（转载）Windows信息搜集vbs脚本

2022-07-21 14:02:09 阅读：194 来源： 互联网
标签：搜集 Set WriteLine Windows HKEY expandEnvironmentStrings vbs writeline wshshell
参考：
https://blkstone.github.io/2016/11/25/system-summary-with-vbs/
https://blog.csdn.net/cl939974883/article/details/104168442
PS：下面代码是在Windows环境下执行，复制完成后，使用编辑器软件或者记事本打开，然后右键另存为保存将编码改为ANSI
详细代码内容
'################################################
' NAME: bkReport
'
' AUTHOR: bobkey , nsfocus.com
' Mail  : qinbo@nsfocus.com
' DATE  : v1.0  11/24/2004
'         v2.0	12/25/2005
'         v2.1  03/20/2006
'	  v2.2  01/10/2007
' COMMENT: 检测并输出html. wsh5.1以上环境运行
'
'#################################################
'********************************************************************
'*                                                                  *
'*                           Begin of File                          *
'*                                                                  *
'*******************************************************************
On Error Resume Next
Const forwriting=2
Const forreading=1
Dim oFSO,oF,eventlog
Text = "此脚本运行不会对您的系统造成任何损害或恶意行为" &VbCrLf&vbCrlf& "通过连接WMI提供的公共接口枚举系统相关信息"&VbCrLf&VbCrLf& "按确定键运行30秒左右会生成html格式报告"
Title_Text = "bkReport  Version 2.2"
MsgBox Text,vbExclamation+vbSystemModal,Title_Text
dtmStart = Now()
strComputer = "."
Set oShell = WScript.CreateObject("WScript.Shell")
hostname=oShell.ExpandEnvironmentStrings("%computername%")
MainReport=hostname&"_Report.html"
EventReport=hostname&"_EventLog.html"
datec=Now()
Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oF = oFSO.CreateTextFile(MainReport)
Set eventlog=oFSO.CreateTextFile(EventReport)
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colComputers = objWMIService.ExecQuery _
    ("Select * from Win32_ComputerSystem")
For Each objComputer in colComputers
   Select  Case objComputer.DomainRole
    Case "0" machine= "独立工作站"
    Case "1" machine= "成员工作站"
    Case "2" machine= "独立服务器"
    Case "3" machine= "成员服务器"
    Case "4" machine= "备份服务器"
    Case "5" machine= "主域控制器"
   End Select
Next
oF.WriteLine "<html>"
oF.WriteLine "<head><title>MainReport Build by bkReport.vbs</title></head>"
oF.Writeline "<p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p>"
oF.WriteLine "<h2><font color=MidnightBlue><center>"&hostname&"@"&machine&"   快照信息 </center></font></h2>"
oF.WriteLine "<p align=right><font size=2>date: " & Now()&"</font></p>"
oF.Writeline "<hr width=80% color=#ff8000>"
oF.Writeline "<p>&nbsp;</p>"
oF.WriteLine "<OL><LI><a href=#here1>系统摘要</a>"
oF.WriteLine "<LI><a href=#here2>BIOS信息</a>"
oF.WriteLine "<LI><a href=#here3>环境变量</a>"
oF.WriteLine "<LI><a href=#here4>系统文件内容</a>"
oF.WriteLine "<LI><a href=#here5>网络状态</a>"
oF.WriteLine "<LI><a href=#here6>磁盘和共享</a>"
oF.WriteLine "<LI><a href=#here7>进程</a>"
oF.WriteLine "<LI><a href=#here8>进程ID对应的启动服务</a>"
oF.WriteLine "<LI><a href=#here9>服务</a>"
oF.WriteLine "<LI><a href=#here10>补丁</a>"
oF.WriteLine "<LI><a href=#here11>软件</a>"
oF.WriteLine "<LI><a href=#here12>帐号</a>"
oF.WriteLine "<LI><a href=#here13>AT创建的计划任务</a>"
oF.WriteLine "<LI><a href=#here14>重要文件属性</a>"
oF.WriteLine "<LI><a href=#here15>自启动项</a>"
oF.WriteLine "<LI><a href=#here16>注册表</a>"
oF.WriteLine "<LI><a href=#here17>系统日志</a></LI></OL>"
oF.Writeline "<p>&nbsp;</p><p>&nbsp;</p>"
'---------------------------------
'系统摘要
