标题: [转贴 分享] vbs版进程管理 [打印本页]
作者: kioskboy 时间: 2008-3-30 17:57 标题: [转贴 分享] vbs版进程管理
' FileName: ProcessMagnifier.vbs
' Function: Capture information about the running processes in detail
' code by somebody
' QQ: 240460440
' LastModified: 2007-12-9 18:50
const HKEY_CURRENT_USER = &H80000001
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
strKeyPath = "Console\%SystemRoot%_system32_cmd.exe"
oReg.CreateKey HKEY_CURRENT_USER,strKeyPath
strValueName1 = "CodePage"
dwValue1 = 936
strValueName2 = "ScreenBufferSize"
dwValue2 = 98304200
strValueName3 = "WindowSize"
dwValue3 = 2818173
strValueName4 = "HistoryNoDup"
dwValue4 = 0
strValueName5 = "WindowPosition"
dwValue5 = 131068
strValueName6 = "QuickEdit"
dwValue6 = 2048
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName1,dwValue1
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName2,dwValue2
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName3,dwValue3
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName4,dwValue4
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName5,dwValue5
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName6,dwValue6
Dim objWSH, FinalPath
Set objWSH = WScript.CreateObject("WScript.Shell")
If (Lcase(Right(WScript.Fullname,11))="wscript.exe") Then
FinalPath = "'" & WScript.ScriptFullName & "'"
objWSH.Run("cmd.exe /k cscript //nologo " &Replace(FinalPath,"'",""""))
WScript.Quit
End If
oReg.DeleteKey HKEY_CURRENT_USER, strKeyPath
Set oReg = nothing
Wscript.Sleep 1000
Mystr = Array(115,111,109,101,98,111,100,121)
for i=0 to Ubound(Mystr)
author=author&chr(Mystr(i))
next
Wscript.Echo vbCr
Wscript.echo " code by " & author
Wscript.echo " LastModified: 2007-12-9 18:50"
Wscript.Sleep 2000
Wscript.Echo vbCr
str1 = " ╭━━╮╭━━╮╭╭━╮╭━━╮╭━━╮╭━━╮┏━━╮╭╮╭╮"
str4 = " ╰━╮┃┃┃┃┃┃╭╮┃┃╭━╯┃╭╮╮┃┃┃┃┃┃┃┃┃┃"
str6 = " ╰━━╯╰━━╯╰╯╰╯╰━━╯╰━━╯╰━━╯┗━━╯╰╯"
str3 = " ┃╰━╮┃┃┃┃┃┃┃┃┃╰━╮┃╰╯╯┃┃┃┃┃┃┃┃╰╮╭╯"
str5 = " ╭━╯┃┃╰╯┃┃┃┃┃┃╰━╮┃╰╯┃┃╰╯┃┃╰╯┃┃┃"
str2 = " ┃╭━╯┃╭╮┃┃┃┃╭━╯┃╭╮┃┃╭╮┃┃╭╮┃┃╰╯┃"
myArray = Array(str1,str2,str3,str4,str5,str6)
For each str in myArray
Wscript.Echo str
Next
WScript.Echo
WScript.Sleep 3000
WScript.Echo "当前正在运行的进程简要信息列表如下:"
WScript.Echo vbCrLf
WScript.Sleep 2000
Dim MyOBJProcessName
Set OBJWMIProcess = GetObject("winmgmts:\\.\root\cimv2").ExecQuery("Select * From Win32_Process")
WScript.Echo "Name: Priority: PID: Owner:" &vbTab&vbTab&"ExecutablePath: "
WScript.Echo "---------------------------------------------------------------------------------------"
For Each OBJProcess in OBJWMIProcess
MyOBJProcessName=OBJProcess.Name&" "
colProperties = OBJProcess.GetOwner(strNameOfUser,strUserDomain)
WScript.Echo Mid(MyOBJProcessName,1,20) &vbTab& OBJProcess.Priority &vbTab& OBJProcess.ProcessID &vbTab& strNameOfUser &vbTab&vbTab& OBJProcess.ExecutablePath
Next
WScript.Sleep 5000
WScript.Echo vbCrLf
WScript.Echo "当前正在运行的进程以及其加载的模块详细信息树状结构如下:"
WScript.Echo vbCrLf
WScript.Sleep 3000
WScript.Echo vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab& vbTab&"创建时间 文件制造商"
Set OBJWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
Set OBJRefresher = CreateObject("WbemScripting.SWbemRefresher")
Set colItems = OBJRefresher.AddEnum(OBJWMIService,"Win32_PerfFormattedData_PerfProc_FullImage_Costly").ObjectSet
OBJRefresher.Refresh
For Each OBJItem In colItems
Dim originalPath, ModulePath, WMIPathMode, FileManufacturer, LCaseModulePath
Dim FileExtension, mark, MyLCaseModulePath, FinalModulePath
originalPath = OBJItem.Name
ModulePath = Split(originalPath,"/")
WMIPathMode = Replace(ModulePath(1),"\","\\")
Set OBJWMI = GetObject("winmgmts:\\.\root\CIMV2")
Set colManufacturer = OBJWMI.ExecQuery("SELECT * FROM CIM_DataFile Where Name='" & WMIPathMode & "'")
For Each OBJManufacturer In colManufacturer
FileManufacturer=Trim(OBJManufacturer.Manufacturer)
LCaseModulePath=LCase(Trim(OBJManufacturer.Name))
FileExtension=Right(LCaseModulePath, 3)
MyLCaseModulePath=LCaseModulePath & " "
Set FSO = CreateObject("Scripting.FileSystemObject").GetFile(LCaseModulePath)
If FileExtension="exe" Then
mark="├—"
FinalModulePath=Mid(MyLCaseModulePath,1,118)
WScript.Echo "│"
Else
mark="│├─"
FinalModulePath=Mid(MyLCaseModulePath,1,116)
End If
WScript.Echo mark & FinalModulePath & FSO.DateCreated &vbTab& FileManufacturer
Next
Next
MyVBSPath = "'" & WScript.ScriptFullName & "'"
Myclipboard = "cscript //nologo " & Replace(MyVBSPath,"'","""")
Set objIE = CreateObject("InternetExplorer.Application")
objIE.Navigate("about:blank")
objIE.document.parentwindow.clipboardData.SetData "text", Myclipboard作者: tt518 时间: 2008-3-30 18:53
让我告诉你把~那是为了把东西复制到剪贴板~
之后让你在CScript模式下运行~
作者: wzq5510 时间: 2008-3-30 19:00
西
作者: xtanbmy 时间: 2008-4-7 19:59
好东西。
作者: plp626 时间: 2008-4-7 20:06
这叫管理吗?
就是个列举嘛,很不负责任。
作者: dosmania 时间: 2008-4-7 21:15
本想发这里,居然被人先转贴过来了....
5楼的朋友,这个脚本最主要的功能是用来捕获加载到进程里的模块(*.dll),获取的是某时刻的信息,从而根据文件的创建时间和文件制造商结合起来判断某些DLL是否正常,用来杀毒时分析的。是楼主名字起的不合理,说成管理了
至于你所期望的VBS管理,能做到这功能,那就是软件了,典型的例子就是360safe,可那不是VBS,那是软件了,用的是API了。
楼主转贴,转的不完全 来自:
bbs.verybat.cn/viewt ...
以下是具体说明:
Tips:
1. 下载地址: kimhoo.lin.g ... ule.vbs
2. 整个过程大概需要1分钟,主要看进程个数以及CPU空闲情况而定,请尽量让脚本执行完毕不要中途退出
3. 若需要终止脚本,按 CTRL+C 即可,强烈建议不要
4. 脚本自动帮你开启了快速编辑模式,你可以很方便地进行必要复制
5. 其中对注册表的修改是为了浏览美观,任何时候退出程序都会还原对注册表的修改,放心使用
6. 脚本执行完毕后只需鼠标右键单击CMD窗口并且回车即可重复执行脚本
7.建议执行脚本前关闭所有IE浏览器,因为执行脚本过程若你的IE浏览器是打开的,这时会弹一个空白页 about:blank
8. 附上脚本程序运行结果预览图2张
9. 若是模块路径里含中英文混合,将会影响最终排版效果
preview:
[ Last edited by dosmania on 2008-4-7 at 09:55 PM ]
[ Last edited by dosmania on 2008-4-7 at 09:55 PM ]作者: slore 时间: 2008-4-7 21:21
没有1分,郁闷……
给人负分不太好看嗬。
作者: dosmania 时间: 2008-4-7 21:48
是吖....
人家可以完全不在这里发贴的...毕竟积分制度本意是用来鼓励会员发贴的....
给负分人家并不会少一快肉,而且打击发贴积极性,而且这也绝对不是什么大错误,我觉得...
作者: plp626 时间: 2008-4-7 23:09
知道了,对VBS不怎么懂,以为楼主是为赚积分,乱发呢,
以后注意,
鼓励大家多发帖。
作者: kioskboy 时间: 2008-4-9 14:15
Originally posted by plp626 at 2008-4-7 08:06 PM: 这叫管理吗? 就是个列举嘛,很不负责任。弄个负分,不好看,不顶就算了,起码 汗>过 你以后你做电信老板,或其它老板。好多都流行这套的,稍作夸大,不然哪能把你蒙进来 列举也是管理的一部分,最终解释权在我这里,不是吗 麻烦改下吧,还是-1取反 再在后面加个0 [ Last edited by kioskboy on 2008-4-9 at 02:54 PM ]
作者: abcd 时间: 2008-4-9 14:35
既然是转帖,还想要求加多高的分?
作者: kioskboy 时间: 2008-4-9 14:37
比起module.vbs
命令wmic process get commandline,processid,name
来的快些,显示的不列表,不好看
而module.vbs
虽然慢了些,其中对注册表的修改是为了浏览美观
任何时候退出程序都会还原对注册表的修改
可放心使用
实在是居家旅行,查毒杀读,必备良药
作者: kioskboy 时间: 2008-4-9 14:46
Originally posted by abcd at 2008-4-9 02:35 PM: 既然是转帖,还想要求加多高的分?转贴不正说明我诚实 对网络不熟悉的我 这样千百度,含涔涔地找给大家 主席都肯定的传统精神 难道……
作者: kioskboy 时间: 2008-4-9 14:50
后面的代码不要,好像快些[ Last edited by kioskboy on 2008-4-9 at 02:51 PM ]
' FileName: ProcessMagnifier.vbs
' Function: Capture information about the running processes in detail
' code by somebody
' QQ: 240460440
' LastModified: 2007-12-9 18:50
const HKEY_CURRENT_USER = &H80000001
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
strKeyPath = "Console\%SystemRoot%_system32_cmd.exe"
oReg.CreateKey HKEY_CURRENT_USER,strKeyPath
strValueName1 = "CodePage"
dwValue1 = 936
strValueName2 = "ScreenBufferSize"
dwValue2 = 98304200
strValueName3 = "WindowSize"
dwValue3 = 2818173
strValueName4 = "HistoryNoDup"
dwValue4 = 0
strValueName5 = "WindowPosition"
dwValue5 = 131068
strValueName6 = "QuickEdit"
dwValue6 = 2048
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName1,dwValue1
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName2,dwValue2
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName3,dwValue3
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName4,dwValue4
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName5,dwValue5
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName6,dwValue6
Dim objWSH, FinalPath
Set objWSH = WScript.CreateObject("WScript.Shell")
If (Lcase(Right(WScript.Fullname,11))="wscript.exe") Then
FinalPath = "'" & WScript.ScriptFullName & "'"
objWSH.Run("cmd.exe /k cscript //nologo " &Replace(FinalPath,"'",""""))
WScript.Quit
End If
oReg.DeleteKey HKEY_CURRENT_USER, strKeyPath
Set oReg = nothing
WScript.Echo
WScript.Sleep 3000
WScript.Echo "当前正在运行的进程简要信息列表如下:"
WScript.Echo vbCrLf
WScript.Sleep 2000
Dim MyOBJProcessName
Set OBJWMIProcess = GetObject("winmgmts:\\.\root\cimv2").ExecQuery("Select * From Win32_Process")
WScript.Echo "Name: Priority: PID: Owner:" &vbTab&vbTab&"ExecutablePath: "
WScript.Echo "---------------------------------------------------------------------------------------"
For Each OBJProcess in OBJWMIProcess
MyOBJProcessName=OBJProcess.Name&" "
colProperties = OBJProcess.GetOwner(strNameOfUser,strUserDomain)
WScript.Echo Mid(MyOBJProcessName,1,20) &vbTab& OBJProcess.Priority &vbTab& OBJProcess.ProcessID &vbTab& strNameOfUser &vbTab&vbTab& OBJProcess.ExecutablePath
Next作者: zh159 时间: 2008-4-9 18:25
去年在这里发过的一段,使用hta界面,可以复制到剪贴板
保存为*.hta文件运行
<html>
<title>列举进程 - HTA 版 - by zh159@bbs.cn-dos.net - 2007-6-28</title>
<script language="VBScript">
width = 800
height = 700
window.resizeTo width, height
ileft=(window.screen.width-width)/2
itop=(window.screen.height-height)/2
window.moveTo ileft,itop
</script>
<body scroll="no" style="border: 1 solid #9ab8f6;FILTER: progid:DXImageTransform.Microsoft.Gradient(gradientType=0,startColorStr=#10bfff,endColorStr=#007db2);color:#ffffff;">
<table width="100%" align="center" style="font: 12px 宋体;"><td align="center"><textarea id="result" style="width:100%; height:600; font: 13px 宋体;border: 1 solid #9ab8f6;"></textarea><br><input type="button" class1="button" name="Button" value="复制到剪贴板" onClick="copy('result')" style="height:27;border: 1 solid #9ab8f6;FILTER: progid:DXImageTransform.Microsoft.Gradient(gradientType=0,startColorStr=#10bfff,endColorStr=#007db2);color:#ffffff;cursor:hand;"></td></table>
</body>
<script language="VBScript">
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_Process",,48)
For Each objItem in colItems
Num = Num + 1
str = str & Num & ". " & objItem.Caption & vbCrLf & _
"================================================================================" & vbCrLf & _
"Caption: " & objItem.Caption & vbCrLf & _
"CommandLine: " & objItem.CommandLine & vbCrLf & _
"CreationClassName: " & objItem.CreationClassName & vbCrLf & _
"CreationDate: " & objItem.CreationDate & vbCrLf & _
"CSCreationClassName: " & objItem.CSCreationClassName & vbCrLf & _
"CSName: " & objItem.CSName & vbCrLf & _
"Description: " & objItem.Description & vbCrLf & _
"ExecutablePath: " & objItem.ExecutablePath & vbCrLf & _
"ExecutionState: " & objItem.ExecutionState & vbCrLf & _
"Handle: " & objItem.Handle & vbCrLf & _
"HandleCount: " & objItem.HandleCount & vbCrLf & _
"InstallDate: " & objItem.InstallDate & vbCrLf & _
"KernelModeTime: " & objItem.KernelModeTime & vbCrLf & _
"MaximumWorkingSetSize: " & objItem.MaximumWorkingSetSize & vbCrLf & _
"MinimumWorkingSetSize: " & objItem.MinimumWorkingSetSize & vbCrLf & _
"Name: " & objItem.Name & vbCrLf & _
