VBScript SVCHOST容器检测
我m建立一个vb脚本,将连接到每台计算机,目标是检测在SVCHOST
过程中运行的exe。VBScript SVCHOST容器检测
我该如何检测,如果这个可执行文件存在于SVCHOST
之内,并且如果是这样终止了包含在这个可执行文件中的SVCHOST
进程?
谢谢
您可以使用此代码开头:
Option Explicit
If Not WScript.Arguments.Named.Exists("elevate") Then
CreateObject("Shell.Application").ShellExecute WScript.FullName _
, WScript.ScriptFullName & " /elevate", "", "runas", 1
WScript.Quit
End If
Dim objWMI,colObjects,MyProcess,Process,TheProcess,DetectionProgram,MyPID
TheProcess = "svchost.exe"
DetectionProgram = "DcomLaunch"
Set objWMI = GetObject("winmgmts:\\.\root\cimv2")
Set colObjects = objWMI.ExecQuery("Select * From Win32_Process where Caption='"& TheProcess &"'")
For Each Process in colObjects
MyProcess = MyProcess & Process.CommandLine & vbcrlf & "PID = " & Process.ProcessID & vbcrlf
Next
Wscript.Echo MyProcess
For Each Process in colObjects
If InStr(1,Ucase(Process.CommandLine),UCase(DetectionProgram)) >= 1 Then
MyPID = Process.ProcessID
wscript.echo "PID = " & MyPID
Call Kill(MyPID)
End If
Next
'****************************************************
Sub Kill(PID)
Dim Ws,Command,Execution
Set Ws = CreateObject("Wscript.Shell")
Command = "cmd /c Taskkill /F /PID "& PID &""
Execution = Ws.Run(Command,0,True)
Set Ws = Nothing
End Sub
'****************************************************
问题是SVCHOST里面是什么,如何选择它?该代码只会给我进程名称... SVCHOST包含其他进程,并且该exe是在一个SVCHOST内,我需要确定确切的SVCHOST来选择它并终止它 – user6495763
@ user6495763检查我最后的编辑 – Hackoo
非常聪明,谢谢 – user6495763
什么是你的目标是什么?请详细描述一下! – Hackoo