NTLDR file is missing

[Guest]

HI

I broke my mobo and my HD. I've replaced them and installed win7 then
I restored an image of the broken drive.

All I got was this error message.

Does anyone know how I can overcome this?

Thank you

Me

 

[Ed Cryer]

HI

I broke my mobo and my HD. I've replaced them and installed win7 then
I restored an image of the broken drive.

All I got was this error message.

Does anyone know how I can overcome this?

Thank you

Me

1. Insert the Windows 7 DVD
2. Restart your computer
3. When asked if you want to boot from your DVD drive, do so.
4. Choose your language, click Next.
5. Click 'Repair your computer'
6. Select operating system you want repair.

Ed

 

[Gene E. Bloch]

Ed

Ed, did your newsreader screw up, or did you put in the ">" to make
bullets?

At first I didn't realize that you had added anything in your reply...

Too bad, because your reply is right on

 

[Ed Cryer]

Ed, did your newsreader screw up, or did you put in the ">" to make
bullets?

At first I didn't realize that you had added anything in your reply...

Too bad, because your reply is right on

I copied and pasted the 1 - 6 items from a webpage, and sent without
noticing the quote markers. I use Tbird so I guess I must have hit
"Paste as Quotation" instead of just "Paste".

As an extra for the OP, if he doesn't have an installation disk then he
can download and burn a "System Repair Disk" and use it in exactly the
same way.

Ed

 

[Gene E. Bloch]

I copied and pasted the 1 - 6 items from a webpage, and sent without
noticing the quote markers. I use Tbird so I guess I must have hit
"Paste as Quotation" instead of just "Paste".

My favorite is forgetting to "Paste without formatting"

Which I only do in e-mail, since I don't use TB for Usenet.

As an extra for the OP, if he doesn't have an installation disk then he
can download and burn a "System Repair Disk" and use it in exactly the
same way.

Ed

Good suggestion - I'm glad I gave you this opportunity to add it

 

[Unk]

HI

I broke my mobo and my HD. I've replaced them and installed win7 then
I restored an image of the broken drive.

All I got was this error message.

Does anyone know how I can overcome this?

Thank you

Me

Goggle this: hj5fhk5632djhscd4d45d
And all will become clear.

Unk

 

[Paul]

HI

I broke my mobo and my HD. I've replaced them and installed win7 then
I restored an image of the broken drive.

All I got was this error message.

Does anyone know how I can overcome this?

Thank you

Me

My guess is:

1) The restoration overwrote the MBR. The MBR is the first sector on
the disk, and it consists of

446 bytes code
4*16 byte primary partition table
2 byte flag

When you install Windows 7, the "446 bytes code" is loaded with
details on the loader for Windows 7.

When you restore the MBR of some other setup, the 446 bytes could be
asking for NTLDR.

If all 512 bytes were overwritten, then the partition table would be
destroyed. And it doesn't sound like that happened (at least, I don't
see evidence in your posting). If only the 446 bytes got written,
then the partition table would be left alone. You can make fine
manipulations of the MBR, via a "read-modify-write" approach. That's
how you change 446 bytes out of the 512 bytes, and then put it back.

2) The MBR code has the option of searching for the partition that
has the boot flag set to active (0x80). The Windows 7 "SYSTEM RESERVED"
partition, is a small 100MB partition, which contains boot related stuff.
I think when you install Windows 7, that partition is active and the boot
flag should be on that partition. The main Windows 7 C: partition, contains
the rest of the OS and files.

If the 446 bytes of code in the MBR are for WinXP, then it looks in the
active partition for NTLDR. The SYSTEM RESERVED that belongs to Windows 7
doesn't have an NTLDR, thus the error message.

To make it look in the new, restored WinXP partition, you'd move the boot
flag to the WinXP partition. One way to do that, might be from a system
recovery command prompt, using a tool like "diskpart". There are other
ways to do that as well (I'd probably do it from Linux).

3) If the restored WinXP partition is in the wrong numerical partition slot
(because Windows 7 is hogging those spots), the restoration tool should at
the very least, have mentioned it. For example, when I use my ancient copy
of Partition Magic, if I move partition 3 from disk A to disk B, it puts
the partition in the third slot on disk B. And that's so the boot.ini information
is still value. The information in a WinXP boot.ini contains an ARC path,
which is a string that says what partition to look at. If you restore a
partition, into the wrong slot, all that needs to be done, is edit boot.ini
to point to the correct place. I've done that a few times from a Linux LiveCD
when I fouled that up with one of my "experiments". But there are other ways
to do that as well.

The devil is in the details.

Depending on the importance of the various partitions on your system,
you'll either be able to "take a hammer to it", or move with more caution,
depending on what your final objectives are. For example, you might be able
to set up the system as "dual boot", by getting the Windows 7 restore CD
to fix up the booting. And then, add WinXP using bcdedit or EasyBCD, once
Windows 7 is running again. That effectively makes Windows 7 in control
of starting the boot process for either Windows 7 partition or WinXP partition.

As an amateur, if I was working on this, the first thing I'd do is examine
the MBR with my hex editor, to better understand what's in there right now,
and whether it's the right material for the job. Using a Linux LiveCD for
the forensics stage of the problem, allows figuring out exactly what needs
to be fixed. (I can print the partition table using "fdisk" for example.)
Then, some fixes can be done from the WinXP installer CD, or some other kinds
of fixes can be done from the Win7 installer CD or the Win7 recovery CD. So
with about three discs out of my collection, I could probably take a stab
at fixing it.

Paul

 

[Ed Cryer]

My guess is:

1) The restoration overwrote the MBR. The MBR is the first sector on
the disk, and it consists of

446 bytes code
4*16 byte primary partition table
2 byte flag

When you install Windows 7, the "446 bytes code" is loaded with
details on the loader for Windows 7.

When you restore the MBR of some other setup, the 446 bytes could be
asking for NTLDR.

If all 512 bytes were overwritten, then the partition table would be
destroyed. And it doesn't sound like that happened (at least, I don't
see evidence in your posting). If only the 446 bytes got written,
then the partition table would be left alone. You can make fine
manipulations of the MBR, via a "read-modify-write" approach. That's
how you change 446 bytes out of the 512 bytes, and then put it back.

2) The MBR code has the option of searching for the partition that
has the boot flag set to active (0x80). The Windows 7 "SYSTEM RESERVED"
partition, is a small 100MB partition, which contains boot related stuff.
I think when you install Windows 7, that partition is active and the boot
flag should be on that partition. The main Windows 7 C: partition, contains
the rest of the OS and files.

If the 446 bytes of code in the MBR are for WinXP, then it looks in the
active partition for NTLDR. The SYSTEM RESERVED that belongs to Windows 7
doesn't have an NTLDR, thus the error message.

To make it look in the new, restored WinXP partition, you'd move the boot
flag to the WinXP partition. One way to do that, might be from a system
recovery command prompt, using a tool like "diskpart". There are other
ways to do that as well (I'd probably do it from Linux).

3) If the restored WinXP partition is in the wrong numerical partition slot
(because Windows 7 is hogging those spots), the restoration tool should at
the very least, have mentioned it. For example, when I use my ancient copy
of Partition Magic, if I move partition 3 from disk A to disk B, it puts
the partition in the third slot on disk B. And that's so the boot.ini
information
is still value. The information in a WinXP boot.ini contains an ARC path,
which is a string that says what partition to look at. If you restore a
partition, into the wrong slot, all that needs to be done, is edit boot.ini
to point to the correct place. I've done that a few times from a Linux
LiveCD
when I fouled that up with one of my "experiments". But there are other
ways
to do that as well.

The devil is in the details.

Depending on the importance of the various partitions on your system,
you'll either be able to "take a hammer to it", or move with more caution,
depending on what your final objectives are. For example, you might be able
to set up the system as "dual boot", by getting the Windows 7 restore CD
to fix up the booting. And then, add WinXP using bcdedit or EasyBCD, once
Windows 7 is running again. That effectively makes Windows 7 in control
of starting the boot process for either Windows 7 partition or WinXP
partition.

