In the first part, I prepared a FAT32 partition on a flash drive named “FLASH”, with room for Grub2. Note that I use Arch Linux' Grub2, which is very recent. You may have to adapt the commands to your situation with older versions of Grub2. I recommend you use at least Grub2 version 2.0, which has support for multiple initrd.

Next step is to mount and go inside the flash drive partition, then run the following commands. Let’s assume the flash drive’s device is /dev/sdb and its partition’s mount point is /media/FLASH:

cd /media/FLASH
mkdir .boot
grub-install --boot-directory=.boot --removable /dev/sdb

Note the location where Grub2 is installed: it is the whole drive, not the partition. Grub2 being installed, it will now be trimmed and adapted (I want the French keyboard; adapt to your needs):

cd .boot/grub
rm -rf themes
mv locale/
mv fonts/unicode.pf2
ckbcomp /usr/share/X11/xkb/symbols/fr | grub-mklayout -o
rm -rf locale fonts
mv locale

Now, I want some tools available in my Grub2 menu, namely ntpasswd, and HDT. First ntpasswd:

cd ..
mkdir nt140201
unzip initrd.cgz scsi.cgz vmlinuz -d nt140201
rm -f

Now HDT. The easiest way is to simply use the provided ISO file, which can be booted with the memdisk tool from the syslinux package (to be installed on your computer’s Linux OS):

wget -P hdt
cp /usr/lib/syslinux/bios/memdisk hdt/

Finally, let me create the Grub2 menu. I need to know the UUID for my FAT32 partition (if you went with NTFS, it works just the same, but be sure to change the filesystem-type module name in the grub.cfg file: “ntfs” instead of “fat”). The UUID can be found with the command ls -l /dev/disk/by-uuid/. In my case, I have to find the name of the symbolic link, the target of which is sdb1. Then I can reuse the value (in italics below):

cd grub
cat >grub.cfg <<-"THEEND"
set gfxmode=auto
set gfxpayload=keep
insmod part_msdos
insmod fat
insmod vbe
insmod vga
insmod keylayouts
insmod at_keyboard
insmod gfxterm
insmod gettext

search --no-floppy --fs-uuid --set=root 9EC8-C144
set locale_dir=($root)/.boot/grub/locale
set lang=fr_FR
keymap /.boot/grub/locale/fr.gkb
loadfont /.boot/grub/locale/unicode.pf2
terminal_input at_keyboard
terminal_output gfxterm

set timeout=10

# … here will come Linux, later …

menuentry "Offline Windows Passwords and Registry Editor" {
linux16 /.boot/nt140201/vmlinuz rw
initrd16 /.boot/nt140201/initrd.cgz /.boot/nt140201/scsi.cgz
menuentry "HDT: Check hardware" {
linux16 /.boot/hdt/memdisk iso
initrd16 /.boot/hdt/hdt-0.5.2.iso
menuentry "... Chainload disk 1 (usually the Linux boot loader)" {
set root=(hd1)
chainloader +1
menuentry "... Chainload disk 1 partition 1 (usually Windows)" {
set root=(hd1,1)
chainloader +1

The flash drive should now be able to boot and start the above tools. Next blog post will deal with the installation of the Linux operating system.


  • 2014-05-10 — New version of ntpasswd. Also, path for memdisk changed from /usr/lib/syslinux/ to /usr/lib/syslinux/bios/.