如需转载请注明出处:http://www.bathome.net/thread-15778-1-1.html- 'VBS脚本结束可疑进程及短路径与长路径转换、Replace加强等实用函数
- 'powerbat @ www.bathome.net 批处理之家
- Set fso = CreateObject("Scripting.FileSystemObject")
- Set sh = CreateObject("Shell.Application")
- Set ws = CreateObject("WScript.Shell")
-
- strComputer = "."
- Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" _
- & strComputer & "\root\cimv2")
-
- strTempPath = GetLongPath( fso.GetSpecialFolder(2) )
-
- set colProcs = objWMIService.ExecQuery(_
- "SELECT * FROM Win32_Process Where ProcessID>4")
- for each objProc in colProcs
- FilePath = objProc.ExecutablePath
- if not IsNull(FilePath) then
- FilePath = GetLongPath(FilePath)
- if ReplaceEx( replace(FilePath,strTempPath,"",1,1,1), _
- "/^\\[0-9]{3}\\[^\\]+$/i", "") = "" then
- 'WScript.Echo FilePath
- objProc.Terminate()
- ws.Environment("process").Item("#") = FilePath
- ws.Run "cmd.exe /d /q /c echo y|cacls ""%#%"" /e /d everyone", 0
- end if
- end if
- next
-
-
- Function GetLongPath(strPath)
- GetLongPath = ""
- strPath = fso.GetAbsolutePathName(strPath) 'in case of "C:\boot.ini\.."
- if fso.FileExists(strPath) then
- GetLongPath = sh.NameSpace( fso.GetParentFolderName(strPath) _
- ).ParseName( fso.GetFileName(strPath) ).Path
- elseif fso.FolderExists(strPath) then
- GetLongPath = sh.NameSpace(strPath).Self.Path
- end if
- End Function
-
- Function GetShortPath(strPath)
- GetShortPath = ""
- 'strPath = fso.GetAbsolutePathName(strPath) 'unnecessary
- if fso.FileExists(strPath) then
- GetShortPath = fso.GetFile(strPath).ShortPath
- elseif fso.FolderExists(strPath) then
- GetShortPath = fso.GetFolder(strPath).ShortPath
- end if
- End Function
-
- function ReplaceEx(sSource, sPattern, sReplace)
- rem function ReplaceEx uses regular expression.
- rem Arg.2(sPattern) should be like in JavaScript, eg: "/hello/gim"
- dim RegEx, Match, Mode, LastSlash
- LastSlash = InStrRev(sPattern, "/")
- Match = Mid(sPattern, 2, LastSlash-2)
- Mode = Mid(sPattern, LastSlash+1)
- Set RegEx = new RegExp
- RegEx.Pattern = Match
- if InStr(1,Mode,"g",1) then RegEx.Global = True
- if InStr(1,Mode,"i",1) then RegEx.IgnoreCase = True
- if InStr(1,Mode,"m",1) then RegEx.Multiline = True
- ReplaceEx = RegEx.Replace(sSource, sReplace)
- end function
复制代码 其实,这个“可疑进程”是针对具体案例而言,并非通用。 |