Didier Stevens has a great posting about a problem with SafeBoot that its drivers and services apparently need to enabled when booting into safe mode. Er, ok.
Here is a clip from his posting.
Here is a very simple service I programmed to test my idea. This service just writes a string to debug output every second. You can view the debug output with Sysinternal’s DebugView utility.
You install the service with this command (admin rights are needed to install services):
MySafeModeService -i
This will configure the Service Control Manager to automatically start MySafeModeService when the machine is booted (for now, the service is just installed, it is not started).
During the installation of the service, the following registry keys are created:HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMySafeModeService, Default = Service
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMySafeModeService, Default = ServiceThe HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot registry key is where all Safe Mode settings are persisted, deleting this key prevents you from booting into Safe Mode.
A great posting that I recommend you read over on Didier’s blog.
Tags: SafeBoot, Safe Mode, Encryption
