Hive Restore XP
When you try to start or restart your Windows XP-based computer,
you may receive one of the following error messages:
Windows XP could not start because the following file is
missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM
Windows XP could not start because the following file is
missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SOFTWARE
Stop: c0000218 {Registry File Failure} The registry cannot load the hive (file): \SystemRoot\System32\Config\SOFTWARE or its log or alternate
System error: Lsass.exe
When trying to update a password the return status indicates that the value provided as the current password is not correct.
Sometimes this can be corrected using chkdsk /r /f from recovery console
other times you need to boot into the recovery console using the XP install CD
and use the directions here http://support.microsoft.com/kb/307545 which involves typing a
whole bunch of commands into the console and hope that you dont make any mistakes typing.
Alot of people either lost or don’t have the XP install CD and if you do it’s a pain in
the ass to type all of that.
So the alternative would be to either:
1. boot from WindowsPE type disk and backup/copy the registry hive files to the folders
or
2. slave the drive to another computer and backup/copy the registry hive files to the folders
which is also tedious because you have to copy hive files over,back up old hives, and rename the new hives
This is where HiverestoreXP comes in handy because it automates the process for you.
It’s dead simple to use.
Download HiveRestoreXP
[downloadcounter(HiveRestoreXP)] downloads
If you are trying to use this on a slaved drive you may not have proper permissions to open the “System Volume Information” folder and the program wont show any restore points, use the instructions here to take gain access before running the program http://support.microsoft.com/kb/309531
most of the time you can run this command:
cacls "driveletter:\System Volume Information" /E /G username:F
then remove the permissions using this:
cacls "driveletter:\System Volume Information" /E /R username