1

有没有办法(理想情况下使用像 VBScript / JScript 这样的脚本语言)获取生成不同程序的进程的详细信息,即在 Computrace LoJack 启动 iexplore 的情况下,处理与 Internet 的通信?

4

1 回答 1

2

您可以使用 WMI 检查您感兴趣的进程的 ParentProcessId。在“普通”用户模式应用程序的情况下,父进程应该是 explorer.exe。

strProcess = "iexplore.exe"
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colProcesses = objWMIService.ExecQuery("Select * from Win32_Process " _
    & " Where name = '" & strProcess & "'")

For Each objProcess in colProcesses
    WScript.Echo objProcess.ParentProcessId
Next

在 Internet Explorer 的情况下,请务必检查 IE 的 ID,因为它会生成多个自身实例。尝试这样的事情:

strProcess = "iexplore.exe"
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set colProcesses = objWMIService.ExecQuery("Select * from Win32_Process " _
    & " Where name = 'explorer.exe' OR name = 'iexplore.exe'")

i = 0
arrIds = Array()
For Each objProcess in colProcesses
    ReDim Preserve arrIds(i)
    arrIds(i) = objProcess.ProcessId
    i = i + 1
Next

Set colProcesses = objWMIService.ExecQuery("Select * from Win32_Process " _
    & " Where name = '" & strProcess & "'")

For Each objProcess in colProcesses
    intParentID = objProcess.ParentProcessId

    blnIsFound = False
    For Each intID in arrIds
        If intID = intParentID Then
            blnIsFound = True
            Exit For
        End If
    Next

    If blnIsFound = False Then
        WScript.Echo "Process " & objProcess.ProcessId & " spawned by process " & objProcess.ParentProcessId
    End If
Next
于 2012-04-27T18:01:48.170 回答