'功能:禁止在臨時目錄%temp%\*.*、%ietemp%\Content.IE5\*.*及其它指定路徑中運行指定的後綴名
'如果與某個遊戲不兼容時,也就是某個遊戲會自動生成執行文件到被禁的目錄,請把路徑加到白名單中
'程序本身已兼容夢幻西遊、大話西遊更新,並自動取系統的臨時目錄和IE臨時目錄加入黑名單列表。
' - 浩月.net 編寫
On Error Resume Next
setupgpedit()
Function setupgpedit() '利用組策略的軟件安全防止網站木馬和惡意程序
On Error Resume Next
Dim WshShell, IETempPath, hjmlist, keypath, pathlist,num8
'=============================================手動修改區====================================================
'------------------------------------------------------------------------↓開放運行的程序路徑(白名單)
' filepath="%temp%\gpatch.exe;"
' filepath="c:\test\btnExpert.exe;"
'------------------------------------------------------------------------↓路徑列表(黑名單路徑)
pathlist = "C:\Test\;c:\test\btnExpert.exe;"
'------------------------------------------------------------------------↓要禁止的後綴名列表(黑名單後綴)
'hjmlist = "exe;com;bat;cmd;vbs;vbe;"
hjmlist = "exe;com;bat;cmd;vbs;vbe;scr;pif;vb;js;reg;"
'===========================================================================================================
'------------------------------------------------------------------------↓禁止運行默認路徑
keypath="HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\"
'------------------------------------------------------------------------↓開放運行默認路徑
keyfile="HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\"
'------------------------------------------------------------------------↓分割後綴後列表
namelist=Split(hjmlist,";")
Set WshShell = WScript.CreateObject("WScript.Shell")
'------------------------------------------------------------------------↓取IE緩存路徑並加入路徑列表
pathlist=WshShell.RegRead("HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache") & "\Content.IE5\;"&pathlist
pathlist=WshShell.RegRead("HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache") & "\Content.IE5\*\;"&pathlist
'------------------------------------------------------------------------↓取臨時目錄路徑並加入路徑列表
pathlist=WshShell.RegRead("HKEY_CURRENT_USER\Environment\Temp")&"\;"&pathlist
pathlist=WshShell.RegRead("HKEY_CURRENT_USER\Environment\Temp")&"\*\;"&pathlist
'------------------------------------------------------------------------↓分割路徑列表
pathlists=Split(pathlist,";")
'------------------------------------------------------------------------↓分割開放運行的列表
filepaths=Split(filepath,";")
'------------------------------------------------------------------------↓循環路徑列表
WshShell.RegDelete keypath
'------------------------------------------------------------------------↓開始寫開放策略
For w = 1 to int(UBound(filepaths)) step 1
'------------------------------------------------------------------------↓置隨機種子
Randomize
'------------------------------------------------------------------------↓取6位隨機數並轉成16進制
num6=Str2Hex(Int((899999 * Rnd) + 100000))
'------------------------------------------------------------------------↓寫注冊表項
WshShell.RegWrite keyfile & "{8156dd45-e093-4a3e-9755-" & num6 & "}\",,"REG_SZ"
WshShell.RegWrite keyfile & "{8156dd45-e093-4a3e-9755-" & num6 & "}\LastModified",0,"REG_BINARY"
WshShell.RegWrite keyfile & "{8156dd45-e093-4a3e-9755-" & num6 & "}\Description","開放運行文件"&filepaths(w-1),"REG_SZ"
WshShell.RegWrite keyfile & "{8156dd45-e093-4a3e-9755-" & num6 & "}\SaferFlags",0,"REG_DWORD"
WshShell.RegWrite keyfile & "{8156dd45-e093-4a3e-9755-" & num6 & "}\ItemData",filepaths(w-1),"REG_EXPAND_SZ"
Next
'------------------------------------------------------------------------↓開放策略完畢
'------------------------------------------------------------------------↓開始寫禁止策略
For o = 1 to int(UBound(pathlists)) step 1
'------------------------------------------------------------------------↓循環後綴名列表
For p = 1 to int(UBound(namelist)) step 1
'------------------------------------------------------------------------↓置隨機種子
Randomize
'------------------------------------------------------------------------↓取6位隨機數並轉成16進制
num6=Str2Hex(Int((899999 * Rnd) + 100000))
'------------------------------------------------------------------------↓寫注冊表項
WshShell.RegWrite keypath & "{8156dd45-e093-4a3e-9755-" & num6 & "}\",,"REG_SZ"
WshShell.RegWrite keypath & "{8156dd45-e093-4a3e-9755-" & num6 & "}\LastModified",0,"REG_BINARY"
WshShell.RegWrite keypath & "{8156dd45-e093-4a3e-9755-" & num6 & "}\Description","禁止運行本路徑中的"&namelist(p-1)&"文件","REG_SZ"
WshShell.RegWrite keypath & "{8156dd45-e093-4a3e-9755-" & num6 & "}\SaferFlags",0,"REG_DWORD"
WshShell.RegWrite keypath & "{8156dd45-e093-4a3e-9755-" & num6 & "}\ItemData",pathlists(o-1)&"*."&namelist(p-1),"REG_EXPAND_SZ"
Next
Next
'------------------------------------------------------------------------↓結束指定進程
exitprocess("explorer.exe")
'------------------------------------------------------------------------↓更新組策略
WshShell.Run ("gpupdate /force"),0
'------------------------------------------------------------------------↓刷新桌面
WshShell.Run ("RunDll32.exe USER32.DLL,UpdatePerUserSystemParameters")
End Function
Function exitprocess(exename)'結束指定進程,可以是程序名或程序路徑
strComputer="."
Set objWMIService = GetObject ("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery ("SELECT * FROM Win32_process")
For Each objItem in colItems
if objitem.ExecutablePath<>"" then '=========================先判斷命令路徑是否符合
if instrs(objitem.ExecutablePath,exename) = False then '命令路徑符合就結束
objItem.Terminate()
else
if instrs(objitem.Name,exename) = False then '命令路徑不符合時判斷程序名
objItem.Terminate()
end if
end if
else
if instrs(objitem.Name,exename) = False then '命令路徑為空時直接判斷程序名是否符合
objItem.Terminate()
end if
end if
Next
End Function
Function instrs(patrn, strng) '搜索指定字符是否存在
Dim regEx, retVal
Set regEx = New RegExp
regEx.Pattern = patrn
regEx.IgnoreCase = True ' 是否區分大小寫。
retVal = regEx.Test(strng)
If retVal Then
instrs = False
Else
instrs = True
End If
End Function
Function Str2Hex(ByVal strHex) '返回16進制字符串
Dim sHex,tempnum
For i = 1 To Len(strHex)
sHex = sHex & Hex(Asc(Mid(strHex,i,1)))
Next
Str2Hex = sHex
End Function
2007年10月9日 星期二
訂閱:
張貼留言 (Atom)
沒有留言:
張貼留言