Sysinternals Disk2vhd v2.02 released

Windows[German]A brief information for readers who occasionally need to transfer a Windows installation to a virtual machine. Microsoft has released the disk2vhd v2.02 tool in the free Sysinternals suite in October 2021. The tool lets you have a Windows installation transferred to a .vhd disk that can then be run with Virtual PC or Hyper-V.


I haven't done anything with Disk2vhd for ages, because I don't use Hyper-V anymore and Virtual PC is as good as dead. It was a short mail from Austrian blog reader Thomas Z. that pointed me to the topic (thanks for the info). Thomas wrote:

Hello Mr. Born,

Version 2.02 should be quite fresh – just fell over it. New seems to be the 64-bit version and "Prepare for use in Virtual PC" Maybe worth a post.

He still had attached the download link on disk2vhd to the mail.

What is disk2vhd v2.02?

The tool name disk2vhd already outlines the function of the tool: It is used to copy the contents of a logical drive to a virtual disk (.vhd file). These .vhd files can then be loaded into Virtual PC or Hyper-V. The description of disk2vhd states:

Disk2vhd is a utility that creates virtual hard disk (VHD) versions (Microsoft's virtual machine disk format) of physical hard disks for use in Microsoft Virtual PC or Microsoft Hyper-V virtual machines (VMs).

Microsoft states that the difference between disk2vhd and other physical to virtual hard disk conversion tools is that the Disk2vhd tool can be run on a system that is online. To do this, Disk2vhd uses Windows' Volume Snapshot feature, introduced in Windows XP, to create consistent point-in-time snapshots of the volumes you want to include in a conversion. You can even make Disk2vhd create the VHDs on local disks, including those that are being converted. However, one should be aware that performance is better if the target VHD is on a different disk than the one being converted.



The tool can be unpacked locally into a directory after downloading the ZIP archive file. It can then be run as a 32- or 64-bit version directly from the folder in question. No installation is required, but the execution requires administrator privileges. The tool then reports with the window shown in the screenshot above. There you can specify the path and the name of the target file (vhd or vhdx) and select some options. In addition, checkboxes can be used to specify which partitions/logical drives of a hard disk should be transferred to the virtual disk.

The option to provide the .vhd for Virtual PC should no longer be relevant by now. The product Virtual PC was given away free of charge until 2009, and could provide virtualization. In Windows 7, parts were used in Windows XP Mode – from Windows 8, the product can no longer be used. The successor is Hyper-V.

I've experimented in 2010 and 2011 with disk2vhd, but was facing issues many times during cloning disks to a vhd. I then stopped using the tool. How the situation looks like with the version 2.02 released on October 12, 2021, I can't say. More details about the handling of the tool (it also supports a call via the command prompt) and the restrictions can be found on the Sysinternals page for Disk2vhd.  

Disk2vhd has a DLL hijacking vulnerability

Before the whole readership melts with enthusiasm, I would like to point out a not so great fact. Whoever runs Disk2vhd has to grant the tool administrator privileges and should therefore be sure that his system is free of malware. This is because Disk2vhd (like other Sysinternals tools) has a DLL hijacking vulnerability.

Disk2vhd mit DLL-Hijacking-Schwachstelle

I ran (because it was still in the back of my mind) the tool disk2vhd.exe within my test bed and got a whole bunch of warning messages like the one shown in the screenshot above. The tool disk2vhd.exe needs various Windows DLL files at runtime, but does not search for them in the Windows folders, but leaves the search to Windows. If a DLL with the same name is found in the folder from which disk2vhd.exe is called, this copy is loaded. Malware just need to drop a a DLL file of the appropriate name in the program directory. Then this DLL gets administrative permissions via the disk2vhd process. Not so optimal if you want to transfer a hard disk to a virtual disk for later virtualization.

Notes: I gave some hints about Stefan Kanthak's testbed for finding DLL hijacking vulnerabilities in the blog post AdwCleaner 8.0.6 closes DLL hijacking vulnerability again. Notes on DLL hijacking vulnerabilities can be found in the blog post DLL hijacking vulnerabilities in Nirsoft tools.  So you have been warned.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Virtualization, Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *