ProcessMagnifier.vbs进程查看
程序员文章站
2022-08-26 08:51:05
' filename: processmagnifier.vbs ' function: cap...
' filename: processmagnifier.vbs
' function: capture information about the running processes in detail
' code by somebody
' qq: 240460440
' lastmodified:2007-11-16 18:25
' 仅供学习
const hkey_current_user = &h80000001
oreg = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\default:stdregprov")
strkeypath = "console\%systemroot%_system32_cmd.exe"
oreg.createkey(hkey_current_user, strkeypath)
strvaluename1 = "codepage"
dwvalue1 = 936
strvaluename2 = "screenbuffersize"
dwvalue2 = 98304200
strvaluename3 = "windowsize"
dwvalue3 = 2818173
strvaluename4 = "historynodup"
dwvalue4 = 0
strvaluename5 = "windowposition"
dwvalue5 = 131068
strvaluename6 = "quickedit"
dwvalue6 = 2048
oreg.setdwordvalue(hkey_current_user, strkeypath, strvaluename1, dwvalue1)
oreg.setdwordvalue(hkey_current_user, strkeypath, strvaluename2, dwvalue2)
oreg.setdwordvalue(hkey_current_user, strkeypath, strvaluename3, dwvalue3)
oreg.setdwordvalue(hkey_current_user, strkeypath, strvaluename4, dwvalue4)
oreg.setdwordvalue(hkey_current_user, strkeypath, strvaluename5, dwvalue5)
oreg.setdwordvalue(hkey_current_user, strkeypath, strvaluename6, dwvalue6)
dim objwsh, finalpath
objwsh = wscript.createobject("wscript.shell")
if (lcase(right(wscript.fullname, 11)) = "wscript.exe") then
finalpath = "'" & wscript.scriptfullname & "'"
objwsh.run("cmd.exe /k cscript //nologo " & replace(finalpath, "'", """"))
wscript.quit()
end if
oreg.deletekey(hkey_current_user, strkeypath)
oreg = nothing
wscript.echo()
wscript.sleep(1000)
wscript.echo("当前正在运行的进程简要信息列表如下:")
wscript.echo(vbcrlf)
wscript.sleep(2000)
dim myobjprocessname
objwmiprocess = getobject("winmgmts:\\.\root\cimv2").execquery("select * from win32_process")
wscript.echo "name: priority: pid: owner:" &vbtab&vbtab&"executablepath: "
wscript.echo("---------------------------------------------------------------------------------------")
for each objprocess in objwmiprocess
myobjprocessname=objprocess.name&" "
colproperties = objprocess.getowner(strnameofuser, struserdomain)
wscript.echo mid(myobjprocessname,1,20) &vbtab& objprocess.priority &vbtab& objprocess.processid &vbtab& strnameofuser &vbtab&vbtab& objprocess.executablepath
next
wscript.sleep(5000)
wscript.echo(vbcrlf)
wscript.echo("当前正在运行的进程以及其加载的模块详细信息树状结构如下:")
wscript.echo(vbcrlf)
wscript.sleep(3000)
wscript.echo vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab& vbtab&"创建时间 文件制造商"
objwmiservice = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
objrefresher = createobject("wbemscripting.swbemrefresher")
colitems = objrefresher.addenum(objwmiservice, "win32_perfformatteddata_perfproc_fullimage_costly").objectset
objrefresher.refresh()
for each objitem in colitems
dim originalpath, modulepath, wmipathmode, filemanufacturer, lcasemodulepath
dim fileextension, mark, mylcasemodulepath, finalmodulepath
originalpath = objitem.name
modulepath = split(originalpath, "/")
wmipathmode = replace(modulepath(1), "\", "\\")
objwmi = getobject("winmgmts:\\.\root\cimv2")
colmanufacturer = objwmi.execquery("select * from cim_datafile where name='" & wmipathmode & "'")
for each objmanufacturer in colmanufacturer
filemanufacturer = trim(objmanufacturer.manufacturer)
lcasemodulepath = lcase(trim(objmanufacturer.name))
fileextension = right(lcasemodulepath, 3)
mylcasemodulepath = lcasemodulepath & " "
fso = createobject("scripting.filesystemobject").getfile(lcasemodulepath)
if fileextension = "exe" then
mark = "├—"
finalmodulepath = mid(mylcasemodulepath, 1, 118)
wscript.echo("│")
else
mark = "│├─"
finalmodulepath = mid(mylcasemodulepath, 1, 116)
end if
wscript.echo mark & finalmodulepath & fso.datecreated &vbtab& filemanufacturer
