VBScript之通過(guò)對(duì)比注冊(cè)表查找隱藏的服務(wù)

代碼(checksvr.vbs):
Const HKEY_LOCAL_MACHINE = &H80000002 Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv") strKeyPath = "SYSTEM\CurrentControlSet\Services" Wscript.Echo "Checking, please wait ..." For Each subkey In arrSubKeys End If Function CheckSvr(strName) Function FormatOutTab(strName) Case strLen < 32
'On Error Resume Next
oReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys
Wscript.Echo ""
oReg.GetStringValue HKEY_LOCAL_MACHINE, strKeyPath & "\\" & subkey, "ObjectName", strValue
If Not (strValue = "") Then
'判斷服務(wù), 利用數(shù)組來(lái)比較不知道會(huì)不會(huì)快些?
If Not (CheckSvr(subkey)) Then
Wscript.Echo subkey & FormatOutTab(subkey) & strValue & FormatOutTab(strValue) & "[ Hidden ]"
Else
Wscript.Echo subkey & FormatOutTab(subkey) & strValue & FormatOutTab(strValue) & "[ OK ]"
End If
Next
Wscript.Echo ""
Wscript.Echo "All done."
Wscript.Quit (0)
Set oWMI = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\.\root\cimv2")
Set cService = oWMI.ExecQuery("Select * from Win32_Service WHERE Name='" & strName & "'")
If (cService.count <> 0) Then
CheckSvr = True
Else
CheckSvr = False
End If
End Function
strLen = Len(strName)
Select Case True
Case strLen < 8
FormatOutTab = vbTab & vbTab & vbTab & vbTab & vbTab
Case strLen < 16
FormatOutTab = vbTab & vbTab & vbTab & vbTab
Case strLen < 24
FormatOutTab = vbTab & vbTab & vbTab
FormatOutTab = vbTab & vbTab
Case strLen < 40
FormatOutTab = vbTab
Case Else
FormatOutTab = vbTab
End Select
End Function
利用字典,速度要快很多:
Wscript.Echo "[*] Checking, please wait ..." Set oDic = CreateObject("Scripting.Dictionary") Set oWmi = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\.\root\cimv2") Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv") For Each subkey In arrSubKeys oDic.RemoveAll Wscript.Echo "" Case strLen < 32 Case Else
Dim oDic, oReg, oWmi, arrServices
Const HKEY_LOCAL_MACHINE = &H80000002
Wscript.Echo ""
Set arrServices = oWmi.ExecQuery("Select * from Win32_Service")
For Each strService In arrServices
oDic.Add strService.Name, strService.Name
Next
strKeyPath = "SYSTEM\CurrentControlSet\Services"
oReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys
oReg.GetStringValue HKEY_LOCAL_MACHINE, strKeyPath & "\\" & subkey, "ObjectName", strValue
If Not (strValue = "") Then
If oDic.Exists(subkey) Then
Wscript.Echo subkey & FormatOutTab(subkey) & strValue & FormatOutTab(strValue) & "[ OK ]"
Else
Wscript.Echo subkey & FormatOutTab(subkey) & strValue & FormatOutTab(strValue) & "[ Hidden ]"
End If
End If
Next
Wscript.Echo "[*] All done."
Wscript.Quit (0)
Function FormatOutTab(strName)
strLen = Len(strName)
Select Case True
Case strLen < 8
FormatOutTab = vbTab & vbTab & vbTab & vbTab
Case strLen < 16
FormatOutTab = vbTab & vbTab & vbTab
Case strLen < 24
FormatOutTab = vbTab & vbTab
FormatOutTab = vbTab
FormatOutTab = vbTab
End Select
End Function
來(lái)自: enun.net
相關(guān)文章
vbs 注冊(cè)表實(shí)現(xiàn)木馬自啟動(dòng)
自己搗鼓了半天,終于寫(xiě)出了個(gè)腳本,實(shí)現(xiàn)flux在注冊(cè)表中的啟動(dòng),當(dāng)然是更隱蔽的方法,別人知道了這個(gè)地方也就沒(méi)戲了。2009-05-05用vbs檢查注冊(cè)表項(xiàng)的訪問(wèn)權(quán)限的代碼
有時(shí)候我們需要知道我們是否對(duì)注冊(cè)表有訪問(wèn)權(quán)限,下面的代碼就是解決了這個(gè)問(wèn)題,檢查下是否能用vbs修改注冊(cè)表項(xiàng)2008-06-06NYboy.vbs病毒源代碼公布,我來(lái)模擬熊貓燒香
NYboy.vbs病毒源代碼公布,我來(lái)模擬熊貓燒香...2007-03-03VBScript 剪貼板抓取URL并在瀏覽器中打開(kāi)
VBScript如何從剪貼板中抓取一個(gè)URL然后在瀏覽器中打開(kāi)該 Web 站點(diǎn)2008-11-11