Jump to content











Photo
* * * * * 1 votes

Create a windows system from scratch using Linux


  • Please log in to reply
100 replies to this topic

#26 Guest_AnonVendetta_*

Guest_AnonVendetta_*
  • Guests

Posted 02 May 2015 - 03:46 PM

I say save yourself a shitload of headache and just use native Windows tools............not exactly the best or quickest solution, but you can download VirtualBox or VMware Workstation, then download a trial copy of Windows (any version, doesn't matter), then boot the Windows ISO in the VM. Before doing that, download GetWAIKTools, run it with WINE, let it fetch the appropriate WAIK files as per your desired Windows version. Copy those files off to a partition somewhere (preferably NTFS, FAT32, or exFAT, since that's primarily what the Windows installer is limited to accessing), ImageX.exe (or DISM.exe, never tried it) and bcdboot.exe are what you'll need. Back to booting the ISO, instead of installing Windows the "normal" way (via the GUI setup), hit Shift+F10, 'diskpart', assign drive letter(s) to your desired boot and Windows partitions, and another for the location of the WAIK files.

 

Next, navigate to the WAIK folder, run:

 

imagex /apply install.wim 1 C:

 

1 represents the edition of Windows you want to install (Home Premium, Pro, Enterprise, etc), change it as necessary (imagex /info <location of WIM here>. C represents your destination Windows volume.

 

Next, bcdboot, the steps are a bit different for BIOS booting and UEFI boot, so:

 

bcdboot C:\Windows /s A:

 

A represents either your EFI system partition (for UEFI booting) *OR* your System Reserved partition (for BIOS booting). You can get a complete list of bcdboot command parameters via Google.

 

Hope that helped!


Edited by AnonVendetta, 02 May 2015 - 03:53 PM.


#27 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 02 May 2015 - 04:00 PM

I say save yourself a shitload of headache and just use native Windows tools............not exactly the best or quickest solution, but you can download VirtualBox or VMware Workstation, then download a trial copy of Windows (any version, doesn't matter), then boot the Windows ISO in the VM. Before doing that, download GetWAIKTools, run it with WINE, let it fetch the appropriate WAIK files as per your desired Windows version. Copy those files off to a partition somewhere (preferably NTFS, FAT32, or exFAT, since that's primarily what the Windows installer is limited to accessing), ImageX.exe (or DISM.exe, never tried it) and bcdboot.exe are what you'll need. Back to booting the ISO, instead of installing Windows the "normal" way (via the GUI setup), hit Shift+F10, 'diskpart', assign drive letter(s) to your desired boot and Windows partitions, and another for the location of the WAIK files.

 

Next, navigate to the WAIK folder, run:

 

imagex /apply install.wim 1 C:

 

1 represents the edition of Windows you want to install (Home Premium, Pro, Enterprise, etc), change it as necessary (imagex /info <location of WIM here>. C represents your destination Windows volume.

 

Next, bcdboot, the steps are a bit different for BIOS booting and UEFI boot, so:

 

bcdboot C:\Windows /s A:

 

A represents either your EFI system partition (for UEFI booting) *OR* your System Reserved partition (for BIOS booting). You can get a complete list of bcdboot command parameters via Google.

 

Hope that helped!

 

 

Hi AnonVendetta,

 

You are missing the point : you kill all the fun :)

Performing this task under a winpe is indeed a piece of cake as indeed it takes little effort and time to generate a winpe and prepare a system.

 

The challenge here is to do without windows tools while increasing knowledge around the BCD store.

 

Regards,

Erwan



#28 Guest_AnonVendetta_*

Guest_AnonVendetta_*
  • Guests

Posted 02 May 2015 - 04:08 PM

 

Hi AnonVendetta,

 

You are missing the point : you kill all the fun

 

That's completely understandable. I was just offering another method (one that the OP was probably aware of, but whatever). I dont mind finding unusual ways to solve a problem, besides the traditional methods. But sometimes I just dont feel like banging my head all day against a problem, when there are easier and quicker ways to do it. I already create enough problems in my life on a day to day basis, both intentional and unintentional, and sometimes I get aggravated at having to spend alot of time coming up with solutions.

 

To put things in perspective, you can chop down a tree with a chainsaw, or you can try to to drive thru it with a 18-wheeler. They both work, but most logical people will choose the former.


Edited by AnonVendetta, 02 May 2015 - 04:10 PM.


#29 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 02 May 2015 - 04:17 PM

Hope that helped!

Help for what? :w00t:

Which is the difficult part in this OP sentence? :dubbio::

Currently we do this in WinPE, but would like to do it in Linux because linux PXE boots a lot faster.

 

To which you reply essentially:

Do not use Linux, use a WinPE instead, here is how to do it in a much more complex way, that has nothing to do with PXE booting and senselessly involves a trial .iso and a VM, hope this helps. 

 

 

And yes, the first part of a Windows install is a WinPE, and what you described is a reknown method, at least since fujianabc automated it:

http://reboot.pro/to...external-drive/

and JFX (same Author of the GetWAIKTools that you mentioned):

http://www.msfn.org/...-the-huge-isos/

has created an evolution of it called WinNTSetup:

http://www.msfn.org/...inntsetup-v379/

(which also downloads the needed WAIK tools automagically)

 

 

:duff:
Wonko



#30 cdob

cdob

    Gold Member

  • Expert
  • 1469 posts

Posted 02 May 2015 - 08:20 PM

one can use a more generic "boot" BCD

There is "locate" too.

http://www.multiboot...dows_seven.html

There is a new BCD element setting for Win7 that makes the MS boot manager (bootmgr) go hunting across partitions for a bootable Windows operating system. The Windows sysprep tool will set the necessary BCD Elements of device and osdevice to "Locate" and this allows for the copying of hard drives or the cloning of Win7 in tandem with a System Reserved partition.


After sysprep:

bcdedit /store g:\boot\bcd

Windows Boot Loader
-------------------
identifier {default}
device locate=\Windows\system32\winload.exe
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoveryenabled No
osdevice locate=\Windows
systemroot \Windows
resumeobject {35a39ddc-edec-11e4-bc8c-cf43764b5c6f}
nx OptIn


bcdedit /store g:\boot\bcd /v
Windows Boot Loader
-------------------
identifier {35a39ddd-edec-11e4-bc8c-cf43764b5c6f}
device locate=custom:12000002
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoveryenabled No
osdevice locate=custom:22000002
systemroot \Windows
resumeobject {35a39ddc-edec-11e4-bc8c-cf43764b5c6f}
nx OptIn


[HKEY_LOCAL_MACHINE\bcd\Objects\{35a39ddd-edec-11e4-bc8c-cf43764b5c6f}\Elements\11000001]
"Element"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,08,00,00,00,00,\
00,00,00,1e,00,00,00,00,00,00,00,00,00,00,00,02,00,00,12,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\bcd\Objects\{35a39ddd-edec-11e4-bc8c-cf43764b5c6f}\Elements\12000002]
"Element"="\\Windows\\system32\\winload.exe"

[HKEY_LOCAL_MACHINE\bcd\Objects\{35a39ddd-edec-11e4-bc8c-cf43764b5c6f}\Elements\21000001]
"Element"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,08,00,00,00,00,\
00,00,00,1e,00,00,00,00,00,00,00,00,00,00,00,02,00,00,22,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\bcd\Objects\{35a39ddd-edec-11e4-bc8c-cf43764b5c6f}\Elements\22000002]
"Element"="\\Windows"


The tag file names are defined at entry 12000002 and 22000002.
Other unique names should be possible.

#31 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 03 May 2015 - 09:47 AM

There is "locate" too.

 
Nice :).
But apart Sysprep is there a way to set the BCD like that (like through WMI as hinted on the given page)? :unsure: or one has to import manually to the BCD (mounted as Registry hive or using - say - erwan.l's Offline Registry thingy) the giiven hex ?
 
In order to do a direct edit since the length of the field is different one needs to additionaly change the field length, which is seemingly a byte @offset -0x18 from the A0 FF FF FF, the length of the hex becomes 46 or 0x2E
i.e.:
 

2E 00 00 00 88 0B 00 00 03 00 00 00 01 00 00 00
45 6C 65 6D 65 6E 74 00 A0 FF FF FF 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00
00 00 00 00 1E 00 00 00 00 00 00 00 00 00 00 00
02 00 00 22 00 00 00 00 00 00

as compared to the "boot" setting field where the length is 0x58 or 88:
 

58 00 00 00 88 0B 00 00 03 00 00 00 01 00 00 00
45 6C 65 6D 65 6E 74 00 A0 FF FF FF 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00
00 00 00 00 48 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00


 
 
In any case it seems that the 0x08 @ offset 0x10 means "locate" and the "element number" is @ 0x24, and we have to understand the 0x1E @ 0x18, maybe it means "custom".
 
