wmic(Windows Management InstrumentationCommand Line) ,提供了從命令行接口和批命令腳本執行系統管理的支持
wmic是一款命令行管理工具
wmic有一個能夠分析、解釋和執行從命令行接收的別名(Alias)的引擎,它是一個可執行文件,名為WMIC.exe
WMIC.exe通常位於 C:\Windows\System32\wbem
WMIC可以以兩種模式執行:
交互模式(Interactive mode):命令窗口下輸入wimic
>wmic
wmic:root\cli>
eg:
查看進程為QQ.exe進程的信息
>wmic wmic:root\cli>process where name="QQ.exe" list brief HandleCount Name Priority ProcessId ThreadCount WorkingSetSize 1320 QQ.exe 8 6172 69 220016640
非交互模式(Non-Interactive mode):wimic+命令參數
幫助文檔查看
wmic / ?
使用示例
1.顯示BIOS信息
>wmic bios list Brief Manufacturer Name SerialNumber SMBIOS BIOSVersion Version American Megatrends Inc. BIOS Date: 07/12/12 13:29:34 Ver: 04.06.05 To be filled by O.E.M. F3 _ASUS_ - 1072009
ist決定顯示的信息格式與范圍,它有
full為默認參數,表示顯示所有的信息
Brief表示只顯示摘要信息
Instance表示只顯示對象實例
Status表示顯示對象狀態
Writeable表示只顯示該對象的可寫入的屬性信息等
2.cpu信息
>wmic cpu list brief Caption DeviceID Manufacturer MaxClockSpeed Name SocketDesignation Intel64 Family 6 Model 58 Stepping 9 CPU0 GenuineIntel 3901 Intel(R) Core(TM) i7-37 70K CPU @ 3.50GHz Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
cpu型號
>wmic cpu get name Name Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
cpu當前的速度
>wmic cpu get CurrentClockSpeed CurrentClockSpeed 3901
3.物理內存
>wmic memphysical list brief MaxCapacity MemoryDevices Model Name 33554432 4 Physical Memory Array
4.內存芯片信息
>wmic memorychip list brief Capacity DeviceLocator MemoryType Name Tag TotalWidth 8589934592 ChannelA-DIMM0 0 Physical Memory Physical Memory 0 64 8589934592 ChannelB-DIMM0 0 Physical Memory Physical Memory 2 64
5.查看緩存
>wmic memcache list brief BlockSize CacheSpeed CacheType DeviceID InstalledSize Level MaxCacheSize NumberOfBlocks Status 1024 4 Cache Memory 0 256 3 256 256 OK 1024 5 Cache Memory 1 1024 4 1024 1024 OK 1024 5 Cache Memory 2 8192 5 8192 8192 OK
6.本地存儲設備管理
獲取硬盤系統格式、總大小、可用空間等
>wmic logicaldisk list brief DeviceID DriveType FreeSpace ProviderName Size VolumeName C: 3 27498643456 210519453696 D: 3 304604254208 401603555328 E: 3 226881138688 387973115904 F: 5 G: 5
7.聲音設備管理
>wmic sounddev list brief
Manufacturer Name Status StatusInfo
Realtek Realtek High Definition Audio OK 3 NVIDIA NVIDIA High Definition Audio OK 3 NVIDIA NVIDIA Virtual Audio Device (Wave Extensible) (WDM) OK 3
8.進程管理
列出進程的核心信息
>wmic process list brief HandleCount Name Priority ProcessId ThreadCount WorkingSetSize 0 System Idle Process 0 0 8 24576 1026 System 8 4 176 2072576 36 smss.exe 11 416 2 1572864 766 csrss.exe 13 632 9 5414912 89 wininit.exe 13 688 3 6017024 2079 csrss.exe 13 708 14 23052288 261 services.exe 9 748 9 11550720 131 winlogon.exe 13 788 3 10358784 ……
wmic 獲取進程名稱以及可執行路徑
>wmic process get name,executablepath ExecutablePath Name System Idle Process System smss.exe C:\Windows\system32\csrss.exe csrss.exe C:\Windows\system32\wininit.exe wininit.exe C:\Windows\system32\csrss.exe csrss.exe C:\Windows\system32\services.exe services.exe C:\Windows\system32\winlogon.exe winlogon.exe ……
獲得某個進程當前占用的內存和最大占用內存的大小
>wmic process where caption='QQ.exe' get WorkingSetSize,PeakWorkingSetSize PeakWorkingSetSize WorkingSetSize 233476 220094464 >wmic process where caption='chrome.exe' get WorkingSetSize,PeakWorkingSetSize PeakWorkingSetSize WorkingSetSize 525904 380080128 21752 21032960 19112 18669568 228752 205066240 35952 36720640
9.獲取正在運行的服務列表
>wmic service where (state="running") get caption, name, startmode Caption Name StartMode Windows Audio Endpoint Builder AudioEndpointBuilder Auto Windows Audio AudioSrv Auto Base Filtering Engine BFE Auto Background Intelligent Transfer Service BITS Manual Computer Browser Browser Manual Certificate Propagation CertPropSvc Manual Cryptographic Services CryptSvc Auto DCOM Server Process Launcher DcomLaunch Auto DHCP Client Dhcp Auto DNS Client Dnscache Auto Diagnostic Policy Service DPS Auto Extensible Authentication Protocol EapHost Manual Windows Event Log eventlog Auto COM+ Event System EventSystem Auto Windows Font Cache Service FontCache Manual ……
10.輸出到文件
>wmic /output:e:\a.txt process get name,executablepath
結果就會報錯到e:\a.txt里
wmic工具很強大,還需繼續探索