Current version

v1.10.4 (stable)

Navigation

Main page
Archived news
Downloads
Documentation
   Capture
   Compiling
   Processing
   Crashes
Features
Filters
Plugin SDK
Knowledge base
Contact info
Forum
 
Other projects
   Altirra

Search

Archives

01 Dec - 31 Dec 2013
01 Oct - 31 Oct 2013
01 Aug - 31 Aug 2013
01 May - 31 May 2013
01 Mar - 31 Mar 2013
01 Feb - 29 Feb 2013
01 Dec - 31 Dec 2012
01 Nov - 30 Nov 2012
01 Oct - 31 Oct 2012
01 Sep - 30 Sep 2012
01 Aug - 31 Aug 2012
01 June - 30 June 2012
01 May - 31 May 2012
01 Apr - 30 Apr 2012
01 Dec - 31 Dec 2011
01 Nov - 30 Nov 2011
01 Oct - 31 Oct 2011
01 Sep - 30 Sep 2011
01 Aug - 31 Aug 2011
01 Jul - 31 Jul 2011
01 June - 30 June 2011
01 May - 31 May 2011
01 Apr - 30 Apr 2011
01 Mar - 31 Mar 2011
01 Feb - 29 Feb 2011
01 Jan - 31 Jan 2011
01 Dec - 31 Dec 2010
01 Nov - 30 Nov 2010
01 Oct - 31 Oct 2010
01 Sep - 30 Sep 2010
01 Aug - 31 Aug 2010
01 Jul - 31 Jul 2010
01 June - 30 June 2010
01 May - 31 May 2010
01 Apr - 30 Apr 2010
01 Mar - 31 Mar 2010
01 Feb - 29 Feb 2010
01 Jan - 31 Jan 2010
01 Dec - 31 Dec 2009
01 Nov - 30 Nov 2009
01 Oct - 31 Oct 2009
01 Sep - 30 Sep 2009
01 Aug - 31 Aug 2009
01 Jul - 31 Jul 2009
01 June - 30 June 2009
01 May - 31 May 2009
01 Apr - 30 Apr 2009
01 Mar - 31 Mar 2009
01 Feb - 29 Feb 2009
01 Jan - 31 Jan 2009
01 Dec - 31 Dec 2008
01 Nov - 30 Nov 2008
01 Oct - 31 Oct 2008
01 Sep - 30 Sep 2008
01 Aug - 31 Aug 2008
01 Jul - 31 Jul 2008
01 June - 30 June 2008
01 May - 31 May 2008
01 Apr - 30 Apr 2008
01 Mar - 31 Mar 2008
01 Feb - 29 Feb 2008
01 Jan - 31 Jan 2008
01 Dec - 31 Dec 2007
01 Nov - 30 Nov 2007
01 Oct - 31 Oct 2007
01 Sep - 30 Sep 2007
01 Aug - 31 Aug 2007
01 Jul - 31 Jul 2007
01 June - 30 June 2007
01 May - 31 May 2007
01 Apr - 30 Apr 2007
01 Mar - 31 Mar 2007
01 Feb - 29 Feb 2007
01 Jan - 31 Jan 2007
01 Dec - 31 Dec 2006
01 Nov - 30 Nov 2006
01 Oct - 31 Oct 2006
01 Sep - 30 Sep 2006
01 Aug - 31 Aug 2006
01 Jul - 31 Jul 2006
01 June - 30 June 2006
01 May - 31 May 2006
01 Apr - 30 Apr 2006
01 Mar - 31 Mar 2006
01 Feb - 29 Feb 2006
01 Jan - 31 Jan 2006
01 Dec - 31 Dec 2005
01 Nov - 30 Nov 2005
01 Oct - 31 Oct 2005
01 Sep - 30 Sep 2005
01 Aug - 31 Aug 2005
01 Jul - 31 Jul 2005
01 June - 30 June 2005
01 May - 31 May 2005
01 Apr - 30 Apr 2005
01 Mar - 31 Mar 2005
01 Feb - 29 Feb 2005
01 Jan - 31 Jan 2005
01 Dec - 31 Dec 2004
01 Nov - 30 Nov 2004
01 Oct - 31 Oct 2004
01 Sep - 30 Sep 2004
01 Aug - 31 Aug 2004

Stuff

Powered by Pivot  
XML: RSS feed 
XML: Atom feed 

§ I hate Windows

After a long day of video game debauchery with a friend, I shut down my laptop, drove home, and then turned it on to check something quickly before going to bed, only to see the following after login:

Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights.

DETAIL - The configuration registry database is corrupt. for C:Documents and SettingsAthenantuser.dat

Windows XP then proceeded to rename my profile and log me in with a temporary profile, in which of course all Windows settings were reverted to "stupid" and none of my applications were configured.

The Registry is one of my biggest #&($ing reasons why I hate Windows. It's a single point of failure with a huge amount of critical system information and if it breaks you get absolutely no clues about what broke or how to fix it because it's a huge binary file.

I searched the web using my desktop computer and Usenet repeatedly with Google on this problem with no luck. For some reason the NT Registry hive format is not documented by Microsoft, there are no tools to handle the file format directly besides the OS (which obviously won't load the hive), and every time someone asked what the format was they either got back "use the Win32 Registry API" or "Why would you want to know that." And, of course, all searches for a recovery strategy led to clones of the same page describing how to restore from a backup. Gee, thanks, but I would like to recover a profile more recent than last month.

It looked like I'd have to fix it myself, so I loaded up the registry file into WinVi32 and quickly discovered that it began with "2egf" instead of "regf," but even after repairing that Regedit still failed to load the hive. Hmm. Eventually, I discovered that Samba 4.x contains a command-line utility called editreg that dumps the contents of registry hive files, so I quickly ported the C code from Unix to Win32 -- basically changing mmap() to MapViewOfFile() -- and dumped the registry file. Sure enough, except for a couple of keys using XP-specific formats, it managed to dump out the entire registry hive's contents. The basic structure of the hive had to be OK, so started comparing the header description in the editreg source code to the actual data in the file, since not all of the fields were validated....

Somehow, Windows XP had managed to write out the "regf" ID incorrectly as "2egf" and set the header checksum to match. Wonderful. Fixing both at the same time allowed XP to load the hive and I was back in business. Given that '2' and 'r' are only separated by a flipped bit 6, my guess is that I had a single bit error in the kernel shortly before logoff.

Problems like this are the reason that keeping small amounts of data like configuration data in text format and in multiple files is a good idea. If something goes wrong an advanced user has a chance of fixing it and at worst only a program or two is hosed, not the entire user profile. Also, you can guess the format of a text file, whereas there are an infinite number of ways to write binary formats in unintuitive or obscure patterns, and most of the time programmers are lazy and never document their binary formats. I am a big fan of efficiency, but surely my WinAmp configuration in the Registry isn't a critical path and doesn't need to be loaded all of the time. I can only wonder what the heck Microsoft was thinking when they put almost all of a user's configuration into one 4MB+ file with no rolling backup and no recovery tools.

Oh, and by the way, don't tell me to switch to Linux or MacOS. Having used both, I already have my reasons for not doing so, despite the above.

Comments

Comments posted:


Gosh. Winblows Xtra Problems finds all kinds of ways to mess things up. Computers are supposed to make life *easier.* Why they don't slow down and make a reliable system instead of a more complicated system with every new release is beyond me.
But for problems like this, where I'm not capable of performing a repair of this kind, I use GoBack. It can revert your hard drive to the last time you booted the system.

Brian Young - 07 11 04 - 08:22


ODBC, DCOM, RUSHMORE, SQL, DIRECTX, HAL .... How many kind of junks M$ put into the OS?

How M$ develop Windows? Why didn't they learn from their lessons?

A COMPUTER is suspose to listen our voice and did everything for us! Now everything reversed.

Optimizr! - 07 11 04 - 08:59


FWIW I've had similar prob a few times...
I try to set a base restore point every day or so, (restore works in safe mode), and even kept win98 SE as dual boot just to restore portions of my xp install from backup.

Got paranoid after a few incidents where xp activation files got screwed up. Firewall prevented going online until xp loaded, which it wouldn't, and only alternative seemed to be calling MS for new codes, except I'm near deaf and can't use the phone.

re: PCs listening to their master's voice, mine do, and promptly get even.

mike - 07 11 04 - 10:07


Wow, I would have never been able to fix such a problem. Still, what a waste of time.

BacMan (link) - 07 11 04 - 10:19


Would you like to create a page of why you dislike Linux and MacOS? I don't know if it's a good idea, since you'll probably get a lot of flames if you do, but I'm really curious, and after all, you get the flames, not I ;)

Greek0 - 07 11 04 - 12:11


Though you don't need it right now anymore, I know that there is a teenyweeny bit of info on the data format of the registry files in 'Inside Windows 2000' by David Solomon and Mark Russinovich. Perhaps worth a look.

Robert - 07 11 04 - 14:02


Hmm... Fixing the 6th bit don't look like a great mistery, once you realize that's the deal. My question is how the hell you found out where the checksum was, it's size and how it's calculated!
If it isn't too much trouble, please tell me!

NAjA (link) - 07 11 04 - 22:26


reason to not use Linux:

1 - You're a Gamer , FarCry , Doom3 etc...
2 - DirectX
3 - compatibility with your Hardware
4 - 80% of the world uses WINDOWS, that's why software is written for WINDOWS 1st.
5 - not everyone is a coder/programmer, so the word PORTING is bulls#@t.

Miss angelina and mr kokhead are 60 years old, wanna chat with their sons on MSN MESSENGER , will they use LINUX?

think about it ;)

one last thing, WINXP SP2 , people say it's microsoft fault for their problem since it came out SP2 , i used the FINAL release from day 1 , NOT A SINGLE HITCH or PROBLEM, actually PC perform better.

eat your heart out.

flame me anytime, i wont be checking this place anyway, so i won't be hurt of any "bad" word anyone may say ....HEHEHE.

BYE BYEEEEE

AlphaHow (link) - 07 11 04 - 23:26


True, the only thing worse than WINNT is.... anything else. But experiences like that do make you want a Unix (or whatever) fileserver to keep your goodies in...

Current User - 08 11 04 - 01:24


Some time ago, when I was migrating from Win98SE to WinXP, I had the same "stupid default user" problem, but only 2 day after the first installation. Then, I fortunely decided to switch to Win2K.

Now, I am using Win2K+SP4 without any major problems and I feel it is 'solid' and much more stable. Mainly, I think WinXP as a Win2K with a lot of superfluous 'decorations' that attempt against stability.

My son suffered the same experience some time ago, then he switched to Win2K too and he is happy with the decision.

Greetings from Sudacaland... (and sorry for my English)

ChelOis - 08 11 04 - 05:50


That is one hell of a horific story, friend.

To think that you had to port the utility from samba unix to windows just to get to grips with your registry, and then managed to decipher the header error/checksum error, well that is plain old heroic. My hatís off to you.

Ro

Ro (link) - 08 11 04 - 06:28


I completely agree with you about the registry being really really stupid. I loved the way Windows 3.1 made everybody use their own .ini files for settings, therefore only modifying something "Windowsish" when absolutely necessary. Now all it takes is one app to miswrite something and boom...there goes the the neighborhood. I had a registry disaster on my Win95 box awhile back and ended up doing a re-format/re-install since I'm not that into kernels and binary code. I'm a web developer so I see hex-code and that's about it. =)

You do great work, especially on VDub, so you definitely know what's going on. If you'd asked me how to fix your problem, I'd have said go look for a registry backup somewhere. They exist in the bowels....but nobody knows where. As ChelOis said..."My Hat's off to you!" Great job.

(My guess is Longhorn makes the registry all the more complex and "better" haha. Maybe MS should start using a MySQL Database instead of their own proprietary junk...)

Matthew (link) - 08 11 04 - 10:50


Ummm.....Needless to say, I'm impressed. On a side note, mind posting that port of editreg? ^_^ I'm not sure of the legality of that, but.....I HATE when my registry fails.

Whatever the case, I wouldn't have gone to that much trouble, but I'm impressed with your determination to retrieve your registry. This is why I keep backups around. ;)

AVubUser - 08 11 04 - 11:59


Hi Avery and Everyone reading this :-)

I can only sympathise with you over the problems of registry fragility. I agree, it is a MAJOR failing.

I also agree with the comments here about XP. I'm extremely disappointed with XP - it basically appears to me to be a case of:

'Take a good base OS (the NT kernel) and in a matter of months, reduce it to near ruins :-('

From NT4.0 onwards the development from Microsoft seems to have centred almost entirely on 'bells and whistles' that look good on the sales brochure, and very little effort in the speed and stability of the underlying core kernel code. The end users are paying the price for this so called ' development' with an exponetially increasing OS footprint, ever decreasing speed and a shocking lack of stability.

Win2k appears now (after 4 SPs and innumerable hotfixes) to be reasonably stable and ready for the mainstream, but I'm really starting to wonder whether XP will EVER get there. It appears that each time Microsoft plugs a security hole / bug they create 5 new ones in the process.

Microsoft have the technical term of 'Infinite Defects' to describe this situation, and it has happened before. Have a read of 'Microsoft Secrets' by Michael A. Cusumano and Richard W. Selby (ISBN 0 00 638778 0) for a very interesting history of Microsoft and how it writes code. The term 'Infinite Defects' comes up several times in the index.

I'm still on NT4 here. Even though Microsoft have done their level best to try and kill this OS, it still lives on. It has actually been a quite concerted campaign too - if you check the product lifecycle page at http://www.microsoft.com you will discover that NT4 has the SHORTEST OS lifecycle on record for the company.

I for one do not intend to let it die whilst it still has a useful contribution to make in the world of computing. We are now entering the self-help era for NT4 and I've set up a web site at http://nt4ref.zcm.com.au with as much information as I can gather on the current state of play for this OS. Everyone is welcome to contribute anything they find that may be useful for other NT4 users.

