Search

Process, Service

[- Disclaimer -] 아래 내용은 정보보안 공부 목적으로 작성된 것이나, 이를 토대로 허가되지 않은 대상에 실습을 진행할 경우 해킹 시도로 간주하여 법적 처벌을 받을 수 있음을 알려 드립니다.
현재 실행중인 Process 목록 확인
✦ Get-Process (gps)
Get-Process | Where-Object { $_.WorkingSet -gt 100mb } | stop-Process -WhatIf
Plain Text
복사
Process 실행/종료
✦ Start, Stop-Process
Start-Process https://blogs.msdn.com/powershell start c:\windows\system32\calc.exe stop-Process -ProcessName calc gps | Where { $_.WorkingSet -lt 10mb } | sort -Descending Name | spps -WhatIf
Plain Text
복사
Process Debugging
✦ Debug-Process notepad
✦ 연결한 Debugger 설정 필요
모든 Service 목록 확인
Get-Service | Where-Object { $_.Status -eq "Running" }
Plain Text
복사
Service 시작/종료
Start-Service PlugPlay -Whatif stop-Service PlugPlay -Whatif Restart-Service Suspend-Service Resum-Service
Plain Text
복사
Service 속성 설정
✦ Set-Service
Set-Service WinRM -StartupType Manual // Windows Booting 시 자동 실행되지 않고 "시작"되었을 때만 실행
Plain Text
복사
Ex)
PS C:\> Get-Help *process* Name Category Module Synopsis ---- -------- ------ -------- Enter-PSHostProcess Cmdlet Microsoft.PowerShell.Core ... Exit-PSHostProcess Cmdlet Microsoft.PowerShell.Core ... Get-PSHostProcessInfo Cmdlet Microsoft.PowerShell.Core ... Debug-Process Cmdlet Microsoft.PowerShell.M... ... Get-Process Cmdlet Microsoft.PowerShell.M... ... Start-Process Cmdlet Microsoft.PowerShell.M... ... Stop-Process Cmdlet Microsoft.PowerShell.M... ... Wait-Process Cmdlet Microsoft.PowerShell.M... ... Get-AppvVirtualProcess Function AppvClient ... Start-AppvVirtualProcess Function AppvClient ... ConvertTo-ProcessMitigationPolicy Cmdlet ProcessMitigations ConvertTo-ProcessMitigation... Get-ProcessMitigation Cmdlet ProcessMitigations Get-ProcessMitigation... Set-ProcessMitigation Cmdlet ProcessMitigations Set-ProcessMitigation... PS C:\>
Plain Text
복사
✦ notepad.exe 실행
PS C:\> start-process notepad PS C:\>
Plain Text
복사
PS C:\> Get-Process *notepad* Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName ------- ------ ----- ----- ------ -- -- ----------- 259 15 3340 17680 0.28 10628 8 notepad PS C:\> Stop-Process -id 10628 PS C:\>
Plain Text
복사
PS C:\> Get-Service Status Name DisplayName ------ ---- ----------- Running AarSvc_6e39f14 Agent Activation Runtime_6e39f14 Stopped AJRouter AllJoyn Router Service Stopped ALG Application Layer Gateway Service Stopped AppIDSvc Application Identity (...)
Plain Text
복사
PS C:\> Get-Service | ? {$_.Status -eq "Running"} Status Name DisplayName ------ ---- ----------- Running AarSvc_6e39f14 Agent Activation Runtime_6e39f14 Running Appinfo Application Information Running AudioEndpointBu... Windows Audio Endpoint Builder Running Audiosrv Windows Audio Running BFE Base Filtering Engine Running BrokerInfrastru... Background Tasks Infrastructure Ser... Running BTAGService Bluetooth 오디오 게이트웨이 서비스 Running BthAvctpSvc AVCTP 서비스 (...)
Plain Text
복사
✦ Service 의존도 확인
✧ Ex) winrm Service 동작 시 필수 실행 Process
PS C:\> Get-Service winrm -requiredServices Status Name DisplayName ------ ---- ----------- Running RPCSS Remote Procedure Call (RPC) Running HTTP HTTP Service PS C:\>
Plain Text
복사
✦ 관리자 권한으로 Service 실행
Start-Service winrm Get-Service winrm Stop-Service winrm Get-Service winrm
Plain Text
복사