Monday 24 June 2013

How to create a command-line toolkit for Windows

 How to create a command-line toolkit for Windows

NETWORK AND COMPUTER ENGINEERING - If you are a system administrator, IT professional, or a power user it is common to find yourself using the command prompt to perform administrative tasks in Windows. Whether it be copying files, accessing the Registry, searching for files, or modifying disk partitions, command-line tools can be faster and more powerful than their graphical alternatives. This tutorial will walk you through creating a command-line toolkit that contains useful programs and utilities that can make administering and using your computer easier and more efficient. The tutorial will also walk you through configuring your PATH environment variable so that these tools are available whenever you need them without having to specify the complete path to your toolkit folder. At the end of the tutorial we have listed a variety of command-line programs that are included with Windows or are by 3rd party developers that you can use as part of your command-line toolkit.

The first step is to create a folder that you will use to store your command-line programs. This folder can be located anywhere, but should have a name that describes what it is being used for. Some example folder names that you can use are bin, cl, or command-line. For the purpose of this tutorial, we will use the folder C:\command-line to store the command-line tools that we would like to use. Once the folder has been created, we now want to add it to the Windows PATH so that we do not have to type the full path to the command-line tool every time we wish to use one.
To do this, click on the Start button and type System. If you are using Windows 8, you can just type System from the Start Screen. When the search results appear, click on the System control panel in the search results to open the control panel as shown below.
 
System Control Panel
 
Now click on the Advanced system settings option as indicated by the red arrow in the image above. This will open the Advanced tab for the System Properties screen.
 
Advanced System Properties screen
 
Now click on the Environment Variables button to open a screen that lists the various environment variables that are configured in Windows.
 
Environment Variables screen
 
Under the System variables box scroll down till you see the Path variable. Once you see that variable, double-click on it to open a screen where you can edit it.
 
Edit Path Variable
 
The Path variable is a list of folders separated by a semi-colon (;) that Windows will use to search for programs to execute when you type them in. When you try to launch a program from the command-line, Windows will search through all the folders in its path and execute the program if it is found. As we do not want to have to type the full path to a command-line program (C:\command-line\program.exe) every time we use it, we can add the C:\Command-line folder to our path so we only have to type the program name (program.exe) to launch it.
As our command-line tools in this tutorial are located in C:\command-line we want to add this folder to the end of the list of folders that are already present in the Variable value field. To do this, go to the very end of the text in the Variable value field and type ;C:\command-line. When you do this you will need to substitute C:\command-line with the path to your folder. When you are done, you should now see the field that looks similar to the image above.
To save your changes, click on the OK button and then close the System Control Panel. Now whenever you type in a program name that is stored in your command-line program folder, Windows will be able to find it and execute it.
 
Useful Command-line programs to add to your command-line toolkit
This section will list a variety of command-line programs that can you use to start your toolkit. When using the list below, if the program is not bundled with Windows, then the name of the program will also be a link to the site that you can use to download the program and save it to your command-line folder. If the program name does not contain a link, then it is bundled with Windows and can already be used from your command prompt. If there are any other tools that you recommend we add to this list, please let us know.
 
Administration and Troubleshooting Programs
Command Description
AccessChk AccessChk lists the kind of permissions specific users or groups have to resources including files, directories, Registry keys, global objects and Windows services
at The AT command schedules commands and programs to run on a computer at a specified time and date. The Schedule service must be running to use the AT command.
CoreInfo Coreinfo is a command-line utility that shows you the mapping between logical processors and the physical processor, NUMA node, and socket on which they reside, as well as the cache’s assigned to each logical processor.
driverquery Displays a list of installed device drivers.
MpCmdRun.exe A command-line interface for Windows Defender. To execute this program you must use the full path: %ProgramFiles%\Windows Defender\MpCmdRun.exe
net Various Windows management commands. More information can be found here.
netsh Netsh is a command-line scripting utility that allows you to, either locally or remotely, display or modify the network configuration of a computer that is currently running. More information can be found here.
powershell Windows PowerShell is a task-based command-line shell and scripting language designed especially for system administration.
PsLogList Allows you to list the contents of local or remote computer's Windows Event Log.
PsPasswd PsPasswd is a tool that lets you change an account password on the local or remote systems.
PsService Allows you to list and configure Windows services.
runas Run a program as another user.
rundll32 Execute functions exported in a DLL file.
sc Manage Windows Services.
shutdown Shutdown a local or remote computer.
SigCheck Verify that images are digitally signed and dumps version information contained within the file.
UnixUtils A collection of Unix utilities that have been ported to Windows. These utilities are very useful and include programs like grep, split, tar, dir, etc.
wmic A program that allows command-line and batch file access to Windows Management Instrumentation.
WUInstall A command-line Windows Update installer and management program.
 
Boot and Windows Startup Programs
Command Description
bcdboot The bcdboot.exe command-line tool is used to copy critical boot files to the system partition and to create a new system BCD store.
bcdedit The Bcdedit.exe command-line tool modifies the boot configuration data store. The boot configuration data store contains boot configuration parameters and controls how the operating system is booted. This tool is for Windows Vista and later. More information can be found here.
bootcfg More information can be found here.
repair-bde The bootcfg command is a Microsoft Windows Server 2003 utility that modifies the Boot.ini file. This command has a function that can scan your computer's hard disks for Microsoft Windows NT, Microsoft Windows 2000, Microsoft Windows XP, and Windows Server 2003 installations, and then add them to an existing Boot.ini file or rebuild a new Boot.ini file if one does not exist. You can use the bootcfg command to add additional Boot.ini file parameters to existing or new entries. More information can be found here.
 
 
File Comparison, Search, and Viewing Programs
Command Description
comp Compares the contents of two files or sets of files.
findstr Searches for strings in files. This is a powerful tool, but contains a limited Regular Expression functionality. If you want a string searching tool with greater RegExp functionality, you may want to use grep that is part of the UnixUtils package.
fc Compares two files or sets of files and displays the differences between them.
more Displays a file one page at a time.
sort Reads input, sorts data, and writes the results to the screen, to a file, or to another device. More information about sort can be found here.
type Displays the entire file to the screen.
 
File Permission and Management Programs
Command Description
7Zip Full featured archive program that can work with almost any archive type. When adding this to your command-line folder, be sure to copy both 7z.exe & 7z.dll for it to work properly.
attrib Displays, sets, or removes the read-only, archive, system, and hidden attributes assigned to files or directories. Used without parameters, attrib displays attributes of all files in the current directory. More information can be found here.
cd Changes the current working directory.
copy Copy a file to another name or to a different folder.
dir List the files in a folder.
File Checksum Integrity Verifier The File Checksum Integrity Verifier (FCIV) utility can generate MD5 or SHA-1 hash values for files to compare the values against a known good value. FCIV can compare hash values to make sure that the files have not been changed.
forfiles Selects a file (or set of files) and executes a command on that file.
Handle Handle is a utility that displays information about open handles for any process in the system. You can use it to see the programs that have a file open, or to see the object types and names of all the handles of a program.
icacls Displays or modifies discretionary access control lists (DACLs) on specified files, and applies stored DACLs to files in specified directories. More information about icacls can be found here.
Junction Allows you to create, list, or delete Junctions in Windows.
LADS LADS will display a list of all alternate data streams found in a particular folder.
md5sum Lists the md5 has for a particular file or numerous files in a folder.
move Move a file or folder to another location.
ren Rename a file or folder.
Sdelete You can use SDelete both to securely delete existing files, as well as to securely erase any file data that exists in the unallocated portions of a disk (including files that you have already deleted or encrypted). SDelete implements the Department of Defense clearing and sanitizing standard DOD 5220.22-M, to give you confidence that once deleted with SDelete, your file data is gone forever.
sfc Scans the integrity of all protected system files and replaces incorrect versions with correct Microsoft versions.
Strings Displays strings found within a file.
xcopy Copies files and directories, including subdirectories.
 
Filesystem Management Programs
Command Description
chkdsk Checks a disk and displays a status report.
defrag Locates and consolidates fragmented files on local volumes to improve system performance.
diskpart Diskpart allows you to manage and modify disk partitions. More information about diskpart can be found here.
FixMBR Repairs the master boot record of the boot disk. The fixmbr command is only available when you are using the Recovery Console.
recover Recovers readable information from a bad or defective disk.
takeown This tool allows an administrator to recover access to a file that was denied by re-assigning file ownership.
 
Network Diagnostics & Administration Programs
Command Description
arp Displays and modifies the IP-to-Physical address translation tables used by address resolution protocol (ARP). Useful for finding mac addresses of other networked devices on your network.
cURL cURL is a command line tool for downloading web pages, entire sites, ftp files, etc.
ipconfig Displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings. Used without parameters, ipconfig displays the IP address, subnet mask, and default gateway for all adapters. More information can be found here.
Netcat Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol. This is a very useful tool for diagnosing network connections, open firewall ports, or for sending the output of a local command to a remote computer.
netstat Displays protocol statistics and current TCP/IP network connections.
Nmap Nmap ("Network Mapper") is a utility for network discovery and security auditing. This program can quickly perform a TCP/IP audit of your network.
nslookup Nslookup allows you to perform DNS (Domain Name Service) resolution.
pathping The PathPing tool is a route tracing tool that combines features of Ping and Tracert with additional information that neither of those tools provides. PathPing sends packets to each router on the way to a final destination over a period of time, and then computes results based on the packets returned from each hop. Since PathPing shows the degree of packet loss at any given router or link, you can pinpoint which routers or links might be causing network problems. More information can be found here.
ping Ping is a computer network administration utility used to test if you can reach a host on an Internet Protocol (IP) network and to measure the round-trip time for messages sent from the originating host to a destination computer.
PsFile PsFile is a command-line utility that shows a list of files on a system that are opened remotely, and it also allows you to close opened files either by name or by a file identifier.
PsExec PsExec is a program that lets you execute processes on other systems, complete with full interactive use for console applications, without having to manually install client software. Please note that some anti-virus vendors may detect this as "Remote Admin", but it is a legitimate tool from Microsoft.
PsLoggedOn PsLoggedOn is an program that displays both the locally logged on users and users logged on via resources for either the local computer, or a remote one. If you specify a user name instead of a computer, PsLoggedOn searches the computers in the network neighborhood and tells you if the user is currently logged on.
route Displays and modifies the entries in the local IP routing table. Used without parameters, route displays help. More information can be found here.
tracert Displays the path taken from TCP/IP packets as they traverse from your local computer to a remote target. More information can be found here.
Wget GNU Wget is a program for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols.
 
Process Management Programs
Command Description
ListDlls ListDLLs is a utility that reports the DLLs loaded into processes. You can use it to list all DLLs loaded into all processes, into a specific process, or to list the processes that have a particular DLL loaded.
PsKill Allows you to terminate processes.
PsList Lists all running processes.
tasklist Lists all running running processes and services. This program can also be used to list what services are running under a particular svchost process. See here for more information regarding how to do that.
taskkill This tool is used to terminate tasks by process id (PID) or image name.
 
 
If there are any other command-line tools that you think we missed, please let us know about them.