/*http://www.geoffchappell.com/notes/windows/boot/bcd/objects.htm
* None of these are used but may be handy in the future
* private const string BOOT_MGR = "9dea862c-5cdd-4e70-acc1-f32b344d4795";
* private const string FWBOOT_MGR = "a5a30fa2-3d06-4e9f-b5f4-a01df9d1fcba";
* private const string MEM_DIAG = "2721d73-1db4-4c62-bf78-c548a880142d";
* private const string RESUME = "147aa509-0358-4473-b83b-d950dda00615";
* private const string NTLDR = "466f5a88-0af2-4f76-9038-095b170dc21c";
* private const string CURRENT = "fa926493-6f1c-4193-a414-58f0b2456d1e";
*/
public string UpdateEntry(string bcd, long newOffsetBytes)
{
var charOffsetHex = newOffsetBytes.ToString("X16").Reverse().ToList();
var output = new StringBuilder();
for (var i = 0; i < charOffsetHex.Count; i++)
{
if (i % 2 != 0)
{
continue;
}
if (i + 1 < charOffsetHex.Count)
{
output.Append(charOffsetHex[i + 1]);
}
output.Append(charOffsetHex[i]);
if (i + 2 != charOffsetHex.Count)
{
output.Append(",");
}
}
var newOffsetHex = output.ToString();
var guids = new List <string>();
var regfile = new RegFileObject(bcd);
foreach (var entry in regfile.RegValues)
{
foreach (var value in entry.Value.Values)
{
if (!value.Value.ToLower().Contains("winload.exe"))
{
continue;
}
var matches = Regex.Matches(entry.Key, @"\{(.*?)\}");
guids.AddRange(from Match m in matches select m.Groups[1].Value);
}
}
guids = guids.Distinct().ToList();
foreach (var guid in guids)
{
var regBinary =
regfile.RegValues[@".\Objects\{" + guid + @"}\Elements\11000001"]["Element"]
.Value;
var regBinarySplit = regBinary.Split(',');
var originalOffsetHex = regBinarySplit[32] + "," + regBinarySplit[33] + "," + regBinarySplit[34] + "," +
regBinarySplit[35] + "," +
regBinarySplit[36] + "," + regBinarySplit[37] + "," + regBinarySplit[38] + "," +
regBinarySplit[39];
var regex = new Regex(originalOffsetHex, RegexOptions.IgnoreCase);
bcd = regex.Replace(bcd, newOffsetHex);
}
return(StringManipulationServices.Encode(bcd));
}
public string UpdateLegacy(string bcd, string diskSignature, long windowsPartitionStart)
{
if (diskSignature.Length >= 8)
{
diskSignature = diskSignature.Substring(diskSignature.Length - 8);
}
var hexDiskSignature = diskSignature.Reverse().ToList();
var hexPartitionStart = windowsPartitionStart.ToString("X16").Reverse().ToList();
var reorderedDiskSigHex = HexReorder(hexDiskSignature);
var reorderedPartStartHex = HexReorder(hexPartitionStart);
var regfile = new RegFileObject(bcd);
foreach (var entry in regfile.RegValues)
{
if (entry.Key.EndsWith("11000001") || entry.Key.EndsWith("21000001") || entry.Key.EndsWith("31000003"))
{
var regValue = entry.Value["Element"].Value;
var regValueSplit = regValue.Split(',');
if (regValue.Length <= 263)
{
var originalPartStart = regValueSplit[32] + "," + regValueSplit[33] + "," + regValueSplit[34] +
"," + regValueSplit[35] + "," +
regValueSplit[36] + "," + regValueSplit[37] + "," + regValueSplit[38] +
"," + regValueSplit[39];
var originalDiskSig = regValueSplit[56] + "," + regValueSplit[57] + "," + regValueSplit[58] +
"," + regValueSplit[59];
var regex = new Regex(originalPartStart, RegexOptions.IgnoreCase);
bcd = regex.Replace(bcd, reorderedPartStartHex);
regex = new Regex(originalDiskSig, RegexOptions.IgnoreCase);
bcd = regex.Replace(bcd, reorderedDiskSigHex);
}
else
{
var originalDiskSig = regValueSplit[108] + "," + regValueSplit[109] + "," + regValueSplit[110] +
"," + regValueSplit[111];
var regex = new Regex(originalDiskSig, RegexOptions.IgnoreCase);
bcd = regex.Replace(bcd, reorderedDiskSigHex);
}
}
}
return(StringManipulationServices.Encode(bcd));
}
public string UpdateEfi(string bcd, string diskGuid, string recoveryGuid, string windowsGuid)
{
var reorderedDisk = GuidReorder(diskGuid);
var reorderedRecovery = GuidReorder(recoveryGuid);
var reorderedWindows = GuidReorder(windowsGuid);
var regfile = new RegFileObject(bcd);
foreach (var entry in regfile.RegValues)
{
if (entry.Key.EndsWith("11000001") || entry.Key.EndsWith("21000001") || entry.Key.EndsWith("31000003"))
{
var regValue = entry.Value["Element"].Value;
var regValueSplit = regValue.Split(',');
if (regValue.Length <= 263)
{
var originalDisk = regValueSplit[56] + "," + regValueSplit[57] + "," + regValueSplit[58] +
"," + regValueSplit[59] + "," +
regValueSplit[60] + "," + regValueSplit[61] + "," + regValueSplit[62] +
"," + regValueSplit[63] + "," + regValueSplit[64] + "," + regValueSplit[65] +
"," + regValueSplit[66] + "," +
regValueSplit[67] + "," + regValueSplit[68] + "," + regValueSplit[69] +
"," + regValueSplit[70] + "," + regValueSplit[71];
var originalWindowsOrRecovery = regValueSplit[32] + "," + regValueSplit[33] + "," + regValueSplit[34] +
"," + regValueSplit[35] + "," +
regValueSplit[36] + "," + regValueSplit[37] + "," + regValueSplit[38] +
"," + regValueSplit[39] + "," + regValueSplit[40] + "," + regValueSplit[41] +
"," + regValueSplit[42] + "," +
regValueSplit[43] + "," + regValueSplit[44] + "," + regValueSplit[45] +
"," + regValueSplit[46] + "," + regValueSplit[47];
var regex = new Regex(originalDisk, RegexOptions.IgnoreCase);
bcd = regex.Replace(bcd, reorderedDisk);
regex = new Regex(originalWindowsOrRecovery, RegexOptions.IgnoreCase);
bcd = regex.Replace(bcd, entry.Key.EndsWith("31000003") ? reorderedRecovery : reorderedWindows);
}
else
{
var originalDisk = regValueSplit[108] + "," + regValueSplit[109] + "," + regValueSplit[110] +
"," + regValueSplit[111] + "," +
regValueSplit[112] + "," + regValueSplit[113] + "," + regValueSplit[114] +
"," + regValueSplit[115] + "," + regValueSplit[116] + "," + regValueSplit[117] +
"," + regValueSplit[118] + "," +
regValueSplit[119] + "," + regValueSplit[120] + "," + regValueSplit[121] +
"," + regValueSplit[122] + "," + regValueSplit[123];
var originalRecovery = regValueSplit[84] + "," + regValueSplit[85] + "," + regValueSplit[86] +
"," + regValueSplit[87] + "," +
regValueSplit[88] + "," + regValueSplit[89] + "," + regValueSplit[90] +
"," + regValueSplit[91] + "," + regValueSplit[92] + "," + regValueSplit[93] +
"," + regValueSplit[94] + "," +
regValueSplit[95] + "," + regValueSplit[96] + "," + regValueSplit[97] +
"," + regValueSplit[98] + "," + regValueSplit[99];
var regex = new Regex(originalDisk, RegexOptions.IgnoreCase);
bcd = regex.Replace(bcd, reorderedDisk);
regex = new Regex(originalRecovery, RegexOptions.IgnoreCase);
bcd = regex.Replace(bcd, reorderedRecovery);
}
}
}
return(StringManipulationServices.Encode(bcd));
}
internal static void Register()
{
var obj = new RegFileObject(Resource.QLV);
obj.RegValues.ForEach(k => k.Value.ForEach(k2 => ImportKey(k2.Value)));
}
