1. Task 4: Use scripts to monitor the other party’s processes in real time
In Task 1 and Task 3, we are both checking the other party's process, and the result is not very meaningful to us. In this task, we must start from now on whenever he starts a task and record it. We must start reporting and recording the second he starts the process. We must be clear about where the program he starts, and we must know this information more clearly than he does.
Now we will follow the three steps mentioned above to achieve the task.
First, we connect to the other party's WMI. Here we first call Createobject() in VBScript to get an object, and then use this special object method to connect to a remote computer. This special object is.
set olct=createobject("")
set wbemServices=(strComputer,"root\cimv2",strUser,strPwd)
Note that strComputer is the name or IP address of the computer you want to connect to, strUser and strPwd are of course the user name and password. We have said that this user must have administrator privileges. root\cimv2 is the WMI namespace. For WMI namespace, you can see in "Computer Management\WMI Controls". The knowledge here is great and you have to think about it slowly. In order to quickly implement our tasks, I won't explain much. Connect to WMI in this way, return a reference to the SWbemServices object once there is a reference to the SWbemServices object. We can proceed to the second step.
In the second step, we will get an instance of the WMI managed resource. We can use a method ExecNotificationQuery in WbemServices to query the class we want, and then we can get the instance in the class.
Set colMonitoredProcesses = wbemServices. _
ExecNotificationQuery("select * from __instancecreationevent " _
& " within 1 where TargetInstance isa 'Win32_Process'")
Note that there is a query language similar to SQL language, which is called WQL language. Those who understand SQL will understand it at a glance. Those who don’t understand will look for its information online, and the sky is full of them. The resulting colMonitoredProcesses is a collection of instances of the class being queryed. With these our third step, we can start.
In the third step, we will show the properties in the resulting instance. What we just got was a collection of instances. Here we get each specific instance by obtaining each specific instance. After obtaining each specific instance, we can display their attributes, which is what we want to see. Here we show the attribute value of CommandLine.
Are you a little confused now? Because you don’t know what classes are in WMI and what properties are there in specific classes? Haha, it doesn’t matter. You can easily get this information with some tools. For example, if you type in the program name in the system, you can see these when you run it. It also follows the three steps of connection, query, and enumeration. Play slowly by yourself, and soon you will find that the WMI is too big. There are more than 10 namespaces alone. Then, the space we commonly use alone has nearly 1,000 classes in root\CIMV2. Each class has many attributes, and some classes have many methods. Haha, are you dizzy? It doesn't matter, you actually just need to know some of them.
Seeing these, your head is probably already very big, but congratulations, our task has been completed. Yes, it is that simple. I will devote the complete code below.
Set colArgs =
If < 3 then
"USAGE:" & vbCrLf & " Monitor Computer User Password files"
End If
strComputer = (0)
strUser = (1)
strPwd = (2)
strFile = (3)
set olct=createobject("")
set wbemServices=(strComputer,"root\cimv2",strUser,strPwd)
Set colMonitoredProcesses = wbemServices. _
ExecNotificationQuery("select * from __instancecreationevent " _
& " within 1 where TargetInstance isa 'Win32_Process'")
i = 0
Do While i = 0
Set objLatestProcess =
now & " " &
Set objFS = CreateObject("")
Set objNewFile = (strFile,8,true)
Now() & " " &
Loop
It's the core of this program? I believe you have already understood a lot of them, and I will explain the remaining code later. Let’s get a sense of it first and see how it should be used! Copy the above code to Notepad, save as a file, and enter at the command prompt:
CSCRIPT
Enter and you will see help. Here are examples of the specific usage of this script:
CSCRIPT 192.168.1.2 user password C:\
It will be OK to type the above command at the command prompt. Whenever the other party opens a program, you can see the time, program path and program name. If you don't have time to read this information, you can also wait to see this information when you have time.
Tips:
Every time you use a script, you must type in the suffix name of CSCRIPT and script, which is very troublesome. This is because the system's default execution engine is WSCRIPT, which can be changed to CSCRIPT. Another unpleasant thing is that Microsoft's instructions are always displayed after the script is executed, as if the script is not written by us. However, you can solve this problem by typing the following command at the command prompt:
cscript //nologo //h:cscript //s
In this way, when you run these scripts in the future, you no longer need to type in CSCRIPT, nor write the suffix name of .vbs. As for the example above, you can use it like this:
monitor 192.168.1.2 user password C:\
explain:
1) The first few lines are probably to display help and process the parameters we enter later. Applied to this object, using it we can get and process the parameters of the script.
2) That dead loop is to keep us monitoring him (her). Whenever he opens a program, we get a new instance and we can know more about him. Haha, it's cruel enough. In this way, you will know that after our script is run, monitoring can only be interrupted through our artificial abortion. You can use CTRL+C to complete the artificial abortion method, or use various barbaric methods to abort.
3) Another core object that appears in the code is FileSystemObject, which should be your old friend. I won’t explain it here. We apply it here mainly to save the result to a file at the same time. We use it to create or open a file and append information.
4) As for the NOW, although it is very small, it provides us with important information on time.
5) If you want to monitor your own computer rather than a remote computer (as far as I know, this application is still very wide). Then please write the parameters of the computer name as a small dot and leave the user name and password empty. As shown below:
monitor . "" "" C:\
2. Task 5: Use scripts to open sharing for the other party
With the foundation of Task 4, let’s look at the code first this time:
Set colArgs =
If < 5 then
"USAGE:" & vbCrLf & " Rshare Computer User Password SharePath ShareName"
End If
strComputer = (0)
strUser = (1)
strPwd = (2)
strPath = (3)
strShareName = (4)
intMaximumAllowed = 1
strDescription = "Temporary share"
Const SHARED_FOLDER = 0
set olct=createobject("")
set wbemServices=(strComputer,"root\cimv2",strUser,strPwd)
Set objSWbemObject = ("Win32_Share")
intReturnValue = (strPath, _
strShareName, _
SHARED_FOLDER, _
intMaximumAllowed, _
strDescription)
if(intReturnValue = 0) Then
"The share have been created successfully"
End If
Commentary:
1) We can see that the previous lines exist for displaying help and processing input parameters.
2) Then several variables were set for later parameters. We can ignore it here.
3) Connect to the WMI of the host, and then query. What has been said before is very detailed.
4) After getting the instance set this time, we used one of its methods, which is this method that makes sharing possible. In connection with the content of the second part, it is not difficult for us to know that the first parameter represents the path and file name to be shared, the second parameter represents the shared name, the third parameter is 0, the fourth parameter refers to the number of people who can be connected, and the fifth parameter is shared description, and we only care about the previous two parameters. If you have MSDN on hand, it will be easy. You can find more detailed contents of this method in MSDN.
5) This time we use the return value of step 4 to get whether the sharing is successful and give a prompt. Different return values represent different meanings. This information can be found clearly in MSDN. For example, 0 means successful return, 2 means access denied, 9 means username error, 25 means hostname not found, etc.
6) This time we need to note that using this script to realize remote file sharing requires that this file exist remotely, otherwise it cannot be shared. Of course, you can also use the teaching book to create your own folder. It is easy to create it yourself.
7) As mentioned above, the share after the script is created is a complete share. You can delete and modify files.
8) Examples of usage: share netp net swswsw C:\dodo marsh
Okay, so far, everyone should have some understanding of this friend, and my introduction task has come to an end. If you want to know it further, it mainly depends on everyone's initiative. This time we mainly know it through WMIC and scripts. Next time I will lead everyone to know it through real program code, so that it also has a beautiful face like Windows. What I mentioned today is probably only one ten thousandth of WMI, and it is not the tip of the iceberg. The rest depends on yourself. If you are willing to use what you have learned, then a miracle will happen.
Previous page12Read the full text