The kernel you build must be signed or it will not load. As a side note, also many core DLLs must be singed like cfgmgr32.dll for instance. They are checked by smss.exe early in boot, and will cause your system to bugcheck (with 0xc000021a aka STATUS_SYSTEM_PROCESS_TERMINATED) if they are not signed. Also, how is the build signed? If it is PRS signed build, you will need to install the test signing certificate to the target if you want to run a test signed kernel. Make sure these environment variables are set.
set NT_SIGNCODE=1
set NT_SIGNCODE_PH=1
Your kernel and HAL need to match. This may also be case with other components like ACPI, etc. but these are less likely to cause you problems. You should just always build replace the kernel and the HAL together.
The are found in c:\windows\system32\ and are called:
x86
ntkrpamp.exe
halmacpi.dll
=or=
AMD64
ntkrnlmp.exe
hal.dll
You can just clobber them, and reboot, but your system will probably just bugcheck. I would suggest replacing them with alternative names. Try the following:
reagentc /disable
bcdedit /bootdebug on
bcdedit /set BootStatusPolicy IgnoreAllFailures
bcdedit /set testsigning yes
bcdedit /set kernel mykernel.exe
bcdedit /set hal myhal.dll
Likewise, you should setup up a KD on the target so you can see what bugchecks you are seeing. Ex:
bcdedit /dbgsettings 1394 channel:1
But, what if you forgot one of these steps and now your machine is in a bugcheck loop that you can't debug? You can add them temporarily by pressing F10 to while the Windows boot manager is running, and you can add them in as boot options.
If you need to change the kernel and the PC will not boot. You can simply change the kernel or HAL offline using WinPE. There are lots of ways to get into WinPE, so I won't describe them here.
Handy tip: here is the command to see what drive is mounted as what in WinPE
wmic LOGICALDISK LIST BRIEF
Handy tip: here is the command to see what drive is mounted as what in WinPE
wmic LOGICALDISK LIST BRIEF
Hopefully this was a handy refresher!
No comments:
Post a Comment