Tip: If you wish to quickly launch the standard Windows Console host (Command Prompt) in the current directory via File Explorer, simply type ‘cmd’ within the File Explorer location bar and press the Enter/Return key.īefore moving on, note that it is also possible to run PsExec and any of the other PsTools directly, without the need to manually download them, by entering the following into File Explorer. You can also add the PsTools folder to your ‘Path’ Environment Variable so that you can use PsExec from your terminal without having to change directory. Now launch your terminal of choice and change your working directory to the location of the folder containing the PsTools which you extracted from the zip file. On the Microsoft Docs SysInternals page click on the ‘Download PsTools’ link which will download a zip file containing all of the available PsTools, including PsExec.Įxtract the contents of the zip file to a folder on your local machine. The usual approach for getting access to PsExec is to first of all download it onto your machine (I discuss an alternative at the end of this section). In the following two sections, I explain how to install PsExec and walk through the basics of using it to execute a program on another machine. Other PsTools include PsKill which can be used to terminate processes on both local and remote systems and PsPasswd which can be used to change passwords on local and remote systems. The tools were created while Mark was the Chief Software Architect at Winternals Software and they were part of a project named ‘Sysinternals’. PsExec is part of a family of command-line tools called ‘PsTools’, developed by Mark Russinovich who is currently the CTO of Microsoft Azure. PsExec redirects the console output of remotely executed programs to the client machine such that they appear to be running locally. PsExec is a command-line utility that can be used to execute programs remotely on other Windows machines to which you have network access. In this article, I explain what PsExec is, how to use it, and how it works under the covers. If the answer is yes then you’ll be pleased to know there is a way to accomplish this in a Windows environment using a very clever little command-line program named ‘PsExec’. Xplorer2_64.exe pid: 108904 type: File 1B78: C:\Users\me\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.dbĮxplorer.exe pid: 75252 type: File 2B68: C:\Users\me\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.dbĮxplorer.exe pid: 75252 type: File 4B1C: C:\Users\me\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.dbįirefox.exe pid: 20884 type: File 15A8: C:\Users\me\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.dbįirefox.exe pid: 20884 type: File 3BF4: C:\Users\me\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.Have you ever wanted to run a program remotely across a network without needing to install or configure anything on the remote machine you wish to access? Xplorer2_64.exe pid: 108904 type: File 1098: C:\Users\me\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db Sysinternals - xplorer2_64.exe pid: 108904 type: File 844: C:\Users\me\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db Here is an example output: →handle -a "C:\Users\me\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db" SysInternal's handle utility is designed exactly for this problem for the command line. Status = ntdll.NtQueryInformationFile(hFile, ref(iosb), # system call to retrieve list of PIDs currently using the file = (įILE_INFORMATION_CLASS) # In FileInformationClass PIO_STATUS_BLOCK = ctypes.POINTER(IO_STATUS_BLOCK) Info = FILE_PROCESS_IDS_USING_FILE_INFORMATION() ('ProcessIdList', wintypes.LARGE_INTEGER * 64)) _fields_ = (('NumberOfProcessIdsInList', wintypes.LARGE_INTEGER), Raise ctypes.WinError(ctypes.get_last_error())Ĭlass FILE_PROCESS_IDS_USING_FILE_INFORMATION(ctypes.Structure): Path, FILE_READ_ATTRIBUTES, FILE_SHARE_READ, None, OPEN_EXISTING, Wintypes.DWORD, # In dwFlagsAndAttributes Wintypes.DWORD, # In dwCreationDisposition LPSECURITY_ATTRIBUTES, # In_opt lpSecurityAttributes # create handle on concerned file with dwDesiredAccess = FILE_READ_ATTRIBUTES INVALID_HANDLE_VALUE = wintypes.HANDLE(-1).value Kernel32 = ctypes.WinDLL('kernel32', use_last_error=True) have a look at the following code in Python which returns a list of PIDs that can then easily be killed using the Task Manager or similar tools. You can also do it programmatically by leveraging on the NTDLL/KERNE元2 Windows API.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |