我需要一些帮助。
我目前正在尝试杀死任何不在白名单(命令行)中的进程,但是它无效。:
div
答案 0 :(得分:1)
wmic path win32_process get CommandLine | findstr /i "%whitelist%"
在上述命令中,findstr
会在整个wmic
输出中查找匹配项,以便找到匹配始终。例如,至少cmd
会匹配,因为wmic
在cmd
窗口中运行。下一步评论代码段应该有效,但如果提升,它会提供不同的结果(以管理员身份运行)。
set "whitelist=DcomLaunch RPCSS LocalServiceNetworkRestricted netsvcs LocalService LocalSystemNetworkRestricted NetworkService LocalServiceAndNoImpersonation taskhostex cmd dwm conhost services smss SearchIndexer Isass Explorer csrss conhost cftmon"
rem add windows VITAL processes !!! incomplete !!!
set "whitelist=svchost ctfmon lsass winlogon %whitelist%"
for /f "tokens=2,3 delims=," %%I in (
'wmic process get executablepath^,ProcessID^,status^,WindowsVersion /format:csv ^| find "\"'
) do (
set "proc=%%~I"
set "procID=%%~J"
setlocal enabledelayedexpansion
rem debugging: set /p "=%%~I: "<NUL
rem debug try: wmic path win32_process where "ProcessID=%%J" get Name 2>NUL | findstr /i "%whitelist%">NUL 2>&1 && (
rem debug try: wmic path win32_process get executablepath 2>NUL | findstr /i "!proc:/=//!">NUL 2>&1 && (
wmic path win32_process where "ProcessID=%%J" get CommandLine 2>NUL | findstr /i "%whitelist%">NUL 2>&1 && (
rem suppress "No Instance(s) Available" report in above line: 2>NUL
echo OK %%J "%%~I"
) || (
rem UNWANTED: here come inactive processes "cmd", "wmic", "find"
rem and maybe more ones that were active in FOR %%I execution time
rem (but loop continues); let's filter them here:
tasklist /FI "PID eq %%J" /NH | find "%%J" >NUL 2>&1 && (
echo NO %%J "%%~I"
rem taskkill /PID "%%~J" /f
) || (
echo XX %%J "%%~I"
rem inactive at the moment
)
)
endlocal
)
Essential Processes needed to run Windows(下一个列表可能有点过时):
...这是Windows需要运行的基本流程列表 正确。
- 系统空闲过程
- 的explorer.exe
- 的TaskMgr.exe
- SPOOLSV.EXE
- LSASS.EXE
- CSRSS.EXE
- SMSS.EXE
- WINLOGON.EXE
- svchost.exe - (会有其中一些)
- Services.exe的
通过关闭除这些过程之外的任何其他内容,独立 Windows应该运行正常,但是如果有这些过程的话 关闭,Windows将开始变得不稳定或无法使用。