0

For test or administration purposes, it can sometimes be required to reset the state of the system disk so that it does not start and the data is not easily accessible anymore, for instance to test installation procedures or prevent any OS to start and boot from an external installation media on the next boot. Especially with consumer PCs, it is very hard to stop the normal boot process when a system is installed, because it is not clear what key to press (I have seen ESC, F2, F8, F9, F10, F11, F12, Enter), how (short or long press), and at what time. Some tablet-like models even require to press a combination of special keys, like power or volume. In addition, UEFI systems behave differently than non-UEFI systems, adding to the complexity.

A quick way to do this would be to just delete the partition table from the running system.

On Linux, this can be achieved easily within a few seconds with two commands:

sudo dd if=/dev/zero of=/dev/sda bs=512 count=32
sudo sync

This prevents both UEFI and non-UEFI systems to boot on the next start. It also makes the data on the disk much harder to access and can even cause data loss, be warned.

I am not aware of any equivalent of dd on a standard Windows system. The high-level tool for partitioning on Windows do not allow this, for instance with diskpart:

> select disk 0
> clean

Virtual Disk Service error:
Clean is not allowed on the disk containing the current boot, system, pagefile, crashdump or hibernation volume.

So is there a way to "reset" the state of the system disk from a running Windows system?

Obviously, it is easy by booting from a different disk, but this takes much longer, and it may be impossible, for the reasons mentioned above.

Improve this question
11
  • 1
    There isn't a Windows equivalent, and it makes me wonder if you're trying to solve this the wrong way, maybe? If you just want to prevent the computer from booting Windows, present that question. The correct way to "clean" a current system disk on Windows is, as you already know, to boot to a different disk.
    – music2myear
    Commented Apr 15 at 17:45
  • Not that it helps.. but back in the day, I would change the partition type to something stupid.. and switch it back to what I wanted to accomplish what you are doing above with dd .. only with Linux fdisk or sfdisk and without destroying the table or MBR. In the dos days, I used Norton disk editor to accomplish this from the MS side of the wall.
    – Señor CMasMas
    Commented Apr 15 at 17:56
  • Are you looking perhaps for the Windows Sandbox ?
    – harrymc
    Commented Apr 15 at 18:07
  • 1
    @SeñorCMasMas I investigated in this direction indeed, in a more low-level way with HxD and writing the bytes interactively. On one system it succeeded, on the next one it failed due to permission errors. I am still hoping for a way as easy and reliable as the "dd" trick on Linux.
    – ocroquette
    Commented Apr 15 at 18:19
  • @harrymc I know the Windows Sandbox but I do not see how it can help. The situation is that I have a booting and running system and I want to get rid of it because I do not need it anymore and it only gets in the way. I want to go back to a state like no OS was ever installed on the hardware.
    – ocroquette
    Commented Apr 15 at 18:21

2 Answers 2

Reset to default
2

it is very hard to stop the normal boot process when a system is installed

UEFI systems have a different solution for that:

  • the "BootNext" variable that allows an OS to request booting into a different OS – that's what Windows uses when you Shift+reboot and select the "Choose another operating system" option; in most systems this will have generic options for "USB Removable Media" etc.

  • or the "OS indications" flag that requests opening the firmware setup screen on next boot, which can be set using shutdown /r /fw from Windows, or systemctl reboot --firmware from Linux.

I am not aware of any equivalent of dd on a standard Windows system.

The operation performed by dd is just a regular file write, so it can be replicated by any program that can write to files (including the one named dd for windows, or the other one, or the 'dd' from Cygwin).

What's actually needed is the equivalent of a device file such as /dev/sda on Windows, and that exists on all Windows NT versions (including Win11, WinXP, and so on) – a program can open \\.\PhysicalDrive0 and write bytes to it. (This is an alias for \\?\Device\Harddisk0\DR0, if I understand the relationship between the two namespaces correctly.)

So you can download a dd for Windows and dd if=garbage.txt of=\\.\PhysicalDrive0, or you can open the physical disk through a hex editor and edit it by hand.

But your dd of=/dev/sda bs=512 count=1 only overwrites the MBR, and most systems no longer care about the MBR; they read partitions from the GPT partition table that is after the MBR (34 sectors in total, plus a backup copy at the very end of the disk), and they load boot code from within a partition and not from the MBR as in the past. So you need to delete a bit more, and it's probably easier to use a partitioning tool such as sgdisk for that purpose.

Improve this answer
5
  • This is useful, thanks. I have updated the question to cover UEFI. With "standard Windows" , I meant without 3rd party tools. To be as simple as dd on Linux, one would also need an alternative to "garbage.txt" in your example. Maybe NUL or something similar?
    – ocroquette
    Commented Apr 16 at 5:47
  • I don't think there is an equivalent to /dev/zero, but fsutil can create blank files of the specified size and that might be enough. I suspect PowerShell could just do it using built-in .NET calls
    – grawity_u1686
    Commented Apr 16 at 6:03
  • 1
    I tried different dd variants and fsutil, none can write to the system disk, e.g. \\.\PhysicalDrive0. I assume this is due to a layer of protection in Windows.
    – ocroquette
    Commented Apr 16 at 19:32
  • I think it denies access to locations that belong to mounted partitions, but I was able to overwrite parts of the MBR and the GPT using HxD.
    – grawity_u1686
    Commented Apr 16 at 19:38
  • Yes, HxD is a way to do this. I was also successful with Cygwin and posted an answer with both options. I was hoping for a solution without 3rd party tools, but did not find any so far.
    – ocroquette
    Commented Apr 16 at 19:46
0

Recent versions of Windows (10, 11) have layers of protection to prevent direct modification of the disks or partitions used by the running system. Direct accesses to \\.\PhysicalDrive0 will fail, as well as high-level tools like diskpart.

There are at least two free 3rd party tools that will allow this.

HxD, a graphical editor. Open the relevant disk in write mode (the default is read-only), and fill the first 65536 bytes of the disk with zeroes.

Cygwin, a collection of GNU and opensource tools from the Unix/Linux world ported to Windows. Cygwin maps the Windows disks to Linux like devices. Start a Cygwin as Windows administrator and run:

$ cat /proc/partitions
major minor  #blocks  name   win-mounts

    8     0  41943040 sda
    8     1     51200 sda1
    8     2  41345575 sda2   C:\
    8     3    542720 sda3

$ dd if=/dev/zero of=/dev/sda bs=512 count=32

Both solutions will wipe the partition table, MBR or GPT, preventing the system to start on the next reboot.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .