Board logo

标题: [原创] VBS脚本结束可疑进程及短路径与长路径转换等实用函数 [打印本页]
作者: powerbat    时间: 2012-3-6 08:36     标题: VBS脚本结束可疑进程及短路径与长路径转换等实用函数

如需转载请注明出处:http://www.bathome.net/thread-15778-1-1.html
  1. 'VBS脚本结束可疑进程及短路径与长路径转换、Replace加强等实用函数

  2. 'powerbat @ www.bathome.net 批处理之家

  3. Set fso = CreateObject("Scripting.FileSystemObject")

  4. Set sh = CreateObject("Shell.Application")

  5. Set ws = CreateObject("WScript.Shell")

  6. 

  7. strComputer = "."

  8. Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" _

  9.     & strComputer & "\root\cimv2")

  10. 

  11. strTempPath = GetLongPath( fso.GetSpecialFolder(2) )

  12. 

  13. set colProcs = objWMIService.ExecQuery(_

  14.     "SELECT * FROM Win32_Process Where ProcessID>4")

  15. for each objProc in colProcs

  16.   FilePath = objProc.ExecutablePath

  17.   if not IsNull(FilePath) then

  18.     FilePath = GetLongPath(FilePath)

  19.     if ReplaceEx( replace(FilePath,strTempPath,"",1,1,1), _

  20.         "/^\\[0-9]{3}\\[^\\]+$/i", "") = "" then

  21.       'WScript.Echo FilePath

  22.       objProc.Terminate()

  23.       ws.Environment("process").Item("#") = FilePath

  24.       ws.Run "cmd.exe /d /q /c echo y|cacls ""%#%"" /e /d everyone", 0

  25.     end if

  26.   end if

  27. next

  28. 

  29. 

  30. Function GetLongPath(strPath)

  31.   GetLongPath = ""

  32.   strPath = fso.GetAbsolutePathName(strPath) 'in case of "C:\boot.ini\.."

  33.   if fso.FileExists(strPath) then

  34.     GetLongPath = sh.NameSpace( fso.GetParentFolderName(strPath) _

  35.         ).ParseName( fso.GetFileName(strPath) ).Path

  36.   elseif fso.FolderExists(strPath) then

  37.     GetLongPath = sh.NameSpace(strPath).Self.Path

  38.   end if

  39. End Function

  40. 

  41. Function GetShortPath(strPath)

  42.   GetShortPath = ""

  43.   'strPath = fso.GetAbsolutePathName(strPath) 'unnecessary

  44.   if fso.FileExists(strPath) then

  45.     GetShortPath = fso.GetFile(strPath).ShortPath

  46.   elseif fso.FolderExists(strPath) then

  47.     GetShortPath = fso.GetFolder(strPath).ShortPath

  48.   end if

  49. End Function

  50. 

  51. function ReplaceEx(sSource, sPattern, sReplace)

  52. rem function ReplaceEx uses regular expression.

  53. rem Arg.2(sPattern) should be like in JavaScript, eg: "/hello/gim"

  54.   dim RegEx, Match, Mode, LastSlash

  55.   LastSlash = InStrRev(sPattern, "/")

  56.   Match = Mid(sPattern, 2, LastSlash-2)

  57.   Mode = Mid(sPattern, LastSlash+1)

  58.   Set RegEx = new RegExp

  59.   RegEx.Pattern = Match

  60.   if InStr(1,Mode,"g",1) then RegEx.Global = True

  61.   if InStr(1,Mode,"i",1) then RegEx.IgnoreCase = True

  62.   if InStr(1,Mode,"m",1) then RegEx.Multiline = True

  63. ReplaceEx = RegEx.Replace(sSource, sReplace)

  64. end function
复制代码
其实,这个“可疑进程”是针对具体案例而言,并非通用。



欢迎光临 批处理之家 (http://www.bathome.net/) Powered by Discuz! 7.2