Mounting the BCD Store as a Registry Hive

Before looking at ways of mounting or editing a BCD store let's take a closer look at the system BCD store to see how it's handled in regedit. If a system BCD store is open there will be a HKEY_LOCAL_MACHINE\BCD00000000 key -

The following is BCDEdit output for the system BCD store (this is a Windows 7 (SP1) installation on a system with BIOS firmware) -

The HKEY_LOCAL_MACHINE\BCD00000000 key exported as a registry file (.reg) can be seen here.

The screenshot below shows the same store as seen in regedit with the HKEY_LOCAL_MACHINE\BCD00000000\Objects key expanded -

This BCD store contains the following Objects (listed as GUID and Object type) -

Now if we expand the HKEY_LOCAL_MACHINE\BCD00000000\Objects\{3afd365b-4349-11e3-b0da-a722f0df0a34} key we can see the elements for the {3afd365b-4349-11e3-b0da-a722f0df0a34} object (in this case the Windows 7 Operating System settings) -

The elements listed under this key correspond to the CODE column in the Objects and Elements section of this guide -

The Description key for the {3afd365b-4349-11e3-b0da-a722f0df0a34} object shows the object Type as a hex value -

This corresponds to the CODE column in the Objects section of the Objects and Elements page. In this example 0x10200003 is a /application osloader object.

Mount a BCD Store

If a system store is in use if will already have been mounted as the HKEY_LOCAL_MACHINE\BCD00000000 key. It's possible to mount other BCD stores in regedit using the File > Load hive... menu option.

Alternatively use reg.exe from the commandline.

Edit a Mounted BCD Store

It may not be possible to manually edit a mounted BCD store in regedit - it depends on which operating system you are using. forum member Wonko the Sane reports that he was able to do so using Windows XP (SP2). My own attempts on a Windows 7 system failed -

The following (from may explain why -

"If you examine the permissions of the BCD00000000 branch, you’ll see that it has Full Control set for the SYSTEM account, but the administrators group has Special permissions which is just Read-Only plus WriteDac which grants the ability to set permissions. (You may need to click the [Advanced] button because the basic dialog indicates that SYSTEM has Special access as well, but the Advanced Security Settings dialog shows it correctly set to Full Control.) When you run Regedit (which requires elevated privileges), it runs under the context of your user-account and gets the administrator-group permissions, thus you cannot write to it. When you use the bcdedit command, it runs under the SYSTEM account context which has write permissions. If you enable the User Name column in the Task Manager, you can see that Regedit is run by your user account and bcdedit is run by SYSTEM."

Despite issues with regedit it is possible to edit a mounted BCD store using reg.exe - this is covered in the Device - Locate section of these notes.