20 Aug
2012

Adventures in Windows-land – The mystery of the disappearing system partition

Category:Hacking, Howto's

goes without saying that if you brick your installation, blame yourself.

This weekend I had some issues with Windows 7 that I have not seen before. This is rather rare. I sit at my computer pretty much 12-18 hours every day. The thing I was seeing was the 100 MB “System Reserved” partition (containing the Windows bootloader) popping in and out of explorer. What I mean with that, is that the normally hidden system partition was randomly getting a drive letter! I noticed it while i was transfering some files to my media pc, and i saw the “my computer”-view uhm.. vibrate up and down. This was because the drive was getting the F: drive letter, and then losing it the same second. Over, and over again.

Some background: This drive is created if you install Windows 7 on an entirely empty disk. You *do* *not* need it. You can have your bootloader on your C: drive, and skip the 100 meg drive entirely if you so want. The way to get Windows to install without it, is to partition the drive ahead of time, use some tricks, or remove it after the fact (like I ended up doing). The contents can be moved to the C: drive and after rebuilding the bootloader, you will be fine. I am living proof.

But so back to the weird-ass bug. I tried diskpart to see if I could remove the drive letter assigned to the system partition. I could not. I would get one of two errors, probably because it didn’t really have a drive letter (for longer than a fraction of a second). I tried assigning a letter to it, and then removing it using:

list disk
list vol
sel vol n
assign letter=x
remove letter=x

No dice. After a reboot or so, the problem would randomly return. Note: It did not always do this. There is something that triggers it, but I was unable to find, or replicate the issue. Randomly it would just start getting a drive letter assigned to it, and then having it removed instantly.

Ok so next, I decided to remove the drive. Here’s how I did it:

First, I went into disk manager (this can be done from diskpart as well), and right clicked my C: drive, and then “Make this drive active”. This makes it so that you can even begin to try and boot from C: without the 100 MB System drive. Next, I assigned a drive letter to the 100 MB partition, so that I could browse it’s contents. I set it to K:, and went into explorer. You need to enable “show hidden files”, and “show protected operating system files”. Copy over everything to the root of C:. Skip any files that you can’t touch (there were two for me).

Next, you need to recreate the boot configuration on C:. First, unload the running conf by running this in an administrative command prompt: reg unload HKLM\BCD00000000. Then, rebuild the boot config with: bcdedit /store c:\boot\bcd /set {bootmgr} device partition=C:

Now go back and remove the drive letter assigned to the system reserved partition, and double-check to make sure the C: drive (or whatever your Windows drive is) is set to active. You should only have one active drive, the C: drive. Your computer might now reboot correctly. Did not for me.

I rebooted and it said partition not found or something similar, so I booted from the Windows 7 USB stick I made, and then chose system repair. It suggested a repair, and i went with it. I was able to boot into windows now, after some modifications to GRUB, since I dual-boot. But that is not a Windows 7 issue per se, I’ll still go through that.

I removed the system reserved partition from Linux and resized the C: drive to fill the 100 MB preceding it. You could do this from Windows disk management too.

After doing this, I had some issues with Windows. It would boot into a “no profile”-mode, and say that it is not genuine. This was because there were some left over registry settings that had to be changed, because I had messed up with the drive letters; namely left a drive letter to the system reserved partition. So I now had some moved-around drive letters, and a drive that didn’t exist anymore, that were still referenced in the registry. I was in the “Windows is not genuine!” mode, which only shows a desktop and the watermark in the lower right corner. How to proceed?

Do a ctrl+shift+esc to open task manager. File -> Run -> regedit. Now, to to HKEY_LOCAL_MACHINE -> SYSTEM -> MountedDevices and look for the different drive letter assignments. You’ll see various drives, named \DosDevices\C: etc. What you want to do is, flip them around so that your C drive is really your C drive. For me, it had flipped around with the F: drive, so i renamed the C: drive in the registry to \DosDevices\Z:, and then renamed the former F: (really the C:) to \DosDevices\C:. You can get help by doing File -> Import, which will show you explorer, so you can look around at how your drive letter assignments look like. Close regedit, do ctrl+alt+del and logout, and then reboot from there.

After the reboot, remember to activate Windows, which should be no issue. Or just run the Genuine Validation tool/website.

The GRUB issues

GRUB as I said, had some issues with all this. Firstly because the boot drive was no longer /dev/sda1 (which was the 100MB system drive), but sda2, which is my C: drive. That had to change. Also, GRUB 2 (I’m running Mint 13 at the moment) has an entry with the UUID for the boot drive, which also pointed to the now-nonexisting sda1. Both of those had to change in order for GRUB to correctly boot. I did this by installing boot repair in Mint. You can also download the ISO and boot into a live-cd environment and do the fix from there. It’s pretty self explanatory. Google for boot repair or check this site. Any live-cd will do though, since you can really fix this by hand too. Look at /boot/grub and /etc/grub.d.

Sources: http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_install/blue-screen-this-copy-of-windows-is-not-genuine/1d8dfdad-2ea4-43be-a049-360429cc2d57
http://www.terabyteunlimited.com/kb/article.php?id=409
http://technet.microsoft.com/en-us/library/cc757491%28v=ws.10%29.aspx

Leave a Reply

Your email address will not be published. Required fields are marked *