tinyapps.org / blog

Windows won't boot (or boots only once) after SSD upgrade #

TL;DR: BIOS update solved Windows 7 boot problems following SSD installation.

Installed a 960GB SanDisk SSD into a Dell Latitude E5510 and tried cloning the previous hard drive to it:

  1. Acronis True Image 2014 would not even begin cloning: "Clone Disk Operation Failed".
  2. AOMEI Backupper Standard 3.2 created an unbootable copy.
  3. MiniTool Partition Wizard Free 9.0 made a copy that booted once, and then would only boot to Startup Repair or, after enough meddling, to the Windows Boot Manager: "Windows failed to start ... File: \Windows\system32\winload.exe ... the application is missing or corrupt" (reproduced below in full monochrome CSS for your viewing pleasure). Replacing winload.exe with a new copy did not help. Attempts to repair, including with Easy Recovery Essentials, were futile. Tried cloning again, same result.
  4. EaseUS Todo Backup Free 8.8 was taking way too long; estimated time remaining kept increasing - cancelled.
  5. Paragon Drive Copy 15 Professional - same result as #3
  6. HDClone 6 - same result as #3

The SATA mode was never changed from its original setting (AHCI). At this point, RAID and ATA/IDE modes were attempted to no avail.

Next, a clean install of Windows 7 was made to the SSD. It booted once, but after some Windows updates were installed and the machine rebooted, would not start again (back to the same issues in #3 above.)

Contacted SanDisk on the off-chance that it was the drive or the firmware; they kindly sent a brand new (not refurbished) replacement in an unopened retail box. Tried a clean install to the new SSD; same result as before.

Finally it dawned on me ("One more coruscation, my dear Watson -- yet another brain-wave!") to try updating the BIOS. Sure enough, after updating from A05 to A10 and then A16, Windows booted up just fine. Cloned the old HDD with Paragon Drive Copy and that too worked perfectly.

In hundreds, if not thousands, of drive cloning operations over the years, it was the first time I had encountered a situation in which Windows would boot once and then fail on subsequent attempts. It was also one of the few times I had seen a BIOS update solve anything (UPDATE: Claus and Matt kindly inform me that they've found BIOS updates to be especially effective at resolving knotty problems, even those not typically associated with the BIOS). Lesson learned! May this pitiful account save some other soul time and toil.


Windows Boot Manager

Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:

1. Insert your Windows installation disc and restart your computer.
2. Choose your language settings, and then click "Next."
3. Click "Repair your computer."

If you do not have this disc, contact your system administrator or computer manufacturer for assistance.

File: \Windows\system32\winload.exe

Status: OxcOOOOOO1

Info: The selected entry could not be loaded because the application is missing or corrupt.

ENTER=Continue ESC=Exit


CSS props:

/windows | Oct 18, 2015

Robocopy replacement #

strarc.exe (Stream Archive) is
"a console backup/archive tool for Windows NT/2000/XP/2003/Vista/2008/7. It uses the same backup methods as the ntbackup or robocopy programs and thus backs up all information and meta data on an NTFS volume. The main difference is that strarc is free and open source and produces stream archives you can store on tapes, disks or anywhere else or it can create the archive stream to stdout so that it can be compressed easily using stream compression tools like gzip or bzip2. The command line switches and parameters are quite similar to the *nix tar utility and it can easily be used to clone an entire NTFS volume including everything, files, directories, their time stamps, attributes and security information, compression attribute, alternate data streams, junctions, hard links etc. It is now even possible to backup the registry database files of a running Windows system."

Here's a simple usage example from the documentation:

strarc.exe -cjd:C:\dir | strarc -xd:D:\dirbk

"This will clone the C:\dir directory tree to D:\dirbk but will not follow junctions in the C:\dir directory tree but instead clone the junction itself to the D:\dirbk location."
A few initial observations:
  1. Source code available separately here
  2. Attempting to clone a live system (even with the -r switch to "backup loaded registry database of the running system") to another drive failed to produce a bootable copy (after Startup Repair ran, Windows 8 booted to the login screen but stayed stuck on "Preparing Windows"), despite the promise of "How to backup a complete running Windows system" in the documentation (which does not cover shadow copies - see #3).
  3. However, using one of the command line shadow copy tools in conjunction with strarc reportedly works.
  4. While copying C: to E:, received a number of "Short names are not enabled on this volume" errors. Ran fsutil 8dot3name set e: 0 to resolve, though strarc also offers a "-w:8" switch which hides warnings when short 8.3 names cannot be restored.
  5. Need to update emcopy.exe post and Xcopy Windows to a new hard drive

More info:

/windows | Oct 12, 2015

Free and easy email migration from Thunderbird to Outlook #

Aid4Mail has long offered a fast and easy path from Thunderbird to Outlook (as illustrated in our 2005 review). However, there were few free and easy options until MailStore Home; it seamlessly handles importing from Thunderbird and exporting directly into Outlook. In fact, once your email is archived in MailStore Home, you may not need or want to export into Outlook at all, as the full-text search feature (including attachments) is very fast and PST files are a nightmare anyway.

/windows | Oct 09, 2015

That's a lot of gigabytes... #

Seen on a Windows 10 desktop today:

CCleaner Alert - Cleaning can save 13,808,924,507 GB of disk space

13,808,924,507 gigabytes is equal to 13.808924507 exabytes. Considering that "by the end of 1999, the sum of human-produced information (including all audio, video recordings, and text/books) was about 12 exabytes of data", this might take a little while.

/windows | Oct 01, 2015

BitLocker device encryption _requires_ giving Microsoft your recovery key (unless you're in a domain) #

While setting up a new Surface Pro 3 with a local user account under Windows 10 Pro, I noticed an unfamiliar icon on the C: drive - a yellow yield sign with an exclamation mark on top of an open padlock:

yellow yield sign with exclamation mark icon on C: drive

Thinking it might have something to do with encryption, I searched Settings for "BitLocker" and was directed to System > About where I found this:

You need a microsoft account to finish encrypting this device
You need a Microsoft account to finish encrypting this device

Hardly believing such a thing was possible, I turned to the Internet for answers; sadly, Microsoft confirmed the ugly truth (highlighting and missing comma added):

Unlike a standard BitLocker implementation, device encryption is enabled automatically so that the device is always protected ... If the device is not domain-joined, a Microsoft Account that has been granted administrative privileges on the device is required. When the administrator uses a Microsoft account to sign in, the clear key is removed, a recovery key is uploaded to online Microsoft account and TPM protector is created. Should a device require the recovery key, the user will be guided to use an alternate device and navigate to a recovery key access URL to retrieve the recovery key using their Microsoft Account credentials.

Cem Paya clarifies it rather succinctly:

Remembering that "not domain-joined" will apply to most consumer PCs for use at home, this translates to: for any Windows 8.1 machine that happens to have requisite TPM hardware, BitLocker disk encryption will be enabled with recovery keys escrowed to MSFT automatically.

At least Apple still has the decency to ask (for now?) if you want to give them your recovery key:


More information and updates:

/windows | Sep 21, 2015

Find out what process changed a registry key or value #

Process Monitor (and the deprecated RegMon) is swell for live monitoring of registry activity, but, if run for long periods, it will saturate the page file and stop capturing data.

In order to track down which process kept (vexingly) changing a registry value once or twice a day, Windows' built-in registry auditing was used:

  1. C:\>auditpol /set /subcategory:"Registry" /success:enable
  2. In regedit, right click key to monitor then click "Permissions..."
  3. "Advanced" > "Auditing" > "Add..."
  4. Everyone > OK > check both boxes to right of "Set Value" > OK x3
  5. Any value changes will be recorded to Windows Logs\Security in the Event Viewer, including the guilty process name

/windows | Sep 17, 2015

Outlook Today page is blank: FIXED! #

The Outlook Today page has been a trouble-spot for years. One of the most oft-reported problems is it appearing blank:


Not a single working solution could be found (short of creating a new Windows user account), nor was a tier 2 Microsoft support rep able to help resolve the issue.

Google and Microsoft having failed me, I was finally forced to stir my stumps.

(Very) long story short, deleting "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer" restored Outlook Today to its former glory.

Posted to the Microsoft Community for good measure. May the suffering cease!


With a bit more experimenting, I found that simply deleting the OUTLOOK.EXE name value (or changing its value data as explained below) in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION restored Outlook Today.

FEATURE_BROWSER_EMULATION "defines the default emulation mode for Internet Explorer". The value data of OUTLOOK.EXE was 2af8, which corresponds to IE 11. Changing it to 22b8 (which corresponds to IE 8) resolved the empty Outlook Today page as well. Here is the list of values from Microsoft for posterity:

UPDATE 2: Microsoft has posted this solution as a KB article: Outlook Today displays no information under section headings

/windows | Sep 11, 2015

Change the Windows 7 interface language #

Vistalizator is a portable app that helps you change the display language in any version of Windows Vista or 7 (inexplicably, Microsoft normally restricts this ability to Ultimate or Enterprise editions). Links to necessary MUI (Multilingual User Interface) files hosted at Microsoft and steps for creating a multi-language Windows DVD are also provided.

/windows | Aug 25, 2015

Sniffing encrypted traffic #

Fiddler Screenshot ("The free web debugging proxy for any browser, system or platform") has long been used for sniffing encrypted web traffic, but it requires full administrator access to install an untrusted root certificate for decryption to work (Tools > Fiddler Options... > HTTPS > etc) and the .NET Framework to run.

NetRipper ("Smart traffic sniffing for penetration testers") requires neither. It is "a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption." Further, "NetRipper should be able to capture network traffic from: Putty, WinSCP, SQL Server Management Studio, Lync (Skype for Business), Microsoft Outlook, Google Chrome, Mozilla Firefox. The list is not limited to these applications but other tools may require special support."

Here's a simple example of it in action:
  1. Launch Google Chrome
  2. Open cmd.exe (no need for elevated command prompt), cd to the NetRipper directory and run:
    C:\Release>NetRipper.exe DLL.dll chrome.exe
    Trying to inject DLL.dll in chrome.exe
    Reflective injected in: 2880
    Reflective injected in: 2992
    Reflective injected in: 3096
  3. Login to GMail account in Chrome
  4. NetRipper saves data to %temp%\NetRipper by default (on most systems, this will be C:\Users\username\AppData\Local\Temp\NetRipper):
    C:\Release>dir %temp%\NetRipper /B
  5. Search for the string "Passwd":
    C:\Release>findstr Passwd %temp%\NetRipper\2880_chrome.exe_SSL_Write.txt
Fiddler: NetRipper:

/windows | Aug 15, 2015

Migrating email from Windows Live Mail (eml) to Apple Mail (mbox) #

  1. Install Thunderbird
  2. Open Thunderbird and cancel the automatic setup
  3. Install ImportExportTools
  4. File > Offline > Work Offline
  5. Tools > Account Settings > Account Actions > Add Mail Account... > enter any name, address, and password > Continue > Advanced config > OK
  6. Select the Inbox folder in the left-hand pane
  7. Tools > ImportExportTools > Import all messages from a directory > also from its subdirectories > browse to Windows Live Mail top folder (e.g., C:\Users\user\AppData\Local\Microsoft\Windows Live Mail) > Select Folder
  8. The import process will begin and progress will be displayed in the status bar at bottom
  9. Tools > ImportExportTools > Options > Export directories > check "Export folders as MBOX file" and select a destination directory > OK
  10. Select the desired top mail folder in Thunderbird
  11. Tools > ImportExportTools > Export folder with subfolders (with structure)
  12. The export process will begin. Unlike the import process, progress is not displayed.
  13. When the export is complete, copy the exported data to the Mac and import into Mail (File > Import Mailboxes... > Thunderbird > etc.)

/windows | Aug 12, 2015

Subscribe or visit the archives