To decrypt a hidden partition in a Win7

Source: Internet
Author: User
Tags decrypt

Bare Metal New Installation of Windows 7 users, after the installation is complete run Diskmgmt.msc Open Disk Manager, you can see in the system partition (typically C partition) has a size of 200MB hidden partition. What is the connection between this particular hidden partition and the Windows 7 system? Let's find out what's going on here.

1. Partition status

The partition is formatted as NTFS, has no disk volume label, and does not have a drive letter assigned to it, and its disk status is described as: system, activity, primary partition. Because there is no drive letter, it is not visible in the resource manager. (Figure 1)

2, what is in this section?

In order to find out, the author assigned a drive letter F. To do this, select the partition in Disk Manager and right-click to select the change Drive letter and Path Pop-up wizard. Click the Add button to select "Assign the following drive letter" in the pop-up dialog box, and then click the Drop-down list to choose F from, and then "OK" to exit. Next turn on "computer" to see a new disk partition F, into which there are two hidden directory boot and system Volume information, plus two hidden files bootmgr and Bootsect.bak. There is no doubt that Windows 7 holds the system's boot files in the hidden partition. (Figure 2)

3, add the partition number will affect the system to start it?

Next we reboot the system to see if the above operation (the add letter) will affect the start of Windows 7. The test result system starts normally, the above modification does not affect the system boot. This is very well understood, for the boot partition reassignment letter operation does not modify the system's boot file, nor does it modify the disk boot sector. It is obvious that Microsoft has placed the Windows 7 boot file in a separate, hidden partition, and must be protected from the boot file. (Figure 3)

4. Can I return the partition to the hidden mode?

Now that the hidden partition is to protect the system boot file, let's test to see if you can undo the drive letter that you just gave it. Right-click the partition to select Change Drive letter and path, and try the change or remove drive letter to show "cannot delete/change the volume's drive letter" because the volume is a system or boot volume. Thus, the process of adding a drive letter for this particular hidden partition in Windows 7 is irreversible. (Figure 4)

5, delete the file in the partition affect system startup?

Let's try to remove the system boot file from the partition. The author registers the system with the administrator, enters the F partition then carries on the file deletion. During the deletion process, some of the files were found that could not be deleted, showing "file is in use" or prompting "no permission to delete." It then tried to give "full Control" to the administrator, and the result was rejected. The test found that even the system does not have full Control permissions, only Trusterinstaller users have full control. This user is unique to Windows 7 and has a single task that is related to system installation and does not have that user in Windows 7 users and Groups (LUSRMGR.MSC). Let's see if any of the files in the partition will affect the system startup after it has been deleted. Reboot the system, no problem the system starts normally. As you can see, the file we just deleted has nothing to do with system startup, and the files that are actually related to system startup cannot be deleted. (Figure 5)

6. Does the deletion of the partition affect the system startup?

Through Disk Manager, the author attempts to "format", "Delete volume" can not be successful, visible windows 7 protection of the partition is very good. Now that the system tools are not working, try a third-party tool. The author uses acronis Disk Director Suite 10.0 to test, using the tool to remove the partition and its above data, and then restart the system. Show "BOOTMBR is missing" that the primary boot sector is missing and the system will not boot. Thus, the system's boot files and the primary boot partition information for the disk are saved in the hidden partition. (Figure 6)

Summary: The above tests uncover the mystery of this hidden partition, which is critical to Windows 7, which holds information about the system boot file and the disk boot sector. If it is lost or destroyed, it will be disastrous for Windows 7. In general, saving the Windows 7 boot file in a hidden partition has undoubtedly enhanced its security. However, because a single target can easily become an object of attack. Therefore, we recommend that you do not assign a drive letter for the hidden partition, so that you can eliminate the human or virus Trojan to a large extent.

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.