阻止进程运行
描述
< 的任何实例一创建好就立即将其终止的临时性事件消费程
序。
脚本代码
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" &
strComputer & "\root\cimv2")
Set colMonitoredProcesses = objWMIService. _       
ExecNotificationQuery("select * from
__instancecreationevent " _
& " within 1 where TargetInstance isa
'Win32_Process'")
i = 0
Do While i = 0
Set objLatestProcess =
colMonitoredProcesses.NextEvent
If objLatestProcess.TargetInstance.Name =
"" Then
objLatestProcess.TargetInstance.Terminate
End If
Loop
终止进程
描述
终止正在运行的 的任何实例。
脚本代码
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" &
strComputer & "\root\cimv2")
Set colProcessList = objWMIService.ExecQuery _
("Select * from Win32_Process Where Name =
''")
For Each objProcess in colProcessList
objProcess.Terminate()
Next
在远程计算机上创建进程
描述
在远程计算机上启动 。在 Windows XP 和 .NET Server
中,Notepad 将运行在隐藏窗口中。
脚本代码
strComputer = "webserver"
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" &
strComputer & "\root\cimv2:Win32_Process")
Error = objWMIService.Create("", null, null,
intProcessID)
If Error = 0 Then
Wscript.Echo "Notepad was started with a process ID
of " _
& intProcessID & "."
Else
Wscript.Echo "Notepad could not be started due to
error " & _
Error & "."
End If
在隐藏窗口中创建进程
描述
在本地计算机中(但是在隐藏窗口中)启动 。
脚本代码
Const HIDDEN_WINDOW = 12
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" &
strComputer & "\root\cimv2")
Set objStartup =
objWMIService.Get("Win32_ProcessStartup")
Set objConfig = objStartup.SpawnInstance_
objConfig.ShowWindow = HIDDEN_WINDOW
Set objProcess =
GetObject("winmgmts:root\cimv2:Win32_Process")
errReturn = objProcess.Create("", null,
objConfig, intProcessID)
确定进程所有权
描述
报告可以在其下运行计算机上的每个进程的帐户名。
脚本代码
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" &
strComputer & "\root\cimv2")
Set colProcessList = objWMIService.ExecQuery _
("Select * from Win32_Process")
For Each objProcess in colProcessList
colProperties =
objProcess.GetOwner(strNameOfUser,strUserDomain)
Wscript.Echo "Process " & objProcess.Name & " is owned
by " _
& strUserDomain & "\" & strNameOfUser & "."
Next
线程监视
描述信息
针对计算机上运行的所有进程返回
线程及线程状态列表。
脚本代码
Set objDictionary =
CreateObject("Scripting.Dictionary")
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" &
strComputer & "\root\cimv2")
Set colProcesses = objWMIService.ExecQuery _
("Select * from Win32_Process")
For each objProcess in colProcesses
objDictionary.Add objProcess.ProcessID,
objProcess.Name
Next
Set colThreads = objWMIService.ExecQuery _
("Select * from Win32_Thread")
For each objThread in colThreads
intProcessID = CInt(objThread.ProcessHandle)
strProcessName = objDictionary.Item(intProcessID)
Wscript.Echo strProcessName & VbTab &
objThread.ProcessHandle & _
VbTab & objThread.Handle & VbTab &
objThread.ThreadState
Next
更改正在运行的进程的优先级
描述
将正在运行的 的实例的优先级从 Normal 更改为 Above
Normal。需要 Windows XP 或 Windows .NET Server。
脚本代码
Const ABOVE_NORMAL = 32768
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" &
strComputer & "\root\cimv2")
Set colProcesses = objWMIService.ExecQuery _
("Select * from Win32_Process Where Name =
''")
For Each objProcess in colProcesses
objProcess.SetPriority(ABOVE_NORMAL)
Next
创建具有更高优先级的进程
描述
启动具有 Above Normal 优先级的 。
脚本代码
Const ABOVE_NORMAL = 32768
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" &
strComputer & "\root\cimv2")
Set objStartup =
objWMIService.Get("Win32_ProcessStartup")
Set objConfig = objStartup.SpawnInstance_
objConfig.PriorityClass = ABOVE_NORMAL
Set objProcess =
GetObject("winmgmts:root\cimv2:Win32_Process")
objProcess.Create "", Null, objConfig,
intProcessID
监视进程的创建
描述
在每次创建新的进程时,临时事件消费程序都发出警报。
脚本代码
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer
& "\root\cimv2")
Set colMonitoredProcesses = objWMIService. _       
ExecNotificationQuery("select * from
__instancecreationevent " _
& " within 1 where TargetInstance isa
'Win32_Process'")
i = 0
Do While i = 0
Set objLatestProcess =
colMonitoredProcesses.NextEvent
Wscript.Echo objLatestProcess.TargetInstance.Name
Loop
监视可用内存数量
描述
如果计算机上的可用内存数量降到 4 MB 以下就发出警报。需要 Windows XP 或 Windows
Server 2003。
脚本代码
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer
& "\root\cimv2")
set objRefresher =
CreateObject("WbemScripting.SWbemRefresher")
Set objMemory = objRefresher.AddEnum _
(objWMIService,
"Win32_
PerfFormattedData_PerfOS_Memory").objectSet
objRefresher.Refresh
Do
For each intAvailableBytes in objMemory
If intAvailableBytes.AvailableMBytes < 4 Then
Wscript.Echo "Available memory has fallen below
4 megabytes."
End If
Next
objRefresher.Refresh
Loop
监视进程的性能
描述
报告运行在计算机上的所有进程的统计信息(例如线程计数和工作集大小)。
脚本代码
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer
& "\root\cimv2")
Set colProcessList = objWMIService.ExecQuery _
("Select * from Win32_Process")
For Each objProcess in colProcessList
Wscript.Echo "Process: " & objProcess.Name
Wscript.Echo "Process ID: " & objProcess.ProcessID
Wscript.Echo "Thread Count: " & objProcess.ThreadCount
Wscript.Echo "Page File Size: " &
objProcess.PageFileUsage
Wscript.Echo "Page Faults: " & objProcess.PageFaults
Wscript.Echo "Working Set Size: " &
objProcess.WorkingSetSize
Next
监视进程的删除
描述
在每次进程终止时,临时事件消费程序都发出警报。
脚本代码
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer
& "\root\cimv2")
Set colMonitoredProcesses = objWMIService. _
ExecNotificationQuery("select * from
__instancedeletionevent " _
& "within 1 where TargetInstance isa
'Win32_Process'")
i = 0
Do While i = 0
Set objLatestProcess =
colMonitoredProcesses.NextEvent
Wscript.Echo objLatestProcess.TargetInstance.Name
Loop
监视进程的可用性
描述
识别假定的进程数据库是否正在运行。
脚本代码notepad++
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer
& "\root\cimv2")
Set colProcesses = objWMIService.ExecQuery _
("Select * from Win32_Process Where Name =
''")
If colProcesses.Count = 0 Then
Wscript.Echo " is not running."
Else
Wscript.Echo " is running."
End If
监视进程使用处理器的情况
描述
报告运行在计算机上的每个进程使用处理器的时间(以秒为单位)。
脚本代码
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer
& "\root\cimv2")
Set colProcesses = objWMIService.ExecQuery _
("Select * from Win32_process")
For Each objProcess in colProcesses
sngProcessTime = ( CSng(objProcess.KernelModeTime) +
_
CSng(objProcess.UserModeTime)) / 10000000
Next
确定在所有进程中运行的服务
描述
返回进程列表以及当前在每个进程中运行的所有服务。
脚本代码
set objIdDictionary =
CreateObject("Scripting.Dictionary")
strComp
uter = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" &
strComputer & "\root\cimv2")
Set colServices = objWMIService.ExecQuery _
("Select * from Win32_Service Where State <>
'Stopped'")
For Each objService in colServices
If objIdDictionary.Exists(objService.ProcessID)
Then
Else
objIdDictionary.Add objService.ProcessID,
objService.ProcessID
End If
Next
colProcessIDs = objIdDictionary.Items
For i = 0 to objIdDictionary.Count - 1
Set colServices = objWMIService.ExecQuery _
("Select * from Win32_Service Where ProcessID = '"
& _
colProcessIDs(i) & "'")
Wscript.Echo "Process ID: " & colProcessIDs(i)
For Each objService in colServices
Wscript.Echo VbTab & objService.DisplayName
Next
Next

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。