full path of the process running on a windows - windows

Is there any command in windows which can give full path of the process running
tasklist does not give full paths. I do not want to use task manager

The tlist tool is not distributed with the Windows Resource Kit anymore (it's been superseded by tasklist), but is able to list the full path of each process.
You can fetch a copy from the download center.

Now can do it using powershell:
PS C:\> gwmi win32_process | select CommandLine | select-string -pattern "process-name"

Related

check if process is running with only Path provided

I want to check in Powershell if a process is running with only providing the process's path.
As example, the path to the .exe is "C:\Users\Administrator\Desktop\1\hello.exe".
However, there are also multiple .exe's with the same name, just in a different path:
"C:\Users\Administrator\Desktop\1\hello.exe"
"C:\Users\Administrator\Desktop\2\hello.exe"
"C:\Users\Administrator\Desktop\3\hello.exe"
So I can not just do Get-Process "hello".
How can I find out if a process is running by providing a Path, instead of a process name? It also should return the PID of the specific process.
Get-Process sadly does not even shows you the path to the process.
You can filter by Path and select Id:
Get-Process | Where-Object {$_.Path -EQ "C:\Users\Administrator\Desktop\1\hello.exe"} | Select-Object Id
By the way:
Get-Process sadly does not even shows you the path to the process.
It does, if you ask it to (it returns an object like all those commands do, and it has a default selection of properties to list but that doesn't mean you can't access the remaining properties by specifically selecting them):
Get-Process explorer | Select-Object Path
(or use Select-Object * to see all available properties)
It appears you haven't yet understood how PowerShell objects work, so I'd recommend you to check out some tutorials about this topic, for instance this article about selecting and filtering and this one that goes more into detail about the filtering options.

Uninstalling Systrack from CMD

So I'm trying to remotely uninstall the application SysTrack using:
wmic product where "description='Systems Management Agent' " uninstall
but for some reason it can't find the product. Doing a
product get name
from the wmic:root console, I don't see it listed. I'm wondering why the wmic can't get all the list of installed programs? It shows up on programs and features list, but now when I run that wmi command. I am a domain admin so the credentials should be a problem (the folder in the Program Files(x86) folder for SysTrack does have a lock on it though, but I can access)
Side note: I really wish there was a way to remotely just view that programs and features menu. Would be incredibly handy for the tasks I've been doing lately.
try;
wmic product where "name like 'Systems Management Agent'" call uninstall /nointeractive
it should work.
Try this in powershell ise. It will take a list of hostnames from a text file and uninstall the application. Edit the path for your local directory and text file name.
This script is 2 lines. Everything before $app.Uninstall() is on one line and then $app.Uninstall() is the 2nd line.
$app = Get-WmiObject -Class Win32_Product -ComputerName (Get-Content -Path "C:\Users\MYUSERNAME\Documents\PowerShell\servers.txt") | Where-Object {$_.Name -match “Systems Management Agent”}
$app.Uninstall()

Windows Powershell command line equivalent of dd

I am writing a Powershell script to make a raw copy of a drive and I have been unable to find a way to complete this.
On Linux, I would use 'dd' to perform this copy.
There are a handful of tools that can do this on Windows but none that I can control directly from the command line. (All have GUI interfaces)
Is there a method to make a physical copy of a drive through Powershell?
Thanks.
I've been trying to do this for a while myself and I finally found a good answer.
Git for windows ships with the whole set of GNU core utilities (updated vs what you can find separately) including dd!
Just install Git for Windows or extract the portable version, from there inside of the install directory in git\usr\bin\ you will find the binaries for all of the GNU utils including dd (tested working)
Some further notes on usage in windows since \dev\sda\ isn't a thing:
$DiskDrives = Gwmi Win32_diskdrive | select DeviceID,BytesPerSector,Index,Caption,InterfaceType,Size,TotalSectors,SerialNumber | Out-GridView -OutputMode Multiple -Title 'Select Source Drive(s)'
$BaseOutputPath = 'D:\'
$DiskDrives | %{
. ('C:\Program Files\Git\usr\bin\dd.exe if={0} of={1} bs={2}' -f $_.DeviceID,(-join($BaseOutputPath,(-
join($Env:ComputerName,$_.Index)),'.img')),$_.BytesPerSector)
}
The included filename logic is just a placeholder, you can replace that parenthetical with a call to Read-Host if you want it to prompt you for the filename/path.
It is a bit annoying but you really do have to use WMI as the values returned by Get-Disk don't seem to work.
You might already know that cygwin on Windows supports some Linux commands including dd. I have used it on several occasions to copy disks and load ISOs to USB and it works perfectly.
Windows 10 comes with linux now. Windows Subsystem for Linux. You can enable it as a feature. You can even get WSL 2 with the real kernel in 1903 & 1909: https://devblogs.microsoft.com/commandline/whats-new-in-the-windows-subsystem-for-linux-september-2020/
Get-CimInstance -ClassName Win32_DiskDrive | Format-List -Property DeviceID,BytesPerSector,Index,Caption,InterfaceType,Size,TotalSectors,SerialNumber
Following up #Chirishman answer, for Powershell 7.2, The Gwmi may missing from the powershell.
The alternative command to get the DeviceId and other info is available as above.
Then you can use dd if={DeviceId} of=<target_file>.

Script for locating "Service" locations in Windows

I am trying to write a script in windows command prompt (windows 8), to find out the directory location of services running. For example
net start // gives all the running services. I want to know the location of those services
Help required!
The following command is using PowerShell in order to display what you want:
powershell.exe -noexit "Get-WmiObject win32_service | select Name, DisplayName, State, PathName"
Just copy and paste it into a "cmd" window.
It will display you the service name, the display name, the state and the path to the executable.

How can I write the pipe command Linux in Windows batch?

How can I write the | (Linux) command in a Windows cmd (batch file)?
I don't know how to write this little Linux script in Windows:
find -r * |grep *.fd | open
In Windows:
dir /S ??? open
I don't really know what open does. If it simply starts an associated application with the respective file, then the following should do it:
for /r %f in (*.fd) do (start "" "%f")
In PowerShell you can do the same with:
Get-ChildItem -Recurse -Filter *.fd | Invoke-Item
or shorter:
gci -rec -fi *.fd | ii
The regular command shell in windows is lacking in power and features. However, Windows Power Shell has the ability to run a lot of ninja commands similar to *nix shells.
You can get more information about power shell on MSDN - http://msdn.microsoft.com/en-us/library/aa973757%28v=vs.85%29.aspx
Here is an example I googled from Powershell help itself:
-------------------------- EXAMPLE 4 --------------------------
C:\PS>get-childitem
c:\windows\system32* -include *.txt
-recurse | select-string -pattern "Microsoft" -casesensitive
This command examines all files in the
subdirectories of C:\Windows\System32
with the .txt file extension, for the
string "Microsoft". The CaseSensitive
parameter indicates that the 'M' in
'Microsoft' must be capitalized and
the rest of the characters must be
lowercase for a match to occur.

Resources