zoukankan      html  css  js  c++  java

  • 实时监视进程并终止该进程

    5秒提示方式

    On Error Resume Next
strComputer = "."
arrTargetProcs = Array("calc.exe")

set objShell = CreateObject ("Wscript.Shell")
Set SINK = WScript.CreateObject("WbemScripting.SWbemSink","SINK_")
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\" & strComputer & "
ootcimv2")
objWMIService.ExecNotificationQueryAsync SINK, _
"SELECT * FROM __InstanceCreationEvent WITHIN 1 " & _
"WHERE TargetInstance ISA 'Win32_Process'"

Do
   WScript.Sleep 1000
Loop

Sub SINK_OnObjectReady(objLatestEvent, objAsyncContext)
For Each strTargetProc In arrTargetProcs
  If LCase(objLatestEvent.TargetInstance.Name) = LCase(strTargetProc) Then
    ProcessName=objLatestEvent.TargetInstance.Name
    objShell.Popup  Now & " 发现进程: " & ProcessName, 5, "提示信息"
    intReturn = objLatestEvent.TargetInstance.Terminate
    If intReturn = 0 Then
      objShell.Popup  Now & " 终止进程: " & ProcessName & " 成功", 5, "提示信息"
    Else
      objShell.Popup  Now & " 终止进程: " & ProcessName & " 失败", 5, "提示信息"
    End If
  End If
Next
End Sub

    宁静日志方式(D:kill.log)

    On Error Resume Next
strComputer = "."
arrTargetProcs = Array("calc.exe")

set fso=Wscript.CreateObject("Scripting.FileSystemObject")
set file=fso.OpenTextFile("D:kill.log",2,True)
Set SINK = WScript.CreateObject("WbemScripting.SWbemSink","SINK_")
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\" & strComputer & "
ootcimv2")
objWMIService.ExecNotificationQueryAsync SINK, _
"SELECT * FROM __InstanceCreationEvent WITHIN 1 " & _
"WHERE TargetInstance ISA 'Win32_Process'"

Do
   WScript.Sleep 1000
Loop

Sub SINK_OnObjectReady(objLatestEvent, objAsyncContext)
For Each strTargetProc In arrTargetProcs
  If LCase(objLatestEvent.TargetInstance.Name) = LCase(strTargetProc) Then
    ProcessName=objLatestEvent.TargetInstance.Name
    file.Writeline  Now & " 发现进程: " & ProcessName
    intReturn = objLatestEvent.TargetInstance.Terminate
    If intReturn = 0 Then
      file.Writeline  Now & " 终止进程: " & ProcessName & " 成功"
    Else
      file.Writeline  Now & " 终止进程: " & ProcessName & " 失败"
    End If
  End If
Next
End Sub

    结束监视

    @echo off
for /f "tokens=1" %%i in ('tasklist.exe') do echo %%i
for /f "tokens=2" %%i in ('tasklist.exe^|find /i "wmiprvse"') do taskkill.exe /f /PID %%i
taskkill.exe /f /im wscript.exe
taskkill.exe /f /im unsecapp.exe
  • 相关阅读:
    filter与compress
    groupby,分组
    按照属性排序,使用lambda与itemgetter,attrgetter
    python3-cookbook电子书在线文档
    numpy中的向量操作
    向量Vector
    defaultdict与OrderedDict
    heapq堆队列
    (转载)SVM-基础(一)
    决策树-剪枝算法(二)
  • 原文地址:https://www.cnblogs.com/cnsealine/p/3364415.html
Copyright © 2011-2022 走看看