'FileName:ProcessMagnifier.vbs

'Function:Captureinformationabouttherunningprocessesindetail

'codebysomebody

'QQ:240460440

'LastModified:2007-11-1618:25

'仅供学习

ConstHKEY_CURRENT_USER=&H80000001

oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!.rootdefault:StdRegProv")

strKeyPath="Console%SystemRoot%_system32_cmd.exe"

oReg.CreateKey(HKEY_CURRENT_USER,strKeyPath)

strValueName1="CodePage"

dwValue1=936

strValueName2="ScreenBufferSize"

dwValue2=98304200

strValueName3="WindowSize"

dwValue3=2818173

strValueName4="HistoryNoDup"

dwValue4=0

strValueName5="WindowPosition"

dwValue5=131068

strValueName6="QuickEdit"

dwValue6=2048

oReg.SetDWORDValue(HKEY_CURRENT_USER,strKeyPath,strValueName1,dwValue1)

oReg.SetDWORDValue(HKEY_CURRENT_USER,strKeyPath,strValueName2,dwValue2)

oReg.SetDWORDValue(HKEY_CURRENT_USER,strKeyPath,strValueName3,dwValue3)

oReg.SetDWORDValue(HKEY_CURRENT_USER,strKeyPath,strValueName4,dwValue4)

oReg.SetDWORDValue(HKEY_CURRENT_USER,strKeyPath,strValueName5,dwValue5)

oReg.SetDWORDValue(HKEY_CURRENT_USER,strKeyPath,strValueName6,dwValue6)

DimobjWSH,FinalPath

objWSH=WScript.CreateObject("WScript.Shell")

If(LCase(Right(WScript.Fullname,11))="wscript.exe")Then

FinalPath="'"&WScript.ScriptFullName&"'"

objWSH.Run("cmd.exe/kcscript//nologo"&Replace(FinalPath,"'",""""))

WScript.Quit()

EndIf

oReg.DeleteKey(HKEY_CURRENT_USER,strKeyPath)

oReg=Nothing

WScript.Echo()

WScript.Sleep(1000)

WScript.Echo("当前正在运行的进程简要信息列表如下:")

WScript.Echo(vbCrLf)

WScript.Sleep(2000)

DimMyOBJProcessName

OBJWMIProcess=GetObject("winmgmts:.rootcimv2").ExecQuery("Select*FromWin32_Process")

WScript.Echo"Name:Priority:PID:Owner:"&vbTab&vbTab&"ExecutablePath:"

WScript.Echo("---------------------------------------------------------------------------------------")

ForEachOBJProcessInOBJWMIProcess

MyOBJProcessName=OBJProcess.Name&""

colProperties=OBJProcess.GetOwner(strNameOfUser,strUserDomain)

WScript.EchoMid(MyOBJProcessName,1,20)&vbTab&OBJProcess.Priority&vbTab&OBJProcess.ProcessID&vbTab&strNameOfUser&vbTab&vbTab&OBJProcess.ExecutablePath

Next

WScript.Sleep(5000)

WScript.Echo(vbCrLf)

WScript.Echo("当前正在运行的进程以及其加载的模块详细信息树状结构如下:")

WScript.Echo(vbCrLf)

WScript.Sleep(3000)

WScript.EchovbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&"创建时间文件制造商"

OBJWMIService=GetObject("winmgmts:{impersonationLevel=impersonate}!.rootcimv2")

OBJRefresher=CreateObject("WbemScripting.SWbemRefresher")

colItems=OBJRefresher.AddEnum(OBJWMIService,"Win32_PerfFormattedData_PerfProc_FullImage_Costly").ObjectSet

OBJRefresher.Refresh()

ForEachOBJItemIncolItems

DimoriginalPath,ModulePath,WMIPathMode,FileManufacturer,LCaseModulePath

DimFileExtension,mark,MyLCaseModulePath,FinalModulePath

originalPath=OBJItem.Name

ModulePath=Split(originalPath,"/")

WMIPathMode=Replace(ModulePath(1),"","")

OBJWMI=GetObject("winmgmts:.rootCIMV2")

colManufacturer=OBJWMI.ExecQuery("SELECT*FROMCIM_DataFileWhereName='"&WMIPathMode&"'")

ForEachOBJManufacturerIncolManufacturer

FileManufacturer=Trim(OBJManufacturer.Manufacturer)

LCaseModulePath=LCase(Trim(OBJManufacturer.Name))

FileExtension=Right(LCaseModulePath,3)

MyLCaseModulePath=LCaseModulePath&""

FSO=CreateObject("Scripting.FileSystemObject").GetFile(LCaseModulePath)

IfFileExtension="exe"Then

mark="├—"

FinalModulePath=Mid(MyLCaseModulePath,1,118)

WScript.Echo("│")

Else

mark="│├─"

FinalModulePath=Mid(MyLCaseModulePath,1,116)

EndIf

WScript.Echomark&FinalModulePath&FSO.DateCreated&vbTab&FileManufacturer

Next

Next