[新手上路]批处理新手入门导读[视频教程]批处理基础视频教程[视频教程]VBS基础视频教程[批处理精品]批处理版照片整理器
[批处理精品]纯批处理备份&还原驱动[批处理精品]CMD命令50条不能说的秘密[在线下载]第三方命令行工具[在线帮助]VBScript / JScript 在线参考
返回列表 发帖
lxzzr

Rank: 8Rank: 8

帖子
682 
积分
1686 
技术
48  
捐助
0  
注册时间
2008-3-13 
1 跳转到 » 倒序看帖
打印
tT
发表于 2009-7-19 01:11 | 只看该作者

转载几个系统监视的VBS脚本

脚本来自微软官方,(其中有几个未做测试,第7个略做修改)
这是个好“地方”:http://www.microsoft.com/china/technet/community/scriptcenter/default.mspx
1.监视进程创建
  1.  

  2. strComputer = "."

  3. Set objWMIService = GetObject("winmgmts:" _

  4.     & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

  5. Set colMonitoredProcesses = objWMIService. _        

  6.     ExecNotificationQuery("select * from __instancecreationevent " _ 

  7.         & " within 1 where TargetInstance isa 'Win32_Process'")

  8. i = 0

  9. Do While i = 0

  10.     Set objLatestProcess = colMonitoredProcesses.NextEvent

  11.     Wscript.Echo objLatestProcess.TargetInstance.Name

  12. Loop
复制代码
2.监视进程退出
  1.  

  2. strComputer = "."

  3. Set objWMIService = GetObject("winmgmts:" _

  4.     & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

  5. Set colMonitoredProcesses = objWMIService. _

  6.     ExecNotificationQuery("select * from __instancedeletionevent " _ 

  7.             & "within 1 where TargetInstance isa 'Win32_Process'")

  8. i = 0

  9. Do While i = 0

  10.     Set objLatestProcess = colMonitoredProcesses.NextEvent

  11.     Wscript.Echo objLatestProcess.TargetInstance.Name

  12. Loop
复制代码
3.监视服务状态的改变
  1. strComputer = "."

  2. Set objWMIService = GetObject("winmgmts:" _

  3. & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

  4. Set colServices = objWMIService. _ 

  5. ExecNotificationQuery("Select * from __instancemodificationevent " _ 

  6. & "within 30 where TargetInstance isa 'Win32_Service'")

  7. i = 0

  8. Do While i = 0

  9. Set objService = colServices.NextEvent

  10. If objService.TargetInstance.State <> _ 

  11. objService.PreviousInstance.State Then

  12. Wscript.Echo objService.TargetInstance.Name _ 

  13. & " is " & objService.TargetInstance.State _

  14. & ". The service previously was " & objService.PreviousInstance.State & "."

  15. End If

  16. Loop
复制代码
4.监视可用磁盘空间
  1.  

  2. Const LOCAL_HARD_DISK = 3

  3. strComputer = "."

  4. Set objWMIService = GetObject("winmgmts:" _

  5.     & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

  6. Set colMonitoredDisks = objWMIService.ExecNotificationQuery _

  7.     ("Select * from __instancemodificationevent within 30 where " _

  8.         & "TargetInstance isa 'Win32_LogicalDisk'")

  9. i = 0

  10. Do While i = 0

  11.     Set objDiskChange = colMonitoredDisks.NextEvent

  12.     If objDiskChange.TargetInstance.DriveType = LOCAL_HARD_DISK Then

  13.         If objDiskChange.TargetInstance.Size < 100000000 Then

  14.             Wscript.Echo "Hard disk space is below 100000000 bytes."

  15.         End If

  16.     End If

  17. Loop
复制代码
5.监视磁盘驱动器的剩余空间
  1.  

  2. strComputer = "."

