Windows Command Line Notes

Page Contents

Todo

Who Owns The Port

# Command Prompt
netstat -ano
netstat -a -b

# Power shell
Get-Process -Id (Get-NetTCPConnection -LocalPort port-number-of-interest).OwningProcess

Console Colours and Title

@title Console Window Title
color 0b
mode con cols=87 lines=50 >nul

Performance & Memory Monitoring in Windows

https://serverfault.com/questions/404479/how-can-i-monitor-memory-usage-for-a-windows-based-jvm-and-trigger-an-alert-if-i/407951
https://ss64.com/nt/logman.html
https://superuser.com/questions/443970/utility-that-will-set-an-alarm-off-when-too-much-memory-has-been-consumed
http://getgreenshot.org/2010/07/24/a-few-words-on-memory-usage-or-working-set-vs-private-working-set/
http://cybernetnews.com/cybernotes-windows-memory-usage-explained/

Hard Links, Junctions and Symbolic Links

Joy, didn't realise windows could do this. The mklink command lets you create hard and soft links to either files or directories (if to a directory you need to use the /D option as the default is to link files).

mklink LINK TARGET

For example to create a hard link in my current directory to another file I could use:

mklink /h my_link_name C:\path\to\my\target\file

Some of the options are a little confusing. For example what is the difference between a "directory link" and a "directory junction"? Found the answer in in this SO thread.

Symbolic Links: Files and Directories

This is the default, whether you are creating a link to a directory or a file. Symbolic links have the advantage that you can "point" to files & directories that are on different volumes or remote shares. They have the disadvantage that changes to the target files/directories are not immediately visible: you'd have to access the symbolic link to find out. Also, if the target is deleted the link becomes invalid: i.e., symbolic links can point to a non-existent target.

For example, from my local machine I can do the following:

> mklink /D jehtech \\jehtech_server01\jehtech
> dir *jehtech*
 Volume in drive C has no label.
 Volume Serial Number is 9641-ED4A

 Directory of c:\Users\localuser1

25/10/2016  11:11    <SYMLINKD>     jehtech [\\jehtech_server01\jehtech]
               0 File(s)              0 bytes
               1 Dir(s)  417,195,425,792 bytes free

Note that by default directory links (/D) are soft links, which is why you can "point" to directories on different local and remote volumes by default.

Symbolic links are reparse points. This means that when NTFS accesss a symbolic link, it reads the links reparse data which causes the object manager (the kernel level module that issued the request) to re-issue the request with the target path from the symbolic link. [Ref].

Interestingly if the symbolic link exists on a remote file system it is processed on the local system [Ref]. This was clarified to me by the following SO answer:

Suppose that on a machine named Alice you were to put a junction point c:\myjp and a directory symbolic link c:\mysymlink, both pointing to c:\targetfolder. While you're using Alice you won't notice much difference between them. But if you're using another machine named Bob, then

\\Alice\c$\myjp -> \\Alice\c$\targetfolder

but

\\Alice\c$\mysymlink -> \\Bob\c$\targetfolder

Hardlinks: Files

Hardlinks have the advantage that changes to the file by another user will be immediately reflected in all hardlinks to that file. For example, if the file size changes, you'll see it immediately in the file system. Also, the file will not be deleted until all hardlinks to the file are deleted. The disadvantage is that you cannot hardlink to files in differed volumes. Note this means different local and remote volumes. So you cannot hardlink to a file on you C: from the D:, for example.

A hard link is the file system representation of a file by which more than one path references a single file in the same volume.

There is no mention in the MS docs of harlinks using reparse points, so these aren't involved.

Junctions (aka Soft Links): Files & Directories

The junction point requires you to link to a directory on a local volume. If I try to create a junction to a remote share, I will get the following error:

> mklink /J jehtech2 \\jehtech_server01\jehtech
Local volumes are required to complete the operation.

However, unlike hardlinks, junctions can point to files on different local volumes:

C:\>rem hardlinks to different local volumes fail
C:\>mklink /H jehtech.py E:\jehtech.py
The system cannot move the file to a different disk drive.

C:\>rem junctions to different local volumes allowed
C:\>mklink /J jehtech.py E:\jehtech.py
Junction created for jehtech.py <<===>> E:\jehtech.py

Note that junction points still can't point to remote shares. You need symbolic links for that!

A junction (also called a soft link) differs from a hard link in that the storage objects it references are separate directories, and a junction can link directories located on different local volumes on the same computer. Otherwise, junctions operate identically to hard links.

Junctions also appear to be implemented through re-parse points [Ref]:

Junctions are the Win2K equivalent of UNIX symbol links (although unlike UNIX symbolic links, junctions can't be applied to files). If you create the junction C:\articles\documents that references D:\documents, you can access files stored in D:\documents by using the path C:\articles\documents. The junction's reparse point stores the redirected path information, and as for mount-point traversal, the I/O manager modifies the name and reissues the name lookup when NTFS encounters a junction.

Unlinke symbolic links, junctions are processed on the server if accessed remotely. See the example under symbolic links for more information.

Batch Parameters

Ref: MS XP product docs.

Cmd.exe provides the batch parameter expansion variables %0 through %9. %0 is the batch file name, and %1 through %9 are the corresponding arguments typed at the command line.

Convert Relative Path To Absolute

In the generate script for this site I wanted to use a relative directory from the CWD and convert this to an absolute path so I could automatically fire up a browser to load the site.

To get the absolute path of the batch file use %~dp0. This expands %0 to a drive letter and path. This can be used with any of the batch parameters %1 through %9 top the same effect.

Configure Network Adapter Settings

I have a setup where normally my laptop should connect to the comany LAN but when I'm testing on a local test-LAN I need to change the adaptor settings and then later revert them.

Netsh Commands for Interface (IPv4 and IPv6) commands to the rescue!. You run this command by typing netsh interface <context>. There are several contexts. The onces of interest to me are ipv4 and show

Note that the results in the following examples are specific to the PC I ran them on, yours will be different.

Viewing Network Interfaces

To see information about the available interfaces use the following:

C:\>netsh interface show interface

Admin State    State          Type             Interface Name
-------------------------------------------------------------------------
... <snip> ...
Enabled        Connected      Dedicated        Local Area Connection 2
Enabled        Connected      Dedicated        Local Area Connection

To get information on a specific interface use the following.

C:\>netsh interface show interface name="Local Area Connection"

Local Area Connection
   Type:                 Dedicated
   Administrative state: Enabled
	Connect state:        Connected

Setting IPv4 Interface Setup

Using the command netsh interface ipv4 gives access to commands specific to the IPv4 configuration of your system. The following commands are supported by this subcontext...

  • add - Adds a configuration entry to a table.
  • delete - Deletes a configuration entry from a table.
  • dump - Displays a configuration script.
  • install - Install the IP protocol.
  • reset - Reset the IP configurations.
  • set - Sets configuration information.
  • show - Displays information.
  • uninstall - Uninstall the IP protocol.

The most useful in this case will be the "show interface", "set address" and "set dnsservers" commands.

Viewing Available Interface Stats & Info

So, for example, to see all the current interfaces on my system I would use the following.

C:\>netsh interface ipv4 show interface
Idx     Met         MTU          State                Name
---  ----------  ----------  ------------  ---------------------------
... <snip> ...
12          20        1500  connected     Local Area Connection
28          20        1500  connected     Local Area Connection 2

To get information on a specific interface use the following.

C:\>netsh interface ipv4 show interface interface="Local Area Connection"

Interface Local Area Connection Parameters
----------------------------------------------
IfLuid                             : ethernet_6
IfIndex                            : 12
State                              : connected
... <snip> ...
Directed MAC Wake up patterns      : disabled

Set Interface Address And DHCP Usage

C:\>netsh interface ipv4 set address ?

Usage: set address [name=]
             [[source=]dhcp|static]
             [[address=][/] [[mask=]]
             [[gateway=]|none [gwmetric=]]
             [[type=]unicast|anycast]
             [[subinterface=]]
             [[store=]active|persistent]

So, to setup my network adapter to a fixed IP address I would use the following command. Notice that I use "store=active so that this setting only applies until the next reboot. Note also that, because this command must be run with administrator privalidge, to avoid more rubbish on the command line, save it to a .bat and then run as admin using explorer... much easier!

netsh interface ipv4 set address name="Local Area Connection" source=static address=192.168.10.200 mask=255.255.255.0 store=active

To go back to my previous DHCP setup...

netsh interface ipv4 set address name="Local Area Connection" source=dhcp

Analyse Crash Dumps

References

  1. https://keithbabinec.com/2018/06/12/how-to-capture-and-debug-net-application-crash-dumps-in-windows/
  2. https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/getting-started-with-windbg

Enable Windows Error Reporting

  1. Using regedit create key HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps
  2. For you app, MyApp.exe
    1. Create key HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\MyApp.exe
    2. Add value of type REG_EXPAND_SZ as DumpFolder with value set to path where you want dump files to be stored
    3. Add value of type REG_DWORD as DumpType with value 1 for mini dumps and 2 for full dumps
    4. Add value of type REG_DWORD as DumpCount with value as number of dumps to keep in dump folder before overwriting oldest. Default 10.

Analyse Dump File

  1. Open WinDbg - make sure it is the correct type for you application: x86 or x64
  2. Select File > Open Crash Dump
  3. Enable verbose logging: !sym noisy
  4. Specify where symbol files exist:
    .sympath srv*https://msdl.microsoft.com/download/symbols
    .sympath+ cache*C:\debug\symbols
    .sympath+ C:\Path\To\Project\Exe\MyApp\MyApp\bin\Debug
  5. Force symbol reload:
    .reload
    ld*
  6. Load the SOS extension
    1. May have to copy SOS.dll from to relevant path in C:\debug\symbols (you'll see path from errors in the following steps if WinDbg cant find the SOS dll) from either C:\Windows\Microsoft.NET\Framework64\v4.0.30319 or C:\Windows\Microsoft.NET\Framework\v4.0.30319 depending on whether app is x64 or x86 respectively.
    2. Load extension: .loadby sos clr
    3. Check extension loaded: .chain
  7. Run analysis: !analyze -v