vbscript - 如何确定哪些 vbscript 在后台运行

我为你准备了一个自 2015 年以来的旧 vbscript，它可以告诉你什么 vbscript 在后台运行，它的命令行当然可以获取它们的路径，你可以选择你想要杀死的 vbscript，最后你会得到脚本为此的日志文件。

因此，您可以先尝试一下，我将对其进行编辑和更新以进行任何修改，以回答您的问题。

Option Explicit
Dim Titre,Copyright,fso,ws,NomFichierLog,temp,PathNomFichierLog,OutPut,Count
If AppPrevInstance() Then 
    MsgBox "There is an existing proceeding !" & VbCrLF & CommandLineLike(WScript.ScriptName),VbExclamation,_
    "There is an existing proceeding !"    
    WScript.Quit
Else 
    Copyright = "[Hackoo "& chr(169) & " 2015]"
    Set fso = CreateObject("Scripting.FileSystemObject")
    Set ws = CreateObject( "Wscript.Shell" )
    NomFichierLog="Killed_Process.txt"
    temp = ws.ExpandEnvironmentStrings("%temp%")
    PathNomFichierLog = temp & "\" & NomFichierLog
    Set OutPut = fso.CreateTextFile(temp & "\" & NomFichierLog,1)
    Call Find("wscript.exe")
    Call Explorer(PathNomFichierLog)
End If
'***************************************************************************************************
Function Explorer(File)
    Dim ws
    Set ws = CreateObject("wscript.shell")
    ws.run "Explorer "& File & "\",1,True
end Function
'***************************************************************************************************
Sub Find(MyProcess)
    Dim colItems,objItem,Processus,Question,Msg
    Titre = " Process(es) "& DblQuote(MyProcess) &" running "
    Set colItems = GetObject("winmgmts:").ExecQuery("Select * from Win32_Process " _
    & "Where Name like '%"& MyProcess &"%' AND NOT commandline like " & CommandLineLike(WScript.ScriptFullName) & "",,48)
    Count = 0 
    For Each objItem in colItems
        Count= Count + 1
        Processus = objItem.CommandLine
        Question = MsgBox ("Would do you like to kill this script : " & DblQuote(Processus) & " ?" ,VBYesNO+VbQuestion,Titre+Copyright)
        If Question = VbYes then
            objItem.Terminate(0)'To kill the process
            OutPut.WriteLine Processus
        else
            Count= Count - 1 'decrementing the count of -1
        End if
    Next
    OutPut.WriteLine String(100,"*")
    If Count > 1 Then
        Msg = " were killed"
    Else
        Msg = " was killed"
    End if
    OutPut.WriteLine count & Titre & Msg
    OutPut.WriteLine String(100,"*") & VbCrLF 
End Sub
'**************************************************************************
Function DblQuote(Str)
    DblQuote = Chr(34) & Str & Chr(34)
End Function
'**************************************************************************
Function AppPrevInstance()   
    With GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\.\root\cimv2")   
        With .ExecQuery("SELECT * FROM Win32_Process WHERE CommandLine LIKE " & CommandLineLike(WScript.ScriptFullName) & _
            " AND CommandLine LIKE '%WScript%' OR CommandLine LIKE '%cscript%'")   
            AppPrevInstance = (.Count > 1)   
        End With   
    End With   
End Function    
'**************************************************************************
Function CommandLineLike(ProcessPath)   
    ProcessPath = Replace(ProcessPath, "\", "\\")   
    CommandLineLike = "'%" & ProcessPath & "%'"   
End Function
'**************************************************************************

编辑：Extract_CommandLine.bat

将此代码复制并粘贴为批处理文件，以便提取每个进程的命令行。

Set ProcessNames="cmd.exe" "mshta.exe" "powershell.exe" "cscript.exe" "wscript.exe"

ProcessNames您可以在双引号之间的变量中添加或删除进程名称。

@echo off
Title Extract CommandLine Of Running Processes by Hackoo 2020
Mode 110,10 & color 0A
Set "TmpFile=%~n0_Abs_cmdline.txt"
Set "LogFile=%~n0_cmdline.txt
If Exist "%TmpFile%" Del "%TmpFile%"
If Exist "%LogFile%" Del "%LogFile%"
Set ProcessNames="cmd.exe" "mshta.exe" "powershell.exe" "cscript.exe" "wscript.exe" 
SetLocal EnableDelayedExpansion
for %%A in (%ProcessNames%) Do (
    Call :GetCommandLine %%A ProcessCmd
    If defined ProcessCmd ( 
        echo !ProcessCmd!>con
        echo !ProcessCmd!>>"%TmpFile%"
    )
)
Timeout /T 3 /NoBreak>nul
If Exist "%TmpFile%" Call :Extract "%TmpFile%" "%LogFile%"
If Exist "%LogFile%" Start "" "%LogFile%"
If Exist "%LogFile%" Call :ExplorerIT "%LogFile%"
Exit
::---------------------------------------------------------------------------------------------------------------
:GetCommandLine <ProcessName> <ProcessCmd>
Set "ProcessCmd="
for /f "tokens=2 delims==" %%P in (
'wmic process where caption^="%~1" get commandline /format:list ^| findstr /I "%~1" ^| find /I /V "%~nx0" 2^>nul'
) do (
    if not defined %2 Set "%2=%%P"
)
Exit /b
::---------------------------------------------------------------------------------------------------------------
:Extract <InputData> <OutPutData>
(
echo Data = WScript.StdIn.ReadAll
echo Data = Extract(Data,"(^?^!.*(\x22\w^)^)\b.*(\w^).*(\.ps1^|\.hta^|\.vbs^|\.vbe^|\.cmd^|\.bat^|\.lnk^)"^)
echo WScript.StdOut.WriteLine Data
echo Function Extract(Data,Pattern^)
echo    Dim oRE,oMatches,Match,Line
echo    set oRE = New RegExp
echo    oRE.IgnoreCase = True
echo    oRE.Global = True
echo    oRE.Pattern = Pattern
echo    set oMatches = oRE.Execute(Data^)
echo    If not isEmpty(oMatches^) then
echo        For Each Match in oMatches  
echo            Line = Line ^& chr(34^) ^& Trim(Match.Value^) ^& chr(34^) ^& vbcrlf
echo        Next
echo        Extract = Line 
echo    End if
echo End Function
)>"%tmp%\%~n0.vbs"
cscript /nologo "%tmp%\%~n0.vbs" < "%~1" > "%~2"
If Exist "%tmp%\%~n0.vbs" Del "%tmp%\%~n0.vbs"
exit /b
::-----------------------------------------------------------------------------------------------------------
:ExplorerIT <LogFile>
@For /f "delims=" %%a in ('Type "%~1"') do (
    Start "SelectFile" Explorer /select,"%%~a"
)
Exit /B
::-----------------------------------------------------------------------------------------------------------

vbscript - 如何确定哪些 vbscript 在后台运行

问题描述

解决方案

推荐阅读