Jump to content

storage device recognition.


Kullenen_Ask

Recommended Posts

Under winpe all drives can be seen. No problem at drive labels. But for now i discovered to get a full windows boot from ram. When it boots at very short period of time drive labels can be seen but after windows loads all drivers automatically only ramdisk drive can be seen. I can not explore the disks on computer. At device manager at disk drives section all drives listed and loaded but under storage devices i see only general storage. The reason should be when windows loads, it try to load storage drivers but for them to work properly need a reboot and until a reboot storage devices can not work as expected. I try to explain as clear as i can wish you understand what i mean. I wanted to add device manager screenshots to explain more clearly but i could not save anywhere the photos. If i am not wrong, anybody that boots full windows from a vhd or anyway to ram and wants to explore the disk drives on same pc should have same problem. I want "full windows boot to ram" load the drives as "winpe" do. ı have a few ideas but did not try yet. Maybe need delete storage class from system\control\class

Link to comment
Share on other sites


screenshot should be informative.

this is full windows boot to ram. winpeshell.exe not executed. autologins as user.

th_disk.jpg

this is winpe. winpeshell.exe executed. autologins as system user or admin winpe4

th_disk2.jpg

they are complately same system with all files and drivers. only registries modified. their system\controlset1\services brach complately same.

Edited by Kullenen_Ask
Link to comment
Share on other sites

they are complately same system with all files and drivers. only registries modified. their system\controlset1\services brach complately same.

Well, so the issue is probably *something* connected to the MountManager or with the File System Recognizer... the "Free 0 B" in diskpart doesn't look "right".

Without knowing which are the changes in the Registry it is hard to help you pin down the culprit.

Can you try - out of curiosity - to run in the build TESTDISK?

If - as I expect - it will be able to see all partitions it is definitely something at a "higher" level then basic disk related matters/services.

Another few things to check, what does Mountvol output looks like?

What does dd --list (see here):

http://reboot.pro/8219/

show?

And dosdev?

http://reboot.pro/6492/#entry52470

http://blogs.msdn.com/b/adioltean/archive/2005/10/04/477164.aspx

jaclaz

Link to comment
Share on other sites

In your full windows you have "SystmSetupInProgress" set to 0 during logon, to be able to login as admin directly?

But the winpe option in BCD store is set to true and creates the MININT key, so you be able to boot from read-only wim files?

If both true than I had similar situation few years ago. Only solution to avoid "drive disappearance" was disable automatic driver search.

Maybe if helps to play with SystmSetupInProgress and MININT key.

Link to comment
Share on other sites

In your full windows you have "SystmSetupInProgress" set to 0 during logon, to be able to login as admin directly?

at first one yes.

But the winpe option in BCD store is set to true and creates the MININT key, so you be able to boot from read-only wim files?

bcd store same both of them. default of setup dvd.

If both true than I had similar situation few years ago. Only solution to avoid "drive disappearance" was disable automatic driver search.

Maybe if helps to play with SystmSetupInProgress and MININT key.

if you explain how to set disable automatic driver search offline i will be glad. i can also search from net but i can miss somethings.

What do you advice for "SystemSetupInProgress" to set to solve the problem. maybe it can be changed to something else as soon as boot with a command or loader isn't?

MININT key by default not exist in system hiv. i think it is created after boot under winpe by winpeshl.exe. but winpeshl.exe is never executed. should i create a minint at system hiv to make it think it is winpe.

And jaclaz i will try to run the solutions after boot and write the results. When i run "ddlist.cmd" it says "& undefined".

Edited by Kullenen_Ask
Link to comment
Share on other sites

And jaclaz i will try to run the solutions after boot and write the results. When i run "ddlist.cmd" it says "& undefined".

Sorry I was not clear,

ddlist.cmd is just a "wrap around" the dd for windows by John Newbigin:

http://www.chrysocome.net/dd

what you should attempt running would be:

dd.exe --list

as it lists several among the ways a device is (normally) named under Windows NT and could give us a hint about what is "missing":

Using --list

Windows provides a number of ways to name a device. The --list will output the preferred names. Under NT4, only the \\?\Device\Harddisk<n>\Partition<n> method is available. Partition0 is the entire disk. Under Windows XP, some partitions may not have a Volume device. In this case you can still use the Harddisk<n>\Partition<n> name.

