Jump to content











Photo
- - - - -

Create a windows system from scratch using Linux


  • Please log in to reply
98 replies to this topic

#51 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1914 posts
  • Location:Nantes - France
  •  
    France

Posted 04 May 2015 - 02:09 PM

In case somebody wants to give it a try, I built libregf for windows.

If somebody was nice enough to build it for linux... we would have a common lib to manipulate windows hives.

 

Not sure yet thus if the library can write (read seems granted looking quickly at the exported functions.

 

EDIT : I checked and write access is not supported yet :( 

Too bad as I would gladly replace the MS offline library by an open source & multi platform one.

 

xlMDIHB.png

Attached Files



#52 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13443 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 04 May 2015 - 02:25 PM

And HOW (the heck) a "final user" is supposed to use libregf.dll? :unsure: :frusty:

 

Are you going to provide a proxy for IMDISK for it?  :dubbio:

 

Then you could get back to the original (which is the "right" one BTW) idea of a filesystem driver:

http://reboot.pro/to...s-a-filesystem/

:whistling:

 

:duff:

Wonko



#53 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1914 posts
  • Location:Nantes - France
  •  
    France

Posted 04 May 2015 - 02:30 PM

And HOW (the heck) a "final user" is supposed to use libregf.dll? :unsure: :frusty:

 

Are you going to provide a proxy for IMDISK for it?  :dubbio:

 

Then you could get back to the original (which is the "right" one BTW) idea of a filesystem driver:

http://reboot.pro/to...s-a-filesystem/

:whistling:

 

:duff:

Wonko

 

While brainstorming and thinking out loud, I thought I could attach this library over here.

As this is not that easy (at least for me) to build such VC projects, I thought I would share it for some coder passing by (and I know there are some here).

 

May be I think too much or may be I am too enthusiast :)

 

Not sure it would apply to a proxy for ImDisk as ImDisk is meant to talk to a filesystem (an offset, a length) like ewf, vmdk, etc ...

That means I would have to emulate some sort of filesystem? FAT or else ...

 

I would probably go for a command line interface and GUI, just like I did for the MS Offline Registry library.

I'd like to have a library working for both windows and linux, for read and write access.

 

Lets discard this library for now, consider it was me digressing.

Back to the point, we now have several ways to generate a BCD hive from scratch and thus play harder with options.



#54 misty

misty

    Silver Member

  • Developer
  • 703 posts
  •  
    United Kingdom

Posted 04 May 2015 - 02:37 PM

And HOW (the heck) a "final user" is supposed to use libregf.dll? :unsure: :frusty:

:loleverybody:- my sentiments exactly!
 

Then you could get back to the original (which is the "right" one BTW) idea of a filesystem driver:
http://reboot.pro/to...s-a-filesystem/
:whistling:

Interesting thread. Now who is this Was_Jaclaz character - he seems really grumpy :whistling: 

Regards,

Misty



#55 cdob

cdob

    Gold Member

  • Expert
  • 1315 posts

Posted 04 May 2015 - 02:40 PM

I haven't tried using a combination of boot (for the bath to bootmgr) and locate (for paths to the OS) yet. Based on post #34 I'm assuming you already have?

Yes, I'm using the boot / locate combination.
A booted windows 7 can run bcdedit: the booted windows does know the bcd file.

#56 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1914 posts
  • Location:Nantes - France
  •  
    France

Posted 04 May 2015 - 02:46 PM

Yes, I'm using the boot / locate combination.
A booted windows 7 can run bcdedit: the booted windows does know the bcd file.

 

As mentionned in a previous thread, bootice seems to be using that combinations too (looking at what is displayed on screen).



#57 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1914 posts
  • Location:Nantes - France
  •  
    France

Posted 04 May 2015 - 02:53 PM

Attaching a zip containing makebcd.bat, offline.reg and offreg.dll and a generated BCD.

 

This should be user friendly enough :)

Attached Files



#58 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13443 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 04 May 2015 - 03:45 PM

Not sure it would apply to a proxy for ImDisk as ImDisk is meant to talk to a filesystem (an offset, a length) like ewf, vmdk, etc ...

That means I would have to emulate some sort of filesystem? FAT or else ...

Well, the whole point I am trying to deliver since several years (failing miserably :frusty:, BTW) is that a database is a filesystem, a filesystem is a (primitive) database and the Windows Registry format is a (badly implemented) database :

https://rwmj.wordpre...ks-technically/

or actually not a database but rather a filesystem, with MOST of the same features of a particular filesystem (namely NTFS).

