Arsenal Image Mounter


Image Mounter

Reliable. Powerful. Trusted.

Arsenal Image Mounter Changelog


Released: 10-03-2022

Free Mode:

  • General: Improved user feedback during .NET download, updated readme

Professional Mode:

  • Windows file system driver bypass: Fixed bug involving some NTFS attribute lists (resulted in throwing errors)


Released: 08-30-2022

Professional Mode:

  • Windows file system driver bypass: Improved DiscUtils exFAT and FAT/FAT32 handling to prevent attempts at updating last access times for directories when mounted read only and to properly support directories with unusual characters in their names, respectively


Released: 08-05-2022

Professional Mode:

  • Windows file system driver bypass: Fixed issue with NTFS volumes containing 128 sectors per cluster, improved VHD handling


Released: 08-03-2022

Free Mode:

  • Virtual dd: Virtual dd volume itself has been removed from virtual dd functionality

  • GUI: New image size and new RAM disk size dialogs improved

  • CLI: CLI executable has been returned to the public build

  • General: More dependency chains (images mounted within images) are tracked and resolved when parents are unmounted, removed LX01 from all dialogs, updated readme

Professional Mode:

  • Windows file system driver bypass: NTFS updates including new volume slack identification (see the [VOLUME SLACK] object at the root of each volume), >64k sector size support, and improved unallocated space identification


Released: 07-28-2022

Free Mode:

  • Virtual dd: Upon enabling the virtual dd function, all available disks, volumes, and VSCs (whether AIM-mounted/attached or not) will be virtually exposed in a new volume as read-only raw disk images with the “.dd” extension. Disks will be exposed by their “PhysicalDrive” number, volumes will be exposed both by their currently assigned Windows drive letter and GUID, and VSCs by their volume GUID and timestamp.

  • Physical disks: Mounted disk images can now be written to physical disks with optional free space clearing (TRIM command for TRIM-enabled SSD disks, otherwise traditional clearing)

  • GUI: Mount points in AIM’s main screen are now displayed in collapsed details

  • Disk Image Mounting: Support for qcow/qcow2 format

  • Disk Image Mounting: Disk images which contain only an ISO9660 file system (CD-ROM) are now automatically mounted as virtual CD/DVDs

  • Updated readmes

Professional Mode:

  • VM Launching: DPAPI Bypass scenarios have been significantly expanded, including from VSCs AIM has launched into VMs as well as scenarios pre-Windows 10

  • VM Launching: In some DPAPI-bypass scenarios involving PIN (or non-password) authentication solely (i.e. password authentication was not an additional option), revealing browser-stored credentials could be problematic. AIM now actively resolves this problem.

  • VM Launching: In some DPAPI-bypass scenarios, for example involving Windows 8 or 8.1 and Microsoft online accounts, automatic logon does not work which makes AIM’s DPAPI bypass less intuitive. To solve this, AIM VM Tools now displays passwords in clear text so that AIM users can use them for logon with DPAPI fully unlocked.

  • VM Launching: New Linux authentication bypass

  • VM Launching: Additional boot driver assistance which results (for example) in more successful VM launches directly from VSCs

  • VM Launching: The Launch VM option “Boot with last Windows shutdown time” now displays the last shutdown time

  • VM Launching: VMs are now created with up to 6 GB RAM if >10 GB is available (previously max 4 GB) and with number of CPU cores set to half the number of physical host CPU cores (previously always 2 CPU cores)

  • VSC Mounting: VSC timestamps are more clearly identified in AIM’s main window and folders containing mounted VSCs 

  • VSC Mounting: Enhanced performance mounting and accessing VSCs

  • Windows File System Driver Bypass: Support for single disk, non-striped, lvm/lvm2 volumes

  • Windows File System Driver Bypass: Fixed bugs in DiscUtils NTFS implementation which prevented mounting of some disk images, additional bug fixes in other DiscUtils file system implementations, many optimizations related to both DiscUtils and Dokan 2 resulting in significant performance improvements

Note: To enable Arsenal Image Mounter’s full functionality, the latest .NET 6 is now required.


Released: 11-19-2021

Free Mode

  • New mount option which stores AIM's differencing file in RAM (not on disk)

  • Support for saving "physically" mounted objects to E01 format

  • AIM CLI: Added /autodelete switch to automatically delete diff file

  • AIM CLI: Added ability to restore disk images to actual physical disks

  • Write filter performance improved

  • Also minor GUI updates, readme updates, and bug fixes

Professional Mode

  • DPAPI bypass improvements (support for certain multi-user scenarios, etc.) 

  • AIM now supports attachment to actual physical disks (fixed or removable) 

  • Optionally force offline/hidden VSCs online

  • New “Windows file system driver bypass, write original” mount mode

  • More antivirus evasion in launched VMs

  • Improvements to tar, wim, and zip archive mounting

  • Adjustments to AIM driver to eliminate obscure deadlocks

  • Workaround for odd behavior from Symantec PGP WDE driver