# Can we edit BCD file of Windows Mobile 10 ?



## TristanLeBoss (Apr 28, 2016)

Because of OneCore (the fact that all WIndows versions use the same core), the boot process of Windows Mobile 10 seems to work the same way as the desktop version.

In the EFIESP partition, there is a BCD file under ":\EFI\Microsoft\boot". This BCD file can be opened with Visual BCD (Easy BCD doesn't work with this one).

The content of the Xiaomi Mi4 BCD file is below.

Can we edit this this like we do on desktop version? If we can, we may be able to change the boot settings and add a new boot option...

Has someone tried it?


{bootmgr}
---------

ApplicationDevice	\Device\HarddiskVolume40()
ApplicationPath		\efi\boot\bootarm.efi
Description			Windows Boot Manager
PreferredLocale		en-US
InheritedObjects	{7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
iibrary_custom:0x1500007d	2
DefaultObject		{7619dcc9-fafe-11d9-b411-000476eba25f}
BootSequence		{01de5a27-8705-40db-bad6-96fa5187d4a6}
Timeout				0
DisplayBootMenu		False
bootmgr_custom:0x26000028	True
bootmgr_custom:0x26000031	True
CustomActionsList	281476184670209 1409286145 281476318887937 1409286146
oem_custom:			{0ff5f24a-3785-4aeb-b8fe-4226215b88c4}
oem custom:			{bd8951c4-eabd-4c6f-aafb-4ddb4eb0469b}

Loaders
-------

ApplicationDevice	\Device\HarddiskVolume40()
ApplicationPath		\windows\system32\boot\mobilestartup.efi
Description			Mobile Startup App
InheritedObjects	{6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
RecoverySequence	{311b88b5-9b30-491d-bad9-167ca3e2d417}
AutoRecoveryEnabled	True


ApplicationDevice	\Device\HarddiskVolume40()
ApplicationPath		\windows\system32\boot\ffuloader.efi
Description			FFU Loader (User Invoked)
InheritedObjects	{6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
unknown_app_element	True

ApplicationDevice	ramdisk=()\PROGRAMS\UpdateOS\UpdateOS.wim, {ae5534e0-a924466c-b836-758539a3ee3a}
ApplicationPath		\windows\system32\boot\winload.efi
Description			Windows Update OS (Boot from WIM)
InheritedObjects	{6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
OSDevice			ramdisk=()\PROGRAMS\UpdateOS\UpdateOS.wim, {ae5534e0-a924466c-b836-758539a3ee3a}
SystemRoot			\windows
loader_custom:0x250000c2	1
WinPEMode			True

ApplicationDevice	\Device\HarddiskVolume45()
ApplicationPath		\windows\system32\boot\winload.efi
Description			Windows Loader
PreferredLocale		en-US
InheritedObjects	{6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
DebuggerEnabled		False
OSDevice			\Device\HarddiskVolume45()
SystemRoot			\windows
loader_custom:0x250000c2	1
BootStatusPolicy	BootStatusPolicyIgnoreAllFailures
EmsEnabled			False

ApplicationDevice	\Device\HarddiskVolume40()
ApplicationPath		\windows\system32\boot\resetphone.efi
Description			Reset My Phone Application
InheritedObjects	{6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
unknown_app_element	True

Hibernate resumers
------------------

(empty)

Settings
--------

- {emssettings}

EmsEnabled	False

- {dbgsettings}

Description	Windows Debugger Settings

- {bootloadersettings}

InheritedObjects		{7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
DisplayAdvancedOptions	False
DisplayOptionsEdit		False

- {globalsettings}

InheritedObjects		{4636856e-540f-4170-a130-a84776f4c654} {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
library_custom:0x15000079	5000
library_custom:0x1500007d	2
library_custom:0x16000050	True
library_custom:0x16000068	True
library_custom:0x16000069	True
library_custom:0x1600006a	False
library_custom:0x16000072	True
library_custom:0x1600007a	True
unknown_app_element	BootStatusPolicyIgnoreAllFailures
unknown_app_element	7
unknown_app_element	90
unknown_app_element	0
unknown_app_element	True

Device options
--------------

- {ramdiskoptions}

Description:	Ramdisk Options
SdiDevice:		\Device\HarddiskVolume40()
SdiPath:		\boot\boot.sdi


----------



## boyans (Apr 28, 2016)

Can somebody send me by email a copy of this BCD file? 
(I am the developer of Visual BCD Editor (check for new version on boyans_dot_net) email => boyans dot gm at gmail dot com - thanks).
Cannot post links as not enough posts yet 

You can edit every BCD element, also unrecognized by name, as elements are edited by type (integer, string, path, device, etc.).

