ProcessMagnifier.vbs进程查看代码

1. ' FileName: ProcessMagnifier.vbs     
2. ' Function: Capture information about the running processes in detail     
3. ' code by somebody     
4. ' QQ: 240460440     
5. ' LastModified:2007-11-16 18:25     
6. ' 仅供学习     
7.  
8. Const HKEY_CURRENT_USER = &H80000001     
9. oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")     
10. strKeyPath = "Console\%SystemRoot%_system32_cmd.exe"    
11. oReg.CreateKey(HKEY_CURRENT_USER, strKeyPath)     
12. strValueName1 = "CodePage"    
13. dwValue1 = 936     
14. strValueName2 = "ScreenBufferSize"    
15. dwValue2 = 98304200     
16. strValueName3 = "WindowSize"    
17. dwValue3 = 2818173     
18. strValueName4 = "HistoryNoDup"    
19. dwValue4 = 0     
20. strValueName5 = "WindowPosition"    
21. dwValue5 = 131068     
22. strValueName6 = "QuickEdit"    
23. dwValue6 = 2048     
24. oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName1, dwValue1)     
25. oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName2, dwValue2)     
26. oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName3, dwValue3)     
27. oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName4, dwValue4)     
28. oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName5, dwValue5)     
29. oReg.SetDWORDValue(HKEY_CURRENT_USER, strKeyPath, strValueName6, dwValue6)     
30.  
31.     
32. Dim objWSH, FinalPath     
33. objWSH = WScript.CreateObject("WScript.Shell")     
34. If (LCase(Right(WScript.Fullname, 11)) = "wscript.exe") Then    
35.     FinalPath = "'" & WScript.ScriptFullName & "'"    
36.     objWSH.Run("cmd.exe /k cscript //nologo " & Replace(FinalPath, "'", """"))     
37.     WScript.Quit()     
38. End If    
39.  
40. oReg.DeleteKey(HKEY_CURRENT_USER, strKeyPath)     
41. oReg = Nothing    
42.  
43. WScript.Echo()     
44. WScript.Sleep(1000)     
45. WScript.Echo("当前正在运行的进程简要信息列表如下:")     
46. WScript.Echo(vbCrLf)     
47. WScript.Sleep(2000)     
48.  
49. Dim MyOBJProcessName     
50. OBJWMIProcess = GetObject("winmgmts:\\.\root\cimv2").ExecQuery("Select * From Win32_Process")     
51.  WScript.Echo "Name:               Priority:   PID:    Owner:" &vbTab&vbTab&"ExecutablePath: "    
52. WScript.Echo("---------------------------------------------------------------------------------------")     
53. For Each OBJProcess In OBJWMIProcess     
54.  MyOBJProcessName=OBJProcess.Name&"                    "    
55.     colProperties = OBJProcess.GetOwner(strNameOfUser, strUserDomain)     
56.  WScript.Echo Mid(MyOBJProcessName,1,20) &vbTab& OBJProcess.Priority &vbTab& OBJProcess.ProcessID &vbTab& strNameOfUser &vbTab&vbTab& OBJProcess.ExecutablePath     
57. Next    
58.  
59. WScript.Sleep(5000)     
60. WScript.Echo(vbCrLf)     
61. WScript.Echo("当前正在运行的进程以及其加载的模块详细信息树状结构如下:")     
62. WScript.Echo(vbCrLf)     
63. WScript.Sleep(3000)     
64. WScript.Echo vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab& vbTab&"创建时间             文件制造商"    
65.  
66. OBJWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")     
67. OBJRefresher = CreateObject("WbemScripting.SWbemRefresher")     
68. colItems = OBJRefresher.AddEnum(OBJWMIService, "Win32_PerfFormattedData_PerfProc_FullImage_Costly").ObjectSet     
69. OBJRefresher.Refresh()     
70. For Each OBJItem In colItems     
71.     Dim originalPath, ModulePath, WMIPathMode, FileManufacturer, LCaseModulePath     
72.     Dim FileExtension, mark, MyLCaseModulePath, FinalModulePath     
73.     originalPath = OBJItem.Name    
74.     ModulePath = Split(originalPath, "/")     
75.     WMIPathMode = Replace(ModulePath(1), "\", "\\")     
76.     OBJWMI = GetObject("winmgmts:\\.\root\CIMV2")     
77.     colManufacturer = OBJWMI.ExecQuery("SELECT * FROM CIM_DataFile Where Name='" & WMIPathMode & "'")     
78.     For Each OBJManufacturer In colManufacturer     
79.         FileManufacturer = Trim(OBJManufacturer.Manufacturer)     
80.         LCaseModulePath = LCase(Trim(OBJManufacturer.Name))     
81.         FileExtension = Right(LCaseModulePath, 3)     
82.         MyLCaseModulePath = LCaseModulePath & "                                                                                                                "    
83.         FSO = CreateObject("Scripting.FileSystemObject").GetFile(LCaseModulePath)     
84.         If FileExtension = "exe" Then    
85.             mark = "├—"    
86.             FinalModulePath = Mid(MyLCaseModulePath, 1, 118)     
87.             WScript.Echo("│")     
88.         Else    
89.             mark = "│├─"    
90.             FinalModulePath = Mid(MyLCaseModulePath, 1, 116)     
91.         End If    
92.     WScript.Echo mark & FinalModulePath & FSO.DateCreated &vbTab& FileManufacturer                              
93.     Next    
94. Next