So I have a computer with 2 bootable Windows partitions. However, only one is a "boot" partition and the second OS partition is seemingly indistinguishable from a regular data partition. Is there anyway to tell regardless of OS, without searching for specific files like ntdll.dll?
Example parted output
Disk Flags
Number Type File system Flags
1 primary ntfs boot
2 extended
3 logical ntfs
The boot flag of a partition present or not is a thing, the actual booting process has also a boot path component, is that what you are looking for ?!
So I have a computer with 2 bootable Windows partitions. However, only one is a "boot" partition and the second OS partition is seemingly indistinguishable from a regular data partition. Is there anyway to tell regardless of OS, without searching for specific files like ntdll.dll?
Example parted output
Disk FlagsNumber Type File system Flags
1 primary ntfs boot
2 extended
3 logical ntfs
Well, it simply doesn't work the way you imagine, there are bootloaders, bootmanagers (that can also be embedded in the MBR), all partitions are "regular" data partitions.
The boot partition (i.e. the primary one with the flag 80 that is actually "active" in MBR speak) which MS call (the opposite of anyone else) "system" and the "system" partition (what MS calls "boot"), see here for a quick review
http//
may also contain NO operating system and be used only as a "booting bridge" to the actual "system" partition (or to another Operating System inside a "container" such as a .iso, a .vhd, etc.).
The presence of ntdll.dll or of any system file or file structure means nothing, it could be a disk where (for *whatever*reasons) a whole copy of the \Windows\ directory on another partition has been ,made (or a backup has been expanded).
The BIOS/MBR booting for a Windows system goes this way
1) BIOS loads first absolute sector of chosen "boot" disk
2) the code in this first sector (the MBR) usually loads the first sector of the primary partition marked as "active" (or "boot" or anyway with flag 0x80)
3) the code in this first sector of the volume usually loads the bootmanager/bootloader
4) the bootmanager/bootloader usually is either NTLDR or BOOTMGR
5) the bootmanager/bootloader loads a configuration file (for NTLDR it is usually BOOT.INI, for BOOTMGR it is usually \boot\BCD) and then
6) depending on the settings in this configuration file the bootmanager/bootloader usually loads one (or the other, or yet another) Windows NT instance (that again can be "flat" inside a volume or inside a "container"
Every time you see usually in the above, it means that there is at least one (actually often many) different behaviours that are possible, inserting in the sequence "special" code or bootmanagers.
In practice there is no way to determine if an OS install (or what looks like an OS install) is actually bootable without attempting to boot it and/or examining its logs (and Registry, and filesystem, etc.) to find out if it was ever booted and when, and there is always the possibility, even on what appears as a single OS booting machine that there is another "alternative" OS instance "hidden" somewhere.
jaclaz