https://blog.csdn.net/enweitech/article/details/51982114
在CMD和Powershell中 使用WMIC
先决条件:
a. 启动Windows Management Instrumentation服务,开放TCP135端口。
b. 本地安全策略的“网络访问: 本地帐户的共享和安全模式”应设为“经典-本地用户以自己的身份验证”。
第一次执行WMIC命令时,Windows首先要安装WMIC,然后显示出WMIC的命令行提示符。在WMIC命令行提示符上,命令以交互的方式执行。
执行“wmic”命令启动WMIC命令行环境。这个命令可以在XP或 .NET Server的标准命令行解释器(cmd.exe)、Telnet会话或“运行”对话框中执行。这些启动方法可以在本地使用,也可以通过.NET Server终端服务会话使用。
wimic的运行方式可以有两种法:
1、搞入wimic进入后输入命令运行,键入wimic后出现wmic:rootcli>时你就可以输入命令了,如输入process显示所有的进程。不知道有什么命令时可以输入用/?来显示帮助。exit 是退出交互模式。
2、用wimic 后面直接跟命令运行,如wmic process 就显示了所有的进程了。这两种运行方法就是:交互模式(Interactive mode)和非交互模式(Non-Interactive mode)
wmic 获取进程名称以及可执行路径:
wmic process get name,executablepath
wmic 删除指定进程(根据进程名称):
wmic process where name="qq.exe" call terminate
或者用
wmic process where name="qq.exe" delete
wmic 删除指定进程(根据进程PID):
wmic process where pid="123" delete
wmic 创建新进程
wmic process call create "C:Program FilesTencentQQQQ.exe"
在远程机器上创建新进程:
wmic /node:192.168.1.10 /user:administrator /password:123456 process call create cmd.exe
关闭本地计算机
wmic process call create shutdown.exe
重启远程计算机
wmic /node:192.168.1.10/user:administrator /password:123456 process call create "shutdown.exe -r -f -m"
更改计算机名称
wmic computersystem where "caption='%ComputerName%'" call rename newcomputername
更改帐户名
wmic USERACCOUNT where "name='%UserName%'" call rename newUserName
wmic 结束可疑进程(根据进程的启动路径)
wmic process where "name='explorer.exe' and executablepath<>'%SystemDrive%windowsexplorer.exe'" delete
wmic 获取物理内存
wmic memlogical get TotalPhysicalMemory|find /i /v "t"
wmic 获取文件的创建、访问、修改时间
复制代码代码如下:
@echo off
for /f "skip=1 tokens=1,3,5 delims=. " %%a in ('wmic datafile where name^="c:windowssystem32
otepad.exe" get CreationDate^,LastAccessed^,LastModified') do (
set a=%%a
set b=%%b
set c=%%c
echo 文件: c:windowssystem32
otepad.exe
echo.
echo 创建时间: %a:~0,4% 年 %a:~4,2% 月 %a:~6,2% 日 %a:~8,2% 时 %a:~10,2% 分 %a:~12,2% 秒
echo 最后访问: %b:~0,4% 年 %b:~4,2% 月 %b:~6,2% 日 %b:~8,2% 时 %b:~10,2% 分 %b:~12,2% 秒
echo 最后修改: %c:~0,4% 年 %c:~4,2% 月 %c:~6,2% 日 %c:~8,2% 时 %c:~10,2% 分 %c:~12,2% 秒
)
echo.
pause
wmic 全盘搜索某文件并获取该文件所在目录
for /f "skip=1 tokens=1*" %i in ('wmic datafile where "FileName='qq' and extension='exe'" get drive^,path') do (set "qPath=%i%j"&@echo %qPath:~0,-3%)
获取屏幕分辨率 wmic DESKTOPMONITOR where Status='ok' get ScreenHeight,ScreenWidth
wmic PageFileSet set InitialSize="512",MaximumSize="512"
设置虚拟内存到E盘,并删除C盘下的页面文件,重启计算机后生效
wmic PageFileSet create name="E:pagefile.sys",InitialSize="1024",MaximumSize="1024"
wmic PageFileSet where "name='C:pagefile.sys'" delete
获得进程当前占用的内存和最大占用内存的大小:
wmic process where caption='filename.exe' get WorkingSetSize,PeakWorkingSetSize
以KB为单位显示
复制代码代码如下:
@echo off
for /f "skip=1 tokens=1-2 delims= " %%a in ('wmic process where caption^="conime.exe" get WorkingSetSize^,PeakWorkingSetSize') do (
set /a m=%%a/1024
set /a mm=%%b/1024
echo 进程conime.exe现在占用内存:%m%K;最高占用内存:%mm%K
)
pause
远程打开计算机远程桌面
wmic /node:%pcname% /USER:%pcaccount% PATH win32_terminalservicesetting WHERE (__Class!="") CALL SetAllowTSConnections 1
检测是否插入U盘的批处理
复制代码代码如下:
@echo off
((wmic logicaldisk where "drivetype=2" get name|find "无可用范例")>nul 2>nul)||for /f "skip=1 tokens=* delims=" %%i in ('wmic logicaldisk where "drivetype=2" get name') do echo U盘盘符是 %%i
pause
rem 查看cpu
wmic cpu list brief
rem 查看物理内存
wmic memphysical list brief
rem 查看逻辑内存
wmic memlogical list brief
rem 查看缓存内存
wmic memcache list brief
rem 查看虚拟内存
wmic pagefile list brief
rem 查看网卡
wmic nic list brief
rem 查看网络协议
wmic netprotocal list brief
【例】将当前系统BIOS,CPU,主板等信息输出到一个HTML网页文件,命令如下:
::得到系统信息.bat,运行bat文件即可
::系统信息输出到HTML文件,查看帮助: wmic /?
::wmic [系统参数名] list [brief|full] /format:hform >|>> [文件名]
wmic bios list brief /format:hform > PCinfo.html
wmic baseboard list brief /format:hform >>PCinfo.html
wmic cpu list full /format:hform >>PCinfo.html
wmic os list full /format:hform >>PCinfo.html
wmic computersystem list brief /format:hform >>PCinfo.html
wmic diskdrive list full /format:hform >>PCinfo.html
wmic memlogical list full /format:hform >>PCinfo.html
PCinfo.html
【经典案例语句】
- wmic /node:"192.168.1.20" /user:"domainadministrator" /password:"123456"
2.【硬件管理】:
获取磁盘资料:
wmic DISKDRIVE get deviceid,Caption,size,InterfaceType
获取分区资料:
wmic LOGICALDISK get name,Description,filesystem,size,freespace
获取CPU资料:
wmic cpu get name,addresswidth,processorid
获取主板资料:
wmic BaseBoard get Manufacturer,Product,Version,SerialNumber
获取内存数:
wmic memlogical get totalphysicalmemory
获得品牌机的序列号:
wmic csproduct get IdentifyingNumber
获取声卡资料:
wmic SOUNDDEV get ProductName
获取屏幕分辨率
wmic DESKTOPMONITOR where Status='ok' get ScreenHeight,ScreenWidth
- PROCESS【进程管理】:
列出进程
wmic process list brief
(Full显示所有、Brief显示摘要、Instance显示实例、Status显示状态)
wmic 获取进程路径:
wmic process where name="jqs.exe" get executablepath
wmic 创建新进程
wmic process call create notepad
wmic process call create "C:Program FilesTencentQQQQ.exe"
wmic process call create "shutdown.exe -r -f -t 20"
wmic 删除指定进程:
wmic process where name="qq.exe" call terminate
wmic process where processid="2345" delete
wmic process 2345 call terminate
wmic 删除可疑进程
wmic process where "name='explorer.exe' and executablepath<>'%SystemDrive%windowsexplorer.exe'" delete
wmic process where "name='svchost.exe' and ExecutablePath<>'C:WINDOWSsystem32svchost.exe'" call Terminate
- USERACCOUNT【账号管理】:
更改当前用户名
WMIC USERACCOUNT where "name='%UserName%'" call rename newUserName
WMIC USERACCOUNT create /?
- SHARE【共享管理】:
建立共享
WMIC SHARE CALL Create "","test","3","TestShareName","","c: est",0
(可使用 WMIC SHARE CALL Create /? 查看create后的参数类型)
删除共享
WMIC SHARE where name="C$" call delete
WMIC SHARE where path='c: est' delete
- SERVICE【服务管理】:
更改telnet服务启动类型[Auto|Disabled|Manual]
wmic SERVICE where name="tlntsvr" set startmode="Auto"
运行telnet服务
wmic SERVICE where name="tlntsvr" call startservice
停止ICS服务
wmic SERVICE where name="ShardAccess" call stopservice
删除test服务
wmic SERVICE where name="test" call delete
- FSDIR【目录管理】
列出c盘下名为test的目录
wmic FSDIR where "drive='c:' and filename='test'" list
删除c:good文件夹
wmic fsdir "c: est" call delete
重命名c: est文件夹为abc
wmic fsdir "c: est" rename "c:abc"
wmic fsdir where (name='c: est') rename "c:abc"
复制文件夹
wmic fsdir where name='d: est' call copy "c: est"
7.datafile【文件管理】
重命名
wmic datafile "c: est.txt" call rename c:abc.txt
8.【任务计划】:
wmic job call create "notepad.exe",0,0,true,false,154800.000000+480
wmic job call create "explorer.exe",0,0,1,0,154600.000000+480