@madpilot makes

Repairing the Windows registry using Knoppix

Oh, what a fun Sunday morning I had. I wake up, chill out and go make myself some breakfast. At around 11, I decide to go and check my email. Turn on the laptop – Blue screen of death. Huh? Something about Windows not being able to load the SOFTWARE hive because it doesn’t exist or is corrupt. Oh crap.

OK. No need to panic. I try booting in Safe Mode. No sugar – same BSOD. Not good.  After a quick google, I find http://www.kellys-korner-xp.com/xp_sys32.htm which tells me that I can restore my SYSTEM and SOFTWARE hive to a clean state by booting into the recovery console. For those playing at home, there are a number of files located in the system32/config directory of your windows install that hold some fairly critical tid-bits of information, such as application settings and such. Without them, your computer doesn’t know what is installed, or how they should run.

Now we are getting somewhere, I think. So I boot into the recovery console. It is at this point that I realise that I don’t know my administrator password. It is also at this point that I realise that I cannot go any further without knowing my administrator password.

Some more googling and I find a number of applications that claim to be able to reset windows passwords from a bootable CD. I download a couple, but find them less than helpful – It would have been more productive for me to throw nerf balls at a number of post-it notes with letters on them, and entered the resulting characters in a megre attempt at a brute force attack.

It is at this point that I realise I should do something I should have done in the first place – I dropped my trusty Knoppix CD into the drive. Luckily, Knoppix 4.0 can mount and write to NTFS drives, so I could complete the steps in the above tutorial. This is what I did:

  1. ntfsmount /mnt/hda1 -o dev=/dev/hda1,umask=0007,force

This mounts the windows drive to the /mnt/hda1 directory in full read/write mode. I needed to add the force option because I has rebooted XP incompletely and the Filesystem was complaining that I needed to run chkdsk.

Next I copied the /mnt/hda1/WINDOWS/repair/software to /mnt/hda1/WINDOWS/system32/config/software

After rebooting, and waiting the 30 minutes it takes for chkdsk to check everything, Windows was booting! Woohoo! Oh. not quite. All of my user settings were gone. And on closer inspection so where all of my program settings, and hardware settings – in fact Windows was denying all knowledge of any of my software. Whilst choking back tears (I really didn’t have time this week to re-install everything all over – I only did it a month ago) I tried to do a System Restore. Guess what? The registry clean out had hosed them as well. (A big thanks to Microsoft for putting this information in the registry, which is what you are trying to restore…)

Not to be deterred, I figured that the System Restore info would still have to be there somewhere, after all, it is saved as files in a hidden directory right? After a quick Google, I found out that my hypothesis was indeed correct via http://wiki.djlizard.net/SVI.

Booting back into Knoppix and mounting the drive again, I went into the System Volume Information directory. I had two  _restore{insert_stupid_amount_of_characters_here} in there. A quick ls -la gave me the older directory. In I went to a fairly recent RP folder and lo and behold I find the files that I needed. I copied them over (according to the tutorial) and voila! Everything was back up and running! God bless System Restore points. I want to glass the registry though.

4 comments

  1. Thank you for blogging. I found your comments on google. It gives me hope. I didn't try nothing, I let my kids try to boot windows on the laptop numerous times. Boot on a loop!! Talk about nuts. At least I started with the right attitude, I immediately downloaded Knoppix and started up the laptop. I've found some viral indications, but it isn't letting me do nothing (read/write). At least I now know that I will be able to thanks to info people like you share with the rest of us. I know nothing of systems administration as of yet, i got my trusty Linux Bible but barely have cracked open the title page. I did know enough to chase down Knoppix. Like my standing as an experienced virus-ware destroyer... next week I'll be able to say I can restore a system for real. Not just in theory, eh! Unfortunately, I only learn the good stuff as Need Determines Necessity for Knowledge. I'm learning quickly. thanks again.
  2. Hello,

    i have knoppix 5.1.& have been trying to get windows xp to boot up. i have tried what you stated you did, but i must be doing something wrong. can you tell me in simple steps how to do this repair?



    Thank-You
  3. Hi Dee,



    You should really only be using this fix if you know what you are doing as you can seriously break things (Mind you, if you are at this stage, it probably won't break any further)



    What problems are you having? With out knowing the symptoms, your problem is kind of hard to diagnose.
  4. Pingback: Recovering from a Windows crash using Knoppix (or, “Things I Never Thought I Would Need to Know”) « A ferromagnetic domain

Leave a comment