跳到主要內容

Windows好用的command line指令

這邊可以下載toolkit,雖然是2003的, 可以在XP上執行:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=9D467A69-57FF-4AE7-96EE-B18C4790CFFD&displaylang=en

提供功能如下:
Acctinfo.dll (documented in Readme.htm)
Adlb.exe: Active Directory Load Balancing Tool
Admx.msi: ADM File Parser
Atmarp.exe: Windows ATM ARP Server Information Tool
Atmlane.exe: Windows ATM LAN Emulation Client Information
Autoexnt.exe: AutoExNT Service
Cdburn.exe: ISO CD-ROM Burner Tool
Checkrepl.vbs: Check Replication
Chklnks.exe: Link Check Wizard
Chknic.exe: Network Interface Card Compliance Tool for Network Load Balancing
Cleanspl.exe: Spooler Cleaner
Clearmem.exe: Clear Memory
Clusdiag.msi: Cluster Diagnostics and Verification Tool
Clusfileport.dll: Cluster Print File Port
Clusterrecovery.exe: Server Cluster Recovery Utility
Cmdhere.inf: Command Here
Cmgetcer.dll: Connection Manager Certificate Deployment Tool
Compress.exe: Compress Files
Confdisk.exe: Disk Configuration Tool
Consume.exe: Memory Consumers Tool
Creatfil.exe: Create File
Csccmd.exe: Client-Side Caching Command-Line Options
Custreasonedit.exe: Custom Reason Editor (documented in Readme.htm)
Delprof.exe: User Profile Deletion Utility
Dh.exe: Display Heap
Diskraid.exe: RAID Configuration Tool
Diskuse.exe: User Disk Usage Tool
Dnsdiag.exe: SMTP DNS Diagnostic Tool (documented in Readme.htm)
Dumpfsmos.cmd: Dump FSMO Roles
Dvdburn.exe: ISO DVD Burner Tool
Empty.exe: Free Working Set Tool
Eventcombmt.exe: Check Replication
Fcopy.exe: File Copy Utility for Message Queuing
Frsflags.vbs
Getcm.exe: Connection Manager Profile Update
Gpmonitor.exe: Group Policy Monitor
Gpotool.exe: Group Policy Objects
Hlscan.exe: Hard Link Display Tool
Ifilttst.exe: IFilter Test Suite
Ifmember.exe: User Membership Tool
Inetesc.adm: Internet Explorer Enhanced Security Configuration
Iniman.exe: Initialization Files Manipulation Tool
Instcm.exe: Install Connection Manager Profile
Instsrv.exe: Service Installer
Intfiltr.exe: Interrupt Affinity Tool
Kerbtray.exe: Kerberos Tray
Kernrate.exe: Kernel Profiling Tool
Klist.exe: Kerberos List
Krt.exe: Certification Authority Key Recovery
Lbridge.cmd: L-Bridge
Linkd.exe
Linkspeed.exe: Link Speed
List.exe: List Text File Tool
Lockoutstatus.exe: Account Lockout Status (documented in Readme.htm)
Logtime.exe
Lsreport.exe: Terminal Services Licensing Reporter
Lsview.exe: Terminal Services License Server Viewer
Mcast.exe: Multicast Packet Tool
Memmonitor.exe: Memory Monitor
Memtriage.exe: Resource Leak Triage Tool
Mibcc.exe: SNMP MIB Compiler
Moveuser.exe: Move Users
Mscep.dll: Certificate Services Add-on for Simple Certificate Enrollment Protocol
Nlsinfo.exe: Locale Information Tool
Now.exe: STDOUT Current Date and Time
Ntimer.exe: Windows Program Timer
Ntrights.exe
Oh.exe: Open Handles
Oleview.exe: OLE/COM Object Viewer
Pathman.exe: Path Manager
Permcopy.exe: Share Permissions Copy
Perms.exe: User File Permissions Tool
Pfmon.exe: Page Fault Monitor
Pkiview.msc: PKI Health Tool
Pmon.exe: Process Resource Monitor
Printdriverinfo.exe: Drivers Source
Prnadmin.dll: Printer Administration Objects
Qgrep.exe
Qtcp.exe: QoS Time Stamp
Queryad.vbs: Query Active Directory
Rassrvmon.exe: RAS Server Monitor
Rcontrolad.exe: Active Directory Remote Control Add-On
Regini.exe: Registry Change by Script
Regview.exe (documented in Readme.htm)
Remapkey.exe: Remap Windows Keyboard Layout
Robocopy.exe: Robust File Copy Utility
Rpccfg.exe: RPC Configuration Tool
Rpcdump.exe
Rpcping.exe
RPing: RPC Connectivity Verification Tool
Rqc.exe: Remote Access Quarantine Client
Rqs.exe: Remote Access Quarantine Agent
Setprinter.exe: Spooler Configuration Tool
Showacls.exe
Showperf.exe: Performance Data Block Dump Utility
Showpriv.exe: Show Privilege
Sleep.exe: Batch File Wait
Sonar.exe: FRS Status Viewer
Splinfo.exe: Print Spooler Information
Srvany.exe: Applications as Services Utility
Srvcheck.exe: Server Share Check
Srvinfo.exe: Remote Server Information
Srvmgr.exe: Server Manager
Ssdformat.exe: System State Data Formatter
Subinacl.exe
Tail.exe
Tcmon.exe: Traffic Control Monitor
Timeit.exe (documented in Readme.htm)
Timezone.exe: Daylight Saving Time Update Utility
Tsctst.exe: Terminal Server Client License Dump Tool
Tsscalling.exe: Terminal Services Scalability Planning Tools
Uddicatschemeeditor.exe: UDDI Services Categorization Scheme Editor
Uddiconfig.exe: UDDI Services Command-line Configuration Utility
Uddidataexport.exe: UDDI Data Export Wizard
Usrmgr.exe: User Manager for Domains
Vadump.exe: Virtual Address Dump
Vfi.exe: Visual File Information
Volperf.exe: Shadow Copy Performance Counters
Volrest.exe: Shadow Copies for Shared Folders Restore Tool
Vrfydsk.exe: Verify Disk
Winexit.scr: Windows Exit Screen Saver
Winhttpcertcfg.exe: WinHTTP Certificate Configuration Tool
Winhttptracecfg.exe: WinHTTP Tracing Facility Configuration Tool
Winpolicies.exe: Policy Spy
Wins.dll: WINS Replication Network Monitor Parser
Wlbs_hb.dll & Wlbs_rc.dll: Windows Load Balancing Server Network Monitor Parsers

留言

這個網誌中的熱門文章

資料序列stationary檢定方法

在這裡指的stationary是指stationary process或stationary time series. 什麼是stationary process? 簡單來說就是在一個process中的data distribution不會經過時間推移或者改變位置就改變, 平均數與變異數也會維持固定, 白雜訊(AWGN)即是一個好例子. 但有些資料序列可能呈現趨勢性(trend), 可能要經過去趨勢性(de-trend)才能顯示stationary的特性, 有些則需要將序列作差分才能顯示 為什麼要確定資料為stationary? 在經濟計量學中, 通常先利用檢定方式確定資料是否呈現stationary, 如否的話檢定資料呈現何種特性, 並做些前處理(如去趨勢性或差分)將資料處理成stationary以方便建立model, 可作為預測未來經濟數據用途 那如何確定資料序列是否為stationary呢? 在這邊Survey了一下幾種常用資料序列檢定方法, 大致可分為兩種: 一、Autoregressive Unit Root Tests 包括以下兩種檢定方式, 其特性是Null hypothesis是假定資料序列擁有unit root(non-stationary), 所以結果出來如果為0表示為擁有unit root,須作差分處理, 1則表示為可能有趨勢性的資料序列, 須作去趨勢性才能呈現stationary 1.Augmented Dickey–Fuller test (ADF): Matlab指令為"adftest" 2.Phillips-Perron test: Matlab指令為"pptest" 二、Stationarity Tests Null hyphthesis與Autoregressive Unit Root Tests相反, 所以結果為0表示為有趨勢性資料, 結果為1表示為需作差分資料, 主要包括下面這個檢定方式 1.KPSS test: Matlab指令為"kpsstest" 另, 所參考文獻中常出現I(0)或I(1), I(0)表示資料序列不需作差分即可顯示stationary, 而I(1)則代表須作一次差分, 資料序列才能呈現stati

Malware常見利用的Windows OS指令與相關參數整理

 1. wbadmin delete catalog -quiet wbadmin 是用來取代以前舊版 Windows 備份用的 ntbackup 工具程式,但是他具備更強大的功能,可以進行排程備份與還原。 上面指令功能: 在安靜模式下刪除catalog 2. vssadmin delete shadows /all /quiet vssadmin是磁碟區陰影複製服務(Volume Shadow Copy Service), 為Windows的一項元件服務, 磁碟區陰影複製服務是一項定時為磁碟區作複製的服務。服務會在磁碟區新增一個名為「陰影複製」(Shadow Copy)的選項。這服務可為離線使用者提供離線檔案服務。 上面指令功能: 將磁碟區上的所有陰影複製在安靜模式刪除掉 3.  wmic shadowcopy delete 上面指令功能: 使用wmic服務將磁碟上的陰影複製刪除, 指令會逐一去詢問 4. icacls "C:\*" /grant Everyone:F /T /C icacls工具可以檢查/變更目錄或檔案權限 上面指令功能: 賦予C槽底下所有檔案有完整存取權限給使用者Everyone, 且不論發生任何檔案錯誤, 都繼續執行操作, 但仍會顯示錯誤訊息 5. takeown /f C:\Windows\System32 將C:\Windows\system32資料夾訪問權賦予給administrator權限 6. bcdedit /set {default} recoveryenabled no bdcedit為開機管理程式, 在Windows 10上,若不正常斷電過多次會有自動保護機制, 詢問是否要Recovery的頁面跳出來, 以上指令就是將這樣的訊息disable掉 7. cmd.exe /c rd /s /q %SYSTEMDRIVE%\\$Recycle.bin  使用rd指令來刪除%SYSTEMDRIVE%\$Recycle.bin目錄和子目錄  /s: 刪除指定目錄和其子目錄  /q: 安靜模式 8. sc.exe config Dnscache start=auto  Restore Default Startup Configuration for DNS Client  http://revertservice.