Jump to content

Restore Default Boot Menu to Windows 8.1


simonking

Recommended Posts

I have noticed that after using tools like Paragon Hard Disk Manager, Macrium Reflect, my default boot menu gets overridden and replaced with another type of boot menu. Specifically, I notice that, after using these tools to copy partitions and/or restore my full hard disk from backups, the following happen:

1) The GUI Windows 8.x boot menu gets replaced with a standard text boot menu from Windows 7.x.

2) It takes more than 2-3 seconds for the original boot choices to show; often as long as 1-2 minutes.

3) After selecting VHD native boot entries, it takes 20+ minutes to boot into the entry, as opposed to seconds!

I have not been able to figure out at exactly what point my boot process gets corrupted. I have lost a lot of time on this, chasing red herrings - more than three weeks as of now!

Is there a way to restore the contents of my three hidden boot partitions to their default state, such that I get the proper Windows 8.x GUI boot menu that works without huge stalls during the boot process?

Alternately, is there a partition copying tool that would copy my backed up partition onto a fresh install of Windows (with the proper boot menus freshly created), *without* mangling the existing boot menu infrastructure?

Link to comment
Share on other sites


The sequence involved in booting any Windows NT starting from Vista is the following (unless a third party bootmanager is used):

BIOS->MBR->Active Partition VBR->BOOTMGR->\boot\BCD (and BOOT.INI if existing)->Screen choices->If a Windows Vista or later is chosen->Winload.exe

I am not familiar specifically with "Native" VHD booting, but the files/sectors listed above are the first ones to check (if for any reason the Paragon tools or Macruim reflect changes any of them, this may affect the booting).

It is also possible that the actual way you create the image causes the issue, if you are doing the imaging of an "online" system.

Compare with this (seemingly unrelated) topic here:

http://www.msfn.org/board/topic/157634-hard-disk-cloningimaging-from-inside-windows/

Next I would do an accurate check for (changed) NTFS permissions on the filesystem (which may possibly also cause a delay of the kind you are reporting).

Next I would check the *whatever* driver Windows uses to do the "Native VHD boot" (cannot say which one it is :blushing:), but still this would come into play "later", so I doubt it can be related to your issue.

jaclaz

Link to comment
Share on other sites

I am indeed doing the imaging online, but the tools I mentioned use either their own "hotcore" drivers or the shadow copy service to address this problem.

Are there a specific set of bcdedit/bcdboot/bootsect/etc. commands I can use to re-initialize my critical boot partitions after they have already been corrupted? This would be the most expedient way to fix my problem.

BTW the Surface is UEFI/GPT and not BIOS/MBR (although, you can boot from an MBR VHD, as I've already found out).

FWIW, I tried to copy files using CloneHD and it crashes immediately with a madExcept dialog box.

Link to comment
Share on other sites

I am indeed doing the imaging online, but the tools I mentioned use either their own "hotcore" drivers or the shadow copy service to address this problem.

Sure, but still there are reasons why making an image offline is better/safer/foolproof. :yes:

Are there a specific set of bcdedit/bcdboot/bootsect/etc. commands I can use to re-initialize my critical boot partitions after they have already been corrupted? This would be the most expedient way to fix my problem.

You have an added complication (at least for me) of being UEFI/GPT vs. BIOS/MBR.

Cannot say if bootsect.exe is *needed* at all on those, and the related file is not BOOTMGR, but rather bootmgfw.efi, or maybe BOOTX64.efi, see:

http://www.911cd.net/forums//index.php?showtopic=25596&st=0

AND links given in it.

The bootsect.exe tool in WAIK (now called ADK) for Windows 8/8.1 contains (and can restore) the valid MBR and VBR (or $boot file on NTFS).

The \boot\BCD is actually a Registry hive, which you will find if you open Registry Editor or similar Registry tool mounted as BCD000001 (on UEFI it should be \EFI\microsoft\boot\bcd :unsure:)

As such it is "always open" when the System is online, and though there are a number of tools that are easier to use than BCDedit,

most probably the safer way is still that of using BCDEDIT, using its export and import functions, but cannot really say which specific command sequences would be advisable.

Please consider how the good MS guys made quite a bit of changes in 8 or 8.1, often adding switches/options to pre-existing tools, as you can see in the above thread about BCDEDIT, so be careful to look for information specific to Windows 8/8.1.

In any case, doing a "forensic sound" image with the system offline is guaranteed to be an exact image, and as well restoring it guarantees that the restored disk or volume is identical to the original.

jaclaz

Link to comment
Share on other sites

So according to our previous talks, there's three boot sectors - the physical hard disk, then the partition, and then the VBR.

What are the commands to re-initialize all three boot sectors? I suppose it'd be safe to do this only from WinPE, as most of the tools don't appear to be provided with Windows anyways.

I do have the ADK installed though, so maybe I could do this all online. Thank you!

Link to comment
Share on other sites

No.

If a Partition is Primary, Partition=Volume hence PBR=VBR

On BIOS:

Bios accesses the MBR and the code in MBR (normally) chainloads the VBR (or PBR) of the active Partition.

There are only two "pieces" of code:

  1. the one in the MBR (that chainloads the code in the VBR) - the MBR is first absolute sector of the hard disk and the BIOS loads it.
  2. the one in the VBR (that invokes the BOOTMGR loader)

once BOOTMGR has been loaded, it has file access and goes on in the booting (reading setting in \boot\BCD and finally chinaloading WINLOAD.EXE).

The ADK's bootsect.exe has been designed by the good MS guys to be used "online" and it should woork nicely from it, and it will effectively "fix" both the MBR and the VBR (or PBR) or bootsector or (on NTFS $Boot).

But the point is (please do take some time to actually READ the provided thread AND links in it) that on UEFI/GPT the booting phase is DIFFERENT from the above and goes NOT through the MBR (which does not exist if not in the form of a "protective MBR") and not through the VBR code.

jaclaz

Edited by jaclaz
Link to comment
Share on other sites

Thanks for the feedback.

I've been through the links, maybe I'm missing the obvious; but is there anyone here specifically with GPT/UEFI experience?

I've attached a screenshot of my partition layout, with the obvious hidden partitions for boot/BCD/etc. post-392023-0-38508300-1399077188_thumb.

Is there a specific sequence of commands I can execute to reset the contents of these hidden partitions, and get rid of any boot code/custom code/what have you that Paragon/Macrium may have applied?

Link to comment
Share on other sites

Alternately, is anyone aware of partition copying software - if necessary, on a byte by byte level, without any cluster intelligence - that can take the three partitions from a backup hard disk and restore them properly onto the Surface, without mangling anything? I've tried this with both Paragon and Macrium; Paragon seems to change the partition types and makes the system unbootable, Macrium works but it seems to replace the GUI Windows 8 menu with a text mode Windows 8 boot menu.

Link to comment
Share on other sites

Alternately, is anyone aware of partition copying software ...

Yes.

http://homepage.ntlworld.com./jonathan.deboynepollard/FGA/questions-with-yes-or-no-answers.html

There are tens (if not hundreds) of such tools.

The most basic being dd.

But - again - the "safe" way to image (and restore) is from outside the booted OS.

You have been already pointed to:

http://www.msfn.org/board/topic/157634-hard-disk-cloningimaging-from-inside-windows/

which contains a number of links to suitable tools.

Personally, I would use "common" dd under Linux or if from a PE of some kind, any among DSFOK:

http://members.ozemail.com.au/~nulifetv/freezip/freeware/

or the various versions of ports of dd for windows, a rather comprehensive list is provided here:

http://reboot.pro/topic/15207-why-everything-is-so-dmn-diificult-a-web-quest-for-ddexe/

at least until you manage to understand which are the differences involved, and can judge the actual needs for a truly "forensic sound" image or the possibility of using less "strict" methods of imaging.

jaclaz

Edited by jaclaz
Link to comment
Share on other sites

It may be that the original partitions on my disk may have been mangled during their initial backup phase, as I have had no luck restoring them with even these latest tools you have mentioned, without any of the boot menu display delay, or the VHD boot extended delay artifacts that I have been experiencing.

 

Given the partition layout I shared earlier, does anyone with GPT/UEFI experience have a list of commands that I can run, to clean and then restore the contents of those partitions as need may be?

Link to comment
Share on other sites

Well, as I have told you by now n times, it is perfectly possible that the issue is not in "restoring" the image, but rather in "making" it, particularly if made with the system online, but not only.

 

Rest assured that a properly made "dd-like" image once properly restored will produce something EXACTLY the same as the original at the time the image was created.

 

jaclaz

Link to comment
Share on other sites

As I already wrote above:

 

It may be that the original partitions on my disk may have been mangled during their initial backup phase...

 

So I am moving under the assumption that the original images are lost now, for ever.

 

Therefore, again, what I am asking is:

 

Does anyone with GPT/UEFI experience have a list of commands that I can run, to clean and then restore the contents of those partitions...

 

I suppose I should emphasize that by restore above, I mean re-create, from scratch.

Link to comment
Share on other sites

Sure, "someone" has the experience and the list of commands. It does not help, however, because we currently do not know what the original state was.

Ideally, one would need another Surface to gather valid disk and BCD settings.

Link to comment
Share on other sites

I suppose I should emphasize that by restore above, I mean re-create, from scratch.

Which I would alternatively call "wipe and reinstall from install media or recovery media".

jaclaz

Link to comment
Share on other sites

I use Macrium Reflect for online imaging/offline restoring partitions for some time with no problems, it uses the VSS technology and does a really good job. But:

 

Paragon seems to change the partition types and makes the system unbootable

 

 

This may also mean an irreversible change/damage in the contents of the partition. As far as I know Paragon is not suitable for online partition imaging.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...