1. 首页
  2. 问答
  3. VBScript SVCHOST容器检测

VBScript SVCHOST容器检测

2016-06-21 33 views
1

我m建立一个vb脚本,将连接到每台计算机,目标是检测在SVCHOST过程中运行的exe。VBScript SVCHOST容器检测

我该如何检测,如果这个可执行文件存在于SVCHOST之内,并且如果是这样终止了包含在这个可执行文件中的SVCHOST进程?

谢谢

来源

2016-06-21 user6495763

+0

什么是你的目标是什么?请详细描述一下! – Hackoo

回答

0

您可以使用此代码开头:

Option Explicit 
If Not WScript.Arguments.Named.Exists("elevate") Then 
    CreateObject("Shell.Application").ShellExecute WScript.FullName _ 
    , WScript.ScriptFullName & " /elevate", "", "runas", 1 
    WScript.Quit 
End If 

Dim objWMI,colObjects,MyProcess,Process,TheProcess,DetectionProgram,MyPID 
TheProcess = "svchost.exe" 
DetectionProgram = "DcomLaunch" 
Set objWMI = GetObject("winmgmts:\\.\root\cimv2") 
Set colObjects = objWMI.ExecQuery("Select * From Win32_Process where Caption='"& TheProcess &"'") 

For Each Process in colObjects 
    MyProcess = MyProcess & Process.CommandLine & vbcrlf & "PID = " & Process.ProcessID & vbcrlf 
Next 

Wscript.Echo MyProcess 

For Each Process in colObjects 
    If InStr(1,Ucase(Process.CommandLine),UCase(DetectionProgram)) >= 1 Then 
     MyPID = Process.ProcessID 
     wscript.echo "PID = " & MyPID 
     Call Kill(MyPID) 
    End If 
Next 

'**************************************************** 
Sub Kill(PID) 
    Dim Ws,Command,Execution 
    Set Ws = CreateObject("Wscript.Shell") 
    Command = "cmd /c Taskkill /F /PID "& PID &"" 
    Execution = Ws.Run(Command,0,True) 
    Set Ws = Nothing 
End Sub 
'****************************************************

来源

2016-06-21 19:26:21 Hackoo

+0

问题是SVCHOST里面是什么,如何选择它?该代码只会给我进程名称... SVCHOST包含其他进程,并且该exe是在一个SVCHOST内,我需要确定确切的SVCHOST来选择它并终止它 – user6495763

+0

@ user6495763检查我最后的编辑 – Hackoo

+1

非常聪明,谢谢 – user6495763

相关问题

 相关问题