有没有办法(理想情况下使用像VBScript / JScript这样的脚本语言)获取产生不同程序的进程的详细信息,例如,当Computrace LoJack启动iexplore时,处理与Internet的通信?
答案 0 :(得分:2)
您可以使用WMI检查您感兴趣的进程的ParentProcessId。对于“普通”用户模式应用程序,父进程应该是explorer.exe。
strProcess = "iexplore.exe"
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colProcesses = objWMIService.ExecQuery("Select * from Win32_Process " _
& " Where name = '" & strProcess & "'")
For Each objProcess in colProcesses
WScript.Echo objProcess.ParentProcessId
Next
对于Internet Explorer,请确保检查IE的ID,因为它会生成自己的多个实例。尝试这样的事情:
strProcess = "iexplore.exe"
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colProcesses = objWMIService.ExecQuery("Select * from Win32_Process " _
& " Where name = 'explorer.exe' OR name = 'iexplore.exe'")
i = 0
arrIds = Array()
For Each objProcess in colProcesses
ReDim Preserve arrIds(i)
arrIds(i) = objProcess.ProcessId
i = i + 1
Next
Set colProcesses = objWMIService.ExecQuery("Select * from Win32_Process " _
& " Where name = '" & strProcess & "'")
For Each objProcess in colProcesses
intParentID = objProcess.ParentProcessId
blnIsFound = False
For Each intID in arrIds
If intID = intParentID Then
blnIsFound = True
Exit For
End If
Next
If blnIsFound = False Then
WScript.Echo "Process " & objProcess.ProcessId & " spawned by process " & objProcess.ParentProcessId
End If
Next