标题: 实时监视进程并终止该进程 [打印本页]
作者: fastslz 时间: 2008-1-23 11:40 标题: 实时监视进程并终止该进程
不算什么原创,脚本来自微软,只能算半原创
5秒提示方式- On Error Resume Next
- strComputer = "."
- arrTargetProcs = Array("calc.exe")
-
- set objShell = CreateObject ("Wscript.Shell")
- Set SINK = WScript.CreateObject("WbemScripting.SWbemSink","SINK_")
- Set objWMIService = GetObject("winmgmts:" _
- & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
- objWMIService.ExecNotificationQueryAsync SINK, _
- "SELECT * FROM __InstanceCreationEvent WITHIN 1 " & _
- "WHERE TargetInstance ISA 'Win32_Process'"
-
- Do
- WScript.Sleep 1000
- Loop
-
- Sub SINK_OnObjectReady(objLatestEvent, objAsyncContext)
- For Each strTargetProc In arrTargetProcs
- If LCase(objLatestEvent.TargetInstance.Name) = LCase(strTargetProc) Then
- ProcessName=objLatestEvent.TargetInstance.Name
- objShell.Popup Now & " 发现进程: " & ProcessName, 5, "提示信息"
- intReturn = objLatestEvent.TargetInstance.Terminate
- If intReturn = 0 Then
- objShell.Popup Now & " 终止进程: " & ProcessName & " 成功", 5, "提示信息"
- Else
- objShell.Popup Now & " 终止进程: " & ProcessName & " 失败", 5, "提示信息"
- End If
- End If
- Next
- End Sub
复制代码
宁静日志方式(D:\kill.log)- On Error Resume Next
- strComputer = "."
- arrTargetProcs = Array("calc.exe")
-
- set fso=Wscript.CreateObject("Scripting.FileSystemObject")
- set file=fso.OpenTextFile("D:\kill.log",2,True)
- Set SINK = WScript.CreateObject("WbemScripting.SWbemSink","SINK_")
- Set objWMIService = GetObject("winmgmts:" _
- & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
- objWMIService.ExecNotificationQueryAsync SINK, _
- "SELECT * FROM __InstanceCreationEvent WITHIN 1 " & _
- "WHERE TargetInstance ISA 'Win32_Process'"
-
- Do
- WScript.Sleep 1000
- Loop
-
- Sub SINK_OnObjectReady(objLatestEvent, objAsyncContext)
- For Each strTargetProc In arrTargetProcs
- If LCase(objLatestEvent.TargetInstance.Name) = LCase(strTargetProc) Then
- ProcessName=objLatestEvent.TargetInstance.Name
- file.Writeline Now & " 发现进程: " & ProcessName
- intReturn = objLatestEvent.TargetInstance.Terminate
- If intReturn = 0 Then
- file.Writeline Now & " 终止进程: " & ProcessName & " 成功"
- Else
- file.Writeline Now & " 终止进程: " & ProcessName & " 失败"
- End If
- End If
- Next
- End Sub
复制代码
arrTargetProcs = Array("calc.exe")把calc.exe(计算器)改为自己的程序名
监视多个进程可以用arrTargetProcs = Array("calc.exe","xx.exe","xxx.exe")
结束监视
-
- @echo off
- for /f "tokens=1" %%i in ('tasklist.exe') do echo %%i
- for /f "tokens=2" %%i in ('tasklist.exe^|find /i "wmiprvse"') do taskkill.exe /f /PID %%i
- taskkill.exe /f /im wscript.exe
- taskkill.exe /f /im unsecapp.exe
复制代码
[ 本帖最后由 fastslz 于 2008-1-24 10:44 编辑 ]
作者: 葱头 时间: 2008-4-22 20:39
路过~~~看看~~~顺便~~问问~~英语~~学不好~~对~学~VBS~应该比较困难吧!!!!
欢迎光临 批处理之家 (http://bathome.net./) |
Powered by Discuz! 7.2 |