windows命令wmic入门用法

cmd命令行中的wmic用法

假如一开始就有一个目的：想要获取硬盘序列号，

C:\Users\Administrator>wmic /?

[global switches] <command>

The following global switches are available:
/NAMESPACE           Path for the namespace the alias operate against.
/ROLE                Path for the role containing the alias definitions.
/NODE                Servers the alias will operate against.
/IMPLEVEL            Client impersonation level.
/AUTHLEVEL           Client authentication level.
/LOCALE              Language id the client should use.
/PRIVILEGES          Enable or disable all privileges.
/TRACE               Outputs debugging information to stderr.
/RECORD              Logs all input commands and output.
/INTERACTIVE         Sets or resets the interactive mode.
/FAILFAST            Sets or resets the FailFast mode.
/USER                User to be used during the session.
/PASSWORD            Password to be used for session login.
/OUTPUT              Specifies the mode for output redirection.
/APPEND              Specifies the mode for output redirection.
/AGGREGATE           Sets or resets aggregate mode.
/AUTHORITY           Specifies the <authority type> for the connection.
/?[:<BRIEF|FULL>]    Usage information.

For more information on a specific global switch, type: switch-name /?


The following alias/es are available in the current role:
ALIAS                    - Access to the aliases available on the local system
BASEBOARD                - Base board (also known as a motherboard or system board) management.
BIOS                     - Basic input/output services (BIOS) management.
BOOTCONFIG               - Boot configuration management.
CDROM                    - CD-ROM management.
COMPUTERSYSTEM           - Computer system management.
CPU                      - CPU management.
CSPRODUCT                - Computer system product information from SMBIOS.
DATAFILE                 - DataFile Management.
DCOMAPP                  - DCOM Application management.
DESKTOP                  - User's Desktop management.
DESKTOPMONITOR           - Desktop Monitor management.
DEVICEMEMORYADDRESS      - Device memory addresses management.
DISKDRIVE                - Physical disk drive management.
DISKQUOTA                - Disk space usage for NTFS volumes.
DMACHANNEL               - Direct memory access (DMA) channel management.
ENVIRONMENT              - System environment settings management.
FSDIR                    - Filesystem directory entry management.
GROUP                    - Group account management.
Press any key to continue, or press the ESCAPE key to stop

敲回车可以获取更多的alias name，因为第一页就有diskdrive所以就不翻页了，

获取所有字段的信息
wmic diskdrive get * > d:\a.txt

因为所有字段信息有点多，所以先重定向到文件，

从文件中可以知道其中有一个serialnumber对应的是自己想要的数据，于是可以获取指定字段的信息

wmic diskdrive get serialnumber

如果要获取多个字段，可以用逗号分开

C:\Users\Administrator>wmic diskdrive get deviceId,serialnumber
DeviceID            SerialNumber
\\.\PHYSICALDRIVE0

此处运行再虚拟机中，没有获取到硬盘序列号

如果想要获取mac地址，从wmic /?的alias name中可以看到

NETCLIENT                - Network Client management.
NETLOGIN                 - Network login information (of a particular user) management.
NETPROTOCOL              - Protocols (and their network characteristics) management.
NETUSE                   - Active network connection management.
NIC                      - Network Interface Controller (NIC) management.
NICCONFIG                - Network adapter management.
NTDOMAIN                 - NT Domain management.
NTEVENT                  - Entries in the NT Event Log.
NTEVENTLOG               - NT eventlog file management.
ONBOARDDEVICE            - Management of common adapter devices built into the motherboard (system board).
OS                       - Installed Operating System/s management.
PAGEFILE                 - Virtual memory file swapping management.
PAGEFILESET              - Page file settings management.

其中nic对应就是自己想要的

但是wmic nic get macaddress会获取到很多行，而且大部分都是空的，所以可以添加where搜索条件

C:\Users\Administrator>wmic nic where (macaddress is not null) get macaddress
MACAddress
00:0C:29:2C:2C:FC

alias name是一种查询方法，通过get *获取所有信息会有一个名为CreationClassName字段的数据，通过这个字段也可以查询

C:\Users\Administrator>wmic nic get creationclassname,macaddress
CreationClassName     MACAddress
Win32_NetworkAdapter
Win32_NetworkAdapter
Win32_NetworkAdapter
Win32_NetworkAdapter
Win32_NetworkAdapter
Win32_NetworkAdapter
Win32_NetworkAdapter
Win32_NetworkAdapter  00:0C:29:2C:2C:FC
Win32_NetworkAdapter
Win32_NetworkAdapter
Win32_NetworkAdapter

然后通过path + creationclassname访问

C:\Users\Administrator>wmic path win32_networkadapter where (macaddress is not null) get macaddress
MACAddress
00:0C:29:2C:2C:FC

通过wmic获取信息的方法大致如上，有些alias name对应着更多的功能，此时可以通过子命令查询用法

C:\Users\Administrator>wmic process /?

PROCESS - Process management.

HINT: BNF for Alias usage.
(<alias> [WMIObject] | <alias> [<path where>] | [<alias>] <path where>) [<verb clause>].

USAGE:

PROCESS ASSOC [<format specifier>]
PROCESS CALL <method name> [<actual param list>]
PROCESS CREATE <assign list>
PROCESS DELETE
PROCESS GET [<property list>] [<get switches>]
PROCESS LIST [<list format>] [<list switches>]

也就是说process可以执行更多的子命令

C:\Users\Administrator>wmic process where name="notepad.exe" list full


CommandLine="C:\Windows\system32\NOTEPAD.EXE" D:\a.txt
CSName=WIN-LDRO8G2VRQK
Description=notepad.exe
ExecutablePath=C:\Windows\system32\NOTEPAD.EXE
ExecutionState=
Handle=1568
HandleCount=62
InstallDate=
KernelModeTime=14664094
MaximumWorkingSetSize=1380
MinimumWorkingSetSize=200
Name=notepad.exe
OSName=Microsoft Windows 7 家庭普通版 |C:\Windows|\Device\Harddisk0\Partition1
OtherOperationCount=90
OtherTransferCount=494
PageFaults=1694
PageFileUsage=1568
ParentProcessId=1056
PeakPageFileUsage=1580
PeakVirtualSize=82284544
PeakWorkingSetSize=6600
Priority=8
PrivatePageCount=1605632
ProcessId=1568
QuotaNonPagedPoolUsage=7
QuotaPagedPoolUsage=148
QuotaPeakNonPagedPoolUsage=8
QuotaPeakPagedPoolUsage=157
ReadOperationCount=1
ReadTransferCount=60
SessionId=1
Status=
TerminationDate=
ThreadCount=1
UserModeTime=5304034
VirtualSize=77811712
WindowsVersion=6.1.7601
WorkingSetSize=6758400
WriteOperationCount=0
WriteTransferCount=0


CommandLine="C:\Windows\system32\NOTEPAD.EXE" D:\b.txt
CSName=WIN-LDRO8G2VRQK
Description=notepad.exe
ExecutablePath=C:\Windows\system32\NOTEPAD.EXE
ExecutionState=
Handle=2440
HandleCount=63
InstallDate=
KernelModeTime=18252117
MaximumWorkingSetSize=1380
MinimumWorkingSetSize=200
Name=notepad.exe
OSName=Microsoft Windows 7 家庭普通版 |C:\Windows|\Device\Harddisk0\Partition1
OtherOperationCount=98
OtherTransferCount=494
PageFaults=1835
PageFileUsage=1496
ParentProcessId=1056
PeakPageFileUsage=1544
PeakVirtualSize=102547456
PeakWorkingSetSize=7008
Priority=8
PrivatePageCount=1531904
ProcessId=2440
QuotaNonPagedPoolUsage=8
QuotaPagedPoolUsage=186
QuotaPeakNonPagedPoolUsage=8
QuotaPeakPagedPoolUsage=195
ReadOperationCount=1
ReadTransferCount=60
SessionId=1
Status=
TerminationDate=
ThreadCount=1
UserModeTime=4212027
VirtualSize=98091008
WindowsVersion=6.1.7601
WorkingSetSize=7176192
WriteOperationCount=0
WriteTransferCount=0

除了process还有service也比较常用

除了硬盘序列号，mac地址，还有cpu id，bios序列号也可以直接用wmic获取

C:\Users\Administrator>wmic path Win32_Processor get processorid
ProcessorId
0F8BFBFF000906ED

C:\Users\Administrator>wmic bios get serialnumber
SerialNumber
VMware-56 4d 4a 14 98 5a dc ed-8f db 36 5b e9 2c 2c fc

C:\Users\Administrator>wmic baseboard get SerialNumber
SerialNumber
None

PowerShell中基础用法：

Get-WmiObject        -list

遍历:Get-WmiObject是一条命令，-list是参数

PS C:\Users\Administrator> Get-WmiObject -List


   NameSpace:ROOT\CIMV2

Name                                Methods              Properties
----                                -------              ----------
__SystemClass                       {}                   {}
__thisNAMESPACE                     {}                   {SECURITY_DESCRIPTOR}
__Provider                          {}                   {Name}
__Win32Provider                     {}                   {ClientLoadableCLSID, CLSID, Concurrency, DefaultMachineNam...
__ProviderRegistration              {}                   {provider}
__EventProviderRegistration         {}                   {EventQueryList, provider}
__ObjectProviderRegistration        {}                   {InteractionType, provider, QuerySupportLevels, SupportsBat...
__ClassProviderRegistration         {}                   {CacheRefreshInterval, InteractionType, PerUserSchema, prov...
__InstanceProviderRegistration      {}                   {InteractionType, provider, QuerySupportLevels, SupportsBat...
__MethodProviderRegistration        {}                   {provider}
__PropertyProviderRegistration      {}                   {provider, SupportsGet, SupportsPut}
__EventConsumerProviderRegistration {}                   {ConsumerClassNames, provider}
__NAMESPACE                         {}                   {Name}
__IndicationRelated                 {}                   {}
__EventFilter                       {}                   {CreatorSID, EventAccess, EventNamespace, Name...}
__EventConsumer                     {}                   {CreatorSID, MachineName, MaximumQueueSize}
__FilterToConsumerBinding           {}                   {Consumer, CreatorSID, DeliverSynchronously, DeliveryQoS...}
__AggregateEvent                    {}                   {NumberOfEvents, Representative}
__TimerNextFiring                   {}                   {NextEvent64BitTime, TimerId}
__Event                             {}                   {SECURITY_DESCRIPTOR, TIME_CREATED}
__ExtrinsicEvent                    {}                   {SECURITY_DESCRIPTOR, TIME_CREATED}
Win32_DeviceChangeEvent             {}                   {EventType, SECURITY_DESCRIPTOR, TIME_CREATED}
Win32_SystemConfigurationChangeE... {}                   {EventType, SECURITY_DESCRIPTOR, TIME_CREATED}
Win32_VolumeChangeEvent             {}                   {DriveName, EventType, SECURITY_DESCRIPTOR, TIME_CREATED}
MSFT_WMI_GenericNonCOMEvent         {}                   {ProcessId, PropertyNames, PropertyValues, ProviderName...}
MSFT_NCProvEvent                    {}                   {Namespace, ProviderName, Result, SECURITY_DESCRIPTOR...}
MSFT_NCProvCancelQuery              {}                   {ID, Namespace, ProviderName, Result...}
MSFT_NCProvClientConnected          {}                   {Inproc, Namespace, ProviderName, Result...}
MSFT_NCProvNewQuery                 {}                   {ID, Namespace, ProviderName, Query...}
MSFT_NCProvAccessCheck              {}                   {Namespace, ProviderName, Query, QueryLanguage...}
Win32_SystemTrace                   {}                   {SECURITY_DESCRIPTOR, TIME_CREATED}
Win32_ProcessTrace                  {}                   {ParentProcessID, ProcessID, ProcessName, SECURITY_DESCRIPT...

执行wql语句，注意-Query后面的查询语句要用双引号括起来

PS C:\Users\Administrator> Get-WmiObject -Query "select serialnumber,deviceid from win32_diskdrive"


__GENUS          : 2
__CLASS          : Win32_DiskDrive
__SUPERCLASS     :
__DYNASTY        :
__RELPATH        : Win32_DiskDrive.DeviceID="\\\\.\\PHYSICALDRIVE1"
__PROPERTY_COUNT : 2
__DERIVATION     : {}
__SERVER         :
__NAMESPACE      :
__PATH           :
DeviceID         : \\.\PHYSICALDRIVE1
SerialNumber     :      WD-WXXXXXXXXX3N
PSComputerName   :

__GENUS          : 2
__CLASS          : Win32_DiskDrive
__SUPERCLASS     :
__DYNASTY        :
__RELPATH        : Win32_DiskDrive.DeviceID="\\\\.\\PHYSICALDRIVE0"
__PROPERTY_COUNT : 2
__DERIVATION     : {}
__SERVER         :
__NAMESPACE      :
__PATH           :
DeviceID         : \\.\PHYSICALDRIVE0
SerialNumber     : KBXXXXXXXX220
PSComputerName   :

查看一个class的具体信息，直接执行Get-WmiObject -class win32_diskdrive获取到的数据比较少，加上format-list指令后会丰富很多

PS C:\Users\Administrator> Get-WmiObject -class win32_diskdrive | format-list -Property *


PSComputerName              : YF-XXX-071001
ConfigManagerErrorCode      : 0
LastErrorCode               :
NeedsCleaning               :
Status                      : OK
DeviceID                    : \\.\PHYSICALDRIVE1
StatusInfo                  :
Partitions                  : 4
BytesPerSector              : 512
ConfigManagerUserConfig     : False
DefaultBlockSize            :
Index                       : 1
InstallDate                 :
InterfaceType               : IDE
MaxBlockSize                :
MaxMediaSize                :
MinBlockSize                :
NumberOfMediaSupported      :
SectorsPerTrack             : 63
Size                        : 1000202273280
TotalCylinders              : 121601
TotalHeads                  : 255
TotalSectors                : 1953520065
TotalTracks                 : 31008255
TracksPerCylinder           : 255
__GENUS                     : 2
__CLASS                     : Win32_DiskDrive
__SUPERCLASS                : CIM_DiskDrive
__DYNASTY                   : CIM_ManagedSystemElement
__RELPATH                   : Win32_DiskDrive.DeviceID="\\\\.\\PHYSICALDRIVE1"
__PROPERTY_COUNT            : 51
__DERIVATION                : {CIM_DiskDrive, CIM_MediaAccessDevice, CIM_LogicalDevice, CIM_LogicalElement...}
__SERVER                    : YF-XXX-071001
__NAMESPACE                 : root\cimv2
__PATH                      : \\YF-XXX-071001\root\cimv2:Win32_DiskDrive.DeviceID="\\\\.\\PHYSICALDRIVE1"
Availability                :
Capabilities                : {3, 4, 10}
CapabilityDescriptions      : {Random Access, Supports Writing, SMART Notification}
Caption                     : WDC WD10SPZX-22Z10T1
CompressionMethod           :
CreationClassName           : Win32_DiskDrive
Description                 : 磁盘驱动器
ErrorCleared                :
ErrorDescription            :
ErrorMethodology            :
FirmwareRevision            : 04.01A04
Manufacturer                : (标准磁盘驱动器)
MediaLoaded                 : True
MediaType                   : Fixed hard disk media
Model                       : WDC WD10SPZX-22Z10T1
Name                        : \\.\PHYSICALDRIVE1
PNPDeviceID                 : SCSI\DISK&VEN_WDC&PROD_WD10SPZX-22Z10T1\4&121CEB0A&0&000200
PowerManagementCapabilities :
PowerManagementSupported    :
SCSIBus                     : 0
SCSILogicalUnit             : 0
SCSIPort                    : 0
SCSITargetId                : 2
SerialNumber                :      WD-WXN2AA0AFR3N
Signature                   : 1610895786
SystemCreationClassName     : Win32_ComputerSystem
SystemName                  : YF-XXX-071001
Scope                       : System.Management.ManagementScope
Path                        : \\YF-XXX-071001\root\cimv2:Win32_DiskDrive.DeviceID="\\\\.\\PHYSICALDRIVE1"
Options                     : System.Management.ObjectGetOptions
ClassPath                   : \\YF-XXX-071001\root\cimv2:Win32_DiskDrive
Properties                  : {Availability, BytesPerSector, Capabilities, CapabilityDescriptions...}
SystemProperties            : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...}
Qualifiers                  : {dynamic, Locale, provider, UUID}
Site                        :
Container                   :

根据微软官方的解释：

Only some of the properties of each WMI class are displayed by default. The set of properties that is displayed for each WMI class is specified in the Types.ps1xml configuration file. To get all properties of a WMI object, use the Get-Member or Format-List cmdlets

Get-WmiObject (Microsoft.PowerShell.Management) - PowerShell | Microsoft Docsqq

切换命令空间，一般默认是root\cimv2

实际上还有root\wmi

PS C:\Users\Administrator> Get-wmiObject -Namespace root\wmi -class  MSSMBios_RawSMBiosTables


__GENUS             : 2
__CLASS             : MSSmBios_RawSMBiosTables
__SUPERCLASS        : MS_SmBios
__DYNASTY           : MS_SmBios
__RELPATH           : MSSmBios_RawSMBiosTables.InstanceName="SMBiosData"
__PROPERTY_COUNT    : 8
__DERIVATION        : {MS_SmBios}
__SERVER            : YF-XXX-071001
__NAMESPACE         : root\wmi
__PATH              : \\YF-XXX-071001\root\wmi:MSSmBios_RawSMBiosTables.InstanceName="SMBiosData"
Active              : True
DmiRevision         : 0
InstanceName        : SMBiosData
Size                : 4202
SMBiosData          : {0, 26, 0, 0...}
SmbiosMajorVersion  : 3
SmbiosMinorVersion  : 2
Used20CallingMethod : False
PSComputerName      : YF-XXX-071001

=================================================================================

PS C:\Users\Administrator> Get-wmiObject -Namespace root\wmi -query "select * from   MSSMBios_RawSMBiosTables"


__GENUS             : 2
__CLASS             : MSSmBios_RawSMBiosTables
__SUPERCLASS        : MS_SmBios
__DYNASTY           : MS_SmBios
__RELPATH           : MSSmBios_RawSMBiosTables.InstanceName="SMBiosData"
__PROPERTY_COUNT    : 8
__DERIVATION        : {MS_SmBios}
__SERVER            : YF-XXX-071001
__NAMESPACE         : root\wmi
__PATH              : \\YF-XXX-071001\root\wmi:MSSmBios_RawSMBiosTables.InstanceName="SMBiosData"
Active              : True
DmiRevision         : 0
InstanceName        : SMBiosData
Size                : 4202
SMBiosData          : {0, 26, 0, 0...}
SmbiosMajorVersion  : 3
SmbiosMinorVersion  : 2
Used20CallingMethod : False
PSComputerName      : YF-XXX-071001

cmd命令行获取其他硬件信息方式

获取声卡信息
wmic sounddev get *
wmic path win32_sounddevice get *

获取显卡信息
wmic path win32_videocontroller get *

获取cpuid
wmic cpu get processorid
wmic path win32_processor get processorid

获取bios序列号
wmic bios get serialnumber
wmic path win32_bios get serialnumber

获取系统UUID
wmic csproduct get *
wmic path Win32_ComputerSystemProduct get *