Editing the MountedDevices Registry Key

Persistant drive letter allocations are contained in the HKLM\SYSTEM\MountedDevices registry key. This key should be edited or deleted if booting Windows XP from a RAM disk, otherwise the drive which Windows was originally installed on will be mounted as C:, and the Windows XP booted from the disk image will be allocated the first available drive letter. Although having the system drive mounted as a letter other than C: is not necessarily a problem, any installed programs with hard coded paths (e.g. a desktop shortcut) could access applications on the original Windows XP install (not the XP running from the disk image). By manually editing this key it is possible to exercise some control over mount points.

Each partition/device allocated a drive letter in windows will have two entries (Values) in the HKLM\SYSTEM\MountedDevices key

  • \??\Volume{guid} - e.g. \??\Volume{f95cc040-a528-11de-bbbb-806e6f6e6963}
  • \DosDevices\#:- e.g. \DosDevices\C:

 

Both of the above Values will contain the same data - a 12 byte binary entry. The first four bytes contain the disk signature of the disk containing the partition, the other eight bytes represent the partition offset. Using the example f6 b2 f6 b2 00 7e 00 00 00 00 00 00 - the disk signature corresponds to the binary value f6 b2 f6 b2 and the partition offset is 00 7e 00 00 00 00 00 00 (which in this case equals sector 63).

If the MountedDevices key is deleted then new drive letters will be assigned during the boot process. It is also possible to edit the key to change the drive letter allocated to a disk. When editing the key it is safe to delete all of the \??\Volume{guid} entries as Windows booted from a RAM disk will assign a new {guid} value.

The examples below were tested on a system with one hard disk containing two primary partitions - (hd0,0) and (hd0,1). The Windows installation copied to the disk image was installed on (hd0,1). When the windows installation on (hd0,1) was booted -

  • (hd0,0) was mounted as drive D:
  • (hd0,1) was mounted as drive C:
  • A DVD-RW drive (device (cd0)) installed on the system was mounted as drive E:

The HKLM\SYSTEM\MountedDevices key contained the following entries -

Persistant drive letter allocations are contained in the HKLM\SYSTEM\MountedDevices registry key. This key should be edited or deleted if booting Windows XP from a RAM disk, otherwise the drive which Windows was originally installed on will be mounted as C:, and the Windows XP booted from the disk image will be allocated the first available drive letter. Although having the system drive mounted as a letter other than C: is not necessarily a problem, any installed programs with hard coded paths (e.g. a desktop shortcut) could access applications on the original Windows XP install (not the XP running from the disk image). By manually editing this key it is possible to exercise some control over mount points.

Each partition/device allocated a drive letter in windows will have two entries (Values) in the HKLM\SYSTEM\MountedDevices key

  • \??\Volume{guid} - e.g. \??\Volume{f95cc040-a528-11de-bbbb-806e6f6e6963}
  • \DosDevices\#:- e.g. \DosDevices\C:

 

Both of the above Values will contain the same data - a 12 byte binary entry. The first four bytes contain the disk signature of the disk containing the partition, the other eight bytes represent the partition offset. Using the example f6 b2 f6 b2 00 7e 00 00 00 00 00 00 - the disk signature corresponds to the binary value f6 b2 f6 b2 and the partition offset is 00 7e 00 00 00 00 00 00 (which in this case equals sector 63).

If the MountedDevices key is deleted then new drive letters will be assigned during the boot process. It is also possible to edit the key to change the drive letter allocated to a disk. When editing the key it is safe to delete all of the \??\Volume{guid} entries as Windows booted from a RAM disk will assign a new {guid} value.

The examples below were tested on a system with one hard disk containing two primary partitions - (hd0,0) and (hd0,1). The Windows installation copied to the disk image was installed on (hd0,1). When the windows installation on (hd0,1) was booted -

  • (hd0,0) was mounted as drive D:
  • (hd0,1) was mounted as drive C:
  • A DVD-RW drive (device (cd0)) installed on the system was mounted as drive E:
The HKLM\SYSTEM\MountedDevices key contained the following entries -
DeviceValueData
(hd0,0)\DosDevices\D:70 16 3e 06 00 7e 00 00 00 00 00 00
(hd0,1)\DosDevices\C:70 16 3e 06 00 88 17 60 00 00 00 00
(cd0)\DosDevices\E:5c 00 3f 00 3f 00 5c 00 49 00 44 00..

 

Example 1

No changes were made to the system registry hive in the disk image. When Windows was booted from the disk image (device (rd0) in the table below) the system drive was mounted as drive F: (the first available drive letter - C:, D: and E: were already allocated) -

DeviceValueData
(hd0,0)\DosDevices\D:70 16 3e 06 00 7e 00 00 00 00 00 00
(hd0,1)\DosDevices\C:70 16 3e 06 00 88 17 60 00 00 00 00
(cd0)\DosDevices\E:5c 00 3f 00 3f 00 5c 00 49 00 44 00..
(rd0)\DosDevices\F:80 00 00 00 00 7e 00 00 00 00 00 00

 

Example 2

The following example assumes that Windows was already copied to a disk image and the disk image had been mounted as drive R: (via ImDisk) -

  • The registry hive R:\Windows\System32\config\SYSTEM was mounted as HKLM\firadisk by entering the following command at a command prompt - 
    reg load HKLM\firadisk R:\windows\system32\config\system
  • Deleted all values in the HKLM\firadisk\MountedDevices key
  • Unmounted the HKLM\firadisk hive (R:\Windows\System32\config\SYSTEM) by entering the following command at a command prompt -
    reg unload HKLM\firadisk
When Windows was booted from the disk image (device (rd0) in the table below) the system drive was mounted as drive C:, the other devices were mounted as follows -
DeviceValueData
(hd0,0)\DosDevices\D:70 16 3e 06 00 7e 00 00 00 00 00 00
(hd0,1)\DosDevices\E:70 16 3e 06 00 88 17 60 00 00 00 00
(cd0)\DosDevices\F:5c 00 3f 00 3f 00 5c 00 49 00 44 00..
(rd0)\DosDevices\C:80 00 00 00 00 7e 00 00 00 00 00 00

 

Example 3

The following example assumes that Windows was already copied to a disk image and the disk image had been mounted as drive R: (via ImDisk) -

  • The registry hive R:\Windows\System32\config\SYSTEM was mounted as HKLM\firadisk by entering the following command at a command prompt - 
    reg load HKLM\firadisk R:\windows\system32\config\system
  • Deleted all values in the HKLM\firadisk\MountedDevices except \DosDevices\C:
  • Edited \DosDevices\C: value by right-clicking on it and selecting Rename, then renamed as \DosDevices\Z:
  • Unmounted the HKLM\firadisk hive (R:\Windows\System32\config\SYSTEM) by entering the following command at a command prompt -
    reg unload HKLM\firadisk
When Windows was booted from the disk image (device (rd0) in the table below) the system drive was mounted as drive C:, the other devices were mounted as follows (note that device (hd0,1) retained the Z: letter manually assigned to it) -
DeviceValueData
(hd0,0)\DosDevices\D:70 16 3e 06 00 7e 00 00 00 00 00 00
(hd0,1)\DosDevices\Z:70 16 3e 06 00 88 17 60 00 00 00 00
(cd0)\DosDevices\E:5c 00 3f 00 3f 00 5c 00 49 00 44 00..
(rd0)\DosDevices\C:80 00 00 00 00 7e 00 00 00 00 00 00
  
   
   
   

上面引用自Editing the MountedDevices Registry Key

 

关于disk signature的说明

MBR的0x00-0x1B7是引导程序,0x1B8-0x1BB是disk signature,0x1BC-0x1BD是保留字段,0x1BE-0x1FD是分区表,0x1FE-0x1FF是结束标志。

 

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值