As an amateur, if I was working on this, the first thing I'd do is examine
the MBR with my hex editor, to better understand what's in there right now,
and whether it's the right material for the job. Using a Linux LiveCD for
the forensics stage of the problem, allows figuring out exactly what needs
to be fixed. (I can print the partition table using "fdisk" for example.)
Then, some fixes can be done from the WinXP installer CD, or some other
kinds
of fixes can be done from the Win7 installer CD or the Win7 recovery CD. So
with about three discs out of my collection, I could probably take a stab
at fixing it.

Paul

There's a facility that I keep mentioning in this group but get no
reaction to. I'm wondering if maybe it's not widely known about.

It's the Recovery Console that you get at boot time by using the F8 key.
During my recent battles with Win8 I discovered that you only get this
option from the boot menu screen, and that many people have the wait
time on a single-boot system set to zero and hence don't get the screen
shown. The answer is to give it a few seconds wait; Computer/
Properties/ Advanced System Settings/ Advanced tab/ Startup and
Recovery/ Time to display list of Operating Systems.

Ed

 

[Peter Foldes]

I broke my mobo and my HD. I've replaced them and installed win7 then
I restored an image of the broken drive.

All I got was this error message.

Does anyone know how I can overcome this?

Thank you

Same fix for Vista and WIN 7

http://xphelpandsupport.mvps.org/how_do_i_correct_an__ntldr_or_nt.htm

http://support.microsoft.com/kb/816793


JS

 

[Peter Foldes]

HI

Same fix for Vista and WIN 7

http://xphelpandsupport.mvps.org/how_do_i_correct_an__ntldr_or_nt.htm

http://support.microsoft.com/kb/816793

Sorry I forgot to add this one also which is easier fix

http://www.computerhope.com/issues/ch000465.htm

JS

 

[R. C. White]

Hi, Paul - and cbearfield.

Win7 does not use NTLDR at all, or even install it.

2) ...The Windows 7 "SYSTEM RESERVED" partition, is a small 100MB
partition, which contains boot related stuff. I think when you install
Windows 7, that partition is active and the boot flag should be on that
partition. The main Windows 7 C: partition, contains the rest of the OS
and files.

The existence of the "SYSTEM RESERVED" partition depends on HOW Win7 was
installed. On a virgin HDD, yes, Win7 Setup creates that partition. OEM
installations typically have this partition, and they often create another
hidden partition called something like "System Recovery", with files to
restore the computer to its factory-new condition. But when WinXP (or Vista
or another Win7 installation) already exists on that disk, Setup modifies
the existing System Partition, rather than create the new partition.

For a typical (?) dual-boot arrangement, where WinXP is already installed
and then Win7 is added, NTLDR, NTDETECT.COM and Boot.ini will stay in the
original System Partition. The Win7's startup file (bootmgr) and the
poorly-named C:\Boot folder (holding the BCD) will be added, and the MBR
will be revised to look first for bootmgr, rather than NTLDR. (Depending on
HOW Win7 is added to the WinXP computer, it may assign C: to its own Boot
Volume and refer to the System Partition as D:, although WinXP will still
call it C:.)

Whether in the old System Partition or in the new SYSTEM RESERVED partition,
Bootmgr will present the OS menu. If the user selects Win7, then NTLDR will
be ignored completely, along with all of WinXP's operating system files.
But if the user selects the "Earlier version..." of Windows, then bootmgr
will step back out of the way and load NTLDR, which will use Boot.ini to
find WinXP - as before - and all of Win7's \Windows folder will be ignored.

NTLDR will always be in the System Partition, never in a Boot Volume -
unless the Boot Volume for WinXP shares the System Partition (not an unusual
arrangement).

RC
--
R. C. White, CPA
San Marcos, TX
(e-mail address removed)
Microsoft Windows MVP (2002-2010)
Windows Live Mail 2011 (Build 15.4.3538.0513) in Win7 Ultimate x64 SP1


"Paul" wrote in message

HI

I broke my mobo and my HD. I've replaced them and installed win7 then
I restored an image of the broken drive.

All I got was this error message.

Does anyone know how I can overcome this?

Thank you

Me

My guess is:

1) The restoration overwrote the MBR. The MBR is the first sector on
the disk, and it consists of

446 bytes code
4*16 byte primary partition table
2 byte flag

When you install Windows 7, the "446 bytes code" is loaded with
details on the loader for Windows 7.

When you restore the MBR of some other setup, the 446 bytes could be
asking for NTLDR.

If all 512 bytes were overwritten, then the partition table would be
destroyed. And it doesn't sound like that happened (at least, I don't
see evidence in your posting). If only the 446 bytes got written,
then the partition table would be left alone. You can make fine
manipulations of the MBR, via a "read-modify-write" approach. That's
how you change 446 bytes out of the 512 bytes, and then put it back.

2) The MBR code has the option of searching for the partition that
has the boot flag set to active (0x80). The Windows 7 "SYSTEM RESERVED"
partition, is a small 100MB partition, which contains boot related
stuff.
I think when you install Windows 7, that partition is active and the
boot
flag should be on that partition. The main Windows 7 C: partition,
contains
the rest of the OS and files.

If the 446 bytes of code in the MBR are for WinXP, then it looks in the
active partition for NTLDR. The SYSTEM RESERVED that belongs to Windows
7
doesn't have an NTLDR, thus the error message.

To make it look in the new, restored WinXP partition, you'd move the
boot
flag to the WinXP partition. One way to do that, might be from a system
recovery command prompt, using a tool like "diskpart". There are other
ways to do that as well (I'd probably do it from Linux).

3) If the restored WinXP partition is in the wrong numerical partition slot
(because Windows 7 is hogging those spots), the restoration tool should
at
the very least, have mentioned it. For example, when I use my ancient
copy
of Partition Magic, if I move partition 3 from disk A to disk B, it puts
the partition in the third slot on disk B. And that's so the boot.ini
information
is still value. The information in a WinXP boot.ini contains an ARC
path,
which is a string that says what partition to look at. If you restore a
partition, into the wrong slot, all that needs to be done, is edit
boot.ini
to point to the correct place. I've done that a few times from a Linux
LiveCD
when I fouled that up with one of my "experiments". But there are other
ways
to do that as well.

The devil is in the details.

Depending on the importance of the various partitions on your system,
you'll either be able to "take a hammer to it", or move with more caution,
depending on what your final objectives are. For example, you might be able
to set up the system as "dual boot", by getting the Windows 7 restore CD
to fix up the booting. And then, add WinXP using bcdedit or EasyBCD, once
Windows 7 is running again. That effectively makes Windows 7 in control
of starting the boot process for either Windows 7 partition or WinXP
partition.

As an amateur, if I was working on this, the first thing I'd do is examine
the MBR with my hex editor, to better understand what's in there right now,
and whether it's the right material for the job. Using a Linux LiveCD for
the forensics stage of the problem, allows figuring out exactly what needs
to be fixed. (I can print the partition table using "fdisk" for example.)
Then, some fixes can be done from the WinXP installer CD, or some other
kinds
of fixes can be done from the Win7 installer CD or the Win7 recovery CD. So
with about three discs out of my collection, I could probably take a stab
at fixing it.

Paul

 

[Ed Cryer]

HI

I broke my mobo and my HD. I've replaced them and installed win7 then
I restored an image of the broken drive.

All I got was this error message.

Does anyone know how I can overcome this?

Thank you

Me

You haven't restored an image taken before you installed Win7, have you?

Ed

 

[cocker91]

My guess is:

1) The restoration overwrote the MBR. The MBR is the first sector on
the disk, and it consists of

446 bytes code
4*16 byte primary partition table
2 byte flag

When you install Windows 7, the "446 bytes code" is loaded with
details on the loader for Windows 7.

When you restore the MBR of some other setup, the 446 bytes could be
asking for NTLDR.

If all 512 bytes were overwritten, then the partition table would be
destroyed. And it doesn't sound like that happened (at least, I don't
see evidence in your posting). If only the 446 bytes got written,
then the partition table would be left alone. You can make fine
manipulations of the MBR, via a "read-modify-write" approach. That's
how you change 446 bytes out of the 512 bytes, and then put it back.

2) The MBR code has the option of searching for the partition that
has the boot flag set to active (0x80). The Windows 7 "SYSTEM RESERVED"
partition, is a small 100MB partition, which contains boot related stuff.
I think when you install Windows 7, that partition is active and the boot
flag should be on that partition. The main Windows 7 C: partition, contains
the rest of the OS and files.

