| Welcome, Guest |
You have to register before you can post on our site.
|
| Online Users |
There are currently 1360 online users.
» 1 Member(s) | 1356 Guest(s)
Bing, Facebook, Google, Prestamos USA
|
|
|
| Comprehensive List of Handle Commands with Descriptions |
|
Posted by: Sneakyone - 09-03-2024, 02:04 AM - Forum: Batch & Shell Scripting
- Replies (1)
|
 |
Comprehensive List of Handle Commands with Descriptions
**Handle** is a command-line utility from Sysinternals that provides detailed information about open handles for any process in a Windows system. Below is a detailed list of Handle commands, along with descriptions and examples.
1. Display All Open Handles
Description: Lists all open handles in the system.
Example: To display all open handles in the system:
2. Filter Handles by Process Name
Description: Lists all open handles for a specific process by name.
Code: handle.exe [ProcessName]
Code: handle.exe notepad.exe
3. Filter Handles by Process ID (PID)
Description: Lists all open handles for a specific process by its PID.
Example: To display all open handles for the process with PID 1234:
4. Close a Specific Handle
Description: Closes a specific handle, typically used to release locked files.
Code: handle.exe -c [Handle] -p [PID]
Code: handle.exe -c 0x1234 -p 1234
5. Filter Handles by Type
Description: Lists all handles of a specific type (e.g., File, Registry, Event) across all processes.
Code: handle.exe -t [Type]
6. Search for Handles to a Specific File or Object
Description: Searches for handles that are accessing a specific file or object path.
Code: handle.exe [ObjectPath]
Code: handle.exe C:\Temp\file.txt
7. Display Handle Information with Details
Description: Displays detailed information about each handle, including the type, access, and object information.
Example: To display detailed information for all handles:
8. Show Handle Numbers in Hexadecimal Format
Description: Displays handle numbers in hexadecimal format, which is useful for closing specific handles.
Example: To display handle numbers in hexadecimal format:
9. List Handles for a Specific Object Type
Description: Lists all handles of a specific object type, such as `File`, `Mutant`, or `Section`.
Code: handle.exe -t [ObjectType]
Code: handle.exe -t Mutant
10. Show Only Handles with Specific Access Rights
Description: Displays only handles that have specific access rights, such as `READ` or `WRITE`.
Code: handle.exe -a [AccessRights]
11. Display Help Information
Description: Displays help information for the Handle command, listing all available options and their descriptions.
Example: To display help information for Handle:
Conclusion
The **Handle** command is a powerful utility for managing and inspecting open handles on a Windows system. By mastering these commands, you can efficiently troubleshoot locked files, diagnose system issues, and manage process resources.
Happy Troubleshooting!
|
|
|
| Comprehensive List of GSAR Commands with Descriptions |
|
Posted by: Sneakyone - 09-03-2024, 02:03 AM - Forum: Batch & Shell Scripting
- No Replies
|
|
Comprehensive List of GSAR Commands with Descriptions
**GSAR** (Global Search And Replace) is a command-line utility used for performing search and replace operations on binary and text files. Below is a detailed list of GSAR commands, along with descriptions and examples.
1. Basic Search and Replace
Description: Replaces all occurrences of a specified search string with a replacement string in a file.
Code: gsar -s"search_string" -r"replacement_string" [file]
Code: gsar -s"foo" -r"bar" example.txt
2. Case-Insensitive Search and Replace
Description: Replaces all occurrences of a search string with a replacement string, ignoring the case.
Code: gsar -i -s"search_string" -r"replacement_string" [file]
Code: gsar -i -s"foo" -r"bar" example.txt
3. Replace First Occurrence Only
Description: Replaces only the first occurrence of the search string in the file.
Code: gsar -o -s"search_string" -r"replacement_string" [file]
Code: gsar -o -s"foo" -r"bar" example.txt
4. Replace and Create a Backup of the Original File
Description: Replaces all occurrences of a search string and creates a backup of the original file.
Code: gsar -b -s"search_string" -r"replacement_string" [file]
Code: gsar -b -s"foo" -r"bar" example.txt
5. Search and Replace with a Specific Offset
Description: Starts the search and replace operation at a specified byte offset within the file.
Code: gsar -s"search_string" -r"replacement_string" -o[byte_offset] [file]
Code: gsar -s"foo" -r"bar" -o100 example.txt
6. Search and Replace in a Specific Range
Description: Replaces occurrences of a search string within a specified byte range in the file.
Code: gsar -s"search_string" -r"replacement_string" -n[start_offset] -m[end_offset] [file]
Code: gsar -s"foo" -r"bar" -n100 -m200 example.txt
7. Show Matching Lines Only (Silent Mode)
Description: Shows only the lines that contain the matching search string, without modifying the file.
Code: gsar -s"search_string" -r"replacement_string" -I [file]
Code: gsar -s"foo" -r"bar" -I example.txt
8. Count the Number of Replacements
Description: Displays the number of replacements made in the file.
