Stopping services, restarting services(safemode)

Discussion forum for all Windows batch related topics.

Moderator: DosItHelp

Message
Author
crobertson
Posts: 20
Joined: 25 May 2012 12:34

Stopping services, restarting services(safemode)

#1 Post by crobertson » 06 Jun 2012 15:50

Ocassionally I get hijacked services and few program can detect them or stop them. They also don't show themselves until you stop the services. Plus I like to run something similar to safe mode but still be able to do check desk and install all my programs. THUS I have created this little batch utility that shuts all the servies down (with the help of other bath people).
here is my snippet;
::--------------------------------
:stop
::stopping services
for /f "tokens=*" %%a in ('net start') do echo y|net stop "%%a" /y
pause

This is a two part question
1. How can I change this to skip the first service, which isn't a service but the heading and says it failed.

2. How can I put in a service(s) that I want to skip?

Fawers
Posts: 187
Joined: 08 Apr 2012 17:11
Contact:

Re: Stopping services, restarting services(safemode)

#2 Post by Fawers » 06 Jun 2012 16:37

Question 1. Skip the first line
Use the "skip" option in FOR /F.

Code: Select all

for /f "skip=1 delims=" %a in ('net start') do @echo %a


Question 2. "Put in a service to skip"
I'll ask you to be a little bit more specific.

crobertson
Posts: 20
Joined: 25 May 2012 12:34

Re: Stopping services, restarting services(safemode)

#3 Post by crobertson » 06 Jun 2012 20:24

If you run this piece of code you will see it lists all the services. Lists only not stops. Run it and you will see the first service listed isn't a service at all. I used the skip and it worked well.

dcom service won't be turned off because others are dependant on it. I just wondered if I could put the names of a few names to skip.

for /f "skip=1 delims=" %a in ('net start') (if %a=="dcom" skip
do @echo %a
)

I have no clue. I can't do any do's in for loops. Just wondering if it were possible to add several services to skip. The routine waits a while when trying to shut down services that have dependencies.

I also want to disable all services that aren't default.
I would have to make a list of services and a routine like;
if service neq to anything in this list, disable.
Thanks for your help!
Last edited by crobertson on 06 Aug 2012 20:28, edited 1 time in total.

Fawers
Posts: 187
Joined: 08 Apr 2012 17:11
Contact:

Re: Stopping services, restarting services(safemode)

#4 Post by Fawers » 06 Jun 2012 21:38

There must be an easier way to do this, but all I can think right now is a nested FOR loop.

Which list would be bigger, one containing names of services to DISABLE, or one containing names of services to keep?

You can create a .txt file with the services names you want to disable OR keep, and then run something like this:

Code: Select all

@echo off
for /f "skip=1 delims=" %%a in ('net start') do ^
for /f "delims=" %%b in (listOfServices.txt) do (
  if /i "%%a" EQU "%%b" net stop "%%a"
)

and then you replace "EQU" with "NEQ", depending on your listing option (keep or disable).

crobertson
Posts: 20
Joined: 25 May 2012 12:34

Re: Stopping services, restarting services(safemode)

#5 Post by crobertson » 06 Jun 2012 22:00

It won't matter which list is bigger, but the keepers IS shorter. The ones you want to shut off are unknown services. Some are valid and some are trojans or fake services. I'll try this out tomorrow. Thanks!

Is it possible to do the same thing with processes? I don't want to turn off svchost (we've just turned off all unwanted services) lsass, system and a few others. then turn off all programs

crobertson
Posts: 20
Joined: 25 May 2012 12:34

Re: Stopping services, restarting services(safemode)

#6 Post by crobertson » 06 Aug 2012 20:47

I tried your code for disabling services and couldn't get it to work. I saw a black screen then it went off.

It is difficult to troubleshoot.
I want to have a list of services to keep.

What is 'net start' referring to?

Liviu
Expert
Posts: 470
Joined: 13 Jan 2012 21:24

Re: Stopping services, restarting services(safemode)

#7 Post by Liviu » 06 Aug 2012 21:15

crobertson wrote:I tried your code for disabling services and couldn't get it to work. I saw a black screen then it went off.
That can happen if you (manage to) turn off a service which is essential to the system.

crobertson wrote:I want to have a list of services to keep.
There is no such "safe" list. The next service pack or software upgrade may bring in a new service you don't know about, that might well black screen once shut off. Which is exactly why it's a bad idea to have a "whitelist" of services to begin with - if anything, better blacklist what you know about, and leave the rest alone. Even better, do it using Windows' and other programs' config options, rather than brute force.

crobertson wrote:What is 'net start' referring to?
Open a cmd prompt, type 'net start', press Enter. It becomes self explanatory at that point.

Liviu

crobertson
Posts: 20
Joined: 25 May 2012 12:34

Re: Stopping services, restarting services(safemode)

#8 Post by crobertson » 07 Aug 2012 05:43

This discussion is with Fawers. No the program isn't turning any services off. It's stopping before it does anything.
I know what net starts is. I've never seen it referenced to as though it was a file.

Yes there is a safe list found here http://www.blackviper.com/

I already have registry entry that sets the windows services to Auto manual or disabled, and some batch files that do the same using the net services.

