DOS COMMANDS SYNTAX 10, TREASURE--> DOWNLOAD
| 181). TASKKILL = Remove a running process from memory... |
|---|
| (EXPLAIN - TASKLIST) End one or more processes (by process id or image name). Syntax TASKKILL [/S system [/U username [/P [password]]]] { [/FI filter] [/PID processid | /IM imagename] } [/F] [/T] Options /S system The remote system to connect to. /U [domain\]user The user context under which the command should execute. /P [password] The password. Prompts for input if omitted. /F Forcefully terminate the process(es). /FI filter Display a set of tasks that match a given criteria specified by the filter. /PID process id The PID of the process to be terminated. /IM image name The image name of the process to be terminated. Wildcard '*' can be used to specify all image names. /T Tree kill: terminates the specified process and any child processes which were started by it. Filters Apply one of the Filters below: Imagename eq, ne String PID eq, ne, gt, lt, ge, le Positive integer. Session eq, ne, gt, lt, ge, le Any valid session number. Status eq, ne RUNNING | NOT RESPONDING CPUTime eq, ne, gt, lt, ge, le Time hh:mm:ss MemUsage eq, ne, gt, lt, ge, le Any valid integer. Username eq, ne User name ([Domain\]User). Services eq, ne String The service name Windowtitle eq, ne String Modules eq, ne String The DLL name Examples: Examples: TASKKILL /S system /F /IM notepad.exe /T TASKKILL /PID 1230 /PID 1241 /PID 1253 /T TASKKILL /F /IM notepad.exe /IM mspaint.exe TASKKILL /F /FI "PID ge 1000" /FI "WINDOWTITLE ne untitle*" TASKKILL /F /FI "USERNAME eq NT AUTHORITY\SYSTEM" /IM notepad.exe TASKKILL /S system /U domain\username /FI "USERNAME ne NT*" /IM * TASKKILL /S system /U username /P password /FI "IMAGENAME eq note*" |
| 182). TIME = Display or set the system time... |
|---|
| (EXPLAIN - TIME) Display or set the system time. Syntax TIME [new_time] TIME TIME /T key new_time : The time as HH:MM TIME with no parameters will display the current time and prompt for a new value. Pressing ENTER will keep the same time. /T : Just display the time, formatted according to the current Regional settings. Time Formatting In Control Panel, Regional settings a Time Appearance can be set. This can be used to change the separator, and the number of characters used to display hours and minutes. To display the time including Seconds: ECHO.| TIME will display the time, including seconds and hundredths of a second The time separator and the Country Code are user settings in the registry: The time separator can be read using REG as follows @echo off FOR /F "TOKENS=3" %%D IN ('REG QUERY ^"HKEY_CURRENT_USER\Control Panel\International^" /v sTime ^| find ^"REG_SZ^"') DO ( SET _time_sep=%%D) echo %_time_sep% To read the Country Code replace sTime in the above with iCountry. The time formats for different country codes are as follows: Country or language CountryCode Date format Time format United States 001 01/03/1994 5:35:00.00p Czechoslovakia 042 03.01.1994 17:35:00 France 033 03.01.1994 17:35:00 Germany 049 03.01.1994 17:35:00 Latin America 003 03/01/1994 5:35:00.00p International English 061 03/01/1994 17:35:00.00 Portugal 351 03-01-1994 17:35:00 Finland 358 3.1.1994 17.35.00 Switzerland 041 03.01.94 17 35.00 Norway 047 03.01.94 17:35:00 Belgium 032 03/01/94 17:35:00 Brazil 055 03/01/94 17:35:00 Italy 039 03/01/94 17.35.00 United Kingdom 044 03/01/94 17:35:00.00 Denmark 045 03-01-94 17.35.00 Netherlands 031 03-01-94 17:35:00 Spain 034 3/01/94 17:35:00 Hungary 036 1994.01.03 17:35:00 Canadian-French 002 1994-01-03 17:35:00 Poland 048 1994-01-03 17:35:00 Sweden 046 1994-01-03 17.35.00 If Command Extensions are disabled TIME will not support the /T switch |
| 183). TIMEOUT = Delay processing of a batch file... |
|---|
| (EXPLAIN - TIMEOUT.exe) Delay execution of a batch file. Syntax TIMEOUT delay Key delay :Delay in seconds (between -1 and 100000) to wait before continuing. The value -1 causes the computer to wait indefinitely for a keystroke (like the PAUSE command) Timeout will pause command execution for a number of seconds, after which it continues without requiring a user keystroke. If the user does press a key at any point, execution will resume immediately. Timeout.exe seems to consume less processor time time than Sleep.exe |
| 184). TITLE = Set the window title for a CMD.EXE session... |
|---|
| (EXPLAIN - TITLE ) Change the title displayed above the CMD window. Syntax TITLE [string] Key string : The title for the command prompt window. The default title is %comspec% however, since the title can also be defined in a program shortcut, the title is usually set to "Command Prompt" To change the title for the duration of a command use: TITLE This is the initial title text CMD /c MyBatchFile.cmd ... If MyBatchFile.cmd contains a different TITLE command it will revert when the second command session ends. The START command, used to start a program in a separate window also has an option to specify a title for the new Window. |
| 185). TLIST = Task list with full path... |
|---|
| (EXPLAIN - TLIST & Windows 2000 support tools) Task List. Show the command, command line, working directory, memory usage and DLLs for each running task. This command is no longer supplied with recent versions of the Windows resource kit, having been replaced by TASKLIST, however if you can find a copy Tlist does have the advantage of showing the full path of the process. Syntax TLIST TLIST -t TLIST pid TLIST -t pid TLIST pattern TLIST -t pattern Key -t : Show Task dependencies in Tree form pid : List module information for this task if no PID is given - all Tasks are listed pattern : A complete task name or expression pattern (e.g. CMD.*) if a pattern is given it will match against task names or window titles. Example: The following batch file will show the full path of all running programs. @ECHO off FOR /f "tokens=1" %%G in ('tlist') DO (call :s_item %%G) GOTO :eof :s_item tlist %1 | find "CmdLine" |
| 186). TOUCH = Change file timestamps... |
|---|
| (EXPLAIN - TOUCH) Change file timestamps Syntax TOUCH [option]... files ... Key /t year month day hour minute second This is a POSIX utility. Use the optional argument /t to specify a date other than the current time. ( four-digit years, two-digit months, days, hours, minutes, seconds) Example To set the date to 7:30 am 1st October 2015 TOUCH /t 2015 10 01 07 30 00 MyFile.txt |
| 187). TRACERT = Trace route to a remote host... |
|---|
| (EXPLAIN - TRACER) Trace Route - Find the IP address of any remote host. TRACERT is useful for troubleshooting large networks where several paths can be taken to arrive at the same point, or where many intermediate systems (routers or bridges) are involved. Syntax TRACERT [options] target_name Key target_name The HTTP or UNC name of the host Options: -d Do not resolve addresses to hostnames. (avoids performing a DNS lookup) -h max_hops Maximum number of hops to search for target.(default=30) -j host-list Trace route along given host-list. up to 9 hosts in dotted decimal notation, separated by spaces. -w timeout Wait timeout milliseconds for each reply. The functionality of TRACERT is the same under all versions of windows but the output is cosmetically improved under XP. Tracert uses the IP TTL field and ICMP error messages to determine the route from one host to another through a network. Care must be taken with tracert as it shows the optimal route, not necessarily the actual route. To be accurate, it is possible to ping from a UNIX machine back to the PC using the -R option to record the route taken - but only if the particular network devices support it. This diagnostic tool determines the path taken to a destination by sending ICMP Echo Request messages with varying Time to Live (TTL) values to the destination. TTL (Time to Live) calculation TTL is effectively a count of the (maximum) number of links to the destination host. Each router along the path decrements the TTL in an IP packet by at least 1 before forwarding it. When the TTL on a packet reaches 0, the router is expected to return an ICMP Time Exceeded message to the source computer. Tracert determines the path by sending the first Echo Request message with a TTL of 1 and incrementing the TTL by 1 on each subsequent transmission until either the target host responds or the maximum number of hops is reached. This process relys on intermediate routers to return ICMP Time Exceeded messages. However, some routers do not return Time Exceeded messages for packets with expired TTL values and are invisible to the tracert command. In this case, a row of asterisks (*) is displayed for that hop. Firewalls Many firewalls will block ICMP traffic by default. If an attacker is able to forge ICMP redirect packets, he or she can alter the routing tables on the host and possibly subvert the security of the host by causing traffic to flow via a path you didn't intend. Examples TRACERT www.doubleclick.net TRACERT 123.45.67.89 TRACERT local_server |
| 189). TSSHUTDN = Remotely shut down or reboot a terminal server... |
|---|
| (EXPLAIN - TsShutDn) Remotely shut down or reboot a terminal server. If the computer supports software control of AC power this command may be used to power off the server. Syntax TSSHUTDN [WaitTime] [/server:ServerName] [/reboot] [/powerdown] [/delay:LogOffDelay] [/v] Key WaitTime An amount of time (in seconds) to wait after notifying users before logging off all users from their sessions. Default = 60 seconds. /server The terminal server to shut down. If unspecified, the current terminal server is shut down. /reboot Reboot the terminal server after user sessions are ended. /powerdown Turn off the terminal server if the computer supports software control of AC power. /delay The amount of time to wait after logging off users from their sessions, before ending all processes and shutting down the terminal server. Default = 30 seconds. /v Display verbose information about the actions being performed. /? Display help. You must have administrative privileges run tsshutdn. Using Start Menu | ShutDown is not recommended for shutting down a terminal server as that method does not notify users before ending their sessions. All connected sessions are notified. Sessions that have applications with open files will prompt the user to save the files. After initiating the logoff command, tsshutdn waits a specified interval, before ending all processes. Tsshutdn does not reboot the terminal server unless the /reboot option is specified. Examples End all client sessions 60 seconds after notification, and then 30 seconds after all the users are logged off, shutdown the current terminal server: TSSHUTDN /v End all client sessions 5 minutes after notification, and then 1 minute after all the users are logged off, shutdown and restart the terminal server: TSSHUTDN 300 /reboot /delay:60 /v On the terminal server named "Server64", end all client sessions 2 minutes after notification, and then 20 seconds after all the users are logged off, shutdown and restart the terminal server: TSSHUTDN 120 /server:server64 /delay:20 /v |
| 190). TYPE = Display the contents of a text file... |
|---|
| (EXPLAIN - TYPE) Display the contents of one or more text files, convert Unicode to ANSI. Syntax TYPE [drive:]pathname(s) If more than one file is specified the filenames are included in the output. If a wildcard is used the filenames are not displayed. Output can be redirected into a new file: TYPE file.txt > Newfile.txt Output can be appended to an existing file: TYPE file.txt >> ExistingFile.txt To do the same with user console input : TYPE CON > Newfile.txt This will require typing a CTRL-Z to indicate the end of file. When using redirection to SORT a file the TYPE command is used implicitly For example: SORT < MyFile.txt Create an empty (zero byte) file: TYPE nul >filename.log If you TYPE a Unicode text file, the output will be Ascii (Windows1252). This behaviour is more a limitation of the CMD shell than a designed feature, any extended characters will be discarded. To work with Unicode files use PowerShell. eg: TYPE UnicodeFile.txt > Ascii.txt |
| 191). TypePerf = Write performance data to a log file... |
|---|
| (EXPLAIN - TypePerf.exe) Write performance data to the command window or to a log file.To stop Typeperf, press CTRL+C. Syntax typeperf counter [counter ...] [options] typeperf -cf filename [options] typeperf -q [object] [options] typeperf -qx [object] [options] Key counter The Performance counters to monitor. -f {CSV|TSV|BIN|SQL} Output file format. Default is CSV. -cf filename File containing performance counters to monitor, one per line. -si [[hh:]mm:]ss Time between samples. Default is 1 second. -o filename Path of output file or SQL database. Default is STDOUT. -q [object] List installed counters (no instances). To list counters for one object, include the object name, such as Processor. -qx [object] List installed counters with instances. To list counters for one object, include the object name, such as Processor. -sc samples Number of samples to collect. Default is to sample until CTRL+C. -config filename Settings file containing command options. -s computer_name Server to monitor if no server is specified in the counter path. -y Answer yes to all questions without prompting. -? Display context sensitive help. Counter is the full name of a performance counter in the format:"\\Computer\Object(Instance)\Counter" e.g. "\\Server1\Processor(0)\% User Time". Examples Display % Processor time until interrupted: C:\> typeperf "\Processor(_Total)\% Processor Time" Gather 600 samples of % Processor time on the local computer (this will take 10 minutes): C:\> typeperf "\processor(_Total)\% Processor Time" -O C:\SS64demo1.csv -SC 600 Gather samples of all the counters listed in counters.txt : C:\> typeperf -cf counters.txt -si 5 -sc 50 -o C:\SS64demo2.csv |
| 192). USRSTAT = List domain usernames and last login... |
|---|
| (EXPLAIN - USRSTAT- ) |
| 193). VER = Display version information... |
|---|
| (EXPLAIN - VER) Display the current operating system version. Syntax VER Use ver to find specific operating systems like this: @Echo off Setlocal :: Get windows Version numbers For /f "tokens=2 delims=[]" %%G in ('ver') Do (set _version=%%G) For /f "tokens=2,3,4 delims=. " %%G in ('echo %_version%') Do (set _major=%%G& set _minor=%%H& set _build=%%I) Echo Major version: %_major% Minor Version: %_minor%.%_build% if "%_major%"=="5" goto sub5 if "%_major%"=="6" goto sub6 Echo unsupported version goto:eof :sub5 ::Winxp or 2003 if "%_minor%"=="2" goto sub_2003 Echo Windows XP [%PROCESSOR_ARCHITECTURE%] goto:eof :sub_2003 Echo Windows 2003 or XP 64 bit [%PROCESSOR_ARCHITECTURE%] goto:eof :sub6 if "%_minor%"=="1" goto sub7 Echo Windows Vista or Windows 2008 [%PROCESSOR_ARCHITECTURE%] goto:eof :sub7 Echo Windows 7 or Windows 2008 R2 [%PROCESSOR_ARCHITECTURE%] goto:eof Service Pack Version This Batch script will give the Service Pack level. Works for NT, Win2K or WinXP |
| 194). VERIFY = Verify that files have been saved... |
|---|
| (EXPLAIN - VERIFY) To check that files are saved to disk correctly; the system can re-read the disk when saving and verify (compare) with the data in memory. Syntax VERIFY [ON | OFF] By default the CMD shell has verify OFF Windows Explorer will always copy with verify ON Copying files can be up to twice as fast with verify OFF. VERIFY without a parameter will display the current setting. "VERIFY dummy_text" will set %ERRORLEVEL% to 1 |
| 195). VOL = Display a disk label... |
|---|
| EXPLAIN - VOL) Display the volume label of a disk. Syntax VOL [drive:] If the drive exists, VOL will display it's disk label and serial number and will return an %ERRORLEVEL% of 0. If the drive does not exist VOL will return an %ERRORLEVEL% of 1. If the drive is a CD/DVD drive with no disk loaded then VOL will return "The device is not ready" and will return an %ERRORLEVEL% of 1. |
| 196). WHERE = Locate and display files in a directory tree... |
|---|
| (EXPLAIN - WHERE = Windows 2003) Locate and display files in a directory tree. The WHERE command is roughly equivalent to the UNIX 'which' command. By default, the search is done in the current directory and in the PATH. Syntax WHERE [/r Dir] [/q] [/f] [/t] Pattern ... key /r A recursive search, starting with the specified Dir directory. /q Don't display the files but return either an exit code of 0 for success or 1 for failure. /f Display the output file name in quotation marks. /t Display the size, time stamp, and date stamp of the file. /e Report the executable type. pattern The name of a folder, file, or set of files to be found. you can use wildcard characters ( ? * ) and UNC paths. As an alternative to this command you can use this 90-character batch file: @for %%e in (%PATHEXT%) do @for %%i in (%1%%e) do @if NOT "%%~$PATH:i"=="" echo %%~$PATH:i (from the OldNewthing blog) Examples Find all files named 'Zappa' in drive C: (including subdirectories) WHERE /r c:\ Zappa Find all files named 'Zappa' on the remote computer 'Server1' searching its subdirectories, and reporting the executable type for executable files WHERE /r \\Server1\Share1 /e Zappa.* |
| 197). WHOAMI = Output the current UserName and domain... |
|---|
| (EXPLAIN - WHOAMI.exe) Displays the username and domain for the currently logged in user. The whoami output is the same as the 2 environment variables %USERDOMAIN% and %USERNAME%. So the same output can usually be achieved with ECHO %USERDOMAIN%\%USERNAME% One exception to this is when using RUNAS /env , e.g. if my username is Simon: c:>RunAs /env /user:JDoe cmd.exe c:>ECHO %USERDOMAIN%\%USERNAME% ss64\Simon c:>whoami ss64\JDoe WHOAMI /all - shows all permissions and group memberships. |
| 198). WINDIFF = Compare the contents of two files or sets of files... |
|---|
| EXPLAIN - WinDiff (Windows SDK) Compare the contents of two files or sets of files with a graphical interface. Syntax windiff [path1] [path2] Key path Individual files to compare or a directory of files to compare If either path is not specified it will default to the current directory (or a matching file in the current directory) If nothing is specified, the GUI will appear - select files to compare with the menus. White background = parts common to both files. Red background = parts that belong to the file listed on the left . Yellow background = parts that belong to the file listed on the right . Registry files (exported with regedit) can also be compared. Also see the help file Windiff.hlp. |
| 199). WINMSD = Windows system diagnostics... |
|---|
| (EXPLAIN - WINMSD.exe) Microsoft Windows diagnostics Reports: Memory use, Services, Devices, IRQ's Ports, Environment variables, Network (rights, transport, stats), Hardware including Display adapter. Syntax WINMSD [\\computername] options Options: /a All details /s Summary details only /f Send output to a file /p Send output to a printer WINMSD with no switches will open the GUI with details of the computer you are logged into. When a remote computername is specified then less info will be reported e.g. Diskspace and Memory won't be listed Hot keys within the GUI: SHIFT - F2 copies the current tab to the clipboard, F2 copies a summary of the current tab to the clipboard Winmsd in Windows 2000 will actually run Msinfo32 - mmc.exe /s "C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSInfo32.msc" It is advisable to have the SERVER service running, if not - winmsd will show a warning dialogue. Spooling output to file - if you have the resource kit WINMSDP allows more control over this. |
| 200). WINMSDP = Windows system diagnostics II... |
|---|
| (EXPLAIN - WINMSDP.exe) Windows NT diagnostics II Reports: Memory use, Services, Devices, IRQ's Ports, Environment variables, Network (rights, transport, stats), Hardware including Display adapter. Syntax WINMSDP option Key (only one option can be used) /a : ALL prints everything /e : environment /d : drives /i : interrupt resources /m : memory /n : network /o : OS version /p : port resources /r : drivers /s : services /u : DMA resources /w : hardware /y : memory resources The output is very similar to WINMSD if a little more detailed. The output will appear in a text file called msdrpt.TXT |
No comments:
Post a Comment