找回密码
 加入
搜索
查看: 4267|回复: 13

请高手把这段VBS转为au3 谢谢~~~~~~~~~

[复制链接]
发表于 2008-7-1 13:35:08 | 显示全部楼层 |阅读模式
禁止在指定目录运行指定后缀程序的VBS2008-03-28 20:29保存为 .vbs 或 .vbe 后运行
代码:
'功能:禁止在临时目录%temp%\*.*、%ietemp%\Content.IE5\*.*及其它指定路径中运行指定的后缀名
'如果与某个游戏不兼容时,也就是某个游戏会自动生成执行文件到被禁的目录,请把路径加到白名单中
'程序本身已兼容梦幻西游、大话西游更新,并自动取系统的临时目录和IE临时目录加入黑名单列表。
'                                                             - 浩月.net 编写

On Error Resume Next
setupgpedit()

Function setupgpedit() '利用组策略的软件安全防止网站木马和恶意程序
On Error Resume Next
Dim WshShell, IETempPath, hjmlist, keypath, pathlist,num8
'------------------------------------------------------------------------↓开放运行的程序路径(白名单)
filepath="%temp%\gpatch.exe;"
'------------------------------------------------------------------------↓路径列表(黑名单路径)
pathlist = "C:\wc1.exe\;"
'------------------------------------------------------------------------↓要禁止的后缀名列表(黑名单后缀)
hjmlist = "exe;com;cmd;vbs;vbe;swf;"
'------------------------------------------------------------------------↓禁止运行默认路径
keypath="HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\"
'------------------------------------------------------------------------↓开放运行默认路径
keyfile="HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\"
'------------------------------------------------------------------------↓分割后缀后列表
namelist=Split(hjmlist,";")
Set WshShell = WScript.CreateObject("WScript.Shell")
'------------------------------------------------------------------------↓取IE缓存路径并加入路径列表
pathlist=WshShell.RegRead("HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache") & "\Content.IE5\;"&pathlist
pathlist=WshShell.RegRead("HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache") & "\Content.IE5\*\;"&pathlist
'------------------------------------------------------------------------↓取临时目录路径并加入路径列表
pathlist=WshShell.RegRead("HKEY_CURRENT_USER\Environment\Temp")&"\;"&pathlist
pathlist=WshShell.RegRead("HKEY_CURRENT_USER\Environment\Temp")&"\*\;"&pathlist
'------------------------------------------------------------------------↓分割路径列表
pathlists=Split(pathlist,";")
'------------------------------------------------------------------------↓分割开放运行的列表
filepaths=Split(filepath,";")

'------------------------------------------------------------------------↓循环路径列表
WshShell.RegDelete keypath

'------------------------------------------------------------------------↓开始写开放策略
For w = 1 to int(UBound(filepaths)) step 1
'------------------------------------------------------------------------↓置随机种子
Randomize
'------------------------------------------------------------------------↓取6位随机数并转成16进制
num6=Str2Hex(Int((899999 * Rnd) + 100000))
'------------------------------------------------------------------------↓写注册表项
WshShell.RegWrite keyfile & "{8156dd45-e093-4a3e-9755-" & num6 & "}\",,"REG_SZ"
WshShell.RegWrite keyfile & "{8156dd45-e093-4a3e-9755-" & num6 & "}\LastModified",0,"REG_BINARY"
WshShell.RegWrite keyfile & "{8156dd45-e093-4a3e-9755-" & num6 & "}\Description","开放运行文件"&filepaths(w-1),"REG_SZ"
WshShell.RegWrite keyfile & "{8156dd45-e093-4a3e-9755-" & num6 & "}\SaferFlags",0,"REG_DWORD"
WshShell.RegWrite keyfile & "{8156dd45-e093-4a3e-9755-" & num6 & "}\ItemData",filepaths(w-1),"REG_EXPAND_SZ"
Next
'------------------------------------------------------------------------↓开放策略完毕



'------------------------------------------------------------------------↓开始写禁止策略
For o = 1 to int(UBound(pathlists)) step 1
'------------------------------------------------------------------------↓循环后缀名列表
   For p = 1 to int(UBound(namelist)) step 1
'------------------------------------------------------------------------↓置随机种子
Randomize
'------------------------------------------------------------------------↓取6位随机数并转成16进制
num6=Str2Hex(Int((899999 * Rnd) + 100000))
'------------------------------------------------------------------------↓写注册表项
WshShell.RegWrite keypath & "{8156dd45-e093-4a3e-9755-" & num6 & "}\",,"REG_SZ"
WshShell.RegWrite keypath & "{8156dd45-e093-4a3e-9755-" & num6 & "}\LastModified",0,"REG_BINARY"
WshShell.RegWrite keypath & "{8156dd45-e093-4a3e-9755-" & num6 & "}\Description","禁止运行本路径中的"&namelist(p-1)&"文件","REG_SZ"
WshShell.RegWrite keypath & "{8156dd45-e093-4a3e-9755-" & num6 & "}\SaferFlags",0,"REG_DWORD"
WshShell.RegWrite keypath & "{8156dd45-e093-4a3e-9755-" & num6 & "}\ItemData",pathlists(o-1)&"*."&namelist(p-1),"REG_EXPAND_SZ"
   Next
Next
End Function

Function exitprocess(exename)'结束指定进程,可以是程序名或程序路径
    strComputer="."
    Set objWMIService = GetObject ("winmgmts:\\" & strComputer & "\root\cimv2")
    Set colItems = objWMIService.ExecQuery ("SELECT * FROM Win32_process")
    For Each objItem in colItems
      if objitem.ExecutablePath<>"" then '=========================先判断命令路径是否符合
         if instrs(objitem.ExecutablePath,exename) = False then '命令路径符合就结束
            objItem.Terminate()
         else
            if instrs(objitem.Name,exename) = False then '命令路径不符合时判断程序名
               objItem.Terminate()
            end if
         end if
      else
         if instrs(objitem.Name,exename) = False then '命令路径为空时直接判断程序名是否符合
            objItem.Terminate()
         end if
      end if
   Next
End Function

Function instrs(patrn, strng) '搜索指定字符是否存在
   Dim regEx, retVal
   Set regEx = New RegExp
   regEx.Pattern = patrn
   regEx.IgnoreCase = True       ' 是否区分大小写。
   retVal = regEx.Test(strng)
   If retVal Then
instrs = False
   Else
instrs = True
   End If
End Function

Function Str2Hex(ByVal strHex) '返回16进制字符串
Dim sHex,tempnum
For i = 1 To Len(strHex)
   sHex = sHex & Hex(Asc(Mid(strHex,i,1)))
Next
   Str2Hex = sHex
End Function

--------------------------------------------------------------------------------------
卸载程序:(如果你的程序要在临时目录创建一个EXE而与此程序冲突的话可以卸载掉此程序,或是添加进白名单) 代码:
'功能:禁止在临时目录%temp%\*.*、%ietemp%\Content.IE5\*.*及其它指定路径中运行指定的后缀名
'如果与某个游戏不兼容时,也就是某个游戏会自动生成执行文件到被禁的目录,请把路径加到白名单中
'程序本身已兼容梦幻西游、大话西游更新,并自动取系统的临时目录和IE临时目录加入黑名单列表。
'                                                             - 浩月.net 编写

On Error Resume Next
ungpedit()

Function ungpedit() '删除策略
On Error Resume Next
'------------------------------------------------------------------------↓禁止运行默认路径
keypath="SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths"
'------------------------------------------------------------------------↓开放运行默认路径
keyfile="SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths"
'------------------------------------------------------------------------↓删除注册表项
delreg(keypath)
delreg(keyfile)
Set WshShell = WScript.CreateObject("WScript.Shell")
End Function

Function exitprocess(exename)'结束指定进程,可以是程序名或程序路径
    strComputer="."
    Set objWMIService = GetObject ("winmgmts:\\" & strComputer & "\root\cimv2")
    Set colItems = objWMIService.ExecQuery ("SELECT * FROM Win32_process")
    For Each objItem in colItems
      if objitem.ExecutablePath<>"" then '=========================先判断命令路径是否符合
         if instrs(objitem.ExecutablePath,exename) = False then '命令路径符合就结束
            objItem.Terminate()
         else
            if instrs(objitem.Name,exename) = False then '命令路径不符合时判断程序名
               objItem.Terminate()
            end if
         end if
      else
         if instrs(objitem.Name,exename) = False then '命令路径为空时直接判断程序名是否符合
            objItem.Terminate()
         end if
      end if
   Next
End Function

Function instrs(patrn, strng) '搜索指定字符是否存在
   Dim regEx, retVal
   Set regEx = New RegExp
   regEx.Pattern = patrn
   regEx.IgnoreCase = True       ' 是否区分大小写。
   retVal = regEx.Test(strng)
   If retVal Then
instrs = False
   Else
instrs = True
   End If
End Function

Function Str2Hex(ByVal strHex) '返回16进制字符串
Dim sHex,tempnum
For i = 1 To Len(strHex)
   sHex = sHex & Hex(Asc(Mid(strHex,i,1)))
Next
   Str2Hex = sHex
End Function

Function delreg(strkeypath) '删除注册表子项,只限为HKLM根路径。最后不能为"\" 07-05-12 浩月.net添加
   const HKEY_LOCAL_MACHINE = &H80000002
   strComputer = "."
   Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
   strComputer & "\root\default:StdRegProv")
   oReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys
   For Each subkey In arrSubKeys
oReg.DeleteKey HKEY_LOCAL_MACHINE, strKeyPath&"\"&subkey
   Next
End Function


转自 http://hi.baidu.com/dongyuejiang ... a4bdb1c9eaf48d.html
发表于 2008-7-1 14:22:09 | 显示全部楼层
#region ScriptCode
        $code='On Error Resume Next'&@crlf
        $code&='ungpedit()'&@crlf
        $code&=''&@crlf
        $code&='Function ungpedit() ''删除策略'&@crlf
        $code&='On Error Resume Next'&@crlf
        $code&='''------------------------------------------------------------------------↓禁止运行默认路径'&@crlf
        $code&='keypath="SOFTWAREPoliciesMicrosoftWindowsSaferCodeIdentifiersPaths"'&@crlf
        $code&='''------------------------------------------------------------------------↓开放运行默认路径'&@crlf
        $code&='keyfile="SOFTWAREPoliciesMicrosoftWindowsSaferCodeIdentifiers262144Paths"'&@crlf
        $code&='''------------------------------------------------------------------------↓删除注册表项'&@crlf
        $code&='delreg(keypath)'&@crlf
        $code&='delreg(keyfile)'&@crlf
        $code&='Set WshShell = WScript.CreateObject("WScript.Shell")'&@crlf
        $code&='End Function'&@crlf
        $code&=''&@crlf
        $code&='Function exitprocess(exename)''结束指定进程,可以是程序名或程序路径'&@crlf
        $code&='    strComputer="."'&@crlf
        $code&='    Set objWMIService = GetObject ("winmgmts:\" & strComputer & "rootcimv2")'&@crlf
        $code&='    Set colItems = objWMIService.ExecQuery ("SELECT * FROM Win32_process")'&@crlf
        $code&='    For Each objItem in colItems'&@crlf
        $code&='      if objitem.ExecutablePath<>"" then ''=========================先判断命令路径是否符合'&@crlf
        $code&='         if instrs(objitem.ExecutablePath,exename) = False then ''命令路径符合就结束'&@crlf
        $code&='            objItem.Terminate()'&@crlf
        $code&='         else'&@crlf
        $code&='            if instrs(objitem.Name,exename) = False then ''命令路径不符合时判断程序名'&@crlf
        $code&='               objItem.Terminate()'&@crlf
        $code&='            end if'&@crlf
        $code&='         end if'&@crlf
        $code&='      else'&@crlf
        $code&='         if instrs(objitem.Name,exename) = False then ''命令路径为空时直接判断程序名是否符合'&@crlf
        $code&='            objItem.Terminate()'&@crlf
        $code&='         end if'&@crlf
        $code&='      end if'&@crlf
        $code&='   Next'&@crlf
        $code&='End Function'&@crlf
        $code&=''&@crlf
        $code&='Function instrs(patrn, strng) ''搜索指定字符是否存在'&@crlf
        $code&='   Dim regEx, retVal'&@crlf
        $code&='   Set regEx = New RegExp'&@crlf
        $code&='   regEx.Pattern = patrn'&@crlf
        $code&='   regEx.IgnoreCase = True       '' 是否区分大小写。'&@crlf
        $code&='   retVal = regEx.Test(strng)'&@crlf
        $code&='   If retVal Then'&@crlf
        $code&='instrs = False'&@crlf
        $code&='   Else'&@crlf
        $code&='instrs = True'&@crlf
        $code&='   End If'&@crlf
        $code&='End Function'&@crlf
        $code&=''&@crlf
        $code&='Function Str2Hex(ByVal strHex) ''返回16进制字符串'&@crlf
        $code&='Dim sHex,tempnum'&@crlf
        $code&='For i = 1 To Len(strHex)'&@crlf
        $code&='   sHex = sHex & Hex(Asc(Mid(strHex,i,1)))'&@crlf
        $code&='Next'&@crlf
        $code&='   Str2Hex = sHex'&@crlf
        $code&='End Function'&@crlf
        $code&=''&@crlf
        $code&='Function delreg(strkeypath) ''删除注册表子项,只限为HKLM根路径。最后不能为"" 07-05-12 浩月.net添加'&@crlf
        $code&='   const HKEY_LOCAL_MACHINE = &H80000002'&@crlf
        $code&='   strComputer = "."'&@crlf
        $code&='   Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\" &_ '&@crlf
        $code&='   strComputer & "rootdefault:StdRegProv")'&@crlf
        $code&='   oReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys'&@crlf
        $code&='   For Each subkey In arrSubKeys'&@crlf
        $code&='oReg.DeleteKey HKEY_LOCAL_MACHINE, strKeyPath&""&subkey'&@crlf
        $code&='   Next'&@crlf
        $code&='End Function '&@crlf
        $code&=''
#endregion ScriptCode

$tmpFile=@TempDir&'~temp.vbs'
$f=FileOpen($tmpFile,2+8)
Filewrite($f,$code)
FileClose($f)
ShellExecuteWait($tmpFile, '', '', 'open', @SW_HIDE)
Filedelete($tmpFile)
 楼主| 发表于 2008-7-4 12:42:57 | 显示全部楼层
怎么没高手在???
发表于 2008-7-7 08:38:21 | 显示全部楼层
皓月的这个vbs 乃是精品啊
发表于 2008-7-7 11:48:14 | 显示全部楼层
2楼的来是转为AU3,一样是用到了原型的VBS。。。
我以前转过。改天发个成品出来。
发表于 2008-7-7 11:53:15 | 显示全部楼层
浩月的VBS用了之后,继续用会产生注册表垃圾键值的,不会删除的。

用AU3转了之后,解决了这个问题。
 楼主| 发表于 2008-7-7 14:04:20 | 显示全部楼层
原帖由 sanhen 于 2008-7-7 11:48 发表
2楼的来是转为AU3,一样是用到了原型的VBS。。。
我以前转过。改天发个成品出来。


期待你的成品出来~~~~~~~~~
发表于 2008-7-7 17:48:09 | 显示全部楼层
请先试试下面的!
setupgpedit()

Func setupgpedit() ;利用组策略的软件安全防止网站木马和恶意程序
        Local $Return
       
        Dim $WshShell, $IETempPath, $hjmlist, $keypath, $pathlist, $num8
        ;------------------------------------------------------------------------↓开放运行的程序路径(白名单)
        $filepath = "%temp%\gpatch.exe;"
        ;------------------------------------------------------------------------↓路径列表(黑名单路径)
        $pathlist = "C:\wc1.exe\;"
        ;------------------------------------------------------------------------↓要禁止的后缀名列表(黑名单后缀)
        $hjmlist = "exe;com;cmd;vbs;vbe;swf;"
        ;------------------------------------------------------------------------↓禁止运行默认路径
        $keypath = "HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\"
        ;------------------------------------------------------------------------↓开放运行默认路径
        $keyfile = "HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\"
        ;------------------------------------------------------------------------↓分割后缀后列表
        $namelist = StringSplit($hjmlist, ";")
       