Code: gsar -s"search_string" -r"replacement_string" -c [file]
Code: gsar -s"foo" -r"bar" -c example.txt
9. Replace with a Binary String
Description: Replaces a search string with a binary sequence in the file.
Code: gsar -s"search_string" -r"\x[hex_value]" [file]
Code: gsar -s"foo" -r"\x0A" example.txt
10. Replace Using Hexadecimal Search and Replace Strings
Description: Uses hexadecimal values for both the search and replace strings.
Code: gsar -s"\x[search_hex]" -r"\x[replace_hex]" [file]
Code: gsar -s"\x666F6F" -r"\x626172" example.txt
11. Replace with Confirmation
Description: Prompts the user for confirmation before replacing each occurrence.
Code: gsar -s"search_string" -r"replacement_string" -p [file]
Code: gsar -s"foo" -r"bar" -p example.txt
12. Invert Match (Replace Non-Matching Lines)
Description: Replaces lines that do not match the search string.
Code: gsar -v -s"search_string" -r"replacement_string" [file]
Code: gsar -v -s"foo" -r"bar" example.txt
13. Use Regular Expressions for Search and Replace
Description: Uses regular expressions for more advanced search and replace operations.
Code: gsar -r"regex_search" -r"regex_replace" [file]
Code: gsar -r"\d+" -r"number" example.txt
14. Perform a Dry Run (No Changes Made)
Description: Simulates the search and replace operation without making any changes to the file.
Code: gsar -s"search_string" -r"replacement_string" -t [file]
Code: gsar -s"foo" -r"bar" -t example.txt
15. Display Help Information
Description: Displays help information for the GSAR command, listing all available options and their descriptions.
Example: To display help information for GSAR:
Conclusion
The **GSAR** command is a powerful utility for performing search and replace operations in binary and text files. By mastering these commands, you can efficiently manipulate and modify file contents, whether for data processing, text manipulation, or binary file editing.
Happy Editing!
|
|
|
|
| Comprehensive List of Grep Commands with Descriptions |
|
Posted by: Sneakyone - 09-03-2024, 02:01 AM - Forum: Batch & Shell Scripting
- No Replies
|
|
Comprehensive List of Grep Commands with Descriptions
**grep** (Global Regular Expression Print) is a command-line utility used for searching and filtering text in files or standard input using regular expressions. Below is a detailed list of grep commands, along with descriptions and examples.
1. Basic String Search
Description: Searches for a specific string in a file and prints the matching lines.
Code: grep "search_string" [file]
Code: grep "error" /var/log/syslog
2. Case-Insensitive Search
Description: Performs a case-insensitive search by ignoring the case of the search string.
Code: grep -i "search_string" [file]
Code: grep -i "error" /var/log/syslog
3. Search Recursively in Directories
Description: Recursively searches through all files in a directory and its subdirectories.
Code: grep -r "search_string" [directory]
Code: grep -r "error" /var/log
4. Display Line Numbers with Matches
Description: Displays the line numbers of the matching lines in the output.
Code: grep -n "search_string" [file]
Code: grep -n "error" /var/log/syslog
5. Invert Match (Show Non-Matching Lines)
Description: Displays all lines that do not match the search string.
Code: grep -v "search_string" [file]
Code: grep -v "error" /var/log/syslog
6. Display Only Matching Parts of Lines
Description: Displays only the parts of lines that match the search string.
Code: grep -o "search_string" [file]
Code: grep -o "error" /var/log/syslog
7. Count the Number of Matches
Description: Counts and displays the number of lines that match the search string.
Code: grep -c "search_string" [file]
Code: grep -c "error" /var/log/syslog
8. Use Extended Regular Expressions (ERE)
Description: Enables extended regular expressions for more advanced pattern matching.
Code: grep -E "regex_pattern" [file]
Code: grep -E "error|warning" /var/log/syslog
9. Search for Whole Words Only
Description: Matches only whole words instead of substrings.
Code: grep -w "search_string" [file]
Code: grep -w "error" /var/log/syslog
10. Show Context Lines (Before and After Matches)
Description: Displays a specified number of lines before and/or after each matching line.
Code: grep -C [num] "search_string" [file]
grep -B [num] "search_string" [file]
grep -A [num] "search_string" [file]
Code: grep -C 3 "error" /var/log/syslog
11. Suppress Output (Useful for Exit Status Only)
Description: Suppresses all output, useful when you only need to know if a match exists (exit status).
Code: grep -q "search_string" [file]
Code: grep -q "error" /var/log/syslog
12. Print Filename with Matches
Description: Displays the name of the file where matches are found, useful when searching multiple files.
Code: grep -l "search_string" [files]
Code: grep -l "error" /var/log/*
13. Search for Files That Do Not Contain a String
Description: Displays the names of files that do not contain the search string.
Code: grep -L "search_string" [files]
Code: grep -L "error" /var/log/*
14. Search Compressed Files (Using zgrep)
Description: Searches within compressed files, typically using `zgrep` which behaves like `grep` but works with gzip-compressed files.
Code: zgrep "search_string" [compressed_file]
Code: zgrep "error" /var/log/syslog.gz
15. Highlight Matches in Color
Description: Highlights matching strings in color, making them easier to spot in the output.
Code: grep --color=auto "search_string" [file]
Code: grep --color=auto "error" /var/log/syslog
16. Exclude Specific Files from Search
Description: Excludes certain files from being searched, useful when searching in directories.
Code: grep --exclude=[file_pattern] "search_string" [directory]
Code: grep --exclude=*.log "error" /var/log/*
17. Exclude Directories from Recursive Search
Description: Excludes specific directories from being searched when performing a recursive search.
Code: grep --exclude-dir=[dir_pattern] -r "search_string" [directory]
Code: grep --exclude-dir=archive -r "error" /var/log
18. Limit the Number of Matches
Description: Stops searching after a specified number of matches are found.
Code: grep -m [num] "search_string" [file]
Code: grep -m 5 "error" /var/log/syslog
19. Display Non-Matching Files (In Binary Mode)
Description: Displays files that do not contain matches, useful for binary files.
Code: grep -L -I "search_string" [files]
Code: grep -L -I "magic" /bin/*
20. Perform a Binary Search
Description: Searches for matches in binary files and displays them.
Code: grep -a "search_string" [binary_file]
Code: grep -a "magic" /bin/somebinaryfile
Conclusion
The **grep** command is a powerful tool for searching and filtering text within files and streams, making it an essential utility in the Unix/Linux command-line toolkit. By mastering these commands, you can efficiently search, analyze, and process large amounts of text data.
Happy Searching!
|
|
|
|
| Comprehensive List of FileKill Commands with Descriptions |
|
Posted by: Sneakyone - 09-03-2024, 01:58 AM - Forum: Batch & Shell Scripting
- No Replies
|
|
Comprehensive List of FileKill Commands with Descriptions
**FileKill** is a command-line utility used to delete files securely or forcefully on Windows systems. It is particularly useful for removing stubborn or locked files that cannot be deleted using standard methods. Below is a detailed list of FileKill commands, along with descriptions and examples.
1. Deleting a Single File
Description: Deletes a specified file.
Code: filekill.exe [FilePath]
Code: filekill.exe C:\Temp\unwanted.txt
2. Deleting Multiple Files
Description: Deletes multiple files specified by their paths.
Code: filekill.exe [FilePath1] [FilePath2] ...
Code: filekill.exe C:\Temp\file1.txt C:\Temp\file2.txt C:\Temp\file3.txt
3. Deleting Files in a Directory
Description: Deletes all files within a specified directory.
Code: filekill.exe [DirectoryPath]\*
Code: filekill.exe C:\Temp\*
4. Force Deleting a File
Description: Forcefully deletes a file, even if it is locked or protected.
Code: filekill.exe -f [FilePath]
Code: filekill.exe -f C:\Temp\lockedfile.txt
5. Secure Deletion (Overwrite Before Deletion)
Description: Securely deletes a file by overwriting it with random data before deletion, making it unrecoverable.
Code: filekill.exe -s [FilePath]
Code: filekill.exe -s C:\Temp\sensitivefile.txt
6. Deleting All Files Matching a Pattern
Description: Deletes all files matching a specific pattern (e.g., all `.txt` files) within a directory.
Code: filekill.exe [DirectoryPath]\*.extension
Code: filekill.exe C:\Logs\*.log
7. Deleting Read-Only Files
Description: Deletes files even if they are marked as read-only.
Code: filekill.exe -r [FilePath]
Code: filekill.exe -r C:\Temp\readonlyfile.txt
8. Deleting Files Recursively
Description: Deletes files recursively within all subdirectories of a specified directory.
Code: filekill.exe -R [DirectoryPath]
Code: filekill.exe -R C:\Temp
9. Deleting Empty Files
Description: Deletes files only if they are empty (0 bytes).
Code: filekill.exe -e [DirectoryPath]\*
Code: filekill.exe -e C:\Temp\*
10. Deleting Files Without Confirmation
Description: Deletes files without prompting for confirmation.
Code: filekill.exe -y [FilePath]
Code: filekill.exe -y C:\Temp\unwantedfile.txt
11. Deleting Hidden Files
Description: Deletes files even if they are hidden.
Code: filekill.exe -h [FilePath]
Code: filekill.exe -h C:\Temp\hiddenfile.txt
12. Logging Deletion Operations
Description: Logs the details of deletion operations to a specified file.
Code: filekill.exe -l [LogFilePath] [FilePath]
Code: filekill.exe -l C:\Logs\delete.log C:\Temp\unwantedfile.txt
13. Deleting System Files
Description: Deletes files that are system-protected. Use this command with caution as it can affect system stability.
Code: filekill.exe -sys [FilePath]
Code: filekill.exe -sys C:\Windows\system32\protectedfile.dll
14. Deleting Files on Next Reboot
Description: Schedules the deletion of a file on the next system reboot, useful for locked files.
Code: filekill.exe -delayed [FilePath]
Code: filekill.exe -delayed C:\Temp\lockedfile.txt
15. Displaying Help Information
Description: Displays the help information for the FileKill command, listing all available options and their descriptions.
