From within a full kernel crash dump (in WinDbg), can I get the bcdedit settings on that machine when it crashed?
Which setting(s) in particular? The BCD itself is structured as a Registry hive and you can grovel through it with !reg:
0: kd> !reg q \REGISTRY\MACHINE\BCD00000000
Found KCB = ffffca8fc3897d80 :: \REGISTRY\MACHINE\BCD00000000
Hive ffffca8fc6e41000
KeyNode 000001f6fd121024
[SubKeyAddr] [SubKeyName]
1f6fd1211ec Description
1f6fd121104 Objects
Use '!reg keyinfo ffffca8fc6e41000 <SubKeyAddr>' to dump the subkey details
[ValueType] [ValueName] [ValueData]
Key has no Values
But the format is undocumented and it's real work to try and parse it this way.
A subset of the bcdedit options are reflected in the SystemStartOptions Registry value, which can also find with !reg if that's what you're looking for:
0: kd> !reg q \REGISTRY\MACHINE\SYSTEM\CurrentControlSet
Found KCB = ffffca8027415b40 :: \REGISTRY\MACHINE\SYSTEM\CURRENTCONTROLSET
Hive ffffca8fc2e6b000
KeyNode ffffca8fc2f57024
[ValueType] [ValueName] [ValueData]
REG_LINK SymbolicLinkValue \Registry\Machine\SYSTEM\ControlSet001
0: kd> !reg q \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control
...
REG_SZ SystemStartOptions NOEXECUTE=OPTIN HYPERVISORLAUNCHTYPE=AUTO FVEBOOT=2674688 NOVGA
REG_SZ SystemBootDevice multi(0)disk(0)rdisk(0)partition(3)
...
Or maybe that's not helpful and you're looking for something else entirely...
2 Likes