Note: Impatient natures can skip the first 3 paragraphs.
Did it ever happen to you that you installed an additional operating system on your computer only to find the old one is „gone“? It sure happened to me. To elaborate a bit, by „gone“ I actually mean that the boot configuration of the OS was overwritten with the one of another OS. Strictly speaking overwritten is the wrong term, as aside from the MBR things get seldom overwritten, so maybe I should say replaced. In some cases things go fine and the old OS will be integrated in the new boot selection screen. Though sometimes things go wrong and this is where my findings might come in handy.
So ok, the other day I wanted to install Windows 7 on my notebook. Note that like 2 years ago I set up the system in a special way that suited my needs. I had Windows Vista (booted it like twice a year – haha in retrospect), Windows XP (my main OS) and Ubuntu Linux (whenever I needed Linux) installed and neatly organized via Grub. Each selection in Grub directly booted the respective OS, no additional selection screen was displayed from the Windows OS loader (bootmgr for Vista and ntldr for XP). If I hadn't set it up that way, it would just display „Microsoft Windows“ and after selecting this option I'd be presented a nested selection menu for Vista and XP. Needless to say this is not what I wanted, that's why I went through all the hassle of setting it up this way.
At this time I wanted to do a little bit more with Vista tough through some obscure error I couldn't install the Service Pack 2. This and the availability of Windows 7 made me thinking about replacing it in the first place. However, I remembered the chores to get a clean setup with the boot configuration so I wanted to prepare for the worst.
Enter a bootable CD containing grub with my specific configuration. Including the machine-specific (or should I say hard drive in the age of virtual machines) configuration is a bonus for convenience as grub comes with a command line so a generic CD would be enough for emergency purposes. I'm sure there is a hundred different ways to create a grub CD (not really but surely quite some). I chose a most probably not very elegant solution but it worked and it was basically stuff I was already experienced with since I created a lot of bootable BIOS-Update CDs based on DOS floppy images (reminds me I should probably blog about that as well). For a pure Grub CD you should probably look here.
Basically I took a DOS grub floppy from here, modified it as it suited me and then burned it to a CD-RW with bootable floppy disk emulation using Nero Burning ROM - though any other software capable of burning bootable CDs with floppy emulation might be ok. I removed the lots of selection screens from the grub floppy and put my menu.lst file on it. For this task I used the fancy tool WinImage. Linux users should probably read the info on the website of the grub floppy to get instructions on how to create such a disk. The grub floppy I linked has a lot of fancy features that might come in handy for one or another, but for me a basic grub disk was all I needed. Basically I removed all files except for the stage1 and stage2 files in /boot/grub and then put my own menu.lst in this directory. I took it directly from the /boot/grub folder from my Linux system. However you can also write a configuration from scratch, though that is outside of the scope of this blog.
Next step would be testing if it actually works. I recommend adding a dummy entry to either the CD or local grub configuration or changing the title or whatever you like in order to distinguish your local grub from the one on CD. Then you can reboot your computer, try booting from CD and if everything went fine you should be able to boot any of your operating systems from it.
Now that you have your backed up boot configuration you can start messing with other operating systems, especially the ones which like to replace MBRs and the likes. Remember that Windows-based OSes need their respective bootloader in order to be started, though most installation procedures don't remove those. If they do, you will still have the new operating system which can be used to put one in place, assuming the installation went fine.
Monday, July 19, 2010
Wednesday, July 14, 2010
Blog Intro - Windows Reinstall Shenanigans
Omg I really did it. I finally managed to set up this blog and actually post something to it.
Yeah, that sounds a bit lame for an intro, but let me explain a little bit. The initial idea to write this blog occurred to me about half a year ago. Back then I had some funny (read: horrible) problems with my laptop. It all started with wanting to defragment a hard drive partition I have been using for quite some time. It was a 40GB NTFS partition with like 1-2GB free space. The Windows XP defrag utility said the free space is not sufficient to carry out the defragmentation. The Windows Vista – I also had Vista installed on another partition - defrag utility however would carry out the process just fine. Bold as I am I thought that Microsoft may actually have improved the program and started the defragmentation.
