系统服务有可能被 rootkit 隐藏,但有些时候我们仍可以从注册表中找到相关的信息。建议以管理员权限运行,否则有些服务列举不出来或出现错误的提示
效果图:
代码(checksvr.vbs):
代码如下:
'on error resume next
const hkey_local_machine = &h80000002
set oreg=getobject(winmgmts:{impersonationlevel=impersonate}!\\.\root\default:stdregprov)
strkeypath = system\currentcontrolset\services
oreg.enumkey hkey_local_machine, strkeypath, arrsubkeys
wscript.echo checking, please wait ...
wscript.echo
for each subkey in arrsubkeys
oreg.getstringvalue hkey_local_machine, strkeypath & \\ & subkey, objectname, strvalue
if not (strvalue = ) then
'判断服务, 利用数组来比较不知道会不会快些?
if not (checksvr(subkey)) then
wscript.echo subkey & formatouttab(subkey) & strvalue & formatouttab(strvalue) & [ hidden ]
else
wscript.echo subkey & formatouttab(subkey) & strvalue & formatouttab(strvalue) & [ ok ]
end if
end if
next
wscript.echo
wscript.echo all done.
wscript.quit (0)
function checksvr(strname)
set owmi = getobject(winmgmts: & {impersonationlevel=impersonate}!\\.\root\cimv2)
set cservice = owmi.execquery(select * from win32_service where name=' & strname & ')
if (cservice.count <> 0) then
checksvr = true
else
checksvr = false
end if
end function
function formatouttab(strname)
strlen = len(strname)
select case true
case strlen < 8
formatouttab = vbtab & vbtab & vbtab & vbtab & vbtab
case strlen < 16
formatouttab = vbtab & vbtab & vbtab & vbtab
case strlen < 24
formatouttab = vbtab & vbtab & vbtab
case strlen < 32
formatouttab = vbtab & vbtab
case strlen < 40
formatouttab = vbtab
case else
formatouttab = vbtab
end select
end function
利用字典,速度要快很多:
复制代码 代码如下:
dim odic, oreg, owmi, arrservices
const hkey_local_machine = &h80000002
wscript.echo [*] checking, please wait ...
wscript.echo
set odic = createobject(scripting.dictionary)
set owmi = getobject(winmgmts: & {impersonationlevel=impersonate}!\\.\root\cimv2)
set arrservices = owmi.execquery(select * from win32_service)
for each strservice in arrservices
odic.add strservice.name, strservice.name
next
set oreg = getobject(winmgmts:{impersonationlevel=impersonate}!\\.\root\default:stdregprov)
strkeypath = system\currentcontrolset\services
oreg.enumkey hkey_local_machine, strkeypath, arrsubkeys
for each subkey in arrsubkeys
oreg.getstringvalue hkey_local_machine, strkeypath & \\ & subkey, objectname, strvalue
if not (strvalue = ) then
if odic.exists(subkey) then
wscript.echo subkey & formatouttab(subkey) & strvalue & formatouttab(strvalue) & [ ok ]
else
wscript.echo subkey & formatouttab(subkey) & strvalue & formatouttab(strvalue) & [ hidden ]
end if
end if
next
odic.removeall
wscript.echo
wscript.echo [*] all done.
wscript.quit (0)
function formatouttab(strname)
strlen = len(strname)
select case true
case strlen < 8
formatouttab = vbtab & vbtab & vbtab & vbtab
case strlen < 16
formatouttab = vbtab & vbtab & vbtab
case strlen < 24
formatouttab = vbtab & vbtab
case strlen < 32
formatouttab = vbtab
case else
formatouttab = vbtab
end select
end function
公众号
事业单位
当前位置:
公考类
招聘类
各类考试
