Retrieving Registry info after crash

I have a drive that crashed, now non-bootable. I can slave the drive and see the system files but I need certain registry keys from the non-bootable drive and inport it to the new registry. OS is XP with sp2.

re: Retrieving Registry info after crash

go into the slave's WINDOWS directory, and find regedit.exe

hopefully that opens its registry and not the new one.

re: Retrieving Registry info after crash

Please let us know if epots9's trick works. I'd be very interested to find out.

Thanks for joining.

re: Retrieving Registry info after crash

Thanks for the quick replies
]
Unfortunately, it appears to load the registry from the boot (Master) drive

The keys I want are the email account settings as in Outlook Express.

Any other suggestions gratefully received

re: Retrieving Registry info after crash

RegistryTool is capable of reading off-line registry files.

re: Retrieving Registry info after crash

I haven't looked into it yet, but HiveTools looks interesting and is Open Source.

re: Retrieving Registry info after crash

sorry, i was hopping that it be a quick/painless fix, but i found this
<Moderator edit: allowed to quote and attribute, but not link>maybe it could help

re: Retrieving Registry info after crash

Thanks epots9

This method works well for most keys except the one I want. The key I want is in HKEY_CURRENT_USER but loading this hive is not available (the option is greyed out).

I loaded another hive HKEY_USERS and I could see and edit its values

So still no further - so close and yet so far!!!

I am desperate to do this so any more help would be reat

re: Retrieving Registry info after crash

From what I understand, HKCU is a copy to memory of one of the USERS hives, so it seem right not to be able to load it. I could be wrong (It's early here and I haven't had my coffee yet).

re: Retrieving Registry info after crash

bartonc

Thanks for the reply.

Given that the HKCU is a memory copy, do you have any suggestions how this info can be read from the non-bootable slave?

Thanks guys for all your help so far

re: Retrieving Registry info after crash

You need to figure out which USER hive has the key in it that you are looking for. It's got to be in one of them.

re: Retrieving Registry info after crash

You may want to try repairing the Master Boot Record first:
With your Windows CD, boot into the recovery console. When you get to the command prompt, type "fixmbr"

re: Retrieving Registry info after crash

Despite all the great help I've had, I couldnt locate the appropriate user hive to import.

So as per Motoma, I decided to reinstall XP over the top of the existing partition hoping that the data would not be affected. It wasn't and I was able to get the info I wanted.

So, again thanks for the help.

re: Retrieving Registry info after crash

Thank you for keeping us up-to-date with your solutions.

re: Retrieving Registry info after crash

Glad you were able to get things worked out. Come back any time you need help.

re: Retrieving Registry info after crash

i just suffered the same thing, and wanted to throw this out there for future reference. my system drive also failed - the data is good, but between the platter and the mainboard it randomly gets skewed and causes a crc error when reading from the drive. needless to say, windows can't boot from it anymore, and there's no way i could install over it since it would never verify the files copied properly. anyhow!

Saving your mail:

to completely restore your outlook express from a crashed drive, you need entries from the HKCU tree of the registry, which you won't have access to unless you can boot that particular windows installation. that data is stored in X:\Documents and Settings\[username]\ntuser.dat. unfortunately it's a binary file - so in windows XP, regedit will not open it unless you're on a domain (that's a guess), as the Load Hive command is disabled. that's actually a good thing, you wouldn't want to import it right away because it would be keyed to your old (non-existant on this installation) user account. but, the Registry Tool program linked earlier works great. so grab that, find your dat file, and you're ready to start. you need to collect four things:

1. your message archive. copy the following folder:
   Expand|Select|Wrap|Line Numbers

   1. X:\Documents and Settings\[username]\Local Settings\Application Data\Identities\{[your-user-identity-number]}\Microsoft\Outlook Express
2. your address book. copy the following file:
   Expand|Select|Wrap|Line Numbers

   1. X:\Documents and Settings\[username]\Application Data\Microsoft\Address Book\[username].wab
3. your email accounts. stored in the registry, original location:
   Expand|Select|Wrap|Line Numbers

   1. HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts
4. your blocked senders list and other mail rules. also in the registry, at original location:
   Expand|Select|Wrap|Line Numbers

   1. HKEY_CURRENT_USER\Identities\{Identity Number}\Software\Microsoft\Outlook Express\5.0\

Registry Tool:

you can probably figure out how to use the Registry Tool app, but i'll include a brief rundown for the less technically inclined.

