Windows startup options (MSDN reading notes)

If you have multiple systems installed on a single computer, you will have multiple boot options. Let's talk about Windows startup options today.

The startup options for Windows are stored in the system or in RAM, and as to where they are stored, related to the version of the system and the version of the processor, such as:

System	Position
XP, server2003, and previous systems	BIOS firmware: stored in boot. ini EFI firmware: stored in non-volatile RAM (NVRAM)
Vista, server2008 and later systems	stored in Windows Components

How to load the boot entry on the system boot:

XP, server, etc., boot loader directly read boot or RAM startup options, according to the settings to display;

Vista, server2008, and later systems, the boot loader invokes the Windows component and gives the system execution to the component, the component runs, and the startup information in the component is displayed.

If there are multiple systems, each system has a boot entry for each system, and it is important to note that the Windows component can interact with boot or RAM to get the boot information in it.

If more than one system is present and the new version of the system is started, the Windows component in the front partition is launched, and if there are multiple systems but there are new systems and old systems in multiple systems, the components in the new system that are located on the front partition are started and used to obtain all the boot information and display.

Next, let's look at how to edit the startup item:

1. The old version directly modifies boot or RAM, where boot can be edited directly with bootcfg or a text editor, but Ram needs to be read and written by special tools such as bootcfg, nvrboot.

2. The new version of the boot information is stored in the component, so it cannot be directly modified and needs to be managed through the tools provided by window: Bcdedit or msconfig.

The above three ways, each has a storage format, management tools have their own usage, Microsoft Official website has been described and there are Chinese text, here no longer repeat, there is a need to go directly to the MSDN view.

How to tell if a host is an EFI firmware or a BIOS firmware:

Method One: Check the product specification;

Method Two: Open a command prompt, enter msinfo32 and then return, will pop up a computer hardware information panel, in the right of the BIOS mode, if the traditional is the BIOS firmware, if EFI is the UEFI firmware.

ps://firmware is OK when the computer is factory, it is not related to the installed system.

Daily ask:

Question: Why should I learn these things as an information security practitioner?

Personal Answer:

• • In the post-infiltration phase, the target computer does not work properly by modifying the startup item (spoof)

  • In the post-infiltration phase, by uploading your own written boot loader and modifying the startup item to let the target system break into the system, first execute our program to achieve some effect

What good ideas do you have, welcome to the evaluation

This article is from the "Execute" blog, so be sure to keep this source http://executer.blog.51cto.com/10404661/1946854

Windows startup options (MSDN reading notes)