' FileName: ProcessMagnifier.vbs
' Function: Capture information about the running processes in detail
' code by somebody
' QQ: 240460440
' LastModified:2007-11-16 18:25
' 仅供学习
Const HKEY_CURRENT_USER = &H80000001
oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
strKeyPath = "Console\%SystemRoot%_system32_cmd.exe"
oReg.CreateKey(HKEY_CURRENT_USER, strKeyPath)
strValueName1 = "CodePage"
dwValue1 = 936
strValueName2 = "ScreenBufferSize"
dwValue2 = 98304200
strValueName3 = "WindowSize"
dwValue3 = 2818173
strValueName4 = "HistoryNoDup"
dwValue4 = 0
strValueName5 = "WindowPosition"
dwValue5 = 131068
strValueName6 = "QuickEdit"
dwValue6 = 2048
oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName1, dwValue1)
oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName2, dwValue2)
oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName3, dwValue3)
oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName4, dwValue4)
oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName5, dwValue5)
oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName6, dwValue6)
Dim objWSH, FinalPath
objWSH = WScript.CreateObject("WScript.Shell")
If (LCase(Right(WScript.Fullname, 11)) = "wscript.exe") Then
FinalPath = "'" & WScript.ScriptFullName & "'"
objWSH.Run("cmd.exe /k cscript //nologo " & Replace(FinalPath, "'", """"))
WScript.Quit()
End If
oReg.DeleteKey(HKEY_CURRENT_USER, strKeyPath)
oReg = Nothing
WScript.Echo()
WScript.Sleep(1000)
WScript.Echo("当前正在运行的进程简要信息列表如下:")
WScript.Echo(vbCrLf)
WScript.Sleep(2000)
Dim MyOBJProcessName
OBJWMIProcess = GetObject("winmgmts:\\.\root\cimv2").ExecQuery("Select * From Win32_Process")
WScript.Echo "Name: Priority: PID: Owner:" &vbTab&vbTab&"ExecutablePath: "
WScript.Echo("---------------------------------------------------------------------------------------")
For Each OBJProcess In OBJWMIProcess
MyOBJProcessName=OBJProcess.Name&" "
colProperties = OBJProcess.GetOwner(strNameOfUser, strUserDomain)
WScript.Echo Mid(MyOBJProcessName,1,20) &vbTab& OBJProcess.Priority &vbTab& OBJProcess.ProcessID &vbTab& strNameOfUser &vbTab&vbTab& OBJProcess.ExecutablePath
Next
WScript.Sleep(5000)
WScript.Echo(vbCrLf)
WScript.Echo("当前正在运行的进程以及其加载的模块详细信息树状结构如下:")
WScript.Echo(vbCrLf)
WScript.Sleep(3000)
WScript.Echo vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab& vbTab&"创建时间 文件制造商"
OBJWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
OBJRefresher = CreateObject("WbemScripting.SWbemRefresher")
colItems = OBJRefresher.AddEnum(OBJWMIService, "Win32_PerfFormattedData_PerfProc_FullImage_Costly").ObjectSet
OBJRefresher.Refresh()
For Each OBJItem In colItems
Dim originalPath, ModulePath, WMIPathMode, FileManufacturer, LCaseModulePath
Dim FileExtension, mark, MyLCaseModulePath, FinalModulePath
originalPath = OBJItem.Name
ModulePath = Split(originalPath, "/")
WMIPathMode = Replace(ModulePath(1), "\", "\\")
OBJWMI = GetObject("winmgmts:\\.\root\CIMV2")
colManufacturer = OBJWMI.ExecQuery("SELECT * FROM CIM_DataFile Where Name='" & WMIPathMode & "'")
For Each OBJManufacturer In colManufacturer
FileManufacturer = Trim(OBJManufacturer.Manufacturer)
LCaseModulePath = LCase(Trim(OBJManufacturer.Name))
FileExtension = Right(LCaseModulePath, 3)
MyLCaseModulePath = LCaseModulePath & " "
FSO = CreateObject("Scripting.FileSystemObject").GetFile(LCaseModulePath)
If FileExtension = "exe" Then
mark = "├—"
FinalModulePath = Mid(MyLCaseModulePath, 1, 118)
WScript.Echo("│")
Else
mark = "│├─"
FinalModulePath = Mid(MyLCaseModulePath, 1, 116)
End If
WScript.Echo mark & FinalModulePath & FSO.DateCreated &vbTab& FileManufacturer
Next
Next
