Hi,
I’m capturing system partition to a VHD file from live state (using Volume snapshot) and then booting that VHD in Hyper-V. When booting it presents “Boot options” screen with Safe mode selected. Apparently OS has a “dirty” flag that is ON when the system is live and OFF when it’s properly shut down. That’s why when I boot a system that has been captured from live state I get that screen. Anyone knows where can I locate that flag? Thank you!
wrote in message news:xxxxx@ntdev…
> Hi,
>
> I’m capturing system partition to a VHD file from live state (using Volume
> snapshot) and then booting that VHD in Hyper-V. When booting it presents
> “Boot options” screen with Safe mode selected. Apparently OS has a “dirty”
> flag that is ON when the system is live and OFF when it’s properly shut
> down. That’s why when I boot a system that has been captured from live
> state I get that screen. Anyone knows where can I locate that flag? Thank
> you!
>
Probably this is “Failed” value in HKEY_LOCAL_MACHINE\SYSTEM\Select.
When not 0, it indicates a failed start, then LastKnownGood is the index of
last known good control set.
– pa
Thank you Pavel, but I think this is not exactly what I need, as for a normal running system this value is 0.
For example - when you unexpectedly power off a machine then you normally get a “Boot options” screen at next start. This means that there should be some “dirty” flag that is reset only when the system is powered off properly. I don’t think that “Failed” value is that flag, no?
xxxxx@gmail.com wrote:
Thank you Pavel, but I think this is not exactly what I need, as for a normal running system this value is 0.
For example - when you unexpectedly power off a machine then you normally get a “Boot options” screen at next start. This means that there should be some “dirty” flag that is reset only when the system is powered off properly. I don’t think that “Failed” value is that flag, no?
You only get the “safe mode” default if you start a boot, but that boot
does not complete. Is that what you’re looking for?
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
> Hi,
I’m capturing system partition to a VHD file from live state (using
Volume
snapshot) and then booting that VHD in Hyper-V. When booting it
presents “Boot
options” screen with Safe mode selected. Apparently OS has a “dirty”
flag that
is ON when the system is live and OFF when it’s properly shut down.
That’s why
when I boot a system that has been captured from live state I get that
screen.
Anyone knows where can I locate that flag? Thank you!
You can tell if you are in safe boot using the InitSafeBootMode global
variable (it’s in the docs), but you want to stop the system prompting
for safe mode on the next boot right?
I’m searching for approximately the same thing to prevent the “the last
shutdown was unexpected” prompt after restoring the registry, but I
don’t think I’m getting the safe mode prompt so maybe the safe mode
prompt is a result of a dirty filesystem, which isn’t a flag in the
registry?
James
Tim,
Sorry, this is not what I’m looking for. What the boot doesn’t complete you get a “Startup repair” screen.
James,
Yes I want to prevent system from popping up the “Boot options” screen. For “Startup repair” screen the flag is kept in bootstat.dat file and if you want to prevent that screen from happening just modify that file (before you reboot) in the following manner:
All decimal
I’m still waiting for an answer from gurus please! Where is the system keeping “Safe mode” screen flag?
I think bootstat.bat means “boot status data”, It is possible that the safe mode flag store here.
Do you write a bootloader? If that, Get a copy of this file when safe mode start, posible you can find it.
Allen
“James Harper” wrote in message
news:xxxxx@ntdev…
…
> I’m searching for approximately the same thing to prevent the “the last
> shutdown was unexpected” prompt after restoring the registry, but I
> don’t think I’m getting the safe mode prompt so maybe the safe mode
> prompt is a result of a dirty filesystem, which isn’t a flag in the
> registry?
>
> James
This may be detected by looking at few last eventlog messages.
For normal shutdown, it woud be
6006 The Event log service was stopped.
then:
6009 (Windows startup message for this boot)
6005 The Event log service was started.
If message 6006 is present before 6009, the last shutdown was expected.
Windows server versions also have another message that indicates shutdown
reason
(don’t remember the code). If that message is present, the shutdown also was
expected.
Otherwise you can assume unexpected.
– pa
OK Guys it’s wierd, but it turned out that I’ve answered by own question before - the byte by offfset 11 in bootstat.dat file is responsible for making Safe mode screen. If set to 1 the system never pops up that screen.
>
OK Guys it’s wierd, but it turned out that I’ve answered by own
question
before - the byte by offfset 11 in bootstat.dat file is responsible
for making
Safe mode screen. If set to 1 the system never pops up that screen.
Is there a document that describes that file or is it black magic?
Thanks
James
>Is there a document that describes that file or is it black magic?
Black magic.
I did some effort related to in in around 2004 (XP), and it is still black magic.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
“Maxim S. Shatskih” wrote in message
news:xxxxx@ntdev…
>>Is there a document that describes that file or is it black magic?
>
> Black magic.
>
> I did some effort related to in in around 2004 (XP), and it is still black
> magic.
Some private interface between bootvrfy.exe and service manager, IIRC.
–pa
> –
> Maxim S. Shatskih
> Windows DDK MVP
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
>
This is the best I could come up with before losing interest:
Offset Values Description
00h - 03h 12,32 Size, in bytes, of the actual (primary in NT 6.1)
structure.
NT 5.1 = 12, 6.1 = 32.
04h - 07h 1,2,3 NT_PRODUCT_TYPE:
NtProductWinNt, NtProductLanManNt, NtProductServer.
08h 0,1 Set to 1 when “Time to display recovery options when
needed”
is checked.
09h (30) Timeout, in seconds, of the recovery menu.
0Ah 0,1 Set to 1 on successful boot.
0Bh 0,1 Set to 1 on orderly shutdown.
…
The kernel also provides the functions RtlLockBootStatusData,
RtlGetSetBootStatusData and RtlUnlockBootStatusData (plus
RtlCreateBootStatusDataFile in ntdll) to conveniently read and edit the
variables.
On Sun, 11 Jul 2010 13:41:12 +0300, James Harper
wrote:
>> OK Guys it’s wierd, but it turned out that I’ve answered by own
> question
>> before - the byte by offfset 11 in bootstat.dat file is responsible
> for making
>> Safe mode screen. If set to 1 the system never pops up that screen.
>>
>
> Is there a document that describes that file or is it black magic?
>
> Thanks
>
> James
Cay, thank you! This is indeed very helpful information.
RtlLockBootStatusData
RtlGetSetBootStatusData
RtlUnlockBootStatusData
api’s can be used to set the values in bootstat.dat file.
Cheers
Check Abdoul
“James Harper” wrote in message
news:xxxxx@ntdev…
>
> OK Guys it’s wierd, but it turned out that I’ve answered by own
question
> before - the byte by offfset 11 in bootstat.dat file is responsible
for making
> Safe mode screen. If set to 1 the system never pops up that screen.
>
Is there a document that describes that file or is it black magic?
Thanks
James