Example: To display help information for FileKill:
Conclusion
The **FileKill** command is a powerful utility for securely and forcefully deleting files on Windows systems. By mastering these commands, you can efficiently remove stubborn, locked, or protected files, ensuring they are deleted securely and permanently.
Happy Scripting!
|
|
|
|
| Comprehensive List of Extract Commands with Descriptions |
|
Posted by: Sneakyone - 09-03-2024, 01:56 AM - Forum: Batch & Shell Scripting
- No Replies
|
|
Comprehensive List of Extract Commands with Descriptions
The **Extract** utility is a command-line tool used primarily for extracting files from compressed archives, such as CAB (Cabinet) files, on Windows systems. Below is a detailed list of Extract commands, along with descriptions and examples.
1. Extracting a Single File from a CAB Archive
Description: Extracts a single file from a CAB archive to the current directory.
Code: extract.exe [CabFile] [FileToExtract]
Code: extract.exe archive.cab example.dll
2. Extracting All Files from a CAB Archive
Description: Extracts all files contained in a CAB archive to the current directory.
Code: extract.exe /e [CabFile]
Code: extract.exe /e archive.cab
3. Extracting to a Specific Directory
Description: Extracts one or more files from a CAB archive to a specified directory.
Code: extract.exe /l [DestinationDirectory] [CabFile] [FileToExtract]
Code: extract.exe /l C:\ExtractedFiles archive.cab example.dll
4. Verifying Files in a CAB Archive
Description: Verifies that files in a CAB archive can be extracted without actually extracting them.
Code: extract.exe /t [CabFile]
Code: extract.exe /t archive.cab
5. Displaying a List of Files in a CAB Archive
Description: Lists all files contained within a CAB archive without extracting them.
Code: extract.exe /d [CabFile]
Code: extract.exe /d archive.cab
6. Overwriting Existing Files Without Prompting
Description: Extracts files and overwrites any existing files without prompting the user.
Code: extract.exe /y [CabFile] [FileToExtract]
Code: extract.exe /y archive.cab example.dll
7. Overwriting Specific Files Without Prompting
Description: Overwrites specific files during extraction without prompting, but only those files specified.
Code: extract.exe /a /y [CabFile] [FileToExtract]
Code: extract.exe /a /y archive.cab example.dll
8. Displaying Help Information
Description: Displays the help information for the Extract command, listing all available options and their descriptions.
Example: To display help information for Extract:
9. Extracting with Confirmation for Overwrites
Description: Extracts files and prompts for confirmation before overwriting existing files.
Code: extract.exe /r [CabFile] [FileToExtract]
Code: extract.exe /r archive.cab example.dll
10. Extracting Files and Preserving File Attributes
Description: Extracts files from a CAB archive while preserving their original file attributes.
Code: extract.exe /p [CabFile] [FileToExtract]
Code: extract.exe /p archive.cab example.dll
11. Extracting Files Without Paths
Description: Extracts files from a CAB archive without including their directory paths, placing all files in the specified destination directory.
Code: extract.exe /f [CabFile] [DestinationDirectory]
Code: extract.exe /f archive.cab C:\ExtractedFiles
12. Specifying a Source Directory for Files to Extract
Description: Specifies the source directory within the CAB archive from which to extract files.
Code: extract.exe /s [SourceDirectory] [CabFile] [FileToExtract]
Code: extract.exe /s System32 archive.cab example.dll
Conclusion
The **Extract** command is a powerful utility for extracting files from CAB archives and managing compressed data on Windows systems. By mastering these commands, you can efficiently manage and extract files from CAB archives, whether for system recovery, application deployment, or data management.
Happy Scripting!
|
|
|
|
| Comprehensive List of ERUNT Commands with Descriptions |
|
Posted by: Sneakyone - 09-03-2024, 01:55 AM - Forum: Batch & Shell Scripting
- No Replies
|
|
Comprehensive List of ERUNT Commands with Descriptions
**ERUNT** (Emergency Recovery Utility NT) is a utility for backing up and restoring the Windows Registry. It is particularly useful for creating registry backups that can be restored in case of system failures. Below is a detailed list of ERUNT commands, along with descriptions and examples.
1. Backing Up the Registry
Description: Creates a backup of the entire Windows Registry. By default, the backup is stored in a folder named after the current date.
Code: erunt.exe [BackupPath]
Code: erunt.exe C:\RegBackups
2. Backing Up the Registry with a Custom Folder Name
Description: Creates a registry backup with a custom folder name instead of the default date-based name.
Code: erunt.exe [BackupPath]\[CustomFolderName]
Code: erunt.exe C:\RegBackups\MyBackup
3. Silent Mode Backup
Description: Performs a registry backup without displaying any prompts or confirmation dialogs.
Code: erunt.exe [BackupPath] /noconfirmdelete /noprogresswindow /days:0
Code: erunt.exe C:\RegBackups /noconfirmdelete /noprogresswindow /days:0
4. Automated Daily Backup
Description: Configures ERUNT to create daily backups automatically, storing backups in a specified directory.
Code: erunt.exe [BackupPath] /days:[NumberOfDays]
Code: erunt.exe C:\RegBackups /days:7
5. Restoring the Registry from a Backup
Description: Restores the registry from a previously created backup. The restoration process should be performed from Safe Mode or from outside of Windows.
Code: erdnt.exe [BackupPath]
Code: erdnt.exe C:\RegBackups\20230902
6. Restoring the Registry Silently
Description: Restores the registry without any prompts or user interaction.
Code: erdnt.exe [BackupPath] /silent
Code: erdnt.exe C:\RegBackups\20230902 /silent
7. Backing Up Only Specific Parts of the Registry
Description: Allows you to back up only specific registry hives such as `SYSTEM`, `SOFTWARE`, or `DEFAULT`.
Code: erunt.exe [BackupPath] /registry [hive1] [hive2] ...
Code: erunt.exe C:\RegBackups\PartialBackup /registry system software
8. Creating a Backup and Including the User Registry
Description: Backs up the entire registry including the user registry hives (`NTUSER.DAT`).
Code: erunt.exe [BackupPath] /user
Code: erunt.exe C:\RegBackups /user
9. Restoring the Registry with the User Registry
Description: Restores the entire registry including the user registry hives.
Code: erdnt.exe [BackupPath] /user
Code: erdnt.exe C:\RegBackups\20230902 /user
10. Automating the Backup Process via Task Scheduler
Description: Automates the backup process by scheduling it with Windows Task Scheduler. This is not a direct ERUNT command but can be set up using Task Scheduler.
Code: schtasks /create /tn "DailyRegistryBackup" /tr "C:\Path\To\erunt.exe C:\RegBackups /noconfirmdelete /noprogresswindow /days:7" /sc daily /st 02:00
Code: schtasks /create /tn "DailyRegistryBackup" /tr "C:\ERUNT\erunt.exe C:\RegBackups /noconfirmdelete /noprogresswindow /days:7" /sc daily /st 02:00
Conclusion
ERUNT is a valuable tool for backing up and restoring the Windows Registry. By using these commands, you can ensure that your system's registry is safely backed up and can be restored in the event of a system issue. Regular backups can prevent significant data loss and simplify recovery processes.
Happy Scripting!
|
|
|
|
| Comprehensive List of DumpHive Commands with Descriptions |
|
Posted by: Sneakyone - 09-03-2024, 01:53 AM - Forum: Batch & Shell Scripting
- No Replies
|
|
Comprehensive List of DumpHive Commands with Descriptions
**DumpHive** is a command-line utility used to extract and analyze the contents of Windows registry hive files. Below is a detailed list of DumpHive commands, along with descriptions and examples.
1. Dumping a Hive File
Description: Extracts the contents of a specified registry hive file and dumps it into a text file.
Code: dumphive.exe [HiveFilePath] [OutputFilePath]
Code: dumphive.exe C:\Windows\System32\config\SYSTEM C:\output\system_dump.txt
2. Dumping a Specific Key
Description: Extracts the contents of a specific registry key within a hive file.
Code: dumphive.exe [HiveFilePath] [OutputFilePath] [RegistryKey]
Code: dumphive.exe C:\Windows\System32\config\SOFTWARE C:\output\microsoft_dump.txt "Microsoft"
3. Displaying Help Information
Description: Displays the help information for the DumpHive command.
Example: To display help information for DumpHive:
4. Parsing a SAM Hive
Description: Extracts and displays user account information from the SAM (Security Account Manager) hive.
Code: dumphive.exe C:\Windows\System32\config\SAM C:\output\sam_dump.txt
Code: dumphive.exe C:\Windows\System32\config\SAM C:\output\sam_dump.txt
5. Extracting Security Descriptors
Description: Extracts and displays the security descriptors from a registry hive.
Code: dumphive.exe [HiveFilePath] [OutputFilePath] -sd
Code: dumphive.exe C:\Windows\System32\config\SECURITY C:\output\security_sd.txt -sd
6. Extracting Last Written Time of Keys
Description: Extracts the last written time of registry keys within a hive.
Code: dumphive.exe [HiveFilePath] [OutputFilePath] -lastwritten
Code: dumphive.exe C:\Windows\System32\config\SYSTEM C:\output\system_lastwritten.txt -lastwritten
7. Dumping All Subkeys of a Specific Key
Description: Dumps all subkeys of a specific key in a hive to a text file.
Code: dumphive.exe [HiveFilePath] [OutputFilePath] -subkeys [RegistryKey]
Code: dumphive.exe C:\Windows\System32\config\SYSTEM C:\output\ccs_subkeys.txt -subkeys "CurrentControlSet"
8. Dumping Values Only
Description: Dumps only the values (and not the keys) from a registry hive to a text file.
Code: dumphive.exe [HiveFilePath] [OutputFilePath] -values
Code: dumphive.exe C:\Windows\System32\config\SOFTWARE C:\output\software_values.txt -values
9. Extracting Data in Hexadecimal Format
Description: Extracts and displays the data from the registry hive in hexadecimal format.
Code: dumphive.exe [HiveFilePath] [OutputFilePath] -hex
Code: dumphive.exe C:\Windows\System32\config\SYSTEM C:\output\system_hex.txt -hex
10. Extracting Binary Data from Registry Values
Description: Extracts binary data from specific registry values within a hive.
Code: dumphive.exe [HiveFilePath] [OutputFilePath] -binary [RegistryKey] [ValueName]
Code: dumphive.exe C:\Windows\System32\config\SYSTEM C:\output\tcpip_parameters.bin -binary "Tcpip\Parameters" "BinaryValueName"
Conclusion
DumpHive is a powerful tool for extracting and analyzing the contents of Windows registry hive files. By mastering these commands, you can efficiently gather important information from registry hives for forensic analysis or system administration purposes.
Happy Scripting!
|
|
|
|
| Comprehensive List of dd Commands with Descriptions |
|
Posted by: Sneakyone - 09-03-2024, 01:51 AM - Forum: Batch & Shell Scripting
- Replies (3)
|
|
Comprehensive List of dd Commands with Descriptions
The `dd` command is a powerful and versatile utility used in Unix-like operating systems for low-level copying and conversion of files and data. Below is a comprehensive list of common `dd` commands with descriptions and examples.
1. Basic File Copying
Description: Copies a file from one location to another. The `if` parameter specifies the input file, and the `of` parameter specifies the output file.
Code: dd if=/path/to/source/file of=/path/to/destination/file
Code: dd if=file1.txt of=file2.txt
2. Creating a Bootable USB Drive
Description: Writes an ISO image to a USB drive, making it bootable.
Code: dd if=/path/to/image.iso of=/dev/sdX bs=4M status=progress
Code: dd if=ubuntu.iso of=/dev/sdb bs=4M status=progress
3. Creating a Disk Image
Description: Creates a disk image of a device or partition.
Code: dd if=/dev/sdX of=/path/to/image.img bs=4M status=progress
Code: dd if=/dev/sda of=/backup/sda.img bs=4M status=progress
4. Restoring a Disk Image
Description: Restores a disk image to a device.
Code: dd if=/path/to/image.img of=/dev/sdX bs=4M status=progress
Code: dd if=/backup/sda.img of=/dev/sda bs=4M status=progress
5. Creating a Zero-Filled File
Description: Creates a file filled with zeros, often used to create a file of a specific size.
Code: dd if=/dev/zero of=/path/to/file bs=1M count=100
Code: dd if=/dev/zero of=100mbfile.img bs=1M count=100
6. Writing Random Data to a File
Description: Writes random data to a file, which can be used for testing or security purposes.
Code: dd if=/dev/urandom of=/path/to/file bs=1M count=100
Code: dd if=/dev/urandom of=randomfile.img bs=1M count=100
7. Cloning a Disk
Description: Clones one disk to another. Useful for migrating data from one disk to another.
Code: dd if=/dev/sdX of=/dev/sdY bs=64K conv=noerror,sync status=progress
Code: dd if=/dev/sda of=/dev/sdb bs=64K conv=noerror,sync status=progress
8. Backing Up and Restoring the MBR (Master Boot Record)
Description: Backs up and restores the MBR, which includes the partition table and bootloader.
Code: dd if=/dev/sdX of=/path/to/mbr_backup.img bs=512 count=1
Code: dd if=/dev/sda of=mbr_backup.img bs=512 count=1
Code: dd if=mbr_backup.img of=/dev/sda bs=512 count=1
9. View Progress of dd Command
Description: Displays the progress of a running `dd` operation. This is particularly useful for long operations like disk cloning or imaging.
Code: dd if=/dev/sda of=/dev/sdb bs=64K conv=noerror,sync status=progress
10. Benchmarking Disk Performance
Description: Measures the read/write speed of a disk by copying data to and from `/dev/null` or `/dev/zero`.
Code: dd if=/dev/zero of=/path/to/disk bs=1G count=1 oflag=direct
dd if=/path/to/disk of=/dev/null bs=1G count=1 iflag=direct
Code: dd if=/dev/zero of=/tmp/testfile bs=1G count=1 oflag=direct
11. Converting File Format or Data
Description: Converts the format of data during copying. Common options include `conv=ucase` to convert text to uppercase and `conv=lcase` for lowercase.
Code: dd if=/path/to/input.txt of=/path/to/output.txt conv=ucase
Code: dd if=input.txt of=output.txt conv=ucase
12. Wiping a Disk
Description: Securely erases a disk by writing zeros or random data over it.
Code: dd if=/dev/zero of=/dev/sdX bs=1M status=progress
Code: dd if=/dev/zero of=/dev/sda bs=1M status=progress
Code: dd if=/dev/urandom of=/dev/sda bs=1M status=progress
13. Splitting Output into Multiple Files
Description: Splits the output into multiple files, each of a specified size.
Code: dd if=/path/to/input.file of=/path/to/output_prefix bs=1M count=100
Code: dd if=largefile.iso of=splitfile bs=100M
14. Skipping Bytes During Copy
Description: Skips a specified number of blocks before copying data.
Code: dd if=/path/to/input.file of=/path/to/output.file bs=512 skip=1
Code: dd if=input.file of=output.file bs=512 skip=1
15. Using gzip for Compression
Description: Compresses the output using gzip while copying data.
Code: dd if=/dev/sdX | gzip > /path/to/image.gz
Code: dd if=/dev/sda | gzip > sda_image.gz
Conclusion
The `dd` command is an incredibly versatile tool for copying and converting data, as well
|
|
|
|
| Comprehensive List of CatchMe Commands with Descriptions |
|
Posted by: Sneakyone - 09-03-2024, 01:49 AM - Forum: Batch & Shell Scripting
- Replies (1)
|
|
Comprehensive List of CatchMe Commands with Descriptions
CatchMe is a command-line tool used for advanced file, process, and module management, often utilized in system security and forensics. Below is a detailed list of commands available in CatchMe, along with their descriptions and usage examples.
1. -p
Description: Terminates a process by its process ID (PID).
Code: catchme.exe -p [PID]
2. -m
Description: Enumerates and displays loaded modules within a process by its PID.
Code: catchme.exe -m [PID]
3. -k
Description: Kills or terminates a specific process by its name.
Code: catchme.exe -k [ProcessName]
Code: catchme.exe -k notepad.exe
4. -s
Description: Suspends a process, effectively pausing its execution.
Code: catchme.exe -s [PID]
5. -r
Description: Resumes a suspended process.
Code: catchme.exe -r [PID]
6. -l
Description: Lists all running processes on the system.
Example: To display all active processes:
7. -f
Description: Forces the deletion of a file, bypassing normal file protection mechanisms.
Code: catchme.exe -f [PathToFile]
Code: catchme.exe -f C:\malicious.exe
8. -d
Description: Forces the deletion of a directory and its contents.
Code: catchme.exe -d [PathToDirectory]
Code: catchme.exe -d C:\Malware
9. -rmdir
Description: Recursively deletes a directory and all its subdirectories.
Code: catchme.exe -rmdir [PathToDirectory]
Code: catchme.exe -rmdir C:\Malware
10. -regdelkey
Description: Deletes a specific registry key.
Code: catchme.exe -regdelkey [RegistryKeyPath]
Code: catchme.exe -regdelkey HKLM\Software\MaliciousKey
11. -regdelval
Description: Deletes a specific registry value.
Code: catchme.exe -regdelval [RegistryKeyPath] [ValueName]
Code: catchme.exe -regdelval HKLM\Software\MaliciousKey MaliciousValue
12. -hide
Description: Hides a specific process from the task list.
Code: catchme.exe -hide [PID]
Code: catchme.exe -hide 1234
13. -unhide
Description: Unhides a previously hidden process.
Code: catchme.exe -unhide [PID]
Code: catchme.exe -unhide 1234
14. -listmodules
Description: Lists all loaded modules for a specific process.
Code: catchme.exe -listmodules [PID]
Code: catchme.exe -listmodules 1234
15. -killall
Description: Terminates all instances of a specific process by name.
Code: catchme.exe -killall [ProcessName]
Code: catchme.exe -killall explorer.exe
16. -copyfile
Description: Copies a file to a specified location, even if the file is in use or locked.
Code: catchme.exe -copyfile [SourceFile] [DestinationFile]
Code: catchme.exe -copyfile C:\file.txt D:\backup\file.txt
17. -injectdll
Description: Injects a DLL into a specific process.
Code: catchme.exe -injectdll [PID] [DLLPath]
Code: catchme.exe -injectdll 1234 C:\example.dll
18. -fileinfo
Description: Displays detailed information about a specified file.
Code: catchme.exe -fileinfo [PathToFile]
Code: catchme.exe -fileinfo C:\example.exe
19. -shutdown</b]Description: Shuts down the computer.
Code: catchme.exe -shutdown
ConclusionCatchMe is a powerful utility for advanced process and file management, often used in system security and forensic analysis. By mastering these commands, you can effectively manage system processes, manipulate files, and interact with the Windows registry in a secure and controlled manner.Happy Scripting!
|
|
|
|
| Comprehensive List of NirCmd Commands with Descriptions |
|
Posted by: Sneakyone - 09-03-2024, 01:46 AM - Forum: Batch & Shell Scripting
- No Replies
|
|
Comprehensive List of NirCmd Commands with Descriptions
NirCmd is a versatile command-line tool that enables you to automate a wide range of system tasks. Below is a comprehensive list of NirCmd commands with descriptions and examples.
1. mutesysvolume
Description: Mutes or unmutes the system volume.
Code: nircmd.exe mutesysvolume 1 ; Mutes the system volume
nircmd.exe mutesysvolume 0 ; Unmutes the system volume
nircmd.exe mutesysvolume 2 ; Toggles the mute state
2. changesysvolume
Description: Changes the system volume by a specified amount.
