-
' FileName: ProcessMagnifier.vbs
-
' Function: Capture information about the running processes in detail
-
' code by somebody
-
' QQ: 240460440
-
' LastModified:2007-11-16 18:25
-
' 仅供学习
-
-
Const HKEY_CURRENT_USER = &H80000001
-
oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
-
strKeyPath = "Console\%SystemRoot%_system32_cmd.exe"
-
oReg.CreateKey(HKEY_CURRENT_USER, strKeyPath)
-
strValueName1 = "CodePage"
-
dwValue1 = 936
-
strValueName2 = "ScreenBufferSize"
-
dwValue2 = 98304200
-
strValueName3 = "WindowSize"
-
dwValue3 = 2818173
-
strValueName4 = "HistoryNoDup"
-
dwValue4 = 0
-
strValueName5 = "WindowPosition"
-
dwValue5 = 131068
-
strValueName6 = "QuickEdit"
-
dwValue6 = 2048
-
oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName1, dwValue1)
-
oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName2, dwValue2)
-
oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName3, dwValue3)
-
oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName4, dwValue4)
-
oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName5, dwValue5)
-
oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName6, dwValue6)
-
-
-
Dim objWSH, FinalPath
-
objWSH = WScript.CreateObject("WScript.Shell")
-
If (LCase(Right(WScript.Fullname, 11)) = "wscript.exe") Then
-
FinalPath = "'" & WScript.ScriptFullName & "'"
-
objWSH.Run("cmd.exe /k cscript //nologo " & Replace(FinalPath, "'", """"))
-
WScript.Quit()
-
End If
-
-
oReg.DeleteKey(HKEY_CURRENT_USER, strKeyPath)
-
oReg = Nothing
-
-
WScript.Echo()
-
WScript.Sleep(1000)
-
WScript.Echo("当前正在运行的进程简要信息列表如下:")
-
WScript.Echo(vbCrLf)
-
WScript.Sleep(2000)
-
-
Dim MyOBJProcessName
-
OBJWMIProcess = GetObject("winmgmts:\\.\root\cimv2").ExecQuery("Select * From Win32_Process")
-
WScript.Echo "Name: Priority: PID: Owner:" &vbTab&vbTab&"ExecutablePath: "
-
WScript.Echo("---------------------------------------------------------------------------------------")
-
For Each OBJProcess In OBJWMIProcess
-
MyOBJProcessName=OBJProcess.Name&" "
-
colProperties = OBJProcess.GetOwner(strNameOfUser, strUserDomain)
-
WScript.Echo Mid(MyOBJProcessName,1,20) &vbTab& OBJProcess.Priority &vbTab& OBJProcess.ProcessID &vbTab& strNameOfUser &vbTab&vbTab& OBJProcess.ExecutablePath
-
Next
-
-
WScript.Sleep(5000)
-
WScript.Echo(vbCrLf)
-
WScript.Echo("当前正在运行的进程以及其加载的模块详细信息树状结构如下:")
-
WScript.Echo(vbCrLf)
-
WScript.Sleep(3000)
-
WScript.Echo vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab& vbTab&"创建时间 文件制造商"
-
-
OBJWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
-
OBJRefresher = CreateObject("WbemScripting.SWbemRefresher")
-
colItems = OBJRefresher.AddEnum(OBJWMIService, "Win32_PerfFormattedData_PerfProc_FullImage_Costly").ObjectSet
-
OBJRefresher.Refresh()
-
For Each OBJItem In colItems
-
Dim originalPath, ModulePath, WMIPathMode, FileManufacturer, LCaseModulePath
-
Dim FileExtension, mark, MyLCaseModulePath, FinalModulePath
-
originalPath = OBJItem.Name
-
ModulePath = Split(originalPath, "/")
-
WMIPathMode = Replace(ModulePath(1), "\", "\\")
-
OBJWMI = GetObject("winmgmts:\\.\root\CIMV2")
-
colManufacturer = OBJWMI.ExecQuery("SELECT * FROM CIM_DataFile Where Name='" & WMIPathMode & "'")
-
For Each OBJManufacturer In colManufacturer
-
FileManufacturer = Trim(OBJManufacturer.Manufacturer)
-
LCaseModulePath = LCase(Trim(OBJManufacturer.Name))
-
FileExtension = Right(LCaseModulePath, 3)
-
MyLCaseModulePath = LCaseModulePath & " "
-
FSO = CreateObject("Scripting.FileSystemObject").GetFile(LCaseModulePath)
-
If FileExtension = "exe" Then
-
mark = "├—"
-
FinalModulePath = Mid(MyLCaseModulePath, 1, 118)
-
WScript.Echo("│")
-
Else
-
mark = "│├─"
-
FinalModulePath = Mid(MyLCaseModulePath, 1, 116)
-
End If
-
WScript.Echo mark & FinalModulePath & FSO.DateCreated &vbTab& FileManufacturer
-
Next
-
Next
