(转载)Windows信息搜集vbs脚本
作者:互联网
参考:
https://blkstone.github.io/2016/11/25/system-summary-with-vbs/
https://blog.csdn.net/cl939974883/article/details/104168442
PS:下面代码是在Windows环境下执行,复制完成后,使用编辑器软件或者记事本打开,然后右键另存为保存将编码改为ANSI
详细代码内容
'################################################
' NAME: bkReport
'
' AUTHOR: bobkey , nsfocus.com
' Mail : qinbo@nsfocus.com
' DATE : v1.0 11/24/2004
' v2.0 12/25/2005
' v2.1 03/20/2006
' v2.2 01/10/2007
' COMMENT: 检测并输出html. wsh5.1以上环境运行
'
'#################################################
'********************************************************************
'* *
'* Begin of File *
'* *
'*******************************************************************
On Error Resume Next
Const forwriting=2
Const forreading=1
Dim oFSO,oF,eventlog
Text = "此脚本运行不会对您的系统造成任何损害或恶意行为" &VbCrLf&vbCrlf& "通过连接WMI提供的公共接口枚举系统相关信息"&VbCrLf&VbCrLf& "按确定键运行30秒左右会生成html格式报告"
Title_Text = "bkReport Version 2.2"
MsgBox Text,vbExclamation+vbSystemModal,Title_Text
dtmStart = Now()
strComputer = "."
Set oShell = WScript.CreateObject("WScript.Shell")
hostname=oShell.ExpandEnvironmentStrings("%computername%")
MainReport=hostname&"_Report.html"
EventReport=hostname&"_EventLog.html"
datec=Now()
Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oF = oFSO.CreateTextFile(MainReport)
Set eventlog=oFSO.CreateTextFile(EventReport)
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colComputers = objWMIService.ExecQuery _
("Select * from Win32_ComputerSystem")
For Each objComputer in colComputers
Select Case objComputer.DomainRole
Case "0" machine= "独立工作站"
Case "1" machine= "成员工作站"
Case "2" machine= "独立服务器"
Case "3" machine= "成员服务器"
Case "4" machine= "备份服务器"
Case "5" machine= "主域控制器"
End Select
Next
oF.WriteLine "<html>"
oF.WriteLine "<head><title>MainReport Build by bkReport.vbs</title></head>"
oF.Writeline "<p> </p><p> </p><p> </p>"
oF.WriteLine "<h2><font color=MidnightBlue><center>"&hostname&"@"&machine&" 快照信息 </center></font></h2>"
oF.WriteLine "<p align=right><font size=2>date: " & Now()&"</font></p>"
oF.Writeline "<hr width=80% color=#ff8000>"
oF.Writeline "<p> </p>"
oF.WriteLine "<OL><LI><a href=#here1>系统摘要</a>"
oF.WriteLine "<LI><a href=#here2>BIOS信息</a>"
oF.WriteLine "<LI><a href=#here3>环境变量</a>"
oF.WriteLine "<LI><a href=#here4>系统文件内容</a>"
oF.WriteLine "<LI><a href=#here5>网络状态</a>"
oF.WriteLine "<LI><a href=#here6>磁盘和共享</a>"
oF.WriteLine "<LI><a href=#here7>进程</a>"
oF.WriteLine "<LI><a href=#here8>进程ID对应的启动服务</a>"
oF.WriteLine "<LI><a href=#here9>服务</a>"
oF.WriteLine "<LI><a href=#here10>补丁</a>"
oF.WriteLine "<LI><a href=#here11>软件</a>"
oF.WriteLine "<LI><a href=#here12>帐号</a>"
oF.WriteLine "<LI><a href=#here13>AT创建的计划任务</a>"
oF.WriteLine "<LI><a href=#here14>重要文件属性</a>"
oF.WriteLine "<LI><a href=#here15>自启动项</a>"
oF.WriteLine "<LI><a href=#here16>注册表</a>"
oF.WriteLine "<LI><a href=#here17>系统日志</a></LI></OL>"
oF.Writeline "<p> </p><p> </p>"
'---------------------------------
'系统摘要
' --------------------------------
Set objWMIService = GetObject("winmgmts:\\" & strComputer)
Set colOperatingSystems = objWMIService.InstancesOf("Win32_OperatingSystem")
oF.WriteLine "<h3><font color=MidnightBlue><a name=here1>"&"[ 1. 系统摘要 ]"&"</a></font></h3>"
oF.WriteLine "<table BORDER=1 style=font-size:9pt cellspacing=1 align=CENTER>"
For Each objOperatingSystem In colOperatingSystems
ostype=objOperatingSystem.Name
LastbootUpTime=objOperatingSystem.LastBootUpTime
' oF.WriteLine "<tr><td><b>" &"Name: "&"</b></td><td>"& objOperatingSystem.Name &"</td></tr>"
' oF.WriteLine "<tr><td><b>" & "Caption: " &"</b></td><td>" &objOperatingSystem.Caption &"</td></tr>"
' oF.WriteLine "<tr><td><b>" & "LastBootUpTime: "&"</b></td><td>"&objOperatingSystem.LastBootUpTime &"</td></tr>"
' oF.WriteLine "<tr><td><b>" & "LocalDateTime: " &"</b></td><td>"&objOperatingSystem.LocalDateTime &"</td></tr>"
' oF.WriteLine "<tr><td><b>"& "Version: " &"</b></td><td>"&objOperatingSystem.Version &"</td></tr>"
'oF.WriteLine "<tr><td><b>"& "Windows Directory: "&"</b></td><td>"&objOperatingSystem.WindowsDirectory&"</td></tr>"
Next
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_MemoryArray")
For Each objItem in colItems
memsize =CLng(objItem.EndingAddress /1024)
' oF.WriteLine "memory size: " & objItem.EndingAddress /1024 &" MB"
Next
Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set col = objWMI.ExecQuery("Select * from Win32_Processor")
For Each obj in col
cpuinfo=obj.Name
Next
oF.WriteLine "<table BORDER=1 style=font-size:9pt> <tr><th CLASS=pt bgColor=#808080>OS</th><th bgColor=#808080>HostName</th><th bgColor=#808080>Memory</th><th bgColor=#808080>CPU</th><th bgColor=#808080>LastBootUpTime</th></tr> "
oF.WriteLine "<tr><td>"&ostype&"</td><td>"&hostname&"</td><td>"&memsize&"MB</td><td>"&cpuinfo&"</td><td>"& LastBootUpTime &"</td></tr>"