Windows 2000 and later have Volume devices which are unique GUIDs which identify a disk or partition (what MS call a Volume). These are listed along with any mount point that they may be mounted on. Most of the time this is a drive letter but it may be a path on another filesystem. If you want to read the underlying device, do not include the trailing \ character. If the volume is not mounted there is no easy way to identify it so be careful. Under XP SP2, many partitions can not be read directly, even if they are not in use. There is a work around which I call reading partitions via the back door.

jaclaz

Edited by jaclaz
Link to comment
Share on other sites

MININT key by default not exist in system hiv. i think it is created after boot under winpe by winpeshl.exe. but winpeshl.exe is never executed. should i create a minint at system hiv to make it think it is winpe.

I guess the kernel creates it, if winpe is set in boot options.

if you explain how to set disable automatic driver search offline i will be glad. i can also search from net but i can miss somethings.

What do you advice for "SystemSetupInProgress" to set to solve the problem. maybe it can be changed to something else as soon as boot with a command or loader isn't?

Hmm, there was some registry settings to disable it, but can't remember what. Maybe disable the Plug n play service.

But properly MS has removed that option, as options don't fit into the windows 8 concept.

Let's assume the the SystemSetupInProgress set to "0" is causing the hardware seach.

- maybe you could just remove trouble some infs from the \Windows\Inf folder

(disk.inf, volume.inf, volsnap.inf)

- or setting a SystemSetupInProgrest value to 1 and change the UNICODE strings SystemSetupInProgress to SystemSetupInProgrest

inside some modules that start the hardware detection

(umpnpmgr.dll, services.exe)

Edited by JFX
Link to comment
Share on other sites

Let's assume the the SystemSetupInProgress set to "0" is causing the hardware seach.

i set SystemSetupInProgress to "2" nothing changed. will try "1" and other hexing solutions.

- maybe you could just remove trouble some infs from the \Windows\Inf folder

(disk.inf, volume.inf, volsnap.inf)

this can be a solution because i think i solved this issue previously when i was working with Windows 7 by deleting some inf files. will try them too.

And jaclaz


X:\>dd.exe --list > x:\as.txt
rawwrite dd for windows version 0.6beta3.
Written by John Newbigin <jn@it.swin.edu.au>
This program is covered by terms of the GPL Version 2.

Win32 Available Volume Information
\\.\Volume{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\
link to \\?\Device\Ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}
fixed media
Mounted on \\.\x:


NT Block Device Objects
\\?\Device\Harddisk0\Partition0
link to \\?\Device\Harddisk0\DR0
Fixed hard disk media. Block size = 512
size is 120033041920 bytes
\\?\Device\Harddisk1\Partition0
link to \\?\Device\Harddisk1\DR1
Fixed hard disk media. Block size = 512
size is 320071851520 bytes
\\?\Device\Harddisk2\Partition0
link to \\?\Device\Harddisk2\DR2
Fixed hard disk media. Block size = 512
size is 250058268160 bytes
\\?\Device\Harddisk3\Partition0
link to \\?\Device\Harddisk3\DR3
Fixed hard disk media. Block size = 512
size is 80025280000 bytes

Virtual input devices
/dev/zero (null data)
/dev/random (pseudo-random data)
- (standard input)

Virtual output devices
- (standard output)
/dev/null (discard the data)

X:\>

do not know what you mean with testdisk but the software i found from Google is this


TestDisk 6.13, Data Recovery Utility, November 2011
Christophe GRENIER <grenier@cgsecurity.org>
http://www.cgsecurity.org

TestDisk is free software, and
comes with ABSOLUTELY NO WARRANTY.

Select a media (use Arrow keys, then press Enter):
>Disk /dev/sda - 120 GB / 111 GiB - ST3120026A
Disk /dev/sdb - 320 GB / 298 GiB - ST3320620A
Disk /dev/sdc - 250 GB / 232 GiB - SAMSUNG HD251HJ
Disk /dev/sdd - 80 GB / 74 GiB - ST380215AS
Drive X: - 3162 KB / 3088 KiB - Microsoft Corporation RamDisk






>[Proceed ] [ Quit ]

Note: Disk capacity must be correctly detected for a successful recovery.
If a disk listed above has incorrect size, check HD jumper settings, BIOS
detection, and install the latest OS patches and disk drivers.

For the best solution i need to keep autoinstalling of all drivers but need to keep hard drives visable.

Also i made changes at IDConfigDB key. because it should have connection with hardware profiles and autoloading them. winpe and normal Windows install is different but nothing changed after test.


