修复循环以保存基本 windows 进程及其路径,并终止其余进程
fix loop to save essential windows processes, with its path, and kill the rest processes
我想保存一些系统进程,及其路径,以确保系统不崩溃,并杀死其余进程
示例:lsass.exe、winlogon.exe、conhost.exe、rundll32.exe 等
这是我的.bat:
set proc=,
:: proc
call:proc "lsass.exe"
call:proc "winlogon.exe"
call:proc "conhost.exe"
call:proc "rundll32.exe"
for /f "skip=3 tokens=1 delims= " %%a in ('tasklist /fi "username eq %username%"') do (
echo %proc%, | findstr /c:,%%a, 1>nul
if errorlevel 1 (
taskkill /f /im %%a /t
) else (
echo not kill
)
)
:: funcion proc
@echo off
pause
goto:eof
:proc
set getproc=%1
for /f "tokens=1 delims=," %%F in ('tasklist /nh /fi "imagename eq %getproc%" /fo csv') do set proc=%proc%,%%~F>nul
goto:eof
问题是我的脚本没有保存进程的路径,那么,如果在另一个位置有一个假进程运行ning,我的脚本会保存这两个进程。这就是为什么我需要保存 Windows 系统进程,包括它的原始路径
示例真实过程:
wmic process where "name='lsass.exe'" get ExecutablePath
输出真实过程:
C:\Windows\system32\lsass.exe
示例假过程:
输出经验:
C:\Documents and Settings\User\Local settings\Application Data\lsass.exe
或出局 7
C:\Users\User\AppData\Roaming\lsass.exe
c:\Users\User\Local Setting\Temp\lsass.exe
c:\Users\User\AppData\Local\lsass.exe
注意:假进程可以运行来自任何路径(与假进程关联的 .exe 文件可以存储在 PC 上的任何位置),除了系统文件夹 (% windir%/system32 %windir%/sysWOW64 %windir%,等等)
不幸的是,到目前为止,我的脚本没有关闭假进程,只有我可以使用 Process Explorer
手动关闭
request:我需要的是保存真正的进程,其原始路径 (lsass.exe, winlogon.exe, 等等), 并杀死其余的。谢谢
直接使用 WMIC 试试。
@echo off
call :proc "lsass.exe"
call :proc "winlogon.exe"
call :proc "conhost.exe"
call :proc "rundll32.exe"
call :proc "services.exe
exit/b
:proc
WMIC PROCESS WHERE "Name='%~1' AND ExecutablePath Like '%%\AppData\%%'" CALL Terminate
[编辑/]
因为不可能确定每个可能适合或不适合您目的的进程,所以在 cmd 提示符 window 中键入以下内容应该关闭每个不在包含 [=16= 的确切路径内的进程]\Windows\ 或 \Program Files。使用它需要您自担风险。
WMIC PROCESS WHERE "NOT ExecutablePath LIKE '%\Windows\%' AND NOT ExecutablePath LIKE '%\Program Files%'" CALL TERMINATE
勾选this solution, by @JosefZ
@ECHO OFF
SETLOCAL EnableExtensions DisableDelayedExpansion
REM note double quotes REM added for debugging ↓↓↓↓↓↓↓↓↓↓↓↓
set "_var="%userprofile%","%Appdata%","%HOMEPATH%","%homedrive%\ProgramData","D:\Remote""
REM added for debugging ↑↑↑↑↑↑↑↑↑↑↑↑
REM wmic requires double backslashes in specified path
set "_var=%_var:\=\%"
for %%G in (%_var%) do (
rem echo processing %%G
REM used `GET Caption` for debugging
rem WMIC PROCESS WHERE "Name = '%~1' and ExecutablePath Like '%%%%~G%%'" GET Caption
REM operational
WMIC PROCESS WHERE "Name = '%~1' and ExecutablePath Like '%%%%~G%%'" Call terminate
)
我想保存一些系统进程,及其路径,以确保系统不崩溃,并杀死其余进程
示例:lsass.exe、winlogon.exe、conhost.exe、rundll32.exe 等
这是我的.bat:
set proc=,
:: proc
call:proc "lsass.exe"
call:proc "winlogon.exe"
call:proc "conhost.exe"
call:proc "rundll32.exe"
for /f "skip=3 tokens=1 delims= " %%a in ('tasklist /fi "username eq %username%"') do (
echo %proc%, | findstr /c:,%%a, 1>nul
if errorlevel 1 (
taskkill /f /im %%a /t
) else (
echo not kill
)
)
:: funcion proc
@echo off
pause
goto:eof
:proc
set getproc=%1
for /f "tokens=1 delims=," %%F in ('tasklist /nh /fi "imagename eq %getproc%" /fo csv') do set proc=%proc%,%%~F>nul
goto:eof
问题是我的脚本没有保存进程的路径,那么,如果在另一个位置有一个假进程运行ning,我的脚本会保存这两个进程。这就是为什么我需要保存 Windows 系统进程,包括它的原始路径
示例真实过程:
wmic process where "name='lsass.exe'" get ExecutablePath
输出真实过程:
C:\Windows\system32\lsass.exe
示例假过程:
输出经验:
C:\Documents and Settings\User\Local settings\Application Data\lsass.exe
或出局 7
C:\Users\User\AppData\Roaming\lsass.exe
c:\Users\User\Local Setting\Temp\lsass.exe
c:\Users\User\AppData\Local\lsass.exe
注意:假进程可以运行来自任何路径(与假进程关联的 .exe 文件可以存储在 PC 上的任何位置),除了系统文件夹 (% windir%/system32 %windir%/sysWOW64 %windir%,等等)
不幸的是,到目前为止,我的脚本没有关闭假进程,只有我可以使用 Process Explorer
手动关闭request:我需要的是保存真正的进程,其原始路径 (lsass.exe, winlogon.exe, 等等), 并杀死其余的。谢谢
直接使用 WMIC 试试。
@echo off
call :proc "lsass.exe"
call :proc "winlogon.exe"
call :proc "conhost.exe"
call :proc "rundll32.exe"
call :proc "services.exe
exit/b
:proc
WMIC PROCESS WHERE "Name='%~1' AND ExecutablePath Like '%%\AppData\%%'" CALL Terminate
[编辑/] 因为不可能确定每个可能适合或不适合您目的的进程,所以在 cmd 提示符 window 中键入以下内容应该关闭每个不在包含 [=16= 的确切路径内的进程]\Windows\ 或 \Program Files。使用它需要您自担风险。
WMIC PROCESS WHERE "NOT ExecutablePath LIKE '%\Windows\%' AND NOT ExecutablePath LIKE '%\Program Files%'" CALL TERMINATE
勾选this solution, by @JosefZ
@ECHO OFF
SETLOCAL EnableExtensions DisableDelayedExpansion
REM note double quotes REM added for debugging ↓↓↓↓↓↓↓↓↓↓↓↓
set "_var="%userprofile%","%Appdata%","%HOMEPATH%","%homedrive%\ProgramData","D:\Remote""
REM added for debugging ↑↑↑↑↑↑↑↑↑↑↑↑
REM wmic requires double backslashes in specified path
set "_var=%_var:\=\%"
for %%G in (%_var%) do (
rem echo processing %%G
REM used `GET Caption` for debugging
rem WMIC PROCESS WHERE "Name = '%~1' and ExecutablePath Like '%%%%~G%%'" GET Caption
REM operational
WMIC PROCESS WHERE "Name = '%~1' and ExecutablePath Like '%%%%~G%%'" Call terminate
)