Code: nircmd.exe changesysvolume 5000 ; Increases the volume
nircmd.exe changesysvolume -5000 ; Decreases the volume
3. setsysvolume
Description: Sets the system volume to a specific level.
Code: nircmd.exe setsysvolume 65535 ; Sets volume to maximum
nircmd.exe setsysvolume 32767 ; Sets volume to 50%
4. setbrightness
Description: Sets the screen brightness to a specific level.
Code: nircmd.exe setbrightness 50 ; Sets brightness to 50%
nircmd.exe setbrightness 100 ; Sets brightness to 100%
5. monitor
Description: Turns the monitor on, off, or puts it into low-power mode.
Code: nircmd.exe monitor off ; Turns the monitor off
nircmd.exe monitor on ; Turns the monitor on
nircmd.exe monitor lowpower ; Puts the monitor in low-power mode
6. screensaver
Description: Starts the screensaver.
Code: nircmd.exe screensaver
7. lockws
Description: Locks the workstation (equivalent to pressing Win+L).
8. exitwin
Description: Shuts down, restarts, logs off, or locks the computer.
Code: nircmd.exe exitwin poweroff ; Shuts down the computer
nircmd.exe exitwin reboot ; Restarts the computer
nircmd.exe exitwin logoff ; Logs off the current user
nircmd.exe exitwin lock ; Locks the workstation
9. clipboard
Description: Manipulates the clipboard content.
Code: nircmd.exe clipboard saveclip "C:\path\to\clipboard.txt" ; Saves clipboard content to a text file
nircmd.exe clipboard clear ; Clears the clipboard
nircmd.exe clipboard copyfile "C:\path\to\file.txt" ; Copies a file to the clipboard
10. setdefaultsounddevice
Description: Sets the default sound device.
Code: nircmd.exe setdefaultsounddevice "Speakers" ; Sets "Speakers" as the default sound device
nircmd.exe setdefaultsounddevice "Headphones" ; Sets "Headphones" as the default sound device
11. win
Description: Manipulates windows (minimize, maximize, close, etc.).
Code: nircmd.exe win close title "Untitled - Notepad" ; Closes the Notepad window with the title "Untitled - Notepad"
nircmd.exe win minimize class "Notepad" ; Minimizes all Notepad windows
nircmd.exe win maximize ititle "Document" ; Maximizes the first window with "Document" in the title
12. elevatecmd
Description: Runs a command with elevated privileges (Administrator).
Code: nircmd.exe elevatecmd exec hide "cmd.exe" "/c echo Hello, World!"
13. loop
Description: Repeats a command multiple times with a specified delay between each repetition.
Code: nircmd.exe loop 10 1000 beep ; Beeps 10 times with a 1-second delay between each beep
14. speak
Description: Converts text to speech and plays it through the speakers.
Code: nircmd.exe speak text "Hello, this is NirCmd speaking."
15. beep
Description: Generates a beep sound.
Code: nircmd.exe beep 750 300 ; Beeps at 750 Hz for 300 milliseconds
16. savescreenshot
Description: Captures a screenshot and saves it as an image file.
Code: nircmd.exe savescreenshot "C:\path\to\screenshot.png"
17. setcursor
Description: Sets the mouse cursor position on the screen.
Code: nircmd.exe setcursor 500 300 ; Moves the cursor to the coordinates (500, 300)
18. sendkey
Description: Simulates a key press.
Code: nircmd.exe sendkey ctrl+alt+del press ; Simulates pressing Ctrl+Alt+Del
nircmd.exe sendkey enter press ; Simulates pressing the Enter key
19. waitprocess
Description: Waits until a specified process is terminated.
Code: nircmd.exe waitprocess notepad.exe
20. elevate
Description: Runs a command with elevated privileges (Administrator) without showing a UAC prompt.
Code: nircmd.exe elevate setvol master 65535 ; Sets the master volume to maximum with elevated privileges
21. hideapp
Description: Hides or shows an application window.
Code: nircmd.exe hideapp hide process notepad.exe ; Hides all Notepad windows
nircmd.exe hideapp show process notepad.exe ; Shows all Notepad windows
22. execmd
Description: Executes a command line in a hidden window.
Code: nircmd.exe execmd cmd /c echo Hello, World! > C:\path\to\output.txt
23. regedit
Description: Executes a .reg file to import or export registry settings.
Code: nircmd.exe regedit "C:\path\to\file.reg" ; Executes the specified .reg file
24. net
Description: Executes network-related commands (similar to Windows `net` command).
Code: nircmd.exe net start "ServiceName" ; Starts a Windows service
nircmd.exe net stop "ServiceName" ; Stops a Windows service
25. wait
Description: Pauses execution for a specified number of milliseconds.
Code: nircmd.exe wait 5000 ; Waits for 5 seconds
Conclusion
NirCmd is a powerful tool for automating and controlling various aspects of the Windows operating system. By mastering these commands, you can create scripts to perform tasks ranging from
|
|
|
|
|
