How can I repair my NTFS-formatted drive after linking System Volume Information to $Extend?

  • Thread starter Thread starter JavadBayat
  • Start date Start date
J

JavadBayat

Guest
When I was examining the open handles to the internal hard drive E: using Process Explorer, it turned out that svchost.exe always has an open handle to $Extend\$ObjID. I coudn't gain access to $Extend in any ways, and I was looking for a way to forcibly gain access to it.

I thought, however, accessing this through a usual application is impossible, core operating system components like svchost.exe can.

I did the following:

1. I gained access to System Volume Information folder. Because there wasn't a security tab visible in its properties due to security reasons in Windows XP, I created a virtual drive with the following command:

subst X: "E:\System Volume Information"

I then modified the permission in the security tab of the properties window of the created virtual drive.

2. I deleted System Volume Information using Command Prompt.

3. Immediately I created a junction point using SysInternals junction utility, as follows:

junction "E:\System Volume Information" E:\$Extend

4. I restarted the system to take effect. While the system was shutting down, I saw an error message that appeared to be from svchost.exe:

"The instruction at [some number] referenced memory at [some number]. The memory could not be "read". Click OK to terminate the application."

Although I don't remember the error message accurately, the system was shut down even before I click OK. After the reboot, the system never booted up; it just got stuck at "Windows is starting up...".

Is there a way to solve the problem? Note that Safe Mode and Debugging Mode are not working for me eather.

Continue reading...
 
Back
Top