一些CMD命令技巧备忘
rem 列出d的所有目录:
for /d %i in (d:*) do @echo %i
rem 把当前路径下文件夹的名字只有1-3个字母的显示出来:
for /d %i in (???) do @echo %i
rem 以当前目录为搜索路径,把当前目录与下面的子目录的全部EXE文件列出:
for /r %i in (*.exe) do @echo %i
rem 以指定目录为搜索路径,把当前目录与下面的子目录的所有文件列出:
for /r “f:” %i in (*.*) do @echo %i
rem 这个会显示a.txt里面的内容,因为/f的作用:
for /f %i in (c:a.txt) do echo %i
rem delims=后的空格是分隔符,tokens是取第几个位置:
for /f “tokens=2 delims= ” %i in (a.txt) do echo %i
列目录,并将结果保存在文件中:
@echo off
(For /r D: %%a in (*) do echo %%~ta %%~za %%~fa)>list.txt
start list.txt
《 “一些CMD命令技巧备忘” 》 有 3 条评论
Windows系统稳定性监控相关的工具收集
https://github.com/zodiacon/AllTools
`
CpuStres – thread/CPU stress testing app
DriverMon – monitor any driver activity
GFlagsX – enhanced version of the GFlags tool
Kdump – generate a local kernel dump
Kdump64 – generate a local kernel dump (64 bit)
MetroManager – list (and launch) installed Windows Runtime components and apps
MemMapView – view any process memory (including protected and minimal processes)
NtfsStreams – show NTFS alternate streams in files
ObjDir – command line tool to show object manager namespace
QSlice – modern version of the classic QSlice tool
QSliceX – pie chart graphics for QSlice
PEExplorer – PE file viewer
PoolMon – kernel pool memory allocations
PdbView – view PDB files
ProcMonX – ProcMon-like tool based on Event Tracing for Windows (ETW)
Sysrun – run any executable with the SYSTEM account (no service needed)
`
Living Off The Land Binaries And Scripts – (LOLBins and LOLScripts)
这个列表的目标是记录所有可以用于 Living Off The Land 技术的二进制、脚本和库
https://github.com/api0cradle/LOLBAS
De-DOSfuscator 一款对 cmd.exe 执行命令进行记录的工具介绍
https://www.fireeye.com/blog/threat-research/2018/11/cmd-and-conquer-de-dosfuscation-with-flare-qdb.html
https://github.com/fireeye/flare-qdb/blob/de-dosfuscator/flareqdb/scripts/deDOSfuscator.py