Kernel Debugger to Fix Boot Completion Failure?

Topic

New Reply

Can anyone provide links, or help, with setting up a debugging operation in which one machine runs a kernel debugger, connected to a Windows XP machine booting in debug mode, so as to identify a missing file late in the boot process that causes the XP machine to hang?

I came to this approach to resolving my problem because the target machine has specially configured software that works a certain way that I cannot replicate on any other machine, and of course the configuration of that software is stored in the hanging machine’s Registry.  It boots almost all the way to the desktop — but not quite.

It boots normally through the Windows XP splash screen with the moving progress bar until the screen goes black, but then instead of the mouse cursor and then the desktop appearing, the screen remains black and the machine hangs.  I believe the cause is a broken system file that originally got cross-linked, and then was broken and deleted by CHKDSK /R

I was able to boot in boot-logging mode and then examine the log.  All the files that load in an identical working machine also load in the damaged machine.   Based on my understanding of the boot sequence in XP, I believe the existence of the boot log file establishes that the damaged file is one that loads after Session Manager starts.

I know little about debugging, but I understand it could in theory help lead me to the file requiring replacement.   However, it doesn’t sound easy to use, and I’d need some guidance.

Unless someone knows how to replace all the Windows system files in place without disturbing the Registry — !

Any help will be appreciated.

Thank you,
— AWRon

Reply | Quote

Replies

If you have a backup you can restore the registry to another machine and then open it to collect the required information.
Nirsoft OffLineRegistryView.

You can boot any of the free backup apps from their own boot USB / CD.

cheers, Paul

Reply | Quote

Hi Paul:

Your reply went by a little too fast for me — but it is intriguing. Perhaps you could help walk me through your thinking.

Meanwhile, here is what I am thinking:  the crippled drive is fully accessible.  It just won’t boot.  Looking at the NirSoft program, it looks like I could use it to pull the entire registry off the crippled machine, correct?

Working with a clone of the original failed drive, are you suggesting I could then do an overwrite reinstall into the same Windows system directory, thus replacing all system files, and then delete the new Registry and put back the one pulled off with Nirsoft?

That sounds like a terrific way of getting a full set of good system files onto the drive (presumably without disturbing any pre-existing program files), while saving everything related to configurations — unless there is some hitch I don’t understand.

Am I on the right track?

— Ron

Reply | Quote

Before you start we need some info.

Do you have a backup of the XP machine?
Do you have a bootable backup USB/CD?
Do you have an external USB hard disk?
Do you have another machine with plenty of disk space free? I assume it’s the one you post with.

cheers, Paul

Reply | Quote

Hi Paul:

Thanks for taking a deeper interest in my problem.  To answer your questions, I’ll lay out the setup:  I have available multiple identical complete machines, multiple identical or compatible hard drives, a bootable CD system disc with the same service pack level, Acronis drive cloning software, and multiple external USB drive bays.

I do not have a working clone backup of the failed disk, nor do I have an NT Backup of the recent pre-failure system state.

After the drive failed — and maybe after CHKDSK broke it further — I made a clone backup, on which all subsequent activity has taken place.  The clone is completely accessible in a USB bay, and displays the earlier described boot failure, right at the very last step in the boot process — as I say, after Session Manager loads.

I created the “identical working machine” referred to in the original post by using the manufacturer’s Restore disc on a bare metal drive to create an original XP 2002 installation, which I then upgraded to SP3 with a MS Service Pack 3 upgrade disc.  Automatic updates having been turned off from almost the beginning of the failed machine, the system files should be close.  I then ran boot logs on both machines, to establish that every file recorded in the “new,” good machine also booted in the machine that then goes  on to hang.

I was drawn to the debugging solution because of something I read in Mark Russinovich’s book, Windows Internals, 4th Edition, on page 868, which suggests that a Firewire 1394 cable can be used to connect the two machines instead of Serial COM2 at 19,200 Baud.  My machines in question all have these ports, and I have the cable.

But that’s the easy part — understanding debugging, and then going on to solve the problem might be a steep learning curve, especially compared to the kind of solutions I think you are proposing, which sound very simple and elegant, if I understand them correctly.

What else can I tell you, before you lay out more detail?

Regards,

— Ron

Reply | Quote

As the machines are identical you could try restoring the registry from the broken machine to the good machine.

Boot from backup USB.
Backup the good machine.
Restore the registry from the broken machine. See this article for file details.

cheers, Paul

Reply | Quote