Modern Windows bootloaders include several security layers to prevent malware (like rootkits) from infecting the startup process:
If you’d like a deeper look at the UEFI boot manager’s interaction with BCD or writing a minimal chainloader with GNU-EFI instead of EDK2, let me know.
EFI_STATUS Status; EFI_LOADED_IMAGE_PROTOCOL *LoadedImage; EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *Volume; EFI_FILE_PROTOCOL *Root, *File; EFI_DEVICE_PATH_PROTOCOL *FilePath; EFI_HANDLE BootMgrHandle; bootloader for windows 10
This requires reverse-engineering internal interfaces and is for real use.
// Open our own loaded image protocol to get device handle Status = gBS->HandleProtocol(ImageHandle, &gEfiLoadedImageProtocolGuid, (VOID**)&LoadedImage); if (EFI_ERROR(Status)) return Status; // Get device path of the file Status
Microsoft optimized the boot process significantly in Windows 10 compared to Windows 7.
// Get device path of the file Status = gBS->HandleProtocol(LoadedImage->DeviceHandle, &gEfiDevicePathProtocolGuid, (VOID**)&FilePath); if (EFI_ERROR(Status)) return Status; if (EFI_ERROR(Status)) return Status
// Bootloader.c #include <Uefi.h> #include <Library/UefiLib.h> #include <Library/UefiBootServicesTableLib.h> #include <Protocol/LoadedImage.h> #include <Protocol/SimpleFileSystem.h>
[org 0x7c00] start: mov si, msg call print hlt