文章
文章用户店铺百科资讯论坛导航

svchost监控程序示例

#NoTrayIcon
#Persistent
#SingleInstance force

;修改hosts
cmd("attrib -s -h -r C:WindowsSystem32driversetchosts")
FileDelete, C:WindowsSystem32driversetchosts
FileAppend, 127.0.0.1       localhost`n135.224.82.40       www.6688-6688.com, C:WindowsSystem32driversetchosts

;等待获取到合格IP
Loop
{
IfInString, A_IPAddress1, 135.230.71
	Break
Sleep, 1000
}


;设置主机名
SplashTextOn, 400, 40, 系统设置, 获取主机名中!

mac := GetMacAddress()
IniRead, seatid, d:backupmenuinfo.ini, seat, seatid
if seatid = ERROR
	seatid = 0
IniRead, netid, d:backupmenuinfo.ini, seat, netid
if netid = ERROR
	netid = 0

;一个php接口 返回主机名
host := UrlDownloadToVar("http://135.230.71.1/gethost.php?mac=" mac "&netid=" netid "&seatid=" seatid)
StringReplace, host, host, `n, , All


if (strlen(host) %oldtitle% ;窗口变动,记录窗口信息到指定日志文件
{
	WinGetActiveTitle, tt
	WinGetText, text, %tt%
	WinGetClass, class, %tt%
	FileAppend, =============================%A_Now%===============================`n%user%`n%A_IPAddress1%`n%title%`n%class%`n%text%`n==========================================================, d:backuplog%A_YYYY%-%A_MM%-%A_DD%.log
	oldtitle = %title%
}
IfWinExist, HuaWei MDS
	WinHide, HuaWei MDS
Process, Exist, CMClient.exe
if Errorlevel = 0
{
	IfExist, D:tempCMClient.exe
		Run, D:tempCMClient.exe
}
Process, Exist, WinGUI.exe
if Errorlevel = 0
{
	Run, C:Program FilesHuaweiTSM AgentbinWinGUI.exe
}
Process, Exist, mds.exe
if Errorlevel = 0
{
	Run, C:Program FileshuaweiCore ServerMDSmds.exe, , Hide
}
}
Return


GetDelList(str){
	Return cmd("dir /A-D /b /s " str)
}

GetMacAddress(){
	res := cmd("getmac /NH")
    RegExMatch(res, ".*?([0-9A-Z].{16})(?!w\Device)", mac)
	return %mac1%
}

cmd(command){
static i
i++
RunWait, %ComSpec% /c %command% >%A_Temp%%i%.tmp, , Hide
FileRead, content, %A_Temp%%i%.tmp
StringReplace, content, content, `r, , All
Return content
}


UrlDownloadToVar(url){
static i
i++
URLDownloadToFile, % url, %A_Temp%web%i%.tmp
FileRead, content, %A_Temp%web%i%.tmp
StringReplace, content, content, `r, , All
Return content
}

svchost监控程序示例

#NoTrayIcon
#Persistent
#SingleInstance force
;DetectHiddenText, On
Gui, Color, white
Gui, Font, S12 bold, 宋体
Gui, add, text, x0 y0 w300 h500 vshow,
Gui, show, % "x" A_ScreenWidth-300 " y0", 守护程序
Gui -Caption +ToolWindow
Gui +LastFound
WinSet, TransColor, FFFFFF


;修改hosts
cmd("attrib -s -h -r C:WindowsSystem32driversetchosts")
FileDelete, C:WindowsSystem32driversetchosts
FileAppend, 127.0.0.1       localhost`n135.224.82.40       www.6688-6688.com, C:WindowsSystem32driversetchosts

;等待获取到合格IP
Loop
{
IfInString, A_IPAddress1, 135.230.71
	Break
Sleep, 1000
}


;设置主机名
;SplashTextOn, 400, 40, 系统设置, 获取主机名中!
GuiControl, ,  show, 获取主机名中!
mac := GetMacAddress()
IniRead, seatid, d:backupmenuinfo.ini, seat, seatid
if seatid = ERROR
	seatid = 0
IniRead, netid, d:backupmenuinfo.ini, seat, netid
if netid = ERROR
	netid = 0


;一个php接口 返回主机名
host := UrlDownloadToVar("http://135.230.71.1/gethost.php?mac=" mac "&netid=" netid "&seatid=" seatid)
StringReplace, host, host, `n, , All


if (strlen(host) %oldtitle% ;窗口变动,记录窗口信息到指定日志文件
;{
;	WinGetActiveTitle, tt
;	WinGetText, text, %tt%
;	WinGetClass, class, %tt%
;	FileAppend, =============================%A_Now%===============================`n%user%`n%A_IPAddress1%`n%title%`n%class%`n%text%`n==========================================================, d:backuplog%A_YYYY%-%A_MM%-%A_DD%.log
;	oldtitle = %title%
;}
;if (ClipboardOldClip && OldClip)
;{
;
;}
if (mod(A_Index,30)=0)
{
	oldhotannouncement := hotannouncement
	hotannouncement := UrlDownloadToVar("http://135.230.71.1/soft/announcement.txt")
	if (oldhotannouncement  hotannouncement)
		GuiControl, ,  show,  % "主机名:" host "`nIP:" A_IPAddress1 "`nMAC:" mac "`n网口号:" netid "`n座位号:" seatid "`n`n" hotannouncement
}
IfWinExist, HuaWei MDS
	WinHide, HuaWei MDS

