Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account


Photo

Restore Default Boot Menu to Windows 8.1


  • Please log in to reply
16 replies to this topic

#1
simonking

simonking

    Junior

  • Member
  • Pip
  • 58 posts
  • OS:Windows 8.1 x64
  • Country: Country Flag

I have noticed that after using tools like Paragon Hard Disk Manager, Macrium Reflect, my default boot menu gets overridden and replaced with another type of boot menu. Specifically, I notice that, after using these tools to copy partitions and/or restore my full hard disk from backups, the following happen:

 

1) The GUI Windows 8.x boot menu gets replaced with a standard text boot menu from Windows 7.x.

2) It takes more than 2-3 seconds for the original boot choices to show; often as long as 1-2 minutes.

3) After selecting VHD native boot entries, it takes 20+ minutes to boot into the entry, as opposed to seconds!

 

I have not been able to figure out at exactly what point my boot process gets corrupted. I have lost a lot of time on this, chasing red herrings - more than three weeks as of now!

 

Is there a way to restore the contents of my three hidden boot partitions to their default state, such that I get the proper Windows 8.x GUI boot menu that works without huge stalls during the boot process?

 

Alternately, is there a partition copying tool that would copy my backed up partition onto a fresh install of Windows (with the proper boot menus freshly created), *without* mangling the existing boot menu infrastructure?




How to remove advertisement from MSFN

#2
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,073 posts
  • OS:none specified
  • Country: Country Flag

The sequence involved in booting any Windows NT starting from Vista is the following (unless a third party bootmanager is used):

BIOS->MBR->Active Partition VBR->BOOTMGR->\boot\BCD (and BOOT.INI if existing)->Screen choices->If a Windows Vista or later is chosen->Winload.exe

 

I am not familiar specifically with "Native" VHD booting, but the files/sectors listed above are the first ones to check (if for any reason the Paragon tools or Macruim reflect changes any of  them, this may affect the booting).

 

It is also possible that the actual way you create the image causes the issue, if you are doing the imaging of an "online" system.

 

Compare with this (seemingly unrelated) topic here:

http://www.msfn.org/...inside-windows/

 

Next I would do an accurate check for (changed) NTFS permissions on the filesystem (which may possibly also cause a delay of the kind you are reporting).

 

Next I would check the *whatever* driver Windows uses to do the "Native VHD boot" (cannot say which one it is :blushing:), but still this would come into play "later", so I doubt it can be related to your issue.

 

jaclaz 



#3
simonking

simonking

    Junior

  • Member
  • Pip
  • 58 posts
  • OS:Windows 8.1 x64
  • Country: Country Flag

I am indeed doing the imaging online, but the tools I mentioned use either their own "hotcore" drivers or the shadow copy service to address this problem.

 

Are there a specific set of bcdedit/bcdboot/bootsect/etc. commands I can use to re-initialize my critical boot partitions after they have already been corrupted? This would be the most expedient way to fix my problem.

 

BTW the Surface is UEFI/GPT and not BIOS/MBR (although, you can boot from an MBR VHD, as I've already found out).

 

FWIW, I tried to copy files using CloneHD and it crashes immediately with a madExcept dialog box.



#4
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,073 posts
  • OS:none specified
  • Country: Country Flag

I am indeed doing the imaging online, but the tools I mentioned use either their own "hotcore" drivers or the shadow copy service to address this problem.

Sure, but still there are reasons why making an image offline is better/safer/foolproof. :yes:
 
 

Are there a specific set of bcdedit/bcdboot/bootsect/etc. commands I can use to re-initialize my critical boot partitions after they have already been corrupted? This would be the most expedient way to fix my problem. 

You have an added complication (at least for me) of being UEFI/GPT vs. BIOS/MBR.

 

Cannot say if bootsect.exe is *needed* at all on those, and the related file is not BOOTMGR, but rather bootmgfw.efi, or maybe BOOTX64.efi, see:

http://www.911cd.net...opic=25596&st=0

AND links given in it.

 

The bootsect.exe tool in WAIK (now called ADK) for Windows 8/8.1 contains (and can restore) the valid MBR and VBR (or $boot file on NTFS).

 

The \boot\BCD is actually a Registry hive, which you will find if you open Registry Editor or similar Registry tool mounted as BCD000001 (on UEFI it should be \EFI\microsoft\boot\bcd :unsure:

 

As such it is "always open" when the System is online, and though there are a number of tools that are easier to use than BCDedit, 

most probably the safer way is still that of using BCDEDIT, using its export and import functions, but cannot really say which specific command sequences would be advisable.

 

Please consider how the good MS guys made quite a bit of changes in 8 or 8.1, often adding switches/options to pre-existing tools, as you can see in the above thread about BCDEDIT, so be careful to look for information specific to Windows 8/8.1.

 

In any case, doing a "forensic sound" image with the system offline is guaranteed to be an exact image, and as well restoring it guarantees that the restored disk or volume is identical to the original.

 

jaclaz



#5
simonking

simonking

    Junior

  • Member
  • Pip
  • 58 posts
  • OS:Windows 8.1 x64
  • Country: Country Flag

So according to our previous talks, there's three boot sectors - the physical hard disk, then the partition, and then the VBR.

 

What are the commands to re-initialize all three boot sectors? I suppose it'd be safe to do this only from WinPE, as most of the tools don't appear to be provided with Windows anyways.

 

I do have the ADK installed though, so maybe I could do this all online. Thank you!



#6
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,073 posts
  • OS:none specified
  • Country: Country Flag

No.

If a Partition is Primary, Partition=Volume hence PBR=VBR

On BIOS:

Bios accesses the MBR and the code in MBR (normally) chainloads the VBR (or PBR) of the active Partition.

There are only two "pieces" of code:

  1. the one in the MBR (that chainloads the code in the VBR) - the MBR is first absolute sector of the hard disk and the BIOS loads it.
  2. the one in the VBR (that invokes the BOOTMGR loader)

once BOOTMGR has been loaded, it has file access and goes on in the booting (reading setting in \boot\BCD and finally chinaloading WINLOAD.EXE). 

 

The ADK's bootsect.exe has been designed by the good MS guys to be used "online" and it should woork nicely from it, and it will effectively "fix" both the MBR and the VBR (or PBR) or bootsector or (on NTFS $Boot).

 

But the point is (please do take some time to actually READ the provided thread AND links in it) that on UEFI/GPT the booting phase is DIFFERENT from the above and goes NOT through the MBR (which does not exist if not in the form of a "protective MBR") and not through the VBR code.

 

jaclaz


Edited by jaclaz, 02 May 2014 - 12:01 PM.


#7
simonking

simonking

    Junior

  • Member
  • Pip
  • 58 posts
  • OS:Windows 8.1 x64
  • Country: Country Flag

Thanks for the feedback.

 

I've been through the links, maybe I'm missing the obvious; but is there anyone here specifically with GPT/UEFI experience?

 

I've attached a screenshot of my partition layout, with the obvious hidden partitions for boot/BCD/etc. Attached File  partitions.png   71.31KB   0 downloads

 

Is there a specific sequence of commands I can execute to reset the contents of these hidden partitions, and get rid of any boot code/custom code/what have you that Paragon/Macrium may have applied?



#8
simonking

simonking

    Junior

  • Member
  • Pip
  • 58 posts
  • OS:Windows 8.1 x64
  • Country: Country Flag

Alternately, is anyone aware of partition copying software - if necessary, on a byte by byte level, without any cluster intelligence - that can take the three partitions from a backup hard disk and restore them properly onto the Surface, without mangling anything? I've tried this with both Paragon and Macrium; Paragon seems to change the partition types and makes the system unbootable, Macrium works but it seems to replace the GUI Windows 8 menu with a text mode Windows 8 boot menu.



#9
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,073 posts
  • OS:none specified
  • Country: Country Flag

Alternately, is anyone aware of partition copying software ...

Yes.
http://homepage.ntlw...no-answers.html

There are tens (if not hundreds) of such tools.
The most basic being dd.

But - again - the "safe" way to image (and restore) is from outside the booted OS.

You have been already pointed to:
http://www.msfn.org/...inside-windows/
which contains a number of links to suitable tools.

Personally, I would use "common" dd under Linux or if from a PE of some kind, any among DSFOK:
http://members.ozema...eezip/freeware/
or the various versions of ports of dd for windows, a rather comprehensive list is provided here:
http://reboot.pro/to...uest-for-ddexe/
at least until you manage to understand which are the differences involved, and can judge the actual needs for a truly "forensic sound" image or the possibility of using less "strict" methods of imaging.

jaclaz

Edited by jaclaz, 04 May 2014 - 08:30 AM.


#10
simonking

simonking

    Junior

  • Member
  • Pip
  • 58 posts
  • OS:Windows 8.1 x64
  • Country: Country Flag

It may be that the original partitions on my disk may have been mangled during their initial backup phase, as I have had no luck restoring them with even these latest tools you have mentioned, without any of the boot menu display delay, or the VHD boot extended delay artifacts that I have been experiencing.

 

Given the partition layout I shared earlier, does anyone with GPT/UEFI experience have a list of commands that I can run, to clean and then restore the contents of those partitions as need may be?



#11
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,073 posts
  • OS:none specified
  • Country: Country Flag

Well, as I have told you by now n times, it is perfectly possible that the issue is not in "restoring" the image, but rather in "making" it, particularly if made with the system online, but not only.

 

Rest assured that a properly made "dd-like" image once properly restored will produce something EXACTLY the same as the original at the time the image was created.

 

jaclaz



#12
simonking

simonking

    Junior

  • Member
  • Pip
  • 58 posts
  • OS:Windows 8.1 x64
  • Country: Country Flag

As I already wrote above:

 

It may be that the original partitions on my disk may have been mangled during their initial backup phase...

 

So I am moving under the assumption that the original images are lost now, for ever.

 

Therefore, again, what I am asking is:

 

Does anyone with GPT/UEFI experience have a list of commands that I can run, to clean and then restore the contents of those partitions...

 

I suppose I should emphasize that by restore above, I mean re-create, from scratch.



#13
Tripredacus

Tripredacus

    K-Mart-ian Legend

  • Super Moderator
  • 9,714 posts
  • OS:Server 2012
  • Country: Country Flag

Donator

Sure, "someone" has the experience and the list of commands. It does not help, however, because we currently do not know what the original state was.

Ideally, one would need another Surface to gather valid disk and BCD settings.
MSFN RULES | GimageX HTA for PE 3.x | lol probloms
msfn2_zpsc37c7153.jpg

#14
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,073 posts
  • OS:none specified
  • Country: Country Flag

I suppose I should emphasize that by restore above, I mean re-create, from scratch.

Which I would alternatively call "wipe and reinstall from install media or recovery media".

jaclaz

#15
HarryTri

HarryTri

    Member

  • Member
  • PipPip
  • 182 posts
  • OS:Windows 8 x64
  • Country: Country Flag

I use Macrium Reflect for online imaging/offline restoring partitions for some time with no problems, it uses the VSS technology and does a really good job. But:

 

Paragon seems to change the partition types and makes the system unbootable

 

 

This may also mean an irreversible change/damage in the contents of the partition. As far as I know Paragon is not suitable for online partition imaging.


I always love Windows XP!


#16
simonking

simonking

    Junior

  • Member
  • Pip
  • 58 posts
  • OS:Windows 8.1 x64
  • Country: Country Flag

Sure, "someone" has the experience and the list of commands. It does not help, however, because we currently do not know what the original state was.

Ideally, one would need another Surface to gather valid disk and BCD settings.

 

You can assume the verbatim state of a fresh OEM Windows installation (using the partition layout above) would be sufficient for my needs. I am looking for things like commands to re-create a BCD store, as well as completely re-initialize all relevant boot sectors, etc. I don't know whatever else may be required, so that's part of the question too, I suppose.


Edited by simonking, 06 May 2014 - 07:20 PM.


#17
cubedj21

cubedj21
  • Member
  • 1 posts
  • OS:Windows 8 x64
  • Country: Country Flag

I don't see any problem with your partition layout - EFI system parittion & Recovery partition should remain hidden... to get rid of the legacy boot menu and restore Win8 gui boot menu simply use command "bcdboot c:\Windows"

if you need to recover & repair older or corrupted boot entries, Visual BCD Edior is good tool to achieve this goal ;))






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users



How to remove advertisement from MSFN