[[windows]]
 
Trace: » contents » apache » js_bitmap » php » windows

Notes on installing Windows

  1. Programs to examine registry hive files:
    • Perl Parse::Win32Registry module and regdump.pl (Debian: libparse-win32registry-perl).
    • hivex (Debian: libhivex-bin)
  2. Moving an NTFS partition:
    • Tools available on Ubuntu LiveCD and on GParted LiveCD
    • Steps:
      1. Shrink filesystem within partition with ntfsresize (-s to specify size in bytes which will be rounded down to cluster size).
      2. Create new partition (type 7).
        • sfdisk can:
          • edit a single partition (-N2);
          • align partition to sectors (-uS) or cylinders (-uC);
          • write CHS address using given geometry (-C and -H).
        • Should align to 128 sectors (64kB).
      3. Copy filesystem data with dd or ntfsclone.
      4. Enlarge filesystem within partition with ntfsresize (no -s to use entire partition, -f to run even though a check is scheduled by the previous resizing).
      5. The sector address of the partition is recorded in its first sector in little-endian 4 bytes at offset 0x1c. This can be patched:
        • by gparted automatically when it is doing these steps;
        • by hand (dd if=/dev/sda2 count=1 | xxd >sector; vi sector; xxd -r sector >/dev/sda2);
        • by ms-sys automatically:
          • patch src/main.c to remove call to write_partition_physical_disk_drive_id because it overwrites something important;
          • compile with make on Ubuntu LiveCD;
          • bin/ms-sys -p /dev/sda2
        • by TestDisk (download Linux binary) using its boot sector recovery feature (also replaces MFT addresses by scanning the filesystem).
  3. Booting a moved Vista partition:
    • The boot sector loads some more sectors (\$Boot), which then loads \bootmgr, which uses Boot Configuration Data in \Boot\BCD.
    • BCD must be updated after a partition move, otherwise booting results in an instant system reboot.
      • If the sector address of the partition still points to the old location of the partition, booting instead stops on file \Boot\BCD with status 0xc0000225.
      • Running chkdsk from Windows doesn't help (but it does update the backup boot sector).
    • Updating the BCD:
      • The startup repair feature of a Vista installation disc (any version) fixes it.
      • Manually editing:
        • The BCD file is in registry hive format.
        • Objects\{*}\Elements\11000001 binary values contain pointers to the partition. The byte address of the partition is in little-endian 8 bytes (maybe more or fewer) is at offset 0x20 of these values.
          • The values also contain other information identifying the partition, such as the 4-byte disk signature from MBR offset 0x1b8. This shouldn't change if the partition is simply moved on the disk.
        • Replace all instances (e.g. 6 instances, aligned to 4 mod 8 bytes) of the old byte address with the new byte address.
        • Check that the correct values, and all values, were replaced (diff output of regdump.pl -r -v).
  4. Booting with GRUB:
    • GRUB 2 can find \bootmgr, but cannot chainload it (“invalid signature”). Forcing chainloading results in a system hang.
    • chainload +1 works, even if the partition is at the end of the disk.
 
windows.txt · Last modified: 2010/11/23 02:26 by aaz