I'm not having a debate about services. I do this about 10 times a day with great sucess. I'm discussing code right now.

crobertson
Posts: 20
Joined: 25 May 2012 12:34

Re: Stopping services, restarting services(safemode)

#9 Post by crobertson » 07 Aug 2012 06:04

Fawers,
I added this bit of code before to list the services running so I would have them all listed, then turn off those. I get a message that the specified service does not exist.


@echo off
color 0A
MODE CON: COLS=90 LINES=50
title List services

:list
::list services currently installed
for /f "skip=1 tokens=*" %%a in ('net start') do echo %%a>>services.txt
start services.txt
pause

:disable
::disable those not in list
for /f "skip=1 delims=" %%a in ('net start') do ^
for /f "delims=" %%b in (Services.txt) do (
if /i "%%a" NEQ "%%b" net stop "%%a"
)

crobertson
Posts: 20
Joined: 25 May 2012 12:34

Re: Stopping services, restarting services(safemode)

#10 Post by crobertson » 07 Aug 2012 07:37

Also, is there a way to skip the last line when writing to a text file or reading from one? These all include the line "comman completed sucessfully"
I though after tokens you add -1, but it did not work.

Squashman
Expert
Posts: 4465
Joined: 23 Dec 2011 13:59

Re: Stopping services, restarting services(safemode)

#11 Post by Squashman » 07 Aug 2012 09:06

crobertson wrote:Also, is there a way to skip the last line when writing to a text file or reading from one? These all include the line "comman completed sucessfully"
I though after tokens you add -1, but it did not work.



If the line always says completed successfully then do a check for it by piping the output to the findstr command and then redirecting to a file.

Liviu
Expert
Posts: 470
Joined: 13 Jan 2012 21:24

Re: Stopping services, restarting services(safemode)

#12 Post by Liviu » 07 Aug 2012 09:16

crobertson wrote:This discussion is with Fawers.
Sorry, didn't realize this was a private chatroom ;-) Don't worry, I won't intrude again. Besides, you seem bent on blackviper wisdom and registry hacking (instead of the builtin command line service control), so there's isn't much to add.

crobertson
Posts: 20
Joined: 25 May 2012 12:34

Re: Stopping services, restarting services(safemode)

#13 Post by crobertson » 07 Aug 2012 11:12

Didn't mean to sound like your not welcome to discuss the code, but fawers was on target with the code. Just needs some tweaking. I'm not discussing the practicallity of what I'm doing. It works great for me, and have had great sucess in all our satellite offices. Just automating what I am doing now.

Thank you squashman, I will try that. I had been told of a quick way to skip last entry.

I will post completed code.

Liviu
Expert
Posts: 470
Joined: 13 Jan 2012 21:24

Re: Stopping services, restarting services(safemode)

#14 Post by Liviu » 07 Aug 2012 22:53

@crobertson, well, flashing black screens are not necessarily signs of a great succes.

@Fawers, here is a variation on your idea, using 'sc /query' instead of 'net start' - slight advantage being that it doesn't waste time on trying to stop "unstoppable" services (which is not to say that the rest are safe to stop, but I won't go there again). The snippet below assumes there is a "svc-ok.txt" file in the current directory, with a list of services to keep, one per line, using the display name. The brave of heart may compile their own "svc-ok.txt" whitelist and remove the @rem from the next-to-last line.

Code: Select all

@echo off
setlocal disabledelayedexpansion

set "svc="
for /f "delims=" %%x in ('sc query state^= all') do call :svcs %%x
goto :eof

:svcs
for /f "tokens=1,2* delims=:() " %%u in ("%*") do (
  if not defined svc (
    if "%%u"=="SERVICE_NAME" (
      if "%%w"=="" (set "svc=%%v") else (set "svc=%%v %%w")
      set "svcex="
  ) ) else if not defined svcex (
    if "%%u"=="DISPLAY_NAME" (
      if "%%w"=="" (set "svcex=%%v") else (set "svcex=%%v %%w")
      set "stat="
  ) ) else if not defined stat (
    if "%%u"=="STATE" (
      set "stat=%%w"
      set "statex="
  ) ) else (
      set "statex=%%u"
      call :svc
  )
)
goto :eof

:svc
if not "%stat%"=="STOPPED" (
  if not "%statex:NOT_STOPPABLE=%"=="%statex%" (
    echo ... not stoppable - "%svcex%"
  ) else (
    call :stop
) )
set "svc="
goto :eof

:stop
for /f "delims=" %%z in (svc-ok.txt) do (
  if /i "%%z"=="%svcex%" (
    echo ---  whitelisted  - "%svcex%"
    goto :eof
) )
echo *** to be stopped - "%svcex%"
@rem net stop "%svcex%"
goto :eof

Liviu

foxidrive
Expert
Posts: 6031
Joined: 10 Feb 2012 02:20

Re: Stopping services, restarting services(safemode)

#15 Post by foxidrive » 08 Aug 2012 00:46

Liviu wrote:(which is not to say that the rest are safe to stop, but I won't go there again)


I think it has to be made clear in this thread that stopping services willy nilly is unwise and is likely to cause problems on machines.

@crobertson - if you do this at work then I think this is a particularly unwise course to take, on machines that are needed to run a business

Post Reply