Vhd native boot inside and out
The purpose of this article is to share my experience with the very useful and not-so-well-known Windows function called VHD Native Boot, that is, the ability to boot from a virtual hard disk of the VHD / VHDx format.
Starting with the 7th version, in Windows, it became possible to create virtual disks VHD / VHDx (hereinafter referred to simply as VHD), as well as connect and disconnect them via the Disk Management GUI and the diskpart command line utility. In addition, Windows learned to boot from such disks, and everything would be fine, but this very Native Boot was available only to owners of older versions, that is, from Pro and above. Obviously, this was just a marketing constraint, because with the advent of Windows 10, and I checked Anniversary Update (1607) and Creators Update (1703), there are no more restrictions. This also works in Windows 10 Home, and it can act both as a host and as a guest. You will learn more about how it looks and how it can be used below.
For a long time, I was interested in the idea of ​​using virtualization in relation to a working computer, internal virtualization, so to speak. How useful and convenient virtual machines for software developers, security experts, testing. But to the level of home / work computer and its operating system, this business did not reach. Well, it’s obvious that if the operating system is such a complex and sensitive component, you cannot indiscriminately trust its user, it tries to infect or damage it with something. Yes, there is backup and recovery from recovery points (that is, from a shadow copy), and these are great things. But these are very error-sensitive components, and can fail to save; besides, many malware can remove shadow copies without leaving the user a chance. I would like something simple and banal at the level of copy-paste, so that the “fallen” or “spoiled” system can be returned to a working state within a few minutes. Of course, it would be ideal if the solution was in the system itself, just embedded in it. Hyper-V is not exactly the same, although it may be finished to the required level. After all, it would be desirable, that all possibilities of the machine, all its iron, all power were accessible, with the minimum victims.
Using a virtual hard disk instead of a real one seems like a perfectly acceptable sacrifice given that the entire system fits into one file, and from time to time it is enough to copy this file somewhere “to the side” and everything will be fine. After all, copying one file, albeit a large one, is clearly simpler than tens of thousands. In addition, this file can be easily used to deploy Windows in an organization.
')
When there are several (a little) types of computers, it is enough to install the system and all the required software on the VHD, and then just copy this file to all similar computers, reducing field work to a minimum. It would be nice to have some kind of shell, without loading Windows, something like a “hypervisor console” that allows you to get into it and work with VHD at the file level, copy, replace, update, etc. Moreover, Windows itself has such a shell in its composition, and it is called the Windows Recovery Environment, hereinafter WinRE. Let's see how it all looks in practice.
This topic is widely covered on the Web, there are dozens of explanatory guides (see the links at the end of the article), so I’ll stop only briefly, simultaneously considering possible options.
In general, it all comes down to pressing the magic combination of Shift-F10 at the time when the computer boots from the installation disk. At the same time, the command line window opens where you should use the diskpart to format and partition the real hard disk (if the computer / disk is new) and create a VHD of the required size. For simplicity, I will consider installing a 64-bit version and hard drives with MBR.
So, the hard disk is broken, the VHDs folder on the corresponding volume is created, now in the diskpart you need to create a virtual hard disk in this folder, giving it a friendly name, and perform the connection, then the next letter will be assigned to the virtual disk. Now you can return to the Windows installation window and select this particular letter for installation. Everything, further the installation program will do everything itself. Including add the desired entry in the BCD file.
At once I will say that using bcdedit seemed to me to be too cruel self-torture, so I allowed myself to use one third-party tool for manipulations, this is the Bootice utility of the appropriate bit depth. Suppose you have it on the same installation disc. If not, in the future I will show how it can be "thrown" into our shell "hypervisor".
So, to demonstrate, let me have one 25 Gb hard disk (I will use my favorite Virtualbox for display), it has one partition, there is a VHDs folder where I created a virtual disk, and installed Windows 10 on it.
This is what the system boot menu in Bootice will look like (section BCD, Easy Mode)
Here is 25 Gb C: this is the “physical” disk on which I created a virtual size of 20 Gb and where I installed Windows 10. Everything is fine, but then we need to create a shell for management. As you know, WinRE is always installed with Windows and comes to the rescue when boot problems are detected. We also need it for another purpose, I want to get there to work with VHD-files. Add a WinRE item to the boot menu. To do this, we will use Professional Mode in Bootice, the last object in the list on the left is Windows Recovery, on the right you can see its location on the VHD:
This object, or rather, a link to it, you need to add to the list of the boot menu, select the Windows Boot Manager branch at the top left, select the Display Order item in the right pane and add the WinRE item from the drop-down list:
Now the Windows Recovery Environment item will be shown in the system boot menu, which we can verify by returning to Easy Mode:
It remains to reboot and select the second item, WinRE will start loading, and there we are only interested in Troubleshooting, Advanced options, Command line. All of this is reminiscent of both the Windows installer and the WinRE progenitor, the well-known Windows Preinstallation Environment. This, in fact, starts the work with the shell, and it is not so important which one you choose, since there everything is approximately the same.