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\"& strComputer & "\root\cimv2")
Set colAdapters = objWMIService.ExecQuery _
("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True")
oF.WriteLine "<tr><th bgColor=#808080>Adapter</th><th bgColor=#808080>MACaddr</th><th bgColor=#808080>IPaddr</th><th bgColor=#808080>Subnet</th><th bgColor=#808080>gateway</th></tr> "
For Each objAdapter in colAdapters
Adapter= objAdapter.Description
MACaddr= objAdapter.MACAddress
If Not IsNull(objAdapter.IPAddress) Then
For i = 0 To UBound(objAdapter.IPAddress)
IPaddr=objAdapter.IPAddress(i)
Next
End If
If Not IsNull(objAdapter.IPSubnet) Then
For i = 0 To UBound(objAdapter.IPSubnet)
Subnet=objAdapter.IPSubnet(i)
Next
End If
If Not IsNull(objAdapter.DefaultIPGateway) Then
For i = 0 To UBound(objAdapter.DefaultIPGateway)
gateway = objAdapter.DefaultIPGateway(i)
Next
End If
oF.WriteLine "<tr><td>"&Adapter&"</td><td>"&MACaddr&"</td><td>"&IPaddr&"</td><td>"&Subnet&"</td><td>"&gateway&"</td></tr>"
Next
oF.WriteLine "</table>"
'--------------------------------------------------------------------
'BIOS信息
'--------------------------------------------------------------------
oF.WriteLine "<h3><font color=MidnightBlue><a name=here2>"&"[ 2. BIOS信息 ]"&"</a></font ></h3>"
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colBIOS = objWMIService.ExecQuery _
("Select * from Win32_BIOS")
oF.WriteLine "<TABLE BORDER=1 WIDTH=800 style=font-size:9pt cellspacing=1><TR><TD>"
For Each objBIOS in colBIOS
oF.WriteLine "<p><font size=2>"&"Build Number: " &objBIOS.BuildNumber&"</font></p>"
oF.WriteLine "<p><font size=2>"&"Current Language: " &objBIOS.CurrentLanguage&"</font></p>"
oF.WriteLine "<p><font size=2>"&"Installable Languages: " &objBIOS.InstallableLanguages&"</font></p>"
oF.WriteLine "<p><font size=2>"& "Manufacturer: " &objBIOS.Manufacturer&"</font></p>"
oF.WriteLine "<p><font size=2>"& "Name: "&objBIOS.Name&"</font></p>"
oF.WriteLine "<p><font size=2>"& "Primary BIOS: "& objBIOS.PrimaryBIOS&"</font></p>"
oF.WriteLine "<p><font size=2>"& "Release Date: " &objBIOS.ReleaseDate&"</font></p>"
oF.WriteLine "<p><font size=2>"& "Serial Number: " & objBIOS.SerialNumber&"</font></p>"
oF.WriteLine "<p><font size=2>"& "SMBIOS Version: " &objBIOS.SMBIOSBIOSVersion&"</font></p>"
oF.WriteLine "<p><font size=2>"&"SMBIOS Minor Version: " &objBIOS.SMBIOSMinorVersion&"</font></p>"
oF.WriteLine "<p><font size=2>"& "SMBIOS Present: " &objBIOS.SMBIOSPresent&"</font></p>"
oF.WriteLine "<p><font size=2>"& "Status: " &objBIOS.Status&"</font></p>"
oF.WriteLine "<p><font size=2>"& "Version: " &objBIOS.Version&"</font></p>"
oF.WriteLine "<p><font size=2>"& "BIOS Characteristics: "&"</font></p>"
Next
oF.WriteLine "</TD></TR></TABLE>"
'-----------------------------------------------------------------
'环境变量
'-----------------------------------------------------------------
oF.WriteLine "<h3><font color=MidnightBlue><a name=here3>"&"[ 3. 环境变量 ]"&"</a></font </h3>"
Set wshshell = CreateObject("WScript.Shell")
oF.WriteLine "<TABLE BORDER=1 WIDTH=800 style=font-size:9pt cellspacing=1><TR><TD>"
oF.writeline "<b><font size=3>SYSTEM variables</font></b>"
For Each EnvirSYSTEM In wshshell.Environment("SYSTEM")
oF.writeline "<p><font size=2>" &EnvirSYSTEM &"</font></p>"
Next
oF.writeline "<b><font size=3>PROCESS variables</font></b>"
For Each EnvirPROCESS In wshshell.Environment("PROCESS")
oF.writeline "<p><font size=2>"&EnvirPROCESS &"</font></p>"
Next
oF.writeline "<b><font size=3>USER variables</font></b>"
For Each EnvirUSER In wshshell.Environment("USER")
oF.writeline "<p><font size=2>"&EnvirUSER &"</font></p>"
Next
oF.writeline "<b><font size=3>VOLATILE variables</font></b>"
For Each EnvirVOLATILE In wshshell.Environment("VOLATILE")
oF.writeline "<p><font size=2>"&EnvirVOLATILE &"</font></p>"
Next
set wshshell=Nothing
oF.WriteLine "</TD></TR></TABLE>"
'----------------------------------
'系统文件
'----------------------------------
oF.WriteLine "<h3><font color=MidnightBlue><a name=here4>"&"[ 4. 系统文件内容 ]"&"</a></font></h3>"
Set wshshell=wscript.CreateObject("WScript.shell")
autoexecBAT=wshshell.expandEnvironmentStrings("%systemdrive%")&"\autoexec.bat"
configSYS=wshshell.expandEnvironmentStrings("%systemdrive%")&"\config.sys"
bootINI=wshshell.expandEnvironmentStrings("%systemdrive%")&"\boot.ini"
winINI=wshshell.expandEnvironmentStrings("%systemroot%")&"\win.ini"
systemINI=wshshell.expandEnvironmentStrings("%systemroot%")&"\system.ini"
autoexecNT=wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\autoexec.nt"
configNT=wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\config.nt"
HOSTS=wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\drivers\etc\hosts"
Function readtxt (txtfile)
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(txtfile, 1)
oF.WriteLine "<TABLE BORDER=1 WIDTH=800 cellspacing=1><TR><TD><b><font size=3>" &txtfile &"</font></b>"
Do Until objFile.AtEndOfStream
strCharacters = objFile.Readline
oF.WriteLine "<p><font size=2>" &strCharacters &"</font></p>"
Loop
oF.WriteLine "</TD></TR></TABLE>"
End Function
readtxt (autoexecBAT)
readtxt (configSYS)
readtxt (bootINI)
readtxt (winINI)
readtxt (systemINI)
readtxt (autoexecNT)
readtxt (configNT)
readtxt (HOSTS)
'---------------------------------
'网络状态
' --------------------------------
oF.WriteLine "<h3>"&"<font color=MidnightBlue><a name=here5>"&"[ 5. 网络状态 ]"&"</a></font >"&"</h3>"
Dim f1
Set ws=WScript.CreateObject ("wscript.shell")
ws.run "%comspec% /c echo ######################### ipconfig /all ######################### > ttmp",0,True
ws.run "%comspec% /c ipconfig /all >> ttmp",0,True
ws.run "%comspec% /c echo ######################### netstat -r ######################### >> ttmp",0,True
ws.run "%comspec% /c netstat -r >>ttmp",0,True
ws.run "%comspec% /c echo ######################### arp -a ######################### >> ttmp",0,True
ws.run "%comspec% /c arp -a >>ttmp",0,True
ws.run "%comspec% /c echo ######################### netstat -an ######################### >> ttmp",0,True
ws.run "%comspec% /c netstat -an >>ttmp",0,True
ws.run "%comspec% /c echo ######################### nbtstat -r ######################### >> ttmp",0,True
ws.run "%comspec% /c nbtstat -r >>ttmp",0,True
ws.run "%comspec% /c echo ######################### nbtstat -n ######################### >> ttmp",0,True
ws.run "%comspec% /c nbtstat -n >>ttmp",0,True
ws.run "%comspec% /c echo ######################### nbtstat -S ######################### >> ttmp",0,True
ws.run "%comspec% /c nbtstat -S >>ttmp",0,True
ws.run "%comspec% /c echo ######################### netstat -es ######################### >> ttmp",0,True
ws.run "%comspec% /c netstat -es >>ttmp",0,True
Set f1=oFSO.OpenTextFile ("ttmp",forreading,True)
oF.WriteLine "<TABLE BORDER=1 WIDTH=800 cellspacing=1><TR><TD>"
Do Until f1.AtEndOfStream
a=f1.ReadLine
oF.WriteLine "<p><font size=2>" &a&"</font></p>"
Loop
oF.WriteLine "</TD></TR></TABLE>"
f1.Close
ofso.DeleteFile "ttmp",True
'---------------------------------
'检查磁盘和共享
' --------------------------------
oF.WriteLine "<h3><font color=MidnightBlue><a name=here6>"&"[ 6. 磁盘和共享 ]"&"</a></font ></h3>"
Sub Enudisk
oF.writeline "<table BORDER=1 style=font-size:9pt cellspacing=1>"
On Error Resume Next
'Enumerate Disk Drive Properties 用了除法转成MB单位,并用clng函数取整
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set colDrives = objFSO.Drives
of.writeline "<tr><th bgColor=#808080>Drive letter: </th><th bgColor=#808080>Volume name: </th><th bgColor=#808080>File system: </th><th bgColor=#808080>Total size: </th><th bgColor=#808080>Free space: </th></tr>"
For Each objDrive in colDrives
of.writeline "<tr><td>" & objDrive.DriveLetter &"</td>"&_
"<td>" & objDrive.VolumeName&"</td>"&_
"<td>" & objDrive.FileSystem&"</td>"&_
"<td>" & clng(objDrive.TotalSize /1024 /1024 ) &"MB"&"</td>"&_
"<td>" & CLng(objDrive.FreeSpace /1024 /1024 ) &"MB"&"</td></tr>"
Next
If Err <>0 Then
Err.Clear
End If
End Sub
Enudisk
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_Share",,48)
of.writeline "<tr><th bgColor=#808080>Path: </th><th bgColor=#808080>Name: </th><th bgColor=#808080>Caption:</th><th bgColor=#808080>Status:</th><th bgColor=#808080>MaximumAllowed:</th></tr>"
For Each objItem in colItems
of.writeline "<tr><td>"& objItem.Path&"</td>"& _
"<td>" & objItem.Name&"</td>"& _
"<td>" & objItem.Caption&"</td>"& _
"<td>" & objItem.Status&"</td>"&_
"<td>" &objItem.MaximumAllowed &"</td></tr>"
Next
oF.WriteLine "</table>"
'---------------------------------
'检测进程
' --------------------------------
oF.WriteLine "<h3><font color=MidnightBlue><a name=here7>"&"[ 7. 进程 ]"&"</a></font ></h3>"
Set objWMI = _
GetObject("winmgmts:{impersonationLevel=impersonate}//./root/cimv2")
Set colProcessList = objWMI.ExecQuery("SELECT * FROM Win32_Process")
Set objFSO = CreateObject("Scripting.FileSystemObject")
oF.WriteLine "<table BORDER=1 WIDTH=%100 style=font-size:9pt cellspacing=1>"
oF.writeline "<tr><th bgColor=#808080>UserDomain</th><th bgColor=#808080>Ownership</th><th bgColor=#808080>CreationDate</th><th bgColor=#808080>Process ID:</th><th bgColor=#808080>Process Name:</th>"&"<th bgColor=#808080>Executable Path:</th><th bgColor=#808080>Size:</th><th bgColor=#808080>File created:</th><th bgColor=#808080>File last modified:</th><th bgColor=#808080>File last accessed:</th></tr>"
For Each colprocess In colProcessList
colProperties=colProcess.GetOwner(strNameOfUser,strUserDomain)
Set objFile = objFSO.GetFile (colProcess.ExecutablePath)
oF.WriteLine "<tr><td>" & strUserDomain & "</td><td>"&strNameOfUser&"</td><td>"& colProcess.CreationDate&"</td><td>"&colProcess.Processid &"</td><td>" &colprocess.name&"</td><td>"&colProcess.ExecutablePath & "</td>"
oF.WriteLine "<td>" & objFile.Size &"</td>"
oF.WriteLine "<td>" & objFile.DateCreated &"</td>"
oF.WriteLine "<td>" & objFile.DateLastModified &"</td>"
oF.WriteLine "<td>" & objFile.DateLastAccessed &"</td></tr>"
Next
oF.WriteLine "</table>"
'---------------------------------
'检测进程id对应的服务
' --------------------------------
oF.WriteLine "<h3><font color=MidnightBlue><a name=here8>"&"[ 8. 进程ID对应的启动服务 ]"&"</a></font ></h3>"
set objIdDictionary = CreateObject("Scripting.Dictionary")
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colServices = objWMIService.ExecQuery _
("Select * from Win32_Service Where State <> 'Stopped'")
For Each objService in colServices
If objIdDictionary.Exists(objService.ProcessID) Then
Else
objIdDictionary.Add objService.ProcessID, objService.ProcessID
End If
Next
colProcessIDs = objIdDictionary.Items
oF.WriteLine "<TABLE BORDER=1 style=font-size:9pt cellspacing=1>"
For i = 0 to objIdDictionary.Count - 1
Set colServices = objWMIService.ExecQuery _
("Select * from Win32_Service Where ProcessID = '" & _
colProcessIDs(i) & "'")
oF.WriteLine "<TR><TH bgColor=#808080>Process ID: </TH><td>" &colProcessIDs(i)&"<td/>"
For Each objService in colServices
oF.WriteLine "<tr><td COLSPAN=2>" & objService.DisplayName &"</td></tr>"
Next
Next
oF.WriteLine "</TABLE>"
'---------------------------------
'检测服务
' --------------------------------
oF.WriteLine "<h3>"&"<font color=MidnightBlue><a name=here9>"&"[ 9. 服务 ]"&"</a></font >"&"</h3>"
strComputer = "."
Set objWMIService = GetObject("winmgmts:" & _
"{impersonationLevel=Impersonate}!\\" & strComputer & "\root\cimv2")
Set colStartServices = objWMIService.ExecQuery _
("SELECT DisplayName,State FROM Win32_Service WHERE State = 'Running'")
oF.WriteLine "<table BORDER=1 style=font-size:9pt width=100% cellspacing=1>"
oF.WriteLine "<tr><th bgColor=#808080>Running server list:</th></tr>"
of.writeline "<tr><td>"
For Each objService in colStartServices
of.writeline "<p>" & objService.DisplayName & "</p>"
Next
oF.WriteLine "</td></tr></table>"
Set objWMIService = GetObject("winmgmts:\\" & strComputer)
Set colServices = objWMIService.InstancesOf("Win32_Service")
oF.WriteLine "<table BORDER=1 style=font-size:9pt width=100% cellspacing=1>"
oF.WriteLine "<tr><th bgColor=#808080>Name:</th><th bgColor=#808080>Display Name:</th><th bgColor=#808080>Path Name:</th><th bgColor=#808080>Start Mode:</th><th bgColor=#808080>State:</th></tr>"
For Each objService In colServices
oF.WriteLine "<tr>"&"<td>" &objService.Name &"</td>"&_
"<td>" & objService.DisplayName&"</td>"& _
"<td>" & objService.PathName &"</td>"& _
"<td>" & objService.StartMode &"</td>"& _
"<td>" &objService.State &"</td>"
Next
oF.WriteLine "</tr></table>"
'---------------------------------
'检测补丁
' --------------------------------
oF.WriteLine "<h3>"&"<font color=MidnightBlue><a name=here10>"&"[ 10. 补丁 ]"&"</a></font >"&"</h3>"
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colOperatingSystems = objWMIService.ExecQuery _
("Select * from Win32_OperatingSystem")
For Each objOperatingSystem in colOperatingSystems
PACKVER = objOperatingSystem.ServicePackMajorVersion _
& "." & objOperatingSystem.ServicePackMinorVersion
Next
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colQuickFixes = objWMIService.ExecQuery _
("Select * from Win32_QuickFixEngineering")
oF.WriteLine "<table BORDER=1 style=font-size:9pt cellspacing=1>"
oF.WriteLine "<tr><th bgColor=#808080>PackVersion: </th><td>"&PACKVER&"</td></tr>"
' oF.WriteLine "<td>Computer: </td>"
oF.WriteLine "<tr><th bgColor=#808080>Description:</th>"
oF.WriteLine "<th bgColor=#808080>Hotfix ID:</th>"
' oF.WriteLine "<td>Installation Date:</td>"
' oF.WriteLine "<td>Installed By:</td>"
oF.WriteLine "</tr>"
For Each objQuickFix in colQuickFixes
oF.WriteLine "<tr>"
' oF.WriteLine "<td>" & objQuickFix.CSName & "</td>"
oF.WriteLine "<td>" & objQuickFix.Description & "</td>"
oF.WriteLine "<td>" & objQuickFix.HotFixID & "</td>"
' oF.WriteLine "<td>" & objQuickFix.InstallDate & "</td>"
' oF.WriteLine "<td>" & objQuickFix.InstalledBy & "</td>"
oF.WriteLine "</tr>"
Next
oF.WriteLine "</table>"
'---------------------------------
'检测软件
' --------------------------------
'get installed software
oF.WriteLine "<h3>"&"<font color=MidnightBlue><a name=here11>"&"[ 11. 软件 ]"&"</a></font >"&"</h3>"
oF.WriteLine "<table BORDER=1 style=font-size:9pt cellspacing=1>"
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
oF.WriteLine "<tr><th bgColor=#808080>Caption:</th><th bgColor=#808080>version:</th></tr>"
Set colApps = objWMIService.ExecQuery("Select * from Win32_Product")
For Each objApp in colApps
oF.WriteLine "<tr><td>"&objApp.Caption &"</td><td>"& objApp.Version &"</td></tr>"
Next
Dim oRegistry, sBaseKey, iRC, sKey, arSubKeys, sValue
Const HKLM = &H80000002 'HKEY_LOCAL_MACHINE
Set oRegistry = GetObject("winmgmts:\\" & strComputer & _
"/root/default:StdRegProv")
sBaseKey = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"
iRC = oRegistry.EnumKey(HKLM, sBaseKey, arSubKeys)
For Each sKey In arSubKeys
iRC = oRegistry.GetStringValue(HKLM, sBaseKey & sKey, _
"DisplayName", sValue)
version= oRegistry.GetStringValue(HKLM, sBaseKey & sKey, _
"DisplayVersion", sVer)
If iRC <> 0 Then
oRegistry.GetStringValue HKLM, sBaseKey & sKey, _
"QuietDisplayName", sValue
End If
If sValue <> "" Then
of.writeline"<tr><td>" & sValue & "</td><td>" & sver & "</td></tr>"
ElseIf Err <> 0 Then
of.writeline"<tr><td>"& "Installed App Name Not Available" & "</td></tr>"
err.clear
err.Number=0
End If
Next
Const ADMINISTRATIVE_TOOLS = &H2f&
Set objShell = CreateObject("Shell.Application")
Set objFolder = objShell.Namespace(ADMINISTRATIVE_TOOLS)
Set objTools = objFolder.Items
oF.WriteLine "<tr><th bgColor=#808080>Admin tools:</th></tr>"
For i = 0 to objTools.Count - 1
oF.WriteLine "<tr><td>"& objTools.Item(i)&"</td></tr>"
Next
oF.WriteLine "</table>"
'---------------------------------
'检测帐号
' --------------------------------
oF.WriteLine "<h3><font color=MidnightBlue><a name=here12>"&"[ 12. 帐号 ]"&"</a></font ></h3>"
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_UserAccount",,48)
oF.WriteLine "<table width=100% BORDER=1 style=font-size:9pt cellspacing=1>"
oF.writeline "<tr><th bgColor=#808080>" &"Name: "& "</th>"_
&"<th bgColor=#808080>"&"Description: "& "</th>"_
&"<th bgColor=#808080>"&"Lockout: "& "</th>"_
&"<th bgColor=#808080>"&"PasswordChangeable: "& "</th>"_
&"<th bgColor=#808080>"&"PasswordExpires: "& "</t>"_
&"<th bgColor=#808080>"&"SID: " & "</th>"_
&"<th bgColor=#808080>"& "Status: "& "</th>"_
&"<th bgColor=#808080>"& "administrators: "& "</th>"
For Each objItem in colItems
strUser = objItem.Name
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
oF.writeline "<tr><td>" & objItem.Name &"</td><td>" & _
objItem.Description &"</td><td>" & _
objItem.Lockout &"</td><td>" & _
objItem.PasswordChangeable &"</td><td>" & _
objItem.PasswordExpires &"</td><td>" & _
objItem.SID &"</td><td>" & _
objItem.Status&"</td>"
For Each objUser in objGroup.Members
If objUser.Name = strUser Then
oF.writeline "<td>True</td>"
End If
Next
Next
On Error Resume Next
Set objNetwork = CreateObject("Wscript.Network")
strComputer = objNetwork.ComputerName
strPassword = ""
Set colAccounts = GetObject("WinNT://" & strComputer)
colAccounts.Filter = Array("user")
For Each objUser In colAccounts
objUser.ChangePassword strPassword, strPassword
If Err = 0 or Err = -2147023569 Then
oF.writeline "<p><font size=2>" &objUser.Name & " password is null !.</font></p>"
End If
Err.Clear
Next
oF.WriteLine "</tr>"
oF.WriteLine "</table>"
'---------------------------------
'检查计划任务
' --------------------------------
oF.WriteLine "<h3><font color=MidnightBlue><a name=here13>"&"[ 13. AT创建的计划任务 ]"&"</a></font ></h3>"
oF.writeline "<table width=100% BORDER=1 style=font-size:9pt cellspacing=1>"
'oF.writeline "<tr><th bgColor=#808080>Caption:</th><th bgColor=#808080>Command:</th><th bgColor=#808080>Days Of Month:</th><th bgColor=#808080>Days Of Week:</th><th bgColor=#808080>Description: </th><th bgColor=#808080>Elapsed Time:</th><><></th><><><>
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colScheduledJobs = objWMIService.ExecQuery _
("Select * from Win32_ScheduledJob")
For Each objJob In colScheduledJobs
oF.writeline "<tr><th bgColor=#808080>Caption:</th><td> " & objJob.Caption &"</td></tr>"
oF.writeline "<tr><th bgColor=#808080>Command:</th><td> " & objJob.Command &"</td></tr>"
oF.writeline "<tr><th bgColor=#808080>Days Of Month: </th><td>" & objJob.DaysOfMonth &"</td></tr>"
oF.writeline "<tr><th bgColor=#808080>Days Of Week: </th><td>" & objJob.DaysOfWeek &"</td></tr>"
oF.writeline "<tr><th bgColor=#808080>Description: </th><td>" & objJob.Description &"</td></tr>"
oF.writeline "<tr><th bgColor=#808080>Elapsed Time: </th><td>" & objJob.ElapsedTime &"</td></tr>"
oF.writeline "<tr><th bgColor=#808080>Install Date: </th><td>" & objJob.InstallDate &"</td></tr>"
oF.writeline "<tr><th bgColor=#808080>Interact with Desktop: </th><td>" & objJob.InteractWithDesktop &"</td></tr>"
oF.writeline "<tr><th bgColor=#808080>Job ID: </th><td>" & objJob.JobID &"</td></tr>"
oF.writeline "<tr><th bgColor=#808080>Job Status: </th><td>" & objJob.JobStatus &"</td></tr>"
oF.writeline "<tr><th bgColor=#808080>Name: </th><td>" & objJob.Name &"</td></tr>"
oF.writeline "<tr><th bgColor=#808080>Notify: </th><td>" & objJob.Notify &"</td></tr>"
oF.writeline "<tr><th bgColor=#808080>Owner: </th><td>" & objJob.Owner &"</td></tr>"
oF.writeline "<tr><th bgColor=#808080>Priority: </th><td>" & objJob.Priority &"</td></tr>"
oF.writeline "<tr><th bgColor=#808080>Run Repeatedly: </th><td>" & objJob.RunRepeatedly &"</td></tr>"
oF.writeline "<tr><th bgColor=#808080>Start Time: </th><td>" & objJob.StartTime &"</td></tr>"
oF.writeline "<tr><th bgColor=#808080>Status: </th><td>" & objJob.Status &"</td></tr>"
oF.writeline "<tr><th bgColor=#808080>Time Submitted: </th><td>" & objJob.TimeSubmitted &"</td></tr>"
oF.writeline "<tr><th bgColor=#808080>Until Time: </th><td>" & objJob.UntilTime &"</td></tr>"
Next
oF.writeline "</table>"
'----------------------------------
'获取文件信息函数
'----------------------------------
Function getfileinfo (targetfiles)
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.GetFile (targetfiles)
oF.WriteLine "<tr><td>" & objFile.Path &"</td>"
oF.WriteLine "<td>" & objFile.Size &"</td>"
oF.WriteLine "<td>" & objFile.Type &"</td>"
oF.WriteLine "<td>" & objFile.DateCreated &"</td>"
oF.WriteLine "<td>" & objFile.DateLastModified &"</td>"
oF.WriteLine "<td>" & objFile.DateLastAccessed &"</td></tr>"
End Function
oF.WriteLine "<h3><font color=MidnightBlue><a name=here14>"&"[ 14. 重要文件属性 ]"&"</a></font ></h3>"
oF.writeline "<table BORDER=1 style=font-size:9pt width=100% cellspacing=1>"
oF.WriteLine "<tr><th bgColor=#808080>Path:</th><th bgColor=#808080>Size:</th><th bgColor=#808080>Type:</th><th bgColor=#808080>Date created:</th><th bgColor=#808080>Date last modified:</th><th bgColor=#808080>Date last accessed:</th></tr>"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\cmd.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\services.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\xcopy.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\arp.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\posix.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\cacls.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\debug.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\telnet.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\ftp.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\tftp.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\tracert.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\edlin.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\rsh.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\ipconfig.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\regedt32.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\finger.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\at.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\netstat.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\wscript.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\cscript.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\ping.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\atsvc.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\rcp.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\regedit.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\nslookup.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\runonce.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\net.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\route.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\copy.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\user.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\csrss.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\rexec.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\nbtstat.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\notepad.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\edit.com"
oF.writeline "</table>"
'get autorun
oF.WriteLine "<h3><font color=MidnightBlue><a name=here15>"&"[ 15. 自启动项 ]"&"</a></font></h3>"
oF.writeline "<table BORDER=1 style=font-size:9pt width=100% cellspacing=1>"
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colStartupCommands = objWMIService.ExecQuery _
("Select * from Win32_StartupCommand")
oF.writeline "<tr><th bgColor=#808080>User:</th><th bgColor=#808080>Location:</th><th bgColor=#808080>Name:</th><th bgColor=#808080>Command:</th>"
For Each objStartupCommand in colStartupCommands
oF.writeline "<tr><td>"&objStartupCommand.User&"</td><td>"&objStartupCommand.location&"</td><td>"&objStartupCommand.name &"</td><td>"& objStartupCommand.command&"</td></tr>"
Next
oF.WriteLine "</table>"
'---------------------------------
'检查注册表自启动项目
' --------------------------------
oF.WriteLine "<h3><font color=MidnightBlue><a name=here16>"&"[ 16. 注册表 ]"&"</a></font></h3>"
Const HKEY_CLASSES_ROOT = &H80000000
Const HKEY_CURRENT_USER = &H80000001
Const HKEY_LOCAL_MACHINE = &H80000002
Const HKEY_USERS=&H80000003
Const HKEY_CURRENT_CONFIG=&H80000005
Const REG_SZ = 1
Const REG_EXPAND_SZ = 2
Const REG_BINARY = 3
Const REG_DWORD = 4
Const REG_MULTI_SZ = 7
strComputer = "."