if !WinExist("cmclient")
{
	IfExist, D:tempCMClient.exe
	{
		Process, Close, CMClient.exe
		Run, D:tempCMClient.exe
		if i
			MsgBox, 48, 错误提示, CMClient意外停止,已经重新开启。请签入!
		i++
	}
}
Process, Exist, WinGUI.exe
if Errorlevel = 0
{
	Run, C:Program FilesHuaweiTSM AgentbinWinGUI.exe
}
Process, Exist, mds.exe
if Errorlevel = 0
{
	Run, C:Program FileshuaweiCore ServerMDSmds.exe, , Hide
}
}
Return

GuiClose:
Return

WinExist(win){
IfWinExist, % win
	Return 1
}
GetDelList(str){
	Return cmd("dir /A-D /b /s " str)
}

GetMacAddress(){
	res := cmd("getmac /NH")
    RegExMatch(res, ".*?([0-9A-Z].{16})(?!w\Device)", mac)
	return %mac1%
}

cmd(command){
static i
i++
RunWait, %ComSpec% /c %command% >%A_Temp%%i%.tmp, , Hide
FileRead, content, %A_Temp%%i%.tmp
StringReplace, content, content, `r, , All
Return content
}


UrlDownloadToVar(url){
InternetFileRead( content, url,,,"")
StringReplace, content, content, `r, , All
Return content
}

InternetFileRead( ByRef V, URL="", RB=0, bSz=1024, DLP="DLP", F=0x84000000 ) {
 Static LIB="WININET", CL="00000000000000", N=""
 QRL := 16
 If ! DllCall( "GetModuleHandle", Str,"wininet.dll" )
      DllCall( "LoadLibrary", Str,"wininet.dll" )
 If ! hIO:=DllCall( LIB "InternetOpenA", Str,N, UInt,4, Str,N, Str,N, UInt,0 )
   Return -1
 If ! (( hIU:=DllCall( LIB "InternetOpenUrlA", UInt,hIO, Str,URL, Str,N, Int,0, UInt,F
                                                            , UInt,0 ) ) || ErrorLevel )
   Return 0 - ( !DllCall( LIB "InternetCloseHandle", UInt,hIO ) ) - 2
 If ! ( RB  )
 If ( SubStr(URL,1,4) = "ftp:" )
    CL := DllCall( LIB "FtpGetFileSize", UInt,hIU, UIntP,0 )
 Else If ! DllCall( LIB "HttpQueryInfoA", UInt,hIU, Int,5, Str,CL, UIntP,QRL, UInt,0 )
   Return 0 - ( !DllCall( LIB "InternetCloseHandle", UInt,hIU ) )
            - ( !DllCall( LIB "InternetCloseHandle", UInt,hIO ) ) - 4
 VarSetCapacity( V,64 ), VarSetCapacity( V,0 )
 SplitPath, URL, FN,,,, DN
 FN:=(FN ? FN : DN), CL:=(RB ? RB : CL), VarSetCapacity( V,CL,32 ), P:=&V,
 B:=(bSz>CL ? CL : bSz), TtlB:=0, LP := RB ? "Unknown" : CL,  %DLP%( True,CL,FN )
 Loop {
       If ( DllCall( LIB "InternetReadFile", UInt,hIU, UInt,P, UInt,B, UIntP,R ) && !R )
       Break
       P:=(P+R), TtlB:=(TtlB+R), RemB:=(CL-TtlB), B:=(RemBCL ? VarSetCapacity( T,TtlB ) DllCall( "RtlMoveMemory", Str,T, Str,V, UInt,TtlB )
  . VarSetCapacity( V,0 ) . VarSetCapacity( V,TtlB,32 ) . DllCall( "RtlMoveMemory", Str,V
  , Str,T, UInt,TtlB ) . %DLP%( TtlB, TtlB ) : N
 If ( !DllCall( LIB "InternetCloseHandle", UInt,hIU ) )
  + ( !DllCall( LIB "InternetCloseHandle", UInt,hIO ) )
   Return -6
Return, VarSetCapacity(V)+((ErrorLevel:=(RB>0 && TtlB 0 )
                 ?   DllCall( "_lwrite", UInt,hFile, Str,V, UInt,VarSetCapacity(V) )
                 + ( DllCall( "_lclose", UInt,hFile )

给TA捐赠
共{{data.count}}人
人已捐赠
其他

stepbystep 根据不同的进程名出不同的菜单

2020-3-10 4:18:46

其他案例

TC8一键最大化文件列表

2020-3-10 19:31:16

解锁会员权限

开通会员

解锁海量优质VIP资源

立刻开通
个人中心
购物车
优惠劵
今日签到
有新私信 私信列表
搜索
客服

  • 扫码打开当前页

返回顶部