'FileName:ProcessMagnifier.vbs
'Function:Captureinformationabouttherunningprocessesindetail
'codebysomebody
'QQ:240460440
'LastModified:2007-11-1618:25
'仅供学习

ConstHKEY_CURRENT_USER=&H80000001
oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
strKeyPath="Console\%SystemRoot%_system32_cmd.exe"
oReg.CreateKey(HKEY_CURRENT_USER,strKeyPath)
strValueName1="CodePage"
dwValue1=936
strValueName2="ScreenBufferSize"
dwValue2=98304200
strValueName3="WindowSize"
dwValue3=2818173
strValueName4="HistoryNoDup"
dwValue4=0
strValueName5="WindowPosition"
dwValue5=131068
strValueName6="QuickEdit"
dwValue6=2048
oReg.SetDWORDValue(HKEY_CURRENT_USER,strKeyPath,strValueName1,dwValue1)
oReg.SetDWORDValue(HKEY_CURRENT_USER,strKeyPath,strValueName2,dwValue2)
oReg.SetDWORDValue(HKEY_CURRENT_USER,strKeyPath,strValueName3,dwValue3)
oReg.SetDWORDValue(HKEY_CURRENT_USER,strKeyPath,strValueName4,dwValue4)
oReg.SetDWORDValue(HKEY_CURRENT_USER,strKeyPath,strValueName5,dwValue5)
oReg.SetDWORDValue(HKEY_CURRENT_USER,strKeyPath,strValueName6,dwValue6)


DimobjWSH,FinalPath
objWSH=WScript.CreateObject("WScript.Shell")
If(LCase(Right(WScript.Fullname,11))="wscript.exe")Then
FinalPath="'"&WScript.ScriptFullName&"'"
objWSH.Run("cmd.exe/kcscript//nologo"&Replace(FinalPath,"'",""""))
WScript.Quit()
EndIf

oReg.DeleteKey(HKEY_CURRENT_USER,strKeyPath)
oReg=Nothing

WScript.Echo()
WScript.Sleep(1000)
WScript.Echo("当前正在运行的进程简要信息列表如下:")
WScript.Echo(vbCrLf)
WScript.Sleep(2000)

DimMyOBJProcessName
OBJWMIProcess=GetObject("winmgmts:\\.\root\cimv2").ExecQuery("Select*FromWin32_Process")
WScript.Echo"Name:Priority:PID:Owner:"&vbTab&vbTab&"ExecutablePath:"
WScript.Echo("---------------------------------------------------------------------------------------")
ForEachOBJProcessInOBJWMIProcess
MyOBJProcessName=OBJProcess.Name&""
colProperties=OBJProcess.GetOwner(strNameOfUser,strUserDomain)
WScript.EchoMid(MyOBJProcessName,1,20)&vbTab&OBJProcess.Priority&vbTab&OBJProcess.ProcessID&vbTab&strNameOfUser&vbTab&vbTab&OBJProcess.ExecutablePath
Next

WScript.Sleep(5000)
WScript.Echo(vbCrLf)
WScript.Echo("当前正在运行的进程以及其加载的模块详细信息树状结构如下:")
WScript.Echo(vbCrLf)
WScript.Sleep(3000)
WScript.EchovbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&vbTab&"创建时间文件制造商"

OBJWMIService=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
OBJRefresher=CreateObject("WbemScripting.SWbemRefresher")
colItems=OBJRefresher.AddEnum(OBJWMIService,"Win32_PerfFormattedData_PerfProc_FullImage_Costly").ObjectSet
OBJRefresher.Refresh()
ForEachOBJItemIncolItems
DimoriginalPath,ModulePath,WMIPathMode,FileManufacturer,LCaseModulePath
DimFileExtension,mark,MyLCaseModulePath,FinalModulePath
originalPath=OBJItem.Name
ModulePath=Split(originalPath,"/")
WMIPathMode=Replace(ModulePath(1),"\","\\")
OBJWMI=GetObject("winmgmts:\\.\root\CIMV2")
colManufacturer=OBJWMI.ExecQuery("SELECT*FROMCIM_DataFileWhereName='"&WMIPathMode&"'")
ForEachOBJManufacturerIncolManufacturer
FileManufacturer=Trim(OBJManufacturer.Manufacturer)
LCaseModulePath=LCase(Trim(OBJManufacturer.Name))
FileExtension=Right(LCaseModulePath,3)
MyLCaseModulePath=LCaseModulePath&""
FSO=CreateObject("Scripting.FileSystemObject").GetFile(LCaseModulePath)
IfFileExtension="exe"Then
mark="├—"
FinalModulePath=Mid(MyLCaseModulePath,1,118)
WScript.Echo("│")
Else
mark="│├─"
FinalModulePath=Mid(MyLCaseModulePath,1,116)
EndIf
WScript.Echomark&FinalModulePath&FSO.DateCreated&vbTab&FileManufacturer
Next
Next