ProcessMagnifier.vbs进程查看
导读:收集整理的这篇文章主要介绍了ProcessMagnifier.vbs进程查看,觉得挺不错的,现在分享给大家,也给大家做个参考。 ' FileName: PRocessMagnifier....
收集整理的这篇文章主要介绍了ProcessMagnifier.vbs进程查看,觉得挺不错的,现在分享给大家,也给大家做个参考。 ' FileName: PRocessMagnifier.vbs ' Function: Capture information about the running processes in detail
' code by somebody
' QQ: 240460440
' LastModified:2007-11-16 18:25
' 仅供学习
Const HKEY_current_USER = & H80000001
oReg = GetObject("winmgmts:{ imPErsonationLevel=impersonate} !\\.\root\default:StdRegProv")
strKeyPath = "Console\%SystemRoot%_system32_cmd.exe"
oReg.CreateKey(HKEY_CURRENT_USER, strKeyPath)
strValueName1 = "CodePage"
dwValue1 = 936
strValueName2 = "ScreenBufferSize"
dwValue2 = 98304200
strValueName3 = "WindowSize"
dwValue3 = 2818173
strValueName4 = "HistoryNoDup"
dwValue4 = 0
strValueName5 = "WindowPosITion"
dwValue5 = 131068
strValueName6 = "QuickEdit"
dwValue6 = 2048
oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName1, dwValue1)
oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName2, dwValue2)
oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName3, dwValue3)
oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName4, dwValue4)
oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName5, dwValue5)
oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName6, dwValue6)
Dim objWSH, FinalPath
objWSH = WScript.CreateObject("WScript.Shell")
If (LCase(Right(WScript.Fullname, 11)) = "wscript.exe") Then
FinalPath = "'" & WScript.ScriptFullName & "'"
objWSH.Run("cmd.exe /k cscript //noLOGo " & Replace(FinalPath, "'", """"))
WScript.Quit()
End If
oReg.DeleteKey(HKEY_CURRENT_USER, strKeyPath)
oReg = Nothing
WScript.Echo()
WScript.Sleep(1000)
WScript.Echo("当前正在运行的进程简要信息列表如下:")
WScript.Echo(vbCrLf)
WScript.Sleep(2000)
Dim myOBJProcessName
OBJWMIProcess = GetObject("winmgmts:\\.\root\cimv2").ExecQuery("Select * From Win32_Process")
WScript.Echo "Name: Priority: PID: Owner:" & vBTab& vbTab& "ExecutablePath: "
WScript.Echo("---------------------------------------------------------------------------------------")
For each OBJProcess In OBJWMIProcess
MyOBJProcessName=OBJProcess.Name& " "
colProperties = OBJProcess.GetOwner(strNameOfuser, strUserDomain)
WScript.Echo Mid(MyOBJProcessName,1,20) & vbTab& OBJProcess.Priority & vbTab& OBJProcess.ProcessID & vbTab& strNameOfUser & vbTab& vbTab& OBJProcess.ExecutablePath
Next
WScript.Sleep(5000)
WScript.Echo(vbCrLf)
WScript.Echo("当前正在运行的进程以及其加载的模块详细信息树状结构如下:")
WScript.Echo(vbCrLf)
WScript.Sleep(3000)
WScript.Echo vbTab& vbTab& vbTab& vbTab& vbTab& vbTab& vbTab& vbTab& vbTab& vbTab& vbTab& vbTab& vbTab& vbTab& vbTab& vbTab& vbTab& "创建时间 文件制造商"
OBJWMIService = GetObject("winmgmts:{ impersonationLevel=impersonate} !\\.\root\cimv2")
OBJRefresher = CreateObject("WbemScripting.SWbemRefresher")
colItems = OBJRefresher.AddEnum(OBJWMIService, "Win32_PerfFormattedData_PerfProc_FullImage_Costly").ObjectSet
OBJRefresher.Refresh()
For Each OBJITem In colItems
Dim originalPath, ModulePath, WMIPathMode, FileManufacturer, LCaSEModulePath
Dim FileExtension, mark, MyLCaseModulePath, FinalModulePath
originalPath = OBJItem.Name
ModulePath = Split(originalPath, "/")
WMIPathMode = Replace(ModulePath(1), "\", "\\")
OBJWMI = GetObject("winmgmts:\\.\root\CIMV2")
colManufacturer = OBJWMI.ExecQuery("SELECT * From CIM_DataFile Where Name='" & WMIPathMode & "'")
For Each OBJManufacturer In colManufacturer
FileManufacturer = Trim(OBJManufacturer.Manufacturer)
LCaseModulePath = LCase(Trim(OBJManufacturer.Name))
FileExtension = Right(LCaseModulePath, 3)
MyLCaseModulePath = LCaseModulePath & " "
FSO = CreateObject("Scripting.FileSystemObject").GetFile(LCaseModulePath)
If FileExtension = "exe" Then
mark = "├—"
FinalModulePath = Mid(MyLCaseModulePath, 1, 118)
WScript.Echo("│")
Else
mark = "│├─"
FinalModulePath = Mid(MyLCaseModulePath, 1, 116)
End If
WScript.Echo mark & FinalModulePath & FSO.DateCreated & vbTab& FileManufacturer
Next
Next
声明:本文内容由网友自发贡献,本站不承担相应法律责任。对本内容有异议或投诉,请联系2913721942#qq.com核实处理,我们将尽快回复您,谢谢合作!
若转载请注明出处: ProcessMagnifier.vbs进程查看
本文地址: https://pptw.com/jishu/609692.html