how i saved my windows xp installation with knoppix

so its true. the difference between a 'digital native' and a 'digital immigrant' is the amount of information that they contribute to the world. I absolutely hate having to wade through google searches to find an answer to my problems, so I try to post here about some of my tech adventures (even though it might be nerdy) hoping that one day a spider would come and crawl/index it and provide answers to people for the same questions I couldn't find answers to!

So I tried to upgrade the ATI Radeon drivers on my Windows machine for my old video card (thinking it would improve performance! hah! no.) but I could not get Direct3d to work for my ol' Radeon 9500. After the 26 or so re-boots fiddling with the hardware, the hardware connections and the hardware drivers, something finally happened to my Windows XP OS partition. It got fried.

I tried to boot up, but after the BIOS loaded I would get the error: Windows XP could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM You can try to repair this file by starting the Windows Setup program from original floppies or boot from CD-ROM. Select 'r' at first screen to repair

I did searches all over the internets to fix my problem, that of a corrupt WindowsXP SYSTEM registry, which caused my XP installation to not boot. Microsoft has a whole knowledge base article about this exact issue! Well, thats fine... just load up your version of XP from a CD (or floppy) and hit 'r' to repair, just like it says. Wait, except I have a SATA drive... and there is no native SATA drivers for those on the Windows XP CD! So Windows XP install CD does not see a valid drive with Windows on it to repair!


I love this install of Windows, this drive has been with me since pre-Service Pack 1 days. Lots of tweaks (which caused the problem?) and lots of customization has made it unlike any other windows install I've used over the years. I wasn't about to just re-image the drive after backing up the data.

So I gave Knoppix a try. For those that don't know what it is, it is a Linux Live CD (meaning you run Linux from RAM and swap space) and supposedly contains lots of windows repair utilities. Booting it up, it had no problem seeing the SATA drives, booted into the OS and everything was fine. I was using the newest version, version 5.1.

I found the backup system registry 'hive' files at /System Volume Information/_restore/[Text String] and copied them to the desktop. Renamed them to be the operational one, but the Knoppix disk would not let me write back to the hard drive!

There is a problem with NTFS. The NTFS file system is a Microsoft proprietary OS whose protocols have been reverse engineered by the open source community. There are a couple different ways to make the NTFS formatted hard disk available.

mount -t ntfs /dev/hda1 /mnt/c

Which is the approximate default command in the /etc/fstabBut this command only allows the NTFS disk to be read, since the mount command (even with the -rw option) doesn't allow NTFS partitions to be written to. Everywhere on the internets talks about this, that there could be problems with corruption if users were allowed to write directly to the file system using the mount command. So I couldn't fix the registry hive this way.

So I went into alternate mounting techniques to allow the partition to be written to. Supposedly there is a program called CaptiveNFS (captive-ntfs) that is available on older versions of Knoppix, but wasn't availiable on 5.1. So I downloaded Knoppix 3.6, only to find out that CaptiveNFS wasn't supported any longer and did not work with Windows XP SP2. Shucks, again.

The problem, of course, was information overload.

Of course, Knoppix 5.1 came with utilities to write to an NTFS partition, it is noted as being the distro that allows users to recover windows partitions! There are two utilities: ntfschdsk, ntfsmount that do what I need: check the disk for corruption (and auto-correct things if it can) and mount the NTFS partition to write.

Running ntfschdsk I received:

CHKDSK is verifying indexes (stage 2 of 3) Deleting index entry .DEFAULT in index $I30 od file 30. 73 percent completed.

So at least one entry was corrupt on the disk. Not a problem though, remount the partition with ntfsmount command. Then went into the previous registry save state and copied the following files DEFAULT, SAM, SECURITY, SOFTWARE, SYSTEM from /System Volume Information/_restore/[Text String] (where Text String is some naming auto-archiving naming convention) to the /windows/system32/config directory, overwriting the corrupted hive files.

Reboot the machine, the machine reads in the non-corrupted backup Registry Hives. Instant (instant being over the course of 3 days) success!

Hopefully, someone finds this post on the 5th page of google searches and finds what they need.

Originally written 12/10/2007 - finally posted 03/10/2008!


Anonymous said…
thanks for the above explanation....Im sure it benefited someone as it did to me....thanks again!
Anonymous said…
nice write up.

Popular posts from this blog

CSS Templates and Blog Spam

my foray into xmlrpc - calling perl from java

gmail chat