  3. Set objWMIService = GetObject("winmgmts:" _

  4.     & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

  5. Set colDiskDrives = objWMIService.ExecQuery _

  6.     ("Select * from win32_perfformatteddata_perfdisk_logicaldisk where Name <> '_Total'")

  7. For each objDiskDrive in colDiskDrives

  8.     Wscript.Echo "Drive Name: " & objDiskDrive.Name

  9.     Wscript.Echo "Free Space: " & objDiskDrive.FreeMegabytes

  10. Next
复制代码
6.监视事件日志
  1. strComputer = "."

  2. Set objWMIService = GetObject("winmgmts:" _

  3. & "{impersonationLevel=impersonate, (Security)}!\\" & strComputer & "\root\cimv2")

  4. Set colMonitoredEvents = objWMIService.ExecNotificationQuery _ 

  5. ("Select * from __instancecreationevent where TargetInstance isa 'Win32_NTLogEvent' and TargetInstance.EventCode = '533' ")

  6. Do

  7. Set objLatestEvent = colMonitoredEvents.NextEvent

  8. strAlertToSend = objLatestEvent.TargetInstance.User _ 

  9. & " attempted to access DatabaseServer."

  10. Wscript.Echo strAlertToSend

  11. Loop
复制代码
7.监视用户登陆
  1. StrComputer = "."

  2. Set objWMIService = GetObject("winmgmts:" _

  3. & "{impersonationLevel=impersonate, (Security)}!\\" & strComputer & "\root\cimv2")

  4. Set colMonitoredEvents = objWMIService.ExecNotificationQuery _ 

  5. ("Select * from __instancecreationevent where TargetInstance isa 'Win32_NTLogEvent' and TargetInstance.EventCode = '528' ")

  6. Do

  7. Set objLatestEvent = colMonitoredEvents.NextEvent

  8. strAlertToSend = objLatestEvent.TargetInstance.user _ 

  9. &MSGBOX ("某个用户已经成功登陆此计算机!.",48,"警告!")

  10. Loop
复制代码
8.监视注册表子项事件
  1. Set wmiServices = GetObject("winmgmts:root/default") 

  2. Set wmiSink = WScript.CreateObject("WbemScripting.SWbemSink", "SINK_") 

  3. wmiServices.ExecNotificationQueryAsync wmiSink, _ 

  4. "SELECT * FROM RegistryKeyChangeEvent WHERE Hive='HKEY_LOCAL_MACHINE' AND " & _ 

  5. "KeyPath='SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion'" 

  6. WScript.Echo "Listening for Registry Change Events..." & vbCrLf 

  7. While(1) 

  8. WScript.Sleep 1000 

  9. Wend 

  10. Sub SINK_OnObjectReady(wmiObject, wmiAsyncContext) 

  11. WScript.Echo "Received Registry Change Event" & vbCrLf & _ 

  12. "------------------------------" & vbCrLf & _ 

  13. wmiObject.GetObjectText_() 

  14. End Sub
复制代码

[ 本帖最后由 lxzzr 于 2009-7-19 01:37 编辑 ]
2

评分人数

收藏 分享
公钥

Batcher

Rank: 12Rank: 12Rank: 12

帖子
14935 
积分
46142 
技术
857  
捐助
745  
注册时间
2008-6-9 
2
发表于 2009-7-19 09:24 | 只看该作者
微软脚本中心实乃初学者必到之处^_^
我帮忙写的代码不需要付钱。如果一定要给,请在微信群或QQ群发给大家吧。
【微信公众号、微信群、QQ群】http://bbs.bathome.net/thread-3473-1-1.html
【支持批处理之家,加入VIP会员!】http://bbs.bathome.net/thread-67716-1-1.html

TOP

BBCC

Rank: 5Rank: 5

帖子
245 
积分
914 
技术
1  
捐助
0  
注册时间
2008-10-25 
3
发表于 2009-7-19 18:52 | 只看该作者
可惜bat不能做实时监控啊...
for /f "delims=" %%a in ('%0') do (echo %%a)

TOP

Taurus

Rank: 5Rank: 5

帖子
181 
积分
634 
技术
7  
捐助
0  
注册时间
2009-1-6 
4
发表于 2009-11-12 06:22 | 只看该作者
原帖由 BBCC 于 2009-7-19 18:52 发表
可惜bat不能做实时监控啊...

应该可以,只是Wscript.Sleep较节省资源
'>nul 2>nul&@echo off&cls&color 70&setlocal EnableDelayedExpansion&set Get=2&set /a BSc=59&set /a BSl=3&set sec=%time:~3,2%&set min=0&mode con: cols=!BSc! lines=!BSl!&title C^:\^>Process Monitor_
':setPuocess>nul 2>nul
'>nul 2>nul&cls&echo.          Please input the name of target process^:
'>nul 2>nul&set /p Puocess1= ^>
'>nul 2>nul&if "!Puocess1!"=="" goto :setPuocess>nul 2>nul
':SetAlarm>nul 2>nul
'>nul 2>nul&cls&echo. If catch up the target object then send out alarm ? (Y/N)
'>nul 2>nul&set /p alarm= ^>
'>nul 2>nul&If !alarm!==Y (set "alarm1=   ALARM  ON"&set "alarm2=   ALARM OFF "&set "c1=a"&set "c2=c"&goto :box>nul 2>nul)
'>nul 2>nul&If !alarm!==y (set "alarm1=   ALARM  ON"&set "alarm2=   ALARM OFF "&set "c1=a"&set "c2=c"&goto :box>nul 2>nul)
'>nul 2>nul&If !alarm!==N (set "alarm2=   ALARM  ON"&set "alarm1=   ALARM OFF "&set "c2=a"&set "c1=c"&goto :box>nul 2>nul)
'>nul 2>nul&If !alarm!==n (set "alarm2=   ALARM  ON"&set "alarm1=   ALARM OFF "&set "c2=a"&set "c1=c"&goto :box>nul 2>nul)
'>nul 2>nul&goto :SetAlarm>nul 2>nul
':box>nul 2>nul
'>nul 2>nul&set /a BSc-=2
'>nul 2>nul&mode con: cols=!BSc!
'>nul 2>nul&If not !BSc!==15 ( goto :box>nul 2>nul )
'>nul 2>nul&title !min! /mins
':loop>nul 2>nul
'>nul 2>nul&cls&color 0a
'>nul 2>nul&if not %time:~3,2%==!sec! ( set /a min+=1 &set sec=%time:~3,2%&title  !min! /mins )
'>nul 2>nul&for /f  "skip=3" %%a in ('tasklist /svc /fi "imagename eq !Puocess1!" 2^>NUL') do set Puocess2=%%a
'>nul 2>nul&if "!Puocess1!"=="!Puocess2!" set Get=1
'>nul 2>nul&call color %%c!Get!%%0&echo.&call echo.%%alarm!Get!%%&set Get=2&set Puocess2=
'>nul 2>nul&CScript.EXE ""%0 2"" //Nologo //e:VBS
'>nul 2>nul&goto :loop>nul 2>nul
Wscript.Sleep 1000
带内地用语或带里语的文章,在下读写总觉有点吃力;
如误解了各位意思的讲勿见怪   ^_^

TOP

spfnug

Rank: 2

帖子
14 
积分
142 
技术
1  
捐助
0  
注册时间
2009-7-14 
5
发表于 2009-11-29 16:36 | 只看该作者
如果想同时监视进程和服务该怎么写呢?

TOP

keen

Rank: 8Rank: 8

帖子
593 
积分
4452 
技术
1  
捐助
0  
注册时间
2008-8-10 
6
发表于 2009-11-29 18:20 | 只看该作者

回复 5楼 的帖子

在别人的帖子里面跟帖提问的话,很少有人能看到你的问题,愿意回答问题的就更少了。以后有问题请到相应版块单独发帖提问,这样才可能使问题得到快速的解决。
(*^_^*)

TOP

返回列表