减小字体
增大字体- ·上一篇文章:wmiexec应用脚本
- ·下一篇文章:wmic的对象
- ·百度中搜索更多的关于“显示进程加载的所有模块(*.dll)详细信息”相关内容
- ·谷歌中搜索更多的关于“显示进程加载的所有模块(*.dll)详细信息”相关内容
- ******申明******
- 本站文章内容有部分为收录网络中其他网友内容,DOS资源站不保证所有的代码都适合你使用。
- 由于编辑匆忙,有可能造成某些脚本文件出现丢失代码或代码无法运行的情况,请网友根据情况自行修改。
- 如果能将出错部分反馈给我,那就更好了。
显示进程加载的所有模块(*.dll)详细信息
这东西研究上月了,断断续续的,期间遇到N多困难,头疼到我差点疯掉,边学习边完成的,本来打算用批处理来做,发现想用批处理获取进程模块全路径简直难于登天,之后就决定用VBS来做...
个人请求:
这贴算是我研究WMI脚本的一个代表作吧...
希望本贴能被评为精华贴,置于显眼之处,以便能让更多的人学习学习、参考参考...
Tips:
1. 下载文件后,直接双击 module.vbs 即可
2. 整个过程大概需要1分钟,主要看进程个数以及CPU空闲情况而定,请尽量让脚本执行完毕不要中途退出
3. 若需要终止脚本,按 CTRL+C 即可,强烈建议不要
4. 脚本自动帮你开启了快速编辑模式,你可以很方便地进行必要复制
5. 其中对注册表的修改是为了浏览美观,任何时候退出程序都会还原对注册表的修改,放心使用
6. 脚本执行完毕后只需鼠标右键单击CMD窗口并且回车即可重复执行脚本
7.建议执行脚本前关闭所有IE浏览器,因为执行脚本过程若你的IE浏览器是打开的,这时会弹一个空白页 about:blank
8. 附上脚本程序运行结果预览图2张
9. 若是模块路径里含中英文混合,将会影响最终排版效果
代码:
' FileName: module.vbs
' Function: Capture information about the running processes in detail
' code by somebody
' QQ: 240460440
' LastModified: 2007-12-9 18:50
const HKEY_CURRENT_USER = &H80000001
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
strKeyPath = "Console\%SystemRoot%_system32_cmd.exe"
oReg.CreateKey HKEY_CURRENT_USER,strKeyPath
strValueName1 = "CodePage"
dwValue1 = 936
strValueName2 = "ScreenBufferSize"
dwValue2 = 98304200
strValueName3 = "WindowSize"
dwValue3 = 2818173
strValueName4 = "HistoryNoDup"
dwValue4 = 0
strValueName5 = "WindowPosition"
dwValue5 = 131068
strValueName6 = "QuickEdit"
dwValue6 = 2048
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName1,dwValue1
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName2,dwValue2
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName3,dwValue3
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName4,dwValue4
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName5,dwValue5
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName6,dwValue6
Dim objWSH, FinalPath
Set objWSH = WScript.CreateObject("WScript.Shell")
If (Lcase(Right(WScript.Fullname,11))="wscript.exe") Then
FinalPath = "'" & WScript.ScriptFullName & "'"
objWSH.Run("cmd.exe /k cscript //nologo " &Replace(FinalPath,"'",""""))
WScript.Quit
End If
oReg.DeleteKey HKEY_CURRENT_USER, strKeyPath
Set oReg = nothing
Wscript.Sleep 1000
Mystr = Array(115,111,109,101,98,111,100,121)
for i=0 to Ubound(Mystr)
author=author&chr(Mystr(i))
next
Wscript.Echo vbCr
Wscript.echo " code by " & author
Wscript.echo " LastModified: 2007-12-9 18:50"
Wscript.Sleep 2000
Wscript.Echo vbCr
str1 = " ╭━━╮╭━━╮╭╭━╮╭━━╮╭━━╮╭━━╮┏━━╮╭╮╭╮"
str4 = " ╰━╮┃┃┃┃┃┃╭╮┃┃╭━╯┃╭╮╮┃┃┃┃┃┃┃┃┃┃"
str6 = " ╰━━╯╰━━╯╰╯╰╯╰━━╯╰━━╯╰━━╯┗━━╯╰╯"
str3 = " ┃╰━╮┃┃┃┃┃┃┃┃┃╰━╮┃╰╯╯┃┃┃┃┃┃┃┃╰╮╭╯"
