Command Line Toolkit For Windows

Discuss anything related to command line tools here.
Post Reply
Message
Author
User avatar
Midas
Posts: 6705
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Command Line Toolkit For Windows

#1 Post by Midas »

After recently posting about some CLI (Command Line Interface) geekery, I came across what I find a rather useful resource of the same kind at the Bleeping Computer site:

How to create a command-line toolkit for Windows
http://www.bleepingcomputer.com/tutoria ... r-windows/
If you are a system administrator, IT professional, or a power user it is common to find yourself using the command prompt to perform administrative tasks in Windows. Whether it be copying files, accessing the Registry, searching for files, or modifying disk partitions, command-line tools can be faster and more powerful than their graphical alternatives. This tutorial will walk you through creating a command-line toolkit that contains useful programs and utilities that can make administering and using your computer easier and more efficient.

User avatar
Midas
Posts: 6705
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Command Line Toolkit For Windows

#2 Post by Midas »

As it concerns the CLI, I converted the page content to a suitable format (<80 column text, except for URLs); and I'm posting it here in case someone else finds it useful. And if you find some other tools ought to be included, just post them below.
# denotes Headers;
> precedes the command name (and if followed be !int, indicates it's an internal windows command);
An URL below the command points to an external command webpage; if the URL is at the end of the entry, then it's a command information page.

Code: Select all

The Command Line Toolkit For Windows
http://www.bleepingcomputer.com/tutorials/command-line-toolkit-for-windows/

# ADMINISTRATION AND TROUBLESHOOTING PROGRAMS

>AccessChk
http://technet.microsoft.com/en-us/sysinternals/bb664922
AccessChk lists the kind of permissions specific users or groups have to 
resources including files, directories, Registry keys, global objects and 
Windows services

>at	!int
The AT command schedules commands and programs to run on a computer at a 
specified time and date. The Schedule service must be running to use the AT 
command.

>CoreInfo
http://technet.microsoft.com/en-us/sysinternals/cc835722
Coreinfo is a command-line utility that shows you the mapping between 
logical processors and the physical processor, NUMA node, and socket on 
which they reside, as well as the cache’s assigned to each logical 
processor.

>driverquery	!int
Displays a list of installed device drivers.

>MpCmdRun.exe	!int
A command-line interface for Windows Defender. To execute this program you 
must use the full path: %ProgramFiles%\Windows Defender\MpCmdRun.exe

>net	!int
Various Windows management commands. More information can be found here.
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/net_subcmds.mspx

>netsh	!int
Netsh is a command-line scripting utility that allows you to, either locally 
or remotely, display or modify the network configuration of a computer that 
is currently running. More information can be found here.
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/netsh.mspx

>powershell	!int
Windows PowerShell is a task-based command-line shell and scripting language 
designed especially for system administration. More information can be found 
here.
http://msdn.microsoft.com/en-us/library/windows/desktop/dd835506%28v=vs.85%29.aspx

>PsLogList
http://technet.microsoft.com/en-us/sysinternals/bb897544
Allows you to list the contents of local or remote computer's Windows Event 
Log.

>PsPasswd
http://technet.microsoft.com/en-us/sysinternals/bb897543
PsPasswd is a tool that lets you change an account password on the local or 
remote systems.

>PsService
http://technet.microsoft.com/en-us/sysinternals/bb897542
Allows you to list and configure Windows services.

>runas	!int
Run a program as another user.

>rundll32	!int
Execute functions exported in a DLL file.

>sc	!int
Manage Windows Services.

>shutdown	!int
Shutdown a local or remote computer.

>SigCheck
http://technet.microsoft.com/en-us/sysinternals/bb897441
Verify that images are digitally signed and dumps version information 
contained within the file.

>UnixUtils
http://sourceforge.net/projects/unxutils/
A collection of Unix utilities that have been ported to Windows. These 
utilities are very useful and include programs like grep, split, tar, dir, 
etc.

>wmic	!int
A program that allows command-line and batch file access to Windows 
Management Instrumentation. More information can be found here.
http://technet.microsoft.com/en-us/library/bb742610.aspx

>WUInstall
http://wuinstall.com/index.php/en/free
A command-line Windows Update installer and management program.

