Board logo

标题: 批处理如何识别系统服务? [打印本页]

作者: youxi01    时间: 2007-11-24 16:21     标题: 批处理如何识别系统服务?

如题:
有些服务是微软提供的,而有些服务则是用户添加的,利用批处理如何识别其中的微软提供的系统服务?
作者: ddyxxt    时间: 2008-1-21 04:08

本帖最后由 ddyxxt 于 2011-10-25 23:44 编辑

中华人民共和国万岁
作者: foxJL    时间: 2008-1-21 13:20

发个低效率的,而且只能查看正在运行的服务.
因为网页上有些字符不能处理,请下载附件测试.
  1. @echo off&setlocal enabledelayedexpansion
  2. ::code by foxjl@bbs.bathome.net
  3. mode con cols=150 lines=80
  4. echo/&echo/
  5. del %temp%\swenvservices.txt 2>nul&del %temp%\swenvloadedmodules.txt 2>nul
  6. start msinfo32 /categories +swenvservices /report %temp%\swenvservices.txt
  7. start msinfo32 /categories +swenvloadedmodules /report %temp%\swenvloadedmodules.txt
  8. set/p=  数据准备中,请稍等.<nul
  9. for /l %%a in (1,1,1000) do (
  10. if exist %temp%\swenvservices.txt (if exist %temp%\swenvloadedmodules.txt (goto start))
  11. for %%i in (- \ ^| /) do (
  12.   for /l %%j in (1,1,21) do (set/p=<nul)
  13.   set/p=%%i<nul&ping /n 1 127.1>nul
  14. )
  15. )
  16. :start
  17. cls
  18. for /f "skip=33 delims=  tokens=1-6" %%a in ('type "%temp%\swenvservices.txt"') do (
  19. set name=%%a
  20. for /f "tokens=1-2 delims=-/" %%x in ("%%f") do (
  21. set paths=%%~x
  22. set paths=!paths:"=!
  23. call :look
  24. )
  25. )
  26. pause>nul
  27. :look
  28. for /f "delims=  tokens=1-6" %%i in ('type "%temp%\swenvloadedmodules.txt"') do (
  29. if /i "%%n"=="!paths!" (echo.名称:!name!--路径:!paths!---制造制:%%m)
  30. )
  31. goto :eof
复制代码

作者: xxx3212    时间: 2008-1-21 19:55

Windows 找不到文件 'msinfo32'。请确定文件是否存在
作者: foxJL    时间: 2008-1-21 20:02

msinfo32.exe 是一个外部程序,我的XP有自带,不知你用的是什么系统.
作者: somebody    时间: 2008-1-22 22:23

回复2楼:

vbs调用WMI获取文件制造商
  1. Dim FilePath,WMIPathMode
  2. FilePath=InputBox("请输入文件全路径(例如以下路径格式)","文件路径","C:\windows\system32\user32.dll")
  3. If FilePath <> "" Then
  4. WMIPathMode=Replace(FilePath,"\","\\")
  5. Set OBJWMI = GetObject("winmgmts:\\.\root\CIMV2")
  6. Set colManufacturer = OBJWMI.ExecQuery("SELECT * FROM CIM_DataFile Where Name='" & WMIPathMode & "'")
  7.     For Each OBJManufacturer In colManufacturer
  8.         If Trim(OBJManufacturer.Manufacturer) <> "" Then
  9.       MsgBox "文件全路径是: "&LCase(Trim(OBJManufacturer.Name))&chr(10)&"文件制造商是: "&Trim(OBJManufacturer.Manufacturer)
  10.         Else
  11.           MsgBox "文件全路径是: "&LCase(Trim(OBJManufacturer.Name))&chr(10)&"文件制造商是:空"
  12.         End If
  13.     Next
  14. End If
复制代码
直接用wmic:
  1. wmic datafile where name="c:\\windows\\system32\\notepad.exe" get Manufacturer
复制代码
你想获取服务的制造商~~可以参考参考这个

关于服务的:
批处理结合VBS获取服务基本状态:

本来可以直接用VBS搞定的,最近搞VBS比较频繁,就用用批处理吧..结合一下练练手..
  1. @echo off
  2. cls
  3. echo set OBJWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")>ServiceStatus.vbs
  4. echo set colInstalledServices = OBJWMIService.ExecQuery("Select * From Win32_Service")>>ServiceStatus.vbs
  5. echo For Each OBJService in colInstalledServices>>ServiceStatus.vbs
  6. echo Wscript.Echo OBJService.State ^& vbTab ^& OBJService.DisplayName>>ServiceStatus.vbs
  7. echo Next>>ServiceStatus.vbs
  8. cscript //nologo ServiceStatus.vbs >ServiceStatus.txt
  9. for /f "skip=1 tokens=2 delims=:" %%i in ('find /v /c "" ServiceStatus.txt') do set total=%%i
  10. for /f "skip=1 tokens=2 delims=:" %%a in ('find /i /c "running" ServiceStatus.txt') do set rcount=%%a
  11. for /f "skip=1 tokens=2 delims=:" %%x in ('find /i /c "Stopped" ServiceStatus.txt') do set scount=%%x
  12. ping -n 2 127.1 >nul 2>nul
  13. echo 计算机系统里安装的服务总共有%total% 个。
  14. echo.
  15. ping -n 3 127.1 >nul 2>nul
  16. echo 正在运行的服务有%rcount% 个。列表如下:
  17. echo.
  18. ping -n 3 127.1 >nul 2>nul
  19. for /f "skip=2 delims=" %%k in ('find /i "running" ServiceStatus.txt') do echo %%k
  20. ping -n 3 127.1 >nul 2>nul
  21. echo.
  22. echo 已经停止的服务有%scount% 个。列表如下:
  23. echo.
  24. ping -n 3 127.1 >nul 2>nul
  25. for /f "skip=2 delims=" %%p in ('find /i "stopped" ServiceStatus.txt') do echo %%p
  26. echo.
  27. ping -n 3 127.1 >nul 2>nul
  28. echo set OBJWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")>stoppable.vbs
  29. echo set colServices = objWMIService.ExecQuery("Select * From Win32_Service Where AcceptStop = True")>>stoppable.vbs
  30. echo For Each OBJService in colServices>>stoppable.vbs
  31. echo Wscript.Echo OBJService.State ^& vbTab ^& OBJService.DisplayName>>stoppable.vbs
  32. echo Next>>stoppable.vbs
  33. cscript //nologo stoppable.vbs >stoppable.txt
  34. for /f "skip=1 tokens=2 delims=:" %%e in ('find /i /c "running" stoppable.txt') do set srcount=%%e
  35. echo 可以停止但是正在运行的服务有%srcount% 个。列表如下:
  36. echo.
  37. ping -n 3 127.1 >nul 2>nul
  38. for /f "skip=2 delims=" %%g in ('find /i "running" stoppable.txt') do echo %%g
  39. ping -n 3 127.1 >nul 2>nul
  40. echo.
  41. for /f "skip=1 tokens=2 delims=:" %%j in ('find /i /c "stopped" stoppable.txt') do set sscount=%%j
  42. if not "%sscount%"==" 0" (
  43. echo 可以停止而且已经停止的服务有%sscount% 个。列表如下:
  44. echo.
  45. ping -n 3 127.1 >nul 2>nul
  46. for /f "skip=2 delims=" %%c in ('find /i "stopped" stoppable.txt') do echo %%c
  47. ) else echo 可以停止而且已经停止的服务有 0 个。
  48. del ServiceStatus.vbs stoppable.vbs ServiceStatus.txt stoppable.txt >nul
  49. pause
复制代码
关于服务的分类,可以参考这帖子:能分出system auto 等```
http://bbs.bathome.net/viewthread.php?tid=338
作者: 6589600    时间: 2008-1-25 03:53

测试了,很具体
计算机系统里安装的服务总共有57 个
已经停止的服务有38 个
已经停止的服务有38 个   正在运行的服务有19 个
“可以停止但是正在运行的服务有15个”这个有点模糊,真停了估计电脑也就到刚装好XP时的情景了,声卡,显卡什么的都不能用了吧
作者: fanscs    时间: 2008-7-10 09:27

