Preparation

1. Start with a fully functional installation of Windows 98. In room 6359 your instructor will issue a rack mount hard drive to each student. At some point in the semester (usually the first lecture) Windows 98 will be installed onto this drive. Otherwise you can use Norton Ghost on the bootable Student CD-ROM labeled "Room 6359" to rapidly restore a full typical installation of Windows 98 on the drive.

2. Open a DOS box and perform the following instructions:

   C:\WINDOWS>copy command\attrib.exe .\attrib.bin
      1 file(s) copied.
   C:\WINDOWS>debug attrib.bin
   -a 100
   2180:0100 nop
   2180:0101 jmp 100
   2180:0103 (Hit [Enter] on the empty line here)
   -w
   Writing ????? bytes
   -q
   C:\WINDOWS>ren attrib.bin baddrv.sys
   C:\WINDOWS>cd \
   C:\>echo device=c:\windows\baddrv.sys >> config.sys
   
   

3. At this point a bad or corrupt driver has been created and set up for the system to attempt to load it at boot up from an instruction in the CONFIG.SYS file. This driver will lock up the system, simulating such a real world scenario in which Windows stays stuck on the "pretty clouds" splash screen.

  Procedures

4. Windows 98 provides a method of booting up the operating system in controlled ways so that problems can be either identified or circumvented so that access to the drive can be gained. In this way the operating system can either be repaired or important data files can be copied off to a safe location.

5. There are two ways to bring up the Boot Menu which will allow the user to undertake any of these alternate boot methods for the operating system. One way is to modify the MSDOS.SYS file so that it will display the Boot Menu. If the technician is working on a customer's PC, then this modification probably has not already been done. In this case the Menu can be requested from IO.SYS by pressing the [F8] key when the start up message "Starting Windows 98 . . ." appears. On modern systems it is best to get on the [F8] at the end of the POST because the window of opportunity to press the [F8] key is quite short.

6. Upon pressing the [F8] key IO.SYS will display the following screen:

   Microsoft Windows 98 Startup Menu
   
      1. Normal
      2. Logged (\BOOTLOG.TXT)
      3. Safe Mode
      4. Step-by-step confirmation
      5. Command prompt only
      6. Safe mode command prompt only
   
   Enter a choice: 1
   
   
   
   F5=Safe mode   Shift+F5=Command prompt   Shift+F8=Step-by-step confirmation [N]

7. There are two more menu items that can also appear depending on the individual machine's configuration. There can be a choice called "Safe Mode w/Network" or another choice that will appear if Windows was installed over a previous installation of DOS: "Previous version of DOS".

   Each choice will be briefly descibed:

   • "Normal" will proceed to boot the system as it normally does.
   • "Boot Logged (\BOOTLOG.TXT)" will cause Windows to record each boot process event in a file named BOOTLOG.TXT held in the root of the boot drive. This file can then be examined to try to find the cause fo the crash. It appears that Windows 98 has a bug in which it always creates a new, empty BOOTLOG.TXT on every boot up and records boot up events into it. This can be disabled but requires an undocumented command to be added to the MSDOS.SYS file...which cannot be accessed at this point because the system is crashing!
   • "Safe Mode" will bypass the CONFIG.SYS and AUTOEXEC.BAT files and it will also skip a large portion of the Registry. The system will use as many default device drivers as it can and in particular, the video drivers will be bypassed. This is done so that if they are faulty, corrupt, or have settings that render the screen unviewable, that the system can still be booted in a way in which the screen can be seen so that the settings or the drivers themselves can be changed.
   • "Step-by-Step Confirmation" is another powerful diagnostic boot up choice. This allows the technician to approve each driver one at a time. The system will ask "Load DRIVER.SYS [Y/N]?" and the technician can press [Y] for each one until the questions stop...that would be the driver that cuased the crash. The system can then be rebooted and when the question comes up for that driver it can be denied by pressing [N]. If the system proceeds to boot up, then the problem driver has at least been isolated. It can then be pursued to see where the reference resides (CONFIG.SYS, SYSTEM.INI, Registry, etc) It can also be researched on the Internet to see what it does and if it is part of the CABs or if it is a third party driver.
   • "Command Prompt Only" It is very important for the technician to understand the difference between "Command Prompt Only" and "Safe Mode Command Prompt Only" In this one the system will halt the Windows boot sequence at COMMAND.COM and both the CONFIG.SYS and the AUTOEXEC.BAT will be processed. You should also be aware that in the case of Windows 98 that both of these files have default entries that will be performed even if the files are not even present on the C: drive.
   • "Safe Mode Command Prompt Only" In this one the system will halt the Windows boot sequence at COMMAND.COM and both the CONFIG.SYS and the AUTOEXEC.BAT will be completely bypassed. This means that it will not execute any of the major Windows 98 default entries for these files either.

8. The difference between the last two choices is important to understand. Of greatest significance is the fact that "Safe Mode Command Prompt Only" will not load HIMEM.SYS. Because of this many real mode programs may fail to function because they depend on extended memory. SCANDISK is a notable example; it will not run without HIMEM.SYS. Also Windows cannot be manually launched without HIMEM.SYS having loaded.

9. Boot the system and notice that it locks up on the Windows splash screen. This screen is built into IO.SYS and is therefore somewhat deceptive in that IO.SYS is the one that has loaded and it is not indicative of whether or not WIN.COM or any part of Windows itself has begun to load by the time the freeze occured.

10. In this instance it is clear that something loads that causes the system to hang. It may be possible to isolate this action using the Step-by-Step Confirmation diagnostic boot method. Restart the system and as the BIOS screens finish press the [F8] key. IO.SYS will detect this as it loads and display the diagnostic boot menu shown above. Use the down arrow key to select the Step-by-Step Confirmation choice and then press [Enter].

11. IO.SYS will now present the user with these messages:

    Windows will prompt you to confirm each startup command.
    Process system Registry [Enter=Y,Esc=N]?_
    

12. It can be seen then that the Windows versions of IO.SYS will access the Registry. Specifically IO.SYS searches for SYSTEM.DAT and USER.DAT in the %hostwinbootdrv%:\%windir% location. These are Environmental variables. These two can be found in the file MSDOS.SYS. Under normal ciorcumstances Windows 98 will be installed into a folder named WINDOWS on the C: drive and this is indicated in these two variables that IO.SYS will read from MSDOS.SYS. IO.SYS at this point is concerned that the files exist and if they do it will open SYSTEM.DAT. If no more than one hardware profile exists then IO.SYS will use it to read any instructions within the hardware profile key to load any real mode drivers that might be needed. These are found in the Registry key:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet
    If multiple hardware profiles have been created then IO.SYS will present a small menu asking the user to select which one should be used at this point and it is related to the fact that Windows will not leave a CurrentControlSet key flagged for IO.SYS to use.

13. Answer "Y" to each prompt, by pressing the [Enter] key, taking careful note of what IO.SYS is being allowed to do at each step of the loading process. The next question is whether to keep a boot up log file called BOOTLOG.TXT. Answer "Y". The next question asks to process the CONFIG.SYS file; answer "Y". Now the first command within the CONFIG.SYS file itself is displayed that involves the loading of a driver:

    Create a startup log file (BOOTLOG.TXT) [Enter=Y,Esc=N]?Y
    Process your startup device drivers (CONFIG.SYS) [Enter=Y,Esc=N]?Y
    DEVICE=BADDRV.SYS [Enter=Y,Esc=N]?Y
    _
    

14. Answer "Y" and notice that the system immediately hangs. It is apparent that allowing the system to load BADDRV.SYS caused the crash and therefore this driver is the one that is causing the problem. Reset the machine and press [F8] at the end of the BIOS screens again and take the Step-by-Step Confirmation boot method again. This time answer "N" by pressing the [Esc] key to the request to load BADDRV.SYS and Windows will proceed to the desktop. Note that on these machines the last VxD (Windows Virtual Device Driver) that you are allowed to accept or deny is msmouse.vxd. If the system crashes after accepting this driver, it may not be at fault. The boot up process after this last driver may run into trouble in which various driver modules are being configured and initialized most likely from the Registry.

15. Step-by-Step confirmation allows the technician to identify the problem driver that is causing a crash and to bypass it on a second boot up attempt to see if the system will at least reach the desktop. Obviously BADDRV.SYS is a driver for nothing. It is understood that some device will be nonfunctional when a crashing driver is bypassed like this. The objective is to positively identify what is causing Windows to freeze in the early stages such that it will not reach the desktop in order to replace the file. See the tutorial on Using BOOTLOG.TXT and EXTRACT.EXE to find and replace a missing driver for further details on how to do this.

Copyright©2000-2007 Brian Robinson ALL RIGHTS RESERVED