Pulling keys from a corrupt hive

  • Thread starter Thread starter Dean Colpitts
  • Start date Start date
D

Dean Colpitts

The software hive on my notebook (W2KSP4) appears to be corrupt - that
in and of itself is not a big deal - I keep a sysprep image for our
notebooks that makes the re-imaging chore easy. My problem is that I
had a few settings that I absolutely require for access to customer's
networks.

Does anyone know of ANY way to extract data from a corrupt hive, or
repair a corrupt hive. There must be a piece of software out there
somewhere that can make sense of a corrupt hive, after all, the entire
hive can't be corrupt...

Thanks

dcc
 
This may help.

Windows 2000 Registry Repair Utility
http://www.microsoft.com/downloads/...01-2C68-4DE8-9229-CA494362419C&displaylang=en


--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft MVP [Windows NT/2000 Operating Systems]
http://www.microsoft.com/protect.

:
| The software hive on my notebook (W2KSP4) appears to be corrupt - that
| in and of itself is not a big deal - I keep a sysprep image for our
| notebooks that makes the re-imaging chore easy. My problem is that I
| had a few settings that I absolutely require for access to customer's
| networks.
|
| Does anyone know of ANY way to extract data from a corrupt hive, or
| repair a corrupt hive. There must be a piece of software out there
| somewhere that can make sense of a corrupt hive, after all, the entire
| hive can't be corrupt...
|
| Thanks
|
| dcc
 
Sounds like the damage is beyond all hope.

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft MVP [Windows NT/2000 Operating Systems]
http://www.microsoft.com/protect.

:
| Nope. Already tried it. Any other ideas?
|
| dcc
 
I found an app that will open the corrupt registry, enough so that I
can get most the info out of it. The app is RegdatXP and it can be
found at:

http://bluechillies.com/details/12007.html

It would appear that when I un-installed resplendent registar, it
erased everything in the software hive under it's entry (I was using
it trying to recover a customer's registry - EXACTLY as I am trying to
do with mine).

dcc
 
In said:
I found an app that will open the corrupt registry, enough so that
I can get most the info out of it. The app is RegdatXP and it can
be found at:

http://bluechillies.com/details/12007.html

"Description: RegdatXP reads non active WinNT/2K/XP registry files like
ntuser.dat and usrClass.dat and compares them to the current Registry.
It is an NT version of Regdat and has also Search and Replace functions
for the Registry. The full version can recover data from corrupt
registry files."

Interesting. As you use it please post again your impressions. The
Home Page link leads to "under construction" and I am not familiar with
the author (Henry Ulbrich). I presume this does what "Load Hive" in
regedt32 cannot? Could be useful.

[ ]
 
I used it yesterday to fix my own notebook, which was W2KSP4 (PRO).
The software hive was corrupt, so what I ended up doing was booting
off the recovery console, renaming software to software.bad, and
copying software.sav to software. Then I was able to boot into W2K.
Needless to say, Explorer did not work correctly, but I was able to
open a cmd prompt, and ftp the software.bad over to my desktop. From
there, I was able to open the software.bad in REGDATXP and view it.
Pretty much most all of the hive was intack, and able the only thing
missing was the keys that start with the letter R to Z (ie Symantec,
WinIso, etc).

Seeing that, I exported the remainder of the hive out to a .reg. Then
I ftp'd the software.sav over to my desktop, opened it in REGEDT32. I
used UltraEdit to edit the exported .reg inorder to rename the hive to
match the software.sav that I had opened in REGEDT32. I ended up
having to give myself full permissions to the loaded software.sav hive
in REGEDT32. From there, I used Regedit to import my .reg, then
unloaded the hive from REGEDT32. From there, it was a matter of
ftping it back to my notebook, rebooting into recovery console once
more, and replacing the software(.sav) with the fixed software hive.

From there, it was a simple reboot, and W2K started up with almost no
errors (Symantec Corporate Edition Antivirus failed, but that was
because then entire Symantec key was missing). From, it was a matter
of using Add/Remove to repair my Symantec software (Ghost, SAVCE
console, SAVCE client, LiveUpdate, and pcAnywhere 11). There were
also couple of other programs missing registery info (like WinIso and
Snagit), but those were simple to reinstall.

REGDATXP definitely saved me alot of work, the least of which was
drive into my office over the holidays to re-install my notebook into
the domain (had I needed to re-image from my sysprep images).

Further, I was able to recover some registry specific settings for a
customer's machine that had crashed just before Christmas using
REGDATXP. This is one tool I will not be without in the future.

Having said all that, there are a few downfalls to the software. From
the initial look, the documention is VERY lacking (I would not want to
be a newbie to the registry and trying to figure it out). Some of the
menu options are confusing (ie - do they act on the live computer's
registry, or the opened offline hive). Further, I don't see an
immediate way to import .reg into the opened hive.

On Friday morning, I'm going to tackle the system hive at a customer's
site with it and see how it goes. All in all, it was definitely worth
the $28 USD to register it. Besides which, if you really want, the
shareware version will let you view the file, just not export, so from
there, you could atleast see if the hive is completely corrupt or not.

