tasklist Command View DLL Quick Find Trojan
tasklist command to see who is using the DLL
Tasklist/? You can see the parameter interpretation of/m:
/M [Module] lists all of them that conform to the specified pattern nameAll the tasks of the DLL module.If the module name is not specified, theDisplays all modules loaded
Windows is long-formed by the UI. However, the real powerful tool is still a command line tool.
Today, we will introduce a scheme to monitor whether a process works normally using the Windows command line tool tasklist, findstr, and start.
Tasklist: lists all processes currently executed by the system;
Findtr: Uses regular expressions to search for specifi
DOS Process view and stop command
To view a process:
Tasklist/svc
To stop a process:
Taskkill/im 2468/f
dos view process, end Process command (common hacker commands)
shall want to upload a trojan or something, there will alway
:::: Oneclickautotransfer.bat::by ZF 2014-12echo offtasklist|find/i "AutoTransferFHW.exe" If%errorlevel%==0 (taskkill -f-im AutoTransferFHW.exe):: Determine whether the AutoTransferFHW.exe software is open, open it again, otherwise open start d:\ZteAutoTransfer\ Autotransferfhw.exeping-n 1 127.0>nulecho Okpause:: Soft a server on a software, the occasional failure required, close re-open. Join a timed task. Windows2003 the test was successful, the tes
If you find some port numbers that you've never seen before, how can you tell if the port is open to Trojans or not? Or do you want to know what port the process is opening in your system when you discover unfamiliar processes in the process list?
First, according to the process to check the port number
First enter "
processesHere are 5 techniques I've looked up on the web to find the domain management process.Technology 1: Local inspectionBe sure to first check the system that was initially compromised, and if you already exist in the domain management process, it really doesn't make sense to run on the network. Here's a simple way to check if any domain management processes are running by using native commands:1. Run
1. Use shell script to find the process ID corresponding to the program and kill the process
#!/bin/sh
name=$1
echo $NAME
id= ' ps-ef | grep "$NAME" | grep-v "grep" | awk ' {print $} '
echo $ID
E Cho "---------------" for
ID in $ID
does
kill-9 $id
echo "killed $id"
done
echo "-------------- -"
1), save it as killprocess.sh
2), call./killprocess.sh programmen
Turn from: How to find the zombie process and kill it, you can't kill it. To view the parent process and kill itFind zombie processes with PS and grep commands#ps-A-ostat,ppid,pid,cmd | Grep-e ' ^[zz] 'Command annotations:-A parameter lists all processes-O Custom output fields We set the Display field to stat (status), Ppid (
The stop script shutdown.sh for Tomcat under Linux often fails, causing the Tomcat process not to shut down. Therefore, you can only manually find the process ID and then use the KILL command to force the stop. Check it every time, and then kill the process. I feel a bit of trouble, so I write this action in the script
Find zombie processes with PS and grep commands#ps-A-ostat,ppid,pid,cmd | Grep-e ' ^[zz] 'Command annotations:-A parameter Lists all processes-O custom output fields We set the Display field to stat (state), PPID (process parent ID), PID (process id), cmd (command) These four parameters because the process of the state
25% and lasts for a long time. Because I'm a 4-core, it's actually already full of CPU resources, which means that eclipse is in trouble.4. Using the Process Explorer tool to view the threads in this Java process, it is found that 1 threads occupy almost the majority of the CPU resources (sometimes two threads) of the process, which is almost a dead loop.5. Use
The program is written by PHP a websocket server, the client is connected to send messages continuously, the service side is responsible for responding to requests.
Tested: Once per request of client, server PHP consumes time of Microsecs to MICROSECS (message size is different).
The server is a single core, 30 clients, using top to view PHP processes occupy CPU around 3-5%, load average 1 minutes load display 0.05 or so. Basically meet expectations.
But sometimes, the laod average 1-minute load
The w3wp process crashes, and an error is left in the system log, but few error messages are left. How can we quickly find out the cause of w3wp crash?
First, write a row.CodeCrash w3wp: View Source
Print?
1
Protected Void Page_load (Object Sender, eventargs E)
2
{
3
Threadpool. que
#!/bin/shName=$1Echo $NAMEId= ' Ps-ef | grep "$NAME" | Grep-v "$" | Grep-v "grep" | awk ' {print $} 'Echo $IDecho "---------------"For ID in $IDDoKill-9 $idecho "Killed $id"Doneecho "---------------"1), save it as killprocess.sh2), call./killprocess.sh programmename. Where programme can be the name of the program or the command line to start the program, as long as it can be Ps-ef | After grep programmename, all the processes corresponding to the program can beUse the shell script to
From Csdn Blog, original address: http://blog.csdn.net/pet8766/article/details/8186955Netstat-ano|findstr "443"//Search 443 port occupancy and find the process IDTCP 0.0.0.0:443 0.0.0.0:0 LISTENING 720//Find PID 720UDP 0.0.0.0:59443 *:* 7584-----------------------------------------------Tasklist|findstr "720"//
Use netstat-ano | find "port number" to check whether the last column is PID, c: \ Documents ents and Settings \ Zhang-long> netstat-ano | find "8080"TCP 0.0.0.0: 8080 0.0.0.0: 0 listening 7632for piduse the following statement name. The first column is the input name, such as python.exe, c: \ Documents ents and Settings \ Zhang-long> tasklist/fi "pid eq 7632"Ima
any viruses and Trojans exist in the system, can not completely and process out of the relationship, even if the use of hidden technology, but also can find clues from the process, therefore, viewing the process of the system activity is the most direct way to detect the virus Trojan. but the system runs at the same
DOS commandTasklist |findstr "1696" to view process name through process IDtasklist List All ProcessesNetstat-ano view the various states of the current network communication process connectionThe following transfers from http://blog.chinaunix.net/uid-27570589-id-3969108.htmlPath to run program is found under Windows via PIDHave you ever encountered a situation w
The company's cache system has problems these days, the number of connections exceeds the limit 2048 , which causes the application to not continue to work, we need to determine which process has a high number of connections, as follows:
Find the port number of the application that is connecting to the cache serverassuming that the port number of the cache server is 11111,#netstat –an |grep 11111
Today, we encountered a strange problem. The na server's buddy called to say that our data pump process was not started, and the data could not be synchronized to the peer end,Since the previous data pump process does not start the reason is very simple, always reported warning OGG-01223 TCP/IP error 146 (connection refused ).This error occurs either because the network is disconnected or because the peer M
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.