VBScript之通过对比注册表查找隐藏的服务

程序员文章站 2022-07-06 12:58:48

效果图：代码（checksvr.vbs）：复制代码代码如下:'on error resume next const hkey_local_machine = &...

效果图：

代码（checksvr.vbs）：

复制代码代码如下:

'on error resume next

const hkey_local_machine = &h80000002

set oreg=getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\default:stdregprov")

strkeypath = "system\currentcontrolset\services"
oreg.enumkey hkey_local_machine, strkeypath, arrsubkeys

wscript.echo "checking, please wait ..."
wscript.echo ""

for each subkey in arrsubkeys
oreg.getstringvalue hkey_local_machine, strkeypath & "\\" & subkey, "objectname", strvalue

if not (strvalue = "") then
  '判断服务, 利用数组来比较不知道会不会快些？
  if not (checksvr(subkey)) then
   wscript.echo subkey & formatouttab(subkey) & strvalue & formatouttab(strvalue) & "[ hidden ]"
  else
   wscript.echo subkey & formatouttab(subkey) & strvalue & formatouttab(strvalue) & "[   ok   ]"
  end if

end if
next
wscript.echo ""
wscript.echo "all done."
wscript.quit (0)

function checksvr(strname)
set owmi = getobject("winmgmts:" & "{impersonationlevel=impersonate}!\\.\root\cimv2")
set cservice = owmi.execquery("select * from win32_service where name='" & strname & "'")
if (cservice.count <> 0) then
checksvr = true
else
checksvr = false
end if
end function

function formatouttab(strname)
strlen = len(strname)
select case true
  case strlen < 8
   formatouttab = vbtab & vbtab & vbtab & vbtab & vbtab

  case strlen < 16
   formatouttab = vbtab & vbtab & vbtab & vbtab

  case strlen < 24
   formatouttab = vbtab & vbtab & vbtab

  case strlen < 32
   formatouttab = vbtab & vbtab

  case strlen < 40
   formatouttab = vbtab

  case else
   formatouttab = vbtab
  end select
end function

利用字典，速度要快很多：

复制代码代码如下:

dim odic, oreg, owmi, arrservices
const hkey_local_machine = &h80000002

wscript.echo "[*] checking, please wait ..."
wscript.echo ""

set odic = createobject("scripting.dictionary")

set owmi = getobject("winmgmts:" & "{impersonationlevel=impersonate}!\\.\root\cimv2")
set arrservices = owmi.execquery("select * from win32_service")
for each strservice in arrservices
odic.add strservice.name, strservice.name
next

set oreg = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\default:stdregprov")
strkeypath = "system\currentcontrolset\services"
oreg.enumkey hkey_local_machine, strkeypath, arrsubkeys

for each subkey in arrsubkeys
oreg.getstringvalue hkey_local_machine, strkeypath & "\\" & subkey, "objectname", strvalue
if not (strvalue = "") then
  if odic.exists(subkey) then
   wscript.echo subkey & formatouttab(subkey) & strvalue & formatouttab(strvalue) & "[   ok   ]"
  else
   wscript.echo subkey & formatouttab(subkey) & strvalue & formatouttab(strvalue) & "[ hidden ]"
  end if
end if
next

odic.removeall

wscript.echo ""
wscript.echo "[*] all done."
wscript.quit (0)

function formatouttab(strname)
strlen = len(strname)
select case true
  case strlen < 8
   formatouttab = vbtab & vbtab & vbtab & vbtab

  case strlen < 16
   formatouttab = vbtab & vbtab & vbtab

  case strlen < 24
   formatouttab = vbtab & vbtab

case strlen < 32
formatouttab = vbtab

  case else
   formatouttab = vbtab
  end select
end function

来自： enun.net

上一篇： VBS 正则判别素数(质数)

下一篇： VBScript 输出中的对齐实现方法