[新手上路]批处理新手入门导读[视频教程]批处理基础视频教程[视频教程]VBS基础视频教程[批处理精品]批处理版照片整理器
[批处理精品]纯批处理备份&还原驱动[批处理精品]CMD命令50条不能说的秘密[在线下载]第三方命令行工具[在线帮助]VBScript / JScript 在线参考
返回列表 发帖
lxzzr

Rank: 8Rank: 8

帖子
682 
积分
1686 
技术
48  
捐助
0  
注册时间
2008-3-13 
1 跳转到 » 倒序看帖
打印
tT
发表于 2009-7-19 01:11 | 显示全部帖子

转载几个系统监视的VBS脚本

脚本来自微软官方,(其中有几个未做测试,第7个略做修改)
这是个好“地方”:http://www.microsoft.com/china/technet/community/scriptcenter/default.mspx
1.监视进程创建
  1.  

  2. strComputer = "."

  3. Set objWMIService = GetObject("winmgmts:" _

  4.     & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

  5. Set colMonitoredProcesses = objWMIService. _        

  6.     ExecNotificationQuery("select * from __instancecreationevent " _ 

  7.         & " within 1 where TargetInstance isa 'Win32_Process'")

  8. i = 0

  9. Do While i = 0

  10.     Set objLatestProcess = colMonitoredProcesses.NextEvent

  11.     Wscript.Echo objLatestProcess.TargetInstance.Name

  12. Loop
复制代码
2.监视进程退出
  1.  

  2. strComputer = "."

  3. Set objWMIService = GetObject("winmgmts:" _

  4.     & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

  5. Set colMonitoredProcesses = objWMIService. _

  6.     ExecNotificationQuery("select * from __instancedeletionevent " _ 

  7.             & "within 1 where TargetInstance isa 'Win32_Process'")

  8. i = 0

  9. Do While i = 0

  10.     Set objLatestProcess = colMonitoredProcesses.NextEvent

  11.     Wscript.Echo objLatestProcess.TargetInstance.Name

  12. Loop
复制代码
3.监视服务状态的改变
  1. strComputer = "."

  2. Set objWMIService = GetObject("winmgmts:" _

  3. & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

  4. Set colServices = objWMIService. _ 

  5. ExecNotificationQuery("Select * from __instancemodificationevent " _ 

  6. & "within 30 where TargetInstance isa 'Win32_Service'")

  7. i = 0

  8. Do While i = 0

  9. Set objService = colServices.NextEvent

  10. If objService.TargetInstance.State <> _ 

  11. objService.PreviousInstance.State Then

  12. Wscript.Echo objService.TargetInstance.Name _ 

  13. & " is " & objService.TargetInstance.State _

  14. & ". The service previously was " & objService.PreviousInstance.State & "."

  15. End If

  16. Loop
复制代码
4.监视可用磁盘空间
  1.  

  2. Const LOCAL_HARD_DISK = 3

  3. strComputer = "."

  4. Set objWMIService = GetObject("winmgmts:" _

  5.     & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

  6. Set colMonitoredDisks = objWMIService.ExecNotificationQuery _

  7.     ("Select * from __instancemodificationevent within 30 where " _

  8.         & "TargetInstance isa 'Win32_LogicalDisk'")

  9. i = 0

  10. Do While i = 0

  11.     Set objDiskChange = colMonitoredDisks.NextEvent

  12.     If objDiskChange.TargetInstance.DriveType = LOCAL_HARD_DISK Then

  13.         If objDiskChange.TargetInstance.Size < 100000000 Then

  14.             Wscript.Echo "Hard disk space is below 100000000 bytes."

  15.         End If

  16.     End If

  17. Loop
复制代码
5.监视磁盘驱动器的剩余空间
  1.  

  2. strComputer = "."

  3. Set objWMIService = GetObject("winmgmts:" _

  4.     & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

  5. Set colDiskDrives = objWMIService.ExecQuery _

  6.     ("Select * from win32_perfformatteddata_perfdisk_logicaldisk where Name <> '_Total'")

  7. For each objDiskDrive in colDiskDrives

  8.     Wscript.Echo "Drive Name: " & objDiskDrive.Name

  9.     Wscript.Echo "Free Space: " & objDiskDrive.FreeMegabytes

  10. Next
复制代码
6.监视事件日志
  1. strComputer = "."

  2. Set objWMIService = GetObject("winmgmts:" _

  3. & "{impersonationLevel=impersonate, (Security)}!\\" & strComputer & "\root\cimv2")

  4. Set colMonitoredEvents = objWMIService.ExecNotificationQuery _ 

  5. ("Select * from __instancecreationevent where TargetInstance isa 'Win32_NTLogEvent' and TargetInstance.EventCode = '533' ")

  6. Do

  7. Set objLatestEvent = colMonitoredEvents.NextEvent

  8. strAlertToSend = objLatestEvent.TargetInstance.User _ 

  9. & " attempted to access DatabaseServer."

  10. Wscript.Echo strAlertToSend

  11. Loop
复制代码
7.监视用户登陆
  1. StrComputer = "."

  2. Set objWMIService = GetObject("winmgmts:" _

  3. & "{impersonationLevel=impersonate, (Security)}!\\" & strComputer & "\root\cimv2")

  4. Set colMonitoredEvents = objWMIService.ExecNotificationQuery _ 

  5. ("Select * from __instancecreationevent where TargetInstance isa 'Win32_NTLogEvent' and TargetInstance.EventCode = '528' ")

  6. Do

  7. Set objLatestEvent = colMonitoredEvents.NextEvent

  8. strAlertToSend = objLatestEvent.TargetInstance.user _ 

  9. &MSGBOX ("某个用户已经成功登陆此计算机!.",48,"警告!")

  10. Loop
复制代码
8.监视注册表子项事件
  1. Set wmiServices = GetObject("winmgmts:root/default") 

  2. Set wmiSink = WScript.CreateObject("WbemScripting.SWbemSink", "SINK_") 

  3. wmiServices.ExecNotificationQueryAsync wmiSink, _ 

  4. "SELECT * FROM RegistryKeyChangeEvent WHERE Hive='HKEY_LOCAL_MACHINE' AND " & _ 

  5. "KeyPath='SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion'" 

  6. WScript.Echo "Listening for Registry Change Events..." & vbCrLf 

  7. While(1) 

  8. WScript.Sleep 1000 

  9. Wend 

  10. Sub SINK_OnObjectReady(wmiObject, wmiAsyncContext) 

  11. WScript.Echo "Received Registry Change Event" & vbCrLf & _ 

  12. "------------------------------" & vbCrLf & _ 

  13. wmiObject.GetObjectText_() 

  14. End Sub
复制代码

[ 本帖最后由 lxzzr 于 2009-7-19 01:37 编辑 ]
2

评分人数

收藏 分享
公钥

返回列表