Powered by Blogger.

Fix Unbootable Systems with Bootsect

In "Adding Windows PE to Your Windows 7 System," I showed you how to install an "onboard emergency kit" for repairing a non-booting system. But sometimes that kind of wipe-and-reimage process isn’t enough: The OS might be there—it just can’t boot. In that case, understanding the Windows boot process and some relevant boot-repair tools can save the day. (This is also a perfect way to build bootable systems from the ground up, which is why I’m continuing this short detour from the SteadyState stuff I’ve been writing about.)

Upon startup, your system first looks in its BIOS data for the order of devices to try when booting, so if problems occur, it's best to focus your troubleshooting here first. (Hey, sometimes the easy answer is the right one!) A bootable disk also needs a sector called the Master Boot Record (MBR), which contains a bit of code (more on this later) and a table that contains the locations of the disk's partitions. The BIOS loads both code and table into RAM, then executes the code. If the code is damaged (or just zeroes), the code execution will either bluescreen or hang the system.

To restore the MBR's code portion, you can use Bootsect (bootsect.exe), a repair tool that Windows provides only in Windows PE and not in Windows 7/R2. Bootsect’s syntax looks like bootsect /nt60 driveletter: /mbr

Its syntax is a bit convoluted, because drive letters (i.e., partitions, volumes) don’t have MBRs—physical disks do. Instead of letting you specify a physical drive number, however, Bootsect takes the drive letter, determines the physical drive it’s on, and restores the MBR code on that physical drive. For example, suppose I’ve booted WinPE and I have an external drive attached to my system—a drive that shows up as drive G. Suppose also that as far as my system is concerned, that external drive is physical drive number 5. To instruct Bootsect to rewrite its MBR, I’d type bootsect /nt60 G: /mbr

And Bootsect would respond with something like \\??\PhysicalDrive5 Successfully updated disk bootcode. Bootcode was successfully updated on at least one volume. 

Thus, Bootsect has determined that G is on drive 5, and it fixed drive 5’s MBR code. I’ve referred to the MBR code a couple of times because starting at the 446th byte of the 512-byte MBR is the partition table. That’s why Bootsect only rewrites the code part; if it were to make your disk forget where your partitions were, it would essentially erase your hard disk (and your client would probably erase your invoice).

Once your PC has loaded the MBR, it executes that MBR’s code. That code has three jobs: Figure out which partition is “active” (i.e., bootable), load that partition’s first sector into RAM, and instruct the CPU to execute what ends up in RAM.

Let’s call that first sector of the active partition the Windows Boot Record (WBR). (Some writers mistakenly call it the MBR, as it’s easy to miss the fact that there are two one-sector hunks of executable code on a bootable disk.) Like the MBR, it’s a small 512-byte space. Its code finds, loads, and executes a file named Ntldr (in Windows NT 3.1 through Windows Server 2003 R2) or Bootmgr (in Windows Server 2008, Windows 7, and Windows Vista). It’s a simple job, but—again—if the WBR becomes corrupted, your system will hang or bluescreen. Bootsect can fix a broken WBR in that case. So, again, boot WinPE and type bootsect /nt60 driveletter:

For most Windows systems, that drive letter will be C when booted from WinPE. If you have a USB device that ought to boot but doesn’t, Bootsect /nt60 is often the answer. By the way, this command is why the /mbr option is so obtusely designed, as Bootsect has been around since Windows XP but only got the /mbr option recently. Clearly, in the retrofitting, the author wanted to save a bit of coding—thus, the volume-letter-points-to-drive-number circumlocution.

The WBR next loads Bootmgr, leading to the next item on our make-it-boot checklist: Is there indeed a file named Bootmgr on C? While you’re in WinPE, make that determination, and remember to ask to see hidden files: dir c:\bootmgr /ah

If it’s not, just grab a copy of it either from the WinPE boot device or any copy of Windows 7/R2.

Next month, I’ll move to the next step: the BCD, see "Fix Unbootable Systems with Bootsect." (And if you can’t wait for a working version of my SteadyState replacement, visit my website at www.minasi.com to see all of these concepts in action.)
    Blogger Comment
    Facebook Comment