str5 = " ╭━╯┃┃╰╯┃┃┃┃┃┃╰━╮┃╰╯┃┃╰╯┃┃╰╯┃┃┃"
str2 = " ┃╭━╯┃╭╮┃┃┃┃╭━╯┃╭╮┃┃╭╮┃┃╭╮┃┃╰╯┃"
myArray = Array(str1,str2,str3,str4,str5,str6)
For each str in myArray
Wscript.Echo str
Next
WScript.Echo
WScript.Sleep 3000
WScript.Echo "当前正在运行的进程简要信息列表如下:"
WScript.Echo vbCrLf
WScript.Sleep 2000
Dim MyOBJProcessName
Set OBJWMIProcess = GetObject("winmgmts:\\.\root\cimv2").ExecQuery("Select * From Win32_Process")
WScript.Echo "Name: Priority: PID: Owner:" &vbTab&vbTab&"ExecutablePath: "
WScript.Echo "---------------------------------------------------------------------------------------"
For Each OBJProcess in OBJWMIProcess
MyOBJProcessName=OBJProcess.Name&" "
colProperties = OBJProcess.GetOwner(strNameOfUser,strUserDomain)
WScript.Echo Mid(MyOBJProcessName,1,20) &vbTab& OBJProcess.Priority &vbTab& OBJProcess.ProcessID &vbTab& strNameOfUser &vbTab&vbTab& OBJProcess.ExecutablePath
Next
WScript.Sleep 5000
WScript.Echo vbCrLf
WScript.Echo "当前正在运行的进程以及其加载的模块详细信息树状结构如下:"
WScript.Echo vbCrLf
WScript.Sleep 3000
WScript.Echo vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab& vbTab&"创建时间 文件制造商"
Set OBJWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
Set OBJRefresher = CreateObject("WbemScripting.SWbemRefresher")
Set colItems = OBJRefresher.AddEnum(OBJWMIService,"Win32_PerfFormattedData_PerfProc_FullImage_Costly").ObjectSet
OBJRefresher.Refresh
For Each OBJItem In colItems
Dim originalPath, ModulePath, WMIPathMode, FileManufacturer, LCaseModulePath
Dim FileExtension, mark, MyLCaseModulePath, FinalModulePath
originalPath = OBJItem.Name
ModulePath = Split(originalPath,"/")
WMIPathMode = Replace(ModulePath(1),"\","\\")
Set OBJWMI = GetObject("winmgmts:\\.\root\CIMV2")
Set colManufacturer = OBJWMI.ExecQuery("SELECT * FROM CIM_DataFile Where Name='" & WMIPathMode & "'")
For Each OBJManufacturer In colManufacturer
FileManufacturer=Trim(OBJManufacturer.Manufacturer)
LCaseModulePath=LCase(Trim(OBJManufacturer.Name))
FileExtension=Right(LCaseModulePath, 3)
MyLCaseModulePath=LCaseModulePath & " "
Set FSO = CreateObject("Scripting.FileSystemObject").GetFile(LCaseModulePath)
If FileExtension="exe" Then
mark="├—"
FinalModulePath=Mid(MyLCaseModulePath,1,118)
WScript.Echo "│"
Else
mark="│├─"
FinalModulePath=Mid(MyLCaseModulePath,1,116)
End If
WScript.Echo mark & FinalModulePath & FSO.DateCreated &vbTab& FileManufacturer
Next
Next
MyVBSPath = "'" & WScript.ScriptFullName & "'"
Myclipboard = "cscript //nologo " & Replace(MyVBSPath,"'","""")
Set objIE = CreateObject("InternetExplorer.Application")
objIE.Navigate("about:blank")
objIE.document.parentwindow.clipboardData.SetData "text", Myclipboard
