572 replies to this topic

[erwan.l]

Look at HKEY_LOCAL_MACHINE\image_system_hive\MountedDevices\ in the image's SYSTEM hive, ensure that the drive letter you are expecting (most likely C:) has an association. Look under HKEY_LOCAL_MACHINE\image_system_hive\CurrentControlSet\Enum\STORAGE\Volume\ and check that the volume with signature corresponding to the drive letter you saw earlier is in there. Look at the bytes and match them. If the volume is thus proved to be installed in the image itself, I would expect direct mapping to work. The signature bytes in both of these spots should line up with the image's MBR, too.

Hi Shao,
Thanks a lot for the tip : I did not about the storage volume key.

My image MBR is 80cc80cc and in the registry I have the following so it looks good although I am not too sure about the multiple Storage\Volume\xxx keys.
They do contain my signature but the sub keys dont tell much.

[HKEY_LOCAL_MACHINE\test\MountedDevices]
"\\??\\Volume{31de32ea-351c-11df-921a-806d6172696f}"=hex:80,cc,80,cc,00,7e,00,\
00,00,00,00,00
"\\DosDevices\\C:"=hex:80,cc,80,cc,00,7e,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\test\ControlSet001\Enum\STORAGE\Volume\1&30a96598&0&SignatureCC80CC80Offset7E00Length1BF17400]

[HKEY_LOCAL_MACHINE\test\ControlSet001\Enum\STORAGE\Volume\1&30a96598&0&SignatureCC80CC80Offset7E00Length2AA6B000]

[HKEY_LOCAL_MACHINE\test\ControlSet001\Enum\STORAGE\Volume\1&30a96598&0&SignatureCC80CC80Offset7E00Length2E153E00]

[HKEY_LOCAL_MACHINE\test\ControlSet001\Enum\STORAGE\Volume\1&30a96598&0&SignatureCC80CC80Offset7E00Length7C08FC00]

Now, I need to make that image contiguous which is not an easy task on a over filled harddrive

Regards,
Erwan.

[erwan.l]

Hi,

Oki, so reusing an image which I was using for memory mapping, I manage to get to the xp boot menu, then see the windows progress bar and back to the (in)famous 0x7b error
Image is contiguous.

Rechecking it all.

Regards,
Erwan.

[Sha0]

Hi Shao,
Thanks a lot for the tip : I did not about the storage volume key.

My image MBR is 80cc80cc and in the registry I have the following so it looks good although I am not too sure about the multiple Storage\Volume\xxx keys...

Have you resized your partition in the image a few times? It looks like it. If you continue to do that, always make sure that there is a volume entry with a length that exactly corresponds to your partition, too.

[erwan.l]

Have you resized your partition in the image a few times? It looks like it. If you continue to do that, always make sure that there is a volume entry with a length that exactly corresponds to your partition, too.

Indeed, i have resized that image several times to make it as small as possible.
My partition is 915642 sectors = 468808704 bytes = $1BF17400 as seen in one of the keys.
I am going to delete the other ones to be sure.

/Erwan

[Sha0]

The sure-fire way to get the volume installed is to boot to RAM, check Device Manager that everything's installed, then re-capture the image to persistent storage. You might not want to overwrite your original, in case of a sudden failure.

[erwan.l]

As advised by shao, I booted my image to ram (grub4dos+xp+firadisk) and as it booted fine, I dumped it to a new raw image.

I booted this second image this time with direct mappng and I made it to the windows desktop but ended up a few secs later with a BSOD 0x8E right after lsass.exe complaining about some passwords (???).

Anyhow, it seems that my first image which boots fine to memory cannot boot with direct mapping altough the disk signature seems all fine : there must be some other "magic" necessary...

Almost there it is quite fun and thrilling to be able to boot directly from an image file!
Booting to mem is nice but it requires lots of mem (or small images) and you cannot commit changes.

/Erwan

[Sha0]

Find a better means to dump the image while it's running as a RAM disk. Volume Shadow Copy, perhaps. I think there are a few methods mentioned in these forums, but I always use DD for Windows (which is relatively unsafe). It seems as though your dump included some inconsistencies; it wasn't a snapshot, perhaps, but an "in-use" copy including temporary states. Or maybe it was an honest bug somewhere and the SAM or SECURITY hives are corrupt.

