Please register or login. There are 0 registered and 1172 anonymous users currently online. Current bandwidth usage: 326.30 kbit/s April 19 - 11:42am EDT 
Hardware Analysis
      
Forums Product Prices
  Contents 
 
 

  Latest Topics 
 

More >>
 

    
 
 

  You Are Here: 
 
/ Forums / Windows XP, 2000, 98 /
 

  Windows XP Blue Screen of Death - Corrupt NTFS Partition 
 
 Author 
 Date Written 
 Tools 
Jeff Deacon Jan 27, 2007, 06:11pm EST Reply - Quote - Report Abuse
Private Message - Add to Buddy List Replies: 1 - Views: 1674
I thought I would share with the board a solution to a very perplexing problem:

Machine: Dell 610
OS: Windows XP SP2 - Professional
Blue screen of death
Booting in safe mode hung on Mup.sys

Corporate Laptop that was locked down pretty hard, no access to administrator password

In fact the administrator password had been removed/renamed

When this occurs it is nearly impossible to use the Windows Recovery Control Utility by booting the Windows XP Disk

So here is what I did:

1 - Created a linux ram disk with several registry and sam file utilities
2 - Discovered the missing administrator account, found I couldn't mount the ntfs partition due to corruption on the disk
3 - (Optional) downloaded and ran the Dell 32 bit diagnostics disk and found 2 corrupt bad sectors

** this most likely caused the Mup.sys error as the hard drive had physical errors

At this point I needed a way to fix the disk so that I could mount the ntfs partition to some type of machine to manipulate the file system

I found a Windows PE utility that was developed called "Bart's PE Builder"

I had to download and compile this into a bootable ISO image which wasn't that hard

By building a Windows PE RAM disk, you can then mount a corrupt NTFS filesystem and run commands against it.
Specifically you need to run chkdsk /f to force a fix on the corrupt filesystem.
In most cases this will fix your machine to the point where it will run, unfortunetly, I corrupted the sam file when I ran the linux ram disk.

So now it got past the blue screen, but gave me an authentication error as the sam file was bad.

When windows first builds, it creates a backup of the sam file, it is located in one of two places:

c:\windows\repair\sam
or
c:\winnt\repair\sam

The bad file is located at:

c:\windows\system32\config\sam
or
c:\winnt\system43\config\sam

Once you fix the corrupt ntfs partition, you can remove the drive, and put it into a usb drive and connect to a working system

backup, then delete the sam file in the \windows\system32\config directory
copy the sam file from \windows\repair to the \windows\system32\config directory

Put the hard drive back into the laptop or desktop that was corrupt.

You will now be able to log in with the default admin/password that was used at build time, normally this is a blank password.

You now have complete control.

In addition, if you used a corporate AD login before, the credentials are still cached, so if you aren't on the network, you can use your AD login and get back in.

Good luck, this took me two days to figure out, hope it helps somebody out.


Want to enjoy fewer advertisements and more features? Click here to become a Hardware Analysis registered user.
Brendan Falvey Jan 28, 2007, 12:30am EST Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Windows XP Blue Screen of Death - Corrupt NTFS Partition
Seems like a good way to go having been there before. Couple of points

An option once you have fixed the corruption may be to use NTFSDOS if it still works on later NT systems. This allows the NTFS partition to be mounted and access is by shock horror DOS. This would allow you to copy the SAM repair copy to the other directory. Since it is in DOS there is no system constraint on system files. Comments anybody!

Once done could you use the repair boot to replace the SAM?


Write a Reply >>


 

    
 
 

  Topic Tools 
 
RSS UpdatesRSS Updates
 

  Related Articles 
 
 

  Newsletter 
 
A weekly newsletter featuring an editorial and a roundup of the latest articles, news and other interesting topics.

Please enter your email address below and click Subscribe.