Recovering from Windows registry hive corruption, the smart way.

21 Sep

Taken from:

I like this trick. Every time I do it, I think about all those people doing repair installs (in-place upgrades).

It works pretty much every time unless the filesystem is really truly screwed, in which case you need a backup, say from the system restore directory (System Volume Information), as per this knowledgebase article (don’t bother with the recovery console though, use your USB to IDE or USB to SATA cable and fix it from your laptop.)

Here are the symptoms. You try to start up your Windows 2000/XP/Vista/Windows 7 computer and you get a message, white text on black background:

Windows could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM


Windows could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SOFTWARE

Sometimes, the message is cut short, so you might see “\WINDOWS\SYSTEM32\CONFIG\SYS” or similar. Hint: If it’s really cut short, and you can’t see if it’s SOFTWARE or SYSTEM, do the following procedure on both files. Whichever one is identified as having been repaired, well that’s the one that was broken .

Anyway, how to fix it in 2 minutes:

Use your USB to IDE/SATA adapter cable, and connect the broken machine’s hard drive to your laptop, or your spare PC or whatever. You don’t have to use a USB to IDE/SATA adapter cable – if you’re a person at home with another PC you can stick the drive on a spare IDE or SATA channel. You just need to get that hard drive into a working Windows XP computer for a few minutes.

Windows will mount the broken computer’s hard drive as, say E: or F:. Make sure you have your computer set to show hidden files and also system files. To check this, go into My Computer -> Tools -> Folder Options, -> View Tab, and select “Show hidden files”, and make sure “Hide protected operating system files” is not ticked.

First things first, run chkdsk on that drive, after all it is most likely filesystem corruption that has caused the registry to become corrupt in the first place. In My Computer, right-click the broken computer’s drive and choose properties. Go to tools, “Check Now”, put a tick in only the first box (Automatically fix filesystem errors), and click start. Let that finish before continuing.

Here’s where the magic happens. Go to start -> run, and type regedit [enter]. This will launch the registry editor on your computer. In the registry editor, highlight HKEY_LOCAL_MACHINE, and then go to File -> Load Hive. Find the file that is “missing or corrupt” (from your error message earlier), and choose to load that. It will be in E:\(or F:\)Windows\System32\Config, and will be called just SOFTWARE or SYSTEM. Regedit will ask you to name the hive, just type “badpc” (any old garbage will do – it’s only temporary).

Regedit will say “One or more files containing the registry were corrupt and had to be recovered by use of log files. The recovery was successful.” You have just repaired the registry! Now you need to Un-load that hive, so highlight that “badpc” hive that you can now see under HKEY_LOCAL_MACHINE, and go to File -> Unload Hive.

You now just need to put that hard drive back in the broken computer, which hopefully won’t be broken any more! If you used a USB to SATA or USB to IDE cable from your laptop, make sure you use the “Safely remove hardware” icon in the system tray next to the clock to safely remove the hard drive, else you may cause filesystem corruption again. Alternatively just shut your laptop/working computer down properly and remove the hard drive once it’s shut down.

All done.

Some background:

The registry is a database. It has transaction log files which can be used to recover from corruption. It would appear that the early Windows boot process is not able to work with those log files, but regedit (and Windows itself further on in the boot process) is.

Leave a comment

Posted by on September 21, 2011 in Registry


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: