Shulou(Shulou.com)06/03 Report--

This article mainly introduces the "Wmic instance application code writing tutorial". In the daily operation, I believe that many people have doubts about the Wmic instance application code writing tutorial. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts of "Wmic instance Application Code Writing tutorial". Next, please follow the editor to study!

As for aliases, it is an English name for motherboards, services, systems, processes and other computer-related things, in wmic.exe /? You can also see it under the command line

The syntax of the wql statement is almost exactly the same as the sql statement we usually use when injecting, or even simpler. It's usually where name= "xxx" and, but sometimes you have to change the format of name= "xxx" to "name='xxx'" or where (name='xxx'). Anyway, if it doesn't work under normal circumstances, you can write it differently.

What about verbs? just a few assoc, call, CREATE, DELETE, GET, LIST, SET

As for the adverb (the parameter of the verb), it is to get the attribute of the object by using the verb + its parameter. Like adverbs that belong to list verbs, what does it look like, such as showing a detailed status or a brief status?

A verb switch is like displaying a horizontal table format or displaying a vertical table format or outputting a file in what format, or repeatedly displaying information for a few seconds, and so on. Some verbs do not have a switch.

Wmic / output:c:\ process.html process get processid,name,executablepath / format:htable

(wmic) + (global switch) + (alias) + verb (adverb) + (verb switch)

BIOS management

Column 1, display bios information

Enter: wmic bios list full in cmd

Haha, are you dizzy? Enter mode con cols=1200 lines=20 in cmd first, and then enter wmic bioslist. This is much better.

List is a specific parameter, and list determines the format and scope of the information displayed.

Full is a parameter

FULL= all displays,-BiosCharacteristics, (signature) BuildNumber, CodeSet, CurrentLanguage, Description, (category) IdentificationCode, (authentication code) InstallableLanguages, (installation language) InstallDate (installation data), LanguageEdition, (language version) ListOfLanguages, Manufacturer, (manufacturer) Name, (name child) OtherTargetOS, (other object system) PrimaryBIOS, (main bios) ReleaseDate, (version date) SerialNumber, (string) SMBIOSBIOSVersion, SMBIOSMajorVersion, SMBIOSMinorVersion, SMBIOSPresent, SoftwareElementID, SoftwareElementState, Status, TargetOperatingSystem,

INSTANCE= object instance-Name

STATUS= status-Status, Name, Caption, SMBIOSPresent

SYSTEM= system-_ _ CLASS, _ _ DERIVATION, _ _ DYNASTY, _ _ GENUS, _ _ NAMESPACE, _ _ PATH, _ _ PROPERTY_COUNT, _ _ RELPATH, _ _ SERVER, _ _ SUPERCLASS

Column 2, display bios information

Enter: wmic bios get in cmd

Column 3. Display complete bios information

Enter: wmic bios get / value in cmd

Plus the parameter value display is more intuitive.

Process management

Column 1. Display process summary information

Enter: wmic process list brief in cmd

Brief is a parameter, list determines the format and scope of the information displayed, and process is an alias

The following LIST formats are available:

Column 2. Display complete information about the process

Enter: wmic process get in cmd

The following LIST formats are available:

That is to say, append the following parameters after get, such as multiple parameters should be separated by commas such as: wmic process get csname,executablepath

Column 3, display a process information

Enter: wmic process where (description= "ttplayer.exe") in cmd

Column 4

Query the startup path of the process (output the resulting information)

Wmic process get name,executablepath,processid

Wmic / output:c:\ process.html process get processid,name,executablepath / format:htable

Column 5. End a process (according to the PID corresponding to the process)

Wmic process where name='outlook.exe' call terminate

Wmic process where name= "notepad.exe" delete

Wmic process where name= "notepad.exe" terminate

Wmic process where pid= "123" delete

Wmic path win32_process where "name='notepad.exe'" delete

List information about an installed program

Wmic product get packagename= "* .msi"

Remove installed programs

Wmic product where name= "*" delete

Wmic product where name= "Tencent QQ 2009" delete

Query the startup path of the process (output the resulting information)

Wmic process get

Wmic / output:c:\ process.html process get processid,name,executablepath / format:htable.xsl

Query the information of the specified process

Wmic process where name= "notepad.exe" get name,executablepath,processid

:: name= process name, executablepath= path, processid= process ID

Restart the remote computer

Wmic / node:192.168.8.10 / user:administrator / password:xiongyefeng process call create "shutdown-r-f"

Turn off the remote computer

Wmic / node:192.168.8.10 / user:administrator / password:xiongyefeng process call create "shutdown-s-f"

Create a process

Wmic process call create "d:\ program files\ ttplayer\ ttplayer.exe"

Create a process on remote computing

Wmic / node:192.168.8.10 / user:administrator / password:xiongyefeng process call create "c:\ windows\ notepad.exe"

Disk management

Check the status of remote host disk C

WMIC / node: "192.168.8.100" / user: "administrator" / password: "lcx" / output:a.html logicaldisk where "name='c:'" get DeviceID,Size,FreeSpace,Description,FileSystem / format:htable

The node switch indicates which machine to access. User and password are of course the user name and password of the remote machine. With the above explanation, you should be clear at a glance.

Column 6. Check the local C disk.

Wmic logicaldisk where name= "c:" get

:: Caption= description, Compressed= compression, CreationClassName= creation class name Description= description, DeviceID= drive ID number DriveType= drive type, FileSystem= file system, FreeSpace= free space, MaximumComponentLength Size= total capacity, Status= status, SystemName= computer name, VolumeName= volume label name, VolumeSerialNumber volume label string

View the properties of the disk

Wmic logicaldisk list brief

:: caption= title, driveID= drive ID number, model= product model, Partitions= partition, size= size

View the real situation of the physical disk

Wmic diskdrive list

:: Caption description, DeviceID= drive ID number, Model= original hard disk model, total number of Partitions= partitions, Size= hard disk size

Get the disk symbol of the USB disk

Wmic logicaldisk where drivetype='2' get deviceid,description

Wmic logicaldisk where "drivetype=2" get name

:: 2 = removable disk, 3 = local disk, 5 = optical drive.

Change the name of the volume label

Wmic logicaldisk where name= "c:" set volumename=lsxq

:: equivalent to label c: lsxq

Installation package task management

Column 1 lists the installed programs and other detailed information

Wmic product get

You can also add the following parameters and separate them with bean numbers, such as: wmic prduct get name,installdate

System service management

Wmic service where name= "TermService" get processid

:: get the PID number of the specified service process

Wmic service where state='running' get name,displayname

:: show running services

Wmic service where state='running' get name,pathname

:: displays the executable file path where the started service is located

Wmic service where name= "sharedaccess" startservice

:: start a service

Wmic service where name= "sharedaccess" stopservice

:: stop a service

Wmic service where name='sharedaccess' changestartmode 'automatic'

:: set a service to self-start (manual, disabled)

Show services that are self-starting at boot time

Wmic service where startmode='auto' get name,displayname

::

Displays services that are self-starting and currently running

Wmic service where "startmode='auto' and state='running'" get name,displayname

::

Show services that are disabled or started manually

Wmic service where 'startmode= "disabled" or startmode= "manual"' get name,displayname

::

Document management

Change the file name

Wmic datafile "c:\\ temp\\ 1.txt" rename "c:\ temp\ 2.txt"

:: name the 1.txt file under c:\ temp as 2.txt

Copy a single file

Wmic datafile "c:\\ test.txt" copy "d:\ lsxq.txt"

Get a list of files with a specific extension under the specified path

Wmic datafile where "drive='c:' and path='\\ 'and extension='txt'" get name,Path, "System File"

Delete folder

Wmic fsdir "c:\\ test" delete

Folder renaming

Wmic fsdir "c:\\ test" rename "c:\ lsxq"

Copy folder

Wmic fsdir where (name='c:\\ temp\\ ken') call copy "d:\ ken1"

:: copy the files from the ken folder under disk C to disk D ken1. If the ken1 folder does not exist on disk D, it will automatically create a key, and if it does, copy it directly.

