Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
More Info on Driver Writing and Debugging
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.Current Windows BCD Store file path.
Sooncheol_Won
Member Posts: 44
I need to get the currently Windows using BCD Store file path in user-mode.
I know the current BCD Store registry is loaded under HKEY_LOCAL_MACHINE\BCD00000000 but I couldn't find any WinAPI to get the file path of a loaded key.
Usually the volume containing the BCD file is not mounted so I also finding an API that results the disk index and partition index of the BCD file.
I'm trying to distinguish BCD files that exist on multiple partitions and to delete partitions not being used.
Howdy, Stranger!
| Upcoming OSR Seminars | ||
|---|---|---|
| OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
| Developing Minifilters | 24 May 2021 | Live, Online |
| Writing WDF Drivers | 14 June 2021 | Live, Online |
| Internals & Software Drivers | 2 August 2021 | Live, Online |
| Kernel Debugging | 27 Sept 2021 | Live, Online |
Comments
Did you even TRY to Google this? A Google query for "where is the bcd store located" produces very clear answers in much less time than waiting for this forum.
Tim Roberts, [email protected]
Providenza & Boekelheide, Inc.
Thank you for all answers. I guess I couldn't explain in detail.
As ThatsBerkan mentioned it, I know the sub directory path containing a BCD file but I cannot determine "which partition" contains the current BCD file.
My test computer has multiple "MBR active partitions" or has multiple "GPT EFI system partitions".
There is not "path", you have to mount it by assigning the volume/partition a letter, then you have your "path".
In this case, if you're using diskpart, you can use the
assign letter=X:. A quicker command would be to open CMD as Administrator and use:mountvol X: /Sto mount the system partiton (which is the partition you want).Note that explorer.exe does not run as Administrator on Windows 10, therefore you wont be able to see the files from there. You have to open a program like notepad as Administrator, click on "Open file", and look at the newly mounted partition from there.
Programmatically, I've never done something like mounting a volume. But you can use an IOCTL to enumerate and retrieve each volume/partition information.
You might as well use the BCD commands to get the volume path of the system partition:
The problem is that WHICH PARTITION OF WHICH DISK contains the current BCD store file?
Let's assume there are two disks and each disk has an active partition or an efi system partition. So there are totally two system partitions on the system. Now how can I figure out which system partition is currently used by Windows?
I'm sorry I couldn't explain at once.
Does bootmgr or bootx64.efi always uses the BCD file of same partition?
accident
I found it!
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist]
\REGISTRY\MACHINE\BCD00000000 -> \Device\HarddiskVolume2\EFI\Microsoft\Boot\BCD