Windows XP could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM

The above is a common error message that appears during the boot process of the Windows XP operating system. Microsoft has a knowledge base article with instructions for recovery. Below, I present a different recovery technique.

The technique involves extracting the corrupted file from the PC, fixing it and putting the file back to its original place. For the extraction one can use any Linux live CD he’d like. I have tried SystemRescueCD without any problems. The extraction usually involves mounting the Windows partition and copying the file into a USB stick.

For fixing the problem, there are two possibilities. Either using the reg_hive_tool, which is a utility that manipulates and fixes registry hives, or using the Windows Registry Editor. The first alternative does perform the least amount of changes to the original file, but it’s still experimental and may not be able to fix all errors. Nevertheless, one can use the utility to dump all the data contained in the hive as a reference for any changes performed later during the recovery process. The second alternative is to open the Windows Registry Editor, point either the HKEY_LOCAL_MACHINE or the HKEY_USERS root key and load the hive (File -> Load Hive…). During the loading the Windows subsystem will clean and repair any errors in it. This procedure is quite invasive as it deletes a lot of keys while it tries to repair the hive. So, it is advised to keep a backup of the original hive and later compare the dumps generated by the reg_hive_tool.

After fixing the hive, it is just a matter of putting it back into its original place by using the same Linux live CD used in the first step. Just note that in order to write the file into an NTFS filesystem you must mount the filesystem by using the ntfs-mount program.

Following the above steps may solve easily a quite frustrating problem. Keep in mind, though, that this procedure might fail when the hive is damaged beyond repair or when the keys damaged are critical for the system’s execution.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: