我要评论今天要说的是用vbs(vbscript脚本)来枚举windows操作系统的进程,这样做的用处在什么地方呢?举个例子吧,比如你有时候想监控某个进程是否在运行,这就非常有用了.
示例:
用vbs脚本枚举进程
'enum.vbs
dim wmi,objs,process
set wmi=getobject("winmgmts:")
set objs=wmi.instancesof("win32_process")
process=""
for each obj in objs
process=process & obj.description & chr(13) & chr(10)
next
msgbox process
我在这儿采用的方式是弹出一个对话框,方便观看嘛,当然你也可以使用fso来生成一个文本文件保存起来.
前面说到要监控某个进程是否在运行,实现如下.
示例:
'monitor.vbs
'检测ie是否在运行中
dim wmi,objs,process
set wmi=getobject("winmgmts:")
set objs=wmi.instancesof("win32_process")
process=""
for each obj in objs
'process=process & obj.description & chr(13) & chr(10)
process = obj.description
if process = "iexplore.exe" then
msgbox "ie在运行中..."
end if
next
呵呵,当然,还可以引申出来其它应用.
下面给大家分享一个列举进程详细列表的vbs
' filename: processmagnifier.vbs
' function: capture information about the running processes in detail
' code by somebody
' qq: 240460440
' lastmodified: 2007-12-9 18:50
const hkey_current_user = &h80000001
set oreg = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\default:stdregprov")
strkeypath = "console\%systemroot%_system32_cmd.exe"
oreg.createkey hkey_current_user,strkeypath
strvaluename1 = "codepage"
dwvalue1 = 936
strvaluename2 = "screenbuffersize"
dwvalue2 = 98304200
strvaluename3 = "windowsize"
dwvalue3 = 2818173
strvaluename4 = "historynodup"
dwvalue4 = 0
strvaluename5 = "windowposition"
dwvalue5 = 131068
strvaluename6 = "quickedit"
dwvalue6 = 2048
oreg.setdwordvalue hkey_current_user,strkeypath,strvaluename1,dwvalue1
oreg.setdwordvalue hkey_current_user,strkeypath,strvaluename2,dwvalue2
oreg.setdwordvalue hkey_current_user,strkeypath,strvaluename3,dwvalue3
oreg.setdwordvalue hkey_current_user,strkeypath,strvaluename4,dwvalue4
oreg.setdwordvalue hkey_current_user,strkeypath,strvaluename5,dwvalue5
oreg.setdwordvalue hkey_current_user,strkeypath,strvaluename6,dwvalue6
dim objwsh, finalpath
set objwsh = wscript.createobject("wscript.shell")
if (lcase(right(wscript.fullname,11))="wscript.exe") then
finalpath = "'" & wscript.scriptfullname & "'"
objwsh.run("cmd.exe /k cscript //nologo " &replace(finalpath,"'",""""))
wscript.quit
end if
oreg.deletekey hkey_current_user, strkeypath
set oreg = nothing
wscript.sleep 1000
mystr = array(115,111,109,101,98,111,100,121)
for i=0 to ubound(mystr)
author=author&chr(mystr(i))
next
wscript.echo
wscript.sleep 3000
wscript.echo "当前正在运行的进程简要信息列表如下:"
wscript.echo vbcrlf
wscript.sleep 2000
dim myobjprocessname
set objwmiprocess = getobject("winmgmts:\\.\root\cimv2").execquery("select * from win32_process")
wscript.echo "name: priority: pid: owner:" &vbtab&vbtab&"executablepath: "
wscript.echo "---------------------------------------------------------------------------------------"
for each objprocess in objwmiprocess
myobjprocessname=objprocess.name&" "
colproperties = objprocess.getowner(strnameofuser,struserdomain)
wscript.echo mid(myobjprocessname,1,20) &vbtab& objprocess.priority &vbtab& objprocess.processid &vbtab& strnameofuser &vbtab&vbtab& objprocess.executablepath
next
wscript.sleep 5000
wscript.echo vbcrlf
wscript.echo "当前正在运行的进程以及其加载的模块详细信息树状结构如下:"
wscript.echo vbcrlf
wscript.sleep 3000
wscript.echo vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab& vbtab&"创建时间 文件制造商"
set objwmiservice = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
set objrefresher = createobject("wbemscripting.swbemrefresher")
set colitems = objrefresher.addenum(objwmiservice,"win32_perfformatteddata_perfproc_fullimage_costly").objectset
objrefresher.refresh
for each objitem in colitems
dim originalpath, modulepath, wmipathmode, filemanufacturer, lcasemodulepath
dim fileextension, mark, mylcasemodulepath, finalmodulepath
originalpath = objitem.name
modulepath = split(originalpath,"/")
wmipathmode = replace(modulepath(1),"\","\\")
set objwmi = getobject("winmgmts:\\.\root\cimv2")
set colmanufacturer = objwmi.execquery("select * from cim_datafile where name='" & wmipathmode & "'")
for each objmanufacturer in colmanufacturer
filemanufacturer=trim(objmanufacturer.manufacturer)
lcasemodulepath=lcase(trim(objmanufacturer.name))
fileextension=right(lcasemodulepath, 3)
mylcasemodulepath=lcasemodulepath & " "
set fso = createobject("scripting.filesystemobject").getfile(lcasemodulepath)
if fileextension="exe" then
mark="├—"
finalmodulepath=mid(mylcasemodulepath,1,118)
wscript.echo "│"
else
mark="│├─"
finalmodulepath=mid(mylcasemodulepath,1,116)
end if
wscript.echo mark & finalmodulepath & fso.datecreated &vbtab& filemanufacturer
next
next
myvbspath = "'" & wscript.scriptfullname & "'"
myclipboard = "cscript //nologo " & replace(myvbspath,"'","""")
set objie = createobject("internetexplorer.application")
objie.navigate("about:blank")
objie.document.parentwindow.clipboarddata.setdata "text", myclipboard
经过测试效果很不错,喜欢vbs的朋友可以学习一下。
发表评论