如何隐藏 WMIC 查询的一些输出
How to hide some output of WMIC query
我有一个可以终止某些进程的批处理。启动后,我想隐藏Ignoring: <ProcessName>,只显示Terminating: <ProcessName>,怎么办?
@echo off
cls
title prockiller
setlocal
:Whitelist
set "whitelist=Microsoft Avast Panda ESET Kaspersky Avira AVG Bitdefender Malwarebytes Norton McAfee GAS IBM"
:Analyze
for /f "tokens=2 delims=," %%I in (
'wmic process get executablepath^,status /format:csv ^| find "\"'
) do (
set "proc=%%~I"
setlocal enabledelayedexpansion
wmic datafile where "name='!proc:\=\!'" get manufacturer 2>nul | findstr /i "%whitelist%" >nul && (
echo Ignoring: %%~nI
) || (
echo Terminating: %%~nI && taskkill /im "%%~nxI" /f /t >nul 2>&1
)
endlocal
)
提前致谢。
如果需要,您可以将 igonring 进程列表的输出重定向到一个文件中进行日志记录:
@echo off
Title Process killer with a white list
cls
setlocal
set "Ignoring_Process_List=%~dpn0_Ignoring_Process_List.txt"
set "Terimnated_Process_List=%~dpn0_Terimnated_List.txt"
If exist "%Ignoring_Process_List%" Del "%Ignoring_Process_List%"
If exist "%Terimnated_Process_List%" Del "%Terimnated_Process_List%"
:Whitelist
set "whitelist=Microsoft Avast Panda ESET Kaspersky Avira AVG Bitdefender Malwarebytes Norton McAfee GAS IBM"
:Analyze
for /f "tokens=2 delims=," %%I in (
'wmic process get executablepath^,status /format:csv ^| find "\"'
) do (
set "proc=%%~I"
setlocal enabledelayedexpansion
wmic datafile where "name='!proc:\=\!'" get manufacturer 2>nul | findstr /i "%whitelist%" >nul && (
( echo Ignoring: %%~nxI )>>!Ignoring_Process_List! 2>&1
) || (
( echo Terminating: %%~nxI )>con
( echo Terminating: %%~nxI && Taskkill /im "%%~nxI" /f /t )>>!Terimnated_Process_List! 2>&1
)
endlocal
)
Timeout /T 5 /nobreak>nul
这是一个未经测试的快速版本:
@Echo Off
Title Process killer with a whitelist
Set "IPL=Avast AVG Avira BitDefender ESET GAS IBM Kaspersky Malwarebytes"
Set "IPL=%IPL% McAfee Microsoft Norton Panda"
For /F "Skip=1 Delims=" %%A In (
'WMIC Process Where "Not ExecutablePath Is Null" Get ExecutablePath'
) Do For /F "Delims=" %%B In ("%%~A") Do Call :Sub %%~B
Timeout -1
Exit/B
:Sub
Set "proc=%*"
For %%A In ("%proc:\=\%") Do (
WMIC DataFile Where "Name='%%~A' And Not Manufacturer Is Null"^
Get Manufacturer|FindStr/IVX "Manufacturer"|FindStr/I "%IPL%">Nul||(
Echo Terminating "%proc%"
Echo=TaskKill /F /IM "%%~nxA" /T))
从最后一行中删除 Echo=,如果控制台输出正常, 和可选的 Timeout -1 行 。
我有一个可以终止某些进程的批处理。启动后,我想隐藏Ignoring: <ProcessName>,只显示Terminating: <ProcessName>,怎么办?
@echo off
cls
title prockiller
setlocal
:Whitelist
set "whitelist=Microsoft Avast Panda ESET Kaspersky Avira AVG Bitdefender Malwarebytes Norton McAfee GAS IBM"
:Analyze
for /f "tokens=2 delims=," %%I in (
'wmic process get executablepath^,status /format:csv ^| find "\"'
) do (
set "proc=%%~I"
setlocal enabledelayedexpansion
wmic datafile where "name='!proc:\=\!'" get manufacturer 2>nul | findstr /i "%whitelist%" >nul && (
echo Ignoring: %%~nI
) || (
echo Terminating: %%~nI && taskkill /im "%%~nxI" /f /t >nul 2>&1
)
endlocal
)
提前致谢。
如果需要,您可以将 igonring 进程列表的输出重定向到一个文件中进行日志记录:
@echo off
Title Process killer with a white list
cls
setlocal
set "Ignoring_Process_List=%~dpn0_Ignoring_Process_List.txt"
set "Terimnated_Process_List=%~dpn0_Terimnated_List.txt"
If exist "%Ignoring_Process_List%" Del "%Ignoring_Process_List%"
If exist "%Terimnated_Process_List%" Del "%Terimnated_Process_List%"
:Whitelist
set "whitelist=Microsoft Avast Panda ESET Kaspersky Avira AVG Bitdefender Malwarebytes Norton McAfee GAS IBM"
:Analyze
for /f "tokens=2 delims=," %%I in (
'wmic process get executablepath^,status /format:csv ^| find "\"'
) do (
set "proc=%%~I"
setlocal enabledelayedexpansion
wmic datafile where "name='!proc:\=\!'" get manufacturer 2>nul | findstr /i "%whitelist%" >nul && (
( echo Ignoring: %%~nxI )>>!Ignoring_Process_List! 2>&1
) || (
( echo Terminating: %%~nxI )>con
( echo Terminating: %%~nxI && Taskkill /im "%%~nxI" /f /t )>>!Terimnated_Process_List! 2>&1
)
endlocal
)
Timeout /T 5 /nobreak>nul
这是一个未经测试的快速版本:
@Echo Off
Title Process killer with a whitelist
Set "IPL=Avast AVG Avira BitDefender ESET GAS IBM Kaspersky Malwarebytes"
Set "IPL=%IPL% McAfee Microsoft Norton Panda"
For /F "Skip=1 Delims=" %%A In (
'WMIC Process Where "Not ExecutablePath Is Null" Get ExecutablePath'
) Do For /F "Delims=" %%B In ("%%~A") Do Call :Sub %%~B
Timeout -1
Exit/B
:Sub
Set "proc=%*"
For %%A In ("%proc:\=\%") Do (
WMIC DataFile Where "Name='%%~A' And Not Manufacturer Is Null"^
Get Manufacturer|FindStr/IVX "Manufacturer"|FindStr/I "%IPL%">Nul||(
Echo Terminating "%proc%"
Echo=TaskKill /F /IM "%%~nxA" /T))
从最后一行中删除 Echo=,如果控制台输出正常, 和可选的 Timeout -1 行 。