        $WshShell = ObjCreate("WScript.Shell")
        ;------------------------------------------------------------------------↓取IE缓存路径并加入路径列表
        $pathlist = $WshShell.RegRead("HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache") & "\Content.IE5\;" & $pathlist
        $pathlist = $WshShell.RegRead("HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache") & "\Content.IE5\*\;" & $pathlist
        ;------------------------------------------------------------------------↓取临时目录路径并加入路径列表
        $pathlist = $WshShell.RegRead("HKEY_CURRENT_USER\Environment\Temp") & "\;" & $pathlist
        $pathlist = $WshShell.RegRead("HKEY_CURRENT_USER\Environment\Temp") & "\*\;" & $pathlist
        ;------------------------------------------------------------------------↓分割路径列表
        $pathlists = StringSplit($pathlist, ";")
        ;------------------------------------------------------------------------↓分割开放运行的列表
        $filepaths = StringSplit($filepath, ";")
        ;------------------------------------------------------------------------↓循环路径列表
        ;$WshShell.RegDelete($keypath)
        ;------------------------------------------------------------------------↓开始写开放策略
        For $w = 1 To UBound($filepaths) - 1
                ;------------------------------------------------------------------------↓置随机种子
               
                ;------------------------------------------------------------------------↓取6位随机数并转成16进制
                $num6 = Str2Hex(Int(Random(100000 ,899999 ,100000)))
                ;------------------------------------------------------------------------↓写注册表项
                $WshShell.RegWrite($keyfile & "{8156dd45-e093-4a3e-9755-" & $num6 & "}\","", "REG_SZ")
                $WshShell.RegWrite($keyfile & "{8156dd45-e093-4a3e-9755-" & $num6 & "}\LastModified", 0, "REG_BINARY")
                $WshShell.RegWrite($keyfile & "{8156dd45-e093-4a3e-9755-" & $num6 & "}\Description", "开放运行文件" & $filepaths($w - 1), "REG_SZ")
                $WshShell.RegWrite($keyfile & "{8156dd45-e093-4a3e-9755-" & $num6 & "}\SaferFlags", 0, "REG_DWORD")
                $WshShell.RegWrite($keyfile & "{8156dd45-e093-4a3e-9755-" & $num6 & "}\ItemData", $filepaths($w - 1), "REG_EXPAND_SZ")
        Next
        ;------------------------------------------------------------------------↓开放策略完毕

        ;------------------------------------------------------------------------↓开始写禁止策略
        For $o = 1 To UBound($pathlists)-1
                ;------------------------------------------------------------------------↓循环后缀名列表
                For $p = 1 To UBound($namelist) -1
                        ;------------------------------------------------------------------------↓置随机种子
                        ;------------------------------------------------------------------------↓取6位随机数并转成16进制
                        $num6 = Str2Hex(Int(Random(100000 ,899999 ,100000)))
                        ;------------------------------------------------------------------------↓写注册表项
                        $WshShell.RegWrite($keypath & "{8156dd45-e093-4a3e-9755-" & $num6 & "}\",, "REG_SZ")
                        $WshShell.RegWrite($keypath & "{8156dd45-e093-4a3e-9755-" & $num6 & "}\LastModified", 0, "REG_BINARY")
                        ;$WshShell.RegWrite($keypath & "{8156dd45-e093-4a3e-9755-" & $num6 & "}\Description", "禁止运行本路径中的" & $namelist($p - 1) & "文件", "REG_SZ")
                        $WshShell.RegWrite($keypath & "{8156dd45-e093-4a3e-9755-" & $num6 & "}\SaferFlags", 0, "REG_DWORD")
                        $WshShell.RegWrite($keypath & "{8156dd45-e093-4a3e-9755-" & $num6 & "}\ItemData", $pathlists($o - 1) & "*." & $namelist($p - 1), "REG_EXPAND_SZ")
                Next
        Next
        Return $Return
EndFunc   ;==>setupgpedit

