Taking Charge When Key System Files Have Problems

Sometimes Windows has files that are corrupted or missing, which seriously impairs, or even prevents, the operation of the system. If you've encountered this before, you know that one of your options is to start from scratch or try to recover the system using the draconian Windows Startup and Recovery system. The toolset included in that tool is sparse at best and difficult to use. Knoppix, conversely, provides a friendly and very powerful environment in which to fix certain issues you may encounter when problems pop up.

By default, Knoppix can read a large set of filesystems right out of the box, but it doesn't support writing to certain filesystems. There are some known issues with Knoppix 3.8 and later regarding writing to NTFS filesystems (the default for Windows XP and later). Those filesystems require the use of a program called captive-ntfs (http://jankratochvil.net/project/captive/) to allow write access, which is crucial for editing files on the systems. Knoppix 3.8 and later does not include captive-ntfs by default because of lack of active project development and other concerns regarding corruption of data. (There is another system in place — UnionFS — that promises to provide this support in the future. It isn't fully developed yet, so it currently only gives the appearance of writing to the NTFS partition.)

Earlier versions of Knoppix (3.7 and earlier) include captive-ntfs, but if you are using Windows XP Service Pack 2 (SP2), take the steps identified in http://kb.bitdefender.com/site/KnowledgeBase/viewArticle/en/100/Problem_with_LinuxDefender_and_Windows_XP_SP2_.html to enable read/write capabilities.

Accessing boot.ini to Resolve Start Issues

The boot.ini file is used by Windows NT-based systems (NT, 2000, XP, 2003) to boot the system into the correct operating environment by displaying a list of Windows-recognized operating systems and directing the system toward the selected environment. If the file is corrupted, damaged, or missing, you cannot boot your Windows system properly. The boot.ini file can become corrupted if you reboot your system improperly, or may be missing if someone deletes it accidentally, or, well, there are many other causes for that error.

If you boot your system and get an invalid boot.ini or Windows could not start error message, the most likely culprit is an invalid or corrupted boot.ini file. To correct this problem, you need to either edit your existing boot.ini file or create a new, generic one. First, you must make the Windows partition that your core system resides on writable (Knoppix makes all existing partitions read only) by right-clicking the drive on the desktop and selecting Properties. In the Device tab, make sure that Read Only is unchecked to make the drive writable. Don't do this if you're working on an NTFS partition.

Once you have the capability to write to the filesystem, locate the Windows top-level directory on what is usually the Windows C: drive (typically on the drive labeled HDA1). Click on the drive on your desktop labeled Hard Disk Partition HDA1 In the top level is a file called boot.ini. Create a copy of the file by right-clicking it and selecting Copy. Then paste the copy in your Windows directory in case you need to refer to it later.

When you open your drive in Konqueror, the boot.ini folder is in the directory (see Figure 5-9) if you did a default install of Windows and have selected the correct hard drive (HDA1). If you have set up Windows differently, look in your Windows boot directory for the boot.ini folder).

Figure 5-9: Open your Windows hard drive in Konqueror.

Open the file with your favorite editor. Figure 5-10 shows a boot.ini open in KWrite.

Figure 5-10: A boot.ini file open in KWrite

The following, from a Windows XP Home Edition, is a typical generic boot.ini file:

 [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect 

timeout specifies how long the system should wait for user input while the boot menu is being displayed.

default identifies which selection from the Windows recognizable operating systems (identified in the [operating systems] section) will be booted if the user makes no selection in the boot menu. The [operating systems] section identifies all Windows recognizable operating systems that can be booted by the boot menu.

multi denotes that this system has an IDE or ESDI drive, and is almost always 0. If you are using a SCSI drive with no BIOS support, this is scsi(0) instead of multi(0). (Note that Windows NT systems using SCSI drives have multi.) The disk designator is 0 if multi is listed as the adapter. If scsi is the adapter in use, you would indicate the scsi bus number. rdisk identifies what controller the disk is on, such as rdisk(1) for the secondary disk, rdisk(0) for the primary. If you are using scsi, this option is always 0.

partition indicates the partition on which the file to boot resides. If you are on the second primary partition, you would write partition(2). This should never be 0 because there is no partition 0. The last portion identifies the directory in which Windows resides (in this case, \WINDOWS (this could be anything depending on the version of Windows and how the system was installed). Everything after the equals sign and in quotes shows what is displayed in the boot menu to the user regarding booting.

Most boot.ini problems you encounter will be file corruption (or misconfiguration if you are hand-editing the file). You can use the preceding information to recover by simply replacing or adding the default lines.

For specifics on configuring the boot.ini file, go to http://support.microsoft.com/?kbid=289022.

When you have completed editing the file, save it. Remove your Knoppix CD and reboot the system into Windows.

Editing the System Registry When It Goes Bump in the Night

The registry is the central Windows location for all system-specific information, including configurations and settings, for Windows 95 and all later versions. The registry can be edited very easily by using the Windows native program regedit within Knoppix. Just type the following command in a console window:

 regedit 

This command invokes Wine and pulls up the Windows Registry Editor, as shown in Figure 5-11. (Wine is an open-source implementation of Windows APIs that runs on top of Linux. Some folks think of it as a Windows emulator, but Wine's developers call it a Windows compatibility layer for UNIX.)

Figure 5-11: Using the Registry Editor in Linux

All of the functionality you find running the Registry Editor in Windows is available under Wine, including importing a backed-up registry and saving a modified registry.

Some of the variant versions of Knoppix include an excellent Linux-native Windows Registry Editor called Offline NT Password and Registry Editor (chntpw), a program that enables you to modify the Windows registry as well as Windows passwords. You can get more information on chntpw at http://home.eunet.no/~pnordahl/ntpasswd/. The standard Knoppix versions 3.8 and later do not include chntpw by default, but the software is available through APT (sudo apt-get install chntpw), described in Chapter 1, as well as through the Klik program.