How is Vista MBR code different?

  • Thread starter Thread starter David Wilkinson
  • Start date Start date
D

David Wilkinson

I have "always" thought that for most OS's, the purpose of the IPL code
in the MBR was to transfer control to the boot sector of the active
primary partition. Maybe this code is not byte-for-byte identical for
different OS's (or different languages), but the effect is the same.

If you install XP on a primary partition, then (I believe) the MBR code
does the normal thing of transferring control to that partition, which
is where boot.ini etc. are located. If you then install Vista to a
second partition, then the Vista boot files are placed on the XP
partition; only Vista itself is placed on the new partition. So it seems
to me that the Vista MBR code must still have the usual effect of
transferring control to the active (XP) partition.

If so, why is it so important when removing Vista to run fixmbr from the
XP disk? Is it just in the details of error messages rather than the
functionality of the code?

David Wilkinson
 
David--

I think you will also want to read these:

Windows Vista: Kernel Changes - Pre-Boot and Startup
Boot Configuration Database (BCD) by Scott Dorman



Windows Vista: Kernel Changes - BitLocker, Code Integrity


Windows Vista: Kernel Changes - BitLocker, Code Integrity
http://geekswithblogs.net/sdorman/archive/2006/06/17/82202.aspx

Vista's MBR Disk Signature.
http://www.windowsbbs.com/showthread.php?t=55415

Also for some persepctive:

An Examination of the Windows 2000 ( NT5.0 )and
Windows XP ( NT5.1 ) MBR ( Master Boot Record )

http://mirror.href.com/thestarman/asm/mbr/Win2kmbr.htm


I have also been meaning to bring up somewhere that it is (to me) somewhat
exciting that now Winternals and Sysinternals is part of MSFT. I think that
bodes well for bootstrap mechanisms and recovery mechanisms for the OS
itself and for data in the future from MSFT.

http://www.winternals.com/Products/AdministratorsPak/Default.aspx

CH
 
David:

I did some testing to see if Vista does change the MBR.
On a Vista/Win XP dual boot computer, I ran fdisk /mbr from a Win98 SE
bootable floppy.

Results:
1) Vista's dual boot menu displayed in normal manner
2) Vista op system had a short prompt re: installing some drivers (could not
find what they they were about)
3) Vista's EventMgr did not have any relevant error messages
4) Vista ran in normal manner

5) When I selected "Other op systems" from the Vista dual boot menu, I
received an error message re: "ntldr" was missing, and the usual boot.ini
type of menu did not display

6) What I learned: The BCD store had been changed (note the "device
unknown" lines below)

Windows Boot Manager
--------------------
identifier {bootmgr}
device unknown
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {50c73d4d-e6b3-11da-bc73-d30cdb1ce216}
displayorder {ntldr}
{current}
toolsdisplayorder {memdiag}
timeout 30

Windows Legacy OS Loader
------------------------
identifier {ntldr}
device unknown
path \ntldr
description Earlier version of Windows

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows
locale en-US
inherit {bootloadersettings}
osdevice partition=C:
systemroot \Windows
resumeobject {50c73d4d-e6b3-11da-bc73-d30cdb1ce216}
nx OptIn

7) What I did to correct the problem: ran the following two cmds via Vista
Safe Mode boot:
Bcdedit /set {bootmgr} device partition=D:
Bcdedit /set {ntldr} device partition=D:

8) Summary:
I now have a computer dual booting Vista and Win XP via a Win98 SE MBR
 
David said:
I have "always" thought that for most OS's, the purpose of the IPL code
in the MBR was to transfer control to the boot sector of the active
primary partition. Maybe this code is not byte-for-byte identical for
different OS's (or different languages), but the effect is the same.
[snip]

David Wilkinson
Click to expand...

Thanks to everyone for the feedback. However, as Graham notes, most of
the references relate to what happens after control is passed to the
boot sector of the active partition (system partition). The exception is

http://www.windowsbbs.com/showthread.php?t=55415

and the updated version at

http://www.multibooters.co.uk/mbr.html

There is also useful (pre-Vista) information on the MBR code segment in
NT-based systems at

http://mirror.href.com/thestarman/asm/mbr/Win2kmbr.htm

and at

http://home.att.net/~rayknights/

I haven't fully absorbed all this material, but it would seem that the
main purpose of the MBR IPL code in all the NT systems (including Vista)
is to transfer control to the boot sector of the active partition
(system partition), just as for other OS's such as Win9x or Linux (when
LILO is not installed in the MBR).

The special thing about the NT systems is that they place a Disk
Signature (aka NT Drive Serial Number) in the bytes at offset 01B8
through 01BB. These four bytes are also saved in various registry
settings of the OS, so it is possible for the boot process to verify the
consistency of the MBR with the OS. What happens if this check fails
seems confusing, but most of the discussion have to do with
multi-booting and drive letter assignments.

It seems to me that in a single boot situation then (at least for
NT/2000/NT) failing this test cannot prevent loading of the OS (though
perhaps the MBR is altered to make it consistent). Otherwise simple boot
managers like Ranish (which put their own code in the MBR) would not
work for these OS's. I do not know if Ranish can boot Vista, but I know
that BootIt can. Perhaps BootIt is clever enough to save the Disk
Signature for each OS and alter the MBR accordingly when booting each OS
(does naybody know?).

I don't have my Vista test machine yet (coming this week!) but I have
pretty much decided to use a boot manager (BootIt probably) because the
Microsoft Vista/XP multi-boot process seems a complete mess, IMHO. If
you use a boot manager like Ranish or BootIt in "more than 4 primary
partition mode" then everything is so simple: each OS sees only its own
partition (which is thus always the C drive), and so it is not possible
for XP and Vista to step on each other's restore points or anything like
that. You can also load or reload the OS's in any order, and boot
different versions or copies of DOS/Win9x on the same machine.

CZ: Your experiment was interesting, but I'm not quite sure how to
interpret it. It is hard to believe that the Win98 fdisk /mbr made these
changes in the BCD store, so presumably these changes were some kind of
"immune reaction" of the Vista/XP boot process to the observation that
the Disk signature was wrong (non-NT systems like Win98 put zeros there,
I believe). Of course, your experiment was done is a Vista/XP multi-boot
situation.

Part of the trouble is that most of the discussions concern XP/Vista
multi-booting because that is what almost everyone does. But it might
seem better to first try to understand what happens in single boot
situations (for all the Microsoft OS's). I will try to do this when I
get my new test machine.

David Wilkinson
 
CZ: Your experiment was interesting, but I'm not quite sure how to
interpret it. It is hard to believe that the Win98 fdisk /mbr made these
changes in the BCD store, so presumably these changes were some kind of
"immune reaction" of the Vista/XP boot process to the observation that
the Disk signature was wrong (non-NT systems like Win98 put zeros there,
I believe). Of course, your experiment was done is a Vista/XP multi-boot
situation.

David:

My take is that the Vista MBR is involved in passing data values to the boot
sector, and that the Win98 SE MBR does not support that.

Re: Disk signatures: note that I boot via Disk0 and Vista is on Disk1 (using
two SATA hard disks)
 
interpret it. It is hard to believe that the Win98 fdisk /mbr made these
changes in the BCD store, so presumably these changes were some kind of
"immune reaction" of the Vista/XP boot process to the observation that
the Disk signature was wrong (non-NT systems like Win98 put zeros there,
I believe). Of course, your experiment was done is a Vista/XP multi-boot
situation.

David:

My take is that the Vista MBR is involved in passing data values to the boot
sector, and that the Win98 SE MBR does not support that.

Re: Disk signatures: note that I boot via Disk0 and Vista is on Disk1 (using
two SATA hard disks)
Click to expand...


I'm not sure how my experience integrates with this thread, but it
might interest someone.

I formatted a drive and created:
first partition /dev/hda1 is 1004.03 MB Primary FAT Active with Win98
DOS "FAT32"
using a Win98 boot floppy.

I installed RedHat Enterprise, adding the following:
second partition /dev/hda2 is "100 MB" RHEL boot "ext3 0x83"
third partition /dev/hda3 is "16 GB" reserved for WinVista "NTFS 0x7"
fourth partition /dev/hda4 is Virtual: 20.5GB "Extended 0x5"
fifth partition /dev/hda5 is "1000 MB" RHEL swap "Linux swap 0x82"
sixth partition /dev/hda6 is 19.58 GB (remainder) RHEL / "ext3 0x83"

I made a Linux boot floppy using:
grub-install '(fd0)'
which worked and still works.

With Linux working, I installed Vista. It didn't recognize the NTFS
partition, I had to delete it and re-create it during the install, but
at least that kept it in the same place and order. Vista left RHEL
inaccessible, but the boot floppy could reach it.

Note that Vista put its boot stuff on the first primary partition,
along with Win98DOS, even though Vista itself is in the third
partition.

To get to the Win98DOS installation, I used the BOOTSECT.BAK that the
Vista install made, and put Ntldr and Ntdetect (from any NT OS -
NT4/2K/XP) in the boot directory along with it, and made a boot.ini:
[boot loader]
timeout=5
default=C:\bootsect.bak="Win98" /win95dos
[operating systems]
C:\bootsect.bak="Win98" /win95dos

If I select the "legacy" choice instead of Vista at the BCD boot menu,
this points the boot manager to the Win98 bootector that Vista
thoughtfully copied to BOOTSECT.BAK. The drive letter is relative to
when the Vista bootloader first sees the drives. Mine says C: because
the bootloader and bootsector are on the first primary partition -
even though once Vista is running that partiton is called D:.

I used the command:
grub-install /dev/hda
to put GRUB back on the MBR, and could then boot Linux again.

I edited grub.conf to add a Vista entry:
title Windows Vista
rootnoverify (hd0,0)
chainloader +1
which now lets me reach the Vista boot menu from the GRUB boot menu,
and Win98DOS from the NT boot menu choice in the Vista boot menu. Note
that (hd0,0) in GRUB is the same partition as /dev/hda1 in Linux.

I'd have to conclude that any old MBR that can pass control to a
partition can get you to the Vista boot menu. GRUB certainly doesn't
know any Vista secrets.

Loren
 
Loren said:
interpret it. It is hard to believe that the Win98 fdisk /mbr made these
changes in the BCD store, so presumably these changes were some kind of
"immune reaction" of the Vista/XP boot process to the observation that
the Disk signature was wrong (non-NT systems like Win98 put zeros there,
I believe). Of course, your experiment was done is a Vista/XP multi-boot
situation.

David:

My take is that the Vista MBR is involved in passing data values to the boot
sector, and that the Win98 SE MBR does not support that.

Re: Disk signatures: note that I boot via Disk0 and Vista is on Disk1 (using
two SATA hard disks)
Click to expand...



I'm not sure how my experience integrates with this thread, but it
might interest someone.

I formatted a drive and created:
first partition /dev/hda1 is 1004.03 MB Primary FAT Active with Win98
DOS "FAT32"
using a Win98 boot floppy.

I installed RedHat Enterprise, adding the following:
second partition /dev/hda2 is "100 MB" RHEL boot "ext3 0x83"
third partition /dev/hda3 is "16 GB" reserved for WinVista "NTFS 0x7"
fourth partition /dev/hda4 is Virtual: 20.5GB "Extended 0x5"
fifth partition /dev/hda5 is "1000 MB" RHEL swap "Linux swap 0x82"
sixth partition /dev/hda6 is 19.58 GB (remainder) RHEL / "ext3 0x83"

I made a Linux boot floppy using:
grub-install '(fd0)'
which worked and still works.

With Linux working, I installed Vista. It didn't recognize the NTFS
partition, I had to delete it and re-create it during the install, but
at least that kept it in the same place and order. Vista left RHEL
inaccessible, but the boot floppy could reach it.

Note that Vista put its boot stuff on the first primary partition,
along with Win98DOS, even though Vista itself is in the third
partition.

To get to the Win98DOS installation, I used the BOOTSECT.BAK that the
Vista install made, and put Ntldr and Ntdetect (from any NT OS -
NT4/2K/XP) in the boot directory along with it, and made a boot.ini:
[boot loader]
timeout=5
default=C:\bootsect.bak="Win98" /win95dos
[operating systems]
C:\bootsect.bak="Win98" /win95dos

If I select the "legacy" choice instead of Vista at the BCD boot menu,
this points the boot manager to the Win98 bootector that Vista
thoughtfully copied to BOOTSECT.BAK. The drive letter is relative to
when the Vista bootloader first sees the drives. Mine says C: because
the bootloader and bootsector are on the first primary partition -
even though once Vista is running that partiton is called D:.

I used the command:
grub-install /dev/hda
to put GRUB back on the MBR, and could then boot Linux again.

I edited grub.conf to add a Vista entry:
title Windows Vista
rootnoverify (hd0,0)
chainloader +1
which now lets me reach the Vista boot menu from the GRUB boot menu,
and Win98DOS from the NT boot menu choice in the Vista boot menu. Note
that (hd0,0) in GRUB is the same partition as /dev/hda1 in Linux.

I'd have to conclude that any old MBR that can pass control to a
partition can get you to the Vista boot menu. GRUB certainly doesn't
know any Vista secrets.

Loren
Click to expand...

Loren:

Your experience seems different from that of CZ.

Your Grub seems to access the Vista boot menu correctly, which then
functions normally for both Vista and Win98.

CZ's Win98 fdisk/mbr created an IPL code that was able to bring up the
Vista boot menu, but this menu only worked for Vista itself (sort of),
not for XP.

Curious...

David Wilkinson
 
Back
Top