Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Where Is The Vista Registry?


  • Please log in to reply
6 replies to this topic

#1 Aurens

Aurens

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:38 PM

Posted 15 July 2008 - 10:03 AM

After overclocking my memory, I managed to damage the system files. I have a full backup of everything else on a different drive, including user files and program file, using Retrospect. I was thinking, wipe the drive, reinstall Vista, reinstall the documents and programs folders, then restore the registry from the backup.

Which may be complete nonsense and impossible.

But it would help if I knew where the registry actually was. Is it a file, does it have a name? And if I restore it into a system, will it be stupid?

Thanks.

By the way, I can safe boot my damaged drive. It just won't come up normally.

Is there any other way to recover?

Posted Image

BC AdBot (Login to Remove)

 


#2 The Recruit

The Recruit

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 15 July 2008 - 10:47 AM

Press the windows key and R at the same time and then type regedit .

#3 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:38 PM

Posted 15 July 2008 - 12:11 PM

The registry is contained in several files located in C:\Windows\System32\Config
They are the filenames with no extensions (SAM, SOFTWARE, SYSTEM, SECURITY, DEFAULT) and another one that I haven't researched (COMPONENTS).

There are ways to use this information to restore a Windows installation - but without the associated programs, add-ons, etc installed - you're in for a battle with registry errors.

Also, using this method to attempt to restore Windows probably won't work - despite all of the work that you put into it. The reason behind this is the unique Security Descriptor that's assigned to each Windows installation - without this, the registry entries and program files just won't be able to work (not to mention the missing files that the programs have installed throughout the Windows installation outside of the Program Files directory).

Even with a simple installation, this is a very difficult task - and it usually requires that you monitor the installation to find all the changes that were made to the registry and files. Then you'll have to deal with the Security Descriptors, the Access Control Lists, various assorted permissions and security features.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#4 Aurens

Aurens
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:38 PM

Posted 15 July 2008 - 09:49 PM

run > regedit > file > export ;)

then import again when you've reinstalled the OS.

just found out about this, was curious if it was possible. my reg dump is about 65 MB, seems realistic.


I got Vista to boot in safe mode again, but not safe mode with networking (clue!). I ran regedit, and backed up the registry to a different drive. I also did a diskcheck, and there were numerous errors corrected, but not in the file records themselves.

In the past, with XP, there were times I've gotten past a problem with booting the system by doing nothing more interesting than running in safe mode and restarting.

So I restarted, but no joy. So I restarted the Vista Installer, no joy, can't find anything wrong with startup. Tried a restore point. There weren't any. The problem still exists, apparently, where an XP install wipes out your Vista restores. (Or something approximating that.)

So then, at a restart, I get the multi-boot menu, and hit F8. Only this time, I did something I didn't expect to workólast good configuration. I didn't expect it to work because there were no restore points. I didn't realize that there are OTHER things Vista keeps around that I know nothing about.

Because it came right up, and has run perfectly ever since. And I did a full backup once again, and intend to copy it, and the program to restore it, to an off-board drive THAT I WILL DISCONNECT BEFORE I MAKE THE NEXT SERIES OF MISTAKES.

All of which is to say, I confess to n00bhood (I designed major software systems, including the autopilot for the B2, have a Master's in Comp Sci from UC Berkeley, and I hate windows so much I've never really tried to understand anything but BCDEDIT and the registry.)

So I ordered two deep books from Microsoft Press on Vista, and am eagerly awaiting the rewritten OS manual due in January. I am inspired by my ignorance, and want the damned thing to overclock to the moon.

#5 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:38 PM

Posted 16 July 2008 - 06:52 AM

HKLM\System\Current Control Set contains pointers to the different Control Set xxx entries, and determines which one to use on boot
FYI - I use LKG to refer to the Last Known Good configuration
HKLM\System\Select contains the key that points to the LKG Control Set (named LastKnownGood), It also has a key named "Failed" that will tell you which Control Set failed to boot successfully.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#6 Aurens

Aurens
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:38 PM

Posted 16 July 2008 - 09:07 AM

HKLM\System\Current Control Set contains pointers to the different Control Set xxx entries, and determines which one to use on boot
FYI - I use LKG to refer to the Last Known Good configuration
HKLM\System\Select contains the key that points to the LKG Control Set (named LastKnownGood), It also has a key named "Failed" that will tell you which Control Set failed to boot successfully.


Ah! Found it at HKLM\System\Select on Vista x64. Thank you!

Interestingly, Current is set 4
Default is also 4
Failed is 3
LastKnownGood is 5

I think windows doesn't know that the LKG isn't actually good, so when I said restore to an earlier state, it went back to 4. Had 3 & 4 been reversed, it would have skipped over the failed to reach it.

Cool, if I'm reading this right, then what's in 5 compared to 4 may be able to tell me what caused the failure (but who can figure that out?).

Edited by Aurens, 16 July 2008 - 09:13 AM.


#7 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:38 PM

Posted 16 July 2008 - 03:30 PM

You'll have to do a registry compare - and that may be a lot of work! I seem to recall that there were registry compare tools available, but can't look for them right now (haven't done this in years). Maybe give Google a shot? Also, I'd try comparing 3 to 4 and 5 - because 3 is where the ?original? fault happened.

FWIW - I've seen times when Windows will assume that the LKG is good when it isn't. As I understand it, when winlogon.exe reports a successful logon, that's what determines if it's the LKG or not - regardless of whether it's "successful" to you or not.

LKG is separate from System Restore (and is constructed differently) - I don't know if the old info from that registry branch is imported during System Restore (but I think it is because of the manual restore operations that I've done were from the System Restore points).

It'd be an interesting experiment to change the LKG to 1 or 2 to see what'd happen - but that may break things even worse!
1 = unknown
2 = unknown
3 = failed
4 = failed (aka default)
5 = failed (aka LKG)
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users