You are not logged in.
1 .Undocumented switches for SORT command
/c or /case_sensitive is for case sensitive sort
/u or /uni_output is for unicode output.
2. And one for doskey - /Busize=size - Used gives you this message (without error and command is working , btw here's a trick that allows comments in doskey macro files):
To specify the size of the command history buffer under Window NT,
use the /listsize switch which sets the number of commands to remember.
Though seems it was available in earlier versions as still available on some documentation pages:
3. Format.com info is pretty outdated:
Formats a disk for use with Windows.
FORMAT volume [/FS:file-system] [/V:label] [/Q] [/L] [/A:size] [/C] [/I:state] [
/X] [/P:passes] [/S:state]
FORMAT volume [/V:label] [/Q] [/F:size] [/P:passes]
FORMAT volume [/V:label] [/Q] [/T:tracks /N:sectors] [/P:passes]
FORMAT volume [/V:label] [/Q] [/P:passes]
FORMAT volume [/Q]
volume Specifies the drive letter (followed by a colon),
mount point, or volume name.
/FS:filesystem Specifies the type of the file system (FAT, FAT32, exFAT,
NTFS, UDF, ReFS).
/V:label Specifies the volume label.
/Q Performs a quick format. Note that this switch overrides /P.
/C NTFS only: Files created on the new volume will be compressed
by default.
/X Forces the volume to dismount first if necessary. All opened
handles to the volume would no longer be valid.
/R:revision UDF only: Forces the format to a specific UDF version
(1.02, 1.50, 2.00, 2.01, 2.50). The default
revision is 2.01.
/D UDF 2.50 only: Metadata will be duplicated.
/L NTFS Only: Use large size file records.
By default, the volume will be formatted with small size file
records.
/A:size Overrides the default allocation unit size. Default settings
are strongly recommended for general use.
ReFS supports 64K.
NTFS supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K.
FAT supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K,
(128K, 256K for sector size > 512 bytes).
FAT32 supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K,
(128K, 256K for sector size > 512 bytes).
exFAT supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K,
128K, 256K, 512K, 1M, 2M, 4M, 8M, 16M, 32M.
Note that the FAT and FAT32 files systems impose the
following restrictions on the number of clusters on a volume:
FAT: Number of clusters <= 65526
FAT32: 65526 < Number of clusters < 4177918
Format will immediately stop processing if it decides that
the above requirements cannot be met using the specified
cluster size.
NTFS compression is not supported for allocation unit sizes
above 4096.
/F:size Specifies the size of the floppy disk to format (1.44)
/T:tracks Specifies the number of tracks per disk side.
/N:sectors Specifies the number of sectors per track.
/P:count Zero every sector on the volume. After that, the volume
will be overwritten "count" times using a different
random number each time. If "count" is zero, no additional
overwrites are made after zeroing every sector. This switch
is ignored when /Q is specified.
/S:state Specifies support for short filenames (enable, disable)
Short names are disabled by default
/I:state ReFS only: Specifies whether integrity should be enabled on
the new volume. "state" is either "enable" or "disable"
Integrity is enabled on storage that supports data redundancy
by default.
4.Cacls also has new features despite being depricated:
NOTE: Cacls is now deprecated, please use Icacls.
Displays or modifies access control lists (ACLs) of files
CACLS filename [/T] [/M] [/L] [/S[:SDDL]] [/E] [/C] [/G user:perm]
[/R user [...]] [/P user:perm [...]] [/D user [...]]
filename Displays ACLs.
/T Changes ACLs of specified files in
the current directory and all subdirectories.
/L Work on the Symbolic Link itself versus the target
/M Changes ACLs of volumes mounted to a directory
/S Displays the SDDL string for the DACL.
/S:SDDL Replaces the ACLs with those specified in the SDDL string
(not valid with /E, /G, /R, /P, or /D).
/E Edit ACL instead of replacing it.
/C Continue on access denied errors.
/G user:perm Grant specified user access rights.
Perm can be: R Read
W Write
C Change (write)
F Full control
/R user Revoke specified user's access rights (only valid with /E).
/P user:perm Replace specified user's access rights.
Perm can be: N None
R Read
W Write
C Change (write)
F Full control
/D user Deny specified user access.
Wildcards can be used to specify more than one file in a command.
You can specify more than one user in a command.
Abbreviations:
CI - Container Inherit.
The ACE will be inherited by directories.
OI - Object Inherit.
The ACE will be inherited by files.
IO - Inherit Only.
The ACE does not apply to the current file/directory.
ID - Inherited.
The ACE was inherited from the parent directory's ACL.
Also it has undocumented long aliases for the switches
/T -> /TREE
/M -> /MOUNT
/L -> /LINK
/S -> /SSDL
/C -> /CONTINUE
/E -> /EDIT
/D -> /DENY
/R -> /REVOKE
/G -> /GRANT
/p -> /REpLACE
Last edited by npocmaka (18 Oct 2015 14:42)
Offline
Thanks again, I have added updates for all of those
DOSKEY /listsize was already there, but I have added the maximum value.
Interestingly if you try to add a listsize thats above the (undocumented) maximum, then DOSKEY creates a new macro called /listsize instead.
Offline
From Vista/7 there are new attributes that can be used with some commands:
I Not content indexed Files
L Reparse Points
X No scrub file attribute.
V Integrity attribute.
Affected commands DIR , ATTRIB (has also new switch /L).
The L attribute cannot be set with ATTRIB command.
Despite X and V attributes are not mentioned in DEL command help seems to be working fine (with the A switch)
Offline
^ I've updated those now
X and V options look to be Windows 8+
Thanks
Offline
Thanks for the update(I've missed the DIR command :-) ).
Though the /L switch for ATTRIB command was skipped (available on win7).
/L Work on the attributes of the Symbolic Link versus
the target of the Symbolic Link
Offline
tasklist has a new switches
/P [password] Specifies the password for the given
user context. Prompts for input if omitted.
/M [module] Lists all tasks currently using the given
exe/dll name. If the module name is not
specified all loaded modules are displayed.
/APPS Displays Store Apps and their associated processes.
At the moment I have only Win10 machine so I'm not sure when these were introduced.
Offline
I've updated the Tasklist page now, thanks again
Offline
pushd also supports wild cards (including the undocumented > and <).
There are some tricks though.
If it is executed with only wild cards in a directory that is not a root (C: , D: ..) it will push to the current directory.
If it executed with wild card only argument in a root folder it will push in to the first folder that applies the pattern.
if other symbols along with the wildcards are passed it will push to the first directory that applies the pattern.
Offline
^ That does seem a little buggy, for example:
pushd \windows\system32\driver?
will work and switch to \windows\system32\drivers
but
pushd \windows\system32\driver*
will fail and return "The directory name is invalid"
Offline
^ That does seem a little buggy, for example:
pushd \windows\system32\driver?
will work and switch to \windows\system32\driversbut
pushd \windows\system32\driver*
will fail and return "The directory name is invalid"
I didn't notice this
Yes... It acts strangely . I will experiment with this a little bit more..
Offline
I think I finally got it.
When a wildcard is passed pushd gets all files and directories in alphabetical order that apply the pattern.
And then tries to enter the first item.But if the first element is a file it will produce an error.
Offline
FSUTIL has new command since Vista:
8dot3name (the behavior command still can set 8.2 though)
repair
resource
transaction (resource and transaction commands are related though i don't get it how they work.I think they are applicable only over NTFS as in Vista NTFS transactions were introdiced)
Offline
I've added those now
http://ss64.com/nt/fsutil.html
I suspect the transactional stuff is an embryonic largely forgotten part of WinFS
http://www.theinquirer.net/inquirer/new … ship-winfs
Thanks again
Offline
tasklist filters support wildcard (*) if it is put at the end :!:
tasklist /FI "IMAGENAME eq cm*"
And a double quotes can be escaped with \" unless they are not at the end.
title "aa"
tasklist /FI "WINDOWTITLE eq \"aa*"
and backslash can be escaped with double backslash
Last edited by npocmaka (13 Apr 2016 16:51)
Offline
I have updated the Tasklist page now, thanks again npocmaka
Offline
hello...
I. About the nasty IF+PIPE bug. It happens in one more case (and hitting it can be frustrating)
Here are the cases:
1.When the if is on the right side
echo -|if # equ # more
2.When the if is on the left side and in brackets block ( including IF or FOR which can be hard for debug)
(if # equ # echo -)|more
In both cases IF parsing fails with following error
# was unexpected at this time.
The ultimate workaround proposed by jeb is to out "break ^&" before the IF:
(break ^& if # equ # echo -)|more
echo -|break ^& if # equ # more
II. Following dynamic variables are not accessible when command extensions are turned off - CMDCMDLINE , TIME , DATE , RANDOM , ERRORLEVEL , CMDEXTVERSION , CD (but __CD__ is still there) ,HIGHESTNUMANODENUMBER
III. Shockingly COLOR command does not work with command extensions are turned off - something not documented by microsoft. Aldo FTYPE and ASSOC are not working without command extension (not documented too).EXIT /B also does not work (but normal exit does.)
IV. MD cannot create intermediate directories with with command extensions are turned off - mentioned in technet but not in the SS64 pages.
V. this is rather for the vbscript section . wscript.exe and cscript.exe will not accept arguments that start with `//` - they will be taken as options for the windows script host. The workaround is to set // after the script name :
cscript //E:JScript //nologo "%~f0" // //double-slash-argument
Why CHCP command is not in the list with all others?
Microsoft is introducing a new commands also - some that I've found useful and may be worth their own pages - VMConnect (from windows 8) , Wbadmin , wpr (from windows 10) , wecutil
Best regards.
Last edited by npocmaka (12 Feb 2017 21:41)
Offline
Why CHCP command is not in the list with all others?
Because it's just not a very useful command, if you need unicode support then you should use PowerShell, if you don't need unicode then you don't need CHCP.
So it's a compromise, rather than leave CHCP out completely, I've left the page up, but it's only available via search not in the A-Z list.
My logic is that anyone looking at this command is most likely debugging an old script and they will find it by search.
But someone new learning the shell by going through the A-Z list of commands won't really miss anything by not covering CHCP.
I will look at the other commands as soon as I get time, probably next week, as always thanks for the heads up about new stuff.
Offline
I have now added pages for VMConnect, Wbadmin , wpr , wecutil and updated some existing pages with the other points above.
Thanks again npocmaka
Offline
1. it is possible to download files using certutil .Usage is easier than BITSADMIN (and the downloaded file can be pointed with a relative path!) ,though is abuse of the command :-) :
(https://isc.sans.edu/forums/diary/A+Sus … exe/23517/)
certutil.exe -urlcache -split -f "https://download.sysinternals.com/files/PSTools.zip" pstools.zip
2. Some updates are needed on a few pages regarding disabledExtensions:
on the environment variables page - following dynamic variables will be not accessible with disabledExtensions (can be seen with set /?):
%CD%
%DATE%
%TIME%
%RANDOM%
%ERRORLEVEL%
%CMDEXTVERSION%
%CMDCMDLINE%
%HIGHESTNUMANODENUMBER%
Following internal commands will stop working with disabledExtensions (can be seen with cmd /? ) - but a memo is missing on their page (the rest are ok):
COLOR
ASSOC
FTYPE
Exit /b (which is not documented) will start print error message in the errorstream ,though according to my tests it is working as expected.
@echo off
setlocal disableExtensions
exit /b 64
echo not printed
the error message:
The system cannot find the batch label specified - EOF
The exit /b error has been found by Jeb.
3. on echo page - there are better ways to produce beep (as the ^G could have some copy/paste problems):
rundll32.exe Kernel32.dll,Beep 750,300
rundll32.exe cmdext.dll,MessageBeepStub
rundll32 user32.dll,MessageBeep
rundll32.exe Kernel32.dll,Beep 750,300 - I cant pass two parameters to the function :-\
MessageBeep,MessageBeep can accept parametrs:
-1 or no parameter - base beep
64 - asterisk beep
43 - exlamation
16 - warning
more info - https://msdn.microsoft.com/en-us/librar … s.85).aspx
Last edited by npocmaka (10 Apr 2018 21:52)
Offline
Thanks npocmaka, I have added all of these apart from the last one, the rundll32 commands arent running for me for some reason, but I'll investigate it some more tomorrow.
Simon
Offline
Yeah.Sorry for not fully tested beeps.
I've just found these in some pretty old posts around the internet where the variants with passed arguments were given.
All three variants does not accept the arguments through the cmd and work only with their default values.
for cmdext.dll,MessageBeepStub and rundll32 user32.dll,MessageBeep it is the MB_OK(0x00000000L) from the system sounds.
For rundll32.exe Kernel32.dll,Beep it is a REALLY annoying and LONG running sound sound.The default values are not documented - https://msdn.microsoft.com/en-us/librar … s.85).aspx
EDIT:
Setlocal/Endlocal affects restores following commands (https://www.dostips.com/forum/viewforum.php?f=3) - CD (restores directory changed with CD command),PROMPT,PATH,DPATH,Restores/canges %KEYS% variable but does not change the KEYS command state,
Last edited by npocmaka (26 Apr 2018 13:23)
Offline
Here the SO user showed me a not so well documented additional switch of the certutil -encodehex. So you can pass an additional number as a format flag. Here they are:
certutil -encodehex -f strings64.exe strings12.hex 12 - one line HEX value without spaces , columns ,addresses
certutil -encodehex -f strings64.exe strings5.hex 5 - without the addresses
certutil -encodehex -f strings64.exe strings2.hex 2 - pure binary - pointless according to me.
certutil -encodehex -f strings64.exe strings1.hex 1 - base64 without certificate headers
certutil -encodehex -f strings64.exe strings0.hex 0 - base64 with certificate headers
certutil -encodehex -f strings64.exe strings4.hex 4 - in columns with spaces , without the characters and the addresses
certutil -encodehex -f strings64.exe strings7.hex 7 - base64 - X509 without headers (slightly bigger than the normal b64)
certutil -encodehex -f strings64.exe strings8.hex 8 - base64 - x509 with headers
I think these are all. I (still) don't know how X509 can be decoded.
Offline
I have added that to the certutil page now, sorry it took so long
Thanks again
Offline
Is the DISM command deserves its own page?
I needed to manage some windows images and I think it is useful tool:
https://docs.microsoft.com/en-us/window … ptions-s14
I think it comes packed by default since windows 8 but it is available for download for older win versions:
Offline
DISM - Good idea, theres a lot of options but I will look at this once I get the time (wont be this week)
Offline
Format command has new switches (but I'm not sure if it is since windows 8 or 10):
/DAX[:state] NTFS Only: Enable direct access storage (DAX) mode for this
volume. In DAX mode, the volume is accessed via the memory
bus, boosting IO performance. A volume can be formatted
with DAX mode only if the hardware is DAX capable.
State can specify "enable" or "disable". /DAX is considered
as /DAX:enable.
/LogSize[:size] NTFS Only: Specifies the size for NTFS log file in kilobytes.
The minimum supported size is 2MB, so specifying size smaller
than 2MB will result in a 2MB log file. Zero indicates the
default value which generally depend on the volume size.
/NoRepairLogs NTFS Only: Disables NTFS repair logs. If the flag is set
spotfix (i.e. chkdsk /spotfix) will not work.
/DAX[:state] NTFS Only: Enable direct access storage (DAX) mode for this
volume. In DAX mode, the volume is accessed via the memory
bus, boosting IO performance. A volume can be formatted
with DAX mode only if the hardware is DAX capable.
State can specify "enable" or "disable". /DAX is considered
Offline
Thanks again npocmaka I have updated that and also the chkdsk page
Offline
I have now added the CHCP page back to the index page - people keep asking for it!
Offline
Despite IEXPRESS is not supported I needed to use it recently as the MSI was not an option.
In the IEXPRESS SED page the option UseLongFileName is missing and would say that you'll need UseLongFileName=1 on newer machines (otherwise it will rename the files in 8.3 notation which can harm your work if you have dependencies to a files with long file names)
I also think the EndMessage should be FinishMessage.
PostInstallCmd (the same rules apply here as AppLaunched , just the command is executed at the end), AdminQuietInstCmd (my assumption is that is a command that will be executed with admin privileges but I havent test it yet) , UserQuietInstCmd (a commant that will be executed without admin permissions?), PackagePurpose ( it could be CreateCAB,InstallApp)
IEXP_LayoutINF - link to inf file that will be used by makecab. I think this can be used when the package purpose is CreateCAB
SourceMediaLabel - by default is set to Application Source Media. I don't know what's this used for.
Also when the source files are in a path that contains spaces the IEXPRESS throws an error: https://stackoverflow.com/questions/477 … 9#52888479
EDIT (from here: http://www.mdgx.com/INF_web/oldversn.htm):
New Features in Build 306
The latest version of IExpress has some features to help in batch mode install cases.
In the CDF under [options]
CheckAdminRights=1/0
By default IExpress would previously check for admin rights if running on NT and warn the user if they didn't have them. The package author can now specify whether the install will really require admin rights or not and can set the entry to 0 if no check for admin rights is desired.
In the past when running a IExpress package in quiet mode you had to use for example:
Package.exe /Q /C:"setup.exe /s"
Package.exe /Q would quiet the IExpress prompts and extracting screens. /C:"Setup.exe /s" might be an internal command given in the package with /S being it's own quiet flag.
In the CDF under the [options] section:
AdminQuietInstCmd=[string]
UserQuietInstCmd=[string]
You use the two lines to tell IExpress when given the /Q switch what command to use for the internal EXE. (If using an INF you would not need to worry about this)
AdminQuietInstCmd=Setup.exe /s UserQuietInstCmd=Setup.exe /s
Also /Q now has different modes. /QA Admin Quiet Assumes person running app is admin or SMS and does no checking for admin rights, disk space and such. No prompts and no errors.
/Q or /QU User Quiet Assumes being used by the end user but automated to be semi-quiet. No extract UI, but still get warnings on admin checks or disk space issues. Used when IExpress packages are shipped on CDs or installed through ActiveSetup.
Last edited by npocmaka (05 Nov 2018 18:31)
Offline
OK have now updated those two pages, thanks again npocmaka
Offline