Commonly used commands:
(1) View directory content command DIR
(2) Specify the executable file search directory PATH
(3) Create directory command MD
(4) Open the specified directory command CD
(5) Delete the currently specified subdirectory command RD
(6) Change the current drive letter command C:
(7) File copy command COPY
(8) Display text file content command TYPE
(9) Change file name command REN
(10) Delete file command DEL
(11) Clear screen command CLS
PS current page CTRL F Search keywords jump directly
DOS command special command
To repeat the last command entered, you can use the F3 key. At the same time, there is a doskey command recorder under DOS. After executing doskey on the command line, the following functions can be achieved:
1. Up arrow "↑" and down arrow "↓"-----Look back at the last executed command
2. "Ctrl C" key combination or "Break" key -----Interrupt operation
3. Mouse operation "Mark" -----------------Used to select text
4. Mouse operation "Paste" -----------------Used to paste the clipboard contents to the prompt
5. "F7" key --------------------------View and execute used commands
6. "/?" ----------------------------Specify command help
7. ">" and ">>" ----------------------File redirection
Parameters: Command > write path\file name
Example:
echo Baidu welcomes you >d:\1.txt;Write text to the specified file (replace if the file exists)
netstat -an >>d:\1.txt;Follow the tail end and write the text
DOS command to enter directly
edit
Directly enter a certain drive letter, drive letter:
If you enter the D drive directly, D:
DOS command directory command
(1) md——Create subdirectory
1. Function: Create a new subdirectory
2. Type: Internal command
3. Format: md[drive letter:][path name]
4. Instructions for use:
(1) "Drive letter": Specify the letter of the disk drive to create a subdirectory. If omitted, it will be the current drive;
(2) "Path name": The name of the superior directory of the subdirectory to be created. If it is defaulted, it will be built in the current directory.
Example: (1) Create a subdirectory named fox in the root directory of drive c; (2) Create a user subdirectory under the fox subdirectory.
md c:\ fox (Create the subdirectory fox under the current drive c drive)
md c:\ fox\user (Create the user subdirectory under the fox subdirectory)
(2) cd——Change the current directory
1. Function: Change the current directory
3. Format: CD [/D] [drive:][path]
(1) If the path and subdirectory name are omitted, the current directory will be displayed;
(2) If the "cd\" format is used, return to the root directory;
(3) If the "cd.." format is used, it will return to the upper directory.
(4) Using the /D command line switch, in addition to changing the current directory of the drive, you can also change the current drive.
Example: (1) Enter the user subdirectory; (2) Return from the user subdirectory to the subdirectory; (3) Return to the root directory.
c:\>cd fox\user (enter the user subdirectory under the fox subdirectory)
c:\fox\user>cd.. (return to the previous root directory, note that cd is followed by two dots "..").
c:\fox>cd\ (return to root directory)
c:\
(3) rd——Delete subdirectory command
1. Function: Delete subdirectories from the specified disk.
3. Format: rd[drive letter:][path name][subdirectory name]
(1) The subdirectory must be empty before deletion, which means that you need to enter the subdirectory first, use del (the file deletion command) to delete the files in the subdirectory, and then return to the upper directory. Use the rd command to delete the subdirectory itself;
(2) The root directory and current directory cannot be deleted.
Example: It is required to delete the user subdirectory under the fox subdirectory of the c drive. The operation is as follows:
Step 1: First delete the files in the user subdirectory;
c\>del c:\fox\user\*.* or del c:\fox\user or del c:\fox\user\*
(Note: This can only delete files, but still cannot delete folders in the user directory)
The second step is to delete the user subdirectory.
c\>rd c:\fox\user
(Note: If there are still folders under the fox\user folder, this step will not work. How to solve it? In fact, there is no need to go through two steps, just do this c\>rd c:\fox\user /s
A parameter /s has been added. If you do not want the system to ask whether to delete, you can add a parameter /q).
rd (RMDIR): used to delete a directory in DOS operating system
RMDIR [/S] [/Q] [drive:]path
RD [/S] [/Q] [drive:]path
Note: The following two parameters can only be used on WINXP (in fact, the following two parameters can also be used under the Vista system!)
/S will delete all subdirectories and files under the specified directory in addition to the directory itself. Used to delete directory trees.
/Q Quiet mode, with /S does not ask for confirmation when deleting a directory tree.
For example: to delete the folder named myfile (this folder is empty) on the D drive, you can enter rd d:\myfile.
If myfile is not empty, you can enter rd d:\myfile /S d:\myfile to delete the myfile folder and all its subfolders and files.
(4) dir——Display disk directory command
1. Function: Display the contents of the disk directory.
3. Format: dir [drive letter][path][file name][/p][/w][/A[[:]attribute]][/O[:]sort order]][/S]
4. Instructions for use: Use of /p; when there are too many directories to be viewed and cannot be displayed on one screen, the screen will keep scrolling up, making it difficult to see clearly. After adding the /p parameter, the screen will be displayed in separate faces. 23 lines of file information, then pauses, and prompts; press any key to continue (press any key to continue)
Use of /w: Adding /w only displays the file name, and the file size and creation date and time are omitted. After adding parameters, each line can display five file names.
/A displays files with specified attributes.
Attribute D Directory R Read-only file H Hidden file A File to be archived
S System file I Contentless index file L Parse point - prefix for "no"
/O List files in sorted order.
Sorting order N By name (alphabetical order) S By size (small to large) E By extension (alphabetical order)
D By date/time (first to last) G Group directory first - prefix in reverse order
/S displays files in the specified directory and all subdirectories.
