Moving Acer eRecovery to a new Harddisk
I was asked if I could analyze a defective Acer Notebook that took hours to boot or to reinstall Windows and fix the problem.
As it turned out, the harddisk was defective as I was able to verify in an external enclosure. The disk had an approx. transfer-Rate from 1-2MB/s, so veeeeery slow. When the problems started (with a BSOD), the owner tried to reinstall windows after backing up his data, so there wasn’t much left to save off the drive. So I ordered a new harddisk. But a I wanted to do a clean recovery and also preserve the original license and installation, I wanted to copy the hidden Acer eRecovery Partition (the application that starts up when you press ALT+F10 in BIOS) which is named PQSERVICE and can be found at the beginning of the drive. So the obvious step (as the drive was so slow) was to clone only that Partition to the new drive. That took approx. 8 hours but worked fine.
After cloning the drive, I put it back into the original PC to do the restoration with ALT+F10 an was greeted with the following error message from the Boot loader:
"A disk read error occurred. Press Ctrl+Alt+Del to restart"
Too bad, something must have gone awfully wrong here. So my first steps were to boot up a Windows 7 PE Image, unhide the partition (set ID from 27 to 7), doing bootcfg, fixmbr, fixboot, bootsect /nt60 to it etc. But nothing helped, I was always greeted with the same error message.
Being a bit frustrated after over 2 hours of messing around with it, I thought that I should probably compare the old and new drive with a disk editor on sector level and then I found the problem:
The PQSERVICE Partition started at sector 2048 on the original drive, whereas my Partition copying software put the Partition to sector 63 onto the new drive which is quite fine and logical, as there is no need to waste space on a new drive. HOWEVER the Partition boot record (PBR) still contained the Info from the old drive. To understand the issue, let’s have a look at the first 32 bytes of my NTFS boot record:
00000000:EB 52 90 4E 54 46 53 20 -20 20 20 00 02 08 00 00 .R.NTFS ........ 00000010:00 00 00 00 00 F8 00 00 -3F 00 FF 00 00 08 00 00 ........?.......
To get a description of these bytes, look i.e. at this site.
Interesting to me is offset 1C which contains the number of “hidden sectors”.
This is simply the number of sectors preceeding the boot record. Now my value is 0x800 which is 2048 as you can see. As the boot record on the new HDD resides in sector 63, this needs to be replaced with 3F 00 00 00.
So I did this et voilĂ : eRecovery booted again!
System programmer