当前位置: 首页 > 图文教程 > 脚本技术 > VBScript > ProcessMagnifier.vbs进程查看

VBScript
vbs 列出该目录下所有文件和文件夹的类型,大小,和所有者
雷客图 站长安全助手 vbs版代码(asp 木马查找)
discuz 任意管理员密码漏洞利用工具 vbs代码
添加网站到安全站点.设置安全站点打开ActiveX时提示.去页眉页脚的vbs代码
文件夹定时自动备份 AutoBackUpFolder.vbs
iis PHP安装脚本 PHPInstall.vbs V3.1
HTA文件去除html控件认证和接收命令行参数
vbs 更改环境变量
excel2access vbs脚本
VBS 下载方法(CDO.MESSAGE)
vbs实现myipneighbors 域名查询结果整理
修改 Gateway和DNS的vbs脚本
VBS sendkeys 模拟击键操作 问题解决
用vbscript来添加ip策略 自动封IP
vbs,hta中选择文件夹对话框实现代码
WMI 脚本高手不完全手册
vbscript语句中“&H”专用于16进制数表示
URL 筛选小工具 提取网页中的链接地址
VBScript 文件操作代码小结
vbs 错误捕获器,用于捕获内部错误并进行手工处理

VBScript 中的 ProcessMagnifier.vbs进程查看


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-09-11   浏览: 69 ::
收藏到网摘: n/a

' FileName: ProcessMagnifier.vbs
' Function: Capture information about the running processes in detail
' code by somebody
' QQ: 240460440
' LastModified:2007-11-16 18:25
' 仅供学习
Const HKEY_CURRENT_USER = &H80000001
oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
strKeyPath = "Console\%SystemRoot%_system32_cmd.exe"
oReg.CreateKey(HKEY_CURRENT_USER, strKeyPath)
strValueName1 = "CodePage"
dwValue1 = 936
strValueName2 = "ScreenBufferSize"
dwValue2 = 98304200
strValueName3 = "WindowSize"
dwValue3 = 2818173
strValueName4 = "HistoryNoDup"
dwValue4 = 0
strValueName5 = "WindowPosition"
dwValue5 = 131068
strValueName6 = "QuickEdit"
dwValue6 = 2048
oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName1, dwValue1)
oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName2, dwValue2)
oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName3, dwValue3)
oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName4, dwValue4)
oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName5, dwValue5)
oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName6, dwValue6)

Dim objWSH, FinalPath
objWSH = WScript.CreateObject("WScript.Shell")
If (LCase(Right(WScript.Fullname, 11)) = "wscript.exe") Then
FinalPath = "'" & WScript.ScriptFullName & "'"
objWSH.Run("cmd.exe /k cscript //nologo " & Replace(FinalPath, "'", """"))
WScript.Quit()
End If
oReg.DeleteKey(HKEY_CURRENT_USER, strKeyPath)
oReg = Nothing
WScript.Echo()
WScript.Sleep(1000)
WScript.Echo("当前正在运行的进程简要信息列表如下:")
WScript.Echo(vbCrLf)
WScript.Sleep(2000)
Dim MyOBJProcessName
OBJWMIProcess = GetObject("winmgmts:\\.\root\cimv2").ExecQuery("Select * From Win32_Process")
WScript.Echo "Name: Priority: PID: Owner:" &vbTab&vbTab&"ExecutablePath: "
WScript.Echo("---------------------------------------------------------------------------------------")
For Each OBJProcess In OBJWMIProcess
MyOBJProcessName=OBJProcess.Name&" "
colProperties = OBJProcess.GetOwner(strNameOfUser, strUserDomain)
WScript.Echo Mid(MyOBJProcessName,1,20) &vbTab& OBJProcess.Priority &vbTab& OBJProcess.ProcessID &vbTab& strNameOfUser &vbTab&vbTab& OBJProcess.ExecutablePath
Next
WScript.Sleep(5000)
WScript.Echo(vbCrLf)
WScript.Echo("当前正在运行的进程以及其加载的模块详细信息树状结构如下:")
WScript.Echo(vbCrLf)
WScript.Sleep(3000)
WScript.Echo vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab& vbTab&"创建时间 文件制造商"
OBJWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
OBJRefresher = CreateObject("WbemScripting.SWbemRefresher")
colItems = OBJRefresher.AddEnum(OBJWMIService, "Win32_PerfFormattedData_PerfProc_FullImage_Costly").ObjectSet
OBJRefresher.Refresh()
For Each OBJItem In colItems
Dim originalPath, ModulePath, WMIPathMode, FileManufacturer, LCaseModulePath
Dim FileExtension, mark, MyLCaseModulePath, FinalModulePath
originalPath = OBJItem.Name
ModulePath = Split(originalPath, "/")
WMIPathMode = Replace(ModulePath(1), "\", "\\")
OBJWMI = GetObject("winmgmts:\\.\root\CIMV2")
colManufacturer = OBJWMI.ExecQuery("SELECT * FROM CIM_DataFile Where Name='" & WMIPathMode & "'")
For Each OBJManufacturer In colManufacturer
FileManufacturer = Trim(OBJManufacturer.Manufacturer)
LCaseModulePath = LCase(Trim(OBJManufacturer.Name))
FileExtension = Right(LCaseModulePath, 3)
MyLCaseModulePath = LCaseModulePath & " "
FSO = CreateObject("Scripting.FileSystemObject").GetFile(LCaseModulePath)
If FileExtension = "exe" Then
mark = "├—"
FinalModulePath = Mid(MyLCaseModulePath, 1, 118)
WScript.Echo("│")
Else
mark = "│├─"
FinalModulePath = Mid(MyLCaseModulePath, 1, 116)
End If
WScript.Echo mark & FinalModulePath & FSO.DateCreated &vbTab& FileManufacturer
Next
Next