Board logo

标题: 实时监视进程并终止该进程 [打印本页]

作者: fastslz    时间: 2008-1-23 11:40     标题: 实时监视进程并终止该进程

不算什么原创,脚本来自微软,只能算半原创
5秒提示方式
  1. On Error Resume Next
  2. strComputer = "."
  3. arrTargetProcs = Array("calc.exe")
  4. set objShell = CreateObject ("Wscript.Shell")
  5. Set SINK = WScript.CreateObject("WbemScripting.SWbemSink","SINK_")
  6. Set objWMIService = GetObject("winmgmts:" _
  7. & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
  8. objWMIService.ExecNotificationQueryAsync SINK, _
  9. "SELECT * FROM __InstanceCreationEvent WITHIN 1 " & _
  10. "WHERE TargetInstance ISA 'Win32_Process'"
  11. Do
  12.    WScript.Sleep 1000
  13. Loop
  14. Sub SINK_OnObjectReady(objLatestEvent, objAsyncContext)
  15. For Each strTargetProc In arrTargetProcs
  16.   If LCase(objLatestEvent.TargetInstance.Name) = LCase(strTargetProc) Then
  17.     ProcessName=objLatestEvent.TargetInstance.Name
  18.     objShell.Popup  Now & " 发现进程: " & ProcessName, 5, "提示信息"
  19.     intReturn = objLatestEvent.TargetInstance.Terminate
  20.     If intReturn = 0 Then
  21.       objShell.Popup  Now & " 终止进程: " & ProcessName & " 成功", 5, "提示信息"
  22.     Else
  23.       objShell.Popup  Now & " 终止进程: " & ProcessName & " 失败", 5, "提示信息"
  24.     End If
  25.   End If
  26. Next
  27. End Sub
复制代码
宁静日志方式(D:\kill.log)
  1. On Error Resume Next
  2. strComputer = "."
  3. arrTargetProcs = Array("calc.exe")
  4. set fso=Wscript.CreateObject("Scripting.FileSystemObject")
  5. set file=fso.OpenTextFile("D:\kill.log",2,True)
  6. Set SINK = WScript.CreateObject("WbemScripting.SWbemSink","SINK_")
  7. Set objWMIService = GetObject("winmgmts:" _
  8. & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
  9. objWMIService.ExecNotificationQueryAsync SINK, _
  10. "SELECT * FROM __InstanceCreationEvent WITHIN 1 " & _
  11. "WHERE TargetInstance ISA 'Win32_Process'"
  12. Do
  13.    WScript.Sleep 1000
  14. Loop
  15. Sub SINK_OnObjectReady(objLatestEvent, objAsyncContext)
  16. For Each strTargetProc In arrTargetProcs
  17.   If LCase(objLatestEvent.TargetInstance.Name) = LCase(strTargetProc) Then
  18.     ProcessName=objLatestEvent.TargetInstance.Name
  19.     file.Writeline  Now & " 发现进程: " & ProcessName
  20.     intReturn = objLatestEvent.TargetInstance.Terminate
  21.     If intReturn = 0 Then
  22.       file.Writeline  Now & " 终止进程: " & ProcessName & " 成功"
  23.     Else
  24.       file.Writeline  Now & " 终止进程: " & ProcessName & " 失败"
  25.     End If
  26.   End If
  27. Next
  28. End Sub
复制代码
arrTargetProcs = Array("calc.exe")把calc.exe(计算器)改为自己的程序名
监视多个进程可以用arrTargetProcs = Array("calc.exe","xx.exe","xxx.exe")


结束监视
  1. @echo off
  2. for /f "tokens=1" %%i in ('tasklist.exe') do echo %%i
  3. for /f "tokens=2" %%i in ('tasklist.exe^|find /i "wmiprvse"') do taskkill.exe /f /PID %%i
  4. taskkill.exe /f /im wscript.exe
  5. taskkill.exe /f /im unsecapp.exe
复制代码

[ 本帖最后由 fastslz 于 2008-1-24 10:44 编辑 ]
作者: 葱头    时间: 2008-4-22 20:39

路过~~~看看~~~顺便~~问问~~英语~~学不好~~对~学~VBS~应该比较困难吧!!!!




欢迎光临 批处理之家 (http://bathome.net./) Powered by Discuz! 7.2