[erwan.l]

Find a better means to dump the image while it's running as a RAM disk. Volume Shadow Copy, perhaps. I think there are a few methods mentioned in these forums, but I always use DD for Windows (which is relatively unsafe). It seems as though your dump included some inconsistencies; it wasn't a snapshot, perhaps, but an "in-use" copy including temporary states. Or maybe it was an honest bug somewhere and the SAM or SECURITY hives are corrupt.

Well it seems that the new image confused drive letters...
I have one physiscal drive in my laptop.
In the boot.ini, there is an entry for grub4dos.
And from grub4dos i can launch my 512mb xp image either via memory mapping or direct mapping.

During my last direct mapping where I got a 0x8e, i believe the running windows "did something" to the windows installed on my laptop as now i cannot boot and i get "\windows\system32\config\system" missing ....

If my direct mapped windows has been trying to read/write to the local registry, it would explain the 0x8e error and the now corrupted local registry...

And of course, as a dummy I am I had no backup
This is a crash laptop, I'll reinstall.

As for the "hot" dump, you are right, this is not the safest way although I dismount and lock the volume first to avoid writings during me reading/dumping.

/ERWAN

[Sha0]

Well it seems that the new image confused drive letters...
During my last direct mapping where I got a 0x8e, i believe the running windows "did something" to the windows installed on my laptop as now i cannot boot and i get "\windows\system32\config\system" missing ....

That reads like a bug... Unless you have the same MBR signature in the image as you do on your laptop's HDD, which would be a bad thing. Whenever Windows finds two disks with the same MBR signature, it changes one of them. That doesn't explain why your laptop's HDD should have been corrupted. There should have been no reason to write to the laptop's OS installation's filesystem, other than where the image file was sitting.

And of course, as a dummy I am I had no backup
This is a crash laptop, I'll reinstall.

D'oh.

[erwan.l]

That reads like a bug... Unless you have the same MBR signature in the image as you do on your laptop's HDD, which would be a bad thing. Whenever Windows finds two disks with the same MBR signature, it changes one of them. That doesn't explain why your laptop's HDD should have been corrupted. There should have been no reason to write to the laptop's OS installation's filesystem, other than where the image file was sitting.

D'oh.

Laptop is rather new and disk is brand new whereas my image has several months now so I can confirm that disk signatures are different.

Laptop is mostly reinstalled now, I'll give it another go with the dumped image from ram I did, this time booting from a usb disk and local windows installation.

Idea is to give feedback to the author and help others master this feature.
I like a lot the memory feature and I'd love to master this direct mapping feature as well.

/Erwan

[karyonix]

If you boot Windows in RAM, don't use Firadisk to mount the same disk image on disk. Windows will see 2 disks having same MBR signature and change MBR signature of disk image.
If MBR signature of disk image is changed, Windows will fail to boot from this disk image or it may boot from wrong drive.
To make disk image that can boot both in RAM and in IMG/VHD mapped drive, you may need 2 boot.ini choices or 2 separate system partition for each scenario.

• 1 disk image 1 partition
  Windows XP with 2 OS choices in boot.ini inside image.
  boot.ini (in win.vhd)
  

  [boot loader]
  timeout=30
  default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
  [operating systems]
  multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Normal" /fastdetect /NoExecute=OptIn
  multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="+IMG" /fastdetect /NoExecute=OptIn /firadisk=disk,vmem=x:\win.vhd
  

  menu.lst (outside disk image)
  

  title RAM
  map --mem /win.vhd (hd0)
  map --hook
  root (hd0,0)
  chainloader /ntldr
  
  title IMG
  map /win.vhd (hd0)
  map --hook
  root (hd0,0)
  chainloader /ntldr
  

  After user select a choice in GRUB4DOS menu, user must be careful to select the correct choice in ntldr boot menu.
  If use select "RAM" then "Normal", Windows should be able to boot from RAM.
  If use select "IMG" then "+IMG", Windows should be able to boot from win.vhd (if all other conditions are met).
  If use select "IMG" then "Normal", Windows will fail to boot. BSOD 0x7B
  If use select "RAM" then "+IMG", Windows may be able to boot from RAM the first time. But MBR signature in win.vhd will change. Windows will fail to boot the next time unless user change MBR signature back.
  If user attach win.vhd to virtual machine and select "Normal", Windows can boot.
  
  
• 1 disk image 2 partitions.
  partition1: active primary boot partition contains boot loader, Windows directory, and other files.
  partition2: small primary partition contains only ntldr+ntdetect.com+boot.ini. (or bootmgr+Boot directory for Windows 7)
  boot.ini (in win.vhd partition1)
  

  [boot loader]
  timeout=30
  default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
  [operating systems]
  multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="WinXP" /fastdetect /NoExecute=OptIn
  /firadisk=disk,vmem=x:\win.vhd
  

  boot.ini (in win.vhd partition2)
  

  [boot loader]
  timeout=30
  default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
  [operating systems]
  multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="+IMG" /fastdetect /NoExecute=OptIn /firadisk=disk,vmem=x:\win.vhd
  

  For Windows 7 IMG/VHD boot, use bcdedit to set loadoptions in BCD in second partition.
  (In this example p: is Windows partition and q: is second partition)
  

  bcdboot p:\windows /s q:
  bcdedit /store q:\boot\bcd /set {default} loadoptions " /firadisk=disk,vmem=x:\win.vhd "
  

  menu.lst (outside disk image)
  

  title RAM
  map --mem /win.vhd (hd0)
  map --hook
  root (hd0,0)
  chainloader /ntldr
  title IMG
  map /win.vhd (hd0)
  map --hook
  root (hd0,1)
  chainloader /ntldr
  

  After user select a choice GRUB4DOS menu, ntldr will read boot.ini with the correct parameter.
  There will be no ntldr/bootmgr boot menu.
  If user attach win.vhd to virtual machine, Windows can boot.
  
  
• 2 disk image.
  win.vhd (1 partition): Windows drive contains boot loader, Windows directory, and other files.
  winimgboot.vhd (1 partition): small disk image contains only ntldr+ntdetect.com+boot.ini (or bootmgr+Boot directory for Windows 7).
  boot.ini (in win.vhd)
  

  [boot loader]
  timeout=30
  default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
  [operating systems]
  multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="WinXP" /fastdetect /NoExecute=OptIn
  

  boot.ini (in winimgboot.vhd)
  

  [boot loader]
  timeout=30
  default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
  [operating systems]
  multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="+IMG" /fastdetect /NoExecute=OptIn /firadisk=disk,vmem=x:\win.vhd
  

  For Windows 7 IMG/VHD boot, use bcdedit to set loadoptions in BCD in second disk image.
  

  bcdboot p:\windows /s q:
  bcdedit /store q:\boot\bcd /set {default} loadoptions " /firadisk=disk,vmem=x:\win.vhd "
  

  menu.lst (outside disk image)
  

  title RAM
  map --mem /win.vhd (hd0)
  map --hook
  root (hd0,0)
  chainloader /ntldr
  
  title IMG
  map /winimgboot.vhd (hd0)
  map /win.vhd (hd1)
  map --hook
  root (hd0,0)
  chainloader /ntldr
  

  After user select a choice GRUB4DOS menu, ntldr will read boot.ini with the correct parameter.
  There will be no ntldr/bootmgr boot menu.
  If user attach win.vhd to virtual machine, Windows can boot.

[erwan.l]

Oki, i mastered the process but got my windows running on my physical disk corruped again.
By "mastering" I mean, I can reproduce the following : boot using direct mapping, get to the boot.ini inside the image, see windows loading, get to the desktop and get a bsod 0x8b

I went for scenario #1 (IMG in grub4dos then +IMG in boot.ini).
With the same image in scenario #1, i can boot in ram fine (RAM in grub4dos then Normal in boot.ini).

Why would my image mess my physical windows when booted directly?

Side note : I can fix my physical windows by simply restoring my registry which tells me my local registry is really messup by me loading my image with direct mapping.

Additional info : my laptop has one physical drive with one logical partition with windows xp on it.
On the root of that drive is grub4dos and my 512mb xp.img.

/Erwan

[karyonix]

@erwan.l
I think Firadisk fail to open your disk image and disk image is not mounted. Windows assign drive letter C: to real disk partition and load other file from C: and write registry to C: .

• What is your Windows drive letter in real disk, in disk image ?
• What is your real disk MBR signature and disk image MBR signature ?
• What values and data are in your MountedDevices keys when you boot real disk ?
  

  reg query hklm\system\mounteddevices /v \dosdevices\*
  

• What values and data are in your MountedDevices keys in disk image ?
  

  (mount image as drive I:)
  reg load hklm\zzzz i:\windows\system32\config\system
  reg query hklm\zzzz\mounteddevices /v \dosdevices\*
  reg unload hklm\zzzz i:\windows\system32\config\system
  

• What values and data are in your MountedDevices keys when you boot in RAM ?
  

  reg query hklm\system\mounteddevices /v \dosdevices\*
  

• What values and data are in your MountedDevices keys when you boot in IMG (and currupt registry in real disk) ?
  Maybe you can get this information because of BSOD.
• Your boot.ini in disk image
• Try giving drive letters to all of real disk partitions by assigning values for them in MountedDevices key in image.
  Make sure you have correct drive letter for partition that contain image file.

Can this problem be avoided if we make image that has its Windows drive letter > C (maybe U: V: W: ...) ?

[supaJ]

No need to reverse anything; it's already in some plans[1]. .VHD files themselves include the sector-mapping I described above. However, they require that the boot-loader understand, so we're still limited by what the boot-loader is capable of.

[1] WinVBlock: msvhd.h

Hey guys: I'm still searching for a boot loader(I wish someone would take up the G4D challenge) that can map a dis-contiguous WindosXP-based NTFS formatted-firadisk image. Any suggestions. I've tried so far
- Grub2 with a VHD module from VMLITE.com. Will not work as advised by Shao because Grub2's loop devices are not mapped using INT13, which is required by NTLDR to boot.
- I had a try with Gujin, which can mapped dis-contiguous images, but NTFS is not supported. Whether it maps using using INT13 - i don't know?

Maybe I should try Windows 7 bootloader. In the mean time will someone work the G4D magic?
Thanks.

[karyonix]

@SupaJ
I will make GRUB4DOS patch for mapping non-contiguous file.
I think I should discuss about it in Grub4dos forums first, before doing the real work.

[erwan.l]

[*]What is your Windows drive letter in real disk, in disk image ?
-> c: and c:

[*]What is your real disk MBR signature and disk image MBR signature ?
-> c5 0a c3 76 / 80 cc 80 cc

[*]What values and data are in your MountedDevices keys when you boot real disk ?
->"\\DosDevices\\C:"=hex:c5,0a,c3,76,00,7e,00,00,00,00,00,00

[*]What values and data are in your MountedDevices keys in disk image ?
->"\\DosDevices\\C:"=hex:80,cc,80,cc,00,7e,00,00,00,00,00,00

[*]What values and data are in your MountedDevices keys when you boot in RAM ?
E and F are cdrom and a usbkey (mounted afterwards)

[HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices]
[HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices]
"\\??\\Volume{31de32ea-351c-11df-921a-806d6172696f}"=hex:80,cc,80,cc,00,7e,00,\
00,00,00,00,00
"\\DosDevices\\C:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,\
47,00,45,00,23,00,50,00,61,00,72,00,74,00,69,00,74,00,69,00,6f,00,6e,00,23,\
00,53,00,63,00,63,00,38,00,30,00,63,00,63,00,38,00,30,00,5f,00,4f,00,37,00,\
65,00,30,00,30,00,5f,00,4c,00,31,00,62,00,66,00,31,00,37,00,34,00,30,00,30,\
00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,\
36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,\
00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,\
62,00,7d,00
"\\??\\Volume{cdcd8834-7844-11df-97fe-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,\
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,50,00,61,00,72,00,74,00,\
69,00,74,00,69,00,6f,00,6e,00,23,00,53,00,37,00,36,00,63,00,33,00,30,00,61,\
00,63,00,35,00,5f,00,4f,00,37,00,65,00,30,00,30,00,5f,00,4c,00,31,00,32,00,\
61,00,31,00,63,00,31,00,61,00,32,00,30,00,30,00,23,00,7b,00,35,00,33,00,66,\
00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,\
31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,\
00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00
"\\??\\Volume{cdcd8835-7844-11df-97fe-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,\
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,50,00,61,00,72,00,74,00,\
69,00,74,00,69,00,6f,00,6e,00,23,00,53,00,63,00,63,00,38,00,30,00,63,00,63,\
00,38,00,30,00,5f,00,4f,00,37,00,65,00,30,00,30,00,5f,00,4c,00,31,00,62,00,\
66,00,31,00,37,00,34,00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,\
00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,\
30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,\
00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00
"\\??\\Volume{cdcd8836-7844-11df-97fe-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,\
00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,48,00,4c,00,2d,00,\
44,00,54,00,2d,00,53,00,54,00,5f,00,44,00,56,00,44,00,2d,00,52,00,4f,00,4d,\
00,5f,00,47,00,44,00,52,00,38,00,30,00,38,00,33,00,4e,00,5f,00,5f,00,5f,00,\
5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,30,\
00,4b,00,30,00,33,00,5f,00,5f,00,5f,00,5f,00,23,00,35,00,26,00,32,00,62,00,\
61,00,31,00,37,00,39,00,61,00,36,00,26,00,30,00,26,00,30,00,2e,00,30,00,2e,\
00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,00,\
62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,66,\
00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,00,\
38,00,62,00,7d,00
"\\DosDevices\\D:"=hex:c5,0a,c3,76,00,7e,00,00,00,00,00,00
"\\DosDevices\\E:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,\
64,00,52,00,6f,00,6d,00,48,00,4c,00,2d,00,44,00,54,00,2d,00,53,00,54,00,5f,\
00,44,00,56,00,44,00,2d,00,52,00,4f,00,4d,00,5f,00,47,00,44,00,52,00,38,00,\
30,00,38,00,33,00,4e,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,\
00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,30,00,4b,00,30,00,33,00,5f,00,5f,00,\
5f,00,5f,00,23,00,35,00,26,00,32,00,62,00,61,00,31,00,37,00,39,00,61,00,36,\
00,26,00,30,00,26,00,30,00,2e,00,30,00,2e,00,30,00,23,00,7b,00,35,00,33,00,\
66,00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,\
00,31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,\
30,00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00
"\\??\\Volume{cdcd8837-7844-11df-97fe-d27ff786540c}"=hex:c5,0a,c3,76,00,7e,00,\
00,00,00,00,00
"\\??\\Volume{cdcd8838-7844-11df-97fe-beb39f73ee0f}"=hex:5c,00,3f,00,3f,00,5c,\
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
76,00,61,00,62,00,6c,00,65,00,4d,00,65,00,64,00,69,00,61,00,23,00,37,00,26,\
00,32,00,63,00,65,00,32,00,31,00,31,00,39,00,34,00,26,00,30,00,26,00,52,00,\
4d,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,00,62,\
00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,66,00,\
32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,00,38,\
00,62,00,7d,00
"\\DosDevices\\F:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,\
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
00,65,00,64,00,69,00,61,00,23,00,37,00,26,00,32,00,63,00,65,00,32,00,31,00,\
31,00,39,00,34,00,26,00,30,00,26,00,52,00,4d,00,23,00,7b,00,35,00,33,00,66,\
00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,\
31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,\
00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00

[*]What values and data are in your MountedDevices keys when you boot in IMG (and currupt registry in real disk) ?
->no clue how to do that?

[*]Your boot.ini in disk image
[*]Try giving drive letters to all of real disk partitions by assigning values for them in MountedDevices key in image.
Make sure you have correct drive letter for partition that contain image file.
->can you explain more?

Can this problem be avoided if we make image that has its Windows drive letter > C (maybe U: V: W: ...) ?
->I'll try that later today

/Erwan

[karyonix]

@erwan.l
Please give me a little more information.

• MountedDevices
  I need all \DosDevices\* values, not just \DosDevices\C: in MountedDevices key from your real disk and disk image.
• boot.ini in disk image
  Use ImDisk (or other program) to mount disk image.
  Open your boot.ini (in disk image) with notepad, copy the text, and paste it in your reply box.
  I want to see your firadisk option in boot.ini and your filename/path.

