none
Windows 8.1 SOFTWARE registry hive load failed on Windows Server 2012

    Question

  • Hello,

    I am participated in custom Windwows Software backup/restore project development that requires load of Windows SOFTWARE/SYSTEM registry hives from target OS system drive connected to Windows system.

    On all Windows version except Windows 8.1 program works correctly but when host system (on that programm run on) is Windows Server 2012 or Windows 8 and target system is Windows 8.1 registry hive load failed with following error: 

    Failed to load f:\Windows\System32\config\software: [1009] The configuration registry database is corrupt.

    After run of 'chkdsk /r' error still remained. All requred security privileges (SE_BACKUP, SE_RESTORE) are applied. All systems are 64-bit.

    Generally even system registry editor (regedit) could not open SOFTWARE hive  from Windows 8.1 with following error:

    Cannot Load f:\Windows\System32\config\software: Error while loading hive.

    But when host system is Windows 7 or Windwos Server 2008 then SOFTWARE hive  loaded without any problem. 

    So is there some Windows 8/8.1 registry hives validation mechanism or additional security checks tha prevents load of registry hives fromother OS instance?

    Tuesday, March 11, 2014 8:17 AM

Answers

  • Hi,

    Did you mean that you load Windows 8.1 f:\Windows\System32\config\software file to Windows 8 or Windows Server 2012? It should have compatiblity problem.

    In addition, please check this file permission at Windows 8.1. Make sure your have rights to read it.


    Roger Lu
    TechNet Community Support

    Thursday, March 13, 2014 5:57 AM
    Moderator

All replies

  • Hi,

    Did you mean that you load Windows 8.1 f:\Windows\System32\config\software file to Windows 8 or Windows Server 2012? It should have compatiblity problem.

    In addition, please check this file permission at Windows 8.1. Make sure your have rights to read it.


    Roger Lu
    TechNet Community Support

    Thursday, March 13, 2014 5:57 AM
    Moderator
  • I am seeing the similar issue as OP mentioned.

    From WinPE I need to modify Computer name for Windows 8.1 based system offline method. So far, I was using Windows 7 based WinPE and able to do this by using offline registry edit (reg load Win8.1:SYSTEM registry hive>> change computer name >> reg unload). This method works for several years  on Win 7 Based Win PE

    Recently Win PE is moved to windows 8 based. Now the reg load command fails. The error message is "ERROR: The cofiguration registry database is Corrupt". I also seen exact issue if I use Windows 8.1 FULL OS instead Win 8 PE.

    I booted back to Windows 7 based WIn PE (also windows 7 Full OS) and I am able to load the above SYSTEM hive without any issues.

    Are there any settings needed for WIn 8.1 for reg load to work?

    Monday, April 21, 2014 6:32 PM
  • Are there any settings needed for WIn 8.1 for reg load to work?

    FWIW I would run ProcMon to find out what is going on.  You have two otherwise identical cases you could compare traces with, if necessary.


    Robert Aldwinckle
    ---

    Monday, April 21, 2014 6:56 PM
  • Thanks Robert for showing some light. I will run ProcMon and let you know if I can find something helpful.
    Monday, April 21, 2014 10:19 PM
  • Any update on this issue?  I see the same thing using WinPE 4 based system.  Using an older WinPE 3 based system, the hive mounted successfully.  Have you tried updating to WinPE 5?

    Update:

    I saved the software hive from a Win 8.1 machine to a removable drive, and then tried to use regedit on a full Win 8 box to load the hive but it failed.  Same thing happened trying to use regedit on a full Win 8.1 box.  Using a full Win 7 box, the hive loaded successfully. 

    Comparing the "orig" hive with the "recovered" hive (from Win 7 regedit successful load), the Primary Sequence Number (offset 4) does not match the Secondary Sequence Number (offset 8).  The other differences (besides timestamps) are the XOR-32 checksum (offset 508) and the first hive bin cell's parent key offset (offset 4148).

    Update 2:

    I was able to read the hive, modify the primary/secondary sequence number to match, recompute the checksum and write a new hive.  This new hive could be loaded via regedit.


    • Edited by JFinnegan Wednesday, May 7, 2014 3:31 PM
    Wednesday, May 7, 2014 10:34 AM
  • Sorry for later response. I was busy with other tasks.

    The procMon tool shows RegLoadKey is failed when it tried to load the hive on Windows 8.1 (8.1 based WinPE also). On Windows 7, I didn't see the error (Shows Success instead of REGISTRY CORRUPT). Once the hive is load & unloaded on Windows 7 OS, the check sum of the hive is changed, and I can load the updated hive with regedit in Windows 8.1 OS.

    "reg.exe","752","RegCloseKey","HKLM\SOFTWARE\Microsoft\SQMClient\Windows","SUCCESS",""
    "reg.exe","752","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
    "reg.exe","752","RegOpenKey","HKLM\Software\Microsoft\Rpc","SUCCESS","Desired Access: Query Value"
    "reg.exe","752","RegQueryValue","HKLM\SOFTWARE\Microsoft\Rpc\IdleTimerWindow","NAME NOT FOUND","Length: 144"
    "reg.exe","752","RegCloseKey","HKLM\SOFTWARE\Microsoft\Rpc","SUCCESS",""
    "reg.exe","752","QueryNameInformationFile","C:\Dhoni","SUCCESS","Name: \Dhoni"
    "reg.exe","752","RegQueryKeySecurity","HKLM","SUCCESS",""
    "reg.exe","752","RegLoadKey","HKLM\target1","REGISTRY CORRUPT","Hive Path: C:\Dhoni\SYSTEM1"


    • Edited by Ashok_ai Wednesday, May 7, 2014 9:24 PM
    Wednesday, May 7, 2014 9:22 PM
  •  JFinnegan - Good to know that you are able to update hive to make it work with regedit on Windows 8.1.

    Could you let me know how to modify primary/secondary sequence number and update new hive?


    Wednesday, May 7, 2014 9:28 PM
  • Using the info in https://googledrive.com/host/0B3fBvzttpiiSSC1yUDZpb3l0UHM/Windows%20NT%20Registry%20File%20%28REGF%29%20format.pdf, I wrote a program to read the entire hive into memory, compare the 32 bit value in offset 4 with the 32 bit value in offset 8.  If they are different, I set the 32 bit value in offset 8 to the 32 bit value in offset 4, recompute the XOR-32 value of 32 bit words from 0 to 126 and stored the result in 32 bit at offset 127.  I then wrote the updated hive back to the original.  You probably want to make a copy of the original prior to writing the new hive.

    Hope this helps.


    There probably is a better way to "recover" the hive (like WinPE 3) but I have no idea how.

    • Edited by JFinnegan Thursday, May 8, 2014 10:13 AM
    • Proposed as answer by Ashok_ai Friday, May 9, 2014 5:12 PM
    Thursday, May 8, 2014 9:12 AM
  • Thanks for the reference to the document and guidance. I will try the method you suggested next week.
    Friday, May 9, 2014 4:44 PM