Powershell: Some basics accessing the BCDstore by WIM

Hi,

here are some starters for accessing the bcd store from powershell by using WMI.

Open the Systemstore. When you want to open another BCD Store insert the path in the File paraemeter. Otherwise set “”

PS D:\> $oBCD=Get-CimClass -ClassName bcdstore -Namespace "root/wmi"
PS D:\> $oBCDStore=Invoke-CIMMethod -CimClass $oBCD -Name OpenStore -Arguments @{File=""}

Enumerate all BCDObjects in the store

PS D:\> $aBCOObjectsReturn=Invoke-CimMethod -InputObject $oBCDStore.store -MethodName EnumerateObjects -Arguments @{Type=[uint32]0x0} 

Valid BCD objects are

enum BCDObjectType {
GlobalSettings		= 0x10100002    # Windows Boot Manager
WindowsLoader		= 0x10200003    # Windows Boot Loader
HibernateResumer	= 0x10200004    # Resume from Hibernate
BootApplication		= 0x10200005    # Custom boot application
LegacyOSLoader		= 0x10300006    # Windows Legacy OS Loade
ModuleSettings		= 0x20100000    # EMS Settings
BootLdrSettings		= 0x20200003    # Boot Loader Settings
ResumeLdrSettings	= 0x20200004    # Resume Loader Settings
}

For example all OSLoader objects

PS D:\> $aOSLOaders=$aBCOObjectsReturn.Objects|?{[string]::Format("0x{0:x}" ,$_.Type) -eq "0x10200003"  }

Each objects has (sub) elements
For example get each elements of the first OSLoader

PS D:\> (Invoke-CimMethod -InputObject ($aOSLOaders[0] ) -MethodName EnumerateElements).Elements

All elements Boot manager element types

enum BCDElementtypes {
# Boot manager elements
BcdBootMgrObjectList_DisplayOrder        = 0x24000001
BcdBootMgrObjectList_BootSequence        = 0x24000002
BcdBootMgrObject_DefaultObject           = 0x23000003
BcdBootMgrInteger_Timeout                = 0x25000004
BcdBootMgrBoolean_AttemptResume          = 0x26000005
BcdBootMgrObject_ResumeObject            = 0x23000006
BcdBootMgrObjectList_ToolsDisplayOrder   = 0x24000010
BcdBootMgrDevice_BcdDevice               = 0x21000022
BcdBootMgrString_BcdFilePath             = 0x22000023

# Device object elements
BcdDeviceInteger_RamdiskImageOffset   = 0x35000001
BcdDeviceInteger_TftpClientPort       = 0x35000002
BcdDeviceInteger_SdiDevice            = 0x31000003
BcdDeviceInteger_SdiPath              = 0x32000004
BcdDeviceInteger_RamdiskImageLength   = 0x35000005

# Library object elements
BcdLibraryDevice_ApplicationDevice                   = 0x1100000
BcdLibraryString_ApplicationPath                     = 0x1200000
BcdLibraryString_Description                         = 0x1200000
BcdLibraryString_PreferredLocale                     = 0x1200000
BcdLibraryObjectList_InheritedObjects                = 0x1400000
BcdLibraryInteger_TruncatePhysicalMemory             = 0x1500000
BcdLibraryObjectList_RecoverySequence                = 0x1400000
BcdLibraryBoolean_AutoRecoveryEnabled                = 0x1600000
BcdLibraryIntegerList_BadMemoryList                  = 0x1700000
BcdLibraryBoolean_AllowBadMemoryAccess               = 0x1600000
BcdLibraryInteger_FirstMegabytePolicy                = 0x1500000
BcdLibraryBoolean_DebuggerEnabled                    = 0x1600001
BcdLibraryInteger_DebuggerType                       = 0x1500001
BcdLibraryInteger_SerialDebuggerPortAddress          = 0x1500001
BcdLibraryInteger_SerialDebuggerPort                 = 0x1500001
BcdLibraryInteger_SerialDebuggerBaudRate             = 0x1500001
BcdLibraryInteger_1394DebuggerChannel                = 0x1500001
BcdLibraryString_UsbDebuggerTargetName               = 0x1200001
BcdLibraryBoolean_DebuggerIgnoreUsermodeExceptions   = 0x1600001
BcdLibraryInteger_DebuggerStartPolicy                = 0x1500001
BcdLibraryBoolean_EmsEnabled                         = 0x1600002
BcdLibraryInteger_EmsPort                            = 0x1500002
BcdLibraryInteger_EmsBaudRate                        = 0x1500002
BcdLibraryString_LoadOptionsString                   = 0x1200003
BcdLibraryBoolean_DisplayAdvancedOptions             = 0x1600004
BcdLibraryBoolean_DisplayOptionsEdit                 = 0x1600004
BcdLibraryBoolean_GraphicsModeDisabled               = 0x1600004
BcdLibraryInteger_ConfigAccessPolicy                 = 0x1500004
BcdLibraryBoolean_AllowPrereleaseSignatures          = 0x1600004