 

Think at 7-zip :w00t: it accesses archives (and filesystems for that matters) exactly if they were filesystems, so I would go a little further and state that almost *any* multi-file archive formats are both (primitive) databases and filesystems.

 

Now, imagine to access a NTFS filesystem as if it was a database or actually converting the index of a disk into a database:

http://reboot.pro/to...r-xp-behaviour/

http://www.primitive...sk-indexer.html

 

You can think at both a filesystem and a database as being essentially the same kind of object that a given app can render more like a database or more like a filesystem (though an Explorer view of a filesystem is not that much different from -say - a Regedit view).

 

And the given resource:

https://rwmj.wordpre...ks-technically/

brings us to:

http://libguestfs.org/hivexsh.1.html

which is a Linux read/write tool that essentially threats a hive as if it was a filesystem, sporting commands like ls, cd and cd..  

:duff:

Wonko



#59 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1914 posts
  • Location:Nantes - France
  •  
    France

Posted 04 May 2015 - 04:03 PM

Well, the whole point I am trying to deliver since several years (failing miserably :frusty:, BTW) is that a database is a filesystem, a filesystem is a (primitive) database and the Windows Registry format is a (badly implemented) database :

https://rwmj.wordpre...ks-technically/

or actually not a database but rather a filesystem, with MOST of the same features of a particular filesystem (namely NTFS).

 

Think at 7-zip :w00t: it accesses archives (and filesystems for that matters) exactly if they were filesystems, so I would go a little further and state that almost *any* multi-file archive formats are both (primitive) databases and filesystems.

 

Now, imagine to access a NTFS filesystem as if it was a database or actually converting the index of a disk into a database:

http://reboot.pro/to...r-xp-behaviour/

http://www.primitive...sk-indexer.html

 

You can think at both a filesystem and a database as being essentially the same kind of object that a given app can render more like a database or more like a filesystem (though an Explorer view of a filesystem is not that much different from -say - a Regedit view).

 

And the given resource:

https://rwmj.wordpre...ks-technically/

brings us to:

http://libguestfs.org/hivexsh.1.html

which is a Linux read/write tool that essentially threats a hive as if it was a filesystem, sporting commands like ls, cd and cd..  

:duff:

Wonko

 

 

Fully aggree and have been thinking the same for years.

 

But... From a coder point of view, this gives me headache :)

Windows expects a filesystem so one way or the other a design & logic will be needed to interface the registry (or any database for that matter) with windows.

 

You do the design and logic and I then would be tempting to consider writing a proxy for ImDisk, possibly built on the libregf library posted above (now you see this can have some use ;) ).

 

Interestingly, if this works with for a registry hive, this could be adapted to about any file/container (zip, etc ...).

 

Cheers,

Erwan



#60 cdob

cdob

    Gold Member

  • Expert
  • 1315 posts

Posted 04 May 2015 - 04:08 PM

As mentionned in a previous thread, bootice seems to be using that combinations too (looking at what is displayed on screen).

I can't set this at bootice.
"locate" refers to vhd or ramdisk only.
I can't connect a flag file at locate mode.

#61 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1914 posts
  • Location:Nantes - France
  •  
    France

Posted 04 May 2015 - 04:17 PM

I can't set this at bootice.
"locate" refers to vhd or ramdisk only.
I can't connect a flag file at locate mode.

 

have you tried in professional mode? 



#62 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13443 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 04 May 2015 - 04:27 PM

@erwan.l

Well, I brought here on reboot a (working BTW) primitive  filesystem driver for the Registry, in the mentioned thread:

http://reboot.pro/to...s-a-filesystem/

and I also introduced the Pismo thingies:

http://reboot.pro/to...d-virtual-disk/

which includes a way to browse a .zip file as if it was a filesystem:

http://www.pismotechnic.com/pfm/ap/

(which is BTW very similar to the way the Windows builtin zipfld.dll behaves)

 

So I did what I could do as The Finder, after that it's coder's business, but I will do even something more, and introduce you to multi-commander:

http://multicommande...sMultiCommander

which - curiously enough :whistling: - can access several objects, including the Registry, as a filesystem:

http://multicommande...docs/filesystem

http://multicommande...browse-registry

 

The ball is in your court. :smiling9:

 

:duff:

Wonko



#63 cdob

cdob

    Gold Member

  • Expert
  • 1315 posts

Posted 04 May 2015 - 04:30 PM

Not tested at a multi boot environment so far.

Let's continue:

Given one hard disk with a 100 MB, a 27 GB and a 28 GB partition.
First Windows 7 installed to 27 GB partition.
Next Windows 8 installed to 28 GB partition.

Booted a PE
set BCD_store=/store c:\boot\bcd
bcdedit.exe %BCD_store% /set {bootmgr} displaybootmenu yes
bcdedit.exe %BCD_store% /set {bootmgr} device boot

reg.exe load HKLM\bcd c:\boot\bcd
rem reuse a defined entry: 32000004 SdiPath https://msdn.microsoft.com/library/windows/desktop/aa362645.aspx
reg.exe ADD "HKLM\bcd\Objects\{9e2fcb66-f272-11e4-ac27-f12df1456378}\Elements\11000001" /v Element /t REG_BINARY /d 0000000000000000000000000000000008000000000000001e000000000000000000000004000032000000000000 /f
reg.exe ADD "HKLM\bcd\Objects\{9e2fcb66-f272-11e4-ac27-f12df1456378}\Elements\21000001" /v Element /t REG_BINARY /d 0000000000000000000000000000000008000000000000001e000000000000000000000004000032000000000000 /f
reg.exe ADD "HKLM\bcd\Objects\{9e2fcb66-f272-11e4-ac27-f12df1456378}\Elements\32000004" /v Element /t REG_SZ /d \windows\Windows.777  /f

reg.exe ADD "HKLM\bcd\Objects\{9e2fcb6a-f272-11e4-ac27-f12df1456378}\Elements\11000001" /v Element /t REG_BINARY /d 0000000000000000000000000000000008000000000000001e000000000000000000000004000032000000000000 /f
reg.exe ADD "HKLM\bcd\Objects\{9e2fcb6a-f272-11e4-ac27-f12df1456378}\Elements\21000001" /v Element /t REG_BINARY /d 0000000000000000000000000000000008000000000000001e000000000000000000000004000032000000000000 /f
reg.exe ADD "HKLM\bcd\Objects\{9e2fcb6a-f272-11e4-ac27-f12df1456378}\Elements\32000004" /v Element /t REG_SZ /d \windows\Windows.888  /f

reg.exe unload HKLM\bcd
.
 

Windows Boot Manager
identifier {bootmgr}
device boot

Windows Boot Loader
identifier {default}
device locate=custom:32000004
description Windows 8.1
osdevice locate=custom:32000004
custom:32000004 \windows\Windows.888

Windows Boot Loader
identifier {9e2fcb66-f272-11e4-ac27-f12df1456378}
device locate=custom:32000004
description Windows 7
osdevice locate=custom:32000004
custom:32000004 \windows\Windows.777


Bootmgr "Windows 8.1" does boot windows 8.
Bootmgr "Windows 7" does boot windows 7.

Dual boot locate does work.
 
Spoiler
Some work to do still: hyperfile and recovery mode contains fixed 'letters' still.

#64 misty

misty

    Silver Member

  • Developer
  • 703 posts
  •  
    United Kingdom

Posted 04 May 2015 - 07:10 PM

@cdob
:worship: Fantastic. Nice to see the use of a tag file as a workaround in a multiboot setup. Just out of curiosity, is it possible to use BCDEDIT.exe to add the data for entry/element 32000004 (in your example \windows\Windows.888 and \windows\Windows.777)?
 

...Some work to do still: hyperfile and recovery mode contains fixed 'letters' still.

Good luck - please let us know how you get on with this.


@everyone
So, based upon information in this thread, when locate is used as a path -

the following code looks for custom:32000004 (using the data in element 32000004 as the search path) -
0000000000000000000000000000000008000000000000001e000000000000000000000004000032000000000000
and the following code looks for custom:22000002 (using the data in element 22000002 as the search path) -
0000000000000000000000000000000008000000000000001e000000000000000000000002000022000000000000
and the following code looks for custom:12000002 (using the data in element 12000002 as the search path) -
0000000000000000000000000000000008000000000000001e000000000000000000000002000012000000000000
I'm not sure how to convert to hex offsets however, counting pairs of digits (starting from 0 for the first pair) -
  • the 16th pair of digits is the same in all three elements - 08
  • the 24th pair of digits is the same in all three elements - 1e
The 36th - 39th (? offsets 0x24 - 0x27) pairs of digits differ in all elements -
  • 04000032 - equates to element 32000004
  • 02000022 - equates to element 22000002
  • 02000012 - equates to element 12000002
Presumably the pairs of digits are translated from right to left, so in the first instance above - 04,00,00,32 becomes 32 00 00 04

According to Wonko's post (#21), the 16th pair of digits corresponds with offset 0x10. Based on the information in Wonko's post, and thanks to cdob, we now know (or at least suspect) the following about values at offset 0x10 (the 16th pair of digits) -
  • 05 - boot device
  • 06 - tied to a specific device and partition offset
  • 08 - custom/locate
I'm no closer to using Linux to create a windows setup, however I've learned a hell of a lot about BCD stores :thumbsup:

Regards,

Misty

#65 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1914 posts
  • Location:Nantes - France
  •  
    France

Posted 04 May 2015 - 07:27 PM

Tiny detail : 08 is at offset 16 (0 being the first offset) or at the 17th position (starting count at 1).

Same for 1e : 25th pair of digits or at offset 24, etc ...

 

Just to avoid confusion (I had to count a few times before writing this :) )



#66 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13443 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 04 May 2015 - 07:29 PM

@cdob 

Very nice. :)

 

@Misty

It is not "according to Wonko", 0x10 means 16 decimal for everyone.

 

Do yourself a favour, copy any of the strings you posted, run tiny hexer and Edit->Paste to new, checking "Hex text".

See attached screenshots.

 

 

Spoiler

 

@erwan.l

But Misty considered the first couple of 00's as being in the 0th :w00t: position.

 

@All

The easiest way to translate "offset" is to count how many items are BEFORE the given one.

And, just like when you count cows, where you can count horns and divide by two ;) you can count numbers/characters and divide by two. (for the record, the approach to counting cows by counting legs and dividing by four has proved historically more complex and prone to errors)

 

:duff:

Wonko

Attached Thumbnails

  • tinyhexerstep1.jpg
  • tinyhexerHEP.jpg


#67 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1914 posts
  • Location:Nantes - France
  •  
    France

Posted 04 May 2015 - 07:37 PM

@cdob 

Very nice.

 

@Misty

It is not "according to Wonko", 0x10 means 16 decimal for everyone.

 

Do yourself a favour, copy any of the strings you posted, run tiny hexer and Edit->Paste to new, checking "Hex text".

See attached screenshots.

 

 

Spoiler

 

:duff:

Wonko

 

@Wonko : I am surprised you did not correct the "at offset 16" versus "16th pair" (which is actually the 17th pair) ;)

 

You are getting old ;)



#68 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13443 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 04 May 2015 - 07:42 PM

@Wonko : I am surprised you did not correct the "at offset 16" versus "16th pair" (which is actually the 17th pair) ;)

 

You are getting old ;)

Naah I am just getting a tadbit SLOWer, we cross posted. check my preious post (edited in the meantime), and you are not that much attentive, Misty did specify he started counting from 0.

 

:duff:

Wonko



#69 misty

misty

    Silver Member

  • Developer
  • 703 posts
  •  
    United Kingdom

Posted 04 May 2015 - 07:56 PM

@Wonko

@Misty

It is not "according to Wonko", 0x10 means 16 decimal for everyone.

It's means very little to me - I had to use (educated) guess work and a web based converter! Thanks for the tinyhexer tips though. Plain text I can almost cope with - staring at all these bloody numbers in BCD stores (particularly mounted in regedit) is driving me crazy :frusty:

@everyone
Following is from a sysprepped BCD store - from a Windows 8.1 (64-bit Enterprise Evaluation) installed in a UEFI virtual machine. I've limited it to just the Operating System entries.

