vbs枚举进程 vbs列出进程的详细列表

2024-03-08 08:32:03 151

今天要说的是用VBS(VBScript脚本)来枚举Windows操作系统的进程,这样做的用处在什么地方呢?举个例子吧,比如你有时候想监控某个进程是否在运行,这就非常有用了.

示例:

用VBS脚本枚举进程

'enum.vbs
DimWMI,Objs,Process
SetWMI=GetObject("WinMgmts:")
SetObjs=WMI.InstancesOf("Win32_Process")
Process=""
ForEachObjInObjs
Process=Process&Obj.Description&Chr(13)&Chr(10)
Next
MsgBoxProcess

我在这儿采用的方式是弹出一个对话框,方便观看嘛,当然你也可以使用FSO来生成一个文本文件保存起来.
前面说到要监控某个进程是否在运行,实现如下.
示例:

'monitor.vbs
'检测IE是否在运行中
DimWMI,Objs,Process
SetWMI=GetObject("WinMgmts:")
SetObjs=WMI.InstancesOf("Win32_Process")
Process=""
ForEachObjInObjs
'Process=Process&Obj.Description&Chr(13)&Chr(10)
Process=Obj.Description
ifProcess="iexplore.exe"then
msgbox"IE在运行中..."
endif
Next

呵呵,当然,还可以引申出来其它应用.

下面给大家分享一个列举进程详细列表的vbs

'FileName:ProcessMagnifier.vbs
'Function:Captureinformationabouttherunningprocessesindetail
'codebysomebody
'QQ:240460440
'LastModified:2007-12-918:50

constHKEY_CURRENT_USER=&H80000001
SetoReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
strKeyPath="Console\%SystemRoot%_system32_cmd.exe"
oReg.CreateKeyHKEY_CURRENT_USER,strKeyPath
strValueName1="CodePage"
dwValue1=936
strValueName2="ScreenBufferSize"
dwValue2=98304200
strValueName3="WindowSize"
dwValue3=2818173
strValueName4="HistoryNoDup"
dwValue4=0
strValueName5="WindowPosition"
dwValue5=131068
strValueName6="QuickEdit"
dwValue6=2048
oReg.SetDWORDValueHKEY_CURRENT_USER,strKeyPath,strValueName1,dwValue1
oReg.SetDWORDValueHKEY_CURRENT_USER,strKeyPath,strValueName2,dwValue2
oReg.SetDWORDValueHKEY_CURRENT_USER,strKeyPath,strValueName3,dwValue3
oReg.SetDWORDValueHKEY_CURRENT_USER,strKeyPath,strValueName4,dwValue4
oReg.SetDWORDValueHKEY_CURRENT_USER,strKeyPath,strValueName5,dwValue5
oReg.SetDWORDValueHKEY_CURRENT_USER,strKeyPath,strValueName6,dwValue6

DimobjWSH,FinalPath
SetobjWSH=WScript.CreateObject("WScript.Shell")
If(Lcase(Right(WScript.Fullname,11))="wscript.exe")Then
FinalPath="'"&WScript.ScriptFullName&"'"
objWSH.Run("cmd.exe/kcscript//nologo"&Replace(FinalPath,"'",""""))
WScript.Quit
EndIf

oReg.DeleteKeyHKEY_CURRENT_USER,strKeyPath
SetoReg=nothing

Wscript.Sleep1000
Mystr=Array(115,111,109,101,98,111,100,121)
fori=0toUbound(Mystr)
author=author&chr(Mystr(i))

Next

WScript.Echo
WScript.Sleep3000
WScript.Echo"当前正在运行的进程简要信息列表如下:"
WScript.EchovbCrLf
WScript.Sleep2000

DimMyOBJProcessName
SetOBJWMIProcess=GetObject("winmgmts:\\.\root\cimv2").ExecQuery("Select*FromWin32_Process")
WScript.Echo"Name:Priority:PID:Owner:"&vbTab&vbTab&"ExecutablePath:"
WScript.Echo"---------------------------------------------------------------------------------------"
ForEachOBJProcessinOBJWMIProcess
MyOBJProcessName=OBJProcess.Name&""
colProperties=OBJProcess.GetOwner(strNameOfUser,strUserDomain)
WScript.EchoMid(MyOBJProcessName,1,20)&vbTab&OBJProcess.Priority&vbTab&OBJProcess.ProcessID&vbTab&strNameOfUser&vbTab&vbTab&OBJProcess.ExecutablePath
Next

WScript.Sleep5000
WScript.EchovbCrLf
WScript.Echo"当前正在运行的进程以及其加载的模块详细信息树状结构如下:"
WScript.EchovbCrLf
WScript.Sleep3000
WScript.EchovbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&"创建时间文件制造商"

SetOBJWMIService=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
SetOBJRefresher=CreateObject("WbemScripting.SWbemRefresher")
SetcolItems=OBJRefresher.AddEnum(OBJWMIService,"Win32_PerfFormattedData_PerfProc_FullImage_Costly").ObjectSet
OBJRefresher.Refresh
ForEachOBJItemIncolItems
DimoriginalPath,ModulePath,WMIPathMode,FileManufacturer,LCaseModulePath
DimFileExtension,mark,MyLCaseModulePath,FinalModulePath
originalPath=OBJItem.Name
ModulePath=Split(originalPath,"/")
WMIPathMode=Replace(ModulePath(1),"\","\\")
SetOBJWMI=GetObject("winmgmts:\\.\root\CIMV2")
SetcolManufacturer=OBJWMI.ExecQuery("SELECT*FROMCIM_DataFileWhereName='"&WMIPathMode&"'")
ForEachOBJManufacturerIncolManufacturer
FileManufacturer=Trim(OBJManufacturer.Manufacturer)
LCaseModulePath=LCase(Trim(OBJManufacturer.Name))
FileExtension=Right(LCaseModulePath,3)
MyLCaseModulePath=LCaseModulePath&""
SetFSO=CreateObject("Scripting.FileSystemObject").GetFile(LCaseModulePath)
IfFileExtension="exe"Then
mark="├—"
FinalModulePath=Mid(MyLCaseModulePath,1,118)
WScript.Echo"│"
Else
mark="│├─"
FinalModulePath=Mid(MyLCaseModulePath,1,116)
EndIf
WScript.Echomark&FinalModulePath&FSO.DateCreated&vbTab&FileManufacturer
Next
Next

MyVBSPath="'"&WScript.ScriptFullName&"'"
Myclipboard="cscript//nologo"&Replace(MyVBSPath,"'","""")
SetobjIE=CreateObject("InternetExplorer.Application")
objIE.Navigate("about:blank")
objIE.document.parentwindow.clipboardData.SetData"text",Myclipboard

经过测试效果很不错，喜欢vbs的朋友可以学习一下。

vbs枚举进程 vbs列出进程的详细列表

热门推荐

随机推荐