获取进程和taskkill的命令行

时间:2016-05-28 00:25:59

标签: cmd wmic

我需要一些帮助。

我目前正在尝试杀死任何不在白名单(命令行)中的进程,但是它无效。:

div

1 个答案:

答案 0 :(得分:1)

wmic path win32_process get CommandLine | findstr /i "%whitelist%"

在上述命令中,findstr会在整个wmic输出中查找匹配项,以便找到匹配始终。例如,至少cmd会匹配,因为wmiccmd窗口中运行。下一步评论代码段应该有效,但如果提升,它会提供不同的结果(以管理员身份运行)。

set "whitelist=DcomLaunch RPCSS LocalServiceNetworkRestricted netsvcs LocalService LocalSystemNetworkRestricted NetworkService LocalServiceAndNoImpersonation taskhostex cmd dwm conhost services smss SearchIndexer Isass Explorer csrss conhost cftmon"

rem add windows VITAL processes !!! incomplete !!!
set "whitelist=svchost ctfmon lsass winlogon %whitelist%"

for /f "tokens=2,3 delims=," %%I in (
    'wmic process get executablepath^,ProcessID^,status^,WindowsVersion /format:csv ^| find "\"'
) do ( 
    set "proc=%%~I"
    set "procID=%%~J"
    setlocal enabledelayedexpansion 

    rem debugging:  set /p "=%%~I: "<NUL

    rem debug try: wmic path win32_process where "ProcessID=%%J" get Name 2>NUL | findstr /i "%whitelist%">NUL 2>&1  && (
    rem debug try: wmic path win32_process get executablepath 2>NUL | findstr /i "!proc:/=//!">NUL 2>&1  && (

    wmic path win32_process where "ProcessID=%%J" get CommandLine 2>NUL | findstr /i "%whitelist%">NUL 2>&1  && (
    rem suppress "No Instance(s) Available" report in above line: 2>NUL
        echo OK %%J "%%~I"
    ) || (
        rem UNWANTED: here come inactive processes "cmd", "wmic", "find"
        rem           and maybe more ones that were active in FOR %%I execution time 
        rem           (but loop continues); let's filter them here:
        tasklist /FI "PID eq %%J" /NH | find "%%J" >NUL 2>&1 && (
            echo NO %%J "%%~I"
            rem taskkill /PID "%%~J" /f
        ) || (
            echo XX %%J "%%~I"
            rem inactive at the moment
        )
    )
    endlocal
)

Essential Processes needed to run Windows(下一个列表可能有点过时):

  

...这是Windows需要运行的基本流程列表   正确。

     
      
  • 系统空闲过程
  •   
  • 的explorer.exe
  •   
  • 的TaskMgr.exe
  •   
  • SPOOLSV.EXE
  •   
  • LSASS.EXE
  •   
  • CSRSS.EXE
  •   
  • SMSS.EXE
  •   
  • WINLOGON.EXE
  •   
  • svchost.exe - (会有其中一些)
  •   
  • Services.exe的
  •   
     

通过关闭除这些过程之外的任何其他内容,独立   Windows应该运行正常,但是如果有这些过程的话   关闭,Windows将开始变得不稳定或无法使用。