Reading Windows System Files

By jhazard112 ·
I was just wondering if it is possible to read the system file? The file specifically that I am trying to read is C:\Windows\System32\Config\System. Obviously the last name in that string is the file name, but I have tried to open it with notepad so I can read it, but it is all garbage. I am trying to read it so that I know what it is in it. I keep getting a simple error of that file is corrupt. I have no where to replace it from unfortunately like Microsofts KB tells you to. I work in an enterprise enviroment and I was wondering, for the most part if I have two identical systems, if I can copy the system file from a known good working one. And use it on the system that is no longer functioning. If this is possible I wanted to go ahead and make sure that they look the same on the inside to make sure I wouldn't be violating anything. Also, would this be violating any licensing? Please any help is much appreciated.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

You cannot examine a LIVE file ...

by OldER Mycroft In reply to Reading Windows System Fi ...

The file you are referring to is at the very heart of the operating system you are currently using.

In finding this file using whichever file manager is your preference, then highlighting this file and attempting to access it by executing Notepad EACH UNDERLINED ACTION was being controlled (to a greater or lesser extent) by the very file you are trying to 'look' at.

In much the same way as you cannot Delete a file if it is still being used by another process, you also cannot Examine a file while it is in use.

The file you are talking about, is CONSTANTLY in RAM therefore not available to the User.

Try this:

You can attempt to repair this file by starting windows setup using the original setup CD-Rom. Select "r" at the first screen to start repair. Do NOT use an OEM "Recovery Disc". Only a valid Windows XP media will work or a disc from the OEM that says "Operating System" may sometimes work depending on how the manufacturer labeled the CD.

Collapse -

Oh I understand what your saying, but...

by jhazard112 In reply to You cannot examine a LIVE ...

I was trying to hook it up to a system via sata to usb. That way it wasnt being accessed by the system, unless while it is hooked up to via usb it would still access that file. I was unsure on that part as well. One other thing that makes this difficult is we are using a drive encryption software. We have to use the WinPE disc that was built by the company to access the drives. Unfortunately, running the windows recovery console will not work as the disc does not recognize the file system that is in place. Thanks for your post though it was informative.

Collapse -

Ahh Linux, what would we do without ya!!

by cmatthews In reply to Reading Windows System Fi ...

Boot with a live Linux such as Knoppix, rename the current file to SYSTEM.old and copy an earlier version of SYSTEM (from the RP folders) in \System Volume Information.

As for getting this from another system, don't.
The hash codes within the other SYSTEM file are likely different.

Collapse -

Not sure on one thing...

by jhazard112 In reply to Ahh Linux, what would we ...

What exactly are the hash codes? Are they tied to the serial numbers of different hardware parts within the system? The reason I ask as the systems that I would be swapping the files with are identical down to the type of RAM that they are using. Please let me know.

Collapse -

No tie to hardware. SID's get generated at install or duplicated..

by cmatthews In reply to Not sure on one thing... imaging (if that's how you roll-out configurations in your shop). SID's are XOR'ed somehow to codify the registry (especially the SAM). They change a little more when joined to a domain. Check the SID's of several domain machines on your network and compare. Use PsGetSid here:
This video's kind of cool..

Collapse -

Looks like a binary file

by Slayer_ In reply to Reading Windows System Fi ...

Unless you know the extract structure, short of a hex editor, I doubt you could read what is in it.

Related Discussions

Related Forums