UEFI shell file system order - uefi

When I have a bootable USB drive inserted, my UEFI shell places that drive at the FS0 position. As a result, my hard drive, which has the startup.nsh on the boot partition (labeled efidir, not boot), is placed at fs4. The shell can't boot from the startup.nsh, because the efidir partition isn't mounted. When I don't have the USB drive in place, everything works (the hard drive is at FS0, startup.nsh runs, the system boots. To run the startup with a USB in place, I have to switch to FS4 and then run startup from the command line.
Is there a way for me to force the shell to place the hard drive at the FS0 location on the map, regardless of the existence of the USB drive?

Related

How to Copy SmsTSLog file to USB

I'm trying to deploy an operating system to a target machine via SCCM.
Unfortunately, there are errors in the deployment process and as a consequence, the target machine has not received the operating system correctly.
In order to ascertain what errors are occurring in the deployment process, I wish to view log file(s) for errors. These errors are invariably located in the SMSTSLog file on the target machine.
In given the fact that the target machine is not booting, how can one copy the SMSTSLog from the target machine onto an external USB key in order to view that log file for various errors on another computer?
Plug in into the target machine the USB key which contains the
task sequence for deployment .
Press F12 (Dell machines) to load the boot options.
If it's a legacy boot then choose the USB Storage which contains the task sequence.
or
If its a UEFI boot then choose UEFI option.
For help in identifying which boot option, look at the memory size of the mounted external memory on the boot list.
If the size listed is similar to the size of your USB stick (e.g. UEFI: Jetflash 2GB) then this is your target USB stick to boot from.
Wait for the files to load from the USB.
When the task sequence launches from the USB stick press F8
to bring up a command prompt. Note: Pressing F8 multiple times launches multiple command prompts.
A Task Sequence Wizard window may appear. Simply move this window to
the side of the screen as you are only interested in bringing up a
command prompt.
It is necessary to identify the label volume for the external USB key.
To do this do the following inside the command prompt:
type: Diskpart
Then type: List Volume
You will see a number of volumes listed.
Look for the volume of type removable (as you should only have one removable USB connected to the machine at this time) and
note its label e.g. D
Press F8 again to bring up another command prompt window.
You will now attempt to copy the log file with the following command:
xcopy [source] [destination]
E.g. Type: xcopy X:\windows\temp\SMSTSLog*.* D:\
Source is: X:\windows\temp\SMSTSLog*.*
Destination is: D:\
Then simply remove the USB stick and open in another machine to view SMSTSLog with your editor of choice.

Operating system-loader

My question is how operating system loads
User space application to RAM. I know how
Bootloader works when we first turn computer on Bios simply reads 512 kb data till aa55 bootloader signature and loads bootloader to ram. Do regular userspace programms are handled in this way? If yes how? Because bootloader activated by bios and how user space program handled by operating system? More specifacally how execv() load program to RAM and start execution point for user space ?
Thanks in advance
Userspace programs are not handled like the bios, the Kernel will be involved in running a userspace program.
In general:
When a program is executed in shell, the shell will invoke system calls to create a new task in a new address space, read in the executable binary, and begin executing it.
To understand the details, you need to understand:
The elf format. Of course there are also other formats which can be used in Linux, elf is just the most common one, and a good starting point. Understanding elf will help you understand how the kernel loads the executable binary into memory precisely.
Linux process management; this will help you to understand how a program starts to run.
Reading the related codes in the kernel. fs/exec.c will be of great help.
The procedure varies among operating systems. Some systems have a background command interpreter that exists through the life of a process and within the process itself. When a program is run, the command interpreter stays in the background (in protected from user mode access). When the program completes, the command interpreter comes to the foreground and can run another program in the same process.
In the Eunuchs-world, the command interpreter is just a user-mode program. Whenever it runs a program it kicks off another process.
Both of these types of systems use a loader to configure the process address space for running a program. The executable file is a set of instructions that define how to lay out the address space,
This is significantly different from a bootloader. A bootloader blindly loads a block of stored data into memory. A program loader contains complex instructions for laying out a process address space that include handling shared libraries and doing address fixups.

Transfer files from a USB stick to Windows 10 IoT Core local storage

I have a Raspberry Pi 3 running Windows 10 IoT Core. How can I copy files from a USB stick connected to the device to the local SD card storage? Is this possible using PowerShell?
Ideally I want to do this without the need for a UWP app running on the device and any interaction via a local GUI.
Currently when the device is running its default app and I insert a USB stick nothing happens like it does on a desktop edition of Windows 10.
To further clarify I also don't want to navigate to the devices storage via a UNC path copying files between network locations. The files have to be sourced from the USB stick.
Thanks
You can definitely use PowerShell for this.
Firstly I would use the IoT Dashboard to open a new PowerShell remote management session to my Windows IoT device.
Insert the USB stick if it isn't already.
Then use the following PowerShell command to review the devices local drivers.
gdr -PSProvider 'FileSystem'
This will return a list of all drives attached. Like below.
Note; drives C, D and U are used by the device and system.
Then use a XCOPY in the PowerShell session once you know the drive letter your USB stick has been assigned. Eg. E above.
XCOPY E:\ C:\Data\FromUSB\
This will copy everything from the root of the USB stick to a folder on the devices SD card called 'FromUSB' in the Data parent directory.
Note; creating custom folder on the root of the C drive may not appear to some UI's.
Hope this helps.

how to start a process under kernel debugging on windows?

I have a hard drive was crypted by TryeCrypt,a custom edtion ,self input password,and i have found this 40-bytes password via MBR debugging, but can't mount it using standard version 7.1a.
what i want is get some files from this hard drive,good news is,this hard drive is bootable and it is a windows xp sp2,but a fullscreen app was auto startup and any input(keyboard,mouse etc.) was blocked,therefore,the only way to touch it is debugging it with vmware gdb stub.
The ida's remote dbg debugger is working very well, now I touch the guest's memory, edit it's codes, set breakpoints and the symbols was loaded.
so the question is,how can I start a process via patching the kernel?
What I thinking is,build a winddk project , implement a driver to do this with user APC, and then disassemble it to get it's assembler code ,and then patch it into guest via ida.
Any idea? thanks.

What does it mean to add a virtual disk image to a virtual CD/DVD drive on a virtual machine?

I'm currently installing virtual box, and one of the steps requires that I add a disk image (in my case, an ubuntu ISO file) to a virtual CD/DVD drive listed under the virtual machines Storage.
From what I understand the ISO basically contains all the contents of ubuntu. And once I've allocated enough disk space for my virtual machine, I need to install ubuntu by reading from this ISO file into my virtual hard drive.
So- is that the reason why I need to add the ISO image to my dvd/cd? Because it acts as an ACTUAL cd/dvd? My understanding is limited - I just want more clarification about this process!
.iso files are images of the entire content of a CD. They are meant to be burnt on a actual CD. But there are now several programs allowing to read the content of an .iso file without actually writing the data to a CD.
You're right in everything you said.
Virtual Box simulates (almost) everything of a real computer: disks, drives, memory, USB ports...
The drive is initially empty, i.e. has no CD/DVD inside.
Then you choose which CD should be simulated inside the drive. It can be either the actual CD on your physical machine, or a CD image, i.e. a .iso file.
When some program inside the virtual machine wants to access the data written on what it thinks is the CD, Virtual Box reads the .iso file and answer the program, as if the data came from a CD.
Virtual box uses virtual drives. These drives act as 'actual' drives on the guest OS, in your case Ubuntu would be the guest OS.
When you create a new virtual machine, it is clean, nothing has been installed yet.
In order to install Ubuntu on the machine you will need to load the ISO image into the virtual CD/DVD drive to install it.
Note: A ISO is a 'disk image' that contains the entire contents of a disk in a single file, that can be loaded into virtual drives, or burned to physical CD/DVDs
Here is a small tutorial on install Ubuntu to virtual box, the screen shots may differ a little bit, but the process will generally be the same for you.
http://osxdaily.com/2012/03/27/install-run-ubuntu-linux-virtualbox/