The barrier towards further reduction in size is the $LogFile that can't be smaller than 256 Kb in size, and the 32 Kb $MFT that obviously can't overlap with the logfile. It is likely a limitation in the ntfs driver that will let Windows see a partition as RAW if the logfile is smaller than 256 Kb.
Maybe the most interesting thing about this boot.sdi is that many of the metafiles have shared sectors on the partition (see details below). Don't worry, it's good enough for WinPE to boot on (the actual filesystem is not used, just the wim mounted on top of the partition). The only part of the logfile that is evaluated is the relevant content in $MFT as well as the first 512 bytes of the first restart page (header).
Now, to be able to create logfile with size lower than 2 Mb, we need to patch untfs.dll. I believe Mark Russinovich patched it the same way (although in memory using SoftIce) when he made the ntfs floppy in 97'. There is a good reason why he did not manage create the logfile any smaller. Here's the details of the patch;
At va 5b04cfc5;
[b8 00 00 20 00] -> [b8 00 00 04 00]
At va 5b04d324;
[c7 00 00 00 20 00] -> [c7 00 00 00 04 00]
At va 5b04d336;
[bf 00 00 20 00] -> [bf 00 00 04 00]
And if you also want to try it on a floppy then at va 5b0346fb;
[74 08] -> [eb 08]
The execution can be observed with olly (in my case), by using memory break on access on the dll..
Beware this was done on the XP sp2 version of untfs.dll (5.1.2600.2180). Just make the mod and place the dll together with chkdsk.exe/format.com in a separate directory. In the patch posted above 200000h = 2097152 bytes = 2 Mb, while 40000h = 262144 bytes = 256 Kb. However, the floppy can't be mounted by Windows, and must be investigated by other tools.
If using format.com (or chkdsk /f) it will make the logfile size defaulting as specified in the patch.
It obviously only makes sense to do on very small ntfs partition. After patching the dll you can create logfiles of size 256, 512 , 1024 too. To adjust the logfile size use something like;
chkdsk /l:256 driveletter:
The $Boot file only need to have the first 512 bytes available inside boot.sdi. The rest of it is only necessary if you boot off an actual HDD. Funny enough, MS changed the code inside the file from nt5.x to nt6.x, but it works equally well either way. Meaning the code for ntldr can boot bootmgr, as long as you rename the file (it can also also boot grldr). Basically a bootsector of any of the 3 can boot anyone of the 3 with just a rename of the file.
The partition image inside my boot.sdi is not valid and do not have any free space, so it can only be modified with a hex editor (the $MFT (or whole partition) was more or less completely rewritten by hand). The details of which sectors the individual system(meta)files occupy;
$Boot 0 $MFT 1-65 Root directory 66-73 $LogFile 74-586 $MFTMirr 136-143 $UpCase 136 $Secure:$SDS 137-392 $Bitmap 138 $AttrDef 139-143 The rest of the systemfiles are fully contained within $MFT
So what is it good for? Maybe faster pxe booting (boot.sdi). And a very good way of learning how ntfs works!! Oh, and btw you can free a few Mb on a rambooted disk image (logfile shrinking)..
Btw, any valid NTFS partition of version 3.1 can't be smaller than just below 700 Kb (at least not if used in Windows).
If anyone can create a valid filesystem with a logfile at 128 Kb or smaller I would be extremely interested in the details.
Joakim Schicht