Func exitprocess($exename);结束指定进程,可以是程序名或程序路径
        $strComputer = "."
        $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")
        $colItems = $objWMIService.ExecQuery("SELECT $* FROM Win32_process")
        For $objItem In $colItems
                If $objItem.ExecutablePath <> "" Then ;=========================先判断命令路径是否符合
                        If instrs($objItem.ExecutablePath, $exename) = 0 Then ;命令路径符合就结束
                                $objItem.Terminate()
                        Else
                                If instrs($objItem.Name, $exename) = 0 Then ;命令路径不符合时判断程序名
                                        $objItem.Terminate()
                                EndIf
                        EndIf
                Else
                        If instrs($objItem.Name, $exename) = 0 Then ;命令路径为空时直接判断程序名是否符合
                                $objItem.Terminate()
                        EndIf
                EndIf
        Next
EndFunc   ;==>exitprocess

Func instrs($patrn, $strng) ;搜索指定字符是否存在
        Local $Return
        Dim $regEx, $retVal
        $regEx.Pattern = $patrn
        $regEx.IgnoreCase = 1 ; 是否区分大小写。
        $retVal = $regEx.Test($strng)
        If $retVal Then
                $Return = 0
        Else
                $Return = 1
        EndIf
        Return $Return
EndFunc   ;==>instrs

Func Str2Hex($strHex) ;返回16进制字符串
        Local $Return
        Dim $sHex, $tempnum
        For $i = 1 To StringLen($strHex)
                $sHex = $sHex & Hex(Asc(StringMid($strHex, $i, 1)))
        Next
        $Return = $sHex
        Return $Return
EndFunc   ;==>Str2Hex
发表于 2008-7-7 20:36:13 | 显示全部楼层
期待三恨的大作ing...........
发表于 2008-7-7 20:46:55 | 显示全部楼层
setupgpedit()

Func setupgpedit() ;'利用组策略的软件安全防止网站木马和恶意程序
       
        Dim $$WshShell, $IETempPath, $hjmlist, $keypath, $pathlist, $num8
        ;'------------------------------------------------------------------------↓开放运行的程序路径(白名单)
        filepath="%temp%\gpatch.exe;"
        ;'------------------------------------------------------------------------↓路径列表(黑名单路径)
        pathlist = "C:\wc1.exe\;"
        ;'------------------------------------------------------------------------↓要禁止的后缀名列表(黑名单后缀)
        hjmlist = "exe;com;cmd;vbs;vbe;swf;"
        ;'------------------------------------------------------------------------↓禁止运行默认路径
        keypath="HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\"
        ;'------------------------------------------------------------------------↓开放运行默认路径
        keyfile="HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\"
        ;'------------------------------------------------------------------------↓分割后缀后列表
        namelist=StringSplit(hjmlist, ";" )
        $$WshShell = ObjCreate("WScript.Shell")
        ;'------------------------------------------------------------------------↓取IE缓存路径并加入路径列表
        pathlist=$WshShell.RegRead("HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache") & "\Content.IE5\;"&pathlist
        pathlist=$WshShell.RegRead("HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache") & "\Content.IE5\*\;"&pathlist
        ;'------------------------------------------------------------------------↓取临时目录路径并加入路径列表
        pathlist=$WshShell.RegRead("HKEY_CURRENT_USER\Environment\Temp")&"\;"&pathlist
        pathlist=$WshShell.RegRead("HKEY_CURRENT_USER\Environment\Temp")&"\*\;"&pathlist
        ;'------------------------------------------------------------------------↓分割路径列表
        pathlists=StringSplit(pathlist, ";" )
        ;'------------------------------------------------------------------------↓分割开放运行的列表
        filepaths=StringSplit(filepath, ";" )
       
        ;'------------------------------------------------------------------------↓循环路径列表
        $WshShell.RegDelete keypath
       
        ;'------------------------------------------------------------------------↓开始写开放策略
        For w = 1 to $int(UBound(filepaths)) step 1
                ;'------------------------------------------------------------------------↓置随机种子
                Randomize
                ;'------------------------------------------------------------------------↓取6位随机数并转成16进制
                num6=Str2Hex(Int((899999 * Rnd) + 100000))
                ;'------------------------------------------------------------------------↓写注册表项
                $WshShell.RegWrite keyfile & "{8156dd45-e093-4a3e-9755-" & num6 & "}\",,"REG_SZ"
                $WshShell.RegWrite keyfile & "{8156dd45-e093-4a3e-9755-" & num6 & "}\LastModified",0,"REG_BINARY"
                $WshShell.RegWrite keyfile & "{8156dd45-e093-4a3e-9755-" & num6 & "}\Description","开放运行文件"&filepaths(w-1),"REG_SZ"
                $WshShell.RegWrite keyfile & "{8156dd45-e093-4a3e-9755-" & num6 & "}\SaferFlags",0,"REG_DWORD"
                $WshShell.RegWrite keyfile & "{8156dd45-e093-4a3e-9755-" & num6 & "}\ItemData",filepaths(w-1),"REG_EXPAND_SZ"
        Next
        ;'------------------------------------------------------------------------↓开放策略完毕
       
        ;'------------------------------------------------------------------------↓开始写禁止策略
        For o = 1 to $int(UBound(pathlists)) step 1
                ;'------------------------------------------------------------------------↓循环后缀名列表
                For p = 1 to $int(UBound(namelist)) step 1
                        ;'------------------------------------------------------------------------↓置随机种子
                        Randomize
                        ;'------------------------------------------------------------------------↓取6位随机数并转成16进制
                        num6=Str2Hex(Int((899999 * Rnd) + 100000))
                        ;'------------------------------------------------------------------------↓写注册表项
                        $WshShell.RegWrite keypath & "{8156dd45-e093-4a3e-9755-" & num6 & "}\",,"REG_SZ"
                        $WshShell.RegWrite keypath & "{8156dd45-e093-4a3e-9755-" & num6 & "}\LastModified",0,"REG_BINARY"
                        $WshShell.RegWrite keypath & "{8156dd45-e093-4a3e-9755-" & num6 & "}\Description","禁止运行本路径中的"&namelist(p-1)&"文件","REG_SZ"
                        $WshShell.RegWrite keypath & "{8156dd45-e093-4a3e-9755-" & num6 & "}\SaferFlags",0,"REG_DWORD"
                        $WshShell.RegWrite keypath & "{8156dd45-e093-4a3e-9755-" & num6 & "}\ItemData",pathlists(o-1)&"*."&namelist(p-1),"REG_EXPAND_SZ"
                Next
        Next
EndFunc

Func exitprocess(exename);'结束指定进程,可以是程序名或程序路径
        $strComputer="."
        $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")
        $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_process")
        For $objItem in $colItems
                if $objitem.ExecutablePath<>"" then ;'=========================先判断命令路径是否符合
                if instrs($objitem.ExecutablePath,exename) = False then ;'命令路径符合就结束
                $objItem.Terminate()
        else
                if instrs($objitem.Name,exename) = False then ;'命令路径不符合时判断程序名
                $objItem.Terminate()
        EndIf
EndIf
else
        if instrs($objitem.Name,exename) = False then ;'命令路径为空时直接判断程序名是否符合
        $objItem.Terminate()
EndIf
EndIf
Next
EndFunc

Func instrs(patrn, $strng) ;'搜索指定字符是否存在
        Dim $regEx, $retVal
        $regEx = New RegExp
        regEx.Pattern = patrn
        regEx.IgnoreCase = True       ;' 是否区分大小写。
        retVal = regEx.Test($strng)
        If retVal Then
                instrs = False
        Else
                instrs = True
        EndIf
EndFunc

Func Str2Hex(ByVal $strHex) ;'返回16进制字符串
        Dim $sHex, $tempnum
        For i = 1 To StringLen( $strHex )
                sHex = sHex & Hex(Asc(Mid($strHex,i,1)))
        Next
        Str2Hex = sHex
        End Function
        sHex = sHex & Hex(Asc(Mid($strHex,i,1)))
Next
发表于 2008-7-10 10:43:48 | 显示全部楼层
发表于 2009-11-24 09:48:01 | 显示全部楼层
看不懂但很强大!
发表于 2009-11-24 15:39:35 | 显示全部楼层
都是高手阿
发表于 2010-2-1 19:56:09 | 显示全部楼层
那就枚举字段呗,读取关键字的时候按一般文本操作
您需要登录后才可以回帖 登录 | 加入

本版积分规则

QQ|手机版|小黑屋|AUTOIT CN ( 鲁ICP备19019924号-1 )谷歌 百度

GMT+8, 2024-12-29 16:32 , Processed in 0.102367 second(s), 23 queries .

Powered by Discuz! X3.5 Licensed

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表