Windows-Command-Enumerator

a tool for windows to see linux commandtool

Comment

Windows Command Enumerator: Technical Documentation

1. Overview

Windows Command Enumerator is a specialized C utility designed for the Windows operating system that systematically scans and lists all available command-line tools accessible to the user. It distinguishes between Internal Commands (built into cmd.exe) and External Commands (executable files located in the system directory). This tool is particularly useful for system administrators, developers, and security researchers who need a comprehensive inventory of available system utilities without relying on external scripts or manual lookup.

The application leverages native Win32 API functions to ensure accurate detection of system files and provides a color-coded, formatted output for improved readability in the console.

2. Compilation and Installation

Prerequisites

  • Operating System: Windows (XP, 7, 8, 10, 11, or Server editions).
  • Compiler: MinGW-w64 (GCC) or Microsoft Visual Studio (MSVC).
  • Libraries: Standard Windows libraries (kernel32.lib, user32.lib, etc., linked automatically by most compilers).

Build Instructions

Using MinGW (GCC)

gcc -o cmd_enumerator.exe main.c

Using Microsoft Visual Studio (Developer Command Prompt)

cl main.c /Fe:cmd_enumerator.exe

3. Usage

The program is a standalone executable with no command-line arguments. Simply run it in a Command Prompt (cmd.exe) or PowerShell window.

./cmd_enumerator.exe

Output Structure

The output is divided into two main sections:

  1. Internal Windows Shell Commands:

    • Listed manually from a hardcoded array within the source code.
    • These are commands like dir, copy, echo, and cd which are not separate .exe files but are interpreted directly by the shell.
    • Displayed in Cyan.

  2. External System Commands:

    • Discovered dynamically by scanning the %SystemRoot%\System32 directory.
    • Includes all .exe and .com files found in this directory.
    • Displayed in White/Gray.

At the end of the scan, the total count for each category is displayed, followed by usage hints in Yellow.

4. Technical Implementation Details

4.1. Internal Command Enumeration

Since internal commands do not exist as physical files on the disk, they cannot be detected via file system APIs. The program uses a static constant array INTERNAL_COMMANDS containing approximately 60 standard CMD built-ins.

const char* INTERNAL_COMMANDS[] = {
 "ASSOC ", "ATTRIB ", "BREAK ", ... "XCOPY ", "WMIC "
};

4.2. External Command Enumeration (Win32 API)

The core functionality relies on the Windows File Search API to scan the system directory.

  1. Retrieve System Directory: The function GetSystemDirectory() is used to safely obtain the path to System32 (e.g., C:\Windows\System32), ensuring compatibility across different Windows installations where the drive letter or folder name might vary.

  2. File Search Pattern: The program constructs a search pattern C:\Windows\System32\*.exe and uses FindFirstFile() and FindNextFile() to iterate through all matching entries.

  3. Filtering and Formatting:

    • Directory Filtering: The dwFileAttributes field is checked against FILE_ATTRIBUTE_DIRECTORY to skip subfolders.
    • Extension Removal: The .exe or .com extension is stripped from the filename using strrchr() to present a clean command name (e.g., ipconfig.exe becomes ipconfig).

  4. Secondary Scan for .COM Files: A second pass is performed for *.com files to capture legacy executables that might still be present in the system directory.

4.3. Console Formatting

  • Color Handling: The SetColor() function uses GetStdHandle(STD_OUTPUT_HANDLE) and SetConsoleTextAttribute() to change text colors dynamically.
    • Cyan (11): Internal Commands header.
    • Green (10): External Commands header.
    • Gray (8): Descriptive text.
    • White (7): Command lists.
    • Yellow (14): Footer/Help text.
  • Column Layout: The output is formatted into columns (5 columns for internal commands, 3 for external) using printf width specifiers (e.g., %-15s) to ensure alignment.

5. Error Handling

  • System Directory Retrieval: If GetSystemDirectory() fails, the program prints an error message and aborts the external scan.
  • File Search Failure: If FindFirstFile() returns INVALID_HANDLE_VALUE, an error is reported, preventing crashes during iteration.
  • Buffer Overflows: Fixed-size buffers (MAX_PATH) are used for paths, which is standard for Windows API interactions.

6. Limitations and Considerations

  1. Scope of Scan:

    • The tool only scans %SystemRoot%\System32. It does not scan:
      • %SystemRoot%\SysWOW64 (on 64-bit systems).
      • Directories listed in the user's PATH environment variable (e.g., C:\Program Files\Git\bin).
      • User-installed applications.
    • Note: To see commands from other directories, users should rely on the system PATH variable, but this tool specifically targets core OS utilities.

  2. Internal Command List:

    • The list of internal commands is hardcoded. If new internal commands are added in future Windows updates, they will not appear unless the source code is updated and recompiled.

  3. Permissions:

    • Running this tool does not require Administrator privileges, as reading the System32 directory is allowed for standard users. However, some listed commands may require elevation to execute successfully.

  4. Performance:

    • Scanning System32 involves reading thousands of file entries. While fast on modern SSDs, it may take a few seconds on older hardware.

7. Example Output

========================================================
        WINDOWS ALL-COMMANDS ENUMERATOR v2.0            
========================================================
Scanning system for available commands...

=== [1] INTERNAL WINDOWS SHELL COMMANDS (Built-in) ===
ASSOC          ATTRIB         BREAK          BCDEDIT        CACLS          
CALL           CD             CHCP           CHDIR          CHKDSK         
...
Total Internal Commands: 64

=== [2] EXTERNAL SYSTEM COMMANDS (Scanning C:\Windows\System32) ===
(These are executable tools found in your Windows System32 folder)
arp                      attrib                   audiodg                  
authz                    bcdboot                  bcdedit                  
...
Total External Commands Found: 1250

========================================================
 DONE. You can use any of these commands in CMD/Powershell.
 To execute a command, simply type its name.
 To get help for a specific command, type:  <COMMAND > /?
========================================================

Press Enter to exit...

8. Security Note

This tool is read-only and does not modify system files. However, listing all available executables can be useful for reconnaissance in penetration testing scenarios. Ensure you have authorization before using this tool on systems you do not own.

Built With

Share this project:

Updates