To ensure that I'm not completely 'off-topic' here - VirtualDub runs very nicely under NT4.0 workstation. I WOULDN'T be without it. GREAT WORK AVERY, keep it coming. (when your copy of XP will co-operate and allow it :-)

All the Best,

Calvin.

Calvin (link) - 08 11 04 - 18:45


Being technically minded, and facing similiar situations I have found several answers.
First of all if you have system restore turned on, your in luck. With every system restore
point a copy of the registry is sorted. You need to view the contents of the
"System Volume Information" folder, and the folder is specially protected. You may or
may not have to "take ownership" of the folder.

-------------------------------------------------------------------------------------
Then go into the folder named _restore{stupid-really-long-hex-number}. Inside you will find a sequence of
folders named RP with a number like RP1,RP2,RP3, ...RP153
Each ones is a seperate restore point, generally it is advisable to use the highest or second
hightest number, or one dated the day before the crash. Go into that folder, and finally into a folder called snapshot.
The final path should be like:
C:System Volume Information_restore{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}RP234snapshot
------------------------------------------------------------------------------
You'll see a sequence of files named:
_REGISTRY_MACHINE_SAM
_REGISTRY_MACHINE_SECURITY
_REGISTRY_MACHINE_SOFTWARE
_ REGISTRY_MACHINE_SYSTEM, and many others.
The one your interested in is named similair to:
_REGISTRY_USER_NTUSER_S-1-5-20 or _REGISTRY_USER_NTUSER_S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxx-xxxx
The key *tell* is the file size and date. Internal system accounts should be about 500k, actual accounts should be
at least 2000k, if not more. Also they should have the most current date and time of alnost any other file.
Use "date modified", and not "date created".
------------------------------------------
Step 1 Copy the one that you think is it into the "C:Documents and Settings" folder.
Step 2 Rename the file _REGISTRY_USER_NTUSER.......... to a filenamed ntuser.dat
Step 3 Then you can't replace a active registry file so log off, and login as the administrator.
TIP: If you normally login as the administrator create a new administrative user and login.
Step 4 Next go into the folder within "documents and settings" that has your login as the directory name.
TIP: Crazy people delete files, experts rename just incase.
Step 5 Rename ntuser.dat ntuser2.dat
Step 6 copy ntuser.dat that you placed in "documents and settings" to "documents and settingsusername"
Step 7 It will ask you if you want to overwrite the file, say yes.
TIP: NTFS file system may have additional security issues, and you may have to take ownership of file and/or folder
Step 8 Log off
Step 9 Login as orginal user, and poof all your settings are back.

You are now restored.

Note: If account is now broken, you'll be glad you renamed that file!!!!
Simply login to some other administrative account, and rename ntuser.dat to ntuser3.dat
Then rename ntuser2.dat to ntuser.dat, and log off. Then login the other account, and you'll
be back where you were. Go back before step 1, select a different file and try again.
----------------------------------------------------------------------------
Eventually you'll get the right file, and you're system will be restored.
Lets say windows won't boot, your still not "out of luck"
Boot off WIN XP CD (no you're NOT going to re-install windows)
Select Recovery Console
Select 1 (unless you have multiple copies WIN XP installed)
enter the adminstrators password.
Note: Basically your at a limited DOS prompt
Do all the step above, but remember your using short filenames!!!!!!!!!
"System Volume Information" is system~1
"-restore{xxxxxxxxxxxx" is _resto~1
"snapshot" is snapsh~1
etc
the full command: (except for changing the 234 after RP234 to whatever number
you determine is before the crash.)
cd C:System~1_resto~1RP234snapshot
-----------------------------------------------------
Tip: If you're using NTFS you may have to clear a restriced file system
flag with special bootdisk to gain access to "System Volume Information"
------------------------------------------------------
If damage is more serious, the folder has back copies of all the regtistry files.
for instance:
MACHINE_REGISTRY_SYSTEM is a file called system in the c:windowssystem32config MACHINE_REGISTRY_SOFTWARE is a file called software in the c:windowssystem32config
------------------------------------------------------------------------------

To prevent this from happening again use ntbackup.
However, only to backup the "system state data"
This procedure updates the copy of the registry stored in c:windowsrepair
You can deleted whatever file ntbackup generated.

Then when something bad happens you can use the copy of the registry in the
repair folder to do a recovery.

tech - 09 11 04 - 18:14


this posting mechcanish deleted all the slashes
out of my post.
For instance
C:System~1_resto~1RP234snapshot
--------
should be
C:*slash*System~1*slash*_resto~1*slash*RP234*slash*snapshot
replacing *slash* for the slash NOT on the key that also contzins the question mark.

tech - 09 11 04 - 18:52

Comment form