| [Windows]wmic查看运行进程的参数 | 您所在的位置:网站首页 › windows10查看进程指令 › [Windows]wmic查看运行进程的参数 |
[Windows]wmic查看运行进程的参数
|
wmic使用:
1.查看进程详细信息,这个命令会显示进程的很多信息 wmic process where name="java.exe" get /format:value
更多:https://www.cs.cmu.edu/~tgp/scsadmins/winadmin/WMIC_Queries.txt 更多 查看所有运行中进程的命令行参数: mic process get caption,commandline /value 查询指定进程的命令行参数: wmic process where caption="notepad.exe" get caption,commandline /value【精确查找】 wmic process where="caption like 'notepad%'" get caption,commandline /value【模糊查找】 先决条件: a. 启动Windows Management Instrumentation服务,开放TCP135端口。 b. 本地安全策略的“网络访问: 本地帐户的共享和安全模式”应设为“经典-本地用户以自己的身份验证”。 1. wmic /node:"192.168.1.20" /user:"domain\administrator" /password:"123456" 2.【硬件管理】: 获取磁盘资料: wmic DISKDRIVE get deviceid,Caption,size,InterfaceType 获取分区资料: wmic LOGICALDISK get name,Description,filesystem,size,freespace 获取CPU资料: wmic cpu get name,addresswidth,processorid 获取主板资料: wmic BaseBoard get Manufacturer,Product,Version,SerialNumber 获取内存数: wmic memlogical get totalphysicalmemory 获得品牌机的序列号: wmic csproduct get IdentifyingNumber 获取声卡资料: wmic SOUNDDEV get ProductName 获取屏幕分辨率 wmic DESKTOPMONITOR where Status='ok' get ScreenHeight,ScreenWidth 3. PROCESS【进程管理】: 列出进程 wmic process list brief (Full显示所有、Brief显示摘要、Instance显示实例、Status显示状态) wmic 获取进程路径: wmic process where name="jqs.exe" get executablepath wmic 创建新进程 wmic process call create notepad wmic process call create "C:\Program Files\Tencent\QQ\QQ.exe" wmic process call create "shutdown.exe -r -f -t 20" wmic 删除指定进程: wmic process where name="qq.exe" call terminate wmic process where processid="2345" delete wmic process 2345 call terminate wmic 删除可疑进程 wmic process where "name='explorer.exe' and executablepath'%SystemDrive%\\windows\\explorer.exe'" delete wmic process where "name='svchost.exe' and ExecutablePath'C:\\WINDOWS\\system32\\svchost.exe'" call Terminate 3. USERACCOUNT【账号管理】: 更改当前用户名 WMIC USERACCOUNT where "name='%UserName%'" call rename newUserName WMIC USERACCOUNT create /? 4. SHARE【共享管理】: 建立共享 WMIC SHARE CALL Create "","test","3","TestShareName","","c:\test",0 (可使用 WMIC SHARE CALL Create /? 查看create后的参数类型) 删除共享 WMIC SHARE where name="C$" call delete WMIC SHARE where path='c:\\test' delete 5. SERVICE【服务管理】: 更改telnet服务启动类型[Auto|Disabled|Manual] wmic SERVICE where name="tlntsvr" set startmode="Auto" 运行telnet服务 wmic SERVICE where name="tlntsvr" call startservice 停止ICS服务 wmic SERVICE where name="ShardAccess" call stopservice 删除test服务 wmic SERVICE where name="test" call delete 6. FSDIR【目录管理】 列出c盘下名为test的目录 wmic FSDIR where "drive='c:' and filename='test'" list 删除c:\good文件夹 wmic fsdir "c:\\test" call delete 重命名c:\test文件夹为abc wmic fsdir "c:\\test" rename "c:\abc" wmic fsdir where (name='c:\\test') rename "c:\abc" 复制文件夹 wmic fsdir where name='d:\\test' call copy "c:\\test" 7.datafile【文件管理】 重命名 wmic datafile "c:\\test.txt" call rename c:\abc.txt 8.【任务计划】: wmic job call create "notepad.exe",0,0,true,false,********154800.000000+480 wmic job call create "explorer.exe",0,0,1,0,********154600.000000+480更多:https://blog.csdn.net/swazer_z/article/details/60100596 |
2.指定显示某些列,可根据上面命令有选择的显示某些字段
3. name 模糊查询:【本文地址】
公司简介
联系我们