# MemDiag Elements
BcdMemDiagInteger_PassCount      = 0x25000001
BcdMemDiagInteger_FailureCount   = 0x25000003

# OSLoader Elements
BcdOSLoaderDevice_OSDevice                       = 0x21000001
BcdOSLoaderString_SystemRoot                     = 0x22000002
BcdOSLoaderObject_AssociatedResumeObject         = 0x23000003
BcdOSLoaderBoolean_DetectKernelAndHal            = 0x26000010
BcdOSLoaderString_KernelPath                     = 0x22000011
BcdOSLoaderString_HalPath                        = 0x22000012
BcdOSLoaderString_DbgTransportPath               = 0x22000013
BcdOSLoaderInteger_NxPolicy                      = 0x25000020
BcdOSLoaderInteger_PAEPolicy                     = 0x25000021
BcdOSLoaderBoolean_WinPEMode                     = 0x26000022
BcdOSLoaderBoolean_DisableCrashAutoReboot        = 0x26000024
BcdOSLoaderBoolean_UseLastGoodSettings           = 0x26000025
BcdOSLoaderBoolean_AllowPrereleaseSignatures     = 0x26000027
BcdOSLoaderBoolean_NoLowMemory                   = 0x26000030
BcdOSLoaderInteger_RemoveMemory                  = 0x25000031
BcdOSLoaderInteger_IncreaseUserVa                = 0x25000032
BcdOSLoaderBoolean_UseVgaDriver                  = 0x26000040
BcdOSLoaderBoolean_DisableBootDisplay            = 0x26000041
BcdOSLoaderBoolean_DisableVesaBios               = 0x26000042
BcdOSLoaderInteger_ClusterModeAddressing         = 0x25000050
BcdOSLoaderBoolean_UsePhysicalDestination        = 0x26000051
BcdOSLoaderInteger_RestrictApicCluster           = 0x25000052
BcdOSLoaderBoolean_UseBootProcessorOnly          = 0x26000060
BcdOSLoaderInteger_NumberOfProcessors            = 0x25000061
BcdOSLoaderBoolean_ForceMaximumProcessors        = 0x26000062
BcdOSLoaderBoolean_ProcessorConfigurationFlags   = 0x25000063
BcdOSLoaderInteger_UseFirmwarePciSettings        = 0x26000070
BcdOSLoaderInteger_MsiPolicy                     = 0x26000071
BcdOSLoaderInteger_SafeBoot                      = 0x25000080
BcdOSLoaderBoolean_SafeBootAlternateShell        = 0x26000081
BcdOSLoaderBoolean_BootLogInitialization         = 0x26000090
BcdOSLoaderBoolean_VerboseObjectLoadMode         = 0x26000091
BcdOSLoaderBoolean_KernelDebuggerEnabled         = 0x260000a0
BcdOSLoaderBoolean_DebuggerHalBreakpoint         = 0x260000a1
BcdOSLoaderBoolean_EmsEnabled                    = 0x260000b0
BcdOSLoaderInteger_DriverLoadFailurePolicy       = 0x250000c1
}

To be continued….

Michael

Leave a Reply Cancel reply