Command Line Tips


Creating service entry for a kernel mode driver

sc create NAME type= kernel start= demand error= normal binPath= System32\Drivers\DRIVER.sys DisplayName= DESCRIPTION

Command line to connect WinDBG to COM1 of Virtual Machine Guest OS for Kernel Debugging

"windbg.exe" -Q -k "com:port=\\.\pipe\COM1,baud=115200,pipe,resets=0,reconnect"

Configure the system to generate complete kernel memory dump

wmic recoveros set DebugInfoType = 1

Enable Administrator Account and set up a password on Windows Vista and later version of Windows

net user administrator password /active:YES

Command Line INF File Installation on Vista and later versions of Windows

%WINDIR%\system32\InfDefaultInstall.exe MyInfFile.inf

Backup the current boot loader entry to an entry named "Microsoft Windows [debugger disabled]"

bcdedit /copy {current} /d "Microsoft Windows [debugger disabled]"

Enable debugging in the current boot loader entry

bcdedit /debug ON

Enable debugging over COM1 at 115200 baud in the current boot loader entry

bcdedit /set {current} debugtype SERIAL
bcdedit /set {current} debugport 1
bcdedit /set {current} baudrate 115200

Enable debug over 1394 channel 5 in the current boot loader entry

bcdedit /set {current} debugtype 1394
bcdedit /set {current} channel 5

Enable debug over USB2.0 using the name USBDEBUG in the current boot loader entry

bcdedit /set {current} debugtype usb
bcdedit /set {current} targetname usbdebug

Enable DbgPrint() (debug print) output to appear in Vista and later versions of Windows

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Debug Print Filter" /v DEFAULT  /t REG_DWORD /d 0xffffffff

Configure the system (Vista SP1 and above) to generate a user mode mini-dump with full memory information

reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps" /v DumpType /t REG_DWORD /d 0x2

User Mini Dump File would be generated in %LOCALAPPDATA%\CrashDumps upon application crash.

Configure the system to generate a kernel or complete memory dump upon detecting the key combination "Ctrl + Scroll Lock + Scroll Lock" from a PS/2 keyboard

reg add "HKLM\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters" /v CrashOnCtrlScroll  /t REG_DWORD /d 0x1

Configure the system to generate a kernel or complete memory dump upon detecting the key combination "Ctrl + Scroll Lock + Scroll Lock" from an USB keyboard

reg add "HKLM\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters" /v CrashOnCtrlScroll  /t REG_DWORD /d 0x1

Allow Remote Desktop connections (RDP) to the local system, and enable firewall exception for RDP

wmic rdtoggle where ServerName="%COMPUTERNAME%" CALL SetAllowTSConnections 1, 1

Delete all existing system restore points across all drives

wmic shadowcopy delete

Disable System Restore (Volume Shadow Copy) on the system drive (typically C:)

wmic /namespace:\\root\default path SystemRestore call Disable %SystemDrive%

Allow loading drivers that are signed with a test certificate (as opposed to a code signing certifcate from a certificate authority)

bcdedit /set testsigning on

Disable paging of kernel and device driver code pages, required by XPERF's stackwalk feature on X64 systems

reg add "HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management" /v DisablePagingExecutive  /t REG_DWORD /d 1 /f

Prevent windows from being automatically arranged when moved to the edge of the screen on Windows 7

reg add "HKCU\Control Panel\Desktop" /v WindowArrangementActive /t REG_SZ /d "0" /f

Prevent WinDBG (debugger engine) from automatically running bugcheck analysis when loading a dump. Automated bugcheck analysis on X64 kernel dumps can significantly slow down dump opening

set DBGENG_NO_BUGCHECK_ANALYSIS=TRUE

Disable the shutdown event tracker on Windows 2003 & 2008 Systems.

reg add "HKLM\SOFTWARE\policies\microsoft\Windows NT\Reliability" /f
reg add "HKLM\SOFTWARE\policies\microsoft\Windows NT\Reliability" /v ShutdownReasonOn  /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\policies\microsoft\Windows NT\Reliability" /v ShutdownReasonUI  /t REG_DWORD /d 0 /f