(5) path——path setting command
1. Function: Search path for device executable files, only valid for files.
3. Format: path[drive letter 1] directory [path name 1] {[; drive letter 2:],
(1) When running an executable file, DOS will first search for the file in the current directory, and if it is found, run it; if the file cannot be found, it will go to the directory one by one according to the path set by the path command. Search for this file;
(2) If there are more than two paths in the path command, each path should be separated by a semicolon ";";
(3) There are three ways to use the path command:
path[Drive letter 1:][Path 1][Drive letter 2:][Path 2]... (Set the search path for executable files) path: (Cancel all paths)
path: (displays the currently set path)
(6) tree——Display disk directory structure command
1. Function: Display all directory paths on the specified drive and all file names in these directories.
2. Type: External command
3. Format: tree [drive letter:][/f][>prn]
(1) When the /f parameter is used, all directories and all files under the directory are displayed. When omitted, only the directory is displayed and the files under the directory are not displayed;
(2) When the >prn parameter is selected, the listed directories and file names in the directories will be printed out.
(7) deltree - delete the entire directory command
1. Function: Delete the entire directory and its subordinate subdirectories and files.
3. Format: deltree [drive letter:]
4. Instructions for use: This command can delete the directory and all files, subdirectories, and lower-level subdirectories in one step. Regardless of the file's attribute: hidden, system, or read-only, as long as the file is located in the deleted directory. Under the directory, deltree treats them all equally and deletes them without error. Be careful when using it!
(8) tasklist - display process
1. Function: Display the processes of the entire computer, same as Task Manager.
3. Format: tasklist
4. Instructions for use: Run cmd tasklist
DOS command disk command
(1) format——disk format command
1. Function: Format the disk, divide the tracks and sectors; check whether there are defective tracks on the entire disk at the same time, mark the bad sectors; establish the directory area and file allocation table, so that the disk is ready to receive DOS preparation.
3. Format: format〈Drive letter:〉[/s][/4][/q]
(1) The drive letter after the command cannot be defaulted. If the hard disk is formatted, the following prompt will be displayed: warning: all data on non
——removable disk
drive c:will be lost!
proceed with format (y/n)?
(Warning: All data on the c drive will be lost. Are you sure you want to continue formatting? {y (confirm)/n (negative)})
(2) If the floppy disk is formatted, the following prompt will appear: insert new diskette for drive a;
and press enter when ready…
(Insert the new disk into drive A and press Enter when ready).
(3) Select the [/s] parameter to copy the DOS system files io.sys, msdos.sys and command to the disk so that the disk can be used as a DOS boot disk. If the /s parameter is not selected, the formatted disk can only read and write information and cannot be used as a boot disk;
(4) Select the [/4] parameter to format a 360kb low-density disk in a 1.2mb high-density floppy drive;
(5) Select the [/q] parameter for quick formatting. This parameter will not re-divide the disk's tracks and sectors. It can only clear the disk root directory, file allocation table and boot sector to blank. Therefore, formatting The speed is faster.
(6) Select the [/u] parameter to indicate unconditional formatting, which means destroying all data on the original disk. Without /u, it is a safe format. At this time, create an image file to save the original fat table and root directory. If necessary, use unformat to restore the original data.
(2) unformat recovery formatting command
1. Function: Recover disks that have been formatted and lost data due to misoperation.
3. Format: unformat〈drive letter〉[/l][/u][/p][/test]
4. Instructions for use: Used to recover disks that have been "non-destructively" formatted. When the deleted files or subdirectories in the root directory and the system sectors of the disk (including fat, root directory, boot sector and hard disk partition table) are damaged, you can also use unformat to rescue them.
(1) Use the /l parameter to list the found subdirectory names, file names, approximate dates and other information, but it will not actually do unformat work.
(2) Select the /p parameter to send the report displayed on the screen (including the information generated by the /l parameter) to the printer at the same time. When running, the screen will display: "print out will
be sent to lpt1”
(3) Select the /test parameter to only perform simulation tests (test) without performing real writing operations. Using this parameter the screen will display: "simulation only"
(4) Select the /u parameter to not use the data of the mirror image file and unformat directly according to the current status of the disk.
(5) Select /psrtn; to repair the hard disk partition table.
If you add one of /p, /l, or /test after the drive letter, it is equivalent to using the /u parameter. Unformat will "assume" that there is no mirror image file on the disk at this time.
Note: unformat can completely restore the newly formatted disk, but if other data is written after formatting, unformat cannot completely rescue the data. Unformat is not a panacea. Since using unformat will rebuild the fat and root directories, it is also highly dangerous. Improper operation may increase losses. If you only delete a few files or subdirectories by mistake, you only need to use undelete. enough.
(3) chkdsk——Check the current status of the disk command
1. Function: Display disk status, memory status and the discontinuous number of specified files under the specified path.
3. Format: chkdsk [drive letter:][path][file name][/f][/v]
(1) Select the [file name] parameter to display the disk usage of the file;
(2) Select the [/f] parameter to correct logical errors found on the specified disk;
(3) Select the [/v] parameter to display all files and paths on the disk.
(4) diskcopy——Full disk copy command
1. Function: Copy floppy disks with exactly the same format and content.
3. Format: diskcopy[Drive letter 1:][Drive letter 2:]
(1) If the target floppy disk is not formatted, the system will automatically select formatting when copying.
(2) If there are original files on the target floppy disk, they will all be lost after copying.
(3) If it is a single-drive copy, the system will prompt you to replace the source disk and target disk in a timely manner. Please pay attention to distinguish the source disk and target disk during operation.
(5) label——Create disk volume label command
1. Function: Create, change, and delete disk volume labels.
3. Format: label[drive letter:][volume label name]
(1) The volume name is the volume name to be created. If this parameter is omitted by default, the system will prompt you to enter the volume name or ask whether to delete the original volume name;
(2) The volume name consists of 1 to 11 characters.
(6) vol——Display disk volume label command
1. Function: View disk volume label.
3. Format: vol[Drive letter:]
4. Instructions for use: Omit the drive letter and display the current drive volume label.
(7) scandisk - detect and repair disk commands
1. Function: Detect whether there are problems with the disk's fat table, directory structure, file system, etc., and repair the detected problems.
3. Format: scandisk[Drive letter 1:]{[Drive letter 2:]…}[/all]
(1) scandisk is suitable for hard disks and floppy disks. You can specify multiple disks at one time or use the [/all] parameter to specify all disks;
(2) Logical errors such as cross-connections, missing clusters and directory structures that occur in the disk can be automatically detected and repaired.
(8) defrag——Rearrange disk command
1.. Function: Defragment the disk and eliminate disk fragments.
3. Format: defrag[drive letter:][/f]
4. Instructions for use: Use the /f parameter to eliminate the fragments in the file on the disk, and adjust the arrangement of the disk files to ensure that there are no gaps between files. This speeds up disk reading and saves disk space.
(9) sys——system copy command
1. Function: Transfer the DOS system files io.sys, msdos.sys and command on the current drive to the specified drive.
3. Format: sys[drive letter:]
*Instructions for use: If the remaining space on the disk is not enough to store system files, the prompt is: no room for on destination disk.
DOS command file command
(1) copy file copy command
1. Function: Copy one or more files to the specified disk.
3. Format: copy [source disk][path](source file name) [target disk][path](destination file name)
(1) Copy is a file-to-file method of copying data. The target disk must be formatted before copying;
(2) During the copying process, old files with the same file name on the target disk will be replaced by the source files;
(3) When copying files, you must first make sure that the target disk has enough space, otherwise an "insufficient" error message will appear, indicating that the disk space is insufficient;
(4) Wildcard characters "*" and "?" are allowed in the file name, and multiple files can be copied at the same time;
(5) The source file name in the copy command must be specified and cannot be omitted.
(6) When copying, the target file name can be the same as the source file name, which is called "copy with the same name". At this time, the target file name can be omitted;
(7) When copying, the target file name can also be different from the source file name, which is called "different-name copy". At this time, the target file name cannot be omitted;
(8) When copying, you can also merge several files into one file, which is called "merged copy". The format is as follows: copy;[source disk][path]〈source file name 1〉〈source file name 2〉…[ Target disk][path]
(9) Using the copy command, you can also enter data from the keyboard to create a file. The format is as follows: copy con [drive letter:][path]
After editing, Ctrl Z saves the edits.
(10) Note: In the usage format of the copy command, there must be a space between the source file name and the target file name!
(2) xcopy——Directory copy command
1. Function: Copy the specified directory and all files under the directory together with the directory structure.
3. Format: xcopy [source disk:]
(1) xcopy is an extension of copy. It can copy the specified directory together with the files and directory structure, but it cannot copy hidden files and system files;
(2) When using, specify at least one source drive letter, source destination path name, and source file name;
(3) When /s is selected, copy all files in the source directory and its subdirectories. Unless the /e parameter is specified, /s will not copy an empty directory. If the /s parameter is not specified, xcopy will only copy the files in the source directory itself, without involving the subdirectories below it;
(4) When the /v parameter is selected, all copied sectors will be tested, but the speed will be reduced.
(3) type——Display file content command
1. Function: Display the contents of the ascii code file.
2. Type: Internal command.
3. Format: type[drive letter:][path]
(1) Display text files composed of ascii codes. For files with extensions such as .exe or .com, the displayed content is unreadable and has no practical meaning;
(2) This command can only display the contents of one file at a time, and wildcards cannot be used;
(3) If the file has an extension, the extension must be written;
(4) When the file is too long to be displayed on one screen, it can be displayed in the following format; type[drive letter:][path]
(5) If you need to print out the file content, you can use the following format:
type[drive letter:][path]
At this point, the printer should be online.
(4) ren——File rename command
1. Function: Change file name
3. Format: ren[drive letter:][path]〈old file name〉〈new file name〉
(1) The drive letter and path cannot be added before the new file name, because this command can only change the file name for files on the same disk;
(2) Allow the use of wildcards to change a set of file names or extensions.
(5) fc——File comparison command
1. Function: Compare the similarities and differences of files and list the differences.
3. Format: fc[drive letter:][path name]
(1) Select the /a parameter, which is the ascii code comparison mode;
(2) Select the /b parameter, which is binary comparison mode;
(3) Select the /c parameter to treat uppercase and lowercase characters as the same characters.
(4) Select the /n parameter to display the line numbers of differences in the ASCII code comparison mode.
(6) attrib——Modify file attributes command
1. Function: Modify the attributes of the specified file. (For file attributes, please refer to the section 2.5.4 (2) File Attributes)
2. Type: External command.
3. Format: attrib[file name][r][—r][a][—a][h][—h][—s]
(1) Use the r parameter to set the specified file to a read-only attribute, so that the file can only be read and cannot write data or delete; use the -r parameter to remove the read-only attribute;
(2) Select the a parameter to set the file as file attribute; select the -a parameter to remove the file attribute; (3) Select the h parameter to adjust the file to the implicit attribute; select the -h parameter to remove the implicit attribute;
(4) Select the s parameter to set the file as a system attribute; select the -s parameter to remove the system attribute; (5) Select the /s parameter to set all subdirectories in the current directory.
(7) del——delete file command
1. Function: Delete the specified file.
3. Format: del[drive letter:][path]
(1) Select the /p parameter. The system will ask whether you really want to delete the file before deleting it. If you do not use this parameter, it will be deleted automatically;
(2) This command cannot delete files with hidden or read-only attributes;
(3) Wildcards can be used in file names;
(4) If you want to delete all files on the disk (del*·* or del·), you will be prompted: (arey ou sure?) (Are you sure?) If the answer is y, the deletion will be carried out. If the answer is n, the deletion operation will be cancelled.
(8) undelete——Undelete command
1. Function: Restore accidentally deleted commands
3. Format: undelete[drive letter:][path name]
4. Instructions for use: Use undelete to use the "*" and "?" wildcard characters.
(1) Use the /dos parameter to restore files based on the remaining records in the directory. When a file is deleted, the first character of the file name recorded in the directory will be changed to e5. DOS uses the e5 at the beginning of the file and its subsequent characters to find the file to be restored. Therefore, undelete will ask the user to enter a character. to complete the file name. But this character does not have to be the same as the original, it only needs to comply with the file name rules of DOS.
(2) Selecting /list only "lists" files that meet the specified conditions without restoring them, so it will not affect the disk content at all.
(3) Select /all to automatically restore fully recoverable files without asking the user one by one. When using this parameter, if undelete uses the remaining records in the directory to restore the files, a character will be automatically selected to restore the files. Complete the name so that it is not the same as the existing file name. The preferred order of characters is: #%——0000123456789a~z.
Undelete also has the function of establishing protective measures for files, which is beyond the scope of this course. Readers are advised to consult the relevant DOS manual when using these functions.
DOS commands other commands
(1) cls——Clear screen command
1 Function: Clear all displays on the screen and place the cursor in the upper left corner of the screen.
Type 2: Internal command
3 format: cls
(2) Ver check the system version number command
1 Function: Display the current system version number
3 format: ver
(3) date date setting command
1 Function: Set or display the system date.
3 format: date[mm——dd——yy]
4Instructions for use:
(1) Omit [mm——dd——yy] to display the system date and prompt to enter a new date. If you do not modify it, you can directly press the Enter key. [mm——dd——yy] is "month month - day day" ——Year” format;
(2) When the machine starts to start and an automatic processing file (autoexec.bat) is executed, the system does not prompt for the system date. Otherwise, prompt for a new date and time.
(4) time system clock setting command
1 Function: Set or display the system period.
3 format: time[hh:mm:ss:xx]
(5) mem view current memory status command
1 Function: Display the current memory usage
Type 2: External command
3 format: mem[/c][/f][/m][/p]
(1) Use the /c parameter to list the length of each file loaded into conventional memory and cmb, and also display the usage of memory space and the maximum available space;
(2) Select the /f parameter to list the remaining byte size of the current conventional memory and the area and size available for UMB;
(3) Select the /m parameter to display the address, size and module properties of the memory used by the module;
(4) Use the /p parameter to specify that when the output exceeds one screen, it will be paused for users to view.
(6) msg display system information command:
1 Function: Display the status of the system's hardware and operating system.
3Format: msg[/s]
(1) When the /i parameter is selected, the hardware is not detected;
(2) When the /b parameter is selected, start msg in black and white mode;
(3) When the /s parameter is selected, a concise system report is displayed.
DOS command ping command
I believe everyone is familiar with the ping command under Windows, but not many people can maximize the function of ping. Of course, I am not saying that I can maximize the function of ping. I just use it often. I have also summarized some small experiences using the ping tool, and I will share them with you now.
Refer to the help instructions of the ping command for tips that can be used when using ping. Ping can only be used after the tcp/ip protocol is installed:
ping [-t] [-a] [-n count] [-l length] [-f] [-i ttl] [-v tos] [-r count] [-s count] [[-j computer-list] | [-k computer-list]] [-wz timeout] destination-list
options:
-t ping the specified host until stopped to see statistics and continue - type control-break;to stop - type control-c.
Keep pinging the local host until you press control-c.
There are no special tricks to this function, but it can be used with other parameters, which will be mentioned below.
net use \\ip\ipc$ " " /user:" " Create an empty ipc link
net use \\ip\ipc$ "password" /user:"username" Create a non-empty ipc link
net use h: \\ip\c$ "Password" /user:"Username" After logging in directly, map the other party's c: to the local h:
net use h: \\ip\c$ After logging in, map the other party c: to the local h:
net use \\ip\ipc$ /del Delete ipc link
net use h: /del deletes the mapping of the other party to the local h:
net user username password /add create user
net user guest /active:yes Activate guest user
net user to see which users there are
net user account name View account attributes
net localgroup ***istrators username /add Add "user" to the administrator so that it has administrator rights. Note: Add s after ***istrator and use the plural
net start Check which services are enabled net start service name Open the service; (for example: net start telnet,
net start schedule)net stop service name stop a service
net time \\target ip check the other party's time
net time \\target ip /set sets the local computer time to be synchronized with the time of the "target ip" host. Add the parameter /yes to cancel the confirmation message
net view View which shares are enabled in the local LAN
net view \\ip View which shares are enabled in the other party's LAN
net config displays system network settings
net logoff disconnected share
net pause service name pause a service
net send ip "text message" Send message to the other party
net ver Network connection type and information being used in the LAN
net share View locally enabled shares
net share ipc$ Enable ipc$ sharing
net share ipc$ /del delete ipc$ share
net share c$ /del delete c:share
net user guest 12345 After logging in as the guest user, change the password to 12345 net password password to change the system login password
netstat -a Check which ports are open, commonly used
netstat -annetstat -n Check the network connection status of the port, commonly used
netstat -annetstat -v View ongoing work
netstat -p protocol name Example: netstat -p tcp/ip Check the usage of a certain protocol (check the usage of tcp/ip protocol)
netstat -s View all protocol usage
nbtstat -a ip If one of the other party's ports 136 to 139 is open, you can view the user name of the other party's recent login (the one before 03 is the user name) - Note: the parameter -a must be capitalized
tracert - parameter ip (or computer name) trace route (packet), parameter: "-w number" is used to set the timeout interval.
Ping ip (or domain name) sends data with a default size of 32 bytes to the other host. Parameters: "-l [space] packet size"; "-n number of times to send data"; "-t" means pinging all the time.
ping -t -l 65500 ip ping of death (sending files larger than 64k and pinging all the time becomes the ping of death)
ipconfig (winipcfg) is used for windows nt and xp (windows 95 98) to view the local ip address,
The ipconfig parameter "/all" can be used to display all configuration information
tlist -t displays processes in a tree line list (it is an additional tool for the system, which is not installed by default and is in the support/tools folder of the installation directory)
kill -f process name. Add the -f parameter to force the end of a process (it is an additional tool for the system. It is not installed by default and is in the support/tools folder of the installation directory)
del -f Read-only files can be deleted by adding the -f parameter to the file name. /ar, /ah, /as, and /aa mean deleting read-only, hidden, system, and archive files respectively. /a-r, /a-h, /a-s, and /a-a mean deleting read-only, hidden, system, and archive files respectively. Delete files except read-only, hidden, system, and archive files. For example "del/ar *.*" means to delete all read-only files in the current directory, "del/a-s *.*" means to delete all files in the current directory except system files
DOS command shutdown
The command is as follows:
shutdown.exe -a cancel shutdown
shutdown.exe -s shutdown
shutdown.exe -f forcefully closes the application.
shutdown.exe -m \\computername Controls the remote computer.
shutdown.exe -i displays the graphical user interface, but must be the first parameter of Shutdown.
shutdown.exe -l logs out the current user.
shutdown.exe -r Shut down and restart.
shutdown.exe -t time sets the shutdown countdown.
shutdown.exe -c "Message content" Enter the message content in the shutdown dialog box (cannot exceed 127 characters).
For example, if your computer wants to shut down at 24:00, you can select "Start → Run" and enter "at 24:00 Shutdown -s", in this way, at 24:00, the computer will display the "System Shutdown" dialog box. By default, there is a 30-second countdown and prompts you to save your work. If you want to shut down in a countdown manner, you can enter "Shutdown.exe -s -t 7200", here means automatic shutdown after 120 minutes, "7200" means 120 minutes.
If you want to cancel, you can enter "shutdown -a" during operation. In addition, enter "shutdown -i" to open the automatic shutdown setting dialog box and set automatic shutdown.
To achieve the same effect in Windows 2000, you can copy Shutdown.exe to the system directory System32
eg:shutdown.exe -s -m \\z20235
Of course, you can also use shutdown with the at command to schedule a shutdown, which will be more accurate. Format: at shutdown time shutdown option
Example: at 12:45 shutdown -s -t 20 will shut down the machine at 12:45 and count down for 20 seconds. It should be noted that before using it, you must first open the "Task Scheduler” service.
DOS command basic command
DOS command ping
It is a command used to check whether the network is smooth or the network connection speed. As an administrator or hacker living on the network, the ping command is the first DOS command that must be mastered. The principle it uses is this: all machines on the network have unique IP addresses. We give the target When the IP address sends a data packet, the other party will return a data packet of the same size. Based on the returned data packet, we can determine the existence of the target host and preliminarily determine the operating system of the target host. Let’s take a look at some of its commonly used operations. Take a look at the help first, type in the DOS window: ping /? Enter,. Help screen shown. Here, we only need to master some basic and useful parameters (the same below).
-t Indicates that packets will be sent to the target IP continuously until we force it to stop. Just imagine, if you use 100M broadband access, and the target IP is a 56K kitten, then it will not be long before the target IP is disconnected because it cannot bear so much data. Haha, an attack is so simple.
-l defines the size of the sent data packet, the default is 32 bytes, we can use it to define the maximum size to 65500 bytes. Used in conjunction with the -t parameter introduced above, there will be better results.
-n Define the number of times to send data packets to the target IP, the default is 3 times. If the network speed is slow, 3 times is a waste of time for us, because now our purpose is only to determine whether the target IP exists, so let’s define it as once.
To explain, if the -t parameter and the -n parameter are used together, the ping command will be based on the parameter placed at the end, such as "ping IP -t -n 3", although the -t parameter is used, it does not ping all the time, but only pings 3 times. In addition, the ping command does not necessarily require ping IP, you can also directly ping the host domain name, so that you can get the IP of the host.
DOS command nbtstat
This command uses NetBIOS on TCP/IP to display protocol statistics and current TCP/IP connections. Using this command you can get the NETBIOS information of the remote host, such as user name, workgroup to which it belongs, MAC address of the network card, etc. Here we need to understand several basic parameters.
-a Using this parameter, as long as you know the machine name of the remote host, you can get its NETBIOS information (the same below).
-A This parameter can also get the NETBIOS information of the remote host, but you need to know its IP.
-n Lists the NETBIOS information of the local machine.
When you get the other party's IP or machine name, you can use the nbtstat command to further obtain the other party's information, which increases the insurance factor for our intrusion.
DOS command netstat
This is a command used to check the network status. It is easy to operate and powerful.
-a View all open ports of the local machine, which can effectively detect and prevent Trojans. You can also know the services opened by the machine and other information, as shown in Figure 4.
It can be seen here that the local machine has FTP service, Telnet service, mail service, WEB service, etc. Usage: netstat -a IP.
-r lists the current routing information and tells us the gateway, subnet mask and other information of the local machine. Usage: netstat -r IP.
DOS command tracert
Trace routing information. Use this command to find out all the paths that data takes from the local machine to the target host. This is very helpful for us to understand the network layout and structure. As shown in Figure 5.
This shows that the data is transmitted from the local machine to the 192.168.0.1 machine without any transfer in the middle, indicating that the two machines are in the same LAN. Usage: tracert IP.
DOS command net
This command is the most important of the network commands. You must thoroughly master the usage of each of its subcommands, because its function is so powerful. Here, we focus on mastering several commonly used subcommands.
net view
Use this command to view all shared resources of the remote host. The command format is net view \\IP.
net use
Map a shared resource on the remote host as a local drive letter, and the graphical interface is easy to use. The command format is net use x: \\IP\sharename. The above one indicates that the shared directory named magic of 192.168.0.5IP is mapped to the local Z disk. The following shows establishing an IPC$ connection with 192.168.0.7 (net use $">\\IP\IPC$ "password" /user:"name"),
After establishing the IPC$ connection, haha, you can upload files: copy nc.exe $">\\192.168.0.7\admin$ means to transfer nc.exe in the local directory to the remote host. Intrusion can be achieved by combining with other DOS commands to be introduced later.
net start
Use it to start services on remote hosts. After you establish a connection with the remote host, what should you do if you find that some of its services are not started and you want to use this service? Just use this command to start it. Usage: net start servername, as shown in Figure 9, the telnet service is successfully started.
net stop
After intrusion, I find that a service on the remote host is getting in the way. What should I do? Use this command to stop it and it will be ok. The usage is the same as net start.
net user
View account-related information, including creating new accounts, deleting accounts, viewing specific accounts, activating accounts, deactivating accounts, etc. This is very beneficial for us to invade. Most importantly, it provides us with the prerequisite for cloning accounts. Type net without parameters user, can view all users, including disabled ones. They are explained below.
1. Net user abcd 1234 /add, create a new account with the user name abcd and the password 1234. By default, it is a member of the user group.
2. Net user abcd /del, delete the user named abcd.
3. net user abcd /active:no, disable the user named abcd.
4. net user abcd /active:yes, activate the user named abcd.
5. net user abcd, check the situation of the user named abcd
net localgroup View all information related to user groups and perform related operations. Type net without parameters localgroup lists all current user groups. During the intrusion process, we usually use it to promote an account to the administrator group account, so that we can use this account to control the entire remote host.
net time
This command can view the current time of the remote host. If your goal is just to enter the remote host, then you may not need this command. But the simple invasion was successful, is it just a look? We need to penetrate further. Even the current time of the remote host needs to be known, because time and other means (which will be discussed later) can be used to start a certain command and program on a scheduled basis, laying the foundation for our further intrusion. Usage: net time\\IP.
DOS command at
The function of this command is to schedule the execution of a specific command and program on a specific date or time (know net Is time important?). When we know the current time of the remote host, we can use this command to let it execute a certain program and command at a later time (such as 2 minutes later). Usage: at time command \\computer.
It means that at 6:55, let the computer named a-01 start the telnet service (here net start telnet is the command to start the telnet service).
DOS command ftp
First, type ftp on the command line and press Enter. The ftp prompt appears. At this time, you can type "help" to view the help (you can use this method to view the help of any DOS command).
The first is the login process. This requires open. Enter "open host IP" directly at the ftp prompt. ftp port" and press Enter. Generally, the default port is 21, so you don’t need to write it in. Then enter the legal user name and password to log in. Here we take anonymous ftp as an example.
The username and password are both ftp, and the password is not displayed. When it prompts **** logged in, it means the login is successful. Because the login is anonymous, the user is displayed as Anonymous. Next, we will introduce how to use specific commands.
dir is the same as the DOS command. It is used to view the files on the server. Just type dir and press Enter to see the files on the ftp server.
cd to enter a folder.
get downloads the file to the local machine.
put uploads files to a remote server. This depends on whether the remote ftp server has given you writable permissions. If so, haha, I won’t say much about how to use it. You can feel free to use it.
delete deletes files on the remote ftp server. This must also ensure that you have writable permissions.
bye exits the current connection.
quit Same as above.
DOS command telnet
A powerful remote login command, almost all intruders like to use it, and it works repeatedly. Why? It is as simple to operate as using your own machine. As long as you are familiar with DOS commands and successfully connect to the remote machine as administrator, you can use it to do whatever you want. The following describes how to use it. First type telnet and press Enter, then type help to view the help information.
Then type open IP at the prompt and press Enter. A login window will appear, allowing you to enter a legal username and password. Any password entered here will not be displayed.
When the username and password entered are correct, the telnet connection is successfully established. At this time, you have the same permissions as this user on the remote host. You can use DOS commands to achieve what you want to do. Here I logged in using super administrator privileges.
DOS command character application
DOS command single symbol
【~】
①In for, it means using enhanced variable expansion.
② In %var:~n,m%, it represents the string specifying the position using the extended environment variable.
③ In set/a, it represents a unary operator, which inverts the operand bitwise.
【! 】
①The unary operator in set /a represents logical negation. For example, set /a a=!0, then a represents logical 1.
【@】
① Hide the echo of the command line itself, often used in batch processing.
【$】
①Indicates the end of a line in the findstr command.
②In the prompt command, it means to escape (symbolize or effect) the following characters.
【%】
①The binary operator in set /a represents arithmetic remainder.
② In the command line environment, before the for command in, followed by a character (can be letters, numbers or some specific characters), it means specifying a loop or traversing indicator variable.
③ In batch processing, followed by a number indicates the reference to the specified parameters when the batch is currently executed.
④ In other cases, % will be removed (batch processing) or retained (command line)
【^】
① Cancel the escaping effect of specific characters, such as & | > < ! ", etc., but excluding %. For example, if you want to display some special characters on the screen, such as > >> | ^ &; and other symbols, you can add a ^ symbol in front of it to display the characters after the ^. ^^ displays a ^, and ^| displays a | character;
②The binary operator in set/a represents bitwise XOR.
③In [] of findstr/r, it means that it does not match the specified character set.
【&;】
① Command connection character. For example, if I want to execute two commands on a line of text at the same time, I can use the &; command to connect the two commands.
②In set/a, it is bitwise AND.
【*】
① Represents any number of characters, which is what we usually call "wildcard"; for example, if you want to find all text files (.txt) in the root directory of drive C, you can enter the command "dir c:\*.txt".
②The binary operator in set /a represents arithmetic multiplication.
③In findstr/r, it means matching the previous character multiple times.
【-】
① Range indicator, such as date search, this character can be used in the tokens operation in the for command.
② Connect two characters in findstr/r to indicate the matching range.
③ -Following / after some commands indicates a reverse switch.
④In set /a:
1. Represents a negative number.
2. Represents arithmetic subtraction operation.
【 】
① It is mainly used in the copy command, which means that this character is used to merge many files into one file.
②The binary operator in set/a represents arithmetic addition.
【:】
① Label locator, indicating that the following string is a label, which can be used as the target of the goto command. For example, if a ":begin" tag is defined in a batch file, use "goto begin" command can go to the ":begin" tag to execute the batch command.
② Separate the relationship between the variable name and the replaced string in %var:string1=string2%.
【|】
① The pipe character is to use the output of the previous command as the input of the next command. "dir /a/b |more" can display the information output by the dir command screen by screen.
②The binary operator in set/a represents bitwise OR.
③ In the help document, it means that the two switches, options or parameters before and after it are optional.
【/】
① Indicates that the following character (string) is the function switch (option) of the command. For example, "dir /s/b/a-d" represents different parameters specified by the "dir" command.
②Indicates division in set/a.
【>;】
① Command redirection character,
echo Tangshan flavor is not strong. Welcome >d:\1.txt;Write text to the specified file (replace if the file exists)
②In findstr/r, it represents the right boundary of the matching word, which needs to be used with the escape character \.
【<;】
① Use the content of the following file as the input of the previous command.
②In findstr/r, it represents the left boundary of the matching word, which needs to be used with the escape character \.
【=】
① Assignment symbol, used for assigning values to variables. For example, "set a=windows" means assigning the string "windows" to the variable "a".
②Indicates arithmetic operations in set/a, such as "set /a x=5-6*5".
【\】
① In some cases, the "\" symbol represents the root directory of the current path. For example, the current directory is under c:\windows\system32, then you "dir \", it is equivalent to "dir c:\".
②Represents regular escape characters in findstr/r.
【,】
① In set /a, it represents the delimiter of continuous expressions.
② Split elements in some commands.
【.】
① When following \ in the path or appearing alone:
A. represents the current directory.
Two . indicates the upper-level directory.
② When appearing in the file name in the path:
The last . represents the separation between the main file name and the extended file name.
【?】
①In findstr/r, it means matching an arbitrary character at this position.
② In the path, it means wildcarding any character at this position.
③ Immediately following / means to obtain the help document of the command.
DOS command multi-symbol
【&&;】
① Connect two commands. When the command before &&; succeeds, the command after &&; will be executed.
【||】
① Connect two commands. When the command before || fails, the command after || will be executed.
【>&;】
① Write the output of one handle to the input of another handle.
【<&;】
① Read input from one handle and write it to the output of another handle.
【%%】
① Two consecutive % means that they are separated into one % during preprocessing.
② In batch processing, before the in clause of the for statement, two consecutive %s are followed by a character (can be letters, numbers and some specific characters), indicating that a loop is specified
Ring or traverse indicator variables.
③ In batch processing, in the for statement, use the same string as the indicator variable specified before in to refer to this indicator variable.
【>>;】
① Command redirection character, appends the output result of the previous command to the end.
Parameters: Command >> write path\file name
netstat -an >>d:\1.txt; that is, follow the end of ‘1.txt’ and continue to write the ‘netstat -an’ command output result
②The binary operator in set /a represents logical right shift.
【==】
① In the if command, determine whether the elements on both sides of == are the same.
【<<;】
①The binary operator in set /a represents logical left shift.
【 =】
①Binary operator in set /a. For example, set /a a =b means assigning the result of a plus b to a.
【-=】
①Binary operator in set /a. For example, set /a a-=b means assigning the result of a minus b to a.
【*=】
①Binary operator in set /a. For example, set /a a*=b means assigning the result of multiplying a by b to a.
【/=】
①Binary operator in set /a. For example, set /a a/=b means assigning the result of a plus b to a.
【%=】
①Binary operator in set /a. For example, set /a a%=b means assigning the remainder of dividing a by b to a.
Note: You can use set /a a%=b directly on the command line, and you can use set /a a%%=b in batch processing.
【^=】
①Binary operator in set /a. For example, set /a a"^="b means assigning the bitwise difference result between a and b to a.
Note: "^=" is quoted here to prevent ^ from being escaped, the same below.
【&=】
①Binary operator in set /a. For example, set /a a"&="b means assigning the result of the bitwise AND of a and b to a.
【|=】
①Binary operator in set /a. For example, set /a a"|="b means assigning the bitwise OR result of a and b to a.
【<<=】
①Binary operator in set /a. For example, set /a a"<<="b indicates that the result of shifting a to the left by b bits is assigned to a.
【>>=】
①Binary operator in set /a. For example, set /a a">>="b indicates that the result of shifting a to the right by b bits is assigned to a.
【\<】
①Indicates the beginning of the word in the general expression of findstr.
【\>;】
①Indicates the end of the word in the general expression of findstr.
【! ! 】
① Use when variable delay is enabled! ! Expanding a variable name indicates a reference to the variable value.
【' '】
① In for/f, it means to execute the content they contain as a command line and analyze its output.
② In for/f "usebackq", it means that the strings they contain are analyzed as strings.
【()】
① The command contains or has a priority delimiter. For example, the for command uses this (). We can also see it in if, echo and other commands.
② Express expression grouping in set /a.
【" "】
① Delimiter, when representing a path with spaces, "" is often used to enclose the path. The " " symbol is also required in some commands.
② In for/f, the contents represented by them are analyzed as strings.
③ In for/f "usebackq" means that the contents they contain are treated as file paths and the contents of their files are analyzed.
④ In other cases, it means that the content is a complete string, in which >;, >>;, <;, &;, |, spaces, etc. are no longer escaped.
【` `】
① In for/f, it means that the content they contain is executed as a command line and its output is analyzed.
【[ ]】
① In the help document, it is indicated that the switches, options or parameters are optional.
②In findstr /r, it means matching
according to the specified character set. Hold down shift to enter a small amount of uppercase letters. The ? key means holding down the previous key first and pressing the second key at the same time.
Ctrl sc or ctrl num lock pauses to observe the screen display, press once to continue.
ctrl c or ctrl break terminates the program and returns to the operating system.
DOS command program process
ntsd is a dos command, its function is to end some dead processes that cannot be ended normally.
The usage is to open cmd and enter the following command to end the process:
Method 1: Use the PID of the process to end the process
Command format: ntsd -c q -p pid
Command example: ntsd -c q -p 1332 (end explorer.exe process)
Detailed explanation of the example: The pid of explorer.exe is 1332, but how to get the pid of the process? Enter TASKLIST under CMD to get the PIDs of all processes in the current task manager
Method 2: Use the process name to end the process
Command format: ntsd -c q -pn ***.exe (***.exe is the process name, exe cannot be omitted)
Command example: ntsd -c q -pn explorer.exe
Another DOS command that can end the process is taskkill:
Command format: taskkill /pid 1234 /f (The same effect can also be achieved.)
If the above cannot satisfy your thirst for knowledge, here are some more:
Detailed explanation of ntsd
There are some high-level processes that tskill and taskkill may not be able to end, so we have a more powerful tool, which is system debug
Level ntsd. To be precise, ntsd is a
System debugging tools are only available to system development-level administrators, but they are still very useful for us to kill processes. Basically, except for WINDOWS systems
System's own management process, ntsd can be killed.
Of course, some rootkit-level super Trojans are still powerless. Fortunately, there are still very few such awesome-level Trojans.
The NTSD debugger requires the user to specify a process to connect to when it is started. Using TLIST or PVIEWER you can get an existing
The process ID of the process, and then type NTSD -p pid to debug the process. The NTSD command line uses the following syntax:
NTSD [options] imagefile
where imagefile is the name of the image to debug and options is one of the following options:
Option description -2 Open a new window for debugging character mode applications -d Redirect output to the debug terminal -g Make execution automatic
Passing the first breakpoint -G causes NTSD to exit immediately when the subroutine terminates. Enables debugging of multiple processes. The default is one derived from the debugger.
processes -p specifies debugging the process identified by the process ID -v produces verbose output
For example, assume that the process ID of inetinfo.exe is 104. Type the following command to connect the NTSD debugger to the inetinfo process
(IIS).
NTSD -p 104
You can also use NTSD to start a new process for debugging. For example, NTSD notepad.exe will start a new notepad.exe into
process and establish a connection with it.
Once connected to a process, you can use various commands to view the stack, set breakpoints, dump memory, and more.
Command meaning~Display a list of all threads KB Display the stack trace of the current thread~*KB Display the stack trace of all threads R Display the current
Frame's register output U disassembles code and displays procedure name and offset D dumps memory BP sets breakpoints BC clears one or more breakpoints BD disables one or more breakpoints BE enables one or more breakpoints BL lists One or more breakpoints
In my personal opinion, a very important parameter is the -v parameter, through which we can find out which connection library files are attached to a process.
There are many viruses, Trojans, or malware that like to make themselves into dynamic libraries, and then register them in the load library list of the system's normal programs, up to
To hide one’s purpose.
First we need to set up the output redirection of ntsd. It is best to redirect it to a text file to facilitate our analysis and research.
c:\>set _NT_DEBUG_LOG_FILE_APPEND=c:\pdw.txt
Note that although the output is redirected, our output will continue to be displayed on the screen and will enter debug mode. We use -c
q parameter can avoid this problem.
c:\>ntsd -c q -v notepad.exe
Now in our pdw.txt file, you can see the debugging information of the notepad.exe file.
ntsd kills the process using the following parameters.
c:\>ntsd -c q -p PID As long as you can provide the PID of the process, then you can kill the process.
We know that the Windows Task Manager is a useful tool for us to understand which programs are currently running on the computer, so how to open this Task Manager? In actual use, there are usually two methods: one is to press Ctrl Alt Del on the keyboard You can open the Task Manager; second, move the mouse to a blank space on the taskbar, right-click → select Task Manager to open the Task Manager. However, sometimes when a computer is infected with a virus, the virus will disable the task manager. What should you do at this time? Please read below.
At this time, we need to use a more professional method to open the Task Manager, that is, using the command prompt. Here we will teach you how to use the command prompt to open the Task Manager, and how to use commands to close related processes.
1. Use the command prompt (cmd) to open the task manager to view the process method
Start → Run → cmd, and then enter Tasklist in the command prompt window to view the current processes of the computer.
2. How to terminate a process using command prompt (cmd)
Here is an example to illustrate the problem. If you want to terminate the Notepad process notepad.exe in the current process, you can use the following command:
taskkill /f /im notepad.exe
If you know the pid value of the process to be terminated (you can see the pid value of each process through the task manager), for example, 100, you can use the following command:
ntsd -c q -p 100 or taskkill /f /pid 100
Tips: Clear U disk virus
1. Press "WIN R" to open the "Run" window, enter the "CMD" command, and press OK to open the command prompt window.
2. In the command prompt window, switch to the drive letter of the U disk or the drive letter infected with the Autorun.inf virus, and execute the commands in sequence: attrib -S -H -R autorun.inf press enter.
3. Execute the command again: del autorun.inf and press Enter.
The above is the detailed content of What are the Linux dos commands?. For more information, please follow other related articles on the PHP Chinese website!