' --------------------------------
Set objWMIService = GetObject("winmgmts:\\" & strComputer)
Set colOperatingSystems = objWMIService.InstancesOf("Win32_OperatingSystem")
oF.WriteLine "<h3><font color=MidnightBlue><a name=here1>"&"[  1. 系统摘要  ]"&"</a></font></h3>"
oF.WriteLine "<table BORDER=1 style=font-size:9pt cellspacing=1 align=CENTER>"
For Each objOperatingSystem In colOperatingSystems
ostype=objOperatingSystem.Name
LastbootUpTime=objOperatingSystem.LastBootUpTime
'     oF.WriteLine "<tr><td><b>" &"Name:            "&"</b></td><td>"& objOperatingSystem.Name &"</td></tr>"
 '    oF.WriteLine  "<tr><td><b>" & "Caption:         " &"</b></td><td>" &objOperatingSystem.Caption &"</td></tr>"    
  '   oF.WriteLine  "<tr><td><b>" & "LastBootUpTime:  "&"</b></td><td>"&objOperatingSystem.LastBootUpTime &"</td></tr>"
   '  oF.WriteLine  "<tr><td><b>" & "LocalDateTime:   " &"</b></td><td>"&objOperatingSystem.LocalDateTime &"</td></tr>"
    ' oF.WriteLine  "<tr><td><b>"& "Version:         " &"</b></td><td>"&objOperatingSystem.Version    &"</td></tr>"
     'oF.WriteLine  "<tr><td><b>"& "Windows Directory: "&"</b></td><td>"&objOperatingSystem.WindowsDirectory&"</td></tr>"
Next
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_MemoryArray")
For Each objItem in colItems
memsize =CLng(objItem.EndingAddress /1024)
'    oF.WriteLine "memory size: " & objItem.EndingAddress  /1024 &" MB"
Next
Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set col = objWMI.ExecQuery("Select * from Win32_Processor")
For Each obj in col
    cpuinfo=obj.Name
     Next
oF.WriteLine "<table BORDER=1 style=font-size:9pt> <tr><th CLASS=pt bgColor=#808080>OS</th><th bgColor=#808080>HostName</th><th bgColor=#808080>Memory</th><th bgColor=#808080>CPU</th><th bgColor=#808080>LastBootUpTime</th></tr> "
oF.WriteLine "<tr><td>"&ostype&"</td><td>"&hostname&"</td><td>"&memsize&"MB</td><td>"&cpuinfo&"</td><td>"& LastBootUpTime &"</td></tr>"
 strComputer = "."
Set objWMIService = GetObject("winmgmts:\\"& strComputer & "\root\cimv2")
Set colAdapters = objWMIService.ExecQuery _
  ("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = True")
 oF.WriteLine "<tr><th bgColor=#808080>Adapter</th><th bgColor=#808080>MACaddr</th><th bgColor=#808080>IPaddr</th><th bgColor=#808080>Subnet</th><th bgColor=#808080>gateway</th></tr> "
For Each objAdapter in colAdapters
  Adapter= objAdapter.Description
  MACaddr= objAdapter.MACAddress
   If Not IsNull(objAdapter.IPAddress) Then
      For i = 0 To UBound(objAdapter.IPAddress)
        IPaddr=objAdapter.IPAddress(i)
      Next
   End If
   If Not IsNull(objAdapter.IPSubnet) Then
      For i = 0 To UBound(objAdapter.IPSubnet)
        Subnet=objAdapter.IPSubnet(i)
      Next
   End If
   If Not IsNull(objAdapter.DefaultIPGateway) Then
      For i = 0 To UBound(objAdapter.DefaultIPGateway)
         gateway = objAdapter.DefaultIPGateway(i)
      Next
   End If
oF.WriteLine "<tr><td>"&Adapter&"</td><td>"&MACaddr&"</td><td>"&IPaddr&"</td><td>"&Subnet&"</td><td>"&gateway&"</td></tr>"
 Next
 oF.WriteLine "</table>"  
 '--------------------------------------------------------------------
 'BIOS信息
 '--------------------------------------------------------------------
 oF.WriteLine "<h3><font color=MidnightBlue><a name=here2>"&"[  2. BIOS信息  ]"&"</a></font ></h3>"
 Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colBIOS = objWMIService.ExecQuery _
    ("Select * from Win32_BIOS")
     oF.WriteLine "<TABLE BORDER=1 WIDTH=800 style=font-size:9pt cellspacing=1><TR><TD>"
For Each objBIOS in colBIOS
    oF.WriteLine  "<p><font size=2>"&"Build Number: " &objBIOS.BuildNumber&"</font></p>"
   oF.WriteLine  "<p><font size=2>"&"Current Language: " &objBIOS.CurrentLanguage&"</font></p>"
    oF.WriteLine  "<p><font size=2>"&"Installable Languages: " &objBIOS.InstallableLanguages&"</font></p>"
   oF.WriteLine  "<p><font size=2>"& "Manufacturer: " &objBIOS.Manufacturer&"</font></p>"
   oF.WriteLine  "<p><font size=2>"& "Name: "&objBIOS.Name&"</font></p>"
   oF.WriteLine  "<p><font size=2>"& "Primary BIOS: "& objBIOS.PrimaryBIOS&"</font></p>"
    oF.WriteLine  "<p><font size=2>"& "Release Date: " &objBIOS.ReleaseDate&"</font></p>"
    oF.WriteLine  "<p><font size=2>"& "Serial Number: " & objBIOS.SerialNumber&"</font></p>"
    oF.WriteLine  "<p><font size=2>"& "SMBIOS Version: " &objBIOS.SMBIOSBIOSVersion&"</font></p>"
   oF.WriteLine  "<p><font size=2>"&"SMBIOS Minor Version: " &objBIOS.SMBIOSMinorVersion&"</font></p>"
   oF.WriteLine  "<p><font size=2>"& "SMBIOS Present: " &objBIOS.SMBIOSPresent&"</font></p>"
    oF.WriteLine  "<p><font size=2>"& "Status: " &objBIOS.Status&"</font></p>"
    oF.WriteLine  "<p><font size=2>"& "Version: " &objBIOS.Version&"</font></p>"
    oF.WriteLine  "<p><font size=2>"& "BIOS Characteristics: "&"</font></p>"
Next
 oF.WriteLine  "</TD></TR></TABLE>"
 '-----------------------------------------------------------------
 '环境变量
 '-----------------------------------------------------------------
 oF.WriteLine "<h3><font color=MidnightBlue><a name=here3>"&"[  3. 环境变量  ]"&"</a></font </h3>"
 Set wshshell = CreateObject("WScript.Shell")
oF.WriteLine "<TABLE BORDER=1 WIDTH=800 style=font-size:9pt cellspacing=1><TR><TD>"
oF.writeline "<b><font size=3>SYSTEM variables</font></b>"
For Each EnvirSYSTEM In wshshell.Environment("SYSTEM")
 oF.writeline "<p><font size=2>" &EnvirSYSTEM &"</font></p>"
Next
  oF.writeline "<b><font size=3>PROCESS variables</font></b>"
For Each EnvirPROCESS In wshshell.Environment("PROCESS")
 oF.writeline "<p><font size=2>"&EnvirPROCESS &"</font></p>"
Next
  oF.writeline "<b><font size=3>USER variables</font></b>"
For Each EnvirUSER In wshshell.Environment("USER")
 oF.writeline "<p><font size=2>"&EnvirUSER &"</font></p>"
Next
 oF.writeline "<b><font size=3>VOLATILE variables</font></b>"
For Each EnvirVOLATILE In wshshell.Environment("VOLATILE")
 oF.writeline "<p><font size=2>"&EnvirVOLATILE &"</font></p>"
Next
set wshshell=Nothing
 oF.WriteLine  "</TD></TR></TABLE>"
 '----------------------------------
 '系统文件
 '----------------------------------
 oF.WriteLine "<h3><font color=MidnightBlue><a name=here4>"&"[  4. 系统文件内容  ]"&"</a></font></h3>"
 Set wshshell=wscript.CreateObject("WScript.shell")
autoexecBAT=wshshell.expandEnvironmentStrings("%systemdrive%")&"\autoexec.bat"
configSYS=wshshell.expandEnvironmentStrings("%systemdrive%")&"\config.sys"
bootINI=wshshell.expandEnvironmentStrings("%systemdrive%")&"\boot.ini"
winINI=wshshell.expandEnvironmentStrings("%systemroot%")&"\win.ini"
systemINI=wshshell.expandEnvironmentStrings("%systemroot%")&"\system.ini"
autoexecNT=wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\autoