turn, the Acronis driver continues working to hold the point-in-time view of the system volume. Whenever the driver sees a write operation directed at the system volume, it checks whether these sectors are already backed-up, if they are not, the driver saves the data on the sectors that will be overwritten to a special buffer created by the software, then it allows the sectors to be overwritten. Acronis software backs up the sectors from the special buffer, so that all the sectors of the point-in-time view of the system volume will be backed up intact. Meanwhile, the operating system continues working and you will not notice anything unusual in the operating system functionality.
The Snapshot Manager driver (snapman.sys) is installed as an upper filter between the file system drivers and the volume drivers, so SnapAPI can intercept all the read and write requests passing to a partition. See the scheme below:
Physical hard disk drive
↓
Hard disk driver (disk.sys) which enumerates the hard disk drives, reads and writes information
↓
Hard disk partitions driver (partmgr.sys), which enumerates the hard disk partitions
↓
Volume driver (ftdisk.sys) which represents the partition as a volume. If there are dynamic disks in the system, the information about them is provided to ftdisk.sys by dmio.sys, which works with the physical hard disks through disk.sys
↓
Acronis driver (snapman.sys) which flushes the file system mounted to the volume being read by the Acronis application, so all the operations on the volume temporarily freeze. It generally takes just a few seconds and then the operating system continues working as usual
↓
File system driver (fastfat.sys, ntfs.sys), which represents the volume according to the file systems specifications
The SnapAPI drivers binary files and registry keys/settings are listed below:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\snapman
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318} -> snapman or fltsrv string in the UpperFilters value
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> snapman or fltsrv string in the LowerFilters value
- Windows\system32\drivers\snapman.sys
For compatibility purposes SnapAPI may also be present in Windows\system32\snapapi.dll
More information
You can also take a look at the graphical representation of how Acronis Snapshot Manager works: