sc query state= all | awk '/SERVICE_NAME/{printf"%s:",$2;getline;gsub(/DISP.*:\ /,"");printf"%s\n",$0}' | column -ts\:

Output Windows services in a neatly formated list (cygwin)

Outputs Windows Services service name and display name using "sc query", pipes the output to "awk" for processing, then "column" for formatting. List All Services: sc query state= all | awk '/SERVICE_NAME/{printf"%s:",$2;getline;gsub(/DISP.*:\ /,"");printf"%s\n",$0}' | column -ts\: List Started Services: sc query | awk '/SERVICE_NAME/{printf"%s:",$2;getline;gsub(/DISP.*:\ /,"");printf"%s\n",$0}' | column -ts\: List Stopped Services: sc query state= inactive| awk '/SERVICE_NAME/{printf"%s:",$2;getline;gsub(/DISP.*:\ /,"");printf"%s\n",$0}' | column -ts\:
Sample Output
gupdatem                        Google Update Service (gupdatem)
hidserv                         Human Interface Device Access
hkmsvc                          Health Key and Certificate Management
IAStorDataMgrSvc                Intel(R) Rapid Storage Technology
idsvc                           Windows CardSpace
IEEtwCollectorService           Internet Explorer ETW Collector Service
IKEEXT                          IKE and AuthIP IPsec Keying Modules
ImDskSvc                        ImDisk Virtual Disk Driver Helper
IPBusEnum                       PnP-X IP Bus Enumerator
iphlpsvc                        IP Helper

These Might Interest You

  • wmr - | pv -s $SIZEOFMEM | ssh -p 40004 -c arcfour,blowfish-cbc -C root@savelocation.com "cat - > /forensics/T430-8gb-RAM1.dd" Run above command from Windows Cygwin: On Windows: Install Cygwin, and copy WMR (windows memory reader 1.0) memory diagnostic into cygwin\bin folder, also install cygwins netcat and ssh (openssh). I recommend installing apt-cyg and running " On Linux: Have an SSH Server SIMPLEST FORM: WINDOWS: # wmr - | ssh root@savelocation.com "cat - > /tmp/FileToSave.dd" For more details on how to extract information from memory dump: apt-get install foremost foremost -t all -T -i /forensics/T430-8gb-RAM1.dd For more information: http://www.kossboss.com/memdump-foremost Show Sample Output


    0
    wmr - | pv -s $SIZEOFMEM | ssh -p 40004 -c arcfour,blowfish-cbc -C root@savelocation.com "cat - > /forensics/T430-8gb-RAM1.dd"
    bhbmaster · 2013-05-31 00:04:19 0
  • Pass the files path to finfo(), can be unix path, dos path, relative or absolute. The file is converted into an absolute nix path, then checked to see if it is in-fact a regular/existing file. Then converted into an absolute windows path and sent to "wmic". Then magic, you have windows file details right in the terminal. Uses: cygwin, cygpath, sed, and awk. Needs Windows WMI "wmic.exe" to be operational. The output is corrected for easy... finfo notepad.exe finfo "C:\windows\system32\notepad.exe" finfo /cygdrive/c/Windows/System32/notepad.exe finfo "/cygdrive/c/Program Files/notepad.exe" finfo ../notepad.exe Show Sample Output


    0
    finfo() { [[ -f "$(cygpath "$@")" ]] || { echo "bad-file";return 1;}; echo "$(wmic datafile where name=\""$(echo "$(cygpath -wa "$@")"|sed 's/\\/\\\\/g')"\" get /value)"|sed 's/\r//g;s/^M$//;/^$/d'|awk -F"=" '{print $1"=""\033[1m"$2"\033[0m"}';}
    lowjax · 2013-12-30 07:47:41 0
  • On Windows 2000 or later, this command will give a listing of all the registered Windows services. You can then know what the name of a command is in order to start and stop it. e.g. sc start Apache2.2 or net start Apache2.2 Please note that sc will allow the SERVICE_NAME only, while net will allow both SERVICE_NAME and DISPLAY_NAME. Note that the space between the = and the next word are important. Not very unixy, that. http://www.ss64.com/nt/sc.html http://www.ss64.com/nt/net_service.html http://technet.microsoft.com/en-us/library/bb490995.aspx Show Sample Output


    3
    sc queryex type= service state= all | find "_NAME"
    piyo · 2009-02-13 15:44:42 0
  • I spent a bunch of time yesterday looking for the xsel package in Cygwin- turns out you can use the /dev/clipboard device to do the same thing. Show Sample Output


    13
    cat /dev/clipboard; $(somecommand) > /dev/clipboard
    sud0er · 2009-07-10 18:48:21 1
  • Efficiently clear all Windows Event log entries from within a Cygwin terminal. Uses "cygstart" to launch a hidden "PowerShell" session passing a Powershell command to loop through and clear all Windows Event Log entries. Very useful for troubleshooting and debugging. The command should in theory elevate you session if needed. One liner is based on the PowerShell command: wevtutil el | foreach { wevtutil cl $_ }


    2
    cygstart --hide -wa runas powershell -WindowStyle Hidden -Command '"&{wevtutil el | foreach{wevtutil cl $_}}"'
    lowjax · 2015-02-15 22:56:20 0
  • Using "wmic get * /value" within any Cygwin shell will return lots of Win/Dos newline junk ie "^M$" at the end of found value line, two lines ("$" Unix newline) above, and three below. This makes storing and or evaluating wmic queries as variables a pain. The method i suggest strips the mentioned junk, only returns the value after "OSArchitecture=", and includes only one Unix style newline. Other methods using sed|awk|cut can only handle the output of wmic cleanly when piped or using multiple sed statements. wmic OS get OSArchitecture /value | sed 's/\r//g;s/^M$//;/^$/d;s/.*=//' making wmic OS get OSArchitecture /value | grep -Eo '[^=]*$' a much cleaner and slightly less costly alternative. Show Sample Output


    0
    wmic OS get OSArchitecture /value | grep -Eo '[^=]*$'
    lowjax · 2014-03-15 02:04:08 0

What Others Think

The equivalent command in powershell would be just: gsv
j37 · 168 weeks and 5 days ago
Yah, "gsv" is great for powershell. Gathering the output of a powershell command/script and processing it back into cygwin is rather intensive.
lowjax · 161 weeks ago

What do you think?

Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?

You must be signed in to comment.

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands



Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: