减小字体
增大字体- ·上一篇文章:取得注册表时间后求取间隔时间
- ·下一篇文章:BAT/REG 编辑程序
- ·百度中搜索更多的关于“VBS获取系统驱动信息”相关内容
- ·谷歌中搜索更多的关于“VBS获取系统驱动信息”相关内容
- ******申明******
- 本站文章内容有部分为收录网络中其他网友内容,DOS资源站不保证所有的代码都适合你使用。
- 由于编辑匆忙,有可能造成某些脚本文件出现丢失代码或代码无法运行的情况,请网友根据情况自行修改。
- 如果能将出错部分反馈给我,那就更好了。
VBS获取系统驱动信息
前言:
中过毒的朋友应该中过驱动级别的病毒。
病毒作者往往会向 %systemroot%\system32\drivers 目录里添加驱动以达到免杀目的。
----------------------------------------------------------------------------
脚本主功能:
获取系统驱动部分信息以判断其安全性:
1. 通过判断驱动文件制造商
2. 通过判断驱动文件创建时间
两者结合效果最佳.
Tips:
1. 保存代码为VBS文件,双击即可使用
2. 建议执行脚本前关闭所有IE浏览器,因为执行脚本过程若你的IE浏览器是打开的,这时会弹一个空白页 about:blank
3. 执行完后,鼠标右键单击CMD窗口并且按回车键即可重复执行脚本
4. 脚本会还原对系统的任何改动,可以放心使用
' code by somebody
' LastModified: 2008-4-22 16:20
' 测试环境: Windows Script Host Version 5.6 & CMD@XP(sp2)
const HKEY_CURRENT_USER = &H80000001
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
strKeyPath = "Console\%SystemRoot%_system32_cmd.exe"
oReg.CreateKey HKEY_CURRENT_USER,strKeyPath
strValueName1 = "CodePage"
dwValue1 = 936
strValueName2 = "ScreenBufferSize"
dwValue2 = 98304200
strValueName3 = "WindowSize"
dwValue3 = 2818173
strValueName4 = "HistoryNoDup"
dwValue4 = 0
strValueName5 = "FontFamily"
dwValue5 = 48
strValueName6 = "QuickEdit"
dwValue6 = 2048
strValueName7 = "FontSize"
dwValue7 = 1048584
strValueName8 = "FontWeight"
dwValue8 = 400
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName1,dwValue1
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName2,dwValue2
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName3,dwValue3
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName4,dwValue4
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName5,dwValue5
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName6,dwValue6
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName7,dwValue7
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName8,dwValue8
Dim objWSH, FinalVBSPath
Set objWSH = WScript.CreateObject("WScript.Shell")
If (LCase(Right(WScript.Fullname,11))="wscript.exe") Then
FinalVBSPath = "'" & WScript.ScriptFullName & "'"
objWSH.Run("cmd.exe /k cscript //nologo " &Replace(FinalVBSPath,"'",""""))
Wscript.Quit
End If
oReg.DeleteKey HKEY_CURRENT_USER, strKeyPath
Set oReg = nothing
Wscript.Sleep 1000
Mystr = Array(115,111,109,101,98,111,100,121)
for i=0 to Ubound(Mystr)
author=author&chr(Mystr(i))
next
Wscript.Echo vbCr
Wscript.echo " code by " & author
Wscript.echo " LastModified: 2008-4-22 16:20"
Wscript.Sleep 2000
Wscript.Echo vbCr
str1 = " ╭━━╮╭━━╮╭╭━╮╭━━╮╭━━╮╭━━╮┏━━╮╭╮╭╮"
str4 = " ╰━╮┃┃┃┃┃┃╭╮┃┃╭━╯┃╭╮╮┃┃┃┃┃┃┃┃┃┃"
str6 = " ╰━━╯╰━━╯╰╯╰╯╰━━╯╰━━╯╰━━╯┗━━╯╰╯"
str3 = " ┃╰━╮┃┃┃┃┃┃┃┃┃╰━╮┃╰╯╯┃┃┃┃┃┃┃┃╰╮╭╯"
str5 = " ╭━╯┃┃╰╯┃┃┃┃┃┃╰━╮┃╰╯┃┃╰╯┃┃╰╯┃┃┃"
str2 = " ┃╭━╯┃╭╮┃┃┃┃╭━╯┃╭╮┃┃╭╮┃┃╭╮┃┃╰╯┃"
myArray = Array(str1,str2,str3,str4,str5,str6)
For each str in myArray
Wscript.Echo str
Next
Wscript.Sleep 2000
Wscript.Echo
Dim DriverState, DriverStartMode
DriverState = InPutBox("根据系统驱动状态进行筛选:"&chr(13)&chr(10)&chr(10)&"1. Running"&chr(13)&chr(10)&chr(10)&"2. Stopped","请输入筛选条件序号","请输入数字1或2")
If DriverState = "1" Then
DriverState = "Running"
ElseIf DriverState = "2" Then
DriverState = "Stopped"
Else
Msgbox " 输入超出范围!"&chr(13)&chr(10)&chr(10)& "将以默认值:Running 传递参数!"
