TPreston Posted June 3, 2015 Share Posted June 3, 2015 So here is what im trying to do, Take two recovery images and put them on the hdd so that if malware wipes out the c: drive we have the recovery tools (boot.wim) available on the system. The boot disk im using is 100% UFEI\Secure Boot compatible using Windows PE 5.1 X64 im testing this in HyperV on a gen 2 pc and a client PC with legacy boot disabled. From a USB drive it works perfectly. I have tried the following Native VHDX boot Dism /applying the boot.wim to the d:\ partition and using easyBCD to add the partition to the boot menu Adding the WIM to the boot menu using easyBCD this is the furthest ive got I get the same screen with the black bar at the bottom and right at the point where the system logo and spinning circle would show hyperv turfs back to the boot menu the physical pc just stays at the black screen. Replacing boot.wim with the one from windows 8.1 x64 bcdboot C:\Windows /s D: for the VHD Im looking at the guides online and this should just work, Whenever I try to load a boot.wim i cant get it to boot. goretsky 1 Share Link to comment Share on other sites More sharing options...
jamieakers Posted June 12, 2015 Share Posted June 12, 2015 If you have malware capable of wiping out your C: drive I don't think it's going to stop there and would either: - Encrypt/destroy other partitions - Infect the MBR of the drive so it's running regardless of the booted partition I suppose the real question is.... what problem are you trying to solve that wouldn't be more easily fixed by booting a Linux Live CD and removing the malware or reinstalling the OS? Link to comment Share on other sites More sharing options...
Gotenks98 Posted June 14, 2015 Share Posted June 14, 2015 Might want to take a look here. https://technet.microsoft.com/en-us/library/hh824917.aspx This is the method I use for creating a recovery on a system. Link to comment Share on other sites More sharing options...
TPreston Posted June 15, 2015 Author Share Posted June 15, 2015 Not every piece of malware wipes the c drive, I did this purely for convenience in case the tech forgets their usb key. What was causing the boot to fail was boot.sdi this file wasn't present in the sources folder of the boot cd it was in the boot folder all the guides I found referenced the sources directory. I found a batch file for installing windows pe and adapted it http://www.msfn.org/board/topic/114711-winpe-v21-from-usb-hdd/ Diskpart /s C:\ProgramData\Contoso\Scripts\HideServicePartitions.txt XCOPY C:\ProgramData\Contoso\RecoveryPartition\* A: /y /e bcdedit /export C:\ProgramData\Contoso\Contoso_Source.bcd bcdedit /set {default} bootmenupolicy standard Bcdedit /create {ramdiskoptions} bcdedit -set {ramdiskoptions} ramdisksdidevice partition=A: bcdedit -set {ramdiskoptions} ramdisksdipath \boot\boot.sdi bcdedit -set {bootmgr} timeout 1 for /f "tokens=1-3" %%a in ('Bcdedit /create /d "Contoso Startup Repair" /application osloader') do set guid2=%%c bcdedit -set %guid2% device ramdisk=[A:]\sources\WinRE.wim,{ramdiskoptions} bcdedit -set %guid2% path \windows\system32\winload.efi bcdedit -set %guid2% osdevice ramdisk=[A:]\sources\WinRE.wim,{ramdiskoptions} bcdedit -set %guid2% winpe yes bcdedit -set %guid2% nx optin bcdedit -set %guid2% detecthal yes bcdedit -set %guid2% systemroot \Windows bcdedit -displayorder %guid2% -addfirst for /f "tokens=1-3" %%a in ('Bcdedit /create /d "Contoso Data Recovery" /application osloader') do set guid1=%%c bcdedit -set %guid1% device ramdisk=[A:]\sources\ActiveBootDisk.wim,{ramdiskoptions} bcdedit -set %guid1% path \windows\system32\winload.efi bcdedit -set %guid1% osdevice ramdisk=[A:]\sources\ActiveBootDisk.wim,{ramdiskoptions} bcdedit -set %guid1% winpe yes bcdedit -set %guid1% nx optin bcdedit -set %guid1% detecthal yes bcdedit -set %guid1% systemroot \Windows bcdedit -displayorder %guid1% -addfirst bcdedit /export C:\ProgramData\Contoso\Contoso_Production.bcd Shutdown -r -t 0 Added this batch file to an async command and after OOBE the PC reboots and the service partitions show up Note that for the line Bcdedit /create {ramdiskoptions} DONT add a description or the descriptions for the boot cds wont work goretsky 1 Share Link to comment Share on other sites More sharing options...
goretsky Supervisor Posted June 16, 2015 Supervisor Share Posted June 16, 2015 Hello, ESET offers both WinPE- and Linux-based Live CD/DVD/USB images, so it could have been the Linux one, although the NTFS file system makes me think it is the Windows version. Regards, Aryeh Goretsky Link to comment Share on other sites More sharing options...
Recommended Posts