Use WMIC for Local Computer Management

1. What is WMIC?

WMIC is an extended WMI (Windows Management Instrumentation, Windows Management Specification) that provides support for managing command line interfaces and batch Command Script Execution Systems. Before WMIC appears, to manage WMI systems, you must use specialized WMI applications, such as SMS, WMI Script Programming APIs, or tools such as CIM studio. It is difficult to use the WMI management system if you are not familiar with programming languages such as C ++ or VBScript or do not have basic knowledge about WMI namespaces. WMIC changes this situation and provides a powerful and friendly command line interface for the WMI namespace.

WMIC is a command line management tool. With WMIC, we can not only manage local computers, but also manage all remote computers in the same Windows domain (requires necessary permissions), and the managed remote computer does not have to install WMIC in advance, you only need to support WMI. Wmic(has an executable file named wmic.exe, which is used in the C:/Windows/system32/WBEM folder (WINXP and win2003 systems are supported ).

2. What can WMIC do?

You can use WMIC to implement the following management tasks:
1. Local Computer Management
2. Remote Management on a single computer
3. Remote Management of multiple computers
4. Remote session management (such as telnet)
5. Automatic Management Using management scripts

Iii. simple use of instances

Enter ● process ● In the window to execute the command. The result is shown in. The running process and the calling process path are listed. Of course, you can also enter ● Process List brief ● To view more detailed information, such as the process name, ID, and priority. More importantly, for some Trojans that can be hidden in the task manager, it is not so easy to hide them in WMIC. It will become a good helper for you to scan and kill Trojans.

Now I only know the path. What if I suspect a process and want to view its details? Run the command directly after wimic. For example, WMIC process shows all processes. The two running methods are interactive mode and non-interactive mode)

Here are some examples to illustrate the usage:
========================================================== ==================================
Display process details

Enter process where name = "qqmusic.exe" list full
All information about the qqmusic.exe process will be displayed as follows:

Stop, pause, and run services
Start startservice,
Stop Service stopservice,
Suspend service pauseservice
Service where caption = "Windows Time" Call stopservice ------ stop a service
Service where caption = "Windows Time" Call startservice ------ start the service
Service where name = "w32time" Call stopservice ------ stop the service. Pay attention to the differences between name and caption.
Caption: displays the service name. For example, the telnet service name is TlntSvr, also, the name of the Print Spooler service is "Print Spooler", which is enclosed by a space.
Now let's take a look: enter service where caption = "themes" Call stopservice, and then confirm input Y. The return returnvalue = 0 indicates that the request is successful.

Use the above command to stop; the system theme service is successfully stopped.

● WMIC process call create shutdown.exe ● -- disable the local computer.

For more commands, enter "/?" In the command line. You can get detailed help information.

========================================================== ============================================

How can I view BIOS information under WMIC? Enter ● BIOS list full ●. The command is used. You do not need to restart the computer to know the BIOS information of your current computer,
You may notice that the preceding command line has two parameters: List and full. List determines the format and range of information displayed. It has multiple parameters, such as brief, full, instance, status, system, and writeable. Full is only a parameter and is also the default parameter of list, displays all information. Other parameters, such as "Brief", "instance", "object instance", "status", and "writeable", indicate that only the writable attributes of the object are displayed.

Stop a process
For example, execute the following command to shut down the running qqmusic.exe:
Example 1: WMIC process where name1_'qqmusic.exe 'Call terminate
After the command is run, the following result is displayed on the WMIC command line:
C:/> WMIC process where name‑'qqmusic.exe 'Call terminate
Run (// admin/root/cimv2: win32_process.handle = "728")-> terminate ()
The method is successfully executed.
Output parameters:
Instance of _ Parameters
{
Returnvalue = 0;
};

Example 2: WMIC process where name = "qqmusic.exe" Delete

After the command is run, the following result is displayed on the WMIC command line:

C:/> WMIC process where name = "qqmusic.exe" Delete
Delete example // CHINA-46B1E8590/root/cimv2: win32_process.handle = "2820"
The sample is successfully deleted.