'''''''''''''''''''''''''''''''''''''''''''''''''
'监视并停止指定的进程
'版权所有:哈哈朱
'QQ:383088680
'''''''''''''''''''''''''''''''''''''''''''''''''''
On Error Resume Next
'arrComputers = Array("sea-wks-1", " sea-wks-2", " sea-srv-1") 为下次执行多台计算机查询做准备
strComputer="."
arrTargetProcs=InputBox("请输入你要终止的进程:(如cmd.exe,hh.exe)")
if trim(arrTargetProcs)<>"" then
g_arrTargetProcs = split(arrTargetProcs,",")
Set SINK = WScript.CreateObject("WbemScripting.SWbemSink","SINK_")
'For Each strComputer In arrComputers 当有多台计算机需要时才使用
'WScript.Echo vbCrLf & "Host: " & strComputer
intKP = KillProcesses(strComputer)
If intKP = 0 Then
TrapProcesses strComputer
Else
WScript.Echo vbCrLf & " Unable to monitor target processes."
End If
'Next
'Wscript.Echo VbCrLf & _
' " -----------------------------------------------------------------" & _
'VbCrLf & VbCrLf & "In monitoring mode ..."
Do
WScript.Sleep 1000
Loop
'******************************************************************************
Function KillProcesses(strHost)
'Terminate specified processes on specified machine.
On Error Resume Next
strQuery = "SELECT * FROM Win32_Process"
intTPFound = 0
intTPKilled = 0
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strHost & "\root\cimv2")
If Err = 0 Then
'WScript.Echo vbCrLf & " Searching for target processes."
Set colProcesses = objWMIService.ExecQuery(strQuery)
For Each objProcess in colProcesses
For Each strTargetProc In g_arrTargetProcs
If LCase(objProcess.Name) = LCase(strTargetProc) Then
intTPFound = intTPFound + 1
'WScript.Echo " " & objProcess.Name
intReturn = objProcess.Terminate
If intReturn = 0 Then
'WScript.Echo " Terminated"
'intTPKilled = intTPKilled + 1
Else
WScript.Echo objProcess.Name&" Unable to terminate"
End If
End If
Next
Next
'WScript.Echo " Target processes found: " & intTPFound
If intTPFound <> 0 Then
'WScript.Echo " Target processes terminated: " & intTPKilled
End If
intTPUndead = intTPFound - intTPKilled
If intDiff <> 0 Then
'WScript.Echo " ALERT: Target processes not terminated: " & intTPUndead
End If
KillProcesses = 0
Else
HandleError(strHost)
KillProcesses = 1
End If
End Function
'******************************************************************************
Sub TrapProcesses(strHost)
On Error Resume Next
strAsyncQuery = "SELECT * FROM __InstanceCreationEvent WITHIN 1 " & _
"WHERE TargetInstance ISA 'Win32_Process'"
'Connect to WMI.
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strHost & "\root\cimv2")
If Err = 0 Then
'Trap asynchronous events.
objWMIService.ExecNotificationQueryAsync SINK, strAsyncQuery
If Err = 0 Then
'WScript.Echo vbCrLf & " Monitoring target processes."
Else
HandleError(strHost)
WScript.Echo " Unable to monitor target processes."
End If
Else
HandleError(strHost)
WScript.Echo " Unable to monitor target processes."
End If
End Sub
'******************************************************************************
Sub SINK_OnObjectReady(objLatestEvent, objAsyncContext)
'Trap asynchronous events.
For Each strTargetProc In g_arrTargetProcs
If LCase(objLatestEvent.TargetInstance.Name) = LCase(strTargetProc) Then
'Wscript.Echo VbCrLf & "Target process on: " & _
'objLatestEvent.TargetInstance.CSName
'Wscript.Echo " Name: " & objLatestEvent.TargetInstance.Name
'Wscript.Echo " Time: " & Now
'Terminate process.
intReturn = objLatestEvent.TargetInstance.Terminate
If intReturn = 0 Then
'Wscript.Echo " Terminated process."
Else
Wscript.Echo " Unable to terminate process. Return code: " & intReturn
End If
End If
Next
End Sub
'******************************************************************************
Sub HandleError(strHost)
'Handle errors.
strError = VbCrLf & " ERROR on " & strHost & VbCrLf & _
" Number: " & Err.Number & VbCrLf & _
" Description: " & Err.Description & VbCrLf & _
" Source: " & Err.Source
WScript.Echo strError
Err.Clear
End Sub
Else
Wscript.Echo "警告,你没有输入任何您要处理的进程!"
End If