***BTW - it beats Microsoft's standard answer to corrupt hives -
restore / replace or reload the OS. IMHO, there is no reason why
Microsoft couldn't release a tool similar to this, which, they
probably have anyways, instead of just telling people, too bad,
reload.

dcc

In said:
I found an app that will open the corrupt registry, enough so that
I can get most the info out of it. The app is RegdatXP and it can
be found at:

http://bluechillies.com/details/12007.html

"Description: RegdatXP reads non active WinNT/2K/XP registry files like
ntuser.dat and usrClass.dat and compares them to the current Registry.
It is an NT version of Regdat and has also Search and Replace functions
for the Registry. The full version can recover data from corrupt
registry files."

Interesting. As you use it please post again your impressions. The
Home Page link leads to "under construction" and I am not familiar with
the author (Henry Ulbrich). I presume this does what "Load Hive" in
regedt32 cannot? Could be useful.

[ ]
 
In said:
I used it yesterday to fix my own notebook, which was W2KSP4
(PRO). The software hive was corrupt, so what I ended up doing was
booting off the recovery console, renaming software to
software.bad, and copying software.sav to software. Then I was
able to boot into W2K. Needless to say, Explorer did not work
correctly, but I was able to open a cmd prompt, and ftp the
software.bad over to my desktop. From there, I was able to open
the software.bad in REGDATXP and view it. Pretty much most all of
the hive was intack, and able the only thing missing was the keys
that start with the letter R to Z (ie Symantec, WinIso, etc).

Seeing that, I exported the remainder of the hive out to a .reg.
Then I ftp'd the software.sav over to my desktop, opened it in
REGEDT32. I used UltraEdit to edit the exported .reg inorder to
rename the hive to match the software.sav that I had opened in
REGEDT32. I ended up having to give myself full permissions to
the loaded software.sav hive in REGEDT32. From there, I used
Regedit to import my .reg, then unloaded the hive from REGEDT32.
From there, it was a matter of ftping it back to my notebook,
rebooting into recovery console once more, and replacing the
software(.sav) with the fixed software hive.

From there, it was a simple reboot, and W2K started up with almost
no errors (Symantec Corporate Edition Antivirus failed, but that
was because then entire Symantec key was missing). From, it was a
matter of using Add/Remove to repair my Symantec software (Ghost,
SAVCE console, SAVCE client, LiveUpdate, and pcAnywhere 11).
There were also couple of other programs missing registery info
(like WinIso and Snagit), but those were simple to reinstall.

REGDATXP definitely saved me alot of work, the least of which was
drive into my office over the holidays to re-install my notebook
into the domain (had I needed to re-image from my sysprep images).

Further, I was able to recover some registry specific settings for
a customer's machine that had crashed just before Christmas using
REGDATXP. This is one tool I will not be without in the future.

Having said all that, there are a few downfalls to the software.
From the initial look, the documention is VERY lacking (I would
not want to be a newbie to the registry and trying to figure it
out). Some of the menu options are confusing (ie - do they act on
the live computer's registry, or the opened offline hive).
Further, I don't see an immediate way to import .reg into the
opened hive.

On Friday morning, I'm going to tackle the system hive at a
customer's site with it and see how it goes. All in all, it was
definitely worth the $28 USD to register it. Besides which, if
you really want, the shareware version will let you view the file,
just not export, so from there, you could atleast see if the hive
is completely corrupt or not.

***BTW - it beats Microsoft's standard answer to corrupt hives -
restore / replace or reload the OS. IMHO, there is no reason why
Microsoft couldn't release a tool similar to this, which, they
probably have anyways, instead of just telling people, too bad,
reload.

dcc


Thanks for the report and description Dean. I'll at least bookmark
this one for possible future use.
 
Microsoft's XP and 2003 operating systems include a regedit that has the
ability to open corrupt registry hives and repair them (well, at least strip
out the corruption so the hive will be loadable again). File | Load Hive
.... then Unload Hive.

You can then save them back (unload hive) and replace the file in the other
computer (using ERD Commander or Recovery Console).


(JD)
 
In said:
Microsoft's XP and 2003 operating systems include a regedit that
has the ability to open corrupt registry hives and repair them
(well, at least strip out the corruption so the hive will be
loadable again). File | Load Hive ... then Unload Hive.

You can then save them back (unload hive) and replace the file in
the other computer (using ERD Commander or Recovery Console).

Cool. Too bad they will (probably) never put that in a W2K SP. :-(
It's good information though and thanks.
 
And it actually works.
It did the job for me.
Everyone should try it, before thei spend 30$ on something
else....
 
Ok, had the same problem, here's what i did:
1)copied corrupt ntuser.dat to an xp box
2)regedit->select some key (e.g. HKU)->load hive
3)select currupt ntuser.dat
4)give it some name (e.g.badHKCU)
5)select badHKCU
6)from the menu, export the selected key to a reg file (e.g.
goodHKCU.reg)
7)exit regedit
8)copy goodHKCU.reg to the w2k box
9)login using a different username that the one with problems
10) make a copy of the profile with the problems, then delete the
original one
11)logout, then login with the username with the problems; a new, clean
profile will be created
12)edit goodHKCU.reg with notepad, replacing the root key name (e.g.
[hku/badHKCU ) with the correct one (e.g. [HKCU ); make sure to have a
[-HKCU] at the top
13)save
14) import the newly saved goodHKCU.reg; it will delete the default one
and paste the old one; some keys will not be imported because they are
already in use;
15) logout, login with a different username
16) copy the significant profile folders from the copy to the new one
17) log back in with the username with the problems

(mostly) everythink should be fine now, all previous settings active.

so i saved $30.


mpetruc
 
Back
Top