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\IDConfigDB]
"UserWaitInterval"=dword:0000001e
"CurrentConfig"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\IDConfigDB\AcpiAlias]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\IDConfigDB\AcpiAlias\0001]
"DockingState"=dword:00000001
"AcpiSerialNumber"=hex:00,00
"ProfileNumber"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\IDConfigDB\Hardware Profiles]
"Unknown"=dword:00000001
"Undocked"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\IDConfigDB\Hardware Profiles\0000]
"FriendlyName"="New Hardware Profile"
"Aliasable"=dword:00000000
"PreferenceOrder"=dword:ffffffff
"Pristine"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\IDConfigDB\Hardware Profiles\0001]
"PreferenceOrder"=dword:00000000
"FriendlyName"="Undocked Profile"
"Aliasable"=dword:00000000
"Cloned"=dword:00000001
"HwProfileGuid"="{847e48a5-d6ef-11e1-af98-806e6f6e6963}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\IDConfigDB\CurrentDockInfo]
"DockingState"=dword:00000001
"Capabilities"=dword:00000000
"DockID"=dword:00000000
"SerialNumber"=dword:00000000
"AcpiSerialNumber"=hex:00,00

Most good part is this works will be, i will try to get metro ui work under ram booting. If Microsoft put a winpe check for people not get metro work under winpe we should have metro working under user login full Windows ram booting. Until now "unknown hard error" contiues also with user login, without winpeshl.exe.

Edited by Kullenen_Ask
Link to comment
Share on other sites

do not know what you mean with testdisk but the software i found from Google is this

Yep :thumbup , if you "proceed" along the lines of this:

http://www.cgsecurity.org/wiki/TestDisk_Step_By_Step

you should get for each disk the appropriate partition sizes/offsets/etc.

The dd.exe --list output confirms that *somehow* the actual disks are seen but are seen as UNpartitioned media (a single partition on each), and that they are not "linked" to any "volume".

They are "strange" results.

Can you try running MountStorePE and Showdrive?

http://reboot.pro/10169/

(though I think they operate at a somewhat "higher" level than the one you are having the issue at)

jaclaz

Link to comment
Share on other sites

when i look (device manager)-(storage)-(general device)-properties it says one of services disabled. Driver properties shows fvevol,volsnap and rdyboost. fvevol and volsnap services already exist in winpe and values are same. I was disabled rdyboots with making service start=4 because it can not run from ram. at registry there is

[HKEY_LOCAL_MACHINE\SYSTEM_01\ControlSet001\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}]

LowerFilters=fvevol rdyboost

at winpe there is

[HKEY_LOCAL_MACHINE\SYSTEM_01\ControlSet001\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}]

LowerFilters=fvevol

Until windows 8 it was safe to remove rdyboost from first. Now if i remove it, it gives bsod. If i keep it not crash.

If i delete rdyboost from services (device manager)-(storage)-(general device)-properties says registry corrupted.

Normally after removing rdyboost from lowerfilters and its service, storage devices should be successfully loaded because it will not understand there is one more driver needs to be loaded. there is no more mention in inf files. After microsoft made lots of improvements at rdyboost somethings should be changed. There should be some registry keys i miss.

removing inf files did not solve the problem.

Edited by Kullenen_Ask
Link to comment
Share on other sites

There must be *some* service (or "driver" or "upper/lower filter" :unsure: ) that wasn't started or wasn't started successfully.

Can you try using a tool like (I have no idea if it could run in your environments) like serviwin:

http://www.nirsoft.net/utils/serviwin.html

save the lists and compare them?

Particularly what about Partmgr.sys?

http://www.davewolf.net/2010/02/fixing-partmgr-sys-partmgr-failing-to-start

jaclaz

Link to comment
Share on other sites

I always use serviwin. More then services mmc snappin. Not much at windows 8 systems but i made services comparation hundred of times previously. I am more suspicious "volume" class than "disk" class. "Partmgr" services same at both. I will investigate more deeply time by time. If i get progess i will share my findings here.

Link to comment
Share on other sites

If i get progess i will share my findings here.

Yes, besides your "negative" effect :( , once you find what is happening you may have actually found a hidden treasure :thumbup for projects like WinFE:

http://reboot.pro/forum/109/

which right now is "blocking" the mount manager, while it seems to me like by accident you managed to block at a "lower" level than that, see also this:

http://reboot.pro/15883/#entry142971

there is a reference to "volmgrx" :unsure: (or you could try building a WinFE ansd see if it behaves like your current build

jaclaz

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...