当前位置 博文首页 > VBScript之通过对比注册表查找隐藏的服务

最大化 缩小

    VBScript之通过对比注册表查找隐藏的服务

    作者:admin 时间:2021-02-05 06:01

    效果图:



    代码(checksvr.vbs):

    复制代码 代码如下:

    'On Error Resume Next

    Const HKEY_LOCAL_MACHINE = &H80000002

    Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")

    strKeyPath = "SYSTEM\CurrentControlSet\Services"
    oReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys

    Wscript.Echo "Checking, please wait ..."
    Wscript.Echo ""

    For Each subkey In arrSubKeys
     oReg.GetStringValue HKEY_LOCAL_MACHINE, strKeyPath & "\\" & subkey, "ObjectName", strValue

     If Not (strValue = "") Then
      '判断服务, 利用数组来比较不知道会不会快些?
      If Not (CheckSvr(subkey)) Then
       Wscript.Echo subkey & FormatOutTab(subkey) & strValue & FormatOutTab(strValue) & "[ Hidden ]"
      Else 
       Wscript.Echo subkey & FormatOutTab(subkey) & strValue & FormatOutTab(strValue) & "[   OK   ]"
      End If

     End If
    Next
    Wscript.Echo ""
    Wscript.Echo "All done."
    Wscript.Quit (0)

     

    Function CheckSvr(strName)
     Set oWMI = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\.\root\cimv2")
     Set cService = oWMI.ExecQuery("Select * from Win32_Service WHERE Name='" & strName & "'")
     If (cService.count <> 0) Then
      CheckSvr = True
     Else
      CheckSvr = False
     End If
    End Function

    Function FormatOutTab(strName)
     strLen = Len(strName)
     Select Case True
      Case strLen < 8
       FormatOutTab =  vbTab & vbTab & vbTab & vbTab & vbTab

      Case strLen < 16
       FormatOutTab =  vbTab & vbTab & vbTab & vbTab

      Case strLen < 24
       FormatOutTab =  vbTab & vbTab & vbTab

      Case strLen < 32
       FormatOutTab =  vbTab & vbTab

      Case strLen < 40
       FormatOutTab =  vbTab

      Case Else
       FormatOutTab =  vbTab
      End Select
    End Function

    利用字典,速度要快很多:

    复制代码 代码如下:

    Dim oDic, oReg, oWmi, arrServices
    Const HKEY_LOCAL_MACHINE = &H80000002

    Wscript.Echo "[*] Checking, please wait ..."
    Wscript.Echo ""

    Set oDic = CreateObject("Scripting.Dictionary")

    Set oWmi = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\.\root\cimv2")
    Set arrServices = oWmi.ExecQuery("Select * from Win32_Service")
    For Each strService In arrServices
     oDic.Add strService.Name, strService.Name
    Next

    Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
    strKeyPath = "SYSTEM\CurrentControlSet\Services"
    oReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys

    For Each subkey In arrSubKeys
     oReg.GetStringValue HKEY_LOCAL_MACHINE, strKeyPath & "\\" & subkey, "ObjectName", strValue
     If Not (strValue = "") Then
      If oDic.Exists(subkey) Then
       Wscript.Echo subkey & FormatOutTab(subkey) & strValue & FormatOutTab(strValue) & "[   OK   ]"
      Else 
       Wscript.Echo subkey & FormatOutTab(subkey) & strValue & FormatOutTab(strValue) & "[ Hidden ]"
      End If
     End If
    Next

    oDic.RemoveAll

    Wscript.Echo ""
    Wscript.Echo "[*] All done."
    Wscript.Quit (0)


    Function FormatOutTab(strName)
     strLen = Len(strName)
     Select Case True
      Case strLen < 8
       FormatOutTab =  vbTab & vbTab & vbTab & vbTab

      Case strLen < 16
       FormatOutTab =  vbTab & vbTab & vbTab

      Case strLen < 24
       FormatOutTab =  vbTab & vbTab

      Case strLen < 32
       FormatOutTab =  vbTab

      Case Else
       FormatOutTab =  vbTab
      End Select
    End Function



    来自: enun.net

    js
上一篇:VBScript 监控并结束指定进程的代码
下一篇:没有了