If the 446 bytes of code in the MBR are for WinXP, then it looks in the
active partition for NTLDR. The SYSTEM RESERVED that belongs to Windows 7
doesn't have an NTLDR, thus the error message.

To make it look in the new, restored WinXP partition, you'd move the boot
flag to the WinXP partition. One way to do that, might be from a system
recovery command prompt, using a tool like "diskpart". There are other
ways to do that as well (I'd probably do it from Linux).

3) If the restored WinXP partition is in the wrong numerical partition slot
(because Windows 7 is hogging those spots), the restoration tool should at
the very least, have mentioned it. For example, when I use my ancient copy
of Partition Magic, if I move partition 3 from disk A to disk B, it puts
the partition in the third slot on disk B. And that's so the boot.ini
information
is still value. The information in a WinXP boot.ini contains an ARC path,
which is a string that says what partition to look at. If you restore a
partition, into the wrong slot, all that needs to be done, is edit boot.ini
to point to the correct place. I've done that a few times from a Linux
LiveCD
when I fouled that up with one of my "experiments". But there are other
ways
to do that as well.

The devil is in the details.

Depending on the importance of the various partitions on your system,
you'll either be able to "take a hammer to it", or move with more caution,
depending on what your final objectives are. For example, you might be able
to set up the system as "dual boot", by getting the Windows 7 restore CD
to fix up the booting. And then, add WinXP using bcdedit or EasyBCD, once
Windows 7 is running again. That effectively makes Windows 7 in control
of starting the boot process for either Windows 7 partition or WinXP
partition.

As an amateur, if I was working on this, the first thing I'd do is examine
the MBR with my hex editor, to better understand what's in there right now,
and whether it's the right material for the job. Using a Linux LiveCD for
the forensics stage of the problem, allows figuring out exactly what needs
to be fixed. (I can print the partition table using "fdisk" for example.)
Then, some fixes can be done from the WinXP installer CD, or some other
kinds
of fixes can be done from the Win7 installer CD or the Win7 recovery CD. So
with about three discs out of my collection, I could probably take a stab
at fixing it.

Paul

What a marvelous answer! I think that I understand it all.

I have learnt so mush from this. I am not a newbie and I have recovered
from NTLDR before for other people but now I am very old and I can't
remember how.

I can confirm that the Acronis True Image image that was restored to a
1Tb drive created its own partition successfully replicating the O/S
partition (about 40Gb). The partition is still there but I think that I
did overwrite the MBR. I always save the MBR on backing up.

I think the image on restore offers the option of not restoring the MBR.

I thank the repliers above but I have tried all six points and failed.

me

 

[cocker91]

You haven't restored an image taken before you installed Win7, have you?

Ed

No. It's pretty recent.

I've enjoyed this thread.

me

 

[Paul]

What a marvelous answer! I think that I understand it all.

I have learnt so mush from this. I am not a newbie and I have recovered
from NTLDR before for other people but now I am very old and I can't
remember how.

I can confirm that the Acronis True Image image that was restored to a
1Tb drive created its own partition successfully replicating the O/S
partition (about 40Gb). The partition is still there but I think that I
did overwrite the MBR. I always save the MBR on backing up.

I think the image on restore offers the option of not restoring the MBR.

I thank the repliers above but I have tried all six points and failed.

me

If you want to make progress, you need to identify what you've currently
got. It won't exactly be easy, and will depend on what OSes are working
right now, to do your forensics with.

This is a summary of the tools I might use for examining the partition table.
If you can take screenshots of things like this, it's faster than typing
it all in.

http://img12.imageshack.us/img12/5544/disks.gif

The primary partition table is stored in the MBR. There is also boot
code in there. The boot code will also cause a second chunk of boot
code (called the partition boot sector) to load. The partition boot
sector is loaded in the booting partition, and appears just before the
file system blocks.

*******

First, these are copies of the MBR, which is 512 bytes, and the executable
portion is near the front.

