Shulou(Shulou.com)06/03 Report--

This article will explain in detail how to use VBS to end the process and prevent the process from starting. The editor thinks it is very practical, so I share it with you as a reference. I hope you can get something after reading this article.

Kill.vbs:

The code is as follows:

For each ps in getobject _

("winmgmts:\\. Root\ cimv2:win32_process"). Instances_ 'involves WMI script intrusion technology, which I can't explain clearly!

If ps.handle=wscript.arguments (0) then 'determines whether the PID number of the process is equal to the obtained PID number parameter

Wscript.echo ps.terminate'if equal, end the process corresponding to the specified PID number

End if

Next

Dis.vbs

The code is as follows:

Dim ydagame x'I don't need this line of work.

Do, let's have an endless cycle. I've been judging! Do... The inside of the loop is a circular body!

Set y=getobject ("winmgmts:\\.\ root\ cimv2")'as explained above, this also involves Microsoft's WMI technology!

Set x=y.execquery ("select * from win32_process where name='avp.exe'")

'query statement to determine whether avp.exe (Kabbah) exists in the process after where!

In this way, when Kabbah is finished by the above Kill.vbs, it will never start again. Unless, the end of Dis.vbs first.

For each i in x

I.terminate () 'Kabbah will be terminated as soon as it is started.

Next

Wscript.sleep

Loop

The explanation is clear enough, let's take a look at how these two vbs work. I put Kill.vbs and Dis.vbs in the root directory of C disk.

Open cmd, enter cd\ to return to the root directory of disk C, enter tasklist to view the process of the current system, then write down the PID number of the process you want to kill, and type cscript Kill.vbs 2200 to end the process with a PID of 2200! If the process is avp.exe, you can type Dis.vbs to start Dis.vbs to prevent Kabbah from continuing to start. When Dis.vbs starts, there is only a wscript.exe process item in the process of the task manager, and it is impossible to start Kabbah again without ending this process.

Knowing this, it is a little more convenient to upload viruses, Trojans and so on after invading other people's computers in the future. All the above processes have been successfully tested by me, and continue to improve.

The code is as follows:

Ws2_32.dll

Establishing this in the program directory can also organize the program to run.

Greysign-2007-03-20 19:01 stop.

Ycosxhack-2007-03-20 19:15

I was dizzy, and sure enough! Set up a notepad and rename it to ws2_32.dll, just. All right, write it down! Hehe.

Greysign-2007-03-20 21:21

The running program will look for this interface file in the WINDOWS directory. But it will search the program directory first.

Ycosxhack-2007-03-20 21:43

Interface file? What do you mean: any program must look for it? How about calling this library file? It would be really troublesome to delete it.

Greysign-2007-03-20 22:37 mm-hmm.

On "how to use VBS script to end the process and prevent the process from starting" this article is shared here, I hope the above content can be of some help to you, so that you can learn more knowledge, if you think the article is good, please share it out for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.