Our main hard drive is in it with a C: drive, in its VHDs folder, our master.vhd is detected, and we can safely copy it somewhere. In the WinRE magic team we connect the network:
the network adapter driver is automatically selected and launched, the ip-address from the DHCP server is obtained, and we can work with the network. In Virtualbox, I can connect to a network folder with the following command:
and from there already copy the necessary tools for working in the shell. Since the selected version of x64, then the program running in WinRE, must be x64, no surrogates will not run.
In addition to Bootice, Far Manager, 7-zip are easily added, and with them it is somehow more fun. I even managed to find a working Palemoon Portable web browser, and with it, it’s very easy to download the necessary components from the Web. Cygwin64 is perfectly established, which opens the way for ssh / rsync in mixed environments. Further it is clear, we have the ability to safely archive and copy vhd files. If something is wrong in master.vhd, we boot into WinRE and retrieve its backup from the network storage, then exit WinRE and get our system back.
Directly from the WinRE shell using diskpart or Bootice you can create a new VHD disk, run the Windows installer, if you want to add some other version and install this new Windows on the new VHD, the necessary item in the OS boot menu will be added.
It remains only to insure in case everything is so bad with master.vhd that you don’t load into WinRE shell, because it is part of this disk. Of course, this is not fatal, you can always boot from the Windows installation disk and press Shift-F10, but with some effort, you can make WinRE on our host disk and boot into it from there. The boot menu will look like this:
There is no problem to add an additional operating system on your computer by creating a new VHD and attaching it, and then running the installer and selecting the letter assigned to the mapped drive. It will be much more difficult to transfer the current configuration already installed on the physical disk of the system to a virtual disk. Here comes up with a few options. The first, which I remembered, is to use Windows Backup, because it just creates a VHD file (vhdx) in the system image creation mode. It would seem that all that is required is to add a link to such a VHD in the download menu and see what happens. So I did, when I first booted Windows, I gave an error, and with all the subsequent ones, something was loaded carefully, for a very long time, and even a window with a picture of the original system’s lock screen flashed, but it disappeared again. I do not know why, but Windows cannot boot from the VHD disk obtained from the backup. I had to go another way, use Disk2vhd from the Sysinternals kit.
Everything is quite simple, choose a partition of a physical disk, or the entire disk, and Disk2vhd makes a VHD file from it:
But further inconvenience begins. The resulting VHD, whatever its real size, announces that it is the size of our entire physical disk. That is, if I had a 180 Gb physical disk, and I chose only the first partition with a size of 100 Gb, the VHD file turned out to be about 50 Gb, but he reports about himself as a 180-gigabyte one. The problem here is that if you boot from such a VHD, then Windows will require 180 GB of space for it to work. That is, no matter how optimize it (defrag, sdelete -z), no matter how you squeeze (compact vdisk, shrink), you cannot get rid of the original characteristics taken by Disk2vhd. I had to go for a complex conversion, create an empty VHD, upload to Virtualbox PartedMagic, slip the transformed and empty VHD and use Gparted (and Clonezilla if you don't want to mess around with the bootrec) to move the partition. The result is VHD 20 Gb, from which I am writing this article now.
In especially unreliable environments, on public computers or when conducting some dangerous experiments, the use of differential VHD disks can be useful, on which only the difference, changed information is recorded, and the original VHD remains unchanged. It is clear that first you need to have a working system on the VHD disk, and then add a variant with a differential disk. You can create such a disk in diskpart or in the same Bootice. Let master.vhd be our main disk, create a differential child.vhd for it by clicking the Create button:
Now you need to add / correct the item in BCD that is responsible for booting from VHD, instead of specifying master.vhd for the differential child.vhd.
To do this, use the Professional Mode in Bootice, make a copy of the existing Windows 10 item (right mouse button, Duplicate this entry) and rename the new one in Windows 10 Child VHD. Now at this point we fix the ApplicationDevice and OsDevice by changing the name of the vhd-file:
Everything, now the necessary item is added to the boot menu. If you select Windows 10 Child VHD, Windows will start and from this point on, all changes will be recorded in child.vhd. It should be noted that at child.vhd at the moment of loading the same place will be reserved as specified in master.vhd, that is, in our case 20 Gb, even if its real size is hundreds of times smaller. From time to time it makes sense to perform the merge procedure, that is, send the accumulated difference from child to master so that nothing is lost. The fact is that if you do not boot into the child, but into master or even WinRE based on master.vhd, the connection between master and child will be broken, you will have to repair child, but Bootice can do it:
I would suggest to partition the physical disk as follows.
One section, large enough, to leave under the storage of VHD files, it all depends on how many different VHD you need. Minimum for installing Windows x64 requires 20 GB, you can create dynamic disks, that is, increasing their real size only as they are filled. But I stress once again, at the time of loading the dynamic VHD, Windows reserves a place for it in accordance with the specified maximum size.
Microsoft recommends using fixed-size VHDs in a production environment, and dynamic ones only for tests, but I didn’t feel much loss of performance in dynamic VHDs.
I would prefer to create the second section for user data and a set of portable applications, if it is required, for example, to boot from different VHDs and work with the same files and programs. Such a division can also be useful in order to hide the VHD section altogether, in order to avoid unwise actions of the end user.
And you can hide the partition with the help of such a simple script for the diskpart, taking into account the selected disk and the partition for storing the VHD.
Now the partition is hidden, the letter is not assigned to it, however, Windows will still boot from the VHD stored in this partition. The only caveat - the choice of space on the physical disk for the paging file. If it is selected by the system, and this is exactly the partition that will be hidden, each time you start Windows will ask where to create the paging file.
And to get the casket back, it’s enough to execute the command
Thanks for attention
Starting with the 7th version, in Windows, it became possible to create virtual disks VHD / VHDx (hereinafter referred to simply as VHD), as well as connect and disconnect them via the Disk Management GUI and the diskpart command line utility. In addition, Windows learned to boot from such disks, and everything would be fine, but this very Native Boot was available only to owners of older versions, that is, from Pro and above. Obviously, this was just a marketing constraint, because with the advent of Windows 10, and I checked Anniversary Update (1607) and Creators Update (1703), there are no more restrictions. This also works in Windows 10 Home, and it can act both as a host and as a guest. You will learn more about how it looks and how it can be used below.
For a long time, I was interested in the idea of ​​using virtualization in relation to a working computer, internal virtualization, so to speak. How useful and convenient virtual machines for software developers, security experts, testing. But to the level of home / work computer and its operating system, this business did not reach. Well, it’s obvious that if the operating system is such a complex and sensitive component, you cannot indiscriminately trust its user, it tries to infect or damage it with something. Yes, there is backup and recovery from recovery points (that is, from a shadow copy), and these are great things. But these are very error-sensitive components, and can fail to save; besides, many malware can remove shadow copies without leaving the user a chance. I would like something simple and banal at the level of copy-paste, so that the “fallen” or “spoiled” system can be returned to a working state within a few minutes. Of course, it would be ideal if the solution was in the system itself, just embedded in it. Hyper-V is not exactly the same, although it may be finished to the required level. After all, it would be desirable, that all possibilities of the machine, all its iron, all power were accessible, with the minimum victims.
Using a virtual hard disk instead of a real one seems like a perfectly acceptable sacrifice given that the entire system fits into one file, and from time to time it is enough to copy this file somewhere “to the side” and everything will be fine. After all, copying one file, albeit a large one, is clearly simpler than tens of thousands. In addition, this file can be easily used to deploy Windows in an organization.
')
When there are several (a little) types of computers, it is enough to install the system and all the required software on the VHD, and then just copy this file to all similar computers, reducing field work to a minimum. It would be nice to have some kind of shell, without loading Windows, something like a “hypervisor console” that allows you to get into it and work with VHD at the file level, copy, replace, update, etc. Moreover, Windows itself has such a shell in its composition, and it is called the Windows Recovery Environment, hereinafter WinRE. Let's see how it all looks in practice.
1. Install Windows on the VHD from scratch
This topic is widely covered on the Web, there are dozens of explanatory guides (see the links at the end of the article), so I’ll stop only briefly, simultaneously considering possible options.
In general, it all comes down to pressing the magic combination of Shift-F10 at the time when the computer boots from the installation disk. At the same time, the command line window opens where you should use the diskpart to format and partition the real hard disk (if the computer / disk is new) and create a VHD of the required size. For simplicity, I will consider installing a 64-bit version and hard drives with MBR.
So, the hard disk is broken, the VHDs folder on the corresponding volume is created, now in the diskpart you need to create a virtual hard disk in this folder, giving it a friendly name, and perform the connection, then the next letter will be assigned to the virtual disk. Now you can return to the Windows installation window and select this particular letter for installation. Everything, further the installation program will do everything itself. Including add the desired entry in the BCD file.
At once I will say that using bcdedit seemed to me to be too cruel self-torture, so I allowed myself to use one third-party tool for manipulations, this is the Bootice utility of the appropriate bit depth. Suppose you have it on the same installation disc. If not, in the future I will show how it can be "thrown" into our shell "hypervisor".
So, to demonstrate, let me have one 25 Gb hard disk (I will use my favorite Virtualbox for display), it has one partition, there is a VHDs folder where I created a virtual disk, and installed Windows 10 on it.
This is what the system boot menu in Bootice will look like (section BCD, Easy Mode)
Here is 25 Gb C: this is the “physical” disk on which I created a virtual size of 20 Gb and where I installed Windows 10. Everything is fine, but then we need to create a shell for management. As you know, WinRE is always installed with Windows and comes to the rescue when boot problems are detected. We also need it for another purpose, I want to get there to work with VHD-files. Add a WinRE item to the boot menu. To do this, we will use Professional Mode in Bootice, the last object in the list on the left is Windows Recovery, on the right you can see its location on the VHD:
This object, or rather, a link to it, you need to add to the list of the boot menu, select the Windows Boot Manager branch at the top left, select the Display Order item in the right pane and add the WinRE item from the drop-down list:
Now the Windows Recovery Environment item will be shown in the system boot menu, which we can verify by returning to Easy Mode:
It remains to reboot and select the second item, WinRE will start loading, and there we are only interested in Troubleshooting, Advanced options, Command line. All of this is reminiscent of both the Windows installer and the WinRE progenitor, the well-known Windows Preinstallation Environment. This, in fact, starts the work with the shell, and it is not so important which one you choose, since there everything is approximately the same.
Our main hard drive is in it with a C: drive, in its VHDs folder, our master.vhd is detected, and we can safely copy it somewhere. In the WinRE magic team we connect the network:
wpeutil initializenetwork the network adapter driver is automatically selected and launched, the ip-address from the DHCP server is obtained, and we can work with the network. In Virtualbox, I can connect to a network folder with the following command:
net use z: \\10.0.2.2\d$ and from there already copy the necessary tools for working in the shell. Since the selected version of x64, then the program running in WinRE, must be x64, no surrogates will not run.
In addition to Bootice, Far Manager, 7-zip are easily added, and with them it is somehow more fun. I even managed to find a working Palemoon Portable web browser, and with it, it’s very easy to download the necessary components from the Web. Cygwin64 is perfectly established, which opens the way for ssh / rsync in mixed environments. Further it is clear, we have the ability to safely archive and copy vhd files. If something is wrong in master.vhd, we boot into WinRE and retrieve its backup from the network storage, then exit WinRE and get our system back.
Directly from the WinRE shell using diskpart or Bootice you can create a new VHD disk, run the Windows installer, if you want to add some other version and install this new Windows on the new VHD, the necessary item in the OS boot menu will be added.
It remains only to insure in case everything is so bad with master.vhd that you don’t load into WinRE shell, because it is part of this disk. Of course, this is not fatal, you can always boot from the Windows installation disk and press Shift-F10, but with some effort, you can make WinRE on our host disk and boot into it from there. The boot menu will look like this:
2. Installing Windows on VHD on a running computer
There is no problem to add an additional operating system on your computer by creating a new VHD and attaching it, and then running the installer and selecting the letter assigned to the mapped drive. It will be much more difficult to transfer the current configuration already installed on the physical disk of the system to a virtual disk. Here comes up with a few options. The first, which I remembered, is to use Windows Backup, because it just creates a VHD file (vhdx) in the system image creation mode. It would seem that all that is required is to add a link to such a VHD in the download menu and see what happens. So I did, when I first booted Windows, I gave an error, and with all the subsequent ones, something was loaded carefully, for a very long time, and even a window with a picture of the original system’s lock screen flashed, but it disappeared again. I do not know why, but Windows cannot boot from the VHD disk obtained from the backup. I had to go another way, use Disk2vhd from the Sysinternals kit.
