« IE7 beta 2 | HomePage | Microsoft Marketing Policy:-):-):-) »
Sunday, February 05, 2006
Fixing windows with Knoppix
Do you use Knoppix? This bootable Linux distribution that comes in the form of a CD or DVD can be a lifesaver when your computer goes awry. In this feature, we guide you through the process of fixing Windows with Knoppix, which includes resizing Windows partitions, solving key system file problems, and recovering data. This is a chapter from the ExtremeTech book Hacking Knoppix.
You or someone you know will encounter a seemingly unfixable problem with a Microsoft Windows operating system environment at one time or another. When this occurred in the past, most users would reinstall their operating systems, sometimes wiping out significant amounts of data that was needed on the system. Now you can use Knoppix to (often) correct your Windows system problems without losing any data and save the time associated with reinstalling all of the operating system files and applications.
Resizing Windows Partitions
Partitioning is a simple scheme for segmenting your physical hard drive into different sections. Power Windows users typically partition their hard drive for performance and backup reasons or to allow for different operating systems to be installed on it. When the system is first partitioned, the drive sizes are determined by the installer's experience and the projected needs for each partition. As time goes on, the partitions' size requirements may change, necessitating resizing.
There are many commercial applications, such as Partition Magic, that enable you to repartition your hard drive. They can cost $60 or more, however, you can get the same base functionality using tools included natively with Knoppix for no cost. This section explains how to resize your Windows partition or other types of partitions using Knoppix and QTParted, which is a user-friendly graphical front-end for the command line partition resizing tool parted.
QTParted works on the following Windows partition types (as well as non-Windows file system types):
* FAT16—Used primarily with Windows 3.1 and earlier versions of MS-DOS
* FAT32—Used by Windows 95, 98, and ME primarily
* NTFS—Used by the NT based versions of Windows, including NT, 2000, XP, and 2003.
Preparing To Partition
Before you resize your partitions, defragment your hard drive if you can. This process, put very simply, rearranges the hard drive, putting your files together in as logical a manner as possible, usually in a group, and checking for errors.
Although partitioning with the tools described in this article are time tested and have been used by many, many people, there is always the chance of an inadvertent input error on your part or the possibility of a some other unforeseen circumstance, so back up your important data.
Determine what you want the file system layout to be after you have resized your partitions, including the sizes of the partitions. You will need this information to use the tool in the most effective manner. For example, if you have a single partition on the entire hard drive consisting of 100 GB, and you want to make room for a secondary Windows or Linux partition of 10 GB, you would resize the primary partition to 90 GB, leaving 10 GB for the new partition to be created.
The QTParted tool cannot create space where none exists, so ensure that you have the requisite amount of space available that you plan to resize to. If your primary 100 GB partition is filled with 98 GB of data, for example, you'd only be able to create a new 2 GB partition because that's all of the space available
QTParted Partitioning
Ready to partition? Boot your Windows machine with Knoppix and choose Knoppix>System>QTParted. A screen similar to the one shown in Figure 1 opens.
Figure 1
 |
 |
| click on image for full view |
The partition graphics above the list also show how much used space each has. In the example, the NTFS partition uses 2.18 GB of its 3.91 GB space, and the FAT32 partition uses 32.15 MB of its 3.98 GB.
To begin the resizing operation, right-click the graphical box of the partition you want to resize (alternatively, highlight the partition in the list and right-click), and select Operations>&resize. The QTParted Resize Partition dialog opens (see Figure 2).
Figure 2
|
| |
| click on image for full view |
Figure 3
|
 |
| click on image for full view |
The main screen shows your modifications (see Figure 4): two partitions and a gray box indicating how much free space you'll incur after resizing. The new FAT32 partition is now 996.22 GB and there's 2.99 GB of free space. The resized partition is a solid color, indicating it has not been committed yet; you can't format the drive until it has been committed. Continued...
Figure 4 |
 |
| click on image for full view |
QTParted Partitioning--Continued
If you make a mistake, you can undo everything until you do commit a little later in the process. To undo any changes, select File>&Undo and the system will return to its previous state.
Now you can create another partition in the free space by right-clicking on the gray box and selecting &Create (or by selecting Operations>&Create). The Create Partition dialog opens, as shown in Figure 5.
Figure 5
|
 |
| click on image for full view |
Figure 6
|
 |
| click on image for full view |
Figure 7
|
 |
| click on image for full view |
Figure 8
|
 |
| click on image for full view |
After you have completed the resizing, you can format your new partitions using QTParted—just select Operations>Format
Taking Charge When Key System Files Have Problems
At times Windows has files that are corrupted or missing, seriously impairing, or even preventing, the operation of the system. If you've encountered this before, you know that one of your options is to start from scratch or try to recover the system using the draconian Windows Startup and Recovery system. The toolset included in that tool is sparse at best and difficult to use. Knoppix, on the other hand, provides a friendly and very powerful environment in which to fix certain issues you may encounter when problems pop up.
By default, Knoppix can read a large set of file systems right out of the box, but it doesn't support writing to certain file systems. There are some known issues with Knoppix 3.8 and above in writing to NTFS file systems (the default for Windows XP and above). Those file systems require the use of a program called captive-ntfs to allow write access, which is crucial for editing files on the systems. Knoppix 3.8 and above do not include captive-ntfs by default because of lack of active project development and other concerns regarding corruption of data. (There is another system in place—UnionFS—that promises to provide this support in the future. It isn't fully developed yet so it currently only gives the appearance of writing to the NTFS partition.)
Earlier versions of Knoppix (3.7 and below) include captive-ntfs, but if you are using Windows XP service pack two (SP2), take the steps identified in BitDefender to enable read/write capabilities.
Accessing boot.ini to Resolve Start Issues
The boot.ini file is used by Windows NT-based systems (NT, 2000, XP, 2003) to boot the system into the correct operating environment by displaying a list of Windows-recognized operating systems and directing the system toward the selected environment. If the file is corrupted, damaged, or missing, you cannot boot your Windows system properly. The boot.ini file can become corrupted if you reboot your system improperly, may be missing if someone deletes it accidentally, or, well, there are many other causes for that error.
If you boot your system and get an invalid boot.ini or Windows could not start error message, the most likely culprit is an invalid or corrupted boot.ini file. To correct this problem, you need to either edit your existing boot.ini file or create a new, generic one. First, you must make the Windows partition that your core system resides on writeable (Knoppix makes all existing partitions read only) by right-clicking the drive on the desktop and selecting Properties. In the Device tab, make sure that Read Only is unchecked to make the drive writeable. Don't do this if you're working on an NTFS partition.
Caution: Modifying NTFS partitions (Windows XP default) can cause significant problems, so perform the write function on FAT partitions only.
Once you have the capability to write to the file system, locate the Windows top-level directory on what is usually the Windows C: drive (typically on the drive labeled hda1). Click on the drive on your desktop labeled Hard Disk Partition HDA1 In the top level is a file called boot.ini. Create a copy of the file by right-clicking it and selecting copy. Then paste the copy in your Windows directory in case you need to refer to it later.
When you open your drive in Konqueror, the boot.ini folder is in the directory (see Figure 9) if you did a default install of Windows and have selected the correct hard drive (HDA1). If you have set up Windows differently, look your Windows boot directory for the boot.ini folder):
Figure 9
|
 |
| click on image for full view |
Figure 10
|
 |
| click on image for full view |
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft
Windows XP Home Edition" /fastdetect
- timeout specifies how long the system should wait for user input while the boot menu is being displayed.
- default identifies which selection from the Windows recognizable operating systems (identified in the [operating systems] section) will be booted if the user makes no selection in the boot menu. The [operating systems] section identifies all Windows recognizable operating systems that can be booted by the boot menu.
- multi denotes that this system has an IDE or ESDI drive, and is almost always 0. If you are using a SCSI drive with no BIOS support, this is scsi(0) instead of multi(0). (Note: Windows NT systems using SCSI drives have multi). The disk designator is 0 if multi is listed as the adapter. If scsi is the adapter in use, you would indicate the scsi bus number. rdisk identifies what controller is the disk is on, such as rdisk(1) for the secondary disk, rdisk(0) for the primary. If you are using scsi, this option is always 0.
- partition indicates what partition the file to boot resides on. If you are on the second primary partition, you would write partition(2). This should never be 0 because there is no partition 0. The last portion identifies the directory in which Windows resides (in this case WINDOWS (this could be anything depending on the version of Windows and how the system was installed). Everything after the equal sign and in quotes shows what is displayed in the boot menu to the user regarding booting.
-
Most boot.ini problems you encounter will be file corruption (or misconfiguration if you are hand editing the file). You can use the preceding information to recover by simply replacing or adding the default lines.
Editing the System Registry When It Goes Bump in the Night
The registry is the central Windows location for all system specific information, including configurations and settings, for Windows 95 and all later versions. The registry can be edited very easily by using the Windows native program regedit within Knoppix. Just type the following command in a console window:
regedit
This command invokes Wine and pulls up the Windows Registry Editor, as shown in Figure 11. (Wine is an open source implementation of Windows APIs that runs on top of Linux. Some folks think of it as a Windows emulator, but Wine's developers call it a Windows "compatibility layer" for Unix.)
Figure 11
|
 |
| click on image for full view |
All of the functionality you find running the registry editor in Windows is available under Wine, including importing a backed-up registry and saving a modified registry Some of the variant versions of Knoppix include an excellent Linux-native Windows registry editor called Offline NT Password and Registry Editor (chntpw), a program that enables you to modify the Windows registry as well as Windows passwords. You can get more information on chntpw at Offline NT Password & Registry Editor. The standard Knoppix versions 3.8 and above do not include chntpw by default, but the software is available through APT (sudo apt-get install chntpw), as well as through the Klik program
Recovering Data
If your Windows system crashes completely and cannot be recovered using the registry editor or the boot.ini, you may face some serious problems if important data on the system wasn't backed up. Knoppix can come to your rescue by enabling you to access your Windows partition and save your important data to multiple devices for restoration later. These devices include USB jump drives (also called flash drives or key drives), CD-Rs and DVD-Rs, and copying data over the network. This section explains how to recover and save the data that you'll restore after you have re-installed Windows following a crash.
Preparing for Data Recovery The most common mistake when recovering data from a system is failing to retrieve all of it because of haste. What you leave behind is typically the data you end up needing the most, so take your time and ensure you are capturing everything valuable. The most common area for data storage is in the Documents and Settings folder (usually /mnt/hda1/Documents and Settings), which is Windows' default for saving most of all users documents, music, pictures, and so on. If there are any non-standard directories into which you or your users save data, consider those as well.
Tip: After you have saved all the files you think you need, it is always a good idea to check that the data you saved is correctly archived. Navigate the backup medium and open random files (those that can be opened) to ensure that the data is valid.
Saving Data to a USB Jump Drive
Knoppix recognizes your USB jump drive almost immediately after the drive is plugged in. From that point, it is a trivial matter to save data from your Windows partition to the key drive, which is represented by the USB icon on the desktop. To save to the jump drive, you only need to make it writeable by right-clicking the jump drive icon, and selecting Properties. Click on the Device tab, which looks much like the dialog shown in Figure 12, and then uncheck the Read Only box to enable writing to the drive. Click OK to close the window, and you're good to go.
Figure 12
|
 |
| click on image for full view |
Figure 13
|
 |
| click on image for full view |
Your only limitation to saving files this way is the speed of the file transfer and the capacity of your jump drive, although 1 and 2 gigabyte jump drives are available for very reasonable prices, and you can use more than one if necessary.
Burning Data to a CD or DVD
Burning the files you need to a writeable CD or DVD is made very simple in Knoppix, which includes K3b, a user friendly CD recorder that's on par with the most expensive commercial software. Select Knoppix>Multimedia>K3b Program to open it. The application's screen is similar to that shown in Figure 14.
Note: There's a glitch in K3b's capability to burn DVDs or CDs in Knoppix 3.8.2, but that should be resolved by Knoppix 4.0.
Figure 14
|
 |
| click on image for full view |
Figure 15
|
 |
| click on image for full view |
After you have set any user-specific settings you need, click the Burn button to begin the writing process. When K3b finishes, navigate the finished CD/DVD to ensure that the data is properly encoded.
Emailing Data to Yourself
Another option that many people don't think of is to email the data to yourself. With today's large capacity sizes of both Web-based email services (thank you, Gmail!) and personal email services, you can generally send any data you need backed up via email with no worries about the capacity of the mail account. You do, however, still need to take into account that your email service probably has some limit on the size of attachments. For example, Gmail limits attachments to a maximum of 10 MB.
To save data by email, simply use KMail or Thunderbird, available in Knoppix>Internet. Set these up to use your POP or IMAP account, and then attach your recovered files and send the mail. If you use a Web-based email account such as Yahoo! or Gmail, you can simply use Firefox or another Web browser and attach the files as you would normally.
Caution: Be aware that email is not typically an encrypted method of transmission, meaning that someone intercepting your files will be able to read the data.
Copying Data Over the Network
Knoppix includes the capability to transfer your important files over a network if that is the method you prefer. By far the easiest way to accomplish this is to have your Knoppix system run an SSH server for you. SSH provides the capability to interactively log into your Knoppix system as well as transfer files, all over an encrypted transmission, meaning that should anyone intercept your communication, he'd have a very difficult time deciphering the actual data. If the system to which you are transferring the files resides on a Linux or Knoppix system, the capability to sftp files is already built into the system. If you are transferring your files to a Windows system, you need to download an SFTP client (one recommend free version is WinSCP, available at WinSCP)
To allow a remote Linux or Windows system to connect to the Knoppix system you want to back up, start the SSH server on the Knoppix system by selecting Knoppix>Services>Start SSH Server. A key used for encryption is generated in the window that opens. Enter a strong password, and then enter it the second time the same way. The password you enter here is used when logging into the system via SFTP, and it is case sensitive, so make sure that you remember your exact password.
You need to know your system's IP address (use the command ipconfig eth0 to determine your IP address; it is four sets of numbers separated by dots, such as 192.168.1.1). Using WinSCP or another SFTP/SCP client, connect to your Knoppix machine with the IP address. Enter knoppix as the username, and then enter the password you created earlier. Now you can navigate the file system to find the files you want to copy to the remote system using SFTP commands if you are connecting via the command line, or by dragging and dropping if you are using a graphical application such as WinSCP.
03:15 Posted in Technology | Permalink | Comments (4) | Email this | Tags: Positive Technology
Trackbacks
Free Registry Cleaner
Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE- 2006- ...
Trackback by: Free Registry Cleaner | Wednesday, June 04, 2008
Comments
Very good site, congratulations!
Posted by: wamsutta | Tuesday, April 18, 2006
Hi,
I am Abhinav Kaiser and I was trying to find a way to contact you but I couldn't find any email on this website. Could you please email me at abhinavkaiser at gmail dot com.
thanks
Posted by: Abhinav Kaiser | Tuesday, May 02, 2006
I would like to express my deepest thanks to everyone who made this website!
It would be a pleasure if you add url of your site to my link directory.
Posted by: oliviajohnson | Monday, June 18, 2007
uv0clx3hgo95000i
Posted by: 66505 | Thursday, November 13, 2008