Output from running bcdedit /enum all /v -
Windows Boot Loader
-------------------
identifier              {d606d18b-f2b6-11e4-b80a-aaa13d7f1ed9}
device                  locate=custom:12000002
path                    \Windows\system32\winload.efi
description             Windows 8.1
locale                  en-US
inherit                 {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoveryenabled         No
custom:16000060         Yes
custom:17000077         352321653
osdevice                locate=custom:22000002
systemroot              \Windows
resumeobject            {d606d18a-f2b6-11e4-b80a-aaa13d7f1ed9}
nx                      OptIn
custom:250000c2         1
Exported registy file -
[HKEY_LOCAL_MACHINE\_BCD3\Objects\{d606d18b-f2b6-11e4-b80a-aaa13d7f1ed9}]

[HKEY_LOCAL_MACHINE\_BCD3\Objects\{d606d18b-f2b6-11e4-b80a-aaa13d7f1ed9}\Description]
"Type"=dword:10200003

[HKEY_LOCAL_MACHINE\_BCD3\Objects\{d606d18b-f2b6-11e4-b80a-aaa13d7f1ed9}\Elements]

[HKEY_LOCAL_MACHINE\_BCD3\Objects\{d606d18b-f2b6-11e4-b80a-aaa13d7f1ed9}\Elements\11000001]
"Element"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,08,00,00,00,00,\
  00,00,00,1e,00,00,00,00,00,00,00,00,00,00,00,02,00,00,12,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\_BCD3\Objects\{d606d18b-f2b6-11e4-b80a-aaa13d7f1ed9}\Elements\12000002]
"Element"="\\Windows\\system32\\winload.efi"

[HKEY_LOCAL_MACHINE\_BCD3\Objects\{d606d18b-f2b6-11e4-b80a-aaa13d7f1ed9}\Elements\12000004]
"Element"="Windows 8.1"

[HKEY_LOCAL_MACHINE\_BCD3\Objects\{d606d18b-f2b6-11e4-b80a-aaa13d7f1ed9}\Elements\12000005]
"Element"="en-US"

[HKEY_LOCAL_MACHINE\_BCD3\Objects\{d606d18b-f2b6-11e4-b80a-aaa13d7f1ed9}\Elements\14000006]
"Element"=hex(7):7b,00,36,00,65,00,66,00,62,00,35,00,32,00,62,00,66,00,2d,00,\
  31,00,37,00,36,00,36,00,2d,00,34,00,31,00,64,00,62,00,2d,00,61,00,36,00,62,\
  00,33,00,2d,00,30,00,65,00,65,00,35,00,65,00,66,00,66,00,37,00,32,00,62,00,\
  64,00,37,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\_BCD3\Objects\{d606d18b-f2b6-11e4-b80a-aaa13d7f1ed9}\Elements\16000009]
"Element"=hex:00

[HKEY_LOCAL_MACHINE\_BCD3\Objects\{d606d18b-f2b6-11e4-b80a-aaa13d7f1ed9}\Elements\16000060]
"Element"=hex:01

[HKEY_LOCAL_MACHINE\_BCD3\Objects\{d606d18b-f2b6-11e4-b80a-aaa13d7f1ed9}\Elements\17000077]
"Element"=hex:75,00,00,15,00,00,00,00

[HKEY_LOCAL_MACHINE\_BCD3\Objects\{d606d18b-f2b6-11e4-b80a-aaa13d7f1ed9}\Elements\21000001]
"Element"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,08,00,00,00,00,\
  00,00,00,1e,00,00,00,00,00,00,00,00,00,00,00,02,00,00,22,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\_BCD3\Objects\{d606d18b-f2b6-11e4-b80a-aaa13d7f1ed9}\Elements\22000002]
"Element"="\\Windows"

[HKEY_LOCAL_MACHINE\_BCD3\Objects\{d606d18b-f2b6-11e4-b80a-aaa13d7f1ed9}\Elements\23000003]
"Element"="{d606d18a-f2b6-11e4-b80a-aaa13d7f1ed9}"

[HKEY_LOCAL_MACHINE\_BCD3\Objects\{d606d18b-f2b6-11e4-b80a-aaa13d7f1ed9}\Elements\25000020]
"Element"=hex:00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\_BCD3\Objects\{d606d18b-f2b6-11e4-b80a-aaa13d7f1ed9}\Elements\250000c2]
"Element"=hex:01,00,00,00,00,00,00,00
As you can see, there are a number of additional custom entries.

Regards,

Misty

P.s. I've attached the BCD store - Attached File  BCD.UEFI.Sysprepped.zip   6.47KB   269 downloads

#70 cdob

cdob

    Gold Member

  • Expert
  • 1315 posts

Posted 04 May 2015 - 09:43 PM

As you can see, there are a number of additional custom entries.

I understand:
bcdedit shows a translated view, only known entries are translated to a name.
bcdedit dosn't know all entries.
Unknown/not relating ones are marked as custom.
bcdedit version is importand too: use a windows 8 bcdedit to read a windows 8 bcd file.

16000060 matches BcdLibraryBoolean_IsolatedExecutionContext
https://msdn.microso...p/aa362652.aspx

32000004 SdiPath is a hack: dosn't make sense at a 'Windows Boot Loader' section.
https://msdn.microso...p/aa362645.aspx
There won't be a SdiPath at a 'Windows Boot Loader' section.
Therefore it's free to mishandle it at a 'Windows Boot Loader'.
Bcdedit would translate 32000004 at a 'Device options' section.

Bootmgr supports known entries only: a fake/unknown 11000002 resulted to a boot error.
32000004 is a work around at a 'Windows Boot Loader' section.

And yes, I expect working locate at UEFI mode too.

As for the first question applying from linux:
I recommend to use sysprep before.
And to grab \windows and (\boot\ or \efi\) files.
In addition: a default install.wim and a syspreped bcd file should work, not tested.
  • misty likes this

#71 misty

misty

    Silver Member

  • Developer
  • 703 posts
  •  
    United Kingdom

Posted 04 May 2015 - 10:26 PM

@cdob

I understand:
bcdedit shows a translated view, only known entries are translated to a name.
bcdedit dosn't know all entries.
Unknown/not relating ones are marked as custom.
bcdedit version is importand too: use a windows 8 bcdedit to read a windows 8 bcd file.

Oops! Thanks for pointing out the obvious without calling me stupid. Completely forgot to use a Windows 8.1 bcdedit.

Output from running bcdedit /enum all /v (this time using bcdedit from Windows 8.1) -
 
Windows Boot Loader
-------------------
identifier              {d606d18b-f2b6-11e4-b80a-aaa13d7f1ed9}
device                  locate=custom:12000002
path                    \Windows\system32\winload.efi
description             Windows 8.1
locale                  en-US
inherit                 {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoveryenabled         No
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                locate=custom:22000002
systemroot              \Windows
resumeobject            {d606d18a-f2b6-11e4-b80a-aaa13d7f1ed9}
nx                      OptIn
bootmenupolicy          Standard
Full output -

Spoiler


Thanks also for the other useful information :cheers:

Misty

#72 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13443 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 05 May 2015 - 09:26 AM

@Wonko
It's means very little to me - I had to use (educated) guess work and a web based converter! Thanks for the tinyhexer tips though. Plain text I can almost cope with - staring at all these bloody numbers in BCD stores (particularly mounted in regedit) is driving me crazy :frusty:

Try looking at it this way ;):
Dec00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748
Hex000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30
===0000000000000000000000000000000008000000000000001e000000000000000000000004000032000000000000

 

About Linux usage, as said direct hex-edit is perfectly possible, but it has to be tested if the given set of programs:

http://libguestfs.org/

namely as it is the one with user interaction on command line and thus that can be easily scripted in bash or similar:

http://libguestfs.org/hivexsh.1.html

works to modify the base "template" BCD (it should) but likely one could use instead:

http://libguestfs.or...xregedit.1.html

with a suitable "regedit like" file.

Or - as initially suggested - if Python is available, use the given Python library:

https://bitbucket.or...libbcd/overview

which is more "targeted" (and possibly "limited") but that shoudl do nicely.

 

:duff:

Wonko



#73 cdob

cdob

    Gold Member

  • Expert
  • 1315 posts

Posted 09 May 2015 - 04:14 PM

Some work to do still: hyperfile and recovery mode contains fixed 'letters' still.

The settings relates to installed windows, and dosn't exist at a sysprepped image.

We have to differ: do we use sysprep or not?

with sysprep:
Set 'Windows Boot Manager' and memtest to boot and 'Windows Boot Loader' to locate.
Windows setup will set proper settings at first boot for other parts.


without sysprep:
memtest is located at boot device: set device 'boot'

hyberfil.sys: set device to 'locate', search the tag file names from 'Windows Boot Loader' too
reg.exe ADD "HKLM\bcd\Objects\{9e2fcb65-f272-11e4-ac27-f12df1456378}\Elements\11000001" /v Element /t REG_BINARY /d 0000000000000000000000000000000008000000000000001e000000000000000000000004000032000000000000 /f
reg.exe ADD "HKLM\bcd\Objects\{9e2fcb65-f272-11e4-ac27-f12df1456378}\Elements\21000001" /v Element /t REG_BINARY /d 0000000000000000000000000000000008000000000000001e000000000000000000000004000032000000000000 /f
reg.exe ADD "HKLM\bcd\Objects\{9e2fcb65-f272-11e4-ac27-f12df1456378}\Elements\32000004" /v Element /t REG_SZ /d \windows\Windows.777  /f

reg.exe ADD "HKLM\bcd\Objects\{9e2fcb69-f272-11e4-ac27-f12df1456378}\Elements\11000001" /v Element /t REG_BINARY /d 0000000000000000000000000000000008000000000000001e000000000000000000000004000032000000000000 /f
reg.exe ADD "HKLM\bcd\Objects\{9e2fcb69-f272-11e4-ac27-f12df1456378}\Elements\21000001" /v Element /t REG_BINARY /d 0000000000000000000000000000000008000000000000001e000000000000000000000004000032000000000000 /f
reg.exe ADD "HKLM\bcd\Objects\{9e2fcb69-f272-11e4-ac27-f12df1456378}\Elements\32000004" /v Element /t REG_SZ /d \windows\Windows.888  /f
.

Windows recovery boot.sdi and Winre.wim
boot.sdi can be set to locate
reg.exe ADD "HKLM\bcd\Objects\{9e2fcb68-f272-11e4-ac27-f12df1456378}\Elements\31000003" /v Element /t REG_BINARY /d 0000000000000000000000000000000008000000000000001e000000000000000000000004000032000000000000 /f
.

Winre.wim: no luck to set loctate, I've no solution.
Work arrounds:
-fix setting at first boot to windows
-move the files boot.sdi and Winre.wim to the boot device (resize the 100 mb partition) and set device to 'boot'

#74 misty

misty

    Silver Member

  • Developer
  • 703 posts
  •  
    United Kingdom

Posted 23 May 2015 - 10:24 PM

My previous attempts to use BCDEdit.exe to change elements to use locate=custom:******** (e.g. device LOCATE=custom:12000002) failed - I now realise that this was due to me not using the correct command syntax.

The BCDEdit help topics pointed me in the right direction -

bcdedit.exe /? /FORMATS
Spoiler


bcdedit.exe /? /TYPES CUSTOMTYPES
Spoiler


So the correct syntax is -
bcdedit /set {guid} device LOCATE=custom:0x12000002 
Adapting the batch in post #9 (for creating a generic BCD store) -
 
@echo off
:_start

::_____________________________________________________________

setlocal
set LABEL=Windows
set BCDEDIT=bcdedit.exe
set BCDSTORE=%~dp0BCD

cls
Echo Creating store...
%BCDEDIT% /createstore %BCDSTORE%
echo.
echo.

Echo Creating bootmgr entry...
%BCDEDIT% /store %BCDSTORE% /create {bootmgr}
%BCDEDIT% /store %BCDSTORE% /set {bootmgr} description "Boot Manager"
%BCDEDIT% /store %BCDSTORE% /set {bootmgr} device boot
%BCDEDIT% /store %BCDSTORE% /set {bootmgr} timeout 20
echo.
echo.

Echo Adding Windows entry...
for /f "tokens=2 delims={}" %%g in ('%BCDEDIT% /store %BCDSTORE% /create /d %LABEL% /application osloader') do set guid={%%g}
echo guid=%guid%
%BCDEDIT% /store %BCDSTORE% /set %guid% device LOCATE=custom:0x12000002 
%BCDEDIT% /store %BCDSTORE% /set %guid% path \Windows\system32\winload.exe
%BCDEDIT% /store %BCDSTORE% /set %guid% osdevice LOCATE=custom:0x22000002 
%BCDEDIT% /store %BCDSTORE% /set %guid% systemroot \Windows
%BCDEDIT% /store %BCDSTORE% /displayorder %guid% /addlast
%BCDEDIT% /store %BCDSTORE% /default %guid%
echo.
echo.
endlocal
pause
:_end
It's a bit more user friendly than mounting the BCD store as a registry hive in order to make the edits.

Regards,

Misty

#75 misty

misty

    Silver Member

  • Developer
  • 703 posts
  •  
    United Kingdom

Posted 23 May 2015 - 10:47 PM

Update - information in my previous post applies to the bcdedit version included with Windows 8.1 - just completed a quick test using the Windows 7 (SP1) version and it didn't work -

The device is not valid as specified.
Run "bcdedit /?" for command line assistance.
The parameter is incorrect.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users