Guess I shouldn't have been so bold back then. Note to little kids (and everyone else for that matter): Don't EVER defragment a Windows XP NTFS partition with the defrag utility from Windows Vista. Especially not when the Windows XP utility tells you the free space is not sufficiently large for the process, but I don't know if this criteria is enough. And for gods sake I don't feel like trying. So my daring readers you might want to know what actually happened. Let's put it this way: When you get a blue screen upon boot stating UNKNOWN HARD ERROR you know something terribly went wrong.
Know that I installed the system some 2 years before that and kept everything neat and clean, so I didn't feel the need for a reinstall. Fortunately I was able to rescue most of the data on the partition since it was still readable under Vista, though Windows was irrecoverably lost, as a I had to find out the hard way. When I wanted to prepare for reinstall I wanted to get the install CD to get the product key. I had installed a Windows XP Pro I bought for cheap at a students shop, not the XP Home shipped with the laptop. Although I usually don't lose such stuff, I was unable to find it (what was it about exceptions to the rule? Darn it!). That itself wouldn't be a problem if this didn't happen in some holidays. During workdays I'd have been able to retrieve my key from the shop as they register it with the buyer in order to prevent illicit use.
Some googling later I found various ways of recovering the product key of an existing Windows installation, though most of the options weren't for me as they require being able booting into it. So I opted for the „get the encoded CD key from windows registry and calculate the key from it“ option. Thank god there are Windows registry readers / editors for Linux. I chose chntpw. It can easily installed as a package in Ubuntu. Usage is pretty straightforward. I copied the software registry hive from %WINDIR%\system32\config\software to my home directory under Ubuntu. Then I invoked chntpw:
Now typing '?' lists available commands. To carry out what I wanted to accomplish, I entered cd Microsoft\Windows NT\CurrentVersion to change to the specified key and then I dumped the data I was looking for via hex DigitalProductId. The tool might be used to retrieve other data from the registry as well. If you are done you can quit by entering 'q'. Note that the prompt has no convenient history feature like you are possibly used to from various shells.
An alternative might have been dumphive, which is also available as Ubuntu package. Dumphive converts a registry hive into RegEdit compatible text format.
The final step in order to recover the product key would be to stop by the DragonDesign website, where the whole process is detailed here. They offer a tool to derive the original product key from parts of the previously dumped DigitalProductId. Note that they offer the tool both as a web and standalone version. Though while I don't want to accuse them to harvest keys for sinister purposes, anyone concerned about security should use the standalone version on a computer which is physically divided from the internet – just in case.
Remember when I said that Windows was irrecoverably lost without actually explaining how I came to that conclusion. Opening the CURRENT_USER registry hive stored in the NTUSER.DAT file in the profile of the respective user with chntpwd reveiled that most of the file was corrupted.
Looks like this file is corrupted. I lost some program configuration I wanted to backup, but other than that it was mostly a lot of time that I lost due to being a little bit too daring.
Explain a little bit, eh? Possibly this post more than anything explains why I don't get seemingly easy things done quick. Seemingly easy is the catch though, as most things I'll write about here will contain nasty details, pitfalls and the like. I publish my findings in the hope that it might save one or another from making the same mistake or trying harder than necessary to solve a problem.
Enjoy!
Yeah, that sounds a bit lame for an intro, but let me explain a little bit. The initial idea to write this blog occurred to me about half a year ago. Back then I had some funny (read: horrible) problems with my laptop. It all started with wanting to defragment a hard drive partition I have been using for quite some time. It was a 40GB NTFS partition with like 1-2GB free space. The Windows XP defrag utility said the free space is not sufficient to carry out the defragmentation. The Windows Vista – I also had Vista installed on another partition - defrag utility however would carry out the process just fine. Bold as I am I thought that Microsoft may actually have improved the program and started the defragmentation.
Guess I shouldn't have been so bold back then. Note to little kids (and everyone else for that matter): Don't EVER defragment a Windows XP NTFS partition with the defrag utility from Windows Vista. Especially not when the Windows XP utility tells you the free space is not sufficiently large for the process, but I don't know if this criteria is enough. And for gods sake I don't feel like trying. So my daring readers you might want to know what actually happened. Let's put it this way: When you get a blue screen upon boot stating UNKNOWN HARD ERROR you know something terribly went wrong.
Know that I installed the system some 2 years before that and kept everything neat and clean, so I didn't feel the need for a reinstall. Fortunately I was able to rescue most of the data on the partition since it was still readable under Vista, though Windows was irrecoverably lost, as a I had to find out the hard way. When I wanted to prepare for reinstall I wanted to get the install CD to get the product key. I had installed a Windows XP Pro I bought for cheap at a students shop, not the XP Home shipped with the laptop. Although I usually don't lose such stuff, I was unable to find it (what was it about exceptions to the rule? Darn it!). That itself wouldn't be a problem if this didn't happen in some holidays. During workdays I'd have been able to retrieve my key from the shop as they register it with the buyer in order to prevent illicit use.
Some googling later I found various ways of recovering the product key of an existing Windows installation, though most of the options weren't for me as they require being able booting into it. So I opted for the „get the encoded CD key from windows registry and calculate the key from it“ option. Thank god there are Windows registry readers / editors for Linux. I chose chntpw. It can easily installed as a package in Ubuntu. Usage is pretty straightforward. I copied the software registry hive from %WINDIR%\system32\config\software to my home directory under Ubuntu. Then I invoked chntpw:
chntpw -e ~/softwareThe program greeted me with some info that the file contains some garbage, probably not the best sign:
chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen
Hive name (from header): <emroot\system32\config\software>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 686c <lh>
Page at 0x1f9e000 is not 'hbin', assuming file contains garbage at end
File size 33292288 [1fc0000] bytes, containing 7513 pages (+ 1 headerpage)
Used for data: 582757/32096448 blocks/bytes, unused: 5213/812064 blocks/bytes.
Simple registry editor. ? for help.
Now typing '?' lists available commands. To carry out what I wanted to accomplish, I entered cd Microsoft\Windows NT\CurrentVersion to change to the specified key and then I dumped the data I was looking for via hex DigitalProductId. The tool might be used to retrieve other data from the registry as well. If you are done you can quit by entering 'q'. Note that the prompt has no convenient history feature like you are possibly used to from various shells.
An alternative might have been dumphive, which is also available as Ubuntu package. Dumphive converts a registry hive into RegEdit compatible text format.
The final step in order to recover the product key would be to stop by the DragonDesign website, where the whole process is detailed here. They offer a tool to derive the original product key from parts of the previously dumped DigitalProductId. Note that they offer the tool both as a web and standalone version. Though while I don't want to accuse them to harvest keys for sinister purposes, anyone concerned about security should use the standalone version on a computer which is physically divided from the internet – just in case.
Remember when I said that Windows was irrecoverably lost without actually explaining how I came to that conclusion. Opening the CURRENT_USER registry hive stored in the NTUSER.DAT file in the profile of the respective user with chntpwd reveiled that most of the file was corrupted.
chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen
Hive name (from header): <nstellungen\usr\ntuser.dat>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
Page at 0x4000 is not 'hbin', assuming file contains garbage at end
File size 8388608 [800000] bytes, containing 3 pages (+ 1 headerpage)
Used for data: 266/12192 blocks/bytes, unused: 0/0 blocks/bytes.
ERROR: not 'nk' node! (strange?)
ERROR: not 'nk' node! (strange?)
ERROR: not 'nk' node! (strange?)
ERROR: not 'nk' node! (strange?)
ERROR: not 'nk' node! (strange?)
ERROR: not 'nk' node! (strange?)
ERROR: not 'nk' node! (strange?)
ERROR: not 'nk' node! (strange?)
ERROR: not 'nk' node! (strange?)
ERROR: not 'nk' node! (strange?)
ERROR: not 'nk' node! (strange?)
ERROR: not 'nk' node! (strange?)
ERROR: not 'nk' node! (strange?)
ERROR: not 'nk' node! (strange?)
ERROR: not 'nk' node! (strange?)
ERROR: not 'nk' node! (strange?)
Simple registry editor. ? for help.
Looks like this file is corrupted. I lost some program configuration I wanted to backup, but other than that it was mostly a lot of time that I lost due to being a little bit too daring.
Explain a little bit, eh? Possibly this post more than anything explains why I don't get seemingly easy things done quick. Seemingly easy is the catch though, as most things I'll write about here will contain nasty details, pitfalls and the like. I publish my findings in the hope that it might save one or another from making the same mistake or trying harder than necessary to solve a problem.
Enjoy!
Subscribe to:
Posts (Atom)