wmic 获取进程名称以及可执行路径:wmic process get name,executablepathwmic 删除指定进程(根据进程名称):wmic process where name="qq.exe" call terminate或者用wmic process where name="qq.exe" deletewmic 删除指定进程(根据进程PID):wmic process where pid="123" deletewmic 创建新进程wmic process call create "C:\Program Files\Tencent\QQ\QQ.exe"
在远程机器上创建新进程:wmic /node:192.168.1.10 /user:administrator /password:123456 process call create cmd.exe关闭本地计算机wmic process call create shutdown.exe重启远程计算机wmic /node:192.168.1.10/user:administrator /password:123456 process call create "shutdown.exe -r -f -m"
更改计算机名称wmic computersystem where "caption='%ComputerName%'" call rename newcomputername 更改帐户名wmic USERACCOUNT where "name='%UserName%'" call rename newUserName
wmic 结束可疑进程(根据进程的启动路径)wmic process where "name='explorer.exe' and executablepath<>'%SystemDrive%\\windows\\explorer.exe'" delete
wmic 获取物理内存wmic memlogical get TotalPhysicalMemory|find /i /v "t"
wmic 获取文件的创建、访问、修改时间@echo offfor /f "skip=1 tokens=1,3,5 delims=. " %%a in ('wmic datafile where name^="c:\\windows\\system32\\notepad.exe" get CreationDate^,LastAccessed^,LastModified') do (set a=%%aset b=%%bset c=%%cecho 文件: c:\windows\system32\notepad.exeecho.echo 创建时间: %a:~0,4% 年 %a:~4,2% 月 %a:~6,2% 日 %a:~8,2% 时 %a:~10,2% 分 %a:~12,2% 秒echo 最后访问: %b:~0,4% 年 %b:~4,2% 月 %b:~6,2% 日 %b:~8,2% 时 %b:~10,2% 分 %b:~12,2% 秒echo 最后修改: %c:~0,4% 年 %c:~4,2% 月 %c:~6,2% 日 %c:~8,2% 时 %c:~10,2% 分 %c:~12,2% 秒)echo.pause
wmic 全盘搜索某文件并获取该文件所在目录for /f "skip=1 tokens=1*" %i in ('wmic datafile where "FileName='qq' and extension='exe'" get drive^,path') do (set "qPath=%i%j"&@echo %qPath:~0,-3%)
获取屏幕分辨率
wmic DESKTOPMONITOR where Status='ok' get ScreenHeight,ScreenWidth
wmic PageFileSet set InitialSize="512",MaximumSize="512"
设置虚拟内存到E盘,并删除C盘下的页面文件,重启计算机后生效
wmic PageFileSet create name="E:\\pagefile.sys",InitialSize="1024",MaximumSize="1024"wmic PageFileSet where "name='C:\\pagefile.sys'" delete 获得进程当前占用的内存和最大占用内存的大小: wmic process where caption='filename.exe' get WorkingSetSize,PeakWorkingSetSize 以KB为单位显示 @echo offfor /f "skip=1 tokens=1-2 delims= " %%a in ('wmic process where caption^="conime.exe" get WorkingSetSize^,PeakWorkingSetSize') do (set /a m=%%a/1024set /a mm=%%b/1024echo 进程conime.exe现在占用内存:%m%K;最高占用内存:%mm%K)pause 远程打开计算机远程桌面 wmic /node:%pcname% /USER:%pcaccount% PATH win32_terminalservicesetting WHERE (__Class!="") CALL SetAllowTSConnections 1