I make copies like this, with either Linux dd, or with the dd.exe port
available for Windows.

dd if=/dev/hda of=the_mbr.bin bs=512 count=1 # dd in Linux
# snapshot MBR

dd.exe if=\\?\Device\Harddisk0\Partition0 of=the_mbr.bin bs=512 count=1

# dd in Windows
# snapshot MBR

This is the Windows dd.exe

http://www.chrysocome.net/dd

This is an example of a Windows 7 MBR. I checked mine
and it looks similar, except my hex editor displays ASCII on the right
slightly differently. Note the TCPA which apparently is related
to checking for Trusted Computing capability. Maybe that's a convenient
differentiator.

http://thestarman.pcministry.com/asm/mbr/W7MBR.htm

Absolute Sector 0 (Cylinder 0, Head 0, Sector 1)

0 1 2 3 4 5 6 7 8 9 A B C D E F
0000 33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00 3.....|......|..
0010 06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00 .......Ph.......
0020 BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10 ....~..|........
0030 E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00 .....V.U.F...F..
0040 B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09 .A..U..]r...U.u.
0050 F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74 ....t..F.f`.~..t
0060 26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00 &fh....f.v.h..h.
0070 7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13 |h..h...B.V.....
0080 9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00 ............|.V.
0090 8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE .v..N..n...fas..
00A0 4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84 N.u..~..........
00B0 55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55 U2..V...]...>.}U
00C0 AA 75 6E FF 76 00[E8 8D 00 75 17 FA B0 D1 E6 64 .un.v....u.....d
00D0 E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75 ......`.|....d.u
00E0 00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54 .......f#.u;f..T <--- "TCPA"
00F0 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00 CPAu2....r,fh...
0100 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 .fh....fh....fSf
0110 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66 SfUfh....fh.|..f
0120 61 68 00 00 07 CD 1A]5A 32 F6 EA 00 7C 00 00 CD ah.....Z2...|...
0130 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4 ..............2.
0140 05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD ......<.t.......
0150 10 EB F2 F4 EB FD[2B C9 E4 64 EB 00 24 02 E0 F8 ......+..d..$...
0160 24 02 C3]49 6E 76 61 6C 69 64 20 70 61 72 74 69 $..Invalid parti
0170 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 tion table.Error
0180 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 loading operati
0190 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E ng system.Missin
01A0 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst
01B0 65 6D 00 00 00 63 7B 9A D4 34 A0 2E 00 00 80 20 em...c{..4.....
01C0 21 00 07 DF 13 0C 00 08 00 00 00 20 03 00 00 DF !.......... ....
01D0 14 0C 07 FE FF FF 00 00 00 00 00 00 00 00 00 00 ................
01E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............U.
0 1 2 3 4 5 6 7 8 9 A B C D E F

And this is a WinXP MBR from the same site. In the WinXP world, if
I screwed this up, I'd Google "fixmbr" for help.

Absolute Sector 0 (Cylinder 0, Head 0, Sector 1)

0 1 2 3 4 5 6 7 8 9 A B C D E F
0000 33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C 3.....|.P.P....|
0010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 ...PW...........
0020 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 8n.|.u..........
0030 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B ...It.8,t.......
0040 F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88 ..<.t...........
0050 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B N..F.s*.F..~..t.
0060 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 .~..t....u..F...
0070 46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB F...V...!.s.....
0080 BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 ..>.}U.t..~..t..
0090 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56 .......W.......V
00A0 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC .....r#..$?.....
00B0 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 C..........B..9V
00C0 0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C .w#r.9F.s......|
00D0 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A .N..V...sQOtN2..
00E0 56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD V......V.`..U.A.
00F0 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 .r6..U.u0...t+a`
0100 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A j.j..v..v.j.h.|j
0110 01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B .j..B....aas.Ot.
0120 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61 2..V.....a..Inva
0130 6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61 lid partition ta
0140 62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E ble.Error loadin
0150 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst
0160 65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61 em.Missing opera
0170 74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00 ting system.....
0180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01B0 00 00 00 00 00 2C 44 63 A8 E1 A8 E1 00 00 80 01 .....,Dc........
01C0 01 00 07 7F BF FD 3F 00 00 00 C1 40 5E 00 00 00 ......?....@^...
01D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............U.
0 1 2 3 4 5 6 7 8 9 A B C D E F