:duff:
Wonko

#32 Brito

Brito

    Platinum Member

  • .script developer
  • 10616 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 03 May 2015 - 10:48 AM

So the only difficult part may be dealing with the BCD store --- which *can* be edited from Linux if required since it is the same file format as the Windows registry.  But you'd need to know exactly which changes (if any) need to be made.

 

At the winbuilder side we can help with that part. We wrote libraries for natively read/write/edit registry hives regardless of the operating system underneath (Linux, Windows) and this permits changing the BCD as needed. It can import registry files directly into an offline hive through the command line if needed.

 

Downside is requiring Java to be available on the Linux distro. It should be possible to compile winbuilder to run as a native Linux application and avoid installing Java, we just don't have much demand/resources to follow that route.



#33 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 03 May 2015 - 03:08 PM

@Nuno
There is no particular difficulty in using some "native" tools to edit a Windows Registry hive in Linux, the point is:

So the only difficult part may be dealing with the BCD store --- which *can* be edited from Linux if required since it is the same file format as the Windows registry.  But you'd need to know exactly which changes (if any) need to be made.

If you prefer, there is NO issue whatever in writing a given set of hex value as a hex key called "\objects\guid2\11000001\Element", the issue is more into knowing that "\objects\guid2\21000001\Element" corresponds to "OSDevice" and WHAT exactly needs to be written there that will be later interpreted as "boot", "partition=x:" or "locate=custom:22000002".

 

If you prefer there are two levels of translation, one between the stupid hive format and "plain text" and one between the "plain text" and the BCDEDIT (or BCD WMI provider) lingo.

 

The information coming from my simpler attempts at documenting direct hex-edits of an existing hive can easily be re-complicated by using a "native" Registry Editor or library or further complicated by using a registry tool running inside a Java VM as you suggested, but we could go further and have a bootable QNX hosting an Android VM running Windows 98 running Virtual PC that runs a Linux running Qemu running a WinPE 5.1 making use of WMI ....  :whistling:

 

:duff:

Wonko



#34 cdob

cdob

    Gold Member

  • Expert
  • 1469 posts

Posted 03 May 2015 - 07:38 PM

apart Sysprep

There is a good chance: the system was syspreped before.
Using this bcd file: the request is working out of the box

@stangm
Do you like to apply a default install.wim or a custom made wim file?
Do you use sysprep?
 

to set the BCD like that (like through WMI as hinted on the given page)? :unsure: or one has to import manually to the BCD (mounted as Registry hive or using - say - erwan.l's Offline Registry thingy) the giiven hex ?


I've no luck with regedit import, but reg.exe works.

Given a 100 MB / 16 GB partition layout:

Running with system permisssion:
 
rem https://msdn.microsoft.com/en-us/library/windows/desktop/aa362652.aspx
reg.exe load HKLM\bcd g:\boot\bcd
reg.exe ADD "HKLM\bcd\Objects\{35a39de0-edec-11e4-bc8c-cf43764b5c6f}\Elements\11000001" /v Element /t REG_BINARY /d 0000000000000000000000000000000008000000000000001e000000000000000000000002000012000000000000 /f
reg.exe ADD "HKLM\bcd\Objects\{35a39de0-edec-11e4-bc8c-cf43764b5c6f}\Elements\21000001" /v Element /t REG_BINARY /d 0000000000000000000000000000000008000000000000001e000000000000000000000002000022000000000000 /f
reg.exe unload HKLM\bcd
The GUID is a example, has to be adjusted at local bcd file.

windows 7 does boot


Define a marker file \windows\marker1.txt
rem reuse a defined entry: 32000004 SdiPath https://msdn.microsoft.com/library/windows/desktop/aa362645.aspx
reg.exe load HKLM\bcd g:\boot\bcd
reg.exe ADD "HKLM\bcd\Objects\{35a39de0-edec-11e4-bc8c-cf43764b5c6f}\Elements\11000001" /v Element /t REG_BINARY /d 0000000000000000000000000000000008000000000000001e000000000000000000000004000032000000000000 /f
reg.exe ADD "HKLM\bcd\Objects\{35a39de0-edec-11e4-bc8c-cf43764b5c6f}\Elements\21000001" /v Element /t REG_BINARY /d 0000000000000000000000000000000008000000000000001e000000000000000000000004000032000000000000 /f
reg.exe ADD "HKLM\bcd\Objects\{35a39de0-edec-11e4-bc8c-cf43764b5c6f}\Elements\32000004" /v Element /t REG_SZ /d \windows\marker1.txt /f
reg.exe unload HKLM\bcd
Without a file \windows\marker1.txt:
bootmgr error 0xc000000f winload.exe missing

With a file \windows\marker1.txt:
windows 7 does boot

Not tested at a multi boot environment so far.
  • misty likes this

#35 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 03 May 2015 - 07:45 PM

for the record, in bootice, BOOT and LOCATE seems to be treated the same whereas reading above they seem to have different behaviors.

