Windows Internals Books

If you’re into Windows technology you’ve most likely heard of Mark Russinovich. If you work with Windows, you’ve probably used the SysInternals tools written by Mark. If you’re looking for reading material on the Windows internal technologies, look no further than the following titles.

Mark Russinovich has also written lots of in depth articles found at Microsoft.com and other tech websites, I highly recommend reading his work.

WindowsInternals.com

Windows Internals Shortcuts Cheat Sheet

A few friendly visitors pointed out how handy knowing the name of the various MMC or Control Panel applications is. I couldn’t agree more, so I have created a downloadable PDF cheat sheet containing what is listed on this site. No need to memorize them now, just stick it on your wall or keep it in a handy location.
Windows Internals Shortcuts Cheat Sheet
Download the Windows Internals Shortcuts Cheat Sheet.pdf now.

WindowsInternals.com

The tasklist and taskkill Commands

If you’re used to the Unix command PS, then you might be interested to know that recent versions of Windows has a little known command called tasklist. It’s very similar to the Unix command that displays the list of running processes with an associated process ID (known as a PID). There is a relative of tasklist called taskkill, that can be used to kill a process from the command line.

Why is this useful? For starters, you get a much more detailed view of what is currently running on your system. The details are above and beyond what you can see using “Task Manager”, for example. These commands can also be easily scripted, which is useful for automation.

Here is some sample output displayed when the tasklist command is run:

C:\>tasklist
svchost.exe 3188 Console 0 4,180 K
OUTLOOK.EXE 968 Console 0 14,468 K
WINWORD.EXE 3344 Console 0 47,132 K
firefox.exe 212 Console 0 83,272 K
cmd.exe 1712 Console 0 2,760 K
tasklist.exe 3900 Console 0 5,756 K

To kill the firefox.exe task, all you have to do is enter:

C:\>taskkill /PID 212
SUCCESS: The process with PID 212 has been terminated.

There are many more options, simply type in taskkill /? for more information.

Note: If you’re looking for a GUI replacement for Task Manager, look no further than Mark Russinovic’s Process Explorer.

WindowsInternals.com

The systeminfo Command

Windows XP has a useful command for quick access to a lot of system information at the command line. It’s called “systeminfo” and it’s a very useful, little known command. I encourage any Windows user to become familiar with this command since it offers a wealth of summary information all in one place.

Give it a try, at the command prompt type:

systeminfo

If you’d like to save the output as a file, say for auditing purposes:

systeminfo > systeminfo.txt

This is particularly useful for scripting purposes, however this command does take a while to execute so keep that in mind.

WindowsInternals.com

Mapping Drive Letters to Local Folders with subst

This is a nice time saver when working with various versions of Windows from the command line. If you have a folder that you access regularly and it lives deep within a hierarchy, you can assign it a drive letter. Sure you could use a shortcut in the GUI, but this tip shines when you’re using the command line.

Just enter the subst command at the command prompt, replacing the drive letter and folder with your own values.

subst x: C:\AppServ\custom\app\data\logs

I can now CD into X: for quick access. Make sure that you choose a drive letter that will not conflict with other drives. If you’d like it to persist across reboots, create a batch file and drop it in your Startup folder.

If you’re mapping network shares, look into the net use command. I’ve heard reports of bugs using subst however it has worked for me reliably on several systems.

WindowsInternals.com

Fixing a Missing or Corrupt Control Panel (.cpl) or Management Console (.mmc) Item

Occasionally a Control Panel (a .cpl file) or Management Console (a .mmc file) item may become corrupt due to malware (malicious software such as a virus of spyware) infecting a system. To replace or restore the file, you can simply copy it from your installation media.

Note: There may be a copy of the missing file in the dllcache, but we will assume there isn’t.

UPDATE: Due to several requests, I’m working on some instructions explaining this process in more detail.

WindowsInternals.com

Fixing Network Problems by Reinstalling the Windows XP Network Stack

Hopefully, you’re using tools such as Process Explorer, Regmon and Filemon to troubleshoot your Windows problems, however every now and then you find the need to reinstall the network stack. This is especially true when you have “helper” applications that try and be helpful but end up breaking network access.

The command to do this is (where resetipstack.trace.log is the name of a log file):

netsh int ip reset resetipstack.trace.log

WindowsInternals.com

Fixing a Missing or Corrupt Windows Bootloader with fixmbr

If the Windows XP Bootloader gets erased or corrupted, you can repair it without a complete reinstall. Below describes how to do this.

Disclaimer: Attempt this at your own risk, I assume no responsibility for any data lost. You have been warned.

Boot from the Windows XP CDROM in to the “Recovery” prompt. If you have not set an Administrator password, leave it blank. The Windows XP documentation (Help and Support) has a section on the Recovery Console if you’d like to learn more. Also, it’s always worth running a command without any switches to see what the other options are, there is usually a help switch.

Then run:

bootcfg /rebuild
fixboot
fixmbr

WindowsInternals.com

Management Console Shortcuts

In theme with listing the Control Panel applet .cpl files, here are the Management Console .msc files (or MMC Snap-Ins). If you’re frequently working with Windows systems, these shortcuts can be quite handy. As with the Control Panel applets, they can be launched form the command line or from the run dialog.

Computer Management :: compmgmt.msc
Disk Management :: diskmgmt.msc
Device Manager :: devmgmt.msc
Disk Defrag :: dfrg.msc
Event Viewer :: eventvwr.msc
Shared Folders :: fsmgmt.msc
Group Policies :: gpedit.msc
Local Users and Groups :: lusrmgr.msc
Performance Monitor :: perfmon.msc
Resultant Set of Policies :: rsop.msc
Local Security Settings :: secpol.msc
Services :: services.msc
Component Services :: comexp.msc

WindowsInternals.com

Manually Registering and Unregistering DLL’s

When playing around with Windows, it’s handy to be able to quickly load and unload DLL’s. Here are the commands needed to do just that. These commands are run from the command prompt, however there is nothing stopping you from creating a shortcut that does the same thing.

Unregister a DLL:

REGSVR32 /U "C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLDMO.dll"

Register a DLL:

REGSVR32 "C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLDMO.dll"

WindowsInternals.com

« Older articles

No newer articles