It would be useful to add to next version of Visual BCD Editor these "unrecognized" elements, so they are displayed with symbolic name which is usually descriptive enough for the purpose of the element (or at least gives some clue).


----------



## TristanLeBoss (Apr 28, 2016)

boyans said:


> Can somebody send me by email a copy of this BCD file?
> (I am the developer of Visual BCD Editor (check for new version on boyans_dot_net) email => boyans dot gm at gmail dot com - thanks).
> Cannot post links as not enough posts yet
> 
> ...

Click to collapse




Here is the file.


----------



## boyans (Apr 28, 2016)

TristanLeBoss said:


> Here is the file.

Click to collapse



Thanks for BCD file and quick replay! :good:


----------



## djamol (Apr 28, 2016)

TristanLeBoss said:


> Here is the file.

Click to collapse



Yes, It is almost similar as desktop BCD. Once you have disabled secure boot, then you can do whatever you want with device. 
You can bcd mounting phone as "Mass Storage Mode" or directly access through bcdedit.exe or through registry editing.



boyans said:


> Can somebody send me by email a copy of this BCD file?
> (I am the developer of Visual BCD Editor (check for new version on boyans_dot_net) email => boyans dot gm at gmail dot com - thanks).
> Cannot post links as not enough posts yet
> 
> ...

Click to collapse



Hi, good to see you here.  feeling happy ?
I'm also going to write bcd editor for phone. I'm interested.


----------



## TristanLeBoss (Apr 29, 2016)

djamol said:


> Yes, It is almost similar as desktop BCD. Once you have disabled secure boot, then you can do whatever you want with device.
> You can bcd mounting phone as "Mass Storage Mode" or directly access through bcdedit.exe or through registry editing.
> 
> 
> ...

Click to collapse



@djamol : it may be better to help boyans (join your forces) instead of starting Yet Another BCD Editor. Btw, is it possible to disable SecureBoot on any of the Lumia WP8/10 phones?

@boyans : how do you find out the meaning of the unknown properties? will you mind sharing your progress on this forum/topic (beta, ...)?


----------



## spavlin (Apr 29, 2016)

On ATIV S  10.0.10586.218:
bcdedit /store K:\EFIESP\efi\Microsoft\Boot\BCD /set {bootloadersettings} advancedoptions Yes






bcdedit /store K:\EFIESP\efi\Microsoft\Boot\BCD /set {globalsettings} offmodecharging Yes


----------



## ADeltaX (Apr 29, 2016)

@TristanLeBoss
Yes, is possible to disable secure boot on some lumia (all x2x devices except 1520) by using Windows Phone Internals developed by Heathcliff74
It's also possible to enable Mass storage mode by flashing and engineering SBL3.

On Lumia 920:
bcdedit /store K:\EFIESP\efi\Microsoft\Boot\BCD /set {bootloadersettings} advancedoptions Yes
it doesn't show nothing but with:
bcdedit /store K:\EFIESP\efi\Microsoft\Boot\BCD /set {bootloadersettings} optionsedit Yes
it show this:





Camera button press simulate the enter key


----------



## raghulive (Apr 29, 2016)

ADeltaX said:


> @TristanLeBoss
> Yes, is possible to disable secure boot on some lumia (all x2x devices except 1520) by using Windows Phone Internals developed by Heathcliff74
> It's also possible to enable Mass storage mode by flashing and engineering SBL3.
> 
> ...

Click to collapse



still there is no way for 1520 due to different bootloader,anyone had a away to do at-least for power off charging ?


----------



## spavlin (Apr 29, 2016)

ATIV S 10.0.10586.218
bcdedit /store K:\EFIESP\efi\Microsoft\Boot\BCD /set {default} bootmenupolicy legacy
The selection is made the volume buttons (VOL +, VOL -, Camera - Enter)
bcdedit /store K:\EFIESP\efi\Microsoft\Boot\BCD /set {bootloadersettings} advancedoptions Yes





















View attachment ntbtlog.txt


----------



## TristanLeBoss (Apr 30, 2016)

Really interesting. Thanks to this, we may be able to find out why some phones bootloop with new RS updates.

Enable boot logging... maybe we can also even prevent reboot on error and display the blue screen instead?


----------



## boyans (May 16, 2016)

TristanLeBoss said:


> @djamol : it may be better to help boyans (join your forces) instead of starting Yet Another BCD Editor. Btw, is it possible to disable SecureBoot on any of the Lumia WP8/10 phones?
> 
> @boyans : how do you find out the meaning of the unknown properties? will you mind sharing your progress on this forum/topic (beta, ...)?

Click to collapse



The symbolic name of an element as defined by Microsoft can be taken from  "bcdsrv.dll" in system32.
Microsoft documentation is really poor!
Every Windows version has its own (new and different) definition file.
Most unrecognized elements seem specific to WP.
I don't have a WP but should get some model for experiments 
In the meantime could you attach a copy of WP "bcdsrv.dll" here?

Currently solving problems with my website, seems somebody/ies is/are trying to hack (as with every other website I suppose).  Have to tighten security and resource protection.


----------



## TristanLeBoss (May 16, 2016)

boyans said:


> The symbolic name of an element as defined by Microsoft can be taken from  "bcdsrv.dll" in system32.
> Microsoft documentation is really poor!
> Every Windows version has its own (new and different) definition file.
> Most unrecognized elements seem specific to WP.
> ...

Click to collapse



This file doesn't exist. I searched for "bcd" on all partitions but only found one "bcd.dll" under MainOS:\Windows\System32

I attached it to this reply. Tell me if it's the right file.


----------



## TristanLeBoss (May 16, 2016)

Here are the "bcd.dll" from the Hololens (x86) emulator and the Windows Mobile 10 (x86) emulator.

Are you sure "bcdserv.dll" is supposed to exist or named this way under Windows 10? Because I can't find it in those 3 images...


----------



## spavlin (Jun 19, 2016)




----------



## lukjok (Jun 19, 2016)

spavlin said:


>

Click to collapse



Nice! But how did you edited the SystemStartOptions key?


----------



## BlueTR (Jun 19, 2016)

Is there any way to edit bcd file over SFTP?
I cannot change or copy it.


----------



## djamol (Jul 1, 2016)

BlueTR said:


> Is there any way to edit bcd file over SFTP?
> I cannot change or copy it.

Click to collapse



Yes, deploy few testing update packages on device.
Like tshell.spkg etc from wpblue 8.1


----------



## spavlin (Jul 1, 2016)

Qualcomm MMC Storage => Edit BCD => Select Menu => SystemStartOptions key change
Menu 10.0.10586 :
http://forum.xda-developers.com/showpost.php?p=66604194&postcount=10
Menu 10.0.143xx (Working on 10586) :
http://forum.xda-developers.com/showpost.php?p=67389214&postcount=15


----------



## spavlin (Sep 3, 2017)

Windows Boot Application (1020000a)
-----------------------------------
identifier                        {01de5a27-8705-40db-bad6-96fa5187d4a6}
device                           partition=\Device\HarddiskVolume87
path                              \windows\system32\boot\mobilestartup.efi
description                     Mobile Startup App
inherit                           {bootloadersettings}
recoverysequence           {311b88b5-9b30-491d-bad9-167ca3e2d417}
*recoveryenabled         Yes
enablebootdebugpolicy    Yes
enablebootorderclean      Yes
enabledeviceid                Yes
enableffuloader               Yes
enableiuloader                Yes
enablemassstorage          Yes
enablerpmbprovisioning   Yes
enablesecurebootpolicy    Yes
enablestartcharge           Yes
enableresettpm              Yes*

*||*

*[HKEY_LOCAL_MACHINE\BCD00000001\Objects\{01de5a27-8705-40db-bad6-96fa5187d4a6}\Elements\16000009]
"Element"=hex:01
[HKEY_LOCAL_MACHINE\BCD00000001\Objects\{01de5a27-8705-40db-bad6-96fa5187d4a6}\Elements\26000145]
"Element"=hex:01
[HKEY_LOCAL_MACHINE\BCD00000001\Objects\{01de5a27-8705-40db-bad6-96fa5187d4a6}\Elements\26000146]
"Element"=hex:01
[HKEY_LOCAL_MACHINE\BCD00000001\Objects\{01de5a27-8705-40db-bad6-96fa5187d4a6}\Elements\26000147]
"Element"=hex:01
[HKEY_LOCAL_MACHINE\BCD00000001\Objects\{01de5a27-8705-40db-bad6-96fa5187d4a6}\Elements\26000148]
"Element"=hex:01
[HKEY_LOCAL_MACHINE\BCD00000001\Objects\{01de5a27-8705-40db-bad6-96fa5187d4a6}\Elements\26000149]
"Element"=hex:01
[HKEY_LOCAL_MACHINE\BCD00000001\Objects\{01de5a27-8705-40db-bad6-96fa5187d4a6}\Elements\2600014a]
"Element"=hex:01
[HKEY_LOCAL_MACHINE\BCD00000001\Objects\{01de5a27-8705-40db-bad6-96fa5187d4a6}\Elements\2600014b]
"Element"=hex:01
[HKEY_LOCAL_MACHINE\BCD00000001\Objects\{01de5a27-8705-40db-bad6-96fa5187d4a6}\Elements\2600014c]
"Element"=hex:01
[HKEY_LOCAL_MACHINE\BCD00000001\Objects\{01de5a27-8705-40db-bad6-96fa5187d4a6}\Elements\2600014d]
"Element"=hex:01
[HKEY_LOCAL_MACHINE\BCD00000001\Objects\{01de5a27-8705-40db-bad6-96fa5187d4a6}\Elements\2600014e]
"Element"=hex:01*


