Explaining BCD and Windows Boot Process in details [Azure IaaS]
Рет қаралды 4,415
4 жыл бұрынTopics covered in this video:
- Windows booting workflow 00:45, 08:37
- MBR (Master Boot Record) 03:00
- MBR vs. Boot Sector 04:33
- MBR anatomy 05:04
- MBR live demonstration with PowerForensics Module 05:49
- BCD (Boot Configuration Database) 10:14
- BCD Terminology 12:40
- BCD, Serial Console and use cases on Azure 14:53
In this video you will understand how Windows boot process works, what part does BCD or MBR play in it, what is MBR and how can I inspect it on my machine?.
BCD is like GRUB for Linux (both are boot manager/loader abstraction), it stores the boot parameters and settings. If you want to enable EMS (for Serial Console access on Azure) or if you want to force Windows to boot into Safe Mode (if you are not able to do so) then you need to make your changes on the system BCD store.
Changes on BCD can be made live directly on the system while it's accessible or by attaching the OS disk copy to a working VM and make the changes there.
References:
01. en.wikipedia.org/wiki/Real_mode
02. A+ Certificate in Computer Maintenance and Installation Level 2 at Google books: books.google.jo/books?id=kdUE...
03. docs.microsoft.com/en-us/prev...
04. www.invoke-ir.com/2015/05/onth...
05. powerforensics.readthedocs.io...
06. www.invoke-ir.com/2015/05/onth...
07. docs.microsoft.com/en-us/wind...
08. en.wikipedia.org/wiki/Windows...
09. en.wikipedia.org/wiki/List_of...
10. docs.microsoft.com/en-us/prev...
11. docs.microsoft.com/en-us/prev...
12. docs.microsoft.com/en-us/wind...
13. en.wikipedia.org/wiki/Emergen...
14. docs.microsoft.com/en-us/wind...
More info about the included topics:
01. Disassembly of the MBR in details: www.dewassoc.com/kbase/hard_dr.... Or here: web.archive.org/web/201708250...
02. MBR Malware: www.symantec.com/connect/blog...
03. PowerForensics PS Module: github.com/Invoke-IR/PowerFor...
@jview70 2 жыл бұрын
very very technical and very detailed. wow
@mahuubao Жыл бұрын
Excellent ... Well done ...
@paulg6340 3 жыл бұрын
This was a really fantastic video, you have a real talent for teaching and for presenting the information with the graphics and demonstrations. I really hope you create many more IT videos and if you do I will certainly subscribe as this was very informative and useful in my Windows studies.
@abu3alia 3 жыл бұрын
Thanks Paul, I am happy that this videos was useful for you.
@mamad_f1471 2 жыл бұрын
Haha Dude I can hear your Arabic accent pretty well, very good and detailed video.
@abu3alia 2 жыл бұрын
Thanks for watching bro ;)
@dontwanttojoingoogle1799 6 ай бұрын
Is this information still relevant? I thought most of us are using GPT instead of MBR.
@benoit.gerin-lajoie 2 жыл бұрын
Fantastic BUT... you talk way too fast !!!
@abu3alia 2 жыл бұрын
Thanks Benoit, well noted for the next video.
@benoit.gerin-lajoie 2 жыл бұрын
One thing you should have explained more in detail is @3:10 min is that the first MBR to be fetched is on the boot drive defined by the user in the BIOS Boot sequence. If the first boot drive is absent, the next in the sequence is fetched. If that drive is absent the the fetching continues in the boot order until a boot drive is found. If no boot drive is found, then an error is displayed stating that no boot drive (or operating system) is present (found).
@abu3alia 2 жыл бұрын
@@benoit.gerin-lajoie This is what I had in mind, but it seems after you have an information for sometime you start to take the basics for granted!
Braincatchers
Рет қаралды 12 МЛН
Cyber Pro
Рет қаралды 6 М.
Braincatchers
Рет қаралды 12 МЛН