Login  | |
|
 |
Improved !!!!!!!!!!!!!!! Keep informed about the start ... - 10/23/2005 4:23:48 AM
|
|
 |
|
| |
didorno
Posts: 361
Score: 0
Joined: 2/12/2005
From:
Status: offline
|
' Keep informed about unknown processes, which are started after booting, for a duration of "conRunTime" s
' Place a short cut in the start up folder,
' target for instance C:\WINDOWS\system32\wscript.exe "X:\your location of\GuardStartUpProcesses.vbs"
' 23 oktober 2005
Option Explicit
Const conTekstFile = "C:\StartUpProcesses.Log", _
conForAppending = 8, _
conForReading = 1, _
conForWriting = 2, _
conCreate = True, _
conNoCreate = False, _
conRunTime = 60
Dim strComputer, objFSO, objWMIService, colProcesses, MyVar, ft, oProcess, Known, KnownProcs, NumNewProc, _
AddProc, Start
strComputer = "."
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colProcesses = objWMIService.ExecQuery ("Select * from Win32_Process")
If colProcesses.Count = 0 Then
MsgBox "No Processes are running !", vbCritical
WScript.Quit
End If
If Not objFSO.FileExists(conTekstFile) Then
MyVar = MsgBox("Make new log file with process names ?", vbYesNo, "Log File " _
& conTekstFile & " missing.")
If MyVar = vbYes Then
Set ft = objFSO.OpenTextFile(conTekstFile, conForWriting, conCreate)
For Each oProcess in colProcesses
ft.Writeline oProcess.Name
Next
ft.Close
WScript.Echo conTekstFile & " with " & colProcesses.Count _
& " startup processes created"
WScript.Quit
Else
WScript.Echo "Nothing done."
WScript.Quit
End If
End If
Set ft = objFSO.OpenTextFile(conTekstFile, conForAppending, conNoCreate)
Known = True
' Read whole conTekstFile with known processes
KnownProcs = ReadFile
NumNewProc = 0
AddProc = 0
Start = Now
Do
Set colProcesses = objWMIService.ExecQuery ("Select * from Win32_Process")
For Each oProcess in colProcesses
If InStr(KnownProcs, oProcess.Name) Then
' Known process
Else
' Unknown process
Known = False
NumNewProc = NumNewProc + 1
MyVar = MsgBox("Add new process to " & conTekstFile & " ?", _
vbCritical + vbYesNo, oProcess.Name & " is new !! Watch It !!")
If MyVar = vbYes Then
ft.Writeline oProcess.Name
AddProc = AddProc + 1
End If
KnownProcs = KnownProcs & vbCrLf & oProcess.Name
End If
Next
WScript.Sleep 200
Loop Until DateDiff("s", Start, Now) > conRunTime
ft.Close
If Known Then
WScript.Echo "All " & colProcesses.Count & " startup processes are known." & vbCrLf & vbCrLf & "Ready."
Else
WScript.Echo "Within the last " & conRunTime & " s " & NumNewProc & " unknown processes detected !" _
& vbCrLf & vbCrLf & "In total " & AddProc & " processes added to " & conTekstFile _
& vbCrLf & vbCrLf & "Ready."
End If
Function ReadFile
' Read whole log file as one string (max. possible length about 2 miljard characters)
Dim objFile, ts
Set objFile = objFSO.GetFile(conTekstFile)
If objFile.Size > 0 Then
Set ts = objFSO.OpenTextFile(conTekstFile, conForReading)
ReadFile = ts.ReadAll
ts.Close
Set ts = Nothing
End If
Set objFile = Nothing
End Function
' End of GuardStartUpProcesses.vbs
Success ! 
< Message edited by didorno -- 11/20/2005 7:13:17 AM >
_____________________________
Regular Expression ? I (L+o{1,}v{1,3}e\s)+[iI]t!$
|
|
| |
|
|
|
|
RE: Improved !!!!!!!!!!!!!!! Keep informed about the st... - 11/20/2005 7:20:59 AM
|
|
|
|
| |
didorno
Posts: 361
Score: 0
Joined: 2/12/2005
From:
Status: offline
|
In case of a new process with a name which is a part of a well-known name,
the above script will treat this as a known process.
Example : if "wscript.exe" is known and a new proces with a name "ipt.exe" starts running,
the decision is : a known process.
The next script is an improved version, mainly by means of the line
" If InStr(KnownProcs, vbCrLf & oProcess.Name & vbCrLf) Then".
The new names are compaired with the whole known names.
' Keep you informed about unknown processes, which are started after booting,
' for a duration of "conRunTime" s
' Install by placing a short cut in the start up folder,
' target for instance C:\WINDOWS\system32\wscript.exe "X:\your location of\GuardStartUpProcesses.vbs"
' 20 november 2005
Option Explicit
Const conTekstFile = "C:\StartUpProcesses.Log", _
conForAppending = 8, _
conForReading = 1, _
conForWriting = 2, _
conCreate = True, _
conNoCreate = False, _
conRunTime = 60
Dim strComputer, objFSO, objWMIService, colProcesses, MyVar, ft, oProcess, Known, KnownProcs, NumNewProc, _
AddProc, Start
strComputer = "."
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colProcesses = objWMIService.ExecQuery ("Select * from Win32_Process")
If colProcesses.Count = 0 Then
MsgBox "No Processes are detected !", vbCritical, "GuardStartUpProcesses.vbs"
CleanQuit
End If
If Not objFSO.FileExists(conTekstFile) Then
MyVar = MsgBox("Make new log file with current running processes ?", vbYesNo, "Log File " _
& conTekstFile & " missing.")
If MyVar = vbYes Then
Set ft = objFSO.OpenTextFile(conTekstFile, conForWriting, conCreate)
For Each oProcess in colProcesses
ft.Writeline oProcess.Name
Next
ft.Close
Set ft = Nothing
WScript.Echo conTekstFile & " with " & colProcesses.Count _
& " startup processes created"
CleanQuit
Else
WScript.Echo "Nothing done."
CleanQuit
End If
End If
Set ft = objFSO.OpenTextFile(conTekstFile, conForAppending, conNoCreate)
Known = True
' Read whole conTekstFile with known processes, each name must be between CRLF's
KnownProcs = vbCrLf & ReadFile
NumNewProc = 0
AddProc = 0
Start = Now
Do
Set colProcesses = objWMIService.ExecQuery ("Select * from Win32_Process")
For Each oProcess in colProcesses
If InStr(KnownProcs, vbCrLf & oProcess.Name & vbCrLf) Then
' Known process. 2 CRLF's prevent matching with a part of a process name only
Else
' Unknown process
Known = False
NumNewProc = NumNewProc + 1
MyVar = MsgBox("Add new process to " & conTekstFile & " ?", _
vbCritical + vbYesNo, oProcess.Name & " is new !! Watch It !!")
If MyVar = vbYes Then
ft.Writeline oProcess.Name
AddProc = AddProc + 1
End If
KnownProcs = KnownProcs & oProcess.Name & vbCrLf
End If
Next
WScript.Sleep 200
Loop Until DateDiff("s", Start, Now) > conRunTime
ft.Close
If Known Then
WScript.Echo "All " & colProcesses.Count & " startup processes are known." & vbCrLf & vbCrLf & "Ready."
Else
WScript.Echo "Within the last " & conRunTime & " s " & NumNewProc & " unknown processes detected !" _
& vbCrLf & vbCrLf & "In total " & AddProc & " processes added to " & conTekstFile _
& vbCrLf & vbCrLf & "Ready."
End If
Set ft = Nothing
CleanQuit
Function ReadFile
' Read whole log file as one string (max. possible length about 2 miljard characters)
Dim objFile, ts
Set objFile = objFSO.GetFile(conTekstFile)
If objFile.Size > 0 Then
Set ts = objFSO.OpenTextFile(conTekstFile, conForReading)
ReadFile = ts.ReadAll
ts.Close
Set ts = Nothing
End If
Set objFile = Nothing
End Function ' ReadFile
Sub CleanQuit
Set colProcesses = Nothing
Set objWMIService = Nothing
Set objFSO = Nothing
WScript.Quit
End Sub ' CleanQuit
' End of GuardStartUpProcesses.vbs
Good luck !
_____________________________
Regular Expression ? I (L+o{1,}v{1,3}e\s)+[iI]t!$
|
|
| |
|
|
|
| |
|
|
 |
|
 |
|
|
Printable Version
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread