I. Changes in Windows Boot Mode
For a computer, the startup of the operating system is a key step. If the operating system cannot be started normally, the computer can only be regarded as a pile of scrap iron. For Microsoft Windows operating systems that currently occupy a large number of desktop computer market fields, the normal startup of these operating systems will affect all users who use the Microsoft Windows operating system. As we all know, Windows boot methods have undergone many changes before and after, basically every generation of Windows OS, Windows boot methods need to change once. Windows Vista, as the pioneer in the 6th-generation Windows operating system, has changed its startup mode again.
In Windows Vista, both the early Boot Mode in pure DOS mode and the ntldr + ntdetect.com Boot Mode adopted by Windows 2000/XP/Server 2003 are discarded. A component called Boot Manager replaces ntldr + ntdetect.com as a Windows Boot mode adopted by Microsoft in Windows Vista.
In Windows Vista, when you start a computer, the BIOS starts to run. The BIOS reads the records of the primary Boot Sector (MBR) from the boot device, then, the control is handed over to the startup code stored in the MBR. Then Boot Manager starts and reads the startup project information from the Boot Configuration Data (BCD) and displays the information on the screen, and wait for the user to select. After you select a startup project, the Boot Manager obtains the startup parameters and configuration information from the BCD based on your selection, and then starts the system Boot process.
For a host installed with Windows Vista, Microsoft will modify the start sector of the active primary partition (Windows Installer will write MBR content in the first sector of the disk ), use the new start slice content to replace the original start slice content. Classic error message: "Ntldr is missing" will be replaced by "Bootmgr is missing.
Ii. Explanation of BCD
As mentioned above, a new Boot component Boot Manager is introduced in Windows Vista. The Boot Manager will be responsible for the initialization and Boot of the Windows operating system, and there will be a data repository to match with it: boot Configuration Data, BCD for short.
In BCD, it contains the startup parameter configuration information of the Windows operating system and all information about how to start Windows Vista and Windows Server Code Name "Longhorn. Before using BCD, the information is stored in the Boot. ini file (based on the BIOS operating system) or in non-volatile memory (based on the EFI operating system ). In Windows Vista, all this information is stored in BCD.
After the Boot Manager is installed, the Windows Installer stores BCD data in the root directory of the active partition, which is usually the C: \ Boot directory. In this Boot directory, the Windows Installer will create a file named BCD without the extension.
The C: \ Boot \ BCD file is the entire BCD database. When running Windows Vista, this file cannot be deleted or renamed because the system keeps occupying it. If you delete this file and you have installed the Boot Manager, your system will not be able to start because the Boot Manger cannot find a suitable BCD data file for use.
To modify the BCD data content, you can use the following methods:
QUOTE:
1. Use advanced options in system properties to modify the settings. In Windows 2000/XP/Server 2003, you can use the advanced options in system properties to modify the startup mode. Because all the startup information in Windows Vista is stored in the BCD database, when you use the advanced options in system properties to modify the startup parameters, actually, the modification is the content of the BCD database.
2. Use the dedicated BCD modification tool bcdedit.exe that comes with Windows Vista to modify it. Bcdedit.exe basically covers the operation content of all BCD projects, not only editing and deletion, but also creation and replication. For how to use bcdedit.exe, see the Windows Vista help manual.
3. Use msconfig.exe. Because all the startup information in Windows Vista is stored in the BCD database, when you use msconfig.exe to modify the Windows vista startup volume, you can also use msconfig.exe to modify and configure the BCD database.
4. Use a third-party tool for modification. You can use the bcd wmi interface provided by Windows Vista to modify and configure the BCD database.
The above four points are the modification methods recommended by Microsoft. In addition, there is also a method that is violent and needs to be familiar with BCD that is not mentioned, this method is too dangerous, so it is not recommended. Unless you encounter something you have to do.
Iii. decrypt BCD
[Warning: the operations shown in this chapter are highly risky. We do not recommend exemplary operations.]
As described above, the BCD database file is stored in the C: \ Boot \ BCD file. What is special about this file?
We know that the boot information configuration file for Windows 2000/XP/Server 2003 is an INI file, which is stored in plain text and can be edited using any text editor. Convenient operations also pose some hidden dangers to the system. Any computer virus or malicious program can rewrite the Boot. ini file, making the user's system startup different. Fortunately, we have never heard of the large-scale prevalence of this computer virus. This is a small change in Windows Vista, which may be unrelated to security, but this small change is enough to increase the difficulty of illegally modifying the boot mode, this is because in Windows Vista, the startup information is not stored in plain text, but stored in a formatted file, which is the BCD described above.
To decrypt BCD, you must study its file format and use any hexadecimal editing tool to open the C: \ Boot \ BCD file, which is in the format of-03 bytes, we can see a very obvious flag string: regf ().
Anyone familiar with the Windows registry knows that in Windows 2000/XP/Server 2003, any registry key (whether a subkey or a root key) can be exported as a hive file, in addition, the Windows API functions RegSaveKey () and RegSaveKeyEx () can also export the registry as a hive file through software development. If you have studied the hive file in the Windows registry, you will know that the first four bytes of the imported hive file must be "regf ". Windows Vista plugin or other tools. The premise is that you need to be familiar with the file structure of the BCD file.
The following describes in detail the meanings of the registry items in some common BCD files:
In Windows Vista, run regedit.exe to open the Registry Editor. Locate the HKEY_LOCAL_MACHINE \ BCD00000000 key, and expand the key to see the complete BCD file content. This is because Windows Vista has loaded the BCD file to the system's HKEY_LOCAL_MACHINE Root Key.
For BCD files, we only need to pay attention to the content in Objects. In Objects, there are many subkeys named after CLSID, each of which has a special meaning, for Windows Startup, the sub-keys of the startup Item always appear in pairs. As shown in, {50c73d4c-e6b3-11108bc73-d30cdb1ce216} and {50c73d4d-e6b3-11108bc73-d30cdb1ce216} are a pair. The only difference is that the last character of the first segment is different, and the rest of the content is identical. The Boot Manager of Windows Vista identifies different startup projects based on CLSID.
Expand each CLSID key. Generally, there are two key words: Description and Elements. At the bottom of the Elements key, child keys of different trees exist. Each child key represents a different meaning. Some are displayed content, some point to some special programs or directories for Windows Vista startup, and others are related to Windows Vista startup parameters.
For example:
QUOTE:
☆The Element string content under the 12000004 key is used to set the content to be displayed on the Boot menu of the Boot Manager. As shown in, I have changed the Microsoft Windows text on the default Start Menu after Windows Vista is installed to Microsoft Windows Vista Beta 2X86 EN. In this way, when the system is started, you can clearly know the installed version of Windows Vista.
☆The 12000005 key is used to specify the language of the Boot Manager. If the Simplified Chinese version of Windows Vista is installed, the content here must be zh-CN. If you want to use the English version of Boot Manager, you only need to change it to en-US. However, the premise is that you need to have an en-US directory under the C: \ Boot directory, and there is a corresponding en-US resource file.
☆The 42000002 key is used to specify the boot program for Windows Vista. In Windows Vista, the Bootstrap program has been changed to winload.exe.
☆The 22000002 node is used to specify the name of the system directory after Windows Vista is installed. The default value is the Windows directory.
☆In sleep mode, the 22000002 node is used to point to the file name of the sleep object. The default value is the hiberfil. sys file.
☆42000002 node is used to set the program that completes the conversion of sleep status to normal state when waking up from sleep mode. In Windows Vista, this program is called winresume.exe.
☆If an early Operating System Using NTLDR Boot is installed, such as Windows 2000/XP/Server 2003, a CLSID named {466f5a88-0af2-4f76-9038-095b170dc21c} appears in the Boot Manager, this CLSID is used to represent the name of the boot program of the operating system that adopts NTLDR startup mode. After you select the Earlier version of Windows menu item from the Boot Manager, The Boot Manager calls the Boot program of the early Windows operating system based on the Content pointed to by the 12000002 node. The default value is NTLDR.
☆{ 9dea862c-5cdd-4e70-acc1-f32b344d4795} is a CLSID dedicated to representing Windows Boot Manager.
☆Under the key {9dea862c-5cdd-4e70-acc1-f32b344d4795}, there is a subkey named 24000001, which is used to specify the CLISD Number of the Operating System Startup menu to be displayed on Windows Boot Manager. 24000001 the Element key of the subkey is a registry key value of the REG_MULTI_SZ type, which indicates that multiple contents can be written. In my system, there are three key-value data items, which indicates that my system has at least three operating systems installed, in addition, early Windows operating systems with NTLDR boot are installed.
In fact, the problem reflected by the Element key value is indeed consistent with the actual situation, I did install Windows XP, Windows Vista Beta 2X86 EN, and Windows Vista Beta Build 5XXX on my machine. \
Note that the Windows Memory Diagnostic project added to Windows Vista does not belong to the {9dea862c-5cdd-4e70-acc1-f32b344d4795} key, which exists as a separate key {b2721d73-1db4-4c62-bf78-c548a880142d.
Finally, it should be noted that Windows Vista uses protection measures for the BCD key. By default, Windows Vista only allows the SYSTEM user to have full control over this key, while the Administrators group users only have read permission and have no write and shooting permission. Other types of users do not have the permission to view.
In other words, to modify this key, you need to manually adjust the Security Descriptor content of the Registry. You can adjust the Registry security descriptor by right-clicking the key to be modified, selecting permissions, and clicking Add to add your account to the List, and enabling write permissions, I will not describe it in detail here.
[Note] You can use the Registry Editor to directly modify BCD data only when you have to. In other cases, we recommend that you use four methods provided by Microsoft. After all, it is too difficult and risky to directly modify the BCD file through the Registry Editor!
Iv. Conclusion
This article reveals some basic information about the BCD data format from the convenience of the original data storage format, and does not cover all the content of BCD. From the above description, we can see that there are too many new trends and new things in Windows Vista. It is absolutely impossible for a person to fully master Windows Vista. As a 6th-generation Windows operating system, there are too many things to learn and study.
V. Postscript
BCD is a very complex topic that involves many in-depth Windows technologies. To be clear, more than 10 pages can be completed. This article briefly describes the features of Windows Vista BCD, hoping to help you have a better understanding of Windows Vista.