[系统增强] 进程与DLL模块相互查询及管理批处理版

foxJL

没做界面美化,实用为主.
因为网页不能处理Tab(跳格键),都会自动用空格代替,请下载附件使用.

@echo off&setlocal enabledelayedexpansion
::code by foxjl@bbs.bathome.net 2008/01/07
:menu
cls&echo\&echo\
echo.    1.显示进程及所被调用的模块(简洁)
echo\
echo.    2.通过进程查找并列出所调用的模块(包括模块详细信息)
echo\
echo.    3.通过模块找到所调用它的进程
echo\
echo.    4.结束进程
:afresh
echo\
set/p choice=    请输入选项:
set error=    错误的选择,请重新输入.
if %choice% leq 0 (echo.%error%&goto afresh) else (if %choice% gtr 4 (echo.%error%&goto afresh))
goto choice%choice%
pause&exit
:choice1
cls
tasklist /m /fo "csv" /nh
echo.所有进程及所被调用的模块显示完毕.按任意键返回.
pause>nul&goto menu
:choice2
del particular.txt >nul 2>nul
echo\
set /p name=    请输入进程名(如Q.exe):
for /f %%i in ('TASKLIST /fi "IMAGENAME eq %name%" /fo "csv" /nh /m') do (
set namedll=%%~i
set namedll=!namedll:"=!
echo !namedll!
)
echo\
set /p yes=进程"%name%"调用的所有模块列举完毕,是否列出模块详细信息(Y/N):
set /p all=A-仅路径(默认完整信息):
mode con cols=150 lines=80
if /i "%yes%"=="y" (
start msinfo32 /categories +swenvloadedmodules /report particular.txt
echo.请稍候...
:particular
if not exist particular.txt (
   ping -n 1 127.1>nul
   goto particular
  ) else (
    cls
    if /i "%all%"=="A" (echo.名称---路径) else (echo.名称---版本---大小---文件日期---制造商---路径)
    for %%i in (%namedll%) do (
    if /i "%all%"=="A" (
     for /f "delims=  tokens=1,6" %%j in ('type particular.txt ^| find /i "%%i"') do (
     echo %%j---%%k
    )
    ) else (
    for /f "delims=" %%j in ('type particular.txt ^| find /i "%%i"') do (
    set particular=%%j
    set particular=!particular: =-!
    echo !particular!
   )
   )
   )
   echo.进程"%name%"调用的所有模块详细信息列举完毕,按任意键返回.
   pause>nul&goto menu
)
)
goto menu
:choice3
echo\&set /p b=输入DLL名:
for /f "tokens=*" %%i in ('TASKLIST /m /fo "csv" /nh') do (
echo %%i | find /i "%b%"
if not %ERRORLEVEL% equ 0 echo\&echo %%i)
echo\&echo.显示完毕.按任意键返回.
pause>nul&goto menu
:choice4
Tasklist
echo ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━以上是进程列表.
Set /p IM=输入所要结束进程的名称(如:id.exe):
taskkill /f /t /im %IM%
ECHO 命令完成!按任意键返回.
pause>nul&goto menuCOPY

链接: https://pan.baidu.com/s/1j7P6l5TBTqgsuLtxeFCF4Q?pwd=7jyf

somebody

1. 走我的老路~~~~~想当初为这个问题浪费N 多精力，狂想突破批处理瓶脊，发现自己是傻瓜....VBS解救了我.
   tasklist 和 msinfo32
  tasklist 得到的信息不详细，比如DLL全路径,你用批处理很难得到（全面的）
至于msinfo32 ，运行完我都吃完一餐了。想以前我狂研究这个令人郁闷的东西
2. 一发出来马上高亮，厉害！"forJL出品，必属精品" 是不是这样吖 youxi01
3. 若你真正有兴趣研究安全问题....本论坛的关于进程的精华贴你看过后绝对有收获，就算看了没收获，用过后你也会有另翻想法...

[ 本帖最后由 somebody 于 2008-1-8 00:19 编辑 ]

随风

原来纯批也可以做到这么厉害，佩服！！！

somebody

我帮你测试一下...

  1.显示进程及所被调用的模块(简洁)
 
  2.通过进程查找并列出所调用的模块(包括模块详细信息)
 
  3.通过模块找到所调用它的进程
 
  4.结束进程
 
  请输入选项:1COPY

结果:

"System Idle Process","0","暂缺"
"System","4","暂缺"
"smss.exe","688","ntdll.dll"
"csrss.exe","756","ntdll.dll,CSRSRV.dll,basesrv.dll,winsrv.dll,USER32.dll,KERNEL
32.dll,GDI32.dll,LPK.DLL,USP10.dll,msvcrt.dll,ADVAPI32.dll,RPCRT4.dll,sxs.dll,Ap
phelp.dll,VERSION.dll"
"winlogon.exe","780","ntdll.dll,kernel32.dll,ADVAPI32.dll,RPCRT4.dll,AUTHZ.dll,m
svcrt.dll,CRYPT32.dll,USER32.dll,GDI32.dll,MSASN1.dll,NDdeApi.dll,PROFMAP.dll,NE
TAPI32.dll,USERENV.dll,PSAPI.DLL,REGAPI.dll,Secur32.dll,SETUPAPI.dll,VERSION.dll
,WINSTA.dll,WINTRUST.dll,IMAGEHLP.dll,WS2_32.dll,WS2HELP.dll,IMM32.DLL,LPK.DLL,U
SP10.dll,MSGINA.dll,SHELL32.dll,SHLWAPI.dll,COMCTL32.dll,ODBC32.dll,comdlg32.dll
,comctl32.dll,odbcint.dll,SHSVCS.dll,sfc.dll,sfc_os.dll,ole32.dll,Apphelp.dll,ms
ctfime.ime,sxs.dll,WINSCARD.DLL,WTSAPI32.dll,uxtheme.dll,WINMM.dll,cscdll.dll,kl
ogon.dll,rsaenh.dll,WlNotify.dll,WINSPOOL.DRV,MPR.dll,SAMLIB.dll,msv1_0.dll,iphl
papi.dll,wldap32.dll,cscui.dll,xpsp2res.dll,NTMARTA.DLL,wdmaud.drv,msacm32.drv,M
SACM32.dll,midimap.dll,COMRes.dll,OLEAUT32.dll,CLBCATQ.DLL,wbemprox.dll,wbemcomn
.dll,wbemsvc.dll,fastprox.dll,MSVCP60.dll,NTDSAPI.dll,DNSAPI.dll"
"services.exe","824","ntdll.dll,kernel32.dll,msvcrt.dll,ADVAPI32.dll,RPCRT4.dll,
USER32.dll,GDI32.dll,USERENV.dll,SCESRV.dll,AUTHZ.dll,umpnpmgr.dll,WINSTA.dll,NE
TAPI32.dll,NCObjAPI.DLL,MSVCP60.dll,ShimEng.dll,AcGenral.DLL,WINMM.dll,ole32.dll
,OLEAUT32.dll,MSACM32.dll,VERSION.dll,SHELL32.dll,SHLWAPI.dll,UxTheme.dll,IMM32.
DLL,LPK.DLL,USP10.dll,comctl32.dll,comctl32.dll,secur32.dll,Apphelp.dll,eventlog
.dll,WS2_32.dll,WS2HELP.dll,PSAPI.DLL,wtsapi32.dll"
"lsass.exe","836","ntdll.dll,kernel32.dll,ADVAPI32.dll,RPCRT4.dll,LSASRV.dll,msv
crt.dll,Secur32.dll,USER32.dll,GDI32.dll,SAMSRV.dll,cryptdll.dll,DNSAPI.dll,WS2_
32.dll,WS2HELP.dll,MSASN1.dll,NETAPI32.dll,SAMLIB.dll,MPR.dll,NTDSAPI.dll,WLDAP3
2.dll,ShimEng.dll,AcGenral.DLL,WINMM.dll,ole32.dll,OLEAUT32.dll,MSACM32.dll,VERS
ION.dll,SHELL32.dll,SHLWAPI.dll,USERENV.dll,UxTheme.dll,IMM32.DLL,LPK.DLL,USP10.
dll,comctl32.dll,comctl32.dll,msprivs.dll,kerberos.dll,msv1_0.dll,iphlpapi.dll,n
etlogon.dll,w32time.dll,MSVCP60.dll,schannel.dll,CRYPT32.dll,wdigest.dll,rsaenh.
dll,setupapi.dll,scecli.dll,ipsecsvc.dll,AUTHZ.dll,oakley.DLL,WINIPSEC.DLL,pstor
svc.dll,mswsock.dll,hnetcfg.dll,wshtcpip.dll,psbase.dll,dssenh.dll,iissuba.dll"
"svchost.exe","1000","ntdll.dll,kernel32.dll,ADVAPI32.dll,RPCRT4.dll,ShimEng.dll
,AcGenral.DLL,USER32.dll,GDI32.dll,WINMM.dll,ole32.dll,msvcrt.dll,OLEAUT32.dll,M
SACM32.dll,VERSION.dll,SHELL32.dll,SHLWAPI.dll,USERENV.dll,UxTheme.dll,IMM32.DLL
,LPK.DLL,USP10.dll,comctl32.dll,comctl32.dll,NTMARTA.DLL,WLDAP32.dll,SAMLIB.dll,
rpcss.dll,WS2_32.dll,WS2HELP.dll,Secur32.dll,xpsp2res.dll,CLBCATQ.DLL,COMRes.dll
,termsrv.dll,ICAAPI.dll,SETUPAPI.dll,WINTRUST.dll,CRYPT32.dll,MSASN1.dll,IMAGEHL
P.dll,AUTHZ.dll,mstlsapi.dll,ACTIVEDS.dll,adsldpc.dll,NETAPI32.dll,ATL.DLL,REGAP
I.dll,rsaenh.dll,rdpwsx.dll,WINSPOOL.DRV,Apphelp.dll,WTSAPI32.dll,WINSTA.dll,msv
1_0.dll,iphlpapi.dll"
"svchost.exe","1060","ntdll.dll,kernel32.dll,ADVAPI32.dll,RPCRT4.dll,ShimEng.dll
,AcGenral.DLL,USER32.dll,GDI32.dll,WINMM.dll,ole32.dll,msvcrt.dll,OLEAUT32.dll,M
SACM32.dll,VERSION.dll,SHELL32.dll,SHLWAPI.dll,USERENV.dll,UxTheme.dll,IMM32.DLL
,LPK.DLL,USP10.dll,comctl32.dll,comctl32.dll,rpcss.dll,WS2_32.dll,WS2HELP.dll,Se
cur32.dll,xpsp2res.dll,rsaenh.dll,mswsock.dll,hnetcfg.dll,wshtcpip.dll,DNSAPI.dl
l,iphlpapi.dll,winrnr.dll,WLDAP32.dll,rasadhlp.dll,CLBCATQ.DLL,COMRes.dll,msi.dl
l"
"svchost.exe","1388","ntdll.dll,kernel32.dll,ADVAPI32.dll,RPCRT4.dll,ShimEng.dll
,AcGenral.DLL,USER32.dll,GDI32.dll,WINMM.dll,ole32.dll,msvcrt.dll,OLEAUT32.dll,M
SACM32.dll,VERSION.dll,SHELL32.dll,SHLWAPI.dll,USERENV.dll,UxTheme.dll,IMM32.DLL
,LPK.DLL,USP10.dll,comctl32.dll,comctl32.dll,NTMARTA.DLL,WLDAP32.dll,SAMLIB.dll,
xpsp2res.dll,shsvcs.dll,WINSTA.dll,NETAPI32.dll,dhcpcsvc.dll,DNSAPI.dll,WS2_32.d
ll,WS2HELP.dll,iphlpapi.dll,Secur32.dll,rsaenh.dll,wzcsvc.dll,rtutils.dll,WMI.dl
l,CRYPT32.dll,MSASN1.dll,WTSAPI32.dll,ESENT.dll,ATL.DLL,schedsvc.dll,NTDSAPI.dll
,IMAGEHLP.dll,rastls.dll,CRYPTUI.dll,WINTRUST.dll,WININET.dll,MPRAPI.dll,ACTIVED
S.dll,adsldpc.dll,SETUPAPI.dll,RASAPI32.dll,rasman.dll,TAPI32.dll,SCHANNEL.dll,W
inSCard.dll,raschap.dll,msv1_0.dll,MSIDLE.DLL,audiosrv.dll,wkssvc.dll,cryptsvc.d
ll,certcli.dll,pchsvc.dll,es.dll,COMRes.dll,CLBCATQ.DLL,ersvc.dll,dmserver.dll,s
rvsvc.dll,netman.dll,netshell.dll,credui.dll,WZCSAPI.DLL,trkwks.dll,srsvc.dll,PO
WRPROF.dll,sens.dll,seclogon.dll,HNETCFG.DLL,wmisvc.dll,VSSAPI.DLL,SXS.DLL,w32ti
me.dll,MSVCP60.dll,ipnathlp.dll,MSWSOCK.dll,AUTHZ.dll,wscsvc.dll,msi.dll,wshtcpi
p.dll,comsvcs.dll,MTXCLU.DLL,WSOCK32.dll,colbact.DLL,CLUSAPI.DLL,RESUTILS.DLL,br
owser.dll,wbemcomn.dll,wbemcore.dll,esscli.dll,FastProx.dll,upnp.dll,WINHTTP.dll
,SSDPAPI.dll,wmiutils.dll,rasadhlp.dll,repdrvfs.dll,wmiprvsd.dll,NCObjAPI.DLL,wb
emess.dll,netcfgx.dll,rasmans.dll,WINIPSEC.DLL,tapisrv.dll,PSAPI.DLL,rastapi.dll
,unimdm.tsp,uniplat.dll,ncprov.dll,kmddsp.tsp,ndptsp.tsp,ipconf.tsp,h323.tsp,hid
phone.tsp,HID.DLL,rasppp.dll,ntlsapi.dll,kerberos.dll,cryptdll.dll,RASDLG.dll,ms
xml3.dll,urlmon.dll,wbemsvc.dll"
"svchost.exe","1460","ntdll.dll,kernel32.dll,ADVAPI32.dll,RPCRT4.dll,ShimEng.dll
,AcGenral.DLL,USER32.dll,GDI32.dll,WINMM.dll,ole32.dll,msvcrt.dll,OLEAUT32.dll,M
SACM32.dll,VERSION.dll,SHELL32.dll,SHLWAPI.dll,USERENV.dll,UxTheme.dll,IMM32.DLL
,LPK.DLL,USP10.dll,comctl32.dll,comctl32.dll,dnsrslvr.dll,DNSAPI.dll,WS2_32.dll,
WS2HELP.dll,iphlpapi.dll,mswsock.dll,hnetcfg.dll,wshtcpip.dll"
"svchost.exe","1620","ntdll.dll,kernel32.dll,ADVAPI32.dll,RPCRT4.dll,ShimEng.dll
,AcGenral.DLL,USER32.dll,GDI32.dll,WINMM.dll,ole32.dll,msvcrt.dll,OLEAUT32.dll,M
SACM32.dll,VERSION.dll,SHELL32.dll,SHLWAPI.dll,USERENV.dll,UxTheme.dll,IMM32.DLL
,LPK.DLL,USP10.dll,comctl32.dll,comctl32.dll,NTMARTA.DLL,WLDAP32.dll,SAMLIB.dll,
xpsp2res.dll,lmhsvc.dll,iphlpapi.dll,WS2_32.dll,WS2HELP.dll,webclnt.dll,WININET.
dll,CRYPT32.dll,MSASN1.dll,Secur32.dll,urlmon.dll,wsock32.dll,ssdpsrv.dll,hnetcf
g.dll,CLBCATQ.DLL,COMRes.dll,mswsock.dll,wshtcpip.dll,rsaenh.dll,httpapi.dll,WIN
HTTP.dll,DNSAPI.dll,rasadhlp.dll,RASAPI32.DLL,rasman.dll,NETAPI32.dll,TAPI32.dll
,rtutils.dll,msv1_0.dll,sensapi.dll"
"stormliv.exe","236","ntdll.dll,kernel32.dll,SHLWAPI.dll,msvcrt.dll,GDI32.dll,US
ER32.dll,ADVAPI32.dll,RPCRT4.dll,WS2_32.dll,WS2HELP.dll,MSVCP60.dll,MFC42.DLL,co
mdlg32.dll,COMCTL32.dll,SHELL32.dll,ole32.dll,OLEAUT32.dll,VERSION.dll,SETUPAPI.
dll,WININET.dll,CRYPT32.dll,MSASN1.dll,IMM32.DLL,LPK.DLL,USP10.dll,MFC42LOC.DLL,
uxtheme.dll,xpsp2res.dll,mswsock.dll,hnetcfg.dll,wshtcpip.dll,CLBCATQ.DLL,COMRes
.dll,DNSAPI.dll,msxml3.dll,winrnr.dll,WLDAP32.dll,rasadhlp.dll,urlmon.dll,mlang.
dll,Secur32.dll"
"explorer.exe","436","ntdll.dll,kernel32.dll,msvcrt.dll,ADVAPI32.dll,RPCRT4.dll,
GDI32.dll,USER32.dll,SHLWAPI.dll,SHELL32.dll,ole32.dll,OLEAUT32.dll,BROWSEUI.dll
,SHDOCVW.dll,CRYPT32.dll,MSASN1.dll,CRYPTUI.dll,WINTRUST.dll,IMAGEHLP.dll,NETAPI
32.dll,WININET.dll,WLDAP32.dll,VERSION.dll,UxTheme.dll,ShimEng.dll,AcGenral.DLL,
WINMM.dll,MSACM32.dll,USERENV.dll,IMM32.DLL,LPK.DLL,USP10.dll,comctl32.dll,comct
l32.dll,apphelp.dll,msctfime.ime,CLBCATQ.DLL,COMRes.dll,cscui.dll,CSCDLL.dll,the
meui.dll,Secur32.dll,MSIMG32.dll,xpsp2res.dll,scrchpg.dll,msutb.dll,MSCTF.dll,SA
MLIB.dll,SETUPAPI.dll,LINKINFO.dll,ntshrui.dll,ATL.DLL,urlmon.dll,NETSHELL.dll,r
tutils.dll,credui.dll,WS2_32.dll,WS2HELP.dll,iphlpapi.dll,msi.dll,WINSTA.dll,web
check.dll,WSOCK32.dll,safemon.dll,stobject.dll,BatMeter.dll,POWRPROF.dll,WTSAPI3
2.dll,wdmaud.drv,msacm32.drv,midimap.dll,nvcpl.dll,comdlg32.dll,WINSPOOL.DRV,OLE
ACC.dll,MSVCP60.dll,NTMARTA.DLL,nvshell.dll,rsaenh.dll,MPR.dll,drprov.dll,ntlanm
an.dll,NETUI0.dll,NETUI1.dll,NETRAP.dll,davclnt.dll,SXS.DLL,shdoclc.dll,Unlocker
COM.dll,rarext.dll,nppcm.dll,ShellEx.dll,MSVCR80.dll,MSVCP80.dll,browselc.dll,DU
SER.dll,MSGINA.dll,ODBC32.dll,odbcint.dll,MLANG.dll,winabc.ime,jscript.dll,klsca
v.dll,gdiplus.dll,mscms.dll,mydocs.dll,prremote.dll,prloader.dll,quartz.dll,msdm
o.dll,l3codeca.acm,RASAPI32.DLL,rasman.dll,TAPI32.dll,msv1_0.dll,sensapi.dll,MSV
FW32.dll,wmvcore.dll,wmidx.dll,WMASF.DLL,DRMClien.DLL,shimgvw.dll,actxprxy.dll,z
ipfldr.dll,sendmail.dll,shgina.dll"
"inetinfo.exe","504","ntdll.dll,kernel32.dll,msvcrt.dll,ADVAPI32.dll,RPCRT4.dll,
USER32.dll,GDI32.dll,ole32.dll,IisRTL.DLL,WS2_32.dll,WS2HELP.dll,IMM32.DLL,LPK.D
LL,USP10.dll,rpcref.dll,iisadmin.dll,VSSAPI.DLL,ATL.DLL,OLEAUT32.dll,NETAPI32.dl
l,COADMIN.dll,SHELL32.dll,SHLWAPI.dll,ADMWPROX.dll,comctl32.dll,comctl32.dll,uxt
heme.dll,xpsp2res.dll,CLBCATQ.DLL,COMRes.dll,VERSION.dll,metadata.dll,rsaenh.dll
,CRYPT32.dll,MSASN1.dll,nsepm.dll,IISMAP.dll,schannel.dll,Secur32.dll,USERENV.dl
l,wamreg.dll,admexs.dll,svcext.dll,Security.dll,SAMLIB.dll,SMTPSVC.dll,INFOCOMM.
dll,ISATQ.dll,IISFECNV.dll,WSOCK32.dll,DNSAPI.dll,FCACHDLL.dll,RWNH.dll,exstrace
.dll,STAXMEM.dll,NTDSAPI.dll,WLDAP32.dll,w3svc.dll,lonsint.dll,mswsock.dll,hnetc
fg.dll,wshtcpip.dll,wintrust.dll,IMAGEHLP.dll,iscomlog.dll,sspifilt.dll,seo.dll,
iphlpapi.dll,compfilt.dll,aqueue.dll,gzip.dll,pwsdata.dll,md5filt.dll,wdigest.dl
l,httpext.dll,iislog.dll"
 
