病毒横行的今日,我自网友处求得一段VBS的代码,主要用途是监视本机的运行情况。
但苦于只能眼见,而不得留存结果。
请高手给予指点迷津,完善此代码。
深表感谢!- If WScript.Arguments.Count = 0 Then
- RunExe "cmd /k start /b " _
- & "cscript //nologo " & """" & WScript.ScriptFullName & """" & " MonitorCreation & " _
- & "cscript //nologo " & """" & WScript.ScriptFullName & """" & " MonitorDeletion"
- WScript.Quit
- End If
-
- Execute WScript.Arguments(0)
-
-
-
- Sub RunExe(strPath)
- Dim objWSH
- Set objWSH = CreateObject("WScript.Shell")
- objWSH.Run strPath
- Set objWSH = Nothing
- End Sub
-
- Sub MonitorCreation()
- strComputer = "."
- Set objWMIService = GetObject("winmgmts:" _
- & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
- Set colMonitoredProcesses = objWMIService. _
- ExecNotificationQuery("select * from __instancecreationevent " _
- & " within 1 where TargetInstance isa 'Win32_Process'")
- i = 0
-
- Do While i = 0
- Set objLatestProcess = colMonitoredProcesses.NextEvent
- Wscript.Echo Now() & " Process Created: " & vbCrLf & objLatestProcess.TargetInstance.CommandLine & vbCrLf
- Loop
- End Sub
-
- Sub MonitorDeletion()
- strComputer = "."
- Set objWMIService = GetObject("winmgmts:" _
- & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
- Set colMonitoredProcesses = objWMIService. _
- ExecNotificationQuery("select * from __instancedeletionevent " _
- & "within 1 where TargetInstance isa 'Win32_Process'")
- i = 0
-
- Do While i = 0
- Set objLatestProcess = colMonitoredProcesses.NextEvent
- Wscript.Echo Now() & " Process Deleted: " & vbCrLf & objLatestProcess.TargetInstance.CommandLine & vbCrLf
- Loop
- End Sub
请将此VBS运行过程中所产生的结果输出到D:\pid.log
[ 本帖最后由 bobgjs 于 2009-2-3 18:18 编辑 ] | 
发表于 2009-2-3 18:16
| 
发表于 2009-2-3 19:08
|