I'm trying to generate a list of running processes (full executable path), and then loop through that listing and perform a SysInternals "sigcheck.exe" against each of the files.
For some reason this isn't performing as expected and I'm unsure if it's due to my processing of the input file, or the format of output that wmic creates. Ideally, I'd like to get this working as a batch script first and then attempt to convert it to a cli one-liner.
Below is the code I'm currently trying:
setlocal enabledelayedexpansion
#echo off
wmic process get executablepath /format:csv | more > c:\windows\temp\pslist.txt
for /f "skip=5 tokens=1,2 delims=," %%a in (c:\windows\temp\pslist.txt) do (
echo %%b
sigcheck.exe -accepteula -r -e "%%b"
)
ENDLOCAL
This uses "wmic.exe process" to build a list and passes just the "executablepath" to "sigcheck.exe". The "threadcount" is there as a trick - since WMIC has it's infamous extra-CR, asking for 1 extra and unneeded attribute creates markers in the output.....the commas. The "for" command chops the WMIC output at the commas, which is how just the "executablepath" can be pulled out without any extra CRs.
CMD:
for /f "tokens=2 delims=," %A in ('wmic process where "not executablepath=null" get executablepath^,threadcount /format:csv') do #sigcheck.exe -accepteula -r -e "%A"
OUTPUT (partial for brevity sake):
Sigcheck v2.72 - File version and signature viewer
Copyright (C) 2004-2019 Mark Russinovich
Sysinternals - www.sysinternals.com
c:\program files (x86)\google\chrome\application\chrome.exe:
Verified: Signed
Signing date: 7:47 PM 2/28/2019
Publisher: Google LLC
Company: Google Inc.
Description: Google Chrome
Product: Google Chrome
Prod version: 72.0.3626.121
File version: 72.0.3626.121
MachineType: 64-bit
Sigcheck v2.72 - File version and signature viewer
Copyright (C) 2004-2019 Mark Russinovich
Sysinternals - www.sysinternals.com
c:\windows\system32\windowspowershell\v1.0\powershell.exe:
Verified: Signed
Signing date: 5:26 PM 4/11/2018
Publisher: Microsoft Windows
Company: Microsoft Corporation
Description: Windows PowerShell
Product: Microsoft« Windows« Operating System
Prod version: 10.0.17134.1
File version: 10.0.17134.1 (WinBuild.160101.0800)
MachineType: 64-bit
Sigcheck v2.72 - File version and signature viewer
Copyright (C) 2004-2019 Mark Russinovich
Sysinternals - www.sysinternals.com
Related
On Windows, navigating into the Control Panel > Programs and Features > View installed updates page, I can see all of the software hotfixes applied including the Windows updates.
I would like to view this information using a command. Using the following command, I can view all of the Windows updates applied:
wmic qfe list full
The only problem is, the command above does not list software appliance patches applied to the machine. For example, on the view installed updates page, I can see a patch applied for SolarWinds and I cannot see the same information in the command line.
Refer to Skipping last empty line of WMIC command output in batch
#echo off
Title wmic to get HotfixID
Setlocal EnableDelayedExpansion
echo "patches" : {
set "patches=wmic qfe get HotfixID"
for /f "skip=1" %%i in ('%patches%') do for /f "delims=" %%j in ("%%i") do (
set /a count=count+1
echo "!count!" : "%%j",
)
echo }
With Powershell 7.1 and refer to Get-Package , You can give a try with Powershell :
Get-Package -AllVersions
Getting List of Installed Applications that Matches Add/Remove Programs List
Refer to group all installed software in one cell by PowerShell
(Get-Package | Where-Object {$_.ProviderName -in #('Programs','msi','Chocolatey')} | Select-Object -ExpandProperty Name)
I'm trying to run the following xcopy command
xcopy /s /i "./deps/Ultralight/build_release_x64_static_MT/out" "./deps/AppCore/deps/Ultralight"
When I run it in command prompt it works.
Microsoft Windows [Version 10.0.19042.630]
(c) 2020 Microsoft Corporation. All rights reserved.
C:\WINDOWS\system32>xcopy /s /i "./deps/WebKitLibraries/" "./deps/WebCore/deps/WebKitLibraries/"
File not found - ./deps/WebKitLibraries/
0 File(s) copied
C:\WINDOWS\system32>
When I run it in powershell it fails
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
Try the new cross-platform PowerShell https://aka.ms/pscore6
PS C:\Users\Jonathan> xcopy /s /i "./deps/WebKitLibraries/" "./deps/WebCore/deps/WebKitLibraries/"
Invalid number of parameters
PS C:\Users\Jonathan>
I don't see any issues with the syntax. Any ideas?