----------



## ShepardAlex (Sep 4, 2017)

Is there any way to unlock bootloader on newer builds?Just asking)


----------



## Ferrybigger (Sep 6, 2017)

spavlin said:


> Windows Boot Application (1020000a)
> -----------------------------------
> identifier                        {01de5a27-8705-40db-bad6-96fa5187d4a6}
> device                           partition=\Device\HarddiskVolume87
> ...

Click to collapse



Can u give us a reg file to import that ?


----------



## spavlin (Sep 6, 2017)

; bootmenupolicy	0 = Legacy	1 = Standard
[HKEY_LOCAL_MACHINE\BCD00000001\Objects\{7619dcc9-fafe-11d9-b411-000476eba25f}\Elements\250000c2]
"Element"=hex:00,00,00,00,00,00,00,00

; displaybootmenu
[HKEY_LOCAL_MACHINE\BCD00000001\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\26000020]
"Element"=hex:00

; timeout
[HKEY_LOCAL_MACHINE\BCD00000001\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\25000004]
"Element"=hex:00,00,00,00,00,00,00,00

*10.0.14393.xxx ONLY*
; nx	0 = OptIn	1 = OptOut	2 = AlwaysOff	3 = AlwaysOn
[HKEY_LOCAL_MACHINE\BCD00000001\Objects\{7619dcc9-fafe-11d9-b411-000476eba25f}\Elements\25000020]
"Element"=hex:00,00,00,00,00,00,00,00

; advancedoptions * ! 10.0.14393.xxx ONLY !*
[HKEY_LOCAL_MACHINE\BCD00000001\Objects\{7619dcc9-fafe-11d9-b411-000476eba25f}\Elements\16000040]
"Element"=hex:01

[HKEY_LOCAL_MACHINE\BCD00000001\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\16000040]
"Element"=hex:01

; nointegritychecks
[HKEY_LOCAL_MACHINE\BCD00000001\Objects\{7619dcc9-fafe-11d9-b411-000476eba25f}\Elements\16000048]
"Element"=hex:01

[HKEY_LOCAL_MACHINE\BCD00000001\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\16000048]
"Element"=hex:01

; testsigning
[HKEY_LOCAL_MACHINE\BCD00000001\Objects\{7619dcc9-fafe-11d9-b411-000476eba25f}\Elements\16000049]
"Element"=hex:01

[HKEY_LOCAL_MACHINE\BCD00000001\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\16000049]
"Element"=hex:01


----------



## ShepardAlex (Sep 7, 2017)

Soft-bricked my phone with this reg. Lumia 540. Rebricked with WDRT(I wanted to do it tomorrow) What am I doing wrong? =)


----------



## spavlin (Sep 9, 2017)

ShepardAlex said:


> Soft-bricked my phone with this reg. Lumia 540. Rebricked with WDRT(I wanted to do it tomorrow) What am I doing wrong? =)

Click to collapse


use with 10.0.14393.xxx ONLY
SORRY
-------------------------------------

View attachment ntbtlog_15063.txt


----------



## marianodelfino (Feb 11, 2018)

ADeltaX said:


> @TristanLeBoss
> Yes, is possible to disable secure boot on some lumia (all x2x devices except 1520) by using Windows Phone Internals developed by Heathcliff74
> It's also possible to enable Mass storage mode by flashing and engineering SBL3.
> 
> ...

Click to collapse



Can you guide me on how to reach here?


----------



## marianodelfino (Feb 11, 2018)

spavlin said:


> ; bootmenupolicy	0 = Legacy	1 = Standard
> [HKEY_LOCAL_MACHINE\BCD00000001\Objects\{7619dcc9-fafe-11d9-b411-000476eba25f}\Elements\250000c2]
> "Element"=hex:00,00,00,00,00,00,00,00
> 
> ...

Click to collapse



Would this work in 15254.158? Do i need bootloader unlocked for this?


----------