回楼上的,开4-5个系统服务就完全可以使用XP了。再加点别的也就10-12个左右的进程。运行15个服务真是太多了。
作者: drwtsn66    时间: 2008-7-10 10:33

学习中................
作者: yaohaixu    时间: 2008-8-11 20:31     标题: 回复 1楼 的帖子

xp系统的cmd下不是有个命令可以查看的?其他系统的还不清楚。。。
  用sc就可以看见的了啊。。。
C:\>sc /?
*** Unrecognized Command ***
DESCRIPTION:
        SC is a command line program used for communicating with the
        NT Service Controller and services.
USAGE:
        sc <server> [command] [service name] <option1> <option2>...

        The option <server> has the form "\\ServerName"
        Further help on commands can be obtained by typing: "sc [command]"
        Commands:
          query-----------Queries the status for a service, or
                          enumerates the status for types of services.
          queryex---------Queries the extended status for a service, or
                          enumerates the status for types of services.
          start-----------Starts a service.
          pause-----------Sends a PAUSE control request to a service.
          interrogate-----Sends an INTERROGATE control request to a service.
          continue--------Sends a CONTINUE control request to a service.
          stop------------Sends a STOP request to a service.
          config----------Changes the configuration of a service (persistant).
          description-----Changes the description of a service.
          failure---------Changes the actions taken by a service upon failure.
          qc--------------Queries the configuration information for a service.
          qdescription----Queries the description for a service.
          qfailure--------Queries the actions taken by a service upon failure.
          delete----------Deletes a service (from the registry).
          create----------Creates a service. (adds it to the registry).
          control---------Sends a control to a service.
          sdshow----------Displays a service's security descriptor.
          sdset-----------Sets a service's security descriptor.
          GetDisplayName--Gets the DisplayName for a service.
          GetKeyName------Gets the ServiceKeyName for a service.
          EnumDepend------Enumerates Service Dependencies.

        The following commands don't require a service name:
        sc <server> <command> <option>
          boot------------(ok | bad) Indicates whether the last boot should
                          be saved as the last-known-good boot configuration
          Lock------------Locks the Service Database
          QueryLock-------Queries the LockStatus for the SCManager Database
EXAMPLE:
        sc start MyService
作者: 愚无尽    时间: 2008-8-15 19:48

进来学习一下。,,k
作者: wanxibing    时间: 2008-12-9 23:13     标题: 如何使用批处理for 解析 注册表中的路径

内容 我用for 从注册表中解析用户桌面路径为何不完整呢 代码如下:FOR /f "tokens=3 usebackq " %%i in (`Reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v desktop `) do set SID=%%i运行结果 为 "D:\我的文档\Administrato" 还差了 "r/桌面"注我的桌面为 D:\我的文档\Administrator\桌面 请高手指点
作者: xiong8707    时间: 2008-12-25 23:14     标题: 这也太多了点吧

计算机系统里安装的服务总共有 86 个。

正在运行的服务有 42 个。列表如下:

Running Application Layer Gateway Service
Running Windows Audio
Running 卡巴斯基反病毒6.0 Windows工作站
Running Computer Browser
Running Cryptographic Services
Running DCOM Server Process Launcher
Running DHCP Client
Running Logical Disk Manager
Running DNS Client
Running Event Log
Running COM+ Event System
Running Fast User Switching Compatibility
Running 卡巴斯基网络代理
Running Server
Running Workstation
Running TCP/IP NetBIOS Helper
Running Network Connections
Running Network Location Awareness (NLA)
Running NVIDIA Display Driver Service
Running Plug and Play
Running IPSEC Services
Running Protected Storage
Running Remote Access Connection Manager
Running Remote Procedure Call (RPC)
Running Security Accounts Manager
Running Task Scheduler
Running Secondary Logon
Running System Event Notification
Running Windows Firewall/Internet Connection Sharing (ICS)
Running Shell Hardware Detection
Running Print Spooler
Running SSDP Discovery Service
Running Windows Image Acquisition (WIA)
Running Telephony
Running Terminal Services
Running Themes
Running Distributed Link Tracking Client
Running Windows Time
Running WebClient
Running Windows Management Instrumentation
Running Automatic Updates
Running Wireless Zero Configuration

