Before looking at ways of mounting or editing a BCD store let's take a closer look at the system BCD store to see how it's handled in regedit. If a system BCD store is open there will be a HKEY_LOCAL_MACHINE\BCD00000000 key -
The following is BCDEdit output for the system BCD store (this is a Windows 7 (SP1) installation on a system with BIOS firmware) -
The HKEY_LOCAL_MACHINE\BCD00000000 key exported as a registry file (.reg) can be seen here.
The screenshot below shows the same store as seen in regedit with the HKEY_LOCAL_MACHINE\BCD00000000\Objects key expanded -
This BCD store contains the following Objects (listed as GUID and Object type) -
{9dea862c-5cdd-4e70-acc1-f32b344d4795} - Windows Boot Manager
{3afd365b-4349-11e3-b0da-a722f0df0a34} - Windows Boot Loader (OS)
{3afd365c-4349-11e3-b0da-a722f0df0a34} - Windows Boot Loader (WinRE)
{3afd365a-4349-11e3-b0da-a722f0df0a34} - Resume from Hibernate
{b2721d73-1db4-4c62-bf78-c548a880142d} - Windows Memory Tester
Now if we expand the HKEY_LOCAL_MACHINE\BCD00000000\Objects\{3afd365b-4349-11e3-b0da-a722f0df0a34} key we can see the elements for the {3afd365b-4349-11e3-b0da-a722f0df0a34}object (in this case the Windows 7 Operating System settings) -
The elements listed under this key correspond to the CODE column in the Objects and Elements section of this guide -
The Description key for the {3afd365b-4349-11e3-b0da-a722f0df0a34}object shows the objectType as a hex value -
This corresponds to the CODE column in the Objects section of the Objects and Elements page. In this example 0x10200003 is a /application osloaderobject.
Mount a BCD Store
If a system store is in use if will already have been mounted as the HKEY_LOCAL_MACHINE\BCD00000000 key. It's possible to mount other BCD stores in regedit using the File > Load hive... menu option.
Alternatively use reg.exe from the commandline.
reg load HKLM\_My_BCD C:\boot\BCD - load the C:\boot\BCD store as HKLM\_My_BCD
reg unload HKLM\_My_BCD - unload HKLM\_My_BCD
Edit a Mounted BCD Store
It may not be possible to manually edit a mounted BCD store in regedit - it depends on which operating system you are using. reboot.pro forum member Wonko the Sane reports that he was able to do so using Windows XP (SP2). My own attempts on a Windows 7 system failed -
Attempting to manually overwrite a mounted BCD store resulted in the following error - "Cannot edit Element: Error writing the value's new contents."
Attempting to import/merge a .reg file to overwrite a mounted BCD store resulted in the following error - "Cannot import: *.reg: Not all data was successfully written to the registry. Some keys are open by the system or other processes."
"If you examine the permissions of the BCD00000000 branch, you’ll see that it has Full Control set for the SYSTEM account, but the administrators group has Special permissions which is just Read-Only plus WriteDac which grants the ability to set permissions. (You may need to click the [Advanced] button because the basic dialog indicates that SYSTEM has Special access as well, but the Advanced Security Settings dialog shows it correctly set to Full Control.)
When you run Regedit (which requires elevated privileges), it runs under the context of your user-account and gets the administrator-group permissions, thus you cannot write to it. When you use the bcdedit command, it runs under the SYSTEM account context which has write permissions. If you enable the User Name column in the Task Manager, you can see that Regedit is run by your user account and bcdedit is run by SYSTEM."
Despite issues with regedit it is possible to edit a mounted BCD store using reg.exe - this is covered in the Device - Locate section of these notes.
