Saturday, March 14, 2009

Windows XP - The registry cannot load the hive (file): \SystemRoot\System32\Config\SOFTWARE

This article is not for the faint of heart! It is very technical and may help those doing technical support out there. If you're in the 'normal user' category, I wouldn't suggest trying this yourself! You could totally kill your system!!

The problem:

You're getting the BSOD and a message indicating that a registry file is corrupt. There are a number of these messages and you may have found your way to the Microsoft knowledgebase article KB307545. This outlines a rather long winded and very convoluted procedure to try and effect a repair using the tools that Microsoft provides. It also requires (1) that it is not an OEM installed OS and (2) that you have an original XP dsk availble. This solution doesn't have either of those contraints!

The Solution:

What the KB article is all about is getting hold of the latest backed up set of registry files and replacing the broken ones with these. In order to do this you need to start up the machine using something like Ultimate Boot CD (search Google for UBCD or UBCD4Win) - anything that allows you to boot up the machine and get access to the file system.

The files you need are the ones which are saved during a restore point creation and can be found in a folder called something like...

C:\System Volume Information\_restore{B33F2D25-8664-459C-AE54-C8D699E59CB4}\RP180\snapshot

(RP180, for example, is the restore point you want to use - look at dates and times of the folders).

There are 5 files (registry hives) that you need to copy over and these are

_REGISTRY_USER_.DEFAULT
_REGISTRY_MACHINE_SECURITY
_REGISTRY_MACHINE_SOFTWARE
_REGISTRY_MACHINE_SYSTEM
_REGISTRY_MACHINE_SAM

They need to be copied to where the registry files live and this is C:\windows\system32\config.


Before replacing the old registry files (DEFAULT, SECURITY, SOFTWARE, SYSTEM and SAM) it's a good idea to move the old ones to a new folder somewhere or rename them (for example rename SAM as xSAM, etc) so you can go back to where you were if all goes belly-up!

Then rename the restored files to have the correct filenames, for example, rename _REGISTRY_MACHINE_SOFTWARE to be SOFTWARE.

And that's it! What you've done is perform a system restore without using Windows itself.

Of course, I've left out a lot of "how to" details that you ought to know already - like how to navigate through filig systes, copy and rename files, etc.. Like I said, this is a technical article and if you can't fill in the gaps yourself then you shouldn't be trying this!

Just one pointer though... if you're doing this from a Windows boot you may have problems getting into the "System Volume Information" folder because of access rights. If so, have a look at the Microsoft KB article KB309531 which describes ways (including use of CACLS) to get access.

0 Comments:

Post a Comment

<< Home