我正在构建一个连接到每台计算机的vb脚本,目标是检测在SVCHOST进程内运行的exe。
如果SVCHOST中存在此exec,我该如何检测到,如果是,则终止此exec中包含的SVCHOST进程?
谢谢
答案 0 :(得分:0)
您可以从以下代码开始:
Option Explicit
If Not WScript.Arguments.Named.Exists("elevate") Then
CreateObject("Shell.Application").ShellExecute WScript.FullName _
, WScript.ScriptFullName & " /elevate", "", "runas", 1
WScript.Quit
End If
Dim objWMI,colObjects,MyProcess,Process,TheProcess,DetectionProgram,MyPID
TheProcess = "svchost.exe"
DetectionProgram = "DcomLaunch"
Set objWMI = GetObject("winmgmts:\\.\root\cimv2")
Set colObjects = objWMI.ExecQuery("Select * From Win32_Process where Caption='"& TheProcess &"'")
For Each Process in colObjects
MyProcess = MyProcess & Process.CommandLine & vbcrlf & "PID = " & Process.ProcessID & vbcrlf
Next
Wscript.Echo MyProcess
For Each Process in colObjects
If InStr(1,Ucase(Process.CommandLine),UCase(DetectionProgram)) >= 1 Then
MyPID = Process.ProcessID
wscript.echo "PID = " & MyPID
Call Kill(MyPID)
End If
Next
'****************************************************
Sub Kill(PID)
Dim Ws,Command,Execution
Set Ws = CreateObject("Wscript.Shell")
Command = "cmd /c Taskkill /F /PID "& PID &""
Execution = Ws.Run(Command,0,True)
Set Ws = Nothing
End Sub
'****************************************************