 

8Z4vGXT.png?1

 

 

Also, Offline Registry Editor, based on the MS library can edit a BCD store but the GUI is early alpha thus... (i.e to be improved).

 

wFXeyku.png



#36 misty

misty

    Gold Member

  • Developer
  • 1066 posts
  •  
    United Kingdom

Posted 03 May 2015 - 08:41 PM

@stangm
I've attached a BCD store that might enable you to boot into Windows on partition 2 (using grub4dos device syntax this is device (hd0,1)) when partition 1 (grub4dos device (hd0,0)) is set as active and contains the Windows Boot files (BOOTMGR and the BCD store). This store uses the Locate path - thanks cdob and wonko :cheers:

There are some limitations -
  • The BCD store does not stay open (see below).
  • It is unlikely to work on systems with UEFI firmware.
  • I've only tested it on a 32-bit Windows 7 (SP1) system.
Whether it will be suitable for your requirements remains to be seen. I have no idea whether the .wim you intend to apply is a sysprepped image, or a partially completed installation, or something else.

The attached BCD store was able to boot Windows 7 - it replaced the hardcoded BCD store that had been created when Windows 7 was installed. I tried it on two different (virtual) systems with different disk signatures and partition offsets just to be sure.

I attempted to use this same store to complete a Windows installation (after the files had been copied from the DVD during the initial phase of setup - following the first reboot) - it failed. Using a sysprepped BCD store taken from another system, which also had the relevant paths set as Locate, setup completed without error. I've therefore also attached a sysprepped Windows 7 BCD store. Please experiment with both BCD stores and report back.


@everyone
Some frustrations - it wasn't possible for me to edit the BCD store entries manually when mounted in regedit. Error -
Cannot edit Element: Error writing the value's new contents.
I also received an error message when trying to import a .reg file to overwrite existing settings in a mounted BCD store -
Cannot import: *.reg: Not all data was successfully written to the registry. Some keys are open by the system or other processes.
It's a bit more complicated that cdob's reg.exe approach, however I used the following .reg file to manually create a BCD store (after importing the file, the HKLM\SYSTEM\BCD key was exported as a hive type file using regedit) -
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\BCD]

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Description]
"KeyName"="BCD00000000"

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects]

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}]

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Description]
"Type"=dword:10200003

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Elements]

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Elements\11000001]
"Element"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,08,00,00,00,00,\
  00,00,00,1e,00,00,00,00,00,00,00,00,00,00,00,02,00,00,12,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Elements\12000002]
"Element"="\\Windows\\system32\\winload.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Elements\12000004]
"Element"="Windows"

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Elements\21000001]
"Element"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,08,00,00,00,00,\
  00,00,00,1e,00,00,00,00,00,00,00,00,00,00,00,02,00,00,22,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Elements\22000002]
"Element"="\\Windows"

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}]

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Description]
"Type"=dword:10100002

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements]

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\11000001]
"Element"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,08,00,00,00,00,\
  00,00,00,1e,00,00,00,00,00,00,00,00,00,00,00,02,00,00,12,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\12000004]
"Element"="Boot Manager"

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\23000003]
"Element"="{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}"

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\24000001]
"Element"=hex(7):7b,00,33,00,32,00,32,00,33,00,66,00,63,00,62,00,62,00,2d,00,\
  66,00,31,00,62,00,33,00,2d,00,31,00,31,00,65,00,34,00,2d,00,38,00,61,00,31,\
  00,66,00,2d,00,30,00,30,00,32,00,33,00,34,00,64,00,66,00,64,00,64,00,35,00,\
  38,00,32,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\25000004]
"Element"=hex:14,00,00,00,00,00,00,00
The above settings were obtained by creating a basic BCD store using boot as path (see post #9). The BCD store was mounted in regedit and the settings were exported as a .reg file. Elements 21000001 and 11000001 were then edited - settings were copied from a BCD store prepared with sysprep (using the /generalize switch).

The BCD store I created using this approach was able to boot Windows 7. Interestingly, when running bcdedit /enum from the running Windows, I received the following error message -
The boot configuration data store could not be opened. 
The volume for a file has been externally altered so that the opened file is no longer valid.
When using a sysprepped BCD store (on the non-sysprepped system), running bcdedit /enum all /v from the running Windows parsed the relevant entries -
Spoiler


Regards,

Misty

Attached File  BCD.sysprepped.zip   4.97KB   1121 downloads
Attached File  BCD.locate.zip   1.48KB   1071 downloads

#37 cdob

cdob

    Gold Member

  • Expert
  • 1469 posts

Posted 04 May 2015 - 04:27 AM

When using a sysprepped BCD store

Windows Boot Manager
device locate=custom:12000002


I don't understand this.
The Windows Boot Manager bootmgr is located at the boot partition.
Dosn't match device "boot" better?

#38 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 04 May 2015 - 07:20 AM

@stangm
I've attached a BCD store that might enable you to boot into Windows on partition 2 (using grub4dos device syntax this is device (hd0,1)) when partition 1 (grub4dos device (hd0,0)) is set as active and contains the Windows Boot files (BOOTMGR and the BCD store). This store uses the Locate path - thanks cdob and wonko :cheers:

There are some limitations -

  • The BCD store does not stay open (see below).
  • It is unlikely to work on systems with UEFI firmware.
  • I've only tested it on a 32-bit Windows 7 (SP1) system.
Whether it will be suitable for your requirements remains to be seen. I have no idea whether the .wim you intend to apply is a sysprepped image, or a partially completed installation, or something else.

The attached BCD store was able to boot Windows 7 - it replaced the hardcoded BCD store that had been created when Windows 7 was installed. I tried it on two different (virtual) systems with different disk signatures and partition offsets just to be sure.

I attempted to use this same store to complete a Windows installation (after the files had been copied from the DVD during the initial phase of setup - following the first reboot) - it failed. Using a sysprepped BCD store taken from another system, which also had the relevant paths set as Locate, setup completed without error. I've therefore also attached a sysprepped Windows 7 BCD store. Please experiment with both BCD stores and report back.


@everyone
Some frustrations - it wasn't possible for me to edit the BCD store entries manually when mounted in regedit. Error -
Cannot edit Element: Error writing the value's new contents.
I also received an error message when trying to import a .reg file to overwrite existing settings in a mounted BCD store -
Cannot import: *.reg: Not all data was successfully written to the registry. Some keys are open by the system or other processes.
It's a bit more complicated that cdob's reg.exe approach, however I used the following .reg file to manually create a BCD store (after importing the file, the HKLM\SYSTEM\BCD key was exported as a hive type file using regedit) -
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\BCD]

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Description]
"KeyName"="BCD00000000"

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects]

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}]

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Description]
"Type"=dword:10200003

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Elements]

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Elements\11000001]
"Element"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,08,00,00,00,00,\
  00,00,00,1e,00,00,00,00,00,00,00,00,00,00,00,02,00,00,12,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Elements\12000002]
"Element"="\\Windows\\system32\\winload.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Elements\12000004]
"Element"="Windows"

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Elements\21000001]
"Element"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,08,00,00,00,00,\
  00,00,00,1e,00,00,00,00,00,00,00,00,00,00,00,02,00,00,22,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Elements\22000002]
"Element"="\\Windows"

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}]

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Description]
"Type"=dword:10100002

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements]

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\11000001]
"Element"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,08,00,00,00,00,\
  00,00,00,1e,00,00,00,00,00,00,00,00,00,00,00,02,00,00,12,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\12000004]
"Element"="Boot Manager"

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\23000003]
"Element"="{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}"

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\24000001]
"Element"=hex(7):7b,00,33,00,32,00,32,00,33,00,66,00,63,00,62,00,62,00,2d,00,\
  66,00,31,00,62,00,33,00,2d,00,31,00,31,00,65,00,34,00,2d,00,38,00,61,00,31,\
  00,66,00,2d,00,30,00,30,00,32,00,33,00,34,00,64,00,66,00,64,00,64,00,35,00,\
  38,00,32,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\25000004]
"Element"=hex:14,00,00,00,00,00,00,00
The above settings were obtained by creating a basic BCD store using boot as path (see post #9). The BCD store was mounted in regedit and the settings were exported as a .reg file. Elements 21000001 and 11000001 were then edited - settings were copied from a BCD store prepared with sysprep (using the /generalize switch).

The BCD store I created using this approach was able to boot Windows 7. Interestingly, when running bcdedit /enum from the running Windows, I received the following error message -
The boot configuration data store could not be opened. 
The volume for a file has been externally altered so that the opened file is no longer valid.
When using a sysprepped BCD store (on the non-sysprepped system), running bcdedit /enum all /v from the running Windows parsed the relevant entries -
Spoiler


Regards,

Misty

attachicon.gifBCD.sysprepped.zip
attachicon.gifBCD.locate.zip

 

 

If you are having issues with regedit, you can also use offlinereg and therefore avoid having to import/export in regedit.

