- @echo off&setlocal enabledelayedexpansion
-
- rem 保护的文件名
- set "input=C:\Program Files (x86)\kingsoft\kingsoft antivirus\kwtpanel.log"
- rem 保护间隔时间
- set ”#time=2“
-
- if "%1"=="h" goto begin
- start mshta vbscript:createobject("wscript.shell").run("""%~nx0"" h",0)(window.close)&&exit
- :begin
-
- if not exist %systemroot%\system32\certutil.exe call:msg_error_notfile&exit
- certutil -hashfile %input% MD5>%tmp%\MD5.LOG
- mshta VBScript:Msgbox("已在后台监控指定文件 [ %input% ]",vbSystemModal,"提示")(close)
- :main
- if not exist %input% call:msg_error_lostfile&exit
- set line=0
- for /f "delims=*" %%i in (%tmp%\MD5.LOG) do (
- set /a line+=1
- if !line!==2 set A=%%i
- )
-
- certutil -hashfile %input% MD5>%tmp%\MD5_.LOG
-
- set line=0
- for /f "delims=*" %%i in (%tmp%\MD5_.LOG) do (
- set /a line+=1
- if !line!==2 set B=%%i
- )
-
- if "%A%" neq "%B%" call:msg&exit
- ping 127.0.0.1 -n %#time% >nul
- goto:main
- :msg
- mshta VBScript:Msgbox("监控的文件 [ %input% ] 在 [ %date% %time% ] 被修改 文件原始指纹 [ %A% ] 修改后指纹 [ %B% ] 监控已终止。",vbSystemModal,"提示")(close)
- goto:eof
- :msg_error_lostfile
- mshta VBScript:Msgbox("监控的文件 [ %input% ] 在 [ %date% %time% ] 丢失 监控已终止。",vbSystemModal,"提示")(close)
- goto:eof
- :msg_error_notfile
- mshta VBScript:Msgbox("系统缺少需要的组件 [ certutil.exe ] 监控已终止。",vbSystemModal,"提示")(close)
- goto:eof
复制代码
|