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
On Error Resume Next
oF.writeline "<table BORDER=1 style=font-size:9pt width=100% cellspacing=1>"
oF.writeline "<tr><th bgColor=#808080>读取此项内容</th><th bgColor=#808080>内容</th></tr>"
'enum subkeys\all entryNames
oReg.GetdwordValue HKEY_LOCAL_MACHINE,"SYSTEM\CurrentControlSet\Services\lanmanserver\parameters","Autoshareserver",strValue
If IsNull(strValue) Then
Else
oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\Autoshareserver" &"</td>"
oF.WriteLine "<td>"&strValue &"</td></tr>"
End If
oReg.GetstringValue HKEY_LOCAL_MACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon","Shell",strValue
If IsNull(strValue) Then
Else
oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\shell" &"</td>"
oF.WriteLine "<td>"&strValue &"</td></tr>"
End If
oreg.GetstringValue HKEY_LOCAL_MACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon","Userinit",strValue
If IsNull(strValue) Then
Else
oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\Userinit" &"</td>"
oF.WriteLine "<td>"&strValue &"</td></tr>"
End If
oReg.GetstringValue HKEY_LOCAL_MACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Windows","run",strValue
If IsNull(strValue) Then
Else
oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\run" &"</td>"
oF.WriteLine "<td>"&strValue &"</td></tr>"
End If
oReg.GetstringValue HKEY_CURRENT_USER,"Software\Microsoft\Windows NT\CurrentVersion\Windows","run",strValue
If IsNull(strValue) Then
Else
oF.WriteLine "<tr><td>"&"HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\run" &"</td>"
oF.WriteLine "<td>"&strValue &"</td></tr>"
End If
oReg.GetstringValue HKEY_CURRENT_USER,"Software\Microsoft\Windows NT\CurrentVersion\Windows","load",strValue
If IsNull(strValue) Then
Else
oF.WriteLine "<tr><td>"&"HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load" &"</td>"
oF.WriteLine "<td>"&strValue &"</td></tr>"
End If
oreg.getdwordvalue HKEY_LOCAL_MACHINE,"SYSTEM\CurrentControlSet\Services\EventLog\Application","Maxsize",dwordvalue
If IsNull(strValue) Then
Else
oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Maxsize" &"</td>"
oF.WriteLine "<td>"&dwordValue &"</td></tr>"
End If
oreg.getdwordvalue HKEY_LOCAL_MACHINE,"SYSTEM\CurrentControlSet\Services\EventLog\security","Maxsize",dwordvalue
If IsNull(strValue) Then
Else
oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\security\Maxsize" &"</td>"
oF.WriteLine "<td>"&dwordValue &"</td></tr>"
End If
oreg.getdwordvalue HKEY_LOCAL_MACHINE,"SYSTEM\CurrentControlSet\Services\EventLog\system","Maxsize",dwordvalue
If IsNull(strValue) Then
Else
oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\system\Maxsize" &"</td>"
oF.WriteLine "<td>"&dwordValue &"</td></tr>"
End If
oreg.getdwordvalue HKEY_LOCAL_MACHINE,"SYSTEM\CurrentControlSet\Control\Lsa","restrictanonymous",dwordvalue
If IsNull(strValue) Then
Else
oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymous" &"</td>"
oF.WriteLine "<td>"&dwordValue &"</td></tr>"
End If
oreg.getdwordvalue HKEY_LOCAL_MACHINE,"System\CurrentControlSet\Services\NetBT\Parameters","SMBDeviceEnabled",dwordvalue
If IsNull(strValue) Then
Else
oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\SMBDeviceEnabled" &"</td>"
oF.WriteLine "<td>"&dwordValue &"</td></tr>"
End If
oReg.GetStringValue HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows","Appinit_Dlls",stringvalue
If IsNull(strValue) Then
Else
oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" &"</td>"
oF.WriteLine "<td>"&stringvalue &"</td></tr>"
End If
oF.writeline "<tr><th bgColor=#808080>枚举此键内容</th><th bgColor=#808080>项目名</th><th bgColor=#808080>数据类型</th></tr>"
'get entryNames values
RegEnum HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
RegEnum HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx"
RegEnum HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"
RegEnum HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices"
RegEnum HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad"
RegEnum HKEY_CURRENT_USER,"SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
RegEnum HKEY_CURRENT_USER,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"
RegEnum HKEY_CURRENT_USER,"SOFTWARE\Micrsoft\Windows\CurrentVersion\RunOnceEx"
RegEnum HKEY_CURRENT_USER,"SOFTWARE\Micrsoft\Windows\CurrentVersion\RunServices"
'the dll files Location: C:\WINDOWS\system32
RegEnum HKEY_LOCAL_MACHINE,"System\CurrentControlSet\Control\Session Manager\KnownDLLs"
Function RegEnum (Subtrees,strKeyPath)
On Error Resume Next
oReg.EnumValues Subtrees, strKeyPath,_
arrValueNames, arrValueTypes
If Not IsNull(arrvaluenames) Then
If Subtrees= &H80000002 Then
oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\"&strKeyPath &"</td></tr>"
Elseif Subtrees=&H80000001 Then
oF.WriteLine "<tr><td>"& "HKEY_CURRENT_USER\"&strKeyPath &"</td></tr>"
End If
End If
For i=0 To UBound(arrValueNames)
oF.WriteLine "<tr><td></td><td>"& arrValueNames(i) &"</td>"
Select Case arrValueTypes(i)
Case REG_SZ
oF.WriteLine "<td>"& "String" &"</td></tr>"
Case REG_EXPAND_SZ
oF.WriteLine "<td>"& "Expanded String" &"</td></tr>"
Case REG_BINARY
oF.WriteLine "<td>"& "Binary" &"</td></tr>"
Case REG_DWORD
oF.WriteLine "<td>"& "DWORD" &"</td></tr>"
Case REG_MULTI_SZ
oF.WriteLine "<td>"& "Multi String" &"</td></tr>"
End Select
Next
End Function
strKeyPath = "SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg"
oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_QUERY_VALUE, bHasAccessRight
If bHasAccessRight = True Then
a=" Query"
Else
a= " Not Query"
End If
oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_SET_VALUE, bHasAccessRight
If bHasAccessRight = True Then
b= " Set"
Else
b=" Not Set "
End If
oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_CREATE_SUB_KEY, bHasAccessRight
If bHasAccessRight = True Then
c= " Create"
Else
c=" Not Create"
End If
oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, DELETE, bHasAccessRight
If bHasAccessRight = True Then
d=" DELETE"
Else
d=" NotDelete"
End If
oF.writeline "<tr><th bgColor=#808080>检查项目</th><th bgColor=#808080>支持的权限"
oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg"&"</td><td>"&a&b&c&d&"</td></tr>"
oF.writeline "</table>"
'------------------------------------------------------------
'Set fs=CreateObject("scripting.filesystemobject")
'Set f0=fs.getspecialfolder(0)
'Set f1=fs.getspecialfolder(1)
'Set f2=fs.getspecialfolder(2)
'system32=f1
'oF.writeline "<table BORDER=1 style=font-size:9pt>"
'oF.WriteLine "<tr><th>"
'WScript.Echo f0&f1&f2
'Set objShell = CreateObject ("Shell.Application")
'Set objFolder = objShell.Namespace (system32)
'Set objFSO = CreateObject("Scripting.FileSystemObject")
'Dim arrHeaders(13)
'For i = 0 to 13
' arrHeaders(i) = objFolder.GetDetailsOf (objFolder.Items, i)
'Next
'For Each strFileName in objFolder.Items
' For i = 0 to 13
' If i <> 9 Then
' oF.writeline "<tr><th>"& arrHeaders(0)&"</th><th>"& arrHeaders(1)&"</th><th>"& arrHeaders(2)&"</th><th>"& arrHeaders(3)&"</th><th>"& arrHeaders(4)&"</th><th>"& arrHeaders(5)&"</th><th>"& arrHeaders(6)&"</th><th>"& arrHeaders(7)&"</th><th>"& arrHeaders(8)&"</th><th>"& arrHeaders(9)&"</th><th>"& arrHeaders(10)&"</th><th>"& arrHeaders(11)&"</th><th>"& arrHeaders(12)&"</th><th>"& arrHeaders(13)&"</th></tr>"
' oF.writeline "<tr><td>" &objFolder.GetDetailsOf (strFileName, 0) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 1) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 2) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 3) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 4) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 5) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 6) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 7) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName,8) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 9) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 10) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 11) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 12) &"</td><td>" &objFolder.GetDetailsOf (strFileName, 13) &"</td></tr>"
' End If
'Next
'WScript.Echo
'Next
'sys file read
'Set fs=CreateObject("scripting.filesystemobject")
'Set f0=fs.getspecialfolder(0)
'Set f1=fs.getspecialfolder(1)
'Set f2=fs.getspecialfolder(2)
'winfile=f0&"\"&"win.ini"
'sysfile="C:\WINDOWS\SYSTEM.INI"
'set file2=oFSO.OpenTextFile (sysfile,forreading,True)
'While file2.AtEndOfStream<>True
'ccc=ReadLine
'oF.WriteLine "<p><font size=2>" &ccc&"</font></p>"
'Wend
'---------------------------------
'导出系统日志为html
' --------------------------------
oF.WriteLine "<h3><font color=MidnightBlue><a name=here17>"&"[ 17. 系统日志 ]"&"</a></font></h3>"
msg="是否导出系统日志为单独的html报告?"& VbCrLf
msg=msg&"日志筛选内容包括:"& VbCrLf
msg=msg&" 1.登录失败"& VbCrLf
msg=msg&" 2.错误、警告、安全审核失败 "& VbCrLf
Set objShell = WScript.CreateObject("Wscript.Shell")
EventDoIt = MsgBox(msg,vbQuestion+vbYesNo+vbSystemModal,"运行提示")
If EventDoIt = vbNo Then
oF.writeline "<p><font size=2>程序运行没有选择导出日志</font></p>"
Run_complete
WScript.Quit
End If
oF.writeline "<p><font size=2><a href="&EventReport&">点击打开 "&EventReport&" 查看日志</a></font></p>"
Set objWMIService = GetObject("winmgmts:{(Security)}\\" & strComputer & "\root\cimv2")
Set colEvents = objWMIService.ExecQuery("Select * from Win32_NTLogEvent Where Logfile = 'Security' and EventCode = '529'")
eventlog.WriteLine "<head><title>eventLog build by bkReport.vbs</title></head>"
eventlog.writeline "<table BORDER=1 style=font-size:9pt width=100% cellspacing=1>"
eventlog.Writeline "<tr><th bgColor=#808080 COLSPAN=6>登录失败日志信息</th></tr>"
eventlog.Writeline "<tr><th bgColor=#808080>Category: </th>"
eventlog.Writeline "<th bgColor=#808080>Event Code: </th>"
eventlog.Writeline "<th bgColor=#808080>Record Number: </th>"
eventlog.Writeline "<th bgColor=#808080>Event Type: </th>"
eventlog.Writeline "<th bgColor=#808080>Time Written: </th>"
eventlog.Writeline "<th bgColor=#808080>Message: </th></tr>"
For Each objEvent in colEvents
eventlog.Writeline "<tr><td>" & objEvent.Category &"</td>"
eventlog.Writeline "<td>" & objEvent.EventCode &"</td>"
eventlog.Writeline "<td>" & objEvent.RecordNumber &"</td>"
eventlog.Writeline "<td>" & objEvent.Type &"</td>"
eventlog.Writeline "<td>" & objEvent.TimeWritten &"</td>"
eventlog.Writeline "<td>" & objEvent.Message &"</td></tr>"
Next
Set colLoggedEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where Type <> 'information' AND Type <> 'audit success'")
eventlog.Writeline "<tr><th bgColor=#808080 COLSPAN=6>错误、警告、安全审核失败日志信息</th></tr>"
eventlog.Writeline "<tr><th bgColor=#808080>Category: </th>"
eventlog.Writeline "<th bgColor=#808080>Event Code: </th>"
eventlog.Writeline "<th bgColor=#808080>Record Number: </th>"
eventlog.Writeline "<th bgColor=#808080>Event Type: </th>"
eventlog.Writeline "<th bgColor=#808080>Time Written: </th>"
eventlog.Writeline "<th bgColor=#808080>Message: </th></tr>"
For Each objEvent in colLoggedEvents
eventlog.Writeline "<tr><td>" & objEvent.Category &"</td>"
eventlog.Writeline "<td>" & objEvent.EventCode &"</td>"
eventlog.Writeline "<td>" & objEvent.RecordNumber &"</td>"
eventlog.Writeline "<td>" & objEvent.Type &"</td>"
eventlog.Writeline "<td>" & objEvent.TimeWritten &"</td>"
eventlog.Writeline "<td>" & objEvent.Message &"</td></tr>"
Next
oF.writeline "</table>"
oF.WriteLine "</html>"
Run_complete
oF.closee
Sub Run_complete
dtmEnd = Now()
oF.Writeline "<p> </p><p> </p><p> </p><p> </p><p> </p>"
oF.Writeline "<hr width=90% color=#ff8000>"
oF.Writeline "<p align=center><font size=2>脚本运行时间 "& DateDiff("s", dtmStart, dtmEnd)&" 秒 问题反馈eMail: qinbo@nsfocus.com</font></p>"
objShell.run MainReport
End Sub
'********************************************************************
'* *
'* End of File *
'* *
'********************************************************************
标签:搜集,Set,WriteLine,Windows,HKEY,expandEnvironmentStrings,vbs,writeline,wshshell 来源: https://www.cnblogs.com/autopwn/p/16501657.html