click File > Import a File > Import DAT/Hive binary file. click Next. click Browse. navigate to the user's home folder and select ntuser.dat. click Open, then Next several times. at this point your computer may freeze up for a minute while it parses the file. then click Next, and close the message window that pops up. click Next a few more times, and it will show a file dialog asking where you want to save your work. doesn't really matter, so just click Save. it will then load the file and pop up a message about the demo's limitations, which you can close. now, turn Updating OFF and press Okay. the file should now be loaded, and everything that would normally be under HKEY_CURRENT_USER in regedit, will be found in HKU\{[your-user-identity-number]} in the top left pane. navigate to the key you want to backup (one is "Outlook Express", and the other is "5.0") and click once on it. now, click File > Export to REG, then change the first Radio box from Single to Branch and click Okay. pick a filename, and save it somewhere easy, like your desktop. repeat for the other key you need.

Restoring the data:

ok, once you've got your stuff together, you need to reintegrate it. Following the same 4 main points as before:

1. open outlook express. click File > Import > Messages. Choose the version you were using, probably Outlook Express 6. choose Import mail from an OE6 store directory and click OK. click Browse and choose the folder containing you copied earlier. you should now see all your messages and folders.
2. in outlook express, click File > Import > Address Book. choose the .wab you saved earlier, and all your contacts will be loaded.
3. open up Notepad, and load account.reg or whatever you named your first export from registry tool. see the first block of registry entries that begins with the "[HKEY_USERS\ ... \ACCOUNTS]" key? select and delete that section, you don't need it. then delete any blocks whose main keys don't end in numbers, such as the "\BIGFOOT]" one. that should leave numbered keys only ( [HKEY...\ACCOUNTS\0000001] and so on) for as many accounts as you had set up. now, select and copy the first part of any remaining key, from HKEY to the last number (for example HKEY_USERS\S-1-5-12-1234567890-123456789-12345678-123). then click Edit > Replace, and in the Find what box, paste it. in the Replace with box, type "HKEY_CURRENT_USER" and click Replace All. save the file, close outlook if you have it open, and go back to your desktop and double-click the .reg file. confirm that you want to add the info. don't start Outlook yet, as your mail rules aren't loaded yet so all will be in your inbox.
4. open the other registry file you exported in Notepad. this one also contains all of OE's settings, so you can go through it and trim those out if you'd like. i decided not to, because there's a lot to wade through. select the first part of a key, from HKEY_USERS to the identity number ( for example, HKEY_USERS\S-1-5-12-1234567890-123456789-12345678-123\ IDENTITIES\{123ABC1A-ABC1-1234-1234-1A2BC34DE5FG} ) and copy it. then click Edit > Replace, and in the Find what box, paste it. now open up Regedit, and navigate to HKEY_CURRENT_USER\Identities\{[your-identity-number]}. right-click on the identity number and select Copy Key Name. go back to Notepad, paste into the Replace with box, and click Replace All. save the file, close outlook if you have it open, and go back to your desktop and double-click the .reg file. confirm that you want to add the info.

when you start up OE for the first time, it will ask you the password for each account you have, even if you used to have them saved.

!!! your mileage may vary, after i imported the mail rules and settings, i found that the messages and folders that i had already imported were gone - after disconnecting from my mail server, i found that all the messages that were moved due to rules had gone to the Deleted Items folder, because none of the other folders existed (junk, for instance). if you use any custom folders for your mail rules, you may have to go into each rule and fix them. you'll see problem rules with a red X in the checkbox, and the problem will also be highlighted in red. after you import your messages/folders again, you just need to click the folder name and choose it again. good luck!

re: Retrieving Registry info after crash

Thank you, so much!

This is worthy of an article! I'll copy it over right now.

re: Retrieving Registry info after crash

neat. i's been published! :)

re: Retrieving Registry info after crash

Any more articles up your sleeve?

re: Retrieving Registry info after crash

aactually, yes. i've already posted it under another name on annoyances.org, but because of the way their forum is set up by default, it's likely to go completely unnoticed since it's in an old thread. you can find it here ( "other forum" link removed), feel free to add it to the repertoire. it's about the missing task manager tray icon in XP. do note that the post itself doesn't really reiterate what the problem it's talking about is, and the solution hasn't been verified to work by anyone else (and since no one will see the thread, that's unlikely to happen there).

re: Retrieving Registry info after crash

Thanks. I've bookmarked the post in the "other forum" and will copy it over when I get a chance. I've removed the link per site rules, though.

If you haven't yet, please check out our Posting Guidelines. Their real name should be "Site Rules: strictly enforced".