You can then create a native hive from scratch and edit it offline.

The command line syntaxt is not the most friendly one (...) but I am opened to suggestions.

 

Example below (incomplete)

offlinereg c:\temp\bcd.dat Description create
offlinereg c:\temp\bcd.dat Description setvalue Keyname BCD00000000 1 nobackup
OfflineReg c:\temp\bcd.dat " " createkey Objects nobackup
OfflineReg c:\temp\bcd.dat Objects createkey {3223fcbb-f1b3-11e4-8a1f-00234dfdd582} nobackup
OfflineReg c:\temp\bcd.dat Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582} createkey Description nobackup
offlinereg c:\temp\bcd.dat Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Description setvalue Type 10200003 4 nobackup
OfflineReg c:\temp\bcd.dat Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582} createkey Elements nobackup
OfflineReg c:\temp\bcd.dat Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Elements createkey 11000001 nobackup
offlinereg c:\temp\bcd.dat Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Elements\11000001 setvalue Element 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,08,00,00,00,00,00,00,00,1e,00,00,00,00,00,00,00,00,00,00,00,02,00,00,12,00,00,00,00,00,00 3 nobackup

  • misty likes this

#39 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 04 May 2015 - 09:34 AM

 


@everyone
Some frustrations - it wasn't possible for me to edit the BCD store entries manually when mounted in regedit. Error -
Cannot edit Element: Error writing the value's new contents.
I also received an error message when trying to import a .reg file to overwrite existing settings in a mounted BCD store -
Cannot import: *.reg: Not all data was successfully written to the registry. Some keys are open by the system or other processes.

Try getting ownership (or change permissions) of the BCD hive or key. :whistling:

The whole BCD stuff belongs to MS :ph34r:, not to you :w00t: and you are given very limited permissions on the objects within it.  

 

:duff:

Wonko



#40 misty

misty

    Gold Member

  • Developer
  • 1066 posts
  •  
    United Kingdom

Posted 04 May 2015 - 11:27 AM

@cdob

When using a sysprepped BCD store

Windows Boot Manager
device locate=custom:12000002

I don't understand this.
The Windows Boot Manager bootmgr is located at the boot partition.
Dosn't match device "boot" better?

I agree. It makes absolutely no sense for the path to bootmgr to be set as locate as it is always going to be on the boot device. This is however how it was set when running sysprep - more MS weirdness. I haven't tried using a combination of boot (for the bath to bootmgr) and locate (for paths to the OS) yet. Based on post #34 I'm assuming you already have?

@erwan.l
Offlinereg looks like yet another interesting and useful app. I keep seeing references to it throughout the forum but have yet to use it - it is now on my list of things to do! I did have a very quick play with Offlinereg_GUI.exe and it was possible to change the elements values without any issues. :thumbsup:

@Wonko

Try getting ownership (or change permissions) of the BCD hive or key. :whistling:

I tried - made no difference. And I did own it - I was attempting to edit a BCD store I had created from scratch!
 

The whole BCD stuff belongs to MS :ph34r:, not to you :w00t: and you are given very limited permissions on the objects within it.

That sounds about right! :censored: :frusty:

Regards,

Misty

#41 misty

misty

    Gold Member

  • Developer
  • 1066 posts
  •  
    United Kingdom

Posted 04 May 2015 - 11:43 AM

@erwan.l
Did a very quick test with the command line version of Offlinereg - very nice app. :worship:

Thanks for taking the time out to post some instructions (see post #38).

Regards,

Misty

#42 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 04 May 2015 - 12:21 PM

@Wonko
I tried - made no difference. And I did own it - I was attempting to edit a BCD store I had created from scratch!
 

Well I can edit entries fine here on my XP SP2, once I have set the "element" to "full control" for the Admin (and being an Admin).

Try manually editing in Regedit the attached (which is "your" BCD with the "locate" settings) set with full control to "everyone".

 

:duff:

Wonko

Attached Files



#43 misty

misty

    Gold Member

  • Developer
  • 1066 posts
  •  
    United Kingdom

Posted 04 May 2015 - 12:33 PM

@Wonko
I tried editing your attached BCDloc file - it failed with the same error message reported in my previous post. You can add this scenario to your arguments about why you are sticking with Windows XP :thumbsup:

cdob also reported issues with regedit in post #34 -

I've no luck with regedit import, but reg.exe works.


Regards,

Misty

P.s. I'm running 32-bit Windows 7 SP1

#44 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 04 May 2015 - 12:47 PM

You can add this scenario to your arguments about why you are sticking with Windows XP  :thumbsup:

 

Good :) to have a rational reason, besides my gut feelings. ;)

It would be interesting to understand why exactly this happens, however :unsure:, it is really strange as while I may understand how a BCD loaded "normally" as BCD000000 might have some added (artificial) editing limitations in Vista  :ph34r: and later, the same hive  loaded as (say) HKLM\myniceBCD shouldn't be "limited", unless *somehow* the good MS guys "blacklisted" key names like "11000001" :dubbio:

 

:duff:

Wonko

 

P.S.: I quickly tested good ol' Registry Viewer (which is also an editor) 4.2:

https://web.archive....ru/regstry.html

and it seems like working fine, maybe it works even under 7 :unsure:

Since it has source code and seemingly does not rely on any stupid Windows API, maybe that thingy can be ported/compiled for Linux



#45 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 04 May 2015 - 12:56 PM

I generated a full bcd with the code below based on the reg file posted my Misty.

 

bcdedit /store c:\temp\bcd.dat tells me there is no store in this file (???).

 

bcdedit /store c:\temp\bcd.dat /enum all /v give the following .

 

could it be that some entries are missing in Misty reg file or is generating a bcd from a blank hive not possible?

 

view in my GUI :

 

G56d5M8.png

identificateur          {9dea862c-5cdd-4e70-acc1-f32b344d4795}
identificateur          {3223fcbb-f1b3-11e4-8a1f-00234dfdd582}
device                  locate=custom:12000002
path                    \\Windows\\system32\\winload.exe
description             Windows
custom:21000001         locate=custom:22000002
custom:22000002         \\Windows

del c:\temp\bcd.dat
offlinereg c:\temp\bcd.dat Description create
offlinereg c:\temp\bcd.dat Description setvalue Keyname BCD00000000 1 nobackup
OfflineReg c:\temp\bcd.dat " " createkey Objects nobackup
rem {3223fcbb-f1b3-11e4-8a1f-00234dfdd582}
OfflineReg c:\temp\bcd.dat Objects createkey {3223fcbb-f1b3-11e4-8a1f-00234dfdd582} nobackup
OfflineReg c:\temp\bcd.dat Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582} createkey Description nobackup
offlinereg c:\temp\bcd.dat Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Description setvalue Type 10200003 4 nobackup
OfflineReg c:\temp\bcd.dat Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582} createkey Elements nobackup
OfflineReg c:\temp\bcd.dat Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Elements createkey 11000001 nobackup
offlinereg c:\temp\bcd.dat Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Elements\11000001 setvalue Element 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,08,00,00,00,00,00,00,00,1e,00,00,00,00,00,00,00,00,00,00,00,02,00,00,12,00,00,00,00,00,00 3 nobackup
OfflineReg c:\temp\bcd.dat Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Elements createkey 12000002 nobackup
offlinereg c:\temp\bcd.dat Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Elements\12000002 setvalue Element \\Windows\\system32\\winload.exe 1 nobackup
OfflineReg c:\temp\bcd.dat Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Elements createkey 12000004 nobackup
offlinereg c:\temp\bcd.dat Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Elements\12000004 setvalue Element Windows 1 nobackup
OfflineReg c:\temp\bcd.dat Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Elements createkey 21000001 nobackup
offlinereg c:\temp\bcd.dat Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Elements\21000001 setvalue Element 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,08,00,00,00,00,00,00,00,1e,00,00,00,00,00,00,00,00,00,00,00,02,00,00,22,00,00,00,00,00,00 3 nobackup
OfflineReg c:\temp\bcd.dat Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Elements createkey 22000002 nobackup
offlinereg c:\temp\bcd.dat Objects\{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}\Elements\22000002 setvalue Element \\Windows 1 nobackup
rem {9dea862c-5cdd-4e70-acc1-f32b344d4795}
OfflineReg c:\temp\bcd.dat Objects createkey {9dea862c-5cdd-4e70-acc1-f32b344d4795} nobackup
OfflineReg c:\temp\bcd.dat Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795} createkey Description nobackup
offlinereg c:\temp\bcd.dat Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Description setvalue Type 10100002 4 nobackup
OfflineReg c:\temp\bcd.dat Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795} createkey Elements nobackup
OfflineReg c:\temp\bcd.dat Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements createkey 11000001 nobackup
offlinereg c:\temp\bcd.dat Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\11000001 setvalue Element 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,08,00,00,00,00,00,00,00,1e,00,00,00,00,00,00,00,00,00,00,00,02,00,00,12,00,00,00,00,00,00 3 nobackup
OfflineReg c:\temp\bcd.dat Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements createkey 12000004 nobackup
offlinereg c:\temp\bcd.dat Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\12000004 setvalue Element "Boot Manager" 1 nobackup
OfflineReg c:\temp\bcd.dat Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements createkey 23000003 nobackup
offlinereg c:\temp\bcd.dat Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\23000003 setvalue Element {3223fcbb-f1b3-11e4-8a1f-00234dfdd582} 1 nobackup
OfflineReg c:\temp\bcd.dat Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements createkey 24000001 nobackup
offlinereg c:\temp\bcd.dat Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\24000001 setvalue Element "{3223fcbb-f1b3-11e4-8a1f-00234dfdd582}" 7 nobackup
OfflineReg c:\temp\bcd.dat Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements createkey 25000004 nobackup
offlinereg c:\temp\bcd.dat Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\25000004 setvalue Element 14,00,00,00,00,00,00,00 3 nobackup

 



#46 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 04 May 2015 - 01:18 PM

@Misty 

 

Are you sure about the below?

Over here this key (24000001) is usually similar to 23000003 and contains a GUID.

 

Checking here, 24000001 = DisplayOrder .

[HKEY_LOCAL_MACHINE\SYSTEM\BCD\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\24000001]
"Element"=hex(7):7b,00,33,00,32,00,32,00,33,00,66,00,63,00,62,00,62,00,2d,00,\
66,00,31,00,62,00,33,00,2d,00,31,00,31,00,65,00,34,00,2d,00,38,00,61,00,31,\
00,66,00,2d,00,30,00,30,00,32,00,33,00,34,00,64,00,66,00,64,00,64,00,35,00,\
38,00,32,00,7d,00,00,00,00,00


#47 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 04 May 2015 - 01:35 PM

I have edited my script above.

 

Now, my bcd is read correctly by bcdedit.

 

The trick was to push the display order field as a multi string.

 

I did not try to boot using this BCD thus...

bcdedit /store c:\temp\bcd.dat
identificateur          {bootmgr}
device                  locate=unknown
description             Boot Manager
custom:23000003         {default}
custom:24000001         {default}
custom:25000004         20
identificateur          {default}
device                  locate=\\Windows\\system32\\winload.exe
path                    \\Windows\\system32\\winload.exe
description             Windows
custom:21000001         locate=\\Windows
custom:22000002         \\Windows


#48 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 04 May 2015 - 01:42 PM

 

P.S.: I quickly tested good ol' Registry Viewer (which is also an editor) 4.2:

https://web.archive....ru/regstry.html

and it seems like working fine, maybe it works even under 7 :unsure:

Since it has source code and seemingly does not rely on any stupid Windows API, maybe that thingy can be ported/compiled for Linux

 

I am tempted to give a go at this libregf (another lib from libyal).

My understanding is that one could build it both under windows and linux.

It could (may be?) replace the offline registry library from MS.



#49 misty

misty

    Gold Member

  • Developer
  • 1066 posts
  •  
    United Kingdom

Posted 04 May 2015 - 02:03 PM

@erwan.l

I generated a full bcd with the code below based on the reg file posted my Misty.....could it be that some entries are missing in Misty reg file or is generating a bcd from a blank hive not possible?

I tried again - importing the same .reg file from my previous post (#36), then in regedit > right-click > export > Save as type: Registry Hive Files (*.*) - it worked (again) when used to boot a system on a virtual PC.

Interestingly it was 8 kb in size - after running bcdedit /enum all /v on it, it increased to 12 kb in size!
 

@Misty

Are you sure about the below?
Over here this key (24000001) is usually similar to 23000003 and contains a GUID.

I just copied this from an exported .reg file - it was exported (from regedit) from an unmodified (with boot path(s)) BCD store created using the batch file in post #9 -
Spoiler


I have no idea why it worked for me, but failed when you used the same data in offlinereg :frusty:

#50 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 04 May 2015 - 02:05 PM

@erwan.l
I have no idea why it worked for me, but failed when you used the same data in offlinereg :frusty:

 

 

See my last post : now works :)

It was an issue with my script.

 

I can now generate a bcd from scratch using a blank hive.

Looks like we can build a BCD store without the need for bcdedit and thus giving more options/flexibility.






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users