Current version

v1.10.4 (stable)

Navigation

Main page
Archived news
Downloads
Documentation
   Capture
   Compiling
   Processing
   Crashes
Features
Filters
Plugin SDK
Knowledge base
Contact info
 
Other projects
   Altirra

Archives

Blog Archive

I hate Windows

After a long day of video game debauchery with a friend, I shut down my laptop, drove home, and then turned it on to check something quickly before going to bed, only to see the following after login:

Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights.

DETAIL - The configuration registry database is corrupt. for C:Documents and SettingsAthenantuser.dat

Windows XP then proceeded to rename my profile and log me in with a temporary profile, in which of course all Windows settings were reverted to "stupid" and none of my applications were configured.

The Registry is one of my biggest #&($ing reasons why I hate Windows. It's a single point of failure with a huge amount of critical system information and if it breaks you get absolutely no clues about what broke or how to fix it because it's a huge binary file.

I searched the web using my desktop computer and Usenet repeatedly with Google on this problem with no luck. For some reason the NT Registry hive format is not documented by Microsoft, there are no tools to handle the file format directly besides the OS (which obviously won't load the hive), and every time someone asked what the format was they either got back "use the Win32 Registry API" or "Why would you want to know that." And, of course, all searches for a recovery strategy led to clones of the same page describing how to restore from a backup. Gee, thanks, but I would like to recover a profile more recent than last month.

It looked like I'd have to fix it myself, so I loaded up the registry file into WinVi32 and quickly discovered that it began with "2egf" instead of "regf," but even after repairing that Regedit still failed to load the hive. Hmm. Eventually, I discovered that Samba 4.x contains a command-line utility called editreg that dumps the contents of registry hive files, so I quickly ported the C code from Unix to Win32 -- basically changing mmap() to MapViewOfFile() -- and dumped the registry file. Sure enough, except for a couple of keys using XP-specific formats, it managed to dump out the entire registry hive's contents. The basic structure of the hive had to be OK, so started comparing the header description in the editreg source code to the actual data in the file, since not all of the fields were validated....

Somehow, Windows XP had managed to write out the "regf" ID incorrectly as "2egf" and set the header checksum to match. Wonderful. Fixing both at the same time allowed XP to load the hive and I was back in business. Given that '2' and 'r' are only separated by a flipped bit 6, my guess is that I had a single bit error in the kernel shortly before logoff.

Problems like this are the reason that keeping small amounts of data like configuration data in text format and in multiple files is a good idea. If something goes wrong an advanced user has a chance of fixing it and at worst only a program or two is hosed, not the entire user profile. Also, you can guess the format of a text file, whereas there are an infinite number of ways to write binary formats in unintuitive or obscure patterns, and most of the time programmers are lazy and never document their binary formats. I am a big fan of efficiency, but surely my WinAmp configuration in the Registry isn't a critical path and doesn't need to be loaded all of the time. I can only wonder what the heck Microsoft was thinking when they put almost all of a user's configuration into one 4MB+ file with no rolling backup and no recovery tools.

Oh, and by the way, don't tell me to switch to Linux or MacOS. Having used both, I already have my reasons for not doing so, despite the above.

Comments

This blog was originally open for comments when this entry was first posted, but was later closed and then removed due to spam and after a migration away from the original blog software. Unfortunately, it would have been a lot of work to reformat the comments to republish them. The author thanks everyone who posted comments and added to the discussion.