所有进程及所被调用的模块显示完毕.按任意键返回.COPY

这样子看毛.....我宁愿去看小说..

somebody

原帖由 随风 于 2008-1-8 00:24 发表
原来纯批也可以做到这么厉害，佩服！！！

厉个鬼~~~
几百年前我somebody不是在狂跟你研究这个问题吖，普通人，你就忘了....

foxJL

仅得dll完全路径的代码已在顶楼更新,不过又多了一个选项.
因为网页不能处理tab,都用了空格代替
下面代码红色部分应该是TAB:
for /f "delims=tab  tokens=1,6" %%j in ('type particular.txt ^| find /i "%%i"') do (
     echo %%j---%%k
    )
---------------------------
set particular=!particular:tab=-!

[ 本帖最后由 foxJL 于 2008-1-8 01:25 编辑 ]

somebody

原帖由 foxJL 于 2008-1-8 01:17 发表
因为网页不能处理tab,都用了空格代替
下面代码红色部分应该是TAB:
for /f "delims=tab  tokens=1,6" %%j in ('type particular.txt ^| find /i "%%i"') d ...

---------------------------------------------------------------------------------------------------------------------
哈，不是网页不能处理tab，是CMD里你用不了tab,制表符你得用VBS操作
可不就是了，用批处理来处理msinfo32导出来的文本，那个结果我想连你自己都看不下去....
虽然你把CMD窗口调大了...
执行效率也是个大问题..

以下是测试时出错截图...查的是调用指定DLL的所有进程，出来的却是DLL。这东西不就是用tasklist，真正用到的技术含量不怎么有.
有的是你在处理过程中用到的批处理语法功底..

foxJL

cmd是可以用TAB的,可能是你代码编辑器的问题,我用的是:Notepad2.
下面是我测试查看DLL完全路径的结果,看起来似乎不是很累.

jscript---c:\windows\system32\jscript.dll
vbscript---c:\windows\system32\vbscript.dll
mfc42---c:\windows\system32\mfc42.dll
mfc42loc---c:\windows\system32\mfc42loc.dll
MSIMTF---c:\windows\system32\msimtf.dll
msohev---c:\program files\microsoft office\office11\msohev.dll
mpr---c:\windows\system32\mpr.dll
drprov---c:\windows\system32\drprov.dll
ntlanman---c:\windows\system32\ntlanman.dll
netui0---c:\windows\system32\netui0.dll
netui1---c:\windows\system32\netui1.dll
netrap---c:\windows\system32\netrap.dll
samlib---c:\windows\system32\samlib.dll
davclnt---c:\windows\system32\davclnt.dll
shgina---c:\windows\system32\shgina.dll
msgina---c:\windows\system32\msgina.dll
winsta---c:\windows\system32\winsta.dll
odbc32---c:\windows\system32\odbc32.dll
comdlg32---c:\windows\system32\comdlg32.dll
odbcint---c:\windows\system32\odbcint.dll
Audiodev---c:\windows\system32\audiodev.dll
wmvcore---c:\windows\system32\wmvcore.dll
wmasf---c:\windows\system32\wmasf.dll
wdmaud---c:\windows\system32\wdmaud.drv
msacm32---c:\windows\system32\msacm32.drv
msacm32---c:\windows\system32\msacm32.dll
midimap---c:\windows\system32\midimap.dll
Flash9e---c:\windows\system32\macromed\flash\flash9e.ocx
xpsp3res---c:\windows\system32\xpsp3res.dll
schannel---c:\windows\system32\schannel.dll
imgutil---c:\windows\system32\imgutil.dll
pngfilt---c:\windows\system32\pngfilt.dll
ddrawex---c:\windows\system32\ddrawex.dll
ddraw---c:\windows\system32\ddraw.dll
dciman32---c:\windows\system32\dciman32.dll
dxtrans---c:\windows\system32\dxtrans.dll
atl---c:\windows\system32\atl.dll
dxtmsft---c:\windows\system32\dxtmsft.dll
mshtmled---c:\windows\system32\mshtmled.dll
iepeers---c:\windows\system32\iepeers.dll
winspool---c:\windows\system32\winspool.drv
mshtmler---c:\windows\system32\mshtmler.dllCOPY

至于说效率问题,在start msinfo32的时候确实要等待片刻,但显示的时候好像比你VBS代码还快一点点.

你说的功能 3通过模块找到所调用它的进程,在这里每一段第1句就是进程名,第2句是PID符,还是应该很容易看出来的吧.

我开始就说了没有做界面美化,实用为主,我不想为了这些无所谓的细节浪费过多的代码.

somebody

开玩笑，比我的VBS快！
你获取的是单个进程调用的模块
我获取的是所有进程调用的模块````这什么概念来的
而且我整个过程是动态的，而你调用msinfo32时等个半天，人家以为没响应会关掉。
----------------------------------------------------------------
功能3是列出进程
你列出DLL做什么..!
------------------------------------------------------------------
我图都截出来了，你还能怎么说，你那些代码是文本来的，你截图出来看看吖
别乱说什么代码编辑器
我直接用记事本保存你的代码，双击自然用CMD解析
不要说什么代码编辑器问题...排版就是这样乱，你那个好看的，除非是你改过代码..
----------------------------------------------------------------------------------------------------
你说做美观就是搞无谓的细节，你这不是在讽刺我..你做不了美化就别说别人...
人家做美化还不是为了别人用着舒服，这是搞安全批处理，你做出来不美观，不方便人家分析，你懂不！搞出来若跟垃圾一样难看，谁还想用....
-----------------------------------------------------------------------------------------
贴子不是发出来给我somebody和你foxJL两个人看的...不是你不理会人家其他人就不会判断..

[ 本帖最后由 somebody 于 2008-1-8 18:43 编辑 ]

foxJL

不相信算了,费事理你.

hjh700913

顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶顶

caruko

ntsd 可以列出程序的详细模块的路径, 起始内存地址...
tasklist 太落后了...

qwd

估计是版本不同 你的Notepad2  我系统都只有notepad.exe 没那个2的
速度和排版对我们来说就是有问题啊！不过在列举上下了一番功夫也算是有心了！
somebody 也的确曾在群里大搞过此法最终是在速度和排版上放弃了！这都是几年前的事了！