# BOOT AND WINDOWS STARTUP PROGRAMS

>bcdboot	!int
The bcdboot.exe command-line tool is used to copy critical boot files to the 
system partition and to create a new system BCD store. More information can 
be found at:
http://technet.microsoft.com/en-us/library/dd744347%28v=ws.15%29.aspx

>bcdedit	!int
The Bcdedit.exe command-line tool modifies the boot configuration data 
store. The boot configuration data store contains boot configuration 
parameters and controls how the operating system is booted. This tool is for 
Windows Vista and later. More information can be found at:
http://technet.microsoft.com/en-us/library/cc709667%28v=ws.15%29.aspx

>bootcfg	!int
More information can be found at:
http://support.microsoft.com/kb/291980

>repair-bde	!int
The bootcfg command is a Microsoft Windows Server 2003 utility that modifies 
the Boot.ini file. This command has a function that can scan your computer's 
hard disks for Microsoft Windows NT, Microsoft Windows 2000, Microsoft 
Windows XP, and Windows Server 2003 installations, and then add them to an 
existing Boot.ini file or rebuild a new Boot.ini file if one does not exist. 
You can use the bootcfg command to add additional Boot.ini file parameters 
to existing or new entries. More information can be found at:
http://support.microsoft.com/kb/317521

# FILE COMPARISON, SEARCH, AND VIEWING PROGRAMS

>comp	!int
Compares the contents of two files or sets of files.

>findstr	!int
Searches for strings in files. This is a powerful tool, but contains a 
limited Regular Expression functionality. If you want a string searching 
tool with greater RegExp functionality, you may want to use grep that is 
part of the UnixUtils package.

>fc	!int
Compares two files or sets of files and displays the differences between 
them.

>more	!int
Displays a file one page at a time.

>sort	!int
Reads input, sorts data, and writes the results to the screen, to a file, or 
to another device. More information about sort can be found at:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sort.mspx

>type	!int
Displays the entire file to the screen.

# FILE PERMISSION AND MANAGEMENT PROGRAMS

>7Zip
http://www.7-zip.org/
Full featured archive program that can work with almost any archive type. 
When adding this to your command-line folder, be sure to copy both 7z.exe & 
7z.dll for it to work properly.

>attrib	!int
Displays, sets, or removes the read-only, archive, system, and hidden 
attributes assigned to files or directories. Used without parameters, attrib 
displays attributes of all files in the current directory. More information 
can be found at:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/attrib.mspx

>cd	!int
Changes the current working directory.

>copy	!int
Copy a file to another name or to a different folder.

>dir	!int
List the files in a folder.

>File Checksum Integrity Verifier
http://support.microsoft.com/kb/841290
The File Checksum Integrity Verifier (FCIV) utility can generate MD5 or 
SHA-1 hash values for files to compare the values against a known good 
value. FCIV can compare hash values to make sure that the files have not 
been changed.

>forfiles	!int
Selects a file (or set of files) and executes a command on that file.

>Handle
http://technet.microsoft.com/en-us/sysinternals/bb896655
Handle is a utility that displays information about open handles for any 
process in the system. You can use it to see the programs that have a file 
open, or to see the object types and names of all the handles of a program.

>icacls	!int
Displays or modifies discretionary access control lists (DACLs) on specified 
files, and applies stored DACLs to files in specified directories. More 
information about icacls can be found here.

>Junction
http://technet.microsoft.com/en-us/sysinternals/bb896768
Allows you to create, list, or delete Junctions in Windows.
http://msdn.microsoft.com/en-us/library/windows/desktop/aa365006%28v=vs.85%29.aspx

>LADS
http://www.heysoft.de/en/software/lads.php?lang=EN
LADS will display a list of all alternate data streams found in a particular 
folder.

>md5sum
http://www.etree.org/md5com.html
Lists the md5 has for a particular file or numerous files in a folder.

>move	!int
Move a file or folder to another location.

>ren	!int
Rename a file or folder.

>Sdelete
http://technet.microsoft.com/en-us/sysinternals/bb897443
You can use SDelete both to securely delete existing files, as well as to 
securely erase any file data that exists in the unallocated portions of a 
disk (including files that you have already deleted or encrypted). SDelete 
implements the Department of Defense clearing and sanitizing standard DOD 
5220.22-M, to give you confidence that once deleted with SDelete, your file 
data is gone forever.

>sfc	!int
Scans the integrity of all protected system files and replaces incorrect 
versions with correct Microsoft versions.

>Strings
http://technet.microsoft.com/en-us/sysinternals/bb897439
Displays strings found within a file.

>xcopy	!int
Copies files and directories, including subdirectories.

# FILESYSTEM MANAGEMENT PROGRAMS

>chkdsk	!int
Checks a disk and displays a status report.

>defrag	!int
Locates and consolidates fragmented files on local volumes to improve system 
performance.

>diskpart	!int
Diskpart allows you to manage and modify disk partitions. More information 
about diskpart can be found at:
http://support.microsoft.com/kb/300415

>FixMBR	!int
Repairs the master boot record of the boot disk. The fixmbr command is only 
available when you are using the Recovery Console.

>recover	!int
Recovers readable information from a bad or defective disk.

>takeown	!int
This tool allows an administrator to recover access to a file that was 
denied by re-assigning file ownership.

