Windows Command Line Windows 命令行
目录
Task1 Introduction 引言
图片版
文字版
Everyone prefers a graphical user interface (GUI) until they master a command-line interface (CLI). There are many reasons for that. One reason is that GUIs are usually intuitive. If someone offers you a GUI interface you are unfamiliar with, you can quickly poke around and discover a non-trivial part. Compare this with dealing with a CLI, i.e., a prompt.
每个人都喜欢使用图形用户界面 (GUI), 直到他们掌握了命令行界面 (CLI)。这有很多原因。其中一个原因是 GUI 通常是直观的。如果有人给你一个你不熟悉的 GUI 界面,你可以快速浏览并发现一些不寻常的部分。将这与处理 CLI (即提示符) 进行比较。
CLI interfaces usually have a learning curve; however, as you master the command line, you will find it faster and more efficient. Consider this trivial example: How many clicks do you need to find your IP address using the graphical desktop? Using the command-line interface, you don’t even need to raise your hands off the keyboard. Let’s say you want to recheck your IP address. You need to issue the same command instead of moving the mouse pointer to every corner of your screen.
CLI 接口通常有一个学习曲线;然而,随着你掌握命令行,你会发现它变得更快、更高效。考虑一个简单的例子:使用图形化桌面时,你需要多少次点击才能找到你的 IP 地址?使用命令行界面,你甚至不需要从键盘上抬起手。假设你想重新检查你的 IP 地址。你需要发出相同的命令,而不是将鼠标指针移动到屏幕的每个角落。
There are many other advantages to using a CLI besides speed and efficiency. We will mention a few:
除了速度和效率之外,使用 CLI 还有许多其他优势。我们将提到以下几点:
- Lower resource usage: CLIs require fewer system resources than graphics-intensive GUIs. In other words, you can run your CLI system on older hardware or systems with limited memory. If you are using cloud computing, your system will require lower resources, which in turn will lower your bill.
更低的资源使用率:CLI 需要的系统资源比图形密集型 GUI 更少。换句话说,你可以在较旧的硬件或内存有限的系统上运行你的 CLI 系统。如果你使用的是云计算,你的系统将需要更少的资源,这反过来会降低你的账单。 - Automation: While you can automate GUI tasks, creating a batch file or script with the commands you need to repeat is much easier.
自动化:虽然你可以自动执行 GUI 任务,但创建一个批处理文件或脚本,其中包含你需要重复的命令,这要容易得多。 - Remote management: CLI makes it very convenient to use SSH to manage a remote system such as a server, router, or an IoT device. This approach works well on slow network speeds and systems with limited resources.
远程管理:CLI 使得使用 SSH 管理远程系统 (如服务器、路由器或物联网设备) 变得非常方便。这种方法在网速缓慢和资源有限的系统中效果很好。
Learning Objectives学习目标
The purpose of this room is to teach you how to use MS Windows Command Prompt cmd.exe, the default command-line interpreter in the Windows environment. We will learn how to use the command line to:
这个房间的目的是教你如何使用 MS Windows 命令提示符 cmd.exe, 它是 Windows 环境中的默认命令行解释器。我们将学习如何使用命令行:
- Display basic system information显示基本系统信息
- Check and troubleshoot network configuration检查和故障排除网络配置
- Manage files and folders管理文件和文件夹
- Check running processes检查运行进程
Room Prerequisites房间必备条件
Before starting this room, you should have finished the Windows andADFundamentals module.
在启动这个房间之前,您应该已经完成了 Windows 和 AD 基础模块。
Press the Start Machine button below.
点击下面的 “Start Machine” 按钮。
Start Machine启动机器
Start the AttackBox by pressing the
通过按下Start AttackBox开始攻击 Box button at the top of this page. The AttackBox machine will start in Split-Screen view. If it is not visible, use the blue
该页顶部的按钮。AttackBox 机器将在分屏视图中启动。如果它不可见,请使用蓝色Show Split View显示分屏视图 button at the top of the page.
页面顶部的按钮。
You can use the SSH client on the AttackBox to connect to MACHINE_IP with the following credentials:
您可以使用 AttackBox 上的 SSH 客户端通过以下凭据连接到 MACHINE_IP:
- Username:
user用户名:用户 - Password:
Tryhackme123!密码:Tryhackme123!
Establishing an SSH Connection from the AttackBox
从 AttackBox 建立 SSH 连接
If this is the first time you initiate an SSH connection from the AttackBox to a target system, the steps are shown in the screenshot below, and they are the following:
如果这是您首次从 AttackBox 启动到目标系统的 SSH 连接,步骤如下图所示,具体如下:
- Start the AttackBox’s terminal by clicking the terminal icon marked with 1.
通过单击标记为 1 的终端图标来启动 AttackBox 的终端。 - To connect to the target VM, issue the command
ssh user@MACHINE_IPasuseris the username in this case.
要连接到目标虚拟机,请发出命令 ssh user@MACHINE_IP, 在本例中 user 是用户名。 - Because this is your first time connecting to this target VM, you will be asked to trust this connection. Answer with yes as marked with 3.
因为这是你第一次连接到这个目标虚拟机,所以系统会要求你信任这次连接。请用标记为 3 的 “是” 来回答。 - Enter your password
Tryhackme123!. Please note that the password will not appear as you type it.
输入您的密码 Tryhackme123! 请注意,当您输入密码时,密码不会显示。
Task2 Basic System Information 基本系统信息
图片版
文字版
Before issuing commands, we should note that we can only issue the commands within the Windows Path. You can issue the command set to check your path from the command line. The terminal output below shows the path where MS Windows will execute commands, as indicated by the line starting with Path=.
在发出命令之前,我们应该注意,我们只能在 Windows Path 中发出命令。您可以发出命令集来检查命令行中的路径。下面的终端输出显示了 MS Windows 将执行命令的路径,如以 Path = 开头的行所示。
Terminal终端
C:\>set
ALLUSERSPROFILE=C:\ProgramData
[...]
LOGNAME=strategos
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;C:\Users\strategos\AppData\Local\Microsoft\WindowsApps;
[...]Let’s use the ver command to determine the operating system (OS) version. The terminal below shows an example output.
让我们使用 ver 命令来确定操作系统 (OS) 版本。下面的终端显示了一个示例输出。
Terminal终端
C:\>ver
Microsoft Windows [Version 10.0.17763.1821]Enough warming up. Let’s discover more in-depth information about the system. We can run the systeminfo command to list various information about the system such as OS information, system details, processor and memory. The terminal below shows a snippet of the displayed output.
热身够了。让我们发现更多关于系统的深入信息。我们可以运行 systeminfo 命令列出系统的各种信息,如操作系统信息、系统详细信息、处理器和内存。下面的终端显示了显示的输出片段。
Terminal终端
C:\>systeminfoHost Name: WIN-SRV-2019
OS Name: Microsoft Windows Server 2019 Datacenter
OS Version: 10.0.17763 N/A Build 17763
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Server
OS Build Type: Multiprocessor Free
[...]Before moving on, it is good to mention a couple of tricks.
在继续之前,最好提到几个技巧。
First, you can pipe it through more if the output is too long. Then, you can view it page after page by pressing the space bar button. To demonstrate this, try running driverquery and compare it with running driverquery | more. In the latter, you can display the output page by page and you can exit it using CTRL + C.
首先,如果输出太长,可以将其传递到更多页面。然后,可以通过按空格键逐页查看。为了演示这一点,请尝试运行 driver query 并将其与运行 driver query | more 进行比较。在后者中,可以逐页显示输出页面,并可以使用 CTRL + C 退出。
help- Provides help information for a specific command
帮助 - 为特定命令提供帮助信息cls- Clears the Command Prompt screen.
Cls - 清除命令提示符屏幕。
问题
答案
第一题
第二题
Task3 Network Troubleshooting 网络故障排除
图片版
文字版
Most of us are used to looking up MS Windows network configuration from the GUI interface. The command-line interface provides many networking-related commands to look up your current configuration, check ongoing connections, and troubleshoot networking issues.
我们大多数人习惯于通过 GUI 界面查看 MS Windows 网络配置。命令行界面提供了许多与网络相关的命令,用于查看当前配置、检查正在进行的连接以及排除网络故障。
Network Configuration网络配置
You can check your network information using ipconfig. The terminal output below shows our IP address, subnet mask, and default gateway.
您可以使用 ipconfig 检查您的网络信息。下面的终端输出显示了我们的 IP 地址、子网掩码和默认网关。
Terminal终端
C:\>ipconfigWindows IP ConfigurationEthernet adapter Ethernet:Connection-specific DNS Suffix . : eu-west-1.compute.internalLink-local IPv6 Address . . . . . : fe80::90df:4861:ba40:f2a8%4IPv4 Address. . . . . . . . . . . : 10.10.230.237Subnet Mask . . . . . . . . . . . : 255.255.0.0Default Gateway . . . . . . . . . : 10.10.0.1You can also use ipconfig /all for more information about your network configuration. As shown in the terminal below, we can view our DNS servers and confirm that DHCP is enabled.
您也可以使用 ipconfig /all 获取更多关于网络配置的信息。如下面的终端所示,我们可以查看我们的 DNS 服务器并确认 DHCP 是否已启用。
Terminal终端
C:\>ipconfig /allEthernet adapter Ethernet 3:Connection-specific DNS Suffix . : eu-west-1.compute.internalDescription . . . . . . . . . . . : Amazon Elastic Network AdapterPhysical Address. . . . . . . . . : 02-B7-DF-1D-0D-99DHCP Enabled. . . . . . . . . . . : YesAutoconfiguration Enabled . . . . : YesLink-local IPv6 Address . . . . . : fe80::90df:4861:ba40:f2a8%4(Preferred) IPv4 Address. . . . . . . . . . . : 10.10.230.237(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.0.0Lease Obtained. . . . . . . . . . : Wednesday, May 1, 2024 2:38:05 PMLease Expires . . . . . . . . . . : Wednesday, May 1, 2024 4:08:07 PMDefault Gateway . . . . . . . . . : 10.10.0.1DHCP Server . . . . . . . . . . . : 10.10.0.1DHCPv6 IAID . . . . . . . . . . . : 134353458DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-27-E3-D1-2B-0E-F8-30-D0-72-3FDNS Servers . . . . . . . . . . . : 10.0.0.2NetBIOS over Tcpip. . . . . . . . : EnabledNetwork Troubleshooting网络故障排除
One common troubleshooting task is checking if the server can access a particular server on the Internet. The command syntax is ping target_name. Inspired by ping-pong, we send a specific ICMP packet and listen for a response. If a response is received, we know that we can reach the target and that the target can reach us.
一个常见的故障排除任务是检查服务器是否可以访问互联网上的特定服务器。命令语法为 ping target_name。受 ping-pong 的启发,我们发送一个特定的 ICMP 数据包并监听响应。如果收到响应,我们就知道我们可以到达目标,目标也可以到达我们。
Let’s find out if we reach example.com. In the terminal output below, we can see that we have successfully received four replies. Furthermore, we got some statistics; for instance, the average round trip time is 78 milliseconds.
让我们看看是否能访问 example.com。在下面的终端输出中,我们可以看到已成功收到四条回复。此外,我们还得到了一些统计数据;例如,平均往返时间为 78 毫秒。
Terminal终端
C:\>ping example.comPinging example.com [93.184.215.14] with 32 bytes of data:
Reply from 93.184.215.14: bytes=32 time=78ms TTL=52
Reply from 93.184.215.14: bytes=32 time=78ms TTL=52
Reply from 93.184.215.14: bytes=32 time=78ms TTL=52
Reply from 93.184.215.14: bytes=32 time=78ms TTL=52Ping statistics for 93.184.215.14:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:Minimum = 78ms, Maximum = 78ms, Average = 78msAnother valuable tool for troubleshooting is tracert, which stands for trace route. The command tracert target_name traces the network route traversed to reach the target. Without getting into more details, it expects the routers on the path to notify us if they drop a packet because its time-to-live (TTL) has reached zero. The terminal output below shows that we passed through 15 routers before reaching our target.
另一个有价值的故障排除工具是 tracert, 它代表跟踪路由。命令 tracert target_name 跟踪到达目标所经过的网络路由。不需要更多细节,它希望路径上的路由器在丢弃数据包时通知我们,因为数据包的生存时间 (TTL) 已经达到零。下面的终端输出显示,在到达目标之前,我们经过了 15 台路由器。
Terminal终端
C:\>tracert example.comTracing route to example.com [93.184.215.14]
over a maximum of 30 hops:1 59 ms 32 ms 42 ms ec2-3-248-240-3.eu-west-1.compute.amazonaws.com [3.248.240.3]2 * * * Request timed out.3 * * * Request timed out.4 * * * Request timed out.5 * * * Request timed out.6 * * * Request timed out.7 * * * Request timed out.8 * * * Request timed out.9 <1 ms 13 ms <1 ms 100.100.2.5610 15 ms 11 ms 11 ms ae-42.a03.londen12.uk.bb.gin.ntt.net [131.103.117.104]11 17 ms 11 ms 12 ms ae-14.r20.londen12.uk.bb.gin.ntt.net [129.250.3.248]12 81 ms 80 ms 80 ms ae-7.r20.nwrknj03.us.bb.gin.ntt.net [129.250.6.147]13 83 ms 83 ms 86 ms ae-0.a02.nycmny17.us.bb.gin.ntt.net [129.250.3.9]14 79 ms 79 ms 96 ms ce-0-3-0.a02.nycmny17.us.ce.gin.ntt.net [128.241.1.14]15 81 ms 86 ms 79 ms ae-67.core1.nyd.edgecastcdn.net [152.195.68.135]16 78 ms 78 ms 78 ms 93.184.215.14Trace complete.More Networking Commands更多网络命令
One networking command worth knowing is nslookup. It looks up a host or domain and returns its IP address. The syntax nslookup example.com will look up example.com using the default name server; however, nslookup example.com 1.1.1.1 will use the name server one.one.one.one. The terminal below shows the output of both commands. The results are identical; however, you can see that the answers were retrieved from different name servers.
一个值得了解的网络命令是 nslookup。它查找主机或域并返回其 IP 地址。语法 nslookup example.com 将使用默认名称服务器查找 example.com; 然而,nslookup example.com 1.1.1.1 将使用名称服务器 one.one.one.one。下面的终端显示了这两个命令的输出。结果是相同的;然而,你可以看到答案是从不同的名称服务器中获取的。
Terminal终端
C:\>nslookup example.com
Server: ip-10-0-0-2.eu-west-1.compute.internal
Address: 10.0.0.2Non-authoritative answer:
Name: example.com
Addresses: 2606:2800:21f:cb07:6820:80da:af6b:8b2c93.184.215.14C:>nslookup example.com 1.1.1.1
Server: one.one.one.one
Address: 1.1.1.1Non-authoritative answer:
Name: example.com
Addresses: 2606:2800:21f:cb07:6820:80da:af6b:8b2c93.184.215.14The final networking command we will cover in this room is netstat. This command displays current network connections and listening ports. A basic netstat command with no arguments will show you established connections, as shown below. In this case, we only have one SSH connection; we figured out it is SSH because it is bound to port 22.
我们将在这个房间中介绍的最后一个网络命令是 netstat。这个命令显示当前的网络连接和侦听端口。一个没有参数的基本 netstat 命令将显示已建立的连接,如下所示。在这种情况下,我们只有一个 SSH 连接;我们之所以知道它是 SSH 连接,是因为它绑定到端口 22。
Terminal终端
C:\>netstatActive ConnectionsProto Local Address Foreign Address StateTCP 10.10.230.237:22 ip-10-11-81-126:53486 ESTABLISHEDIf you are curious about the other options, you can run netstat -h, where -h displays the help page. We opted for the following options:
如果你对其他选项感到好奇,可以运行 netstat -h, 其中 - h 显示帮助页面。我们选择了以下选项:
-adisplays all established connections and listening ports
-a 显示所有已建立的连接和侦听端口-bshows the program associated with each listening port and established connection
-b 显示与每个侦听端口和已建立连接相关的程序-oreveals the process ID (PID) associated with the connection
-o 显示与连接相关的进程 ID (PID)-nuses a numerical form for addresses and port numbers
-n 使用数值形式表示地址和端口号
We combine these four options and execute the netstat -abon command. The result is quite long, but we display the first few lines in the terminal below. It is clear now that the executable sshd.exe is responsible for listening for incoming connections on port 22, as shown in the first line. We can also see the process ID (PID) associated with each connection.
我们结合这四个选项并执行 netstat -abon 命令。结果相当长,但我们在下面的终端中显示了前几行。现在很清楚,可执行 sshd.exe 负责监听端口 22 上的传入连接,如第一行所示。我们还可以看到与每个连接关联的进程 ID (PID)。
Terminal终端
C:\>netstat -abonActive ConnectionsProto Local Address Foreign Address State PID TCP 0.0.0.0:22 0.0.0.0:0 LISTENING 2116[sshd.exe]TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 820RpcSs [svchost.exe]
[...]TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING 2036[spoolsv.exe]TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING 584 Can not obtain ownership informationTCP 0.0.0.0:49686 0.0.0.0:0 LISTENING 592[lsass.exe]TCP 10.10.230.237:22 10.11.81.126:53486 ESTABLISHED 2116 [sshd.exe][...]问题
答案
Task4
图片版
文字版
You have learned to look up basic system information and check the network configuration. Now, let’s discover how to browse the directories and move files around.
你已经学会了查找基本的系统信息和检查网络配置。现在,让我们来了解如何浏览目录和移动文件。
Working With Directories使用目录
You can use cd without parameters to display the current drive and directory. It is the equivalent of asking the system, where am I?
你可以使用无参数的 cd 来显示当前驱动器和目录。这相当于询问系统,我在哪里?
You can view the child directories using dir.
可以使用 dir 查看子目录。
Terminal终端
C:\Users\strategos>cd
C:\Users\strategosC:\Users\strategos>dir Volume in drive C has no label. Volume Serial Number is A8A4-C362Directory of C:\Users\strategos05/01/2024 02:40 PM <DIR> .
05/01/2024 02:40 PM <DIR> ..
11/14/2018 06:56 AM <DIR> Desktop
05/01/2024 02:40 PM <DIR> Documents
09/15/2018 07:19 AM <DIR> Downloads
09/15/2018 07:19 AM <DIR> Favorites
09/15/2018 07:19 AM <DIR> Links
09/15/2018 07:19 AM <DIR> Music
09/15/2018 07:19 AM <DIR> Pictures
09/15/2018 07:19 AM <DIR> Saved Games
09/15/2018 07:19 AM <DIR> Videos0 File(s) 0 bytes11 Dir(s) 14,984,953,856 bytes freeNote that you can use the following options with dir:
请注意,您可以使用 dir 使用以下选项:
dir /a- Displays hidden and system files as well.
Dir /a - 同时显示隐藏和系统文件。dir /s- Displays files in the current directory and all subdirectories.
Dir /s - 显示工作目录和所有子目录中的文件。
You can type tree to visually represent the child directories and subdirectories.
您可以输入 tree 来直观地表示子目录和子目录。
Terminal终端
C:\Users\strategos>tree
Folder PATH listing
Volume serial number is A8A4-C362
C:.
├───Desktop
├───Documents
├───Downloads
├───Favorites
├───Links
├───Music
├───Pictures
├───Saved Games
└───VideosYou can change to any directory by using the command cd target_directory; this is equivalent to double-clicking the target_directory on your desktop. Furthermore, you can use cd .. to go up one level. An example is shown in the terminal output below.
你可以使用 cd target_directory 命令切换到任何目录;这相当于双击桌面上的 target_directory。此外,你还可以使用 cd... 来提升一个级别。下面的终端输出中显示了一个示例。
Terminal终端
C:\>cd
C:\C:\>cd UsersC:\Users>cd
C:\Users C:\Users>cd .. C:\>cd
C:\To create a directory, use mkdir directory_name; mkdir stands for make directory. To delete a directory, use rmdir directory_name; rmdir stands for remove directory. The terminal output below shows creating and deleting a directory.
要创建目录,请使用 mkdir directory_name;mkdir 代表 make directory。要删除目录,请使用 rmdir directory_name;rmdir 代表 remove directory。下面的终端输出显示了创建和删除目录的过程。
Terminal终端
C:\example>mkdir backup_filesstrategos@WIN-SRV-2019 C:\example>dirDirectory of C:\example05/02/2024 07:36 AM <DIR> .
05/02/2024 07:36 AM <DIR> ..
05/02/2024 07:36 AM <DIR> backup_files0 File(s) 0 bytes3 Dir(s) 14,984,724,480 bytes freeC:\example>rmdir backup_filesC:\example>dir Directory of C:\example05/02/2024 07:36 AM <DIR> .
05/02/2024 07:36 AM <DIR> ..0 File(s) 0 bytes2 Dir(s) 14,984,724,480 bytes freeWorking With Files使用文件
You are working with the command line. You are curious about the contents of a particular text file. You can easily view text files with the command type. This command will dump the contents of the text file on the screen; this is convenient for files that fit within your terminal window. You might want to consider more for longer text files. This command will display enough text file contents to fill your terminal window. In other words, for long text files, more will display a single page and wait for you to press Spacebar to move by one page (flip the page) or Enter to move by one line.
你正在使用命令行。你对某个特定文本文件的内容感到好奇。你可以使用命令类型轻松查看文本文件。这个命令将文本文件的内容输出到屏幕上;这对于适合终端窗口的文件来说很方便。对于较长的文本文件,你可能需要考虑更多内容。这个命令将显示足够多的文本文件内容来填充你的终端窗口。换句话说,对于较长的文本文件,更多内容将显示单个页面,并等待你按空格键移动一页 (翻页) 或 Enter 键移动一行。
The copy command allows you to copy files from one location to another. The following terminal output provides an example.
Copy 命令允许您将文件从一个位置复制到另一个位置。以下终端输出提供了一个示例。
Terminal终端
C:\example>dirDirectory of C:\example05/02/2024 08:12 AM <DIR> .
05/02/2024 08:12 AM <DIR> ..
05/02/2024 07:57 AM 17 test.txt1 File(s) 17 bytes2 Dir(s) 14,983,409,664 bytes freeC:\example>copy test.txt test2.txt1 file(s) copied.C:\example>dirDirectory of C:\example05/02/2024 08:12 AM <DIR> .
05/02/2024 08:12 AM <DIR> ..
05/02/2024 07:57 AM 17 test.txt
05/02/2024 07:57 AM 17 test2.txt2 File(s) 34 bytes2 Dir(s) 14,983,409,664 bytes freeSimilarly, you can move files using the move command. An example is shown in the terminal output below.
同样,您可以使用 move 命令移动文件。下面的终端输出中显示了一个示例。
Terminal终端
C:\example>dirDirectory of C:\example05/02/2024 08:12 AM <DIR> .
05/02/2024 08:12 AM <DIR> ..
05/02/2024 07:57 AM 17 test.txt
05/02/2024 07:57 AM 17 test2.txt2 File(s) 34 bytes2 Dir(s) 14,983,409,664 bytes freeC:\example>move test2.txt .. 1 file(s) moved. C:\example>dir Directory of C:\example05/02/2024 08:13 AM <DIR> .
05/02/2024 08:13 AM <DIR> ..
05/02/2024 07:57 AM 17 test.txt1 File(s) 17 bytes2 Dir(s) 14,983,409,664 bytes freeFinally, we can delete a file using del or erase.
最后,我们可以使用 del 或 erase 删除文件。
Terminal终端
C:\example>dirDirectory of C:\example05/02/2024 08:16 AM <DIR> .
05/02/2024 08:16 AM <DIR> ..
05/02/2024 07:57 AM 17 test.txt
05/02/2024 07:57 AM 17 test2.txt2 File(s) 34 bytes2 Dir(s) 14,983,409,664 bytes freeC:\example>erase test2.txtC:\example>dir Directory of C:\example05/02/2024 08:16 AM <DIR> .
05/02/2024 08:16 AM <DIR> ..
05/02/2024 07:57 AM 17 test.txt1 File(s) 17 bytes2 Dir(s) 14,983,409,664 bytes freeWe can use the wildcard character * to refer to multiple files. For example, copy *.md C:\Markdown will copy all files with the extension md to the directory C:\Markdown.
我们可以使用通配符 * 来引用多个文件。例如,copy *.md C:Markdown 会将所有扩展名为 md 的文件复制到目录 C:Markdown。
问题
答案
Task5 Task and Process Management任务和流程管理
图片版
文字版
You must be familiar with MS Windows Task Manager and might be familiar with killing non-responsive processes. Let’s discover how to achieve a similar functionality using the command line.
您必须熟悉 MS Windows 任务管理器,并且可能熟悉如何终止无响应进程。让我们探索如何使用命令行实现类似的功能。
We can list the running processes using tasklist.
我们可以使用任务列表列出正在运行的进程。
Terminal终端
C:\>tasklistImage Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 8 K
System 4 Services 0 88 K
Registry 84 Services 0 50,700 K
smss.exe 276 Services 0 1,132 K
csrss.exe 372 Services 0 5,264 K
wininit.exe 448 Services 0 6,892 K
csrss.exe 456 Console 1 5,028 K
winlogon.exe 516 Console 1 11,144 K
services.exe 584 Services 0 7,492 K
lsass.exe 592 Services 0 16,108 K
svchost.exe 704 Services 0 23,432 K
fontdrvhost.exe 736 Console 1 4,256 K
[...]Some filtering is helpful because the output is expected to be very long. You can check all available filters by displaying the help page using tasklist /?. Let’s say that we want to search for tasks related to sshd.exe, we can do that with the command tasklist /FI "imagename eq sshd.exe". Note that /FI is used to set the filter image name equals sshd.exe.
一些过滤很有用,因为输出预计会很长。你可以使用任务列表 /? 来查看所有可用的过滤器,方法是显示帮助页面。假设我们想搜索与 sshd.exe 相关的任务,可以使用命令任务列表 / FI“imagename eq sshd.exe” 来执行。请注意,/FI 用于将过滤器图像名称设置为 sshd.exe。
Terminal终端
C:\>tasklist /FI "imagename eq sshd.exe"Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
sshd.exe 2116 Services 0 6,992 K
sshd.exe 2712 Services 0 7,668 K
sshd.exe 4752 Services 0 7,372 KWith the process ID (PID) known, we can terminate any task using taskkill /PID target_pid. For example, if we want to kill the process with PID 4567, we would issue the command taskkill /PID 4567.
在已知进程 ID (PID) 的情况下,我们可以使用 taskkill /PID target_pid 终止任何任务。例如,如果我们想使用 PID 4567 终止进程,我们可以发出 taskkill /PID 4567 命令。
Task6 Conclusion 结论
n this room, we focused on the most practical commands for accessing a networked system over the command line.
在这个房间里,我们专注于通过命令行访问网络系统的最实用命令。
We intentionally omitted a few common commands as we didn’t see a real value for including them in a beginner room. We mention them below so that you know that the command line can be used for other tasks.
我们故意省略了一些常见的命令,因为我们认为将它们包含在新手房间中没有真正的价值。我们在下面提到它们,以便你知道命令行可以用于其他任务。
chkdsk: checks the file system and disk volumes for errors and bad sectors.
Chkdsk: 检查文件系统和磁盘卷是否存在错误和故障扇区。driverquery: displays a list of installed device drivers.
Driverquery: 显示已安装的设备驱动程序列表。sfc /scannow: scans system files for corruption and repairs them if possible.
Sfc /scannow: 扫描系统文件以防止损坏,并在可能的情况下修复它们。
It is important to remember all the commands covered in the previous tasks; moreover, it is equally important to know that /? can be used with most commands to display a help page.
记住前面任务中涵盖的所有命令很重要;此外,同样重要的是要知道 /? 可以与大多数命令一起用于显示帮助页面。
In this room, we used the command more in two ways:
在这个房间里,我们主要以两种方式使用这个命令:
- Display text files:
more file.txt
显示文本文件:more file.txt - Pipe long output to view it page by page:
some_command | more
管道 long 输出以逐页查看:some_command | more
Equipped with this knowledge, we now know how to display the help page of a new command and how to display long output one page at a time.
有了这些知识,我们现在知道如何显示新命令的帮助页面,以及如何一次显示一页的长输出。
Now that you know the Windows command line, it is time to move to the WindowsPowerShell room.
现在你已经了解了 Windows 命令行,是时候转到 Windows PowerShell 房间了。
