vbs枚举进程 vbs列出进程的详细列表

时间:2022-09-20 20:06:46

今天要说的是用VBS(VBScript脚本)来枚举Windows操作系统的进程,这样做的用处在什么地方呢?举个例子吧,比如你有时候想监控某个进程是否在运行,这就非常有用了.

示例:

用VBS脚本枚举进程

?
1
2
3
4
5
6
7
8
9
'enum.vbs
Dim WMI,Objs,Process
Set WMI=GetObject("WinMgmts:")
Set Objs=WMI.InstancesOf("Win32_Process")
Process=""
For Each Obj In Objs
  Process=Process & Obj.Description & Chr(13) & Chr(10)
Next
MsgBox Process

我在这儿采用的方式是弹出一个对话框,方便观看嘛,当然你也可以使用FSO来生成一个文本文件保存起来.
前面说到要监控某个进程是否在运行,实现如下.
示例:

?
1
2
3
4
5
6
7
8
9
10
11
12
13
'monitor.vbs
'检测IE是否在运行中
Dim WMI,Objs,Process
Set WMI=GetObject("WinMgmts:")
Set Objs=WMI.InstancesOf("Win32_Process")
Process=""
For Each Obj In Objs
'Process=Process & Obj.Description & Chr(13) & Chr(10)
Process = Obj.Description
if Process = "iexplore.exe" then
msgbox "IE在运行中..."
end if
Next

呵呵,当然,还可以引申出来其它应用.

下面给大家分享一个列举进程详细列表的vbs

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
' FileName: ProcessMagnifier.vbs
' Function: Capture information about the running processes in detail
' code by somebody
' QQ: 240460440
' LastModified: 2007-12-9 18:50
 
const HKEY_CURRENT_USER = &H80000001
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
strKeyPath = "Console\%SystemRoot%_system32_cmd.exe"
oReg.CreateKey HKEY_CURRENT_USER,strKeyPath
strValueName1 = "CodePage"
dwValue1 = 936
strValueName2 = "ScreenBufferSize"
dwValue2 = 98304200
strValueName3 = "WindowSize"
dwValue3 = 2818173
strValueName4 = "HistoryNoDup"
dwValue4 = 0
strValueName5 = "WindowPosition"
dwValue5 = 131068
strValueName6 = "QuickEdit"
dwValue6 = 2048
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName1,dwValue1
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName2,dwValue2
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName3,dwValue3
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName4,dwValue4
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName5,dwValue5
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName6,dwValue6
 
Dim objWSH, FinalPath
Set objWSH = WScript.CreateObject("WScript.Shell")
If (Lcase(Right(WScript.Fullname,11))="wscript.exe") Then
  FinalPath = "'" & WScript.ScriptFullName & "'"
  objWSH.Run("cmd.exe /k cscript //nologo " &Replace(FinalPath,"'",""""))
  WScript.Quit
End If
 
oReg.DeleteKey HKEY_CURRENT_USER, strKeyPath
Set oReg = nothing
 
Wscript.Sleep 1000
Mystr = Array(115,111,109,101,98,111,100,121)
for i=0 to Ubound(Mystr)
  author=author&chr(Mystr(i))
 
Next
 
WScript.Echo
WScript.Sleep 3000
WScript.Echo "当前正在运行的进程简要信息列表如下:"
WScript.Echo vbCrLf
WScript.Sleep 2000
 
Dim MyOBJProcessName
Set OBJWMIProcess = GetObject("winmgmts:\\.\root\cimv2").ExecQuery("Select * From Win32_Process")
     WScript.Echo "Name:        Priority:  PID:  Owner:" &vbTab&vbTab&"ExecutablePath: "
     WScript.Echo "---------------------------------------------------------------------------------------"
         For Each OBJProcess in OBJWMIProcess
     MyOBJProcessName=OBJProcess.Name&"          "
         colProperties = OBJProcess.GetOwner(strNameOfUser,strUserDomain)
     WScript.Echo Mid(MyOBJProcessName,1,20) &vbTab& OBJProcess.Priority &vbTab& OBJProcess.ProcessID &vbTab& strNameOfUser &vbTab&vbTab& OBJProcess.ExecutablePath
     Next
    
WScript.Sleep 5000
WScript.Echo vbCrLf
WScript.Echo "当前正在运行的进程以及其加载的模块详细信息树状结构如下:"
WScript.Echo vbCrLf
WScript.Sleep 3000
WScript.Echo vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab& vbTab&"创建时间       文件制造商"
 
Set OBJWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
Set OBJRefresher = CreateObject("WbemScripting.SWbemRefresher")
Set colItems = OBJRefresher.AddEnum(OBJWMIService,"Win32_PerfFormattedData_PerfProc_FullImage_Costly").ObjectSet
OBJRefresher.Refresh
For Each OBJItem In colItems
  Dim originalPath, ModulePath, WMIPathMode, FileManufacturer, LCaseModulePath
    Dim FileExtension, mark, MyLCaseModulePath, FinalModulePath
  originalPath = OBJItem.Name
  ModulePath = Split(originalPath,"/")
  WMIPathMode = Replace(ModulePath(1),"\","\\")
  Set OBJWMI = GetObject("winmgmts:\\.\root\CIMV2")
  Set colManufacturer = OBJWMI.ExecQuery("SELECT * FROM CIM_DataFile Where Name='" & WMIPathMode & "'")
  For Each OBJManufacturer In colManufacturer
      FileManufacturer=Trim(OBJManufacturer.Manufacturer)
      LCaseModulePath=LCase(Trim(OBJManufacturer.Name))
      FileExtension=Right(LCaseModulePath, 3)
      MyLCaseModulePath=LCaseModulePath & "                                                        "
      Set FSO = CreateObject("Scripting.FileSystemObject").GetFile(LCaseModulePath)
               If FileExtension="exe" Then
            mark="├—"
              FinalModulePath=Mid(MyLCaseModulePath,1,118)
              WScript.Echo "│"               
          Else
        mark="│├─"
              FinalModulePath=Mid(MyLCaseModulePath,1,116)
          End If
      WScript.Echo mark & FinalModulePath & FSO.DateCreated &vbTab& FileManufacturer            
    Next
Next
 
MyVBSPath = "'" & WScript.ScriptFullName & "'"   
Myclipboard = "cscript //nologo " & Replace(MyVBSPath,"'","""")
Set objIE = CreateObject("InternetExplorer.Application")
objIE.Navigate("about:blank")
objIE.document.parentwindow.clipboardData.SetData "text", Myclipboard

经过测试效果很不错,喜欢vbs的朋友可以学习一下。