# NETWORK DIAGNOSTICS & ADMINISTRATION PROGRAMS

>arp	!int
Displays and modifies the IP-to-Physical address translation tables used by 
address resolution protocol (ARP). Useful for finding mac addresses of other 
networked devices on your network.

>cURL
http://curl.haxx.se/
cURL is a command line tool for downloading web pages, entire sites, ftp 
files, etc.

>ipconfig	!int
Displays all current TCP/IP network configuration values and refreshes 
Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) 
settings. Used without parameters, ipconfig displays the IP address, subnet 
mask, and default gateway for all adapters. More information can be found at:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/ipconfig.mspx

>Netcat
http://netcat.sourceforge.net/
Netcat is a featured networking utility which reads and writes data across 
network connections, using the TCP/IP protocol. This is a very useful tool 
for diagnosing network connections, open firewall ports, or for sending the 
output of a local command to a remote computer.

>netstat	!int
Displays protocol statistics and current TCP/IP network connections.

>Nmap
http://nmap.org/
Nmap ("Network Mapper") is a utility for network discovery and security 
auditing. This program can quickly perform a TCP/IP audit of your network.

>nslookup	!int
Nslookup allows you to perform DNS (Domain Name Service) resolution.

>pathping	!int
The PathPing tool is a route tracing tool that combines features of Ping and 
Tracert with additional information that neither of those tools provides. 
PathPing sends packets to each router on the way to a final destination over 
a period of time, and then computes results based on the packets returned 
from each hop. Since PathPing shows the degree of packet loss at any given 
router or link, you can pinpoint which routers or links might be causing 
network problems. More information can be found at:
http://technet.microsoft.com/en-us/library/cc958876.aspx

>ping	!int
Ping is a computer network administration utility used to test if you can 
reach a host on an Internet Protocol (IP) network and to measure the 
round-trip time for messages sent from the originating host to a destination 
computer.

>PsFile
http://technet.microsoft.com/en-us/sysinternals/bb897552
PsFile is a command-line utility that shows a list of files on a system that 
are opened remotely, and it also allows you to close opened files either by 
name or by a file identifier.

>PsExec
http://technet.microsoft.com/en-us/sysinternals/bb897553
PsExec is a program that lets you execute processes on other systems, 
complete with full interactive use for console applications, without having 
to manually install client software. Please note that some anti-virus 
vendors may detect this as "Remote Admin", but it is a legitimate tool from 
Microsoft.

>PsLoggedOn
http://technet.microsoft.com/en-us/sysinternals/bb897545
PsLoggedOn is an program that displays both the locally logged on users and 
users logged on via resources for either the local computer, or a remote 
one. If you specify a user name instead of a computer, PsLoggedOn searches 
the computers in the network neighborhood and tells you if the user is 
currently logged on.

>route	!int
Displays and modifies the entries in the local IP routing table. Used 
without parameters, route displays help. More information can be found at:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/route.mspx

>tracert	!int
Displays the path taken from TCP/IP packets as they traverse from your local 
computer to a remote target. More information can be found at:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/tracert.mspx

>Wget
http://www.gnu.org/software/wget/
GNU Wget is a program for retrieving files using HTTP, HTTPS and FTP, the 
most widely-used Internet protocols.

# PROCESS MANAGEMENT PROGRAMS

>ListDlls
http://technet.microsoft.com/en-us/sysinternals/bb896656
ListDLLs is a utility that reports the DLLs loaded into processes. You can 
use it to list all DLLs loaded into all processes, into a specific process, 
or to list the processes that have a particular DLL loaded.

>PsKill
http://technet.microsoft.com/en-us/sysinternals/bb896683
Allows you to terminate processes.

>PsList
http://technet.microsoft.com/en-us/sysinternals/bb896682
Lists all running processes.

>tasklist	!int
Lists all running running processes and services. This program can also be 
used to list what services are running under a particular svchost process. 
For more information regarding how to do that, see:
http://www.bleepingcomputer.com/tutorials/list-services-running-under-svchostexe-process/#tasklist

>taskkill	!int
This tool is used to terminate tasks by process id (PID) or image name.

User avatar
webfork
Posts: 10818
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: Command Line Toolkit For Windows

#3 Post by webfork »

I realize this thread isn't exclusively about PsExec, but just wanted to share one usage I have for the program:

This is a somewhat messy process I'm running on my machine at startup to get programs going.  Feedback welcome.

"C:\Temp\portable\pstools\PsExec64.exe" -d -abovenormal -a 2,4 "C:\Temp\portable\Notepad++\notepad++.exe"
"C:\Temp\portable\pstools\PsExec64.exe" -d -abovenormal -a 1,3 "C:\Temp\portable\Everything\Everything.exe"
"C:\Temp\portable\pstools\PsExec64.exe" -d -abovenormal -a 1,4 "C:\Temp\portable\Ditto\Ditto.exe"
"C:\Temp\portable\pstools\PsExec64.exe" -d -low -a 2 "C:\Temp\portable\autover\AutoVer.exe"


Explanation: AutoVer is my backup program so it doesn't need a lot of resources, but the other three programs are important so they have abovenormal status. I also gave the top three access to two processors (a- 2,4 and a-1,3) but capped Autover at processor two (-a 2).

Finally, I don't always launch Outlook at startup, so I use Nircmd to prompt me:

"C:\Temp\portable\nircmd\nircmd.exe" qbox "Do you want to launch Outlook?" "question" "C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE"
---

Related:

Detailed guide to PsExec: https://adamtheautomator.com/psexec-ultimate-guide/

User avatar
Midas
Posts: 6705
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Command Line Toolkit For Windows

#4 Post by Midas »

No opinion on your use of PsExec, but I really liked your use of Nircmd for prompting and will keep it mind for future use. :sunglasses:

User avatar
webfork
Posts: 10818
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: Command Line Toolkit For Windows

#5 Post by webfork »

Midas wrote: Sat Jun 06, 2020 4:45 am No opinion on your use of PsExec, but I really liked your use of Nircmd for prompting and will keep it mind for future use. :sunglasses:
Yeah, there's arguably something for everyone in that toolset. For those looking for an introduction to everything command-line tools can do, Nircmd is probably the place to start.

User avatar
Midas
Posts: 6705
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Command Line Toolkit For Windows

#6 Post by Midas »

Quick note about the missing webpage of etree's md5sum (included in the toolkit above) -- since 2018-09-09 according to the WayBack Machine, which unfortunately didn't keep the executable (CORRECTION: in fact it did, see vevy's post below).

Most notable feature of this 48kB executable is its ready production of standard (and TeraCopy's) formatted hashes.

FYI, I was able to get it from download.cnet.com/Md5sum/3000-2248_4-10521061.html.

Code: Select all

> md5sum.exe md5sum.exe
eb574b236133e60c989c6f472f07827b *md5sum.exe

User avatar
vevy
Posts: 795
Joined: Tue Sep 10, 2019 11:17 am

Re: Command Line Toolkit For Windows

#7 Post by vevy »

https://web.archive.org/web/20171011202 ... md5sum.exe (October 2017)

This seems to be a very old version of Coreutils md5sum. There are newer and faster versions of md5sum, let alone other md5 hash tools. I would recommend yhash or OpenSSL.

Also, I found MSYS2/Cygwin versions of a Unix tool to be significantly faster than other ports.

For example, MSYS2 port of OpenSSL is often 2-3 times faster than md5sum and sha1sum of UnxUtils (which is frequently recommended).

User avatar
Midas
Posts: 6705
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Command Line Toolkit For Windows

#8 Post by Midas »


Hashes match, so I added a note to my post. Thanks.

vevy wrote:This seems to be a very old version of Coreutils md5sum.

How can you tell? Because I can't...

vevy wrote:There are newer and faster versions of md5sum, let alone other md5 hash tools.

I don't hold the faintest doubt about that. My question is: is their output ready for use or does it need massaging, as you've noticed with my scripts elsewhere?

vevy wrote:I would recommend yhash or OpenSSL. [...] MSYS2 port of OpenSSL is often 2-3 times faster than md5sum and sha1sum of UnxUtils (which is frequently recommended).

Duly noted. :sunglasses:

User avatar
vevy
Posts: 795
Joined: Tue Sep 10, 2019 11:17 am

Re: Command Line Toolkit For Windows

#9 Post by vevy »

Midas wrote: Mon Jun 08, 2020 2:22 pm

Hashes match, so I added a note to my post. Thanks.
https://web.archive.org/web/*/etree.org*
Filter by md5sum .exe and sort by TO.

You occasionally need to jiggle a screwdriver into archive.org to get what you need! :mrgreen:
How can you tell? Because I can't...

Code: Select all

md5sum.exe --version
Also, the excellent Strings.

My question is: is their output ready for use or does it need massaging
:? The output is pretty much identical. They are versions of the same tool. Or have I missed something?
vevy wrote:I would recommend yhash or OpenSSL. [...] MSYS2 port of OpenSSL is often 2-3 times faster than md5sum and sha1sum of UnxUtils (which is frequently recommended).

Duly noted. :sunglasses:
BTW, OpenSSL's output can be made to match Coreutils *sum tools: hash-tab-filename. Use -r.

User avatar
Midas
Posts: 6705
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Command Line Toolkit For Windows

#10 Post by Midas »

Great. That will teach me not to overlook the unix syntax for program parameters -- I wrongly assumed md5sum had none. 🤪

And thanks for another valuable tip for Archive.org.

Post Reply