Use backslash \ instead of forward slash /. It will work. Don't know why it prints Invalid number of parameters.
xcopy /s /i ".\deps\WebKitLibraries\" ".\deps\WebCore\deps\WebKitLibraries\"
I am writing a batch script to use USMT to update computers from XP to 7. Because USMT has a scanstate component that needs to be run before the OS upgrade and a loadstate computer that has to be run after the OS upgrade I am trying to use an if statement to check what the operating system is and then run the proper commands. I am new to batch files but from everything I have been reading it seems like I am writing it properly but I am obviously messing up somewhere. I am getting a "Windows is unexpected at this time error." I also know that the variables are being set properly because of the pause commands that I included. I also tried using IF %WINVERSION% == %XP% goto XPTRUE/WIN7TRUE and enclosing everything within the brackets under a :XPTRUE/WIN7TRUE but that gives the same error.
::Don't have commands print...only outputs are printed
#echo off
:: Set constants
SET XP=Microsoft Windows XP [Version 5.1.2600]
SET WIN7=Microsoft Windows [Version 6.1.7601]
SET XPUSMTLOCATION=C:\Program Files\USMT\Binaries\v4\x86
SET 7USMTLOCATION=C:\Program Files (x86)\USMT\Binaries\v4\amd64
SET BACKUPLOACTION=\\[SERVER IP]\z$\UserAccountBackUps\Backups
SET LOCALBACKUPLOCATION=C:\Backup\USMT
SET NASBACKUPLOCATION=S:\UserAccountBackUps\Backups
#PAUSE
::Get the current version of Windows batch file is running on and store it in WINVERSION
FOR /f "delims=" %%A IN ('ver') DO #SET WINVERSION=%%A
echo %WINVERSION%
PAUSE
::Get the MAC address of the computer and store it in MACA
FOR /F %%A IN ('getmac') DO #SET MACA=%%A
echo The MAC Address is: %MACA%
:: Tell user about script
echo This is a script designed to migrate computers with one network card from Windows XP to Windows 7 using USMT, this script should not be used with computers that have multiple network cards
echo Xp is %XP%
echo 7 is %WIN7%
::Check to see if the current version is XP
PAUSE
IF %WINVERSION% == %XP% (
echo This is windows XP
::Change directory to the location of USMT files
cd %XPUSMTLOCATION%
::Run scanstate to create backup
scanstate.exe C:\Backup /i:"\\[SERVER IP]\z$\UserAccountBackUps\USMT_XML_Files\MigApp.xml" /i:"\\[SERVER IP]\z$\UserAccountBackUps\USMT_XML_Files\MigDocs.xml" /i:"\\[SERVER IP]\z$\UserAccountBackUps\USMT_XML_Files\MigUser.xml" /o /v:2
::Change directory to the location of where the USMT backup is
cd %LOCALBACKUPLOCATION%
::Rename the backup to the MAC Address
rename USMT.MIG %MACA%.MIG
::Map the NAS to a drive because xcopy can not take IP addresses
echo Mapping NAS to drive
::NAS is mapped to drive S, if S is used for something else change s below to different letter
net use s: \\[SERVER IP]\z$
echo Prepairing to copy backup to NAS
::Use xcopy to transfer backup file the /v ensures the files are identical
::This must be done this way because if USMT tries to backup directly to the NAS it tries to overwrite all existing files
xcopy %LOCALBACKUPLOCATION%\%MACA%.MIG %NASBACKUPLOCATION% /v
echo The copy has completed, run this batch file again after OS Upgrade
)
IF %WINVERSION% == %WIN7% (
echo This is Windows 7
PAUSE
)
When I run this on my Windows 7 computer I get this:
I get the same output on my XP computer except it tells me the current version is xp instead. Help would be greatly appreciated.
The line below:
FOR /f "delims=" %%A IN ('ver') DO #SET WINVERSION=%%A
stores in WINVERSION variable a string that contain several words separated by spaces, for example:
SET WINVERSION=Microsoft Windows [Version 6.2.9200]
This way, the line below:
IF %WINVERSION% == %XP% (
is expanded to:
IF Microsoft Windows [Version 6.2.9200] == Microsoft Windows XP [Version 5.1.2600] (
that, of course, cause a syntax error! Type: IF /? for further details.
The way to compare two strings that may contains spaces, is enclosing they in quotes:
IF "%WINVERSION%" == "%XP%" (
I need a way to find out what version of windows I'm running in using simple command line tools (no powershell). I need it to work from a non-privileged user, and I need to be able to parse out the difference between Windows XP, Vista, server 2008, and 7. I'm currently using:
wmic os get Caption but that fails when the user doesn't have permissions to run wmic.
Update:
To clarify, I need this command to not break with different service pack levels, etc. which probably rules out parsing a specific version number. Also if you look at this list of windows versions, you'll see that the numbers reported on Windows 7 and server 2008 r2 are the same.
I solved this problem by parsing the output of:
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion" /v "ProductName"
systeminfo command shows everything about the os version including service pack number and the edition you are using.
C:\>systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
OS Name: Microsoft Windows 7 Enterprise
OS Version: 6.1.7601 Service Pack 1 Build 7601
Reference: Find Windows version from command prompt
You can use ver. I'm on a school computer with a non-privileged command prompt, and it gives me Microsft Windows [Version 6.1.7601]. I'm sure you'd be able to sort out Vista and XP from the number you get.
cmd displays the Windows version when started:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Joey>_
This is also a similar line as the one ver spits out, indeed.
One option then might be
echo exit|cmd|findstr Windows
another
cmd /c ver
depending on whether you have a pipeline or not.
if not CMDEXTVERSION 2 (
echo Error: This batch requires Command Extensions version 2 or higher
exit /b 1
)
FOR /F "usebackq tokens=4 delims=] " %%I IN (`ver`) DO for /F "tokens=1,2 delims=." %%J IN ("%%I") do set WindowsVersion=%%J.%%K
if "%WindowsVersion%" LSS "6.1" (
echo Error: This batch requires Windows 7 SP1 or higher
exit /b 1
)
You can get the SysInternals and install onto your C:\ directory. After that you can then go to a command prompt and use the command PSINFO.
It is great because it lets me query any PC on the network (that I have access to). At the command prompt you type: PSINFO \exactnameofcomputer
(PSINFO whack whack exactnameofcomputer)
Then hit enter. It will take a moment or two to report back, depending on where that computer is located at.
I readed on a forum that the "Next Desktop Background" command in Windows Aero Slideshow feature calls the stobject.dll file. So I runned the dumpbin to check wheter I could se an exported method to call:
Microsoft Visual Studio 9.0\VC\bin\dumpbin.exe /EXPORTS
Windows\System32\stobject.dll
Microsoft (R) COFF/PE Dumper Version 9.00.30729.01
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file C:\Windows\System32\stobject.dll
File Type: DLL
Section contains the following exports for stobject.dll
00000000 characteristics
49EE914D time date stamp Wed Apr 22 00:38:53 2009
0.00 version
1 ordinal base
2 number of functions
2 number of names
ordinal hint RVA name
1 0 00001A28 DllCanUnloadNow
2 1 000059A9 DllGetClassObject
Summary
1000 .data
2000 .reloc
1A000 .rsrc
1A000 .text
I guess if I P/Invoke one of those methods it won't work. What do I do?
those two exports are standard COM exports, you would have to figure out which COM interface to use and call them in the normal COM way (If you have Visual Studio, you could run the OLE/COM Object Viewer on the dll and look at its type library if it has one)
I've had similar problem. The difference is I wanted to delete current wallpaper file and enforce slideshow to go on. I figured out that on the wallpaper change the HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\WallpaperSource registry key. So, I tried to delete the file it's pointing on. And... In about ten seconds the wallpaper was changed! Looks like this enforced the slideshow to go on.
So, here's a batch file to do the trick. It gets current wallpaper file value from registry, renames it with temporary name, waits for 10 seconds and renames it back to original.
#echo off
set WallpaperFilePath=
For /F "UseBackQ Tokens=2*" %%I In (`Reg Query "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperSource`) Do set WallpaperFilePath=%%J
if "%WallpaperFilePath%" equ "" goto :eof
For %%i In ("%WallpaperFilePath%") Do set WallpaperFileName=%%~nxi
set WallpaperFileNameTmp=__%WallpaperFileName%__
echo "%WallpaperFilePath%" "%WallpaperFileName%" "%WallpaperFileNameTmp%"
ren "%WallpaperFilePath%" "%WallpaperFileNameTmp%"
ping -n 10 localhost > Nul
For %%i In ("%WallpaperFilePath%") Do ren "%%~dpi%WallpaperFileNameTmp%" "%WallpaperFileName%"
Try to increase the time interval if nothing happens.