WMIC command usage and instance _dos/bat

WMIC gets the process name and executable path:
WMIC process Get Name,executablepath

WMIC deletes the specified process (according to the process name):
WMIC process where name= "Qq.exe" call terminate
or use
WMIC process where name= "Qq.exe" delete

WMIC deletes the specified process (according to process PID):
WMIC process where pid= "123" Delete

WMIC creates a new process
WMIC process Call create "C:\Program Files\tencent\qq\qq.exe"

To create a new process on a remote machine:
wmic/node:192.168.1.10/user:administrator/password:123456 Process Call Create Cmd.exe

Shutting down the local computer
WMIC process Call Create Shutdown.exe

Restart the remote computer
wmic/node:192.168.1.10/user:administrator/password:123456 process Call create "Shutdown.exe-r-f-m"

Change computer name
WMIC ComputerSystem where "caption= '%computername% '" Call rename NewComputerName

Change account name
WMIC useraccount where "name= '%UserName% '" Call rename Newusername

WMIC ends a suspicious process (depending on the process's startup path)

WMIC process where "name= ' explorer.exe ' and executablepath<> '%systemdrive%\\windows\\explorer.exe '" delete

WMIC acquires physical memory
WMIC memlogical get totalphysicalmemory|find/i/V "T"

WMIC gets the creation, access, and modification time of a file

Copy Code code as follows:

@echo off
for/f "Skip=1 tokens=1,3,5 delims=."%%a in (' WMIC datafile where name^= ' C:\\windows\\system32\\notepad.exe "Get Creatio Ndate^,lastaccessed^,lastmodified ') Do (
Set A=%%a
Set B=%%b
Set c=%%c
echo File: C:\windows\system32\notepad.exe
Echo.
echo creation time:%a:~0,4% year%a:~4,2% month%a:~6,2% day%a:~8,2%%a:~10,2% minutes%a:~12,2% seconds
Echo Last visit:%b:~0,4% year%b:~4,2% month%b:~6,2% day%b:~8,2%%b:~10,2% minutes%b:~12,2% seconds
Echo Last modified:%c:~0,4% year%c:~4,2% month%c:~6,2% day%c:~8,2%%c:~10,2% minutes%c:~12,2% seconds
)
Echo.
Pause

WMIC searches for a file and gets the directory of the file
for/f "Skip=1 tokens=1*"%i in (' WMIC datafile where "filename= ' QQ ' and extension= ' exe '" get Drive^,path ') do (set "Qpath =%i%j "& @echo%qpath:~0,-3%)

Gets the screen resolution WMIC desktopmonitor where status= ' OK ' get screenheight,screenwidth

WMIC Pagefileset set initialsize= "maximumsize=", "512"

Set the virtual memory to e disk and delete the paging file under C disk, and restart the computer after it takes effect

WMIC Pagefileset Create Name= "E:\\pagefile.sys", initialsize= "1024", maximumsize= "1024"
WMIC pagefileset where "name= ' C:\\pagefile.sys '" delete

Gets the current memory and maximum memory footprint of the process:

WMIC process where caption= ' filename.exe ' Get workingsetsize,peakworkingsetsize

Display in kilobytes

Copy Code code as follows:

@echo off
for/f "Skip=1 tokens=1-2 delims="%%a in (' WMIC process where caption^= ' conime.exe ' Get Workingsetsize^,peakworkingsetsi Ze ') Do (
set/a m=%%a/1024
set/a mm=%%b/1024
The echo process Conime.exe now consumes memory:%m%k; maximum memory consumption:%mm%k
)
Pause

Remote Open Computer Remote Desktop

Wmic/node:%pcname%/user:%pcaccount% PATH win32_terminalservicesetting WHERE (__class!= "") Call SetAllowTSConnections 1

Batch processing to detect whether to insert a U disk

Copy Code code as follows:

@echo off
(WMIC LogicalDisk where "drivetype=2" Get Name|find "no example available") >nul 2>nul) | | for/f "Skip=1 tokens=* delims="%%i in (' WMIC LogicalDisk where "drivetype=2" get Name ") do echo u disk letter is%%i
Pause

REM View CPU
WMIC CPU List Brief
REM View physical memory
WMIC memphysical list Brief
REM View logical memory
WMIC memlogical list Brief
REM View Cache memory
WMIC memcache list Brief
REM View virtual memory
WMIC PAGEFILE list Brief
REM View network card
WMIC NIC List Brief
REM View network protocol
WMIC netprotocal list Brief

"Example" outputs the current system BIOS,CPU, motherboard, and other information to an HTML Web page file, which commands the following:

:: Get system Information. BAT, run BAT file
:: System Information output to HTML file, view Help: WMIC/?
:: WMIC [System parameter name] list [brief|full]/format:hform >|>> [filename]
WMIC BIOS list Brief/format:hform > pcinfo.html
WMIC baseboard list Brief/format:hform >>pcinfo.html
WMIC CPU List Full/format:hform >>pcinfo.html
WMIC OS list Full/format:hform >>pcinfo.html
WMIC ComputerSystem List Brief/format:hform >>pcinfo.html
WMIC diskdrive list Full/format:hform >>pcinfo.html
WMIC memlogical list Full/format:hform >>pcinfo.html
Pcinfo.html