Rename folder

Wmic fsdir where (name='d:\\ zhangzhimin') rename "d:\ ken"

:: name the zhangzhimin folder under the d disk ken

Find the specified document in an all-round way

Wmic datafile where "filename='qq' and extension='exe'" get name

Get a specific extension under the specified path and require that only files that meet the criteria for the topic be displayed

Wmic datafile where "drive='e:' and path='\\ surecity\\ 'and extension='rar' and filesize > 1000" get name

Get the creation, access, and modification time of the file

Wmic datafile where name= "c:\\ windows\\ notepad.exe" get CreationDate,LastAccessed,LastModified

:: createiondate= creation, LastAccessed= last access time, LastModifie= last modification time

Compress the specified folder to save disk space

Wmic fsdir where (name='d:\\ test') call compress

:: compress the test folder of D disk and highlight it in blue font

Extract the specified folder

Wmic fsdir where (name='d:\\ test') call compress

:: extract the test folder of disk D and restore the normal font

The usage and examples of aliases

Alias job

Wmic job call create "sol.exe", 0pc0re0pl 0pr 0pr 154600.000000c480

::

Os alias

Wmic os Where (primary='1') call win32shutdown *

This * parameter can have the following values:

Const LOGOFF=0

Const SHUTDOWN=1

Const REBOOT=2

Const FORCE=4

Const POWEROFF=8

These parameters can be combined arbitrarily, for example:

Forced logout: a combination of 4 (0,4)

Forced shutdown: a combination of 5 (1x 4)

Forced restart: a combination of 6 (2x4)

Forced power off: a combination of 12 (8x4)

WMIC set system time

Administrator privileges are required

Wmic os where (primary=1) call setdatetime 20120731144642.555555580

The time was changed to 14:46:42 on July 31, 2010.

Used to set the priority of the program

Wmic process 2556 call setpriority 64

64 Idle priority-low

16384 Below Normal priority-below standard

32 Normal priority-Standard

32768 Above Normal priority-above standard

128 High Priority priority-High

256 Real Time priority-Real time

Nicconfig alias

Wmic nicconfig where (index='8') call enablestatic "192.168.1.81", "255.255.255.0"

:: set the IP address and subnet mask

:: index='8' network index value, each network index value is different

Wmic nicconfig where (index='8') call setgateways "192.168.0.1", 1

:: set gateways and hops

Wmic nicconfig where (index='8') call setdnsdomain ("192.168.0.1", "192.168.0.11")

:: set the DNS server address. It will not take effect immediately after setting it. You must set the primary and secondary to take effect.

Wmic nicconfig where (index='8') call SetDNSServerSearchOrder ("192.168.0.1", "192.168.0.11")

:: sets the primary and secondary order of DNS server addresses. 192.168.0.1 is represented as the preferred DNS address before, and then as the alternate DNS address.

Wmic path Win32_NetworkAdapterConfiguration.index=8 call enabledhcp

WMIC's default NICCONFIG alias does not provide the enabledhcp method, so we can only call its WMI function to set the setting for dynamic allocation of IP addresses.

Wmic nicconfig where (index='8') get / value index value is the index value of your current network card. Each machine has different hunting methods. Please ask questions on Baidu.

The following are the individual attribute values set on the network side:

ArpAlwaysSourceRoute=

ArpUseEtherSNAP=

Caption= [00000008] Broadcom 440x 10/100 Integrated Controller

DatabasePath=%SystemRoot%\ System32\ drivers\ etc

DeadGWDetectEnabled=

DefaultIPGateway= {"192.168.0.1"}

DefaultTOS=

DefaultTTL=

Description=Broadcom 440x 10ram 100 Integrated Controller-packet Scheduler Mini Port

DHCPEnabled=FALSE

DHCPLeaseExpires=

DHCPLeaseObtained=

DHCPServer=

DNSDomain= ("192.168.0.1", "192.168.0.11")

DNSDomainSuffixSearchOrder=

DNSEnabledForWINSResolution=FALSE

DNSHostName=ql-libowen

DNSServerSearchOrder= {"192.168.0.1", "192.168.0.11"}

DomainDNSRegistrationEnabled=FALSE

ForwardBufferMemory=

FullDNSRegistrationEnabled=TRUE

GatewayCostMetric= {1}

IGMPLevel=

Index=8

IPAddress= {"192.168.0.81"}

IPConnectionMetric=20

IPEnabled=TRUE

IPFilterSecurityEnabled=FALSE

IPPortSecurityEnabled=

IPSecPermitIPProtocols= {"0"}

IPSecPermitTCPPorts= {"0"}

IPSecPermitUDPPorts= {"0"}

IPSubnet= {"255.255.255.0"}

IPUseZeroBroadcast=

IPXAddress=

IPXEnabled=FALSE

IPXFrameType=

IPXMediaType=

IPXNetworkNumber=

IPXVirtualNetNumber=

KeepAliveInterval=

KeepAliveTime=

MACAddress=00:0F:1F:4F:08:A0

MTU=

NumForwardPackets=

PMTUBHDetectEnabled=

PMTUDiscoveryEnabled=

ServiceName=bcm4sbxp

SettingID= {B97AA60A-483E-4C84-84FE-5A3C6A875B65}

TcpipNetbiosOptions=0

TcpMaxConnectRetransmissions=

TcpMaxDataRetransmissions=

TcpNumConnections=

TcpUseRFC1122UrgentPointer=

TcpWindowSize=

WINSEnableLMHostsLookup=TRUE

WINSHostLookupFile=

WINSPrimaryServer=

WINSScopeID=

WINSSecondaryServer=

Pagefileset alias

Wmic pagefileset get / value

:: check the virtual memory of the local computer, initial size, maximum value, save location

Wmic pagefileset create name='d:\ pagefile.sys',initialsize=512,maximumsize=1024

:: change the location of the virtual memory file (that is, the page file) to disk D, the initial value is 521MB, and the maximum value is 1024MB

Wmic pagefileset where (name='c:\\ pagefile.sys') delete

:: then delete the previous one, and you can realize the location of the virtual file

Share alias

WMIC SHARE CALL Create "", "test", "3", "TestShareName", "", "c:\ test", 0

:: set c:\ test folder to share, share name: testsharename, comment: the number of temp connection users is up to 3 users

0--Disk Drive

1--Print Queue

2--Device

3--IPC

2147483648--Disk Drive Admin

2147483649--Print Queue Admin

2147483650--Device Admin

2147483651--IPC Admin

WMIC SHARE where (path='c:\\ test') delete

:: delete the shared folder of c:\ test

Computersystem alias

Wmic computersystem Where "name='zhang'" call rename "ken"

To change the computer name zhang to ken, you need to boot the computer from

Wmic computersystem Where "name='zhang'" call joindomainorworkgroup "", "", "MyGroup"

:: change the workgroup named "zhang" to the Mygroup workgroup

Wmic computersystem Where "name=' computer name 'call UnjoinDomainOrWorkgroup

:: exit the domain of the computer with the name "zhang"

Wmic computersystem Where "name=' computer name'" call joindomainorworkgroup ", 1," Domain name "," Domain Administrator password "," Domain Administrator user name "

:: for example, the domain name you want to join is called QLART, and the domain administrator user name should be administrator@ql-art.com or qlart\ administrator password: XXXXXX

Useraccount alias

Wmic useraccount where (LocalAccount='1' and name='good') set disabled=true

:: disable the user name setting of good to stop the use of the account

Wmic useraccount where (LocalAccount='1' and name='good') set fullname= "hello world!"

:: set the full name of the account with the user name good to how are you. Of course, it is a prerequisite for you to have this account on your computer.

Baseboard alias

Wmic baseboard get manufacturer,product,version

The manufacturer of the motherboard, the model of the motherboard, the serial string and the model of the BIOS file can be obtained.

Cdrom alias

Wmic cdrom get name,manufacturer,drive,description,deviceID

:: get the model, manufacturer, drive letter and drive ID of the CD drive

Cpu alias

Wmic cpu get > d:\ cpu.txt

:: when you open a text file named cpu on disk D, you can see the details of CPU. Remember to uncheck the "automatic line wrapping" in notepad, otherwise it will dazzle you and you won't see anything.

Csproduct alias

Wmic csproduct list brief

:: display BIOS information

DESKTOPMONITOR alias

Wmic desktopmonitor get > d:\ monitor.txt

:: open the text file named cpu on disk D to see the details of CPU. Remember to uncheck the notepad "automatic line wrapping".

Environment alias

Wmic environment list > d:\ m.txt&&start d:\ m.txt

:: view environment variables

Group alias

Wmic group list > d:\ group.txt

:: open a text file named group on disk D to see the details of a group account. Remember to uncheck the notepad "automatic line wrapping".

Wmic + aliases + list > d:\ group.txt

:: you will get the corresponding information, such as: enter wmic idecontroller list > d:\ group.txt in cmd enter enter

Alias

IDECONTROLLER-IDE controller management.

IRQ-interval request line (IRQ) management.

JOB-provides access to work scheduled using the planning service.

LOADORDER-defines the management of system services for execution dependencies.

LOGICALDISK-Local storage device management.

LOGON-Log in to the session.

MEMCACHE-caches memory management.

MEMLOGICAL-system memory management (configuration layout and memory availability).

MEMPHYSICAL-physical memory management of computer systems.

NETCLIENT-Network client management.

NETLOGIN-(a user's) network login information management.

NETPROTOCOL-Protocol (and its network features) management.

NETUSE-active network connection management.

NIC-Network Interface Controller (NIC) management.

NICCONFIG-Network adapter management.

NTDOMAIN-NT domain management.

Items for the NTEVENT-NT event log

NTEVENTLOG-NT time log file management.

ONBOARDDEVICE-Motherboard (system board) built-in management of common adapter equipment.

OS-installed operating system management.

PAGEFILE-Virtual memory file swap management.

PAGEFILESET-Page file settings management.

PARTITION-Management of physical disk partition areas.

PORT-I PUBO port management.

PORTCONNECTOR-physical connection port management.

PRINTER-Printer device management.

PRINTERCONFIG-Printer device configuration management.

PRINTJOB-print job management.

PROCESS-process management.

PRODUCT-install package task management.

QFE-Quick troubleshooting.

QUOTASETTING-sets disk quota information for the volume.

RECOVEROS-Information that will be collected from memory when the operating system fails.

REGISTRY-computer system registry management.

SCSICONTROLLER-SCSI controller management.

SERVER-Server information management.

SERVICE-Service program management.

SHARE-shared resource management.

SOFTWAREELEMENT-Management of software product elements installed on the system.

SOFTWAREFEATURE-SoftwareElement management of software product components.

SOUNDDEV-Sound device management.

STARTUP-Management of commands that run automatically when the user logs in to the computer system.

SYSACCOUNT-system account management.

SYSDRIVER-system driver management for basic services.

SYSTEMENCLOSURE-closed management of physical systems.

SYSTEMSLOT-physical connection point management including ports, sockets, accessories, and primary connection points

TAPEDRIVE-Tape drive management.

TEMPERATURE-data management of temperature sensors (electronic thermometer).

TIMEZONE-time area data management.

UPS-uninterruptible power supply (UPS) management.

USERACCOUNT-user account management.

VOLTAGE-Voltage Sensor (Electronic electricity Meter) data management.

VOLUMEQUOTASETTING-Associates a disk volume with a disk quota setting.

At this point, the study on the "Wmic instance application code writing tutorial" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.