More good Windows command line tools

Once again I am surprised to see more useful commandline tools, already in Windows.

When I was playing around with Powershell I stumbled upon Windows Command Reference, a .chm file with reference for a lot of command line utils in Windows:

The Windows command-line tools are used to perform various tasks related to
Windows Vista, Windows Server 2003, and Windows Server 2008.You can use the
command reference to familiarize yourself with new and enhanced command-line
tools, to learn about the command shell, and to automate command-line tasks by
using batch files or scripting tools.

Many of the tools in the reference are also in Windows XP and 2003, but the resource kit tools are not listed, for example jt.exe or tail.exe is not in the list.

With all these nice utils, and more to come probably, I am thinking a lot of old selfmade scripts can be replaced or simplified. I prefer to use windows builtin tools if possible, most often wrapped somehow.

Of course there will always come new needs, ideas for improvements, so script wrapping, script/batch control is just as much wanted as before!

Two of the utils I can use immediately, its tasklist.exe and taskkill.exe, which can query and kill processes depending on lots of different restrictions.

One of the good filter options is username, memusage and session number. Unfortunately only on one server at a time:

TASKLIST [/S system [/U username [/P [password]]]]
[/M [module] /SVC /V] [/FI filter] [/FO format] [/NH]

Description:
This command line tool displays a list of application(s) and
associated task(s)/process(es) currently running on either a local or
remote system.

Parameter List:
/S system Specifies the remote system to connect to.

/U [domain\]user Specifies the user context under which
the command should execute.

/P [password] Specifies the password for the given
user context. Prompts for input if omitted.

/M [module] Lists all tasks that have DLL modules loaded
in them that match the given pattern name.
If the module name is not specified,
displays all modules loaded by each task.

/SVC Displays services in each process.

/V Specifies that the verbose information
is to be displayed.

/FI filter Displays a set of tasks that match a
given criteria specified by the filter.

/FO format Specifies the output format.
Valid values: "TABLE", "LIST", "CSV".

/NH Specifies that the "Column Header" should
not be displayed in the output.
Valid only for "TABLE" and "CSV" formats.

/? Displays this help/usage.

Filters:
Filter Name Valid Operators Valid Value(s)
----------- --------------- --------------
STATUS eq, ne RUNNING NOT RESPONDING
IMAGENAME eq, ne Image name
PID eq, ne, gt, lt, ge, le PID value
SESSION eq, ne, gt, lt, ge, le Session number
SESSIONNAME eq, ne Session name
CPUTIME eq, ne, gt, lt, ge, le CPU time in the format
of hh:mm:ss.
hh - hours,
mm - minutes, ss - seconds
MEMUSAGE eq, ne, gt, lt, ge, le Memory usage in KB
USERNAME eq, ne User name in [domain\]user
format
SERVICES eq, ne Service name
WINDOWTITLE eq, ne Window title
MODULES eq, ne DLL name

TclockEx is still a better Windows Clock

Similar to the awesome util Printkey 2000, there is another Windows util that is still my favorite for the task.. even that it is very very old: TclockEx.. a much better Windows task bar/system tray clock!

It serves a few important purposes for me:

• Display date and time in a better way
• Customizable format of "date and time copy to clipboard" when i doubleclick the systray. I use this format to get a quick datestring for usage in reports and documentation: yyyyMMdd-HHmm (eg. 20080427-0719)
• Display a simple calender with week numbers, shown by single click and week start can be modified to monday.
  

The original site in the About page http://users.iafrica.com/d/da/dalen does not work, instead I used http://www.rcis.co.za/dale/tclockex/.

For the paranoid people, here is my md5 sum for the safe exe:

1238b1c59fd4987d538144aa915e85c2 *tclockex-1.4.2.exe
1238b1c59fd4987d538144aa915e85c2 *tclockex.exe

Read more about alternatives to tclock here:

http://www.techsupportalert.com/best-free-tray-clock-replacement.htm

Windows forfiles.exe, similar to unix find

I have unix tools available on my Windows boxes, so I have have a tendency to use those, eg. using unix find to delete files older than x days.

Now a while ago I saw that there is a forfiles.exe in NT ressource kit, which can do similar job, only it does not work on UNC paths:

forfiles /P file://machine/share /M thesefiles*

ERROR: UNC paths (file://machine/share) are not supported.

You can get inspired by some cleanup examples:

forfiles /p C:\documentService\bin /s /m trace*.* /d -120 /c "cmd /c del @path"

forfiles /p D:\DocumentStore\imagingShare /s /m *.tif* /d -120 /c "cmd /c del @path"

And as always ss64.com has forfiles examples.

Another example for deleting files:

FORFILES /p C:\filename /s /m *.* /d -3 /c “CMD /C del /Q @FILE

File size, file count, file age - batch util

I wanted to know each of this:

• If a filesize (eg. the newest/latest one in a directory) is above or below a certain threshold.
• If a number of files in a dir is equal, above or below a certain limit.
• If the age of a file (eg. the newest/latest one), is above or below a certain age in seconds.

I turned to the batch search/overview sites and looked for inspiration, my findings was

• FileSizeComp is an elegant example in batch, but requires you know the filename.
• GetDirStats returns number of files, elegantly using dirlist from compact.
• I did not find a batch way to get mtime of a file.

So: two problems: I would need a way to find "the latest file" and then pipe that to one of the batch scripts, and I didnt find a ressource kit tool or batch way to get mtime from a file.

So: I made a simple perl script that can handle all of the above. And it also works cross platform.

There was someone who did an mtime (file age) check script in vbscript, i did not use it though.

Identify the process that locks a file on Windows

I wanted to identify the process that locks a file on Windows, I am sure you know the feeling:

del ft*
The process cannot access the file because it is being used by another process.

There was an execellent article that described how one of my favorite tools procexp.exe from PsTools has a "Find handle or dll" (CTRL+F) that does the trick.

I think process explorer can only see local processes locking a file, it can not see if you have locked using a share for example. I have not tested it.

The same article also describes some possible solutions for command line based, I didnt have a need for that yet though:

Note: There is also a command-line tool named Handle from Windows Sysinternals that can display open handles for any process in the system. See: View Open Handles to a file or folder from the context menu from the Winhelponline.com Blog.

...

Once installed, reboot Windows and use the Oh.exe (Open Handles) command-line tool. For exact parameters, open Help and Support center and type-in OH. The following example shows how to find the Process(es) which have locked the file "INBOX.DBX".
Open a Command Prompt window and type:
oh inbox.dbx >C:\Output.txt

As for the oh.exe method it require reboot after windows 2003 resource kit installation, or you will see:

The system global flag `maintain object type lists' is not enabledfor this system. Please use `oh +otl' to enable it and then reboot.

But it looks very powerfull:

oh - Object handles dump -- built by: dnsrv_dev(v-smgum)
Copyright (c) Microsoft Corporation. All rights reserved.

OH [DUMP_OPTIONS ...]
OH [FLAGS_OPTIONS ...]
OH -c [COMPARE_OPTIONS ...] BEFORE_LOG AFTER_LOG

DUMP_OPTIONS are:

-p N - displays only open handles for process with ID of n. If not
specified perform a system wide dump.
-t TYPENAME - displays only open object names of specified type.
-o FILENAME - specifies the name of the file to write the output to.
-a includes objects with no name.
-s display summary information
-h display stack traces for handles (a process ID must be specified)
-u display only handles with no references in process memory
-v verbose mode (used for debugging oh)
NAME - displays only handles that contain the specified name.

Blog backup reminder

Very shortly after I started to use this blog as a placeholder for knowledge, I wondered how I could back the blog up.

I didnt get any backup going, so I am happy to get a reminder from a march post on Taosecurity:

Therefore, for the last several months I've been archiving my blogs using BlogBackupOnline.com. I used the free service while in beta, but my storage requirements for this blog exceed their 5 MB "Freemium" limits. Therefore, I ponied up the money for a "Professional" account with 250 MB storage, and the "advertising" provided by this post should help me double that amount to 500 MB.

One of the comments on the post is interesting, I have to try that:

.. also check out http://blogbackupr.com, 100MB free space

Now I am thinking if I can find an open source backup application or script that does RSS backup similar to those services? Then I could cron a backup myself.