Windows boot & disk repairing toolkit

Windows boot & disk repairing toolkit

Recently I had the doubtful pleasure of trying to fix a blue screen in my Windows laptop. I learned a lot, tried tens of scenarios, but nonetheless I failed to repair it. This post contains a list of the tools I used to recover the system and some hints on how to deal with various problems. I will try to answer the following questions:

What is MBR and GPT? How to rebuild BCD and fix MBR? How to clone a partition or disk to another disk or file? How to remove and create partitions? How to remove Windows Update leftovers?

BIOS, UEFI, MBR & GPT

UEFI (Unified Extensible Firmware Interface) is a successor of BIOS (Basic Input/Output System) created in 2005.

BIOS uses MBR (Master Boot Record) disk partition scheme. MBR takes the first sector (512 bytes) of the disk, before the first partition, and consists of:

  • 446 bytes of bootstrap code
  • 64 bytes for partition table (describes 4 partitions using 16 bytes each)
  • 2 magic bytes

An extensive source of details on the logical structure of disks, though not up to date (includes details about floppies!) can be found here.

UEFI supports MBR but primarily uses GPT (GUID Partition Table), which allows for disks larger than 2 TB and with more partitions. There is a simple way to detect if your disk uses MBR or GPT in Windows and Linux.

GPT disk partition scheme consists of:

  • 512 bytes of so-called Protective MBR for partial backward compatibility
  • 512 bytes of Primary GPT Header
  • 512 bytes of descriptions per every 4 partitions
  • at the end of disk, there is a copy of GPT called Secondary GPT Header

More information about GPT can be found i.a. here and here.

Toolkit

Warning

Most of these commands may damage your file system. These commands are suitable only for advanced users. Use at your own risk!

Windows and Linux ISO

If you don’t have the installation media, Microsoft provides Windows ISO for download:

As for a live versions of Linux (bootable from USB), you can try:

  • LinuxLive – choose and install virtually any Linux distribution
  • Kaspersky Rescue Disk – relatively small (600 MB) Linux distribution with basic tools and Kaspersky antivirus able to scan disk

And finally, below I listed some tools to create a bootable USB drive from those images. Note that if you cannot create an image using one tool, try another – it may work better.

Windows Toolkit

Recovery tools

There are a couple of useful command line tools available in the Windows Recovery Environment (WinRE).

Remember than WinRE enumerates partitions differently than when Windows is running, so some drives may have other letters than usual. This is not an error and don’t fix it ;).

Show and edit disks, partitions:

# diskpart

Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: SONY

DISKPART> list disk

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          111 GB      0 B
  Disk 1    Online           29 GB    18 GB

DISKPART> list volume

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
  Volume 0     D   System Rese  NTFS   Partition    100 MB  Healthy
  Volume 1     C                NTFS   Partition    111 GB  Healthy    System

DISKPART> select disk 0

Disk 0 is now the selected disk.

DISKPART> list partition

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            100 MB  1024 KB
  Partition 2    Primary            111 GB   101 MB

Identify partitions: at some point, it is necessary to know which partition contains the bootloader and which contains the Windows installation. There are probably some more reliable ways, but I first list all partitions (diskpart –> list volume). By checking Type (Partition) and Size of partitions I identify the probable partitions:

# diskpart

Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: SONY

DISKPART> list volume

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
  Volume 0     E                       DVD-ROM         0 B  No Media
  Volume 1     C   System Rese  NTFS   Partition    350 MB  Healthy
  Volume 2     D   SYSTEM       NTFS   Partition    111 GB  Healthy
  Volume 3     F                NTFS   Removable   3744 MB  Healthy

Partitions C:\ and D:\ look interesting. The one with Boot (hidden) folder is the system partition, the one with the Windows folder is the Windows installation partition (boot partition):

# dir C:\Boot
# dir D:\Boot
# dir C:\Windows
# dir D:\Windows

Notepad – the notepad command is available to make some notes or open log files (notepad c:\dism.log).

Check disk – scan disk, repair errors and bad sectors:

# chkdsk /R

Check the integrity of the protected system files:

# sfc /scannow /offbootdir=D:\ /offwindir=E:\Windows

where D:\ is the boot drive letter and E:\Windows is the folder where Windows is installed. You can use /verifyonly instead of /scannow to disable automatic repairs, but the scan log will not be saved or available – you will just get the information if there are errors or not.

There is a way, however, to save the log file. Type the following command before running sfc:

set WINDOWS_TRACING_LOGFILE=E:\Temp\CBS.log

where E:\Temp is an existing folder on your Windows disk. After sfc is done (and despite the error message), open the log file E:\Temp\CBS.log to view the details.

You may find the sfc command failing to fix the corrupt files. In this case, you may try starting the recovery console from a Windows installation disk but (probably) only in case you have Windows 8 or Windows 10. Then issue one of these commands:

# dism /Image:E:\ /Cleanup-Image /RestoreHealth /ScratchDir:E:\Temp /Source:d:\sources\install.wim /LimitAccess

- OR -

# dism /Image:E:\ /Cleanup-Image /RestoreHealth /ScratchDir:E:\Temp /Source:wim:d:\sources\install.wim:1 /LimitAccess

The second command is useful if there is more than one installation version available (see this chapter for details). Explanation of the parameters:

  • /Image – disk with Windows
  • /RestoreHealth – fix system files
  • /ScratchDir – if the command warns of insufficient space for a scratch directory, use this parameter to point to any temporary folder in your Windows drive
  • /Source – path to the install.wim file in your Windows installation disk
  • /LimitAccess – offline mode

More information can be found in the documentation.

Registry

Yes, regedit.exe is available in the Recovery Console. However, there is an important difference: the Registry in Recovery Console works in offline mode. It will load some keys, but these are not the keys from your Windows.

Run regedit.exe. Select Computer > HKEY_LOCAL_MACHINE and choose the menu File > Load Hive. Open e:\Windows\System32\config\SOFTWARE and name it for example ext_SOFTWARE (where E:\ is the disk your Windows is installed). Now you have loaded your Windows’ HKEY_LOCAL_MACHINE\Software key to the Registry. Repeat these steps to load any other hive, e.g. SYSTEM.

After you’ve queried or modified the Registry, unload the hive. Select ext_SOFTWARE and choose the menu File > Unload Hive to save changes. Repeat these steps for any other hive you loaded.

It is also possible to load and unload the hive using a command line:

# reg load HKLM\ext_SOFTWARE E:\Windows\System32\Config\Software
...
# reg unload HKLM\ext_SOFTWARE

Note that once an offline hive is loaded, it is possible to query it using command line tools, e.g.:

# reg query "HKLM\ext_SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v DigitalProductId

Fix Master Boot Record (MBR)

If the Windows boot loader does not start and you see information like:

Operating System not found
- or -
No bootable medium found! System halted.

then it is possible that the Master Boot Record is damaged. There are several commands available for help:

# bootrec /FixMbr

Bootrec will save the MBR compatible with your Windows to the system partition. It will not overwrite the partition table, so it’s a quite safe command provided that your system partition is correct and you use the same installation media version as your Windows.

Another option is using bootsect (it will update the boot sector as well):

# bootsect /nt60 SYS /mbr

This command is compatible with Windows Vista, 7 and 8 – I’m not sure about Windows 10. SYS denotes the system partition (with the Boot folder); you can provide a drive letter like C:\ instead. More details about this command can be found in the documentation.

Fix Boot sector

The next boot data record is located in the system partition. Again, it can be rewritten, especially if you see errors related to NTLDR or Bootmgr.exe:

# bootrec /FixBoot

Another option is using bootsect:

# bootsect /nt60 SYS

This command is compatible with Windows Vista, 7 and 8 – I’m not sure about Windows 10. SYS denotes the system partition (with the Boot folder); you can provide a drive letter like C:\ instead. More details about this command can be found in the documentation.

Fix Boot Configuration Data (BCD)

If you cannot see Windows is starting or cannot select any Windows installation in the boot loader, then the Boot Configuration Data (BCD) is probably damaged. This data contains the list of available Windows installations and can be edited using some tools.

First, make a backup of the configuration:

# bcdedit /export C:\BCD.bak

Later it ill be possible to import it with the /import flag.

# bootrec /ScanOs

This command will try to find Windows installations other than the ones already listed in BCD. So if you see Total identified Windows installations: 0 then it doesn’t mean that’s bad. If there were some new installations found, you can add them to BCD by calling:

# bootrec /RebuildBcd

If there were none, but you still want to recreate BCD, use the official steps from Microsoft:

  • go to the boot drive (see above how to identify it): c:
  • go to the Boot folder: cd Boot
  • unhide the bcd configuration file: attrib bcd -s -h -r
  • rename it instead of deleting: ren bcd bcd.old
  • now rebuild BCD: bootrec /RebuildBcd

There are two more tools for modifying BCD.

In order to manually add a Windows installation to BCD, run bcdboot with some parameters. Refer to the manual for details.

Finally, to edit every aspect of BCD, use BCDedit. Run the command without parameters to display the current BCD table:

# bcdedit

Windows Boot Manager
---------------------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  pl-PL
inherit                 {globalsettings}
default                 {current}
resumeobject            {b8762182-b914-11e9-ba75-f9f4b7ad4c68}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
---------------------------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  pl-PL
inherit                 {bootloadersettings}
recoverysequence        {b8762184-b914-11e9-ba75-f9f4b7ad4c68}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {b8762182-b914-11e9-ba75-f9f4b7ad4c68}
nx                      OptIn

The /export and /import flags were mentioned above. For the other options refer to the manual.

Copy files

xcopy <from> <to> /O /X /E /H /K

Explanation of the switches:

  • /E – Copies folders and subfolders, including empty ones
  • /H – Copies hidden and system files also
  • /K – Copies attributes. Typically, Xcopy resets read-only attributes
  • /O – Copies file ownership and ACL information
  • /X – Copies file audit settings (implies /O)

Other useful switches:

  • /C – Continues copying even if errors occur
  • /R – Overwrites read-only files
  • /Y – Overwrites existing files without asking
robocopy <from> <to> /E /COPYALL
robocopy <from> <to> /MIR /COPYALL /R:0 /W:0

Explanation of the switches:

  • /E – Copies directories, including empty ones
  • /COPYALL – Copies all file information (date, permissions, attributes)
  • /MIR – Mirrors <from> in <to>, adding new files and folders and removing folders which aren’t present in the source
  • /R:0 – 0 retries for read/write failures – this causes skipping errors
  • /W:0 – 0 seconds between retries

Delete folders

Sometimes this single command, though ending with error, was able to recursively delete all subfolders and files in the current folder:

RMDIR /S /Q .

Explanation of the switches:

  • /Q – Quiet mode, won’t prompt for confirmation to delete folders.
  • /S – Run the operation on all folders of the selected path.

If it fails, first delete all files (recursively):

DEL /F /Q /S *.* > NUL

Explanation of the switches:

  • /F – Force deleting of read-only files.
  • /Q – Enables quiet mode which doesn’t ask for confirmations.
  • /S – Delete the files from all subdirectories.
  • *.* – Delete all files.
  • > NUL – Disable console output which improves performance.

Then delete all (empty) folders:

RMDIR /S /Q *.*

Open image file

It is possible to open the image file created by dd (which I described later in Linux Toolkit). An example of free software that can do this is ImDisk. If you saved one partition to a file, this command will mount it as a drive letter:

# imdisk -a -t file -f e:\partition.img -m #: -o ro

Explanation of the switches:

  • -a – attach disk
  • -t file -f <path> – disk from file
  • -m #: – assign the first available drive letter to it
  • -o ro – mount in read-only mode

If the entire disk was saved, just specify the partition number you want to mount after -v:

# imdisk -a -t file -f e:\disk.img -m #: -o ro -v 2

List all mounted images:

# imdisk -l

Unmount:

# imdisk -d -m F:

Linux Toolkit

List available disks:

# lsblk
NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
loop0    7:0    0 126.8M  1 loop /livemnt/squashfs
loop1    7:1    0  97.1M  1 loop /livemnt/mntextra/000-core.srm
loop2    7:2    0  27.5M  1 loop /livemnt/mntextra/001-xorg.srm
loop3    7:3    0  60.1M  1 loop /livemnt/mntextra/002-xfce.srm
loop4    7:4    0   192K  1 loop /livemnt/mntextra/003-kl.srm
loop5    7:5    0  11.4M  1 loop /livemnt/mntextra/004-krt.srm
loop6    7:6    0 146.1M  1 loop /livemnt/mntextra/005-bases.srm
loop7    7:7    0  50.6M  1 loop /livemnt/mntextra/008-firefox.srm
sda      8:0    0 298.1G  0 disk 
├─sda1   8:1    0   350M  0 part /mnt/KRD2018/Volumes/sda1
└─sda2   8:2    0 297.8G  0 part /mnt/KRD2018/Volumes/sda2
sdb      8:16   0 111.8G  0 disk 
├─sdb1   8:17   0   350M  0 part /mnt/KRD2018/Volumes/sdb1
└─sdb2   8:18   0 111.5G  0 part /mnt/KRD2018/Volumes/sdb2
sdc      8:32   1   3.7G  0 disk /livemnt/boot
├─sdc1   8:33   1   2.8M  0 part 
└─sdc2   8:34   1   512B  0 part 
sr0     11:0    1  1024M  0 rom  

Mount disk:

# mkdir /mnt/sda1
# mount /dev/sda1 /mnt/sda1

List mounted drives:

# mount
...
/dev/sda1 on /mnt/KRD2018/Volumes/sda1 type fuseblk (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other,blksize=4096)
/dev/sda2 on /mnt/KRD2018/Volumes/sda2 type fuseblk (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other,blksize=4096)
/dev/sdb1 on /mnt/KRD2018/Volumes/sdb1 type fuseblk (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other,blksize=4096)
/dev/sdb2 on /mnt/KRD2018/Volumes/sdb2 type fuseblk (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other,blksize=4096)

Unmount disk:

# umount /dev/sda1

List partitions:

# parted -l
Model: ATA FUJITSU MHZ2320B (scsi)
Disk /dev/sda: 320GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags: 

Number  Start   End    Size   Type     File system  Flags
 1      1049kB  320GB  320GB  primary  ntfs


Model: Samsung SSD 840 EVO 120G (scsi)
Disk /dev/sdb: 120GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags: 

Number  Start   End    Size   Type     File system  Flags
 1      1049kB  368MB  367MB  primary  ntfs         boot
 2      368MB   120GB  120GB  primary  ntfs

List partitions:

# fdisk -l /dev/sda
Disk /dev/sda: 298.1 GiB, 320072933376 bytes, 625142448 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x676bde57

Device     Boot  Start       End   Sectors   Size Id Type
/dev/sda1  *      2048    718847    716800   350M  7 HPFS/NTFS/exFAT
/dev/sda2       718848 625139711 624420864 297.8G  7 HPFS/NTFS/exFAT

Create, remove partitions: I removed all partitions and created a non-bootable single partition: Use fdisk again and the following useful commands:

  • p – print table
  • d – delete partition
  • n – create partition
  • t – set partition type
# fdisk /dev/sda

Welcome to fdisk (util-linux 2.30.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command (m for help): p
Disk /dev/sda: 298.1 GiB, 320072933376 bytes, 625142448 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x676bde57

Device     Boot  Start       End   Sectors   Size Id Type
/dev/sda1  *      2048    718847    716800   350M  7 HPFS/NTFS/exFAT
/dev/sda2       718848 625139711 624420864 297.8G  7 HPFS/NTFS/exFAT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command (m for help): d
Partition number (1,2, default 2): 

Partition 2 has been deleted.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command (m for help): d
Selected partition 1
Partition 1 has been deleted.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command (m for help): p
Disk /dev/sda: 298.1 GiB, 320072933376 bytes, 625142448 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x676bde57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command (m for help): n
Partition type
   p   primary (0 primary, 0 extended, 4 free)
   e   extended (container for logical partitions)
Select (default p): p
Partition number (1-4, default 1): 
First sector (2048-625142447, default 2048): 
Last sector, +sectors or +size{K,M,G,T,P} (2048-625142447, default 625142447): 

Created a new partition 1 of type 'Linux' and of size 298.1 GiB.
Partition #1 contains a ntfs signature.

Do you want to remove the signature? [Y]es/[N]o: y

The signature will be removed by a write command.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command (m for help): p
Disk /dev/sda: 298.1 GiB, 320072933376 bytes, 625142448 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x676bde57

Device     Boot Start       End   Sectors   Size Id Type
/dev/sda1        2048 625142447 625140400 298.1G 83 Linux

Filesystem/RAID signature on partition 1 will be wiped.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command (m for help): t
Selected partition 1
Hex code (type L to list all codes): L

 0  Empty           24  NEC DOS         81  Minix / old Lin bf  Solaris        
 1  FAT12           27  Hidden NTFS Win 82  Linux swap / So c1  DRDOS/sec (FAT-
 2  XENIX root      39  Plan 9          83  Linux           c4  DRDOS/sec (FAT-
 3  XENIX usr       3c  PartitionMagic  84  OS/2 hidden or  c6  DRDOS/sec (FAT-
 4  FAT16 <32M      40  Venix 80286     85  Linux extended  c7  Syrinx         
 5  Extended        41  PPC PReP Boot   86  NTFS volume set da  Non-FS data    
 6  FAT16           42  SFS             87  NTFS volume set db  CP/M / CTOS / .
 7  HPFS/NTFS/exFAT 4d  QNX4.x          88  Linux plaintext de  Dell Utility   
 8  AIX             4e  QNX4.x 2nd part 8e  Linux LVM       df  BootIt         
 9  AIX bootable    4f  QNX4.x 3rd part 93  Amoeba          e1  DOS access     
 a  OS/2 Boot Manag 50  OnTrack DM      94  Amoeba BBT      e3  DOS R/O        
 b  W95 FAT32       51  OnTrack DM6 Aux 9f  BSD/OS          e4  SpeedStor      
 c  W95 FAT32 (LBA) 52  CP/M            a0  IBM Thinkpad hi ea  Rufus alignment
 e  W95 FAT16 (LBA) 53  OnTrack DM6 Aux a5  FreeBSD         eb  BeOS fs        
 f  W95 Ext'd (LBA) 54  OnTrackDM6      a6  OpenBSD         ee  GPT            
10  OPUS            55  EZ-Drive        a7  NeXTSTEP        ef  EFI (FAT-12/16/
11  Hidden FAT12    56  Golden Bow      a8  Darwin UFS      f0  Linux/PA-RISC b
12  Compaq diagnost 5c  Priam Edisk     a9  NetBSD          f1  SpeedStor      
14  Hidden FAT16 <3 61  SpeedStor       ab  Darwin boot     f4  SpeedStor      
16  Hidden FAT16    63  GNU HURD or Sys af  HFS / HFS+      f2  DOS secondary  
17  Hidden HPFS/NTF 64  Novell Netware  b7  BSDI fs         fb  VMware VMFS    
18  AST SmartSleep  65  Novell Netware  b8  BSDI swap       fc  VMware VMKCORE 
1b  Hidden W95 FAT3 70  DiskSecure Mult bb  Boot Wizard hid fd  Linux raid auto
1c  Hidden W95 FAT3 75  PC/IX           bc  Acronis FAT32 L fe  LANstep        
1e  Hidden W95 FAT1 80  Old Minix       be  Solaris boot    ff  BBT            
Hex code (type L to list all codes): 7
Changed type of partition 'Linux' to 'HPFS/NTFS/exFAT'.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command (m for help): p
Disk /dev/sda: 298.1 GiB, 320072933376 bytes, 625142448 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x676bde57

Device     Boot Start       End   Sectors   Size Id Type
/dev/sda1        2048 625142447 625140400 298.1G  7 HPFS/NTFS/exFAT

Filesystem/RAID signature on partition 1 will be wiped.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Re-reading the partition table failed.: Device or resource busy

The kernel still uses the old table. The new table will be used at the next reboot or after you run partprobe(8) or kpartx(8).

The last message meant I did it while the disk was mounted. Unmount the disk (umount /dev/sda1, umount /dev/sda2) and write the table again:

# fdisk /dev/sda

Welcome to fdisk (util-linux 2.30.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.

Quick format as NTFS:

# mkfs.ntfs -f /dev/sda1
Cluster size has been automatically set to 4096 bytes.
Creating NTFS volume structures.
mkntfs completed successfully. Have a nice day.

Make a copy of the entire disk:

# dd if=/dev/sdb of=/dev/sda bs=1M status=progress
120013717504 bytes (120 GB, 112 GiB) copied, 5288 s, 22.7 MB/s
114473+1 records in
114473+1 records out
120034123776 bytes (120 GB, 112 GiB) copied, 5288.89 s, 22.7 MB/s

This command overwrites disks/files without confirmation. Triple check the parameters (if – source, of – destination) before running it!

If you want to ignore errors, add the following parameters: conv=noerror,sync.

To clone a partition onto a partition, use /dev/sdb1 instead of /dev/sdb. Partition can be used as a source, destination or both.

Similarly, a disk or partition can be cloned to or from a file. Just provide the path to the image file instead of a device:

# dd if=/dev/sdb of=sda1/HP-SSD-2019-08.img bs=1M status=progress

List contents of image file:

# fdisk -l sda1/HP-SSD-2019-08.img
Disk sda1/HP-SSD-2019-08.img: 111.8 GiB, 120034123776 bytes, 234441648 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x0a01bc3

Device                   Boot  Start       End   Sectors   Size Id Type
sda1/HP-SSD-2019-08.img1 *      2048    718847    716800   350M  7 HPFS/NTFS/exFAT
sda1/HP-SSD-2019-08.img2      718848 234438655 233719808 111.5G  7 HPFS/NTFS/exFAT

Mount the image file: in order to mount the second partition contained in the above image file, multiply sector size by start sector: 512 * 718848 = 368 050 176, and provide that value in the offset parameter:

# mount -o ro,loop,offset=368050176 sda1/HP-SSD-2019-08.img /mnt/img

Backup and restore MBR and partition data:

Check the information here.

Remove Windows update leftovers

Sometimes Windows Update installations fail such that they start over and over with every boot, preventing it from finishing. In this case, removing the pending files may help.

Try with the DISM command:

# DISM /Image:E:\ /Cleanup-Image /RevertPendingActions

where E:\ is the disk with Windows. This command will try to check and revert pending Windows Update patches. More information can be found in the official documentation.

Files

Delete:

  • all content of e:\Windows\Temp\*
  • all content of e:\Users\<user>\AppData\Local\Temp\*
  • the folder e:\Windows\WinSxS\Temp\
  • the file e:\Windows\WinSxS\cleanup.xml
  • the files e:\Windows\WinSxS\*pending.xml
  • the folder e:\Windows\SoftwareDistribution\
  • the folder e:\Windows\System32\catroot2\

Security

If you fail to remove a file from other Windows installation’s folder when you are in a running Windows system due to insufficient permissions, try doing as follows:

  • right-click the file/folder and select Properties
  • go to the Security tab and click Advanced
  • go to the Owner tab and click Edit (or Other users)
  • enter your account’s name and click OK
  • keep clicking OK to close all windows, open the properties again
  • again, go to the Security tab and click Advanced
  • click Change permissions, click Add
  • enter your account’s name, click OK, select Allow Full control and again OK
  • check the option Replace all child object permission… and click OK

From the Registry

Please remember to load before and unload the hive after the changed – details can be found in the previous Registry chapter. Load SYSTEM and SOFTWARE hives.

Now look for the following entries:

  • HKEY_LOCAL_MACHINE\ext_SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing, remove the RebootPending value if present
  • HKEY_LOCAL_MACHINE\ext_SOFTWARE\Microsoft\Windows\CurrentVersion\Installer, remove the InProgress value if present
  • HKEY_LOCAL_MACHINE\ext_SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts, remove all values except the (Default)
  • HKEY_LOCAL_MACHINE\ext_SYSTEM\ControlSet001\Control\Session Manager, remove the PendingFileRenameOperations value if present

Getting information

Disable automatic restart after crash

If the blue screen appears for a fraction of second and you can’t check the error message, you can disable automatic restarts after errors.

To do so, run the regedit.exe, connect the SYSTEM hive (see the previous chapter for details) and set AutoReboot = 0 in ext_SYSTEM\ControlSet001\Control\CrashControl.

How to get the current Windows’ product key?

If Windows is running, use one of the methods described in that link.

If Windows is offline and you are connected via a Recovery Console, copy the SOFTWARE Registry file to another computer and attach it to the Registry using the method described in the Registry chapter. Next, use the VBS script listed among the options in the above link and modify the path in RegRead to the attached hive, for example:

MsgBox ConvertToKey(WshShell.RegRead("HKLM\ext_SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId"))

Find ISO Windows version

You may be curious what is the contents of a Windows installation ISO disk. There is a quick method to verify that.

First, open the ISO image:

  • if you can double click the ISO file to mount it, you are done
  • otherwise use a tool to mount images, e.g. ImDisk: imdisk -a -t file -m #: -o ro -f Win8.1_English_x64.iso (the command was described previously)
  • alternatively, burn the ISO to DVD disk or flash drive and then attach it

Let’s assume that the ISO image is mounted as the G:\ drive. The first command will list all available installation versions:

# dism /Get-WimInfo /WimFile:G:\sources\install.wim


Deployment Image Servicing and Management tool
Version: 6.1.7601.24499

Details for image : G:\sources\install.wim

Index : 1
Name : Windows 8.1 Pro
Description : Windows 8.1 Pro
Size : 13 185 962 705 bytes

Index : 2
Name : Windows 8.1
Description : Windows 8.1
Size : 13 116 079 066 bytes

The operation completed successfully.

If the install.wim file is not present, try with boot.wim

There are two installation images available, at index 1 and 2. You can query either using the /Index parameter to get the build version:

# dism /Get-WimInfo /WimFile:G:\sources\install.wim /Index:1

Deployment Image Servicing and Management tool
Version: 6.1.7601.24499

Details for image : G:\sources\install.wim

Index : 1
Name : Windows 8.1 Pro
Description : Windows 8.1 Pro
Size : 13 185 962 705 bytes
Architecture : x64
Hal : acpiapic
Version : 6.3.9600
ServicePack Build : 17415
ServicePack Level : 0
Edition : Professional
Installation : Client
ProductType : WinNT
ProductSuite : Terminal Server
System Root : WINDOWS
Directories : 18805
Files : 104794
Created : 2014-11-21 - 19:07:26
Modified : 2014-11-21 - 19:08:09
Languages :
        en-US (Default)

The operation completed successfully.

Find current Windows version

Again, there is a multitude of options.

However, the thing that is working in the offline system, is connecting the SOFTWARE hive to the Registry and checking the ext_SOFTWARE\Microsoft\Windows NT\CurrentVersion values. Check the Registry chapter about how to load and unload offline Registry.

Leave a Reply

avatar
  Subscribe  
Notify of