|
 | 作者: DarK-Z [bridex]
 论坛用户 |
登录 |
| 2009-06-17 10:22来源:http://hi.baidu.com/%E5%D0%D2%A3%CE%CA/blog/item/0ba870d9c34883e139012fa1.html 程序保存为VBE后缀,靠cscript.exe脚本解释执行,可以监视C:\WINDOWS\system32文件夹下的文件创建与删除,但无法检测创建文件夹...想玩的朋友自己耍耍吧,要关闭监视请自己结束Wscript.exe进程。 strComputer = "." Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Set colMonitoredEvents = objWMIService.ExecNotificationQuery _ ("SELECT * FROM __InstanceOperationEvent WITHIN 3 WHERE " _ & "Targetinstance ISA 'CIM_DirectoryContainsFile' and " _ & "TargetInstance.GroupComponent= " _ & "'Win32_Directory.Name=""C:\\\\WINDOWS\\\\system32""'") Do While True Set objEventObject = colMonitoredEvents.NextEvent() Select Case objEventObject.Path_.Class Case "__InstanceCreationEvent" Wscript.Echo "一个文件被创建: " & objEventObject.TargetInstance.PartComponent Case "__InstanceDeletionEvent" Wscript.Echo "一个文件被删除: " & objEventObject.TargetInstance.PartComponent End Select Loop 代码完了,为什么我用会出错呢?我现在用软件版的文件查看软件呢!那个功能不够用。 |
| 地主 发表时间: 09-08-10 21:39 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 编程破解
标题: 一个VBE文件查看软件的代码,我一用总出错为什么?!