Windows boot & disk repairing toolkit
Recently I had the doubtful pleasure of trying to fix a blue screen in my Windows laptop. I learned a lot, tried tens of scenarios, but nonetheless I failed to repair it. This post contains a list of the tools I used to recover the system and some hints on how to deal with various problems. I will try to answer the following questions:
What is MBR and GPT? How to rebuild BCD and fix MBR? How to clone a partition or disk to another disk or file? How to remove and create partitions? How to remove Windows Update leftovers?
Table of contents
BIOS, UEFI, MBR & GPT
UEFI (Unified Extensible Firmware Interface) is a successor of BIOS (Basic Input/Output System) created in 2005.
BIOS uses MBR (Master Boot Record) disk partition scheme. MBR takes the first sector (512 bytes) of the disk, before the first partition, and consists of:
Note: I'll soon be sharing short, practical tips on Angular — a good way to pick up something new if you're interested.
- 446 bytes of bootstrap code
- 64 bytes for partition table (describes 4 partitions using 16 bytes each)
- 2 magic bytes
An extensive source of details on the logical structure of disks, though not up to date (includes details about floppies!) can be found here.
UEFI supports MBR but primarily uses GPT (GUID Partition Table), which allows for disks larger than 2 TB and with more partitions. There is a simple way to detect if your disk uses MBR or GPT in Windows and Linux.
GPT disk partition scheme consists of:
- 512 bytes of so-called Protective MBR for partial backward compatibility
- 512 bytes of Primary GPT Header
- 512 bytes of descriptions per every 4 partitions
- at the end of disk, there is a copy of GPT called Secondary GPT Header
More information about GPT can be found i.a. here and here.
Toolkit
Warning
Most of these commands may damage your file system. These commands are suitable only for advanced users. Use at your own risk!
Windows and Linux ISO
If you don’t have the installation media, Microsoft provides Windows ISO for download:
As for a live versions of Linux (bootable from USB), you can try:
- LinuxLive – choose and install virtually any Linux distribution
- Kaspersky Rescue Disk – relatively small (600 MB) Linux distribution with basic tools and Kaspersky antivirus able to scan disk
And finally, below I listed some tools to create a bootable USB drive from those images. Note that if you cannot create an image using one tool, try another – it may work better.
- Windows USB/DVD Download Tool – it has problems with locked pendrives and requires installation
- UNetbootin
- Win32 Disk Imager
Windows Toolkit
Recovery tools
There are a couple of useful command line tools available in the Windows Recovery Environment (WinRE).
Remember than WinRE enumerates partitions differently than when Windows is running, so some drives may have other letters than usual. This is not an error and don’t fix it ;).
Show and edit disks, partitions:
# diskpart
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: SONY
DISKPART> list disk
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 111 GB 0 B
Disk 1 Online 29 GB 18 GB
DISKPART> list volume
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D System Rese NTFS Partition 100 MB Healthy
Volume 1 C NTFS Partition 111 GB Healthy System
DISKPART> select disk 0
Disk 0 is now the selected disk.
DISKPART> list partition
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 111 GB 101 MBIdentify partitions: at some point, it is necessary to know which partition contains the bootloader and which contains the Windows installation. There are probably some more reliable ways, but I first list all partitions (diskpart –> list volume). By checking Type (Partition) and Size of partitions I identify the probable partitions:
# diskpart
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: SONY
DISKPART> list volume
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 C System Rese NTFS Partition 350 MB Healthy
Volume 2 D SYSTEM NTFS Partition 111 GB Healthy
Volume 3 F NTFS Removable 3744 MB HealthyPartitions C:\ and D:\ look interesting. The one with Boot (hidden) folder is the system partition, the one with the Windows folder is the Windows installation partition (boot partition):
# dir C:\Boot
# dir D:\Boot
# dir C:\Windows
# dir D:\WindowsNotepad – the notepad command is available to make some notes or open log files (notepad c:\dism.log).
Check disk – scan disk, repair errors and bad sectors:
# chkdsk /RCheck the integrity of the protected system files:
# sfc /scannow /offbootdir=D:\ /offwindir=E:\Windowswhere D:\ is the boot drive letter and E:\Windows is the folder where Windows is installed. You can use /verifyonly instead of /scannow to disable automatic repairs, but the scan log will not be saved or available – you will just get the information if there are errors or not.
There is a way, however, to save the log file. Type the following command before running sfc:
set WINDOWS_TRACING_LOGFILE=E:\Temp\CBS.logwhere E:\Temp is an existing folder on your Windows disk. After sfc is done (and despite the error message), open the log file E:\Temp\CBS.log to view the details.
You may find the sfc command failing to fix the corrupt files. In this case, you may try starting the recovery console from a Windows installation disk but (probably) only in case you have Windows 8 or Windows 10. Then issue one of these commands:
# dism /Image:E:\ /Cleanup-Image /RestoreHealth /ScratchDir:E:\Temp /Source:d:\sources\install.wim /LimitAccess
- OR -
# dism /Image:E:\ /Cleanup-Image /RestoreHealth /ScratchDir:E:\Temp /Source:wim:d:\sources\install.wim:1 /LimitAccessThe second command is useful if there is more than one installation version available (see this chapter for details). Explanation of the parameters:
/Image– disk with Windows/RestoreHealth– fix system files/ScratchDir– if the command warns of insufficient space for a scratch directory, use this parameter to point to any temporary folder in your Windows drive/Source– path to theinstall.wimfile in your Windows installation disk/LimitAccess– offline mode
More information can be found in the documentation.
Registry
Yes, regedit.exe is available in the Recovery Console. However, there is an important difference: the Registry in Recovery Console works in offline mode. It will load some keys, but these are not the keys from your Windows.
Run regedit.exe. Select Computer > HKEY_LOCAL_MACHINE and choose the menu File > Load Hive. Open e:\Windows\System32\config\SOFTWARE and name it for example ext_SOFTWARE (where E:\ is the disk your Windows is installed). Now you have loaded your Windows’ HKEY_LOCAL_MACHINE\Software key to the Registry. Repeat these steps to load any other hive, e.g. SYSTEM.
After you’ve queried or modified the Registry, unload the hive. Select ext_SOFTWARE and choose the menu File > Unload Hive to save changes. Repeat these steps for any other hive you loaded.
It is also possible to load and unload the hive using a command line:
# reg load HKLM\ext_SOFTWARE E:\Windows\System32\Config\Software
...
# reg unload HKLM\ext_SOFTWARENote that once an offline hive is loaded, it is possible to query it using command line tools, e.g.:
# reg query "HKLM\ext_SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v DigitalProductIdFix Master Boot Record (MBR)
If the Windows boot loader does not start and you see information like:
Operating System not found
- or -
No bootable medium found! System halted.then it is possible that the Master Boot Record is damaged. There are several commands available for help:
# bootrec /FixMbrBootrec will save the MBR compatible with your Windows to the system partition. It will not overwrite the partition table, so it’s a quite safe command provided that your system partition is correct and you use the same installation media version as your Windows.
Another option is using bootsect (it will update the boot sector as well):
# bootsect /nt60 SYS /mbrThis command is compatible with Windows Vista, 7 and 8 – I’m not sure about Windows 10. SYS denotes the system partition (with the Boot folder); you can provide a drive letter like C:\ instead. More details about this command can be found in the documentation.
Fix Boot sector
The next boot data record is located in the system partition. Again, it can be rewritten, especially if you see errors related to NTLDR or Bootmgr.exe:
# bootrec /FixBootAnother option is using bootsect:
# bootsect /nt60 SYSThis command is compatible with Windows Vista, 7 and 8 – I’m not sure about Windows 10. SYS denotes the system partition (with the Boot folder); you can provide a drive letter like C:\ instead. More details about this command can be found in the documentation.
Fix Boot Configuration Data (BCD)
If you cannot see Windows is starting or cannot select any Windows installation in the boot loader, then the Boot Configuration Data (BCD) is probably damaged. This data contains the list of available Windows installations and can be edited using some tools.
First, make a backup of the configuration:
# bcdedit /export C:\BCD.bakLater it ill be possible to import it with the /import flag.
# bootrec /ScanOsThis command will try to find Windows installations other than the ones already listed in BCD. So if you see Total identified Windows installations: 0 then it doesn’t mean that’s bad. If there were some new installations found, you can add them to BCD by calling:
# bootrec /RebuildBcdIf there were none, but you still want to recreate BCD, use the official steps from Microsoft:
- go to the boot drive (see above how to identify it):
c: - go to the Boot folder:
cd Boot - unhide the
bcdconfiguration file:attrib bcd -s -h -r - rename it instead of deleting:
ren bcd bcd.old - now rebuild BCD:
bootrec /RebuildBcd
There are two more tools for modifying BCD.
In order to manually add a Windows installation to BCD, run bcdboot with some parameters. Refer to the manual for details.
Finally, to edit every aspect of BCD, use BCDedit. Run the command without parameters to display the current BCD table:
# bcdedit
Windows Boot Manager
---------------------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale pl-PL
inherit {globalsettings}
default {current}
resumeobject {b8762182-b914-11e9-ba75-f9f4b7ad4c68}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Windows Boot Loader
---------------------------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale pl-PL
inherit {bootloadersettings}
recoverysequence {b8762184-b914-11e9-ba75-f9f4b7ad4c68}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {b8762182-b914-11e9-ba75-f9f4b7ad4c68}
nx OptInThe /export and /import flags were mentioned above. For the other options refer to the manual.
Copy files
xcopy <from> <to> /O /X /E /H /KExplanation of the switches:
/E– Copies folders and subfolders, including empty ones/H– Copies hidden and system files also/K– Copies attributes. Typically, Xcopy resets read-only attributes/O– Copies file ownership and ACL information/X– Copies file audit settings (implies /O)
Other useful switches:
/C– Continues copying even if errors occur/R– Overwrites read-only files/Y– Overwrites existing files without asking
robocopy <from> <to> /E /COPYALL
robocopy <from> <to> /MIR /COPYALL /R:0 /W:0Explanation of the switches:
/E– Copies directories, including empty ones/COPYALL– Copies all file information (date, permissions, attributes)/MIR– Mirrors <from> in <to>, adding new files and folders and removing folders which aren’t present in the source/R:0– 0 retries for read/write failures – this causes skipping errors/W:0– 0 seconds between retries
Delete folders
Sometimes this single command, though ending with error, was able to recursively delete all subfolders and files in the current folder:
RMDIR /S /Q .Explanation of the switches:
/Q– Quiet mode, won’t prompt for confirmation to delete folders./S– Run the operation on all folders of the selected path.
If it fails, first delete all files (recursively):
DEL /F /Q /S *.* > NULExplanation of the switches:
/F– Force deleting of read-only files./Q– Enables quiet mode which doesn’t ask for confirmations./S– Delete the files from all subdirectories.*.*– Delete all files.> NUL– Disable console output which improves performance.
Then delete all (empty) folders:
RMDIR /S /Q *.*Open image file
It is possible to open the image file created by dd (which I described later in Linux Toolkit). An example of free software that can do this is ImDisk. If you saved one partition to a file, this command will mount it as a drive letter:
# imdisk -a -t file -f e:\partition.img -m #: -o roExplanation of the switches:
-a– attach disk-t file -f <path>– disk from file-m #:– assign the first available drive letter to it-o ro– mount in read-only mode
If the entire disk was saved, just specify the partition number you want to mount after -v:
# imdisk -a -t file -f e:\disk.img -m #: -o ro -v 2List all mounted images:
# imdisk -lUnmount:
# imdisk -d -m F:Linux Toolkit
List available disks:
# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
loop0 7:0 0 126.8M 1 loop /livemnt/squashfs
loop1 7:1 0 97.1M 1 loop /livemnt/mntextra/000-core.srm
loop2 7:2 0 27.5M 1 loop /livemnt/mntextra/001-xorg.srm
loop3 7:3 0 60.1M 1 loop /livemnt/mntextra/002-xfce.srm
loop4 7:4 0 192K 1 loop /livemnt/mntextra/003-kl.srm
loop5 7:5 0 11.4M 1 loop /livemnt/mntextra/004-krt.srm
loop6 7:6 0 146.1M 1 loop /livemnt/mntextra/005-bases.srm
loop7 7:7 0 50.6M 1 loop /livemnt/mntextra/008-firefox.srm
sda 8:0 0 298.1G 0 disk
├─sda1 8:1 0 350M 0 part /mnt/KRD2018/Volumes/sda1
└─sda2 8:2 0 297.8G 0 part /mnt/KRD2018/Volumes/sda2
sdb 8:16 0 111.8G 0 disk
├─sdb1 8:17 0 350M 0 part /mnt/KRD2018/Volumes/sdb1
└─sdb2 8:18 0 111.5G 0 part /mnt/KRD2018/Volumes/sdb2
sdc 8:32 1 3.7G 0 disk /livemnt/boot
├─sdc1 8:33 1 2.8M 0 part
└─sdc2 8:34 1 512B 0 part
sr0 11:0 1 1024M 0 rom Mount disk:
# mkdir /mnt/sda1
# mount /dev/sda1 /mnt/sda1List mounted drives:
# mount
...
/dev/sda1 on /mnt/KRD2018/Volumes/sda1 type fuseblk (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other,blksize=4096)
/dev/sda2 on /mnt/KRD2018/Volumes/sda2 type fuseblk (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other,blksize=4096)
/dev/sdb1 on /mnt/KRD2018/Volumes/sdb1 type fuseblk (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other,blksize=4096)
/dev/sdb2 on /mnt/KRD2018/Volumes/sdb2 type fuseblk (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other,blksize=4096)Unmount disk:
# umount /dev/sda1List partitions:
# parted -l
Model: ATA FUJITSU MHZ2320B (scsi)
Disk /dev/sda: 320GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:
Number Start End Size Type File system Flags
1 1049kB 320GB 320GB primary ntfs
Model: Samsung SSD 840 EVO 120G (scsi)
Disk /dev/sdb: 120GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:
Number Start End Size Type File system Flags
1 1049kB 368MB 367MB primary ntfs boot
2 368MB 120GB 120GB primary ntfsList partitions:
# fdisk -l /dev/sda
Disk /dev/sda: 298.1 GiB, 320072933376 bytes, 625142448 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x676bde57
Device Boot Start End Sectors Size Id Type
/dev/sda1 * 2048 718847 716800 350M 7 HPFS/NTFS/exFAT
/dev/sda2 718848 625139711 624420864 297.8G 7 HPFS/NTFS/exFATCreate, remove partitions: I removed all partitions and created a non-bootable single partition: Use fdisk again and the following useful commands:
p– print tabled– delete partitionn– create partitiont– set partition type
# fdisk /dev/sda
Welcome to fdisk (util-linux 2.30.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command (m for help): p
Disk /dev/sda: 298.1 GiB, 320072933376 bytes, 625142448 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x676bde57
Device Boot Start End Sectors Size Id Type
/dev/sda1 * 2048 718847 716800 350M 7 HPFS/NTFS/exFAT
/dev/sda2 718848 625139711 624420864 297.8G 7 HPFS/NTFS/exFAT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command (m for help): d
Partition number (1,2, default 2):
Partition 2 has been deleted.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command (m for help): d
Selected partition 1
Partition 1 has been deleted.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command (m for help): p
Disk /dev/sda: 298.1 GiB, 320072933376 bytes, 625142448 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x676bde57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command (m for help): n
Partition type
p primary (0 primary, 0 extended, 4 free)
e extended (container for logical partitions)
Select (default p): p
Partition number (1-4, default 1):
First sector (2048-625142447, default 2048):
Last sector, +sectors or +size{K,M,G,T,P} (2048-625142447, default 625142447):
Created a new partition 1 of type 'Linux' and of size 298.1 GiB.
Partition #1 contains a ntfs signature.
Do you want to remove the signature? [Y]es/[N]o: y
The signature will be removed by a write command.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command (m for help): p
Disk /dev/sda: 298.1 GiB, 320072933376 bytes, 625142448 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x676bde57
Device Boot Start End Sectors Size Id Type
/dev/sda1 2048 625142447 625140400 298.1G 83 Linux
Filesystem/RAID signature on partition 1 will be wiped.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command (m for help): t
Selected partition 1
Hex code (type L to list all codes): L
0 Empty 24 NEC DOS 81 Minix / old Lin bf Solaris
1 FAT12 27 Hidden NTFS Win 82 Linux swap / So c1 DRDOS/sec (FAT-
2 XENIX root 39 Plan 9 83 Linux c4 DRDOS/sec (FAT-
3 XENIX usr 3c PartitionMagic 84 OS/2 hidden or c6 DRDOS/sec (FAT-
4 FAT16 <32M 40 Venix 80286 85 Linux extended c7 Syrinx
5 Extended 41 PPC PReP Boot 86 NTFS volume set da Non-FS data
6 FAT16 42 SFS 87 NTFS volume set db CP/M / CTOS / .
7 HPFS/NTFS/exFAT 4d QNX4.x 88 Linux plaintext de Dell Utility
8 AIX 4e QNX4.x 2nd part 8e Linux LVM df BootIt
9 AIX bootable 4f QNX4.x 3rd part 93 Amoeba e1 DOS access
a OS/2 Boot Manag 50 OnTrack DM 94 Amoeba BBT e3 DOS R/O
b W95 FAT32 51 OnTrack DM6 Aux 9f BSD/OS e4 SpeedStor
c W95 FAT32 (LBA) 52 CP/M a0 IBM Thinkpad hi ea Rufus alignment
e W95 FAT16 (LBA) 53 OnTrack DM6 Aux a5 FreeBSD eb BeOS fs
f W95 Ext'd (LBA) 54 OnTrackDM6 a6 OpenBSD ee GPT
10 OPUS 55 EZ-Drive a7 NeXTSTEP ef EFI (FAT-12/16/
11 Hidden FAT12 56 Golden Bow a8 Darwin UFS f0 Linux/PA-RISC b
12 Compaq diagnost 5c Priam Edisk a9 NetBSD f1 SpeedStor
14 Hidden FAT16 <3 61 SpeedStor ab Darwin boot f4 SpeedStor
16 Hidden FAT16 63 GNU HURD or Sys af HFS / HFS+ f2 DOS secondary
17 Hidden HPFS/NTF 64 Novell Netware b7 BSDI fs fb VMware VMFS
18 AST SmartSleep 65 Novell Netware b8 BSDI swap fc VMware VMKCORE
1b Hidden W95 FAT3 70 DiskSecure Mult bb Boot Wizard hid fd Linux raid auto
1c Hidden W95 FAT3 75 PC/IX bc Acronis FAT32 L fe LANstep
1e Hidden W95 FAT1 80 Old Minix be Solaris boot ff BBT
Hex code (type L to list all codes): 7
Changed type of partition 'Linux' to 'HPFS/NTFS/exFAT'.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command (m for help): p
Disk /dev/sda: 298.1 GiB, 320072933376 bytes, 625142448 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x676bde57
Device Boot Start End Sectors Size Id Type
/dev/sda1 2048 625142447 625140400 298.1G 7 HPFS/NTFS/exFAT
Filesystem/RAID signature on partition 1 will be wiped.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Re-reading the partition table failed.: Device or resource busy
The kernel still uses the old table. The new table will be used at the next reboot or after you run partprobe(8) or kpartx(8).The last message meant I did it while the disk was mounted. Unmount the disk (umount /dev/sda1, umount /dev/sda2) and write the table again:
# fdisk /dev/sda
Welcome to fdisk (util-linux 2.30.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.Quick format as NTFS:
# mkfs.ntfs -f /dev/sda1
Cluster size has been automatically set to 4096 bytes.
Creating NTFS volume structures.
mkntfs completed successfully. Have a nice day.Make a copy of the entire disk:
# dd if=/dev/sdb of=/dev/sda bs=1M status=progress
120013717504 bytes (120 GB, 112 GiB) copied, 5288 s, 22.7 MB/s
114473+1 records in
114473+1 records out
120034123776 bytes (120 GB, 112 GiB) copied, 5288.89 s, 22.7 MB/sThis command overwrites disks/files without confirmation. Triple check the parameters (if – source, of – destination) before running it!
If you want to ignore errors, add the following parameters: conv=noerror,sync.
To clone a partition onto a partition, use /dev/sdb1 instead of /dev/sdb. Partition can be used as a source, destination or both.
Similarly, a disk or partition can be cloned to or from a file. Just provide the path to the image file instead of a device:
# dd if=/dev/sdb of=sda1/HP-SSD-2019-08.img bs=1M status=progressList contents of image file:
# fdisk -l sda1/HP-SSD-2019-08.img
Disk sda1/HP-SSD-2019-08.img: 111.8 GiB, 120034123776 bytes, 234441648 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x0a01bc3
Device Boot Start End Sectors Size Id Type
sda1/HP-SSD-2019-08.img1 * 2048 718847 716800 350M 7 HPFS/NTFS/exFAT
sda1/HP-SSD-2019-08.img2 718848 234438655 233719808 111.5G 7 HPFS/NTFS/exFATMount the image file: in order to mount the second partition contained in the above image file, multiply sector size by start sector: 512 * 718848 = 368 050 176, and provide that value in the offset parameter:
# mount -o ro,loop,offset=368050176 sda1/HP-SSD-2019-08.img /mnt/imgBackup and restore MBR and partition data:
Check the information here.
Remove Windows update leftovers
Sometimes Windows Update installations fail such that they start over and over with every boot, preventing it from finishing. In this case, removing the pending files may help.
Try with the DISM command:
# DISM /Image:E:\ /Cleanup-Image /RevertPendingActionswhere E:\ is the disk with Windows. This command will try to check and revert pending Windows Update patches. More information can be found in the official documentation.
Files
Delete:
- all content of
e:\Windows\Temp\* - all content of
e:\Users\<user>\AppData\Local\Temp\* - the folder
e:\Windows\WinSxS\Temp\ - the file
e:\Windows\WinSxS\cleanup.xml - the files
e:\Windows\WinSxS\*pending.xml - the folder
e:\Windows\SoftwareDistribution\ - the folder
e:\Windows\System32\catroot2\
Security
If you fail to remove a file from other Windows installation’s folder when you are in a running Windows system due to insufficient permissions, try doing as follows:
- right-click the file/folder and select Properties
- go to the Security tab and click Advanced
- go to the Owner tab and click Edit (or Other users)
- enter your account’s name and click OK
- keep clicking OK to close all windows, open the properties again
- again, go to the Security tab and click Advanced
- click Change permissions, click Add
- enter your account’s name, click OK, select Allow – Full control and again OK
- check the option Replace all child object permission… and click OK
From the Registry
Please remember to load before and unload the hive after the changed – details can be found in the previous Registry chapter. Load SYSTEM and SOFTWARE hives.
Now look for the following entries:
HKEY_LOCAL_MACHINE\ext_SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing, remove theRebootPendingvalue if presentHKEY_LOCAL_MACHINE\ext_SOFTWARE\Microsoft\Windows\CurrentVersion\Installer, remove theInProgressvalue if presentHKEY_LOCAL_MACHINE\ext_SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts, remove all values except the(Default)HKEY_LOCAL_MACHINE\ext_SYSTEM\ControlSet001\Control\Session Manager, remove thePendingFileRenameOperationsvalue if present
Getting information
Disable automatic restart after crash
If the blue screen appears for a fraction of second and you can’t check the error message, you can disable automatic restarts after errors.
To do so, run the regedit.exe, connect the SYSTEM hive (see the previous chapter for details) and set AutoReboot = 0 in ext_SYSTEM\ControlSet001\Control\CrashControl.
How to get the current Windows’ product key?
If Windows is running, use one of the methods described in that link.
If Windows is offline and you are connected via a Recovery Console, copy the SOFTWARE Registry file to another computer and attach it to the Registry using the method described in the Registry chapter. Next, use the VBS script listed among the options in the above link and modify the path in RegRead to the attached hive, for example:
MsgBox ConvertToKey(WshShell.RegRead("HKLM\ext_SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId"))Find ISO Windows version
You may be curious what is the contents of a Windows installation ISO disk. There is a quick method to verify that.
First, open the ISO image:
- if you can double click the ISO file to mount it, you are done
- otherwise use a tool to mount images, e.g. ImDisk:
imdisk -a -t file -m #: -o ro -f Win8.1_English_x64.iso(the command was described previously) - alternatively, burn the ISO to DVD disk or flash drive and then attach it
Let’s assume that the ISO image is mounted as the G:\ drive. The first command will list all available installation versions:
# dism /Get-WimInfo /WimFile:G:\sources\install.wim
Deployment Image Servicing and Management tool
Version: 6.1.7601.24499
Details for image : G:\sources\install.wim
Index : 1
Name : Windows 8.1 Pro
Description : Windows 8.1 Pro
Size : 13 185 962 705 bytes
Index : 2
Name : Windows 8.1
Description : Windows 8.1
Size : 13 116 079 066 bytes
The operation completed successfully.If the install.wim file is not present, try with boot.wim
There are two installation images available, at index 1 and 2. You can query either using the /Index parameter to get the build version:
# dism /Get-WimInfo /WimFile:G:\sources\install.wim /Index:1
Deployment Image Servicing and Management tool
Version: 6.1.7601.24499
Details for image : G:\sources\install.wim
Index : 1
Name : Windows 8.1 Pro
Description : Windows 8.1 Pro
Size : 13 185 962 705 bytes
Architecture : x64
Hal : acpiapic
Version : 6.3.9600
ServicePack Build : 17415
ServicePack Level : 0
Edition : Professional
Installation : Client
ProductType : WinNT
ProductSuite : Terminal Server
System Root : WINDOWS
Directories : 18805
Files : 104794
Created : 2014-11-21 - 19:07:26
Modified : 2014-11-21 - 19:08:09
Languages :
en-US (Default)
The operation completed successfully.Find current Windows version
Again, there is a multitude of options.
However, the thing that is working in the offline system, is connecting the SOFTWARE hive to the Registry and checking the ext_SOFTWARE\Microsoft\Windows NT\CurrentVersion values. Check the Registry chapter about how to load and unload offline Registry.