返回列表 发帖
powerbat

Rank: 7Rank: 7Rank: 7

帖子
752 
积分
4553 
技术
139  
捐助
0  
注册时间
2010-8-24 
1 跳转到 » 倒序看帖
打印
tT
发表于 2012-3-6 08:36 | 只看该作者

[原创] VBS脚本结束可疑进程及短路径与长路径转换等实用函数

如需转载请注明出处:http://www.bathome.net/thread-15778-1-1.html
'VBS脚本结束可疑进程及短路径与长路径转换、Replace加强等实用函数
'powerbat @ www.bathome.net 批处理之家
Set fso = CreateObject("Scripting.FileSystemObject")
Set sh = CreateObject("Shell.Application")
Set ws = CreateObject("WScript.Shell")
 
strComputer = "."
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" _
    & strComputer & "\root\cimv2")
 
strTempPath = GetLongPath( fso.GetSpecialFolder(2) )
 
set colProcs = objWMIService.ExecQuery(_
    "SELECT * FROM Win32_Process Where ProcessID>4")
for each objProc in colProcs
  FilePath = objProc.ExecutablePath
  if not IsNull(FilePath) then
    FilePath = GetLongPath(FilePath)
    if ReplaceEx( replace(FilePath,strTempPath,"",1,1,1), _
        "/^\\[0-9]{3}\\[^\\]+$/i", "") = "" then
      'WScript.Echo FilePath
      objProc.Terminate()
      ws.Environment("process").Item("#") = FilePath
      ws.Run "cmd.exe /d /q /c echo y|cacls ""%#%"" /e /d everyone", 0
    end if
  end if
next
 
 
Function GetLongPath(strPath)
  GetLongPath = ""
  strPath = fso.GetAbsolutePathName(strPath) 'in case of "C:\boot.ini\.."
  if fso.FileExists(strPath) then
    GetLongPath = sh.NameSpace( fso.GetParentFolderName(strPath) _
        ).ParseName( fso.GetFileName(strPath) ).Path
  elseif fso.FolderExists(strPath) then
    GetLongPath = sh.NameSpace(strPath).Self.Path
  end if
End Function
 
Function GetShortPath(strPath)
  GetShortPath = ""
  'strPath = fso.GetAbsolutePathName(strPath) 'unnecessary
  if fso.FileExists(strPath) then
    GetShortPath = fso.GetFile(strPath).ShortPath
  elseif fso.FolderExists(strPath) then
    GetShortPath = fso.GetFolder(strPath).ShortPath
  end if
End Function
 
function ReplaceEx(sSource, sPattern, sReplace)
rem function ReplaceEx uses regular expression.
rem Arg.2(sPattern) should be like in JavaScript, eg: "/hello/gim"
  dim RegEx, Match, Mode, LastSlash
  LastSlash = InStrRev(sPattern, "/")
  Match = Mid(sPattern, 2, LastSlash-2)
  Mode = Mid(sPattern, LastSlash+1)
  Set RegEx = new RegExp
  RegEx.Pattern = Match
  if InStr(1,Mode,"g",1) then RegEx.Global = True
  if InStr(1,Mode,"i",1) then RegEx.IgnoreCase = True
  if InStr(1,Mode,"m",1) then RegEx.Multiline = True
ReplaceEx = RegEx.Replace(sSource, sReplace)
end functionCOPY
其实,这个“可疑进程”是针对具体案例而言,并非通用。
1

评分人数

收藏 分享
script56
新加坡Google

返回列表