[supaJ]

@SupaJ
I will make GRUB4DOS patch for mapping non-contiguous file.
I think I should discuss about it in Grub4dos forums first, before doing the real work.

.Thanks man. What about building/modifying something like memdisk. I'm just throwing out ideas. Maybe patching GRUB4DOS is easier. You'll decide.

[Sha0]

...What about building/modifying something like memdisk...

You should know that for any sector-mapping strategy, there is no filesystem lock. So if you map any file, contiguous or not, and do something like defragment the filesystem in DOS, you'd pull the file out from underneath the map; the map would point to "random" data. Perhaps you're already aware of this.

MEMDISK needs work to branch into a "MAPDISK" anyway, but that would have to happen first before "non-contiguous-MAPDISK". MEMDISK has no filesystem drivers, so it would not have the foggiest about how to locate the different chunks of a non-contiguous .VHD file in a filesystem. A boot-loader would have to pass an ordered list of sector ranges to it... That is to say, the boot-loader that loads the hypothetical "MAPDISK" would need work...

Sorry karyonix. Could you be interested in opening a "Boot-loader for INT 0x13 mapping non-contiguous files" thread, supaJ? Since FiraDisk supports non-contiguous files, this doesn't seem to completely on-topic, even though it's a related use case.

[supaJ]

You should know that for any sector-mapping strategy, there is no filesystem lock. So if you map any file, contiguous or not, and do something like defragment the filesystem in DOS, you'd pull the file out from underneath the map; the map would point to "random" data. Perhaps you're already aware of this.

MEMDISK needs work to branch into a "MAPDISK" anyway, but that would have to happen first before "non-contiguous-MAPDISK". MEMDISK has no filesystem drivers, so it would not have the foggiest about how to locate the different chunks of a non-contiguous .VHD file in a filesystem. A boot-loader would have to pass an ordered list of sector ranges to it... That is to say, the boot-loader that loads the hypothetical "MAPDISK" would need work...

Sorry karyonix. Could you be interested in opening a "Boot-loader for INT 0x13 mapping non-contiguous files" thread, supaJ? Since FiraDisk supports non-contiguous files, this doesn't seem to completely on-topic, even though it's a related use case.

You are a great programmer Shao but on this issue you sound very discouraging. You make it appear to be impossible to solve this issue of direct mapping non-contiguous disk images - after all it was done with Win7 - and you can defrag, move the file, etc without any headache. In any case I will open a new thread as per your suggestion. Cheers.

[erwan.l]

@erwan.l
Please give me a little more information.

• MountedDevices
  I need all \DosDevices\* values, not just \DosDevices\C: in MountedDevices key from your real disk and disk image.
• boot.ini in disk image
  Use ImDisk (or other program) to mount disk image.
  Open your boot.ini (in disk image) with notepad, copy the text, and paste it in your reply box.
  I want to see your firadisk option in boot.ini and your filename/path.

->boot.ini from disk image
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="+IMG" /noexecute=optin /fastdetect /firadisk=disk,vmem=c:\xp_nlite3.img

->complete mounteddevices keys from disk image
[HKEY_LOCAL_MACHINE\test\MountedDevices]
"\\??\\Volume{31de32ea-351c-11df-921a-806d6172696f}"=hex:80,cc,80,cc,00,7e,00,\
00,00,00,00,00
"\\DosDevices\\C:"=hex:80,cc,80,cc,00,7e,00,00,00,00,00,00

->complete mounteddevices keys from local windows (d:\ is my cd drive)
[HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices]
"\\??\\Volume{bbb9a8c1-7750-11df-8dae-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,\
00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,48,00,4c,00,2d,00,\
44,00,54,00,2d,00,53,00,54,00,5f,00,44,00,56,00,44,00,2d,00,52,00,4f,00,4d,\
00,5f,00,47,00,44,00,52,00,38,00,30,00,38,00,33,00,4e,00,5f,00,5f,00,5f,00,\
5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,30,\
00,4b,00,30,00,33,00,5f,00,5f,00,5f,00,5f,00,23,00,35,00,26,00,32,00,62,00,\
61,00,31,00,37,00,39,00,61,00,36,00,26,00,30,00,26,00,30,00,2e,00,30,00,2e,\
00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,00,\
62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,66,\
00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,00,\
38,00,62,00,7d,00
"\\??\\Volume{bbb9a8c2-7750-11df-8dae-806d6172696f}"=hex:c5,0a,c3,76,00,7e,00,\
00,00,00,00,00
"\\DosDevices\\C:"=hex:c5,0a,c3,76,00,7e,00,00,00,00,00,00
"\\DosDevices\\D:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,\
64,00,52,00,6f,00,6d,00,48,00,4c,00,2d,00,44,00,54,00,2d,00,53,00,54,00,5f,\
00,44,00,56,00,44,00,2d,00,52,00,4f,00,4d,00,5f,00,47,00,44,00,52,00,38,00,\
30,00,38,00,33,00,4e,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,\
00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,30,00,4b,00,30,00,33,00,5f,00,5f,00,\
5f,00,5f,00,23,00,35,00,26,00,32,00,62,00,61,00,31,00,37,00,39,00,61,00,36,\
00,26,00,30,00,26,00,30,00,2e,00,30,00,2e,00,30,00,23,00,7b,00,35,00,33,00,\
66,00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,\
00,31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,\
30,00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00

[karyonix]

@erwan.l
I think I know what is wrong.
Your Windows in disk image was installed in C: .
When you boot Windows in IMG +IMG mode. The first time Windows enumerates drives, it finds you real hard disk partition and CD-ROM. It does not have drive letter for hard disk partition.
Your image file name that you tell Firadisk to open is c:\xp_nlite3.img . This is not good.
Before the real partition has drive letter assigned, Firadisk cannot open c:\xp_nlite3.img .
Windows cannot see partition inside image. Then, the real partition gets letter C: assigned.
Firadisk open c:\xp_nlite3.img .
Windows discover partition inside image. Then it assign a non-C drive letter to the partition inside image.
Windows continues to boot from C: (the real partition) and crashes.

You need a non-C drive letter for the real disk partition that contains disk image.
Try add this to system hive inside image

[HKEY_LOCAL_MACHINE\test\MountedDevices]
"\\DosDevices\\C:"=hex:80,cc,80,cc,00,7e,00,00,00,00,00,00
"\\DosDevices\\H:"=hex:c5,0a,c3,76,00,7e,00,00,00,00,00,00

and change image filename in firadisk option in boot.ini to H:\xp_nlite3.img .

[erwan.l]

@erwan.l
I think I know what is wrong.
Your Windows in disk image was installed in C: .
When you boot Windows in IMG +IMG mode. The first time Windows enumerates drives, it finds you real hard disk partition and CD-ROM. It does not have drive letter for hard disk partition.
Your image file name that you tell Firadisk to open is c:\xp_nlite3.img . This is not good.
Before the real partition has drive letter assigned, Firadisk cannot open c:\xp_nlite3.img .
Windows cannot see partition inside image. Then, the real partition gets letter C: assigned.
Firadisk open c:\xp_nlite3.img .
Windows discover partition inside image. Then it assign a non-C drive letter to the partition inside image.
Windows continues to boot from C: (the real partition) and crashes.

You need a non-C drive letter for the real disk partition that contains disk image.
Try add this to system hive inside image

[HKEY_LOCAL_MACHINE\test\MountedDevices]
"\\DosDevices\\C:"=hex:80,cc,80,cc,00,7e,00,00,00,00,00,00
"\\DosDevices\\H:"=hex:c5,0a,c3,76,00,7e,00,00,00,00,00,00

and change image filename in firadisk option in boot.ini to H:\xp_nlite3.img .

Hi karyonix,

Same result : bsod (0x8b / lsass.exe crashing) and local registry corrupted.

If I boot in ram, H: now points to my local drive (hence the new mounteddevices=h: working).

Thanks a lot for your support already.

/Erwan

edit : if i rename my local drive windows to windows.tmp, loading my disk image with direct mapping gives me a bsod 0x6b so it reallly looks like my disk image loads my local windows.

[cdob]

it reallly looks like my disk image loads my local windows.

Long shot, try a

map (hd0) (hd1)

map /win.img (hd0)

[erwan.l]

Long shot, try a

map (hd0) (hd1)

map /win.img (hd0)

Nice try indeed.
0x7b now after the boot.ini within the disk image.

/Erwan