OS Operations
The Registry
regedit regedt32 reg regsvr32
Hives
Two for the machine:
HKEY_LOCAL_MACHINE (generic, also called HKLM)
HKEY_CURRENT_CONFIG (the current config, duh)
Two for users:
HKEY_USERS (all of them)
HKEY_CURRENT_USER (the logged-in user)
One for software:
HKEY_CLASSES_ROOT
Booting Windows
Either:
BIOS/MBR drive’s boot record points to the bootmgr
GPT points directly to bootmgr
The bootmgr uses a BCD (boot configuration data) to findĀ and boot the right partition.
BCD is edited with the bcdedit command
Microsoft Utilities
msconfig
Runline: Task Manager
msinfo32
Runline: mmc
System Restore – Disabled by default in Win 10!
Restore Points
Task Manager
Ctl – Alt – Del + click Task Manager
OR
Ctl – Shift – Esc
OR
type taskman in the runline
Ending and starting processes
Sysinternals
https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
Mark Russinovich
Runline: Process Explorer
Installing Sysinternals
echo %PATH%
Your PATH is a list of folders. When you issue a command, the OS looks in these folders for the command (usually an executable file). System32 is in your PATH.
Download Sysinternals, unzip it, GO INTO THE RESULTING FOLDER, copy the files, then change to System32 and PASTE. Do NOT paste the unzipped folder – only its contents.
Services
services.msc net start service_name net stop service_name
tasklist taskkill task_number
Resource Monitor
Runline: resource monitor
Performance Monitor
Runline: perfmon
or use Sysinternals:
Runline: procmon
Textbook Time
Chapter 12