已经停止的服务有 44 个。列表如下:

Stopped Adobe LM Service
Stopped Alerter
Stopped Application Management
Stopped Background Intelligent Transfer Service
Stopped Contrl Center of Storm Media
Stopped Indexing Service
Stopped ClipBook
Stopped COM+ System Application
Stopped Logical Disk Manager Administrative Service
Stopped Error Reporting Service
Stopped Help and Support
Stopped Human Interface Device Access
Stopped HTTP SSL
Stopped IMAPI CD-Burning COM Service
Stopped Messenger
Stopped NetMeeting Remote Desktop Sharing
Stopped Distributed Transaction Coordinator
Stopped Windows Installer
Stopped Network DDE
Stopped Network DDE DSDM
Stopped Net Logon
Stopped NT LM Security Support Provider
Stopped Removable Storage
Stopped Office Source Engine
Stopped Remote Access Auto Connection Manager
Stopped Remote Desktop Help Session Manager
Stopped Routing and Remote Access
Stopped Remote Registry
Stopped Remote Procedure Call (RPC) Locator
Stopped QoS RSVP
Stopped Smart Card
Stopped System Restore Service
Stopped MS Software Shadow Copy Provider
Stopped Performance Logs and Alerts
Stopped Telnet
Stopped Windows User Mode Driver Framework
Stopped Universal Plug and Play Device Host
Stopped Uninterruptible Power Supply
Stopped Volume Shadow Copy
Stopped Portable Media Serial Number Service
Stopped Windows Management Instrumentation Driver Extensions
Stopped WMI Performance Adapter
Stopped Security Center
Stopped Network Provisioning Service

可以停止但是正在运行的服务有 35 个。列表如下:

Running Application Layer Gateway Service
Running Windows Audio
Running Computer Browser
Running Cryptographic Services
Running DHCP Client
Running Logical Disk Manager
Running DNS Client
Running COM+ Event System
Running Fast User Switching Compatibility
Running 卡巴斯基网络代理
Running Server
Running Workstation
Running TCP/IP NetBIOS Helper
Running Network Connections
Running Network Location Awareness (NLA)
Running NVIDIA Display Driver Service
Running IPSEC Services
Running Protected Storage
Running Remote Access Connection Manager
Running Task Scheduler
Running Secondary Logon
Running System Event Notification
Running Windows Firewall/Internet Connection Sharing (ICS)
Running Shell Hardware Detection
Running Print Spooler
Running SSDP Discovery Service
Running Windows Image Acquisition (WIA)
Running Telephony
Running Themes
Running Distributed Link Tracking Client
Running Windows Time
Running WebClient
Running Windows Management Instrumentation
Running Automatic Updates
Running Wireless Zero Configuration

可以停止而且已经停止的服务有 0 个。
请按任意键继续. . .
作者: lxzzr    时间: 2009-4-7 00:43     标题: 回复 6楼 的帖子

非常批处理 WMI板块的斑竹,呵呵,见识了
作者: lxzzr    时间: 2009-4-11 01:22

一段简单的代码,服务里可执行文件路径过滤不是很严格....
  1. @echo off
  2. setlocal enabledelayedexpansion
  3. set /p service_name=请输入服务名:
  4. for /f "usebackq skip=1 tokens=1 delims= " %%a in (
  5. `"wmic service where name='%service_name%' get PathName"`
  6. ) do (
  7. set path_=%%a
  8. set path_=!path_:\=\\!
  9. )
  10. for /f "usebackq skip=1 tokens=1 delims= " %%a in (
  11. `"wmic datafile where name="!path_!" get Manufacturer"`
  12. ) do (
  13. if /i "%%a" == "Microsoft" (
  14. echo %service_name% 是系统服务.
  15. ) else (
  16. echo %service_name% 不是系统服务.
  17. )
  18. )
  19. pause>nul
复制代码





欢迎光临 批处理之家 (http://bathome.net./) Powered by Discuz! 7.2