next
next
' function: capture information about the running processes in detail
' code by somebody
' qq: 240460440
' lastmodified:2007-11-16 18:25
' 仅供学习
const hkey_current_user = &h80000001
oreg = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\default:stdregprov")
strkeypath = "console\%systemroot%_system32_cmd.exe"
oreg.createkey(hkey_current_user, strkeypath)
strvaluename1 = "codepage"
dwvalue1 = 936
strvaluename2 = "screenbuffersize"
dwvalue2 = 98304200
strvaluename3 = "windowsize"
dwvalue3 = 2818173
strvaluename4 = "historynodup"
dwvalue4 = 0
strvaluename5 = "windowposition"
dwvalue5 = 131068
strvaluename6 = "quickedit"
dwvalue6 = 2048
oreg.setdwordvalue(hkey_current_user, strkeypath, strvaluename1, dwvalue1)
oreg.setdwordvalue(hkey_current_user, strkeypath, strvaluename2, dwvalue2)
oreg.setdwordvalue(hkey_current_user, strkeypath, strvaluename3, dwvalue3)
oreg.setdwordvalue(hkey_current_user, strkeypath, strvaluename4, dwvalue4)
oreg.setdwordvalue(hkey_current_user, strkeypath, strvaluename5, dwvalue5)
oreg.setdwordvalue(hkey_current_user, strkeypath, strvaluename6, dwvalue6)
dim objwsh, finalpath
objwsh = wscript.createobject("wscript.shell")
if (lcase(right(wscript.fullname, 11)) = "wscript.exe") then
finalpath = "'" & wscript.scriptfullname & "'"
objwsh.run("cmd.exe /k cscript //nologo " & replace(finalpath, "'", """"))
wscript.quit()
end if
oreg.deletekey(hkey_current_user, strkeypath)
oreg = nothing
wscript.echo()
wscript.sleep(1000)
wscript.echo("当前正在运行的进程简要信息列表如下:")
wscript.echo(vbcrlf)
wscript.sleep(2000)
dim myobjprocessname
objwmiprocess = getobject("winmgmts:\\.\root\cimv2").execquery("select * from win32_process")
wscript.echo "name: priority: pid: owner:" &vbtab&vbtab&"executablepath: "
wscript.echo("---------------------------------------------------------------------------------------")
for each objprocess in objwmiprocess
myobjprocessname=objprocess.name&" "
colproperties = objprocess.getowner(strnameofuser, struserdomain)
wscript.echo mid(myobjprocessname,1,20) &vbtab& objprocess.priority &vbtab& objprocess.processid &vbtab& strnameofuser &vbtab&vbtab& objprocess.executablepath
next
wscript.sleep(5000)
wscript.echo(vbcrlf)
wscript.echo("当前正在运行的进程以及其加载的模块详细信息树状结构如下:")
wscript.echo(vbcrlf)
wscript.sleep(3000)
wscript.echo vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab&vbtab& vbtab&"创建时间 文件制造商"
objwmiservice = getobject("winmgmts:{impersonationlevel=impersonate}!\\.\root\cimv2")
objrefresher = createobject("wbemscripting.swbemrefresher")
colitems = objrefresher.addenum(objwmiservice, "win32_perfformatteddata_perfproc_fullimage_costly").objectset
objrefresher.refresh()
for each objitem in colitems
dim originalpath, modulepath, wmipathmode, filemanufacturer, lcasemodulepath
dim fileextension, mark, mylcasemodulepath, finalmodulepath
originalpath = objitem.name
modulepath = split(originalpath, "/")
wmipathmode = replace(modulepath(1), "\", "\\")
objwmi = getobject("winmgmts:\\.\root\cimv2")
colmanufacturer = objwmi.execquery("select * from cim_datafile where name='" & wmipathmode & "'")
for each objmanufacturer in colmanufacturer
filemanufacturer = trim(objmanufacturer.manufacturer)
lcasemodulepath = lcase(trim(objmanufacturer.name))
fileextension = right(lcasemodulepath, 3)
mylcasemodulepath = lcasemodulepath & " "
fso = createobject("scripting.filesystemobject").getfile(lcasemodulepath)
if fileextension = "exe" then
mark = "├—"
finalmodulepath = mid(mylcasemodulepath, 1, 118)
wscript.echo("│")
else
mark = "│├─"
finalmodulepath = mid(mylcasemodulepath, 1, 116)
end if
wscript.echo mark & finalmodulepath & fso.datecreated &vbtab& filemanufacturer
next
next
上一篇: 把两个文件中的不同之处提取到某个文件中去
下一篇: vbs判读盘符被双击的脚本