DriverState = "Running"
End If
DriverStartMode = InPutBox("根据系统驱动启动模式进行筛选:"&chr(13)&chr(10)&chr(10)&"1. Auto"&chr(13)&chr(10)&chr(10)&"2. System"&chr(13)&chr(10)&chr(10)&"3. Boot"&chr(13)&chr(10)&chr(10)&"4. Manual"&chr(13)&chr(10)&chr(10)&"5. Disabled","请输入筛选条件序号","请输入数字1-5其中一个")
If DriverStartMode = "1" Then
DriverStartMode = "Auto"
ElseIf DriverStartMode = "2" Then
DriverStartMode = "System"
ElseIf DriverStartMode = "3" Then
DriverStartMode = "Boot"
ElseIf DriverStartMode = "4" Then
DriverStartMode = "Manual"
ElseIf DriverStartMode = "5" Then
DriverStartMode = "Disabled"
Else
Msgbox " 输入超出范围!"&chr(13)&chr(10)&chr(10)& "将以默认值:Auto 传递参数!"
DriverStartMode = "Auto"
End If
colName_1 = "驱动文件名称 "
colName_2 = "启动模式 "
colName_3 = "驱动状态 "
colName_4 = "驱动创建时间 "
colName_5 = "驱动文件制造商 "
colName_6 = "驱动文件路径"
Wscript.Echo vbCrLf & colName_1 & colName_2 & colName_3 & colName_4 & colName_5 & colName_6
Wscript.Echo "-----------------------------------------------------------------------------------------------------------------------------------------------"
Set OBJWMI = GetObject("winmgmts:\\.\root\CIMV2")
Set colItems = OBJWMI.ExecQuery("Select * From Win32_SystemDriver Where State='" & DriverState & "' and StartMode='" & DriverStartMode & "'")
For Each driver In colItems
If not IsNull(driver.PathName) Then
WMIPathMode = Replace(Replace(driver.PathName,"\??\",""),"\","\\")
End If
Set colManufacturer = OBJWMI.ExecQuery("Select * From CIM_DataFile Where Name='" & WMIPathMode & "'")
For Each OBJManufacturer In colManufacturer
finalName = driver.Name & " "
finalStartMode = driver.StartMode & " "
finalState = driver.State & " "
finalPath = LCase(OBJManufacturer.Name) & " "
finalManufacturer = OBJManufacturer.Manufacturer
Set FSO = CreateObject("Scripting.FileSystemObject").GetFile(OBJManufacturer.Name)
Wscript.Echo Mid(finalName,1,20) & Mid(finalStartMode,1,10) & Mid(finalState,1,10) & Mid(finalPath,1,45) &vbTab& FSO.DateCreated &vbTab& finalManufacturer
Next
Next
MyVBSPath = "'" & WScript.ScriptFullName & "'"
Myclipboard = "cscript //nologo " & Replace(MyVBSPath,"'","""")
Set objIE = CreateObject("InternetExplorer.Application")
objIE.Navigate("about:blank")
objIE.document.parentwindow.clipboardData.SetData "text", Myclipboard
