@madpilot makes

Repairing the Windows registry using Knoppix

Oh, what a fun Sunday morning I had. I wake up, chill out and go make myself some breakfast. At around 11, I decide to go and check my email. Turn on the laptop – Blue screen of death. Huh? Something about Windows not being able to load the SOFTWARE hive because it doesn’t exist or is corrupt. Oh crap.

OK. No need to panic. I try booting in Safe Mode. No sugar – same BSOD. Not good.  After a quick google, I find http://www.kellys-korner-xp.com/xp_sys32.htm which tells me that I can restore my SYSTEM and SOFTWARE hive to a clean state by booting into the recovery console. For those playing at home, there are a number of files located in the system32/config directory of your windows install that hold some fairly critical tid-bits of information, such as application settings and such. Without them, your computer doesn’t know what is installed, or how they should run.

Now we are getting somewhere, I think. So I boot into the recovery console. It is at this point that I realise that I don’t know my administrator password. It is also at this point that I realise that I cannot go any further without knowing my administrator password.

Some more googling and I find a number of applications that claim to be able to reset windows passwords from a bootable CD. I download a couple, but find them less than helpful – It would have been more productive for me to throw nerf balls at a number of post-it notes with letters on them, and entered the resulting characters in a megre attempt at a brute force attack.

It is at this point that I realise I should do something I should have done in the first place – I dropped my trusty Knoppix CD into the drive. Luckily, Knoppix 4.0 can mount and write to NTFS drives, so I could complete the steps in the above tutorial. This is what I did:

This mounts the windows drive to the /mnt/hda1 directory in full read/write mode. I needed to add the force option because I has rebooted XP incompletely and the Filesystem was complaining that I needed to run chkdsk.

Next I copied the /mnt/hda1/WINDOWS/repair/software to /mnt/hda1/WINDOWS/system32/config/software

After rebooting, and waiting the 30 minutes it takes for chkdsk to check everything, Windows was booting! Woohoo! Oh. not quite. All of my user settings were gone. And on closer inspection so where all of my program settings, and hardware settings – in fact Windows was denying all knowledge of any of my software. Whilst choking back tears (I really didn’t have time this week to re-install everything all over – I only did it a month ago) I tried to do a System Restore. Guess what? The registry clean out had hosed them as well. (A big thanks to Microsoft for putting this information in the registry, which is what you are trying to restore…)

Not to be deterred, I figured that the System Restore info would still have to be there somewhere, after all, it is saved as files in a hidden directory right? After a quick Google, I found out that my hypothesis was indeed correct via http://wiki.djlizard.net/SVI.

Booting back into Knoppix and mounting the drive again, I went into the System Volume Information directory. I had two  _restore{insert_stupid_amount_of_characters_here} in there. A quick ls -la gave me the older directory. In I went to a fairly recent RP folder and lo and behold I find the files that I needed. I copied them over (according to the tutorial) and voila! Everything was back up and running! God bless System Restore points. I want to glass the registry though.