"OSCreationClassName: " & objItem.OSCreationClassName & vbCrLf & _
"OSName: " & objItem.OSName & vbCrLf & _
"OtherOperationCount: " & objItem.OtherOperationCount & vbCrLf & _
"OtherTransferCount: " & objItem.OtherTransferCount & vbCrLf & _
"PageFaults: " & objItem.PageFaults & vbCrLf & _
"PageFileUsage: " & objItem.PageFileUsage & vbCrLf & _
"ParentProcessId: " & objItem.ParentProcessId & vbCrLf & _
"PeakPageFileUsage: " & objItem.PeakPageFileUsage & vbCrLf & _
"PeakVirtualSize: " & objItem.PeakVirtualSize & vbCrLf & _
"PeakWorkingSetSize: " & objItem.PeakWorkingSetSize & vbCrLf & _
"Priority: " & objItem.Priority & vbCrLf & _
"PrivatePageCount: " & objItem.PrivatePageCount & vbCrLf & _
"ProcessId: " & objItem.ProcessId & vbCrLf & _
"QuotaNonPagedPoolUsage: " & objItem.QuotaNonPagedPoolUsage & vbCrLf & _
"QuotaPagedPoolUsage: " & objItem.QuotaPagedPoolUsage & vbCrLf & _
"QuotaPeakNonPagedPoolUsage: " & objItem.QuotaPeakNonPagedPoolUsage & vbCrLf & _
"QuotaPeakPagedPoolUsage: " & objItem.QuotaPeakPagedPoolUsage & vbCrLf & _
"ReadOperationCount: " & objItem.ReadOperationCount & vbCrLf & _
"ReadTransferCount: " & objItem.ReadTransferCount & vbCrLf & _
"SessionId: " & objItem.SessionId & vbCrLf & _
"Status: " & objItem.Status & vbCrLf & _
"TerminationDate: " & objItem.TerminationDate & vbCrLf & _
"ThreadCount: " & objItem.ThreadCount & vbCrLf & _
"UserModeTime: " & objItem.UserModeTime & vbCrLf & _
"VirtualSize: " & objItem.VirtualSize & vbCrLf & _
"WindowsVersion: " & objItem.WindowsVersion & vbCrLf & _
"WorkingSetSize: " & objItem.WorkingSetSize & vbCrLf & _
"WriteOperationCount: " & objItem.WriteOperationCount & vbCrLf & _
"WriteTransferCount: " & objItem.WriteTransferCount & vbCrLf & vbCrLf
Next
result.Value = str
</script>
<script language=JavaScript>
function copy(ob){
var obj=findObj(ob); if (obj) {
obj.select();js=obj.createTextRange();js.execCommand("Copy");}
}
function findObj(n, d) {
var p,I,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=findObj(n,d.layers[i].document);
if(!x && document.getElementById) x=document.getElementById(n); return x;
}
</script>
</html>作者: kioskboy 时间: 2008-4-9 21:10
强!界面美观!
不过太长了,一般只需要commandline,processid,name,有很多垃圾拦,不实用,只作脚本参考训练用
如果有个IE 复选框或对话框来能对 CommandLine,CreationClassName ,ExecutablePath等项
做筛选就好了
[ Last edited by kioskboy on 2008-4-9 at 09:11 PM ]
作者: zh159 时间: 2008-4-9 22:59
原来是给别人提供的VBS脚本加上界面的,所以保留了所有的信息。
可以采用复选框方式来选定项目;也可以延伸为用复选框选定杀进程
作者: kioskboy 时间: 2008-4-9 23:37
Originally posted by zh159 at 2008-4-9 10:59 PM: 原来是给别人提供的VBS脚本加上界面的,所以保留了所有的信息。 可以采用复选框方式来选定项目;也可以延伸为用复选框选定杀进程大虾你写个吧
作者: tempuser 时间: 2008-4-11 08:39
Originally posted by zh159 at 2008-4-9 18:25: 去年在这里发过的一段,使用hta界面,可以复制到剪贴板 保存为*.hta文件运行 [code]<html> <title>列举进程 - HTA 版 - by zh159@bbs.cn-dos.net - 2007-6 ...界面感觉不错,能不能给个代码学一下,就是在这样的界面多加几个功能按纽,比如说有三个按钮: 1.列举本机进程;2.关闭指定进程;3.退出. 谢谢.