Now, I can use TestDisk, to look at the Partition Boot Sector.
Since the Partition Boot Sector is part of each bootable partition,
it's less likely to be damaged. Of course, if there's some kind of
misalignment, like a Partition Boot Sector looking for NTLDR on a
partition that doesn't have one, well that's not going to work.
TestDisk is available on many Linux LiveCDs, but can also be
downloaded and run in Windows. The interface looks the same in each.
If at any time, you don't like the options in the window and
want to quit, press control-c.

http://www.cgsecurity.org/wiki/TestDisk_Step_By_Step

If I use a copy of testdisk_win.exe, use the advanced file utilities, and
look at the partition boot sectors, I see this in my WinXP C: partition.
(I'd copy the whole thing, but don't know how to select the text...)

NTLDR is missing
Disk error
Press any key to restart

If I run the same thing on the Win7 laptop (using "Run as Administrator"),
check the SYSTEM RESERVED partition (which owns the "boot flag" on
my install), I see in the partition boot sector of that one

A disk read error occurred
BOOTMGR is missing
BOOTMGR is compressed
Press CTRL+ALT+DEL to restart

so I can tell that partition boot sector code is looking for Win7/Vista stuff.

What is also mildly interesting, is the larger C: partition
in that case (named "Acer" on my laptop), also seems to have a
partition boot sector with the same BOOTMGR messages in it. (And
I suppose that would be suitable for situations where the two
partitions had been installed as one.)

Now, if something were to overwrite the partition boot sector, that
could cause a mismatch. For example, if I wanted to gum up your
machine, I could boot a WinXP CD, use the recovery console,
execute "fixboot C:" and overwrite the partition boot sectors.
Now, the partition boot sector code will be asking for NTLDR, when
there isn't one on that partition.

On Windows 7, they have a recovery console as well, but the utilities
have different names like bootrec and bootsect and the like. But there
is also the "boot repair" item in the menu, before you even get there,
which is an automated attempt at fixing things. And it might
recognize that my SYSTEM RESERVED is marked Active (has the boot flag),
and has some Windows 7 boot files in it, and fix things up for me.
Once that's done though, there may be more work to do, to get
WinXP running again, as say, a dual boot option.

In any case, to make progress here, it would help at least,
to get a partition map. If I was doing something similar to
what you've done, I might end up with

First partition (recovery partition, to reload laptop to factory defaults)
Second partition SYSTEM RESERVED (marked active, boot flag = 0x80)
Third partition Win7 C: (label=ACER)
Fourth partition If I restored WinXP C:, it would go here, because
the fourth slot is the only one left.

Now, if after doing that, I were to run some kind of Win7 automatic
recovery, I suppose there is a risk it could try to modify partition
boot sectors, the MBR, and so on, to try to get Windows 7 to boot.

Then, once you had a map of the partitions, you'd proceed to look
at the MBR, look at the partition boot sectors of the things that
you expect to be booting, and so on.

That's the general approach I'd take.

I'm just an experimenter, and each step is an experiment. If you
wanted "recipes', the guys who do recipes here can oblige, but they
must be told exactly what your setup is. In my case, I know less
than them, and I work as forensically as I can, to try and figure
out what's happened, and then try and cook up a solution (not
necessarily a recipe, just some ideas).

*******

You can probably find a few more breadcrumbs, on Wikipedia.
In this example, Windows 7 is going to be similar to Vista.

http://en.wikipedia.org/wiki/Windows_Vista_startup_process

A problem with the articles, is getting them to trace the
entire process from end to end (without them skipping details
or options).

http://en.wikipedia.org/wiki/Windows_NT_Startup_Process

Paul

 

[Ed Cryer]

No. It's pretty recent.

I've enjoyed this thread.

me

I'm glad you're enjoying this. I'm wondering, though, if you're getting
anywhere with recovering your PC.
What stage are you at now?

 

[Ed Cryer]

On 18/10/2011 10:43, cocker91 wrote:

I'm glad you're enjoying this. I'm wondering, though, if you're getting
anywhere with recovering your PC.
What stage are you at now?

I'm also wondering if you are either Joe Cocker or you live in Cockermouth.

Ed