Monthly Archives: March 2008

how i saved my windows xp installation with knoppix

so its true. the difference between a ‘digital native‘ and a ‘digital immigrant’ is the amount of information that they contribute to the world. I absolutely hate having to wade through google searches to find an answer to my problems, so I try to post here about some of my tech adventures (even though it might be nerdy) hoping that one day a spider would come and crawl/index it and provide answers to people for the same questions I couldn’t find answers to!

So I tried to upgrade the ATI Radeon drivers on my Windows machine for my old video card (thinking it would improve performance! hah! no.) but I could not get Direct3d to work for my ol’ Radeon 9500. After the 26 or so re-boots fiddling with the hardware, the hardware connections and the hardware drivers, something finally happened to my Windows XP OS partition. It got fried.

I tried to boot up, but after the BIOS loaded I would get the error:

Windows XP could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM
You can try to repair this file by starting the Windows Setup program from original floppies or boot from CD-ROM.
Select 'r' at first screen to repair

I did searches all over the internets to fix my problem, that of a corrupt WindowsXP SYSTEM registry, which caused my XP installation to not boot. Microsoft has a whole knowledge base article about this exact issue! Well, thats fine… just load up your version of XP from a CD (or floppy) and hit ‘r’ to repair, just like it says. Wait, except I have a SATA drive… and there is no native SATA drivers for those on the Windows XP CD! So Windows XP install CD does not see a valid drive with Windows on it to repair!

Damn.

I love this install of Windows, this drive has been with me since pre-Service Pack 1 days. Lots of tweaks (which caused the problem?) and lots of customization has made it unlike any other windows install I’ve used over the years. I wasn’t about to just re-image the drive after backing up the data.

So I gave Knoppix a try. For those that don’t know what it is, it is a Linux Live CD (meaning you run Linux from RAM and swap space) and supposedly contains lots of windows repair utilities. Booting it up, it had no problem seeing the SATA drives, booted into the OS and everything was fine. I was using the newest version, version 5.1.

I found the backup system registry ‘hive’ files at /System Volume Information/_restore/[Text String] and copied them to the desktop. Renamed them to be the operational one, but the Knoppix disk would not let me write back to the hard drive!

There is a problem with NTFS. The NTFS file system is a Microsoft proprietary OS whose protocols have been reverse engineered by the open source community. There are a couple different ways to make the NTFS formatted hard disk available.


mount -t ntfs /dev/hda1 /mnt/c

Which is the approximate default command in the /etc/fstabBut this command only allows the NTFS disk to be read, since the mount command (even with the -rw option) doesn’t allow NTFS partitions to be written to. Everywhere on the internets talks about this, that there could be problems with corruption if users were allowed to write directly to the file system using the mount command. So I couldn’t fix the registry hive this way.

So I went into alternate mounting techniques to allow the partition to be written to. Supposedly there is a program called CaptiveNFS (captive-ntfs) that is available on older versions of Knoppix, but wasn’t availiable on 5.1. So I downloaded Knoppix 3.6, only to find out that CaptiveNFS wasn’t supported any longer and did not work with Windows XP SP2. Shucks, again.

The problem, of course, was information overload.

Of course, Knoppix 5.1 came with utilities to write to an NTFS partition, it is noted as being the distro that allows users to recover windows partitions! There are two utilities: ntfschdsk, ntfsmount that do what I need: check the disk for corruption (and auto-correct things if it can) and mount the NTFS partition to write.

Running ntfschdsk I received:


CHKDSK is verifying indexes (stage 2 of 3)
Deleting index entry .DEFAULT in index $I30 od file 30.
73 percent completed.

So at least one entry was corrupt on the disk. Not a problem though, remount the partition with ntfsmount command. Then went into the previous registry save state and copied the following files DEFAULT, SAM, SECURITY, SOFTWARE, SYSTEM from /System Volume Information/_restore/[Text String] (where Text String is some naming auto-archiving naming convention) to the /windows/system32/config directory, overwriting the corrupted hive files.

Reboot the machine, the machine reads in the non-corrupted backup Registry Hives. Instant (instant being over the course of 3 days) success!

Hopefully, someone finds this post on the 5th page of google searches and finds what they need.

Originally written 12/10/2007 – finally posted 03/10/2008!

The Internets Is Scary Sometimes

Sometimes, you think that you are covered on the internets (all of them!), but then I get an email like this to my primary account:

As a courtesy, we are notifying you that XXXXXX users have found the following accounts for you:

   Flickr tmarthal on Flickr
   Digg tmarthal on Digg
   MySpace birddog on MySpace
   Picasa marthaler on Picasa

If you would like to make these accounts private, please
change the privacy settings on the original network and
XXXXXX will update its search results to reflect your changes.

To find your friends on XXXXXX, signup now.

I removed the company that sent the email, not sure that I want to encourage this type of email and account harvesting.

The point is, that someone, somewhere has correlated my different accounts on my various networks to my single email signon. Someone, somewhere knows my that the articles dugg on digg are associated with the pictures that I post on flikr! So, when I don’t post anything, they can check my pictures to find out what I was doing!

They missed twitter, delicious, slashdot, facebook and this blog though! And all of my troll accounts! Thats tood to know that there is some anonymity!