home Misc, Tech Old and faithful

Old and faithful

Since time immemorial (days when system admins used to wear Ties and kept 3-4 ballpoint pens in their shirt pockets….nostalgic 60’s),command prompt has been there although the boxes then were huge mainframes and systems were unix or unix variants.

Many system administrators who manage Windows environment dont leverage the full power of Windows command prompt.One big argument that Unix admins have with Windows folks is the shell functionality in *nix systems.
With the release of Monad (Powershell),Microsoft has come up with something akin to *nix shell.However,without Powershell too,Windows command prompt is quite powerful although its features are not widely known.

Lets try to do something with just the command prompt in Windows,I will be using only Windows XP command prompt to demonstrate some tasks.

Say,I need to see which services are running on my XP box just using the command prompt.(I know you can go to run>services.msc and do stuff,but lets try to be lazy).

I do the following :


Image Name PID Services
========================= ====== ====================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 1036 N/A
csrss.exe 1080 N/A
winlogon.exe 1108 N/A
services.exe 1152 Eventlog, PlugPlay
lsass.exe 1164 Netlogon, PolicyAgent, ProtectedStor
ibmpmsvc.exe 1364 IBMPMSVC
ati2evxx.exe 1392 Ati HotKey Poller
svchost.exe 1412 DcomLaunch, TermService
svchost.exe 1488 RpcSs
……………………………… Output omitted for brevity.

As seen,tasklist is very very useful if used properly.The above thing can also be done using pslist which is a part of PsTools suite but this is the in-built functionality which we are leveraging.
Lets filter the above output,I just want to see the svchost.exe process instances.I do the following :

C:>tasklist/svc|find “svchost.exe”

This is what I get.

C:>ts, RemoteRegistry, WebClient

“find” in CLI is what “grep” is in *nix boxes [powershell in Windows uses objects instead of text manipulation in *nix shells].
Filtering output using find is useful everywhere,especially when piped with netstat.Like I want to see what ssh connections I am having to and from my box,I type this:

C:>netstat -ano|find “22”
Output is :
TCP AVP-XP:1229 AVP-XP.myworld.local:0 LISTENING
TCP AVP-XP:4195 apache.myworld.local:22 ESTABLISHED

Lets try some other cool stuff from our beloved CLI.
I urgently need to see all the device drivers on the box,only have a command prompt with me….thats enough to do the job :


This is the output :

Module Name Display Name Driver Type Link Date
============ ====================== ============= =====================
abp480n5 abp480n5 Kernel 8/18/2001 2:21:59 AM
ACPI Microsoft ACPI Driver Kernel 8/4/2004 11:37:35 AM
ACPIEC Microsoft Embedded Con Kernel 8/18/2001 2:27:55 AM
ADIHdAudAddS ADI UAA Function Drive Kernel 1/31/2006 8:49:33 PM
adpu160m adpu160m Kernel 5/30/2001 2:48:22 PM
AEAudioServi AEAudio Service Kernel 6/8/2005 2:23:44 AM
aec Microsoft Kernel Acous Kernel 10/1/2004 10:30:21 PM
………………… Output omitted for brevity

This is a long long list,lets try to get it in some human readable form.

Fear not,driverquery supports the export of the output to table/list/csv format [and they say Windows is purely point and click 🙂 ]

To get the output in csv :

C:driverlist/fo csv >> c:driverinfo.csv

You wont see any output since we are redirecting the output to a csv file named driverinfo which is created at the root drive.

I have explained some of the not-so-common tasks that can be done when you are using command prompt.Will get to some really neat stuff like managing network operations of a box using only Windows command prompt sometime later.

Hope this brings some sense in using command prompt in Windows..it ain’t that useless you see?


Leave a Reply

Your email address will not be published.