Windows 使用 wmic 查看运行进程的参数

查看所有运行中进程的命令行参数：

wmic process get caption,commandline /value

 

查询指定程序的命令行参数：

wmic process where caption="WeChat.exe" get processid,caption,commandline /value

 

查询指定进程的命令行参数：

wmic process where processid="3476" get commandline

 

模糊查询指定程序的命令行参数：

wmic process where "caption like '%java%'" get processid,caption,commandline /value

 

硬件管理

获取磁盘资料：

 

wmic DISKDRIVE get deviceid,Caption,size,InterfaceType

获取分区资料：

 

wmic LOGICALDISK get name,Description,filesystem,size,freespace

获取CPU资料:

 

wmic cpu get name,addresswidth,processorid

获取主板资料:

 

wmic BaseBoard get Manufacturer,Product,Version,SerialNumber

获取内存数:

 

wmic memlogical get totalphysicalmemory

获得品牌机的序列号:

 

wmic csproduct get IdentifyingNumber

获取声卡资料:

 

wmic SOUNDDEV get ProductName

获取屏幕分辨率

 

wmic DESKTOPMONITOR where Status='ok' get ScreenHeight,ScreenWidth

PROCESS 进程管理

列出进程

 

wmic process list brief

Full 显示所有、Brief 显示摘要、Instance 显示实例、Status 显示状态

 

取进程路径

 

wmic process where name="jqs.exe" get executablepath

创建新进程

 

wmic process call create notepad

wmic process call create "C:Program FilesTencentQQQQ.exe"

wmic process call create "shutdown.exe -r -f -t 20"

删除指定进程

 

wmic process where name="qq.exe" call terminate

wmic process where processid="2345" delete

wmic process 2345 call terminate

删除可疑进程

 

wmic process where "name='explorer.exe' and executablepath<>'%SystemDrive%\windows\explorer.exe'" delete

wmic process where "name='svchost.exe' and ExecutablePath<>'C:\WINDOWS\system32\svchost.exe'" call Terminate

USERACCOUNT 账号管理

更改当前用户名

 

WMIC USERACCOUNT where "name='%UserName%'" call rename newUserName

WMIC USERACCOUNT create /?

SHARE 共享管理

建立共享

 

WMIC SHARE CALL Create "","test","3","TestShareName","","c: est",0

可使用 WMIC SHARE CALL Create /? 查看 create 后的参数类型

 

删除共享

 

WMIC SHARE where name="C$" call delete

WMIC SHARE where path='c:\test' delete

SERVICE 服务管理

更改 telnet 服务启动类型 Auto|Disabled|Manual

 

wmic SERVICE where name="tlntsvr" set startmode="Auto"

运行telnet服务

 

wmic SERVICE where name="tlntsvr" call startservice

停止ICS服务

 

wmic SERVICE where name="ShardAccess" call stopservice

删除test服务

 

wmic SERVICE where name="test" call delete

FSDIR 目录管理

列出 C 盘下名为 test 的目录

 

wmic FSDIR where "drive='c:' and filename='test'" list

删除 c:/good 文件夹

 

wmic fsdir "c:\test" call delete

重命名 c:/est 文件夹为 abc

 

wmic fsdir "c:\test" rename "c:abc"

wmic fsdir where (name='c:\test') rename "c:abc"

复制文件夹

 

wmic fsdir where name='d:\test' call copy "c:\test"

datafile 文件管理

重命名

 

wmic datafile "c:\test.txt" call rename c:abc.txt

任务计划

 

wmic job call create "notepad.exe",0,0,true,false,********154800.000000+480

wmic job call create "explorer.exe",0,0,1,0,********154600.000000+480