Windows boot process questions.

mrbleh · Jan 10, 2026

Is there any detailed information on the order that windows loads? which files exactly load in which order? i know that the bootloader loads ntoskernel, and it takes over from there, but what else happens?

Long story short, my windows installation got corrupted and i "need" to save it without system restore, recovery image, or any other normal tool. (yes, I know i messed up by trying to save space back when i was bytepoor by not having these.)

my plan is to get a hash of all critical windows files, and see if i can find which one is corrupted by searching the hashes in a virus database. I've got a valid hash for the kernel and smss, but i dont know which other files i need to check.

The error message im getting is "CRITICAL PROCESS DIED" 0XEF. not 100% sure on the hex code, but 100% sure about the message. It seems to be making it past the bootloader, but doesn't start all the way up. safe mode does the same thing. sfc from the automatic recovery says it found errors and fixing them was successful, but windows crashes again on reboot.

Why I "need" to save this partition instead of just reinstalling like a normal person? I installed $1500 software that has a limited number of installations, and i dont want to waste one on this minor problem.

Rollback_Jockey · Jan 10, 2026

In-Place upgrade??

mrbleh · Jan 10, 2026

that only works if you log into windows. i tried that with an install iso.

john1955 · Jan 10, 2026

mrbleh said:
that only works if you log into windows. i tried that with an install iso.

Run the repair tool again and see if it finds any more problems. I had to run it FOUR times once and it fixed something different each time. Saved me from restoring a backup but at least I had one. It was windows 7 so your mileage may vary.

mrbleh · Jan 10, 2026

says it can't automatically repair. lists a log file named srttrail that says pending package update at the end, error code 0x4.

SIW2 · Jan 10, 2026

says pending package update at the end

try revertpending and restorehealth from booted media
in this example windows has letter E from booted media

Dism /Image:E:\ /Cleanup-Image /revertpendingactions

you could run checkhealth to see if it repairable

Dism /Image:E:\ /Cleanup-Image /CheckHealth

Dism /Image:E:\ /Cleanup-Image /RestoreHealth

zbook · Jan 10, 2026

Please run the Sea Tools bootable Long generic test > take a picture > post a share link

SeaTools | Seagate US

SeaTools - Quick diagnostic tool that checks the health of your drive.

www.seagate.com

If the Long generic test displays fail then backup important files and replace the drive.

If the Long generic test displays pass then boot to Windows RE > command prompt > type:

notepad
bcdedit
bcdedit | find "osdevice"

Post a share link

chkdsk /b /v W:

(change the drive letter to the drive letter displayed in the command result for the osdevice)

Make sure that the windows drive runs overnight while sleeping.

C:\WINDOWS\system32>chkdsk /b /v W:
The type of the file system is NTFS.
Cannot lock current drive.
Chkdsk cannot run because the volume is in use by another
process. Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N)

Type: Y

Reboot as needed.

SIW2 · Jan 10, 2026

If revertpending doesnt work you can try /removepackage for the offending package(s)

mrbleh · Jan 11, 2026

when i tried dism, i got an error initializing:

2026-01-11 06:12:37, Info DISM PID=3068 TID=1304 Scratch dire - Pastebin.com

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

pastebin.com

i need a running copy of windows to make that boot disk. i'll see if i can think of something

SIW2 · Jan 11, 2026

Are you sure your windows installation is on E ?

check if you can load the software hive and system hive
regedit > click hkey_local_machine > file> load hive > browse to your windows partition \windows\system32\config\software

give it a name e.g. soft and see if it loads in regedit

then do the same with system hive name it e.g. sys

FreeBooter · Jan 11, 2026

Try to restore your computer to date it was working using System Restore tool also use Startup Repair tool.

mrbleh · Jan 11, 2026

the registry files loaded. do the file sizes look sane for a 6+ year old installation?

john1955 · Jan 11, 2026

mrbleh said:
the registry files loaded. do the file sizes look sane for a 6+ year old installation?

My "software" is 5 times the size of yours the rest are comparable to mine that has very little use in 5 years and was an upgrade from Windows 10 that I hardy ever used except for Turbo Tax.
I have Turbo Tax (three years), Firefox, Office 2019, QCAD, Quickbooks Thunderbird email and a small graphics viewer. Ive never run a registry cleaner on mine. I had Autocad 2004 but it was a bit wonky so I uninstalled it a few days later (recently) That's probably of no help

mrbleh · Jan 11, 2026

if thats the case, i think my registry must have gotten corrupted. mine was also an upgrade of an upgrade. from windows 7, to 10, to 11. and ive hardly ever turned it off. i've installed at least 400 games, and 200 different pieces of regular software. i guess i will have to reinstall

SIW2 · Jan 11, 2026

dism reported
"Failed to open the key Microsoft\\Windows NT\\CurrentVersion."
Failed trying to determine the OS Version.

from the screenshot your software hive is only 256kb

If you havent got a backup in regback or somewhere else I dont know a way to fix that

Windows boot process questions.

New member

My Computer

Well-known member

My Computers

New member

My Computer

Jack of all trades

My Computers

New member

My Computer

Well-known member

My Computers

Well-known member

My Computer

Well-known member

My Computers

New member

My Computer

Well-known member

My Computers

Well-known member

My Computer

New member

My Computer

Jack of all trades

My Computers

New member

My Computer

Well-known member

My Computers