09-03-2024, 01:49 AM
Comprehensive List of CatchMe Commands with Descriptions
CatchMe is a command-line tool used for advanced file, process, and module management, often utilized in system security and forensics. Below is a detailed list of commands available in CatchMe, along with their descriptions and usage examples.
1. -p
Description: Terminates a process by its process ID (PID).
Example: To terminate a process with PID 1234:
2. -m
Description: Enumerates and displays loaded modules within a process by its PID.
Example: To list modules loaded by a process with PID 1234:
3. -k
Description: Kills or terminates a specific process by its name.
Example: To kill all instances of `notepad.exe`:
4. -s
Description: Suspends a process, effectively pausing its execution.
Example: To suspend a process with PID 1234:
5. -r
Description: Resumes a suspended process.
Example: To resume a process with PID 1234:
6. -l
Description: Lists all running processes on the system.
Example: To display all active processes:
7. -f
Description: Forces the deletion of a file, bypassing normal file protection mechanisms.
Example: To forcefully delete `C:\malicious.exe`:
8. -d
Description: Forces the deletion of a directory and its contents.
Example: To forcefully delete the directory `C:\Malware`:
9. -rmdir
Description: Recursively deletes a directory and all its subdirectories.
Example: To recursively delete `C:\Malware` and all its subdirectories:
10. -regdelkey
Description: Deletes a specific registry key.
Example: To delete the registry key `HKLM\Software\MaliciousKey`:
11. -regdelval
Description: Deletes a specific registry value.
Example: To delete the value `MaliciousValue` in the registry key `HKLM\Software\MaliciousKey`:
12. -hide
Description: Hides a specific process from the task list.
Example: To hide a process with PID 1234:
13. -unhide
Description: Unhides a previously hidden process.
Example: To unhide a process with PID 1234:
14. -listmodules
Description: Lists all loaded modules for a specific process.
Example: To list modules for a process with PID 1234:
15. -killall
Description: Terminates all instances of a specific process by name.
Example: To kill all instances of `explorer.exe`:
16. -copyfile
Description: Copies a file to a specified location, even if the file is in use or locked.
Example: To copy `C:\file.txt` to `D:\backup\file.txt`:
17. -injectdll
Description: Injects a DLL into a specific process.
Example: To inject `C:\example.dll` into a process with PID 1234:
18. -fileinfo
Description: Displays detailed information about a specified file.
Example: To display information about `C:\example.exe`:
19. -shutdown</b]Description: Shuts down the computer.
20. -rebootDescription: Restarts the computer.
ConclusionCatchMe is a powerful utility for advanced process and file management, often used in system security and forensic analysis. By mastering these commands, you can effectively manage system processes, manipulate files, and interact with the Windows registry in a secure and controlled manner.Happy Scripting!
CatchMe is a command-line tool used for advanced file, process, and module management, often utilized in system security and forensics. Below is a detailed list of commands available in CatchMe, along with their descriptions and usage examples.
1. -p
Description: Terminates a process by its process ID (PID).
Code:
catchme.exe -p [PID]Code:
catchme.exe -p 12342. -m
Description: Enumerates and displays loaded modules within a process by its PID.
Code:
catchme.exe -m [PID]Code:
catchme.exe -m 12343. -k
Description: Kills or terminates a specific process by its name.
Code:
catchme.exe -k [ProcessName]Code:
catchme.exe -k notepad.exe4. -s
Description: Suspends a process, effectively pausing its execution.
Code:
catchme.exe -s [PID]Code:
catchme.exe -s 12345. -r
Description: Resumes a suspended process.
Code:
catchme.exe -r [PID]Code:
catchme.exe -r 12346. -l
Description: Lists all running processes on the system.
Code:
catchme.exe -lCode:
catchme.exe -l7. -f
Description: Forces the deletion of a file, bypassing normal file protection mechanisms.
Code:
catchme.exe -f [PathToFile]Code:
catchme.exe -f C:\malicious.exe8. -d
Description: Forces the deletion of a directory and its contents.
Code:
catchme.exe -d [PathToDirectory]Code:
catchme.exe -d C:\Malware9. -rmdir
Description: Recursively deletes a directory and all its subdirectories.
Code:
catchme.exe -rmdir [PathToDirectory]Code:
catchme.exe -rmdir C:\Malware10. -regdelkey
Description: Deletes a specific registry key.
Code:
catchme.exe -regdelkey [RegistryKeyPath]Code:
catchme.exe -regdelkey HKLM\Software\MaliciousKey11. -regdelval
Description: Deletes a specific registry value.
Code:
catchme.exe -regdelval [RegistryKeyPath] [ValueName]Code:
catchme.exe -regdelval HKLM\Software\MaliciousKey MaliciousValue12. -hide
Description: Hides a specific process from the task list.
Code:
catchme.exe -hide [PID]Code:
catchme.exe -hide 123413. -unhide
Description: Unhides a previously hidden process.
Code:
catchme.exe -unhide [PID]Code:
catchme.exe -unhide 123414. -listmodules
Description: Lists all loaded modules for a specific process.
Code:
catchme.exe -listmodules [PID]Code:
catchme.exe -listmodules 123415. -killall
Description: Terminates all instances of a specific process by name.
Code:
catchme.exe -killall [ProcessName]Code:
catchme.exe -killall explorer.exe16. -copyfile
Description: Copies a file to a specified location, even if the file is in use or locked.
Code:
catchme.exe -copyfile [SourceFile] [DestinationFile]Code:
catchme.exe -copyfile C:\file.txt D:\backup\file.txt17. -injectdll
Description: Injects a DLL into a specific process.
Code:
catchme.exe -injectdll [PID] [DLLPath]Code:
catchme.exe -injectdll 1234 C:\example.dll18. -fileinfo
Description: Displays detailed information about a specified file.
Code:
catchme.exe -fileinfo [PathToFile]Code:
catchme.exe -fileinfo C:\example.exe19. -shutdown</b]Description: Shuts down the computer.
Code:
catchme.exe -shutdownCode:
catchme.exe -rebootConclusionCatchMe is a powerful utility for advanced process and file management, often used in system security and forensic analysis. By mastering these commands, you can effectively manage system processes, manipulate files, and interact with the Windows registry in a secure and controlled manner.Happy Scripting!