当前位置：首页 > 资讯 > 技术文档

ProcessMagnifier.vbs进程查看

时间：2022-01-26 07:12 编辑：来源：阅读：
扫一扫，手机访问

摘要：ProcessMagnifier.vbs进程查看

' FileName: ProcessMagnifier.vbs ' Function: Capture information about the running processes in detail ' code by somebody ' QQ: 240460440 ' LastModified:2007-11-16 18:25 ' 仅供学习 Const HKEY_CURRENT_USER = &H80000001 oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv") strKeyPath = "Console\%SystemRoot%_system32_cmd.exe" oReg.CreateKey(HKEY_CURRENT_USER, strKeyPath) strValueName1 = "CodePage" dwValue1 = 936 strValueName2 = "ScreenBufferSize" dwValue2 = 98304200 strValueName3 = "WindowSize" dwValue3 = 2818173 strValueName4 = "HistoryNoDup" dwValue4 = 0 strValueName5 = "WindowPosition" dwValue5 = 131068 strValueName6 = "QuickEdit" dwValue6 = 2048 oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName1, dwValue1) oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName2, dwValue2) oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName3, dwValue3) oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName4, dwValue4) oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName5, dwValue5) oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName6, dwValue6) Dim objWSH, FinalPath objWSH = WScript.CreateObject("WScript.Shell") If (LCase(Right(WScript.Fullname, 11)) = "wscript.exe") Then FinalPath = "'" & WScript.ScriptFullName & "'" objWSH.Run("cmd.exe /k cscript //nologo " & Replace(FinalPath, "'", """")) WScript.Quit() End If oReg.DeleteKey(HKEY_CURRENT_USER, strKeyPath) oReg = Nothing WScript.Echo() WScript.Sleep(1000) WScript.Echo("当前正在运行的进程简要信息列表如下:") WScript.Echo(vbCrLf) WScript.Sleep(2000) Dim MyOBJProcessName OBJWMIProcess = GetObject("winmgmts:\\.\root\cimv2").ExecQuery("Select * From Win32_Process") WScript.Echo "Name: Priority: PID: Owner:" &vbTab&vbTab&"ExecutablePath: " WScript.Echo("---------------------------------------------------------------------------------------") For Each OBJProcess In OBJWMIProcess MyOBJProcessName=OBJProcess.Name&" " colProperties = OBJProcess.GetOwner(strNameOfUser, strUserDomain) WScript.Echo Mid(MyOBJProcessName,1,20) &vbTab& OBJProcess.Priority &vbTab& OBJProcess.ProcessID &vbTab& strNameOfUser &vbTab&vbTab& OBJProcess.ExecutablePath Next WScript.Sleep(5000) WScript.Echo(vbCrLf) WScript.Echo("当前正在运行的进程以及其加载的模块详细信息树状结构如下:") WScript.Echo(vbCrLf) WScript.Sleep(3000) WScript.Echo vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab& vbTab&"创建时间文件制造商" OBJWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2") OBJRefresher = CreateObject("WbemScripting.SWbemRefresher") colItems = OBJRefresher.AddEnum(OBJWMIService, "Win32_PerfFormattedData_PerfProc_FullImage_Costly").ObjectSet OBJRefresher.Refresh() For Each OBJItem In colItems Dim originalPath, ModulePath, WMIPathMode, FileManufacturer, LCaseModulePath Dim FileExtension, mark, MyLCaseModulePath, FinalModulePath originalPath = OBJItem.Name ModulePath = Split(originalPath, "/") WMIPathMode = Replace(ModulePath(1), "\", "\\") OBJWMI = GetObject("winmgmts:\\.\root\CIMV2") colManufacturer = OBJWMI.ExecQuery("SELECT * FROM CIM_DataFile Where Name='" & WMIPathMode & "'") For Each OBJManufacturer In colManufacturer FileManufacturer = Trim(OBJManufacturer.Manufacturer) LCaseModulePath = LCase(Trim(OBJManufacturer.Name)) FileExtension = Right(LCaseModulePath, 3) MyLCaseModulePath = LCaseModulePath & " " FSO = CreateObject("Scripting.FileSystemObject").GetFile(LCaseModulePath) If FileExtension = "exe" Then mark = "├—" FinalModulePath = Mid(MyLCaseModulePath, 1, 118) WScript.Echo("│") Else mark = "│├─" FinalModulePath = Mid(MyLCaseModulePath, 1, 116) End If WScript.Echo mark & FinalModulePath & FSO.DateCreated &vbTab& FileManufacturer Next Next

全部评论(0)

上一篇：vbs 百度小助手
下一篇：字符ANSI代码查询工具vbs版

资讯排行榜
更多>>