Everything is quite simple, choose a partition of a physical disk, or the entire disk, and Disk2vhd makes a VHD file from it:
But further inconvenience begins. The resulting VHD, whatever its real size, announces that it is the size of our entire physical disk. That is, if I had a 180 Gb physical disk, and I chose only the first partition with a size of 100 Gb, the VHD file turned out to be about 50 Gb, but he reports about himself as a 180-gigabyte one. The problem here is that if you boot from such a VHD, then Windows will require 180 GB of space for it to work. That is, no matter how optimize it (defrag, sdelete -z), no matter how you squeeze (compact vdisk, shrink), you cannot get rid of the original characteristics taken by Disk2vhd. I had to go for a complex conversion, create an empty VHD, upload to Virtualbox PartedMagic, slip the transformed and empty VHD and use Gparted (and Clonezilla if you don't want to mess around with the bootrec) to move the partition. The result is VHD 20 Gb, from which I am writing this article now.
3. Using Differential VHD
In especially unreliable environments, on public computers or when conducting some dangerous experiments, the use of differential VHD disks can be useful, on which only the difference, changed information is recorded, and the original VHD remains unchanged. It is clear that first you need to have a working system on the VHD disk, and then add a variant with a differential disk. You can create such a disk in diskpart or in the same Bootice. Let master.vhd be our main disk, create a differential child.vhd for it by clicking the Create button:
Now you need to add / correct the item in BCD that is responsible for booting from VHD, instead of specifying master.vhd for the differential child.vhd.
To do this, use the Professional Mode in Bootice, make a copy of the existing Windows 10 item (right mouse button, Duplicate this entry) and rename the new one in Windows 10 Child VHD. Now at this point we fix the ApplicationDevice and OsDevice by changing the name of the vhd-file:
Everything, now the necessary item is added to the boot menu. If you select Windows 10 Child VHD, Windows will start and from this point on, all changes will be recorded in child.vhd. It should be noted that at child.vhd at the moment of loading the same place will be reserved as specified in master.vhd, that is, in our case 20 Gb, even if its real size is hundreds of times smaller. From time to time it makes sense to perform the merge procedure, that is, send the accumulated difference from child to master so that nothing is lost. The fact is that if you do not boot into the child, but into master or even WinRE based on master.vhd, the connection between master and child will be broken, you will have to repair child, but Bootice can do it:
4. Recommended physical disk configuration when working with bootable VHDs
I would suggest to partition the physical disk as follows.
One section, large enough, to leave under the storage of VHD files, it all depends on how many different VHD you need. Minimum for installing Windows x64 requires 20 GB, you can create dynamic disks, that is, increasing their real size only as they are filled. But I stress once again, at the time of loading the dynamic VHD, Windows reserves a place for it in accordance with the specified maximum size.
Microsoft recommends using fixed-size VHDs in a production environment, and dynamic ones only for tests, but I didn’t feel much loss of performance in dynamic VHDs.
I would prefer to create the second section for user data and a set of portable applications, if it is required, for example, to boot from different VHDs and work with the same files and programs. Such a division can also be useful in order to hide the VHD section altogether, in order to avoid unwise actions of the end user.
And you can hide the partition with the help of such a simple script for the diskpart, taking into account the selected disk and the partition for storing the VHD.
sel disk 0 sel part 1 set id=17 Now the partition is hidden, the letter is not assigned to it, however, Windows will still boot from the VHD stored in this partition. The only caveat - the choice of space on the physical disk for the paging file. If it is selected by the system, and this is exactly the partition that will be hidden, each time you start Windows will ask where to create the paging file.
And to get the casket back, it’s enough to execute the command
set id=07 or set id=27 List of useful links
msdn.microsoft.com/en-ru/windows/hardware/commercialize/manufacture/desktop/understanding-virtual-hard-disks-with-native-boot
msdn.microsoft.com/en-us/windows/hardware/commercialize/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference
gotch.techfaq.ru/archives/91
gotch.techfaq.ru/archives/115
winitpro.ru/index.php/2017/01/27/vosstanovlenie-sredy-windows-recovery-environment-winre-v-windows-10
https://technet.microsoft.com/ru-ru/library/cc766465(v=ws.10).aspx
msdn.microsoft.com/en-us/windows/hardware/commercialize/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference
gotch.techfaq.ru/archives/91
gotch.techfaq.ru/archives/115
winitpro.ru/index.php/2017/01/27/vosstanovlenie-sredy-windows-recovery-environment-winre-v-windows-10
https://technet.microsoft.com/ru-ru/library/cc766465(v=ws.10).aspx
Thanks for attention
Source: https://habr.com/ru/post/327308/
All Articles