Skip to main content

Removing CHS based access from windows boot loaders

Recently, I had troubles to migrate my Windows installation from VMWare to VirtualBox. When booting the vmware created partition in virtualbox, I got "NTLDR not found". So I sharpened the knives and got down to business with vmware's gdb interface and virtualbox's internal debugger. Tracing the execution showed that the BIOSes of the two products reported different geometries on the INT 13h interface. The generic method contained in the boot loader to read a sector from disk is "clever" as it checks whether the sector is below the maximum sector index that is reachable with the CHS geometry reported by the BIOS. If not, it uses the LBA interface of the BIOS. If yes, the cleverness of the boot loader suddenly vanishes. Instead of using the BIOS reported geometry to break the absolute sector down into its CHS components, the boot loader uses a geometry stored in the so called BIOS parameter block. That's a section of the first sector embedded into the boot loader that hard codes such values as head per cylinder and sectors per heads into the boot loader. If the hard coded values are different from the ones used by the BIOS, the calculation produces wrong values. So, if you move your partition to a BIOS that exposes a different geometry to the boot loader than is hard coded in the boot loader the whole thing blows up. Brilliant Microsoft design, as ever.

My solution is to override the check in the boot loader, so that LBA based access is always used and the CHS code is never touched. This way I'm able to use my partition under vmware (which uses heads=15) and virtualbox (which uses heads=255) simultaneously. Here is my boot loader patcher for FAT32 and NTFS based boot loaders: killchs.c. Use on your own risk. Chances are good that you can restore you boot loader with mbrfix if it breaks your boot loader.

Btw: VirtualBox is available under the GPL, and not only this makes it much more sexy to work with, it is also much faster than VMWare, at least that's my impression. There is also a commercial distribution of VirtualBox.


Vituko said…
Great, man!!

I thought I'd never get my vmdk xp system to boot directly outside Virtualbox-ose. I've spent lots of hours : installing inside, broken outside and vice versa, fixmbr, fixboot, install-mbr, dd,... Nothing worked. I knew this should be a bios question but... what to do? I'd never thought to try hexediting a boot sector (your c code doesnt accept "MSDOS5.0" system name, my boot partition, but is very clear).

* Debian Lenny package : virtualbox-ose 1.6.6-dfsg-2

Unfortunately, this does not work for a slightly different situation I have. I had a Thinkpad R40, which is old now. I bought a new HP Pavilion dv6t. Would love to keep the disk image from the Thinkpad. Cloned the Thinkpad disk to a USB drive (identical size) using EaseUS Disk Copy 2.3 -- disk copy, not partition copy. Then cloned the USB drive to my HP disk. There was a warning that geometries don't match -- 240 head on the USB drive vs 255 head on the HP drive -- but that EaseUS Disk Copy will handle this correctly. Checked various low level details in MBR and boot loader, and all known fixes reported on the web were indeed correctly set in the cloned version on the HP. However, HP machine does not boot -- starts the boot loader and then hangs with a blank screen and blinking cursor at top left corner. Making the changes in the bootloader per killchs.c (manually editing disk content for these 4 bytes) causes boot loader to proceed a shade more, and then it flashes what looks like MS blue screen of death; but instead of dying, the machine goes back into reboot, and I cannot capture the error message.

Any further suggestion? Would really appreciate some help here.
Unknown said…
Same situation here, when cloning a physical ThinkPad R60 installation (240 heads) into VirtualBox. Your patch fixed the booting so that it could get into the boot menu, where I could enable Kernel Debugging and fix the remaining two bluescreens with the help of windbg analyze plugin (first was missing IO APIC, second was a missing DLL for the AHCI implementation of VirtualBox that seemed to be different to the one used in my ThinkPad). So, if you can get into F8 menu, especially on VM where attaching a virtual serial cable is easy, try Kernel debugging :-)
Mark Gallaher said…
This comment has been removed by a blog administrator.

Popular posts from this blog

Liskell standalone

Some time has passed since I last blogged about Liskell. It is not dead nor have I changed my mind that Haskell needs a proper meta-programming facility not to mention a better syntax.Liskell was a branch of GHC once. Now it sits on top of the GHC API, or I should rather say sneaks behind its back as it creates its own API as the original one is not suitable for the stunts I'm interested in. If Liskell sticks with GHC as its soil, I will definitely send patches upstream to refine the GHC API in the areas where it needs more flexibility for Liskell. However for the moment, my main target was to get something out that compiles with a stable version of GHC.You can grab it with the usual: darcs get This version has been tested with ghc 6.10.1 and should install like: ./Setup.lhs configure ./Setup.lhs build ./Setup.lhs install cd LskPrelude make install-inplace Optionally you can run make tests in the testsuite subdirectory. Thanks to community.haskell…

Is the new post-money SAFE mathematically sound?

Y-Combinator published a new set of documents for their SAFE, short for "Simple Agreement for Future Equity". The new version takes the document from a pre-money investment to a post-money investment. But for those of you that know neither versions, a SAFE is a legal document signed by the SAFE investor and a startup, so that the startup gets cash to build their product and the investor gets equity in the company. How much equity the SAFE investor gets is not spelled out in numbers but in the form of a set of equations that should compute this number at a later stage. "Later" usually means at the next funding round called Series A, where a larger investor injects more cash into an already working prototype of the product. At the point of Series A, it is much more clear on how the product performs and whether there is a market. The Series A investment usually happens a year after the SAFE investment. The assumption here is that it is fair to both the startup and th…

XMonad GridSelect

Personally, I not just need a window manager, I need a focus manager. I tend to think of windows as TODO items, and as there are many TODOs in life there are many windows on my workspaces. Usually a fraction of that can't be closed or worked on immediately, so they linger around on my desktop, cluttering my workspace.I used to use the Tabbed layout. But Tabbed isn't the answer when you are a guy who reports bugs such as "XMonad 0.6 with Tabbed dies when firefox-session-restore slams 40 windows at once on the desktop". In other words, I use a lot of windows. The workspaces concept isn't particularly useful to me either. My mind just doesn't work with mental boxes. So the result is, that I have too few workspaces with too much windows on them, so that Tabbed has trouble displaying useful window titles, and navigating through them is slow and cumbersome (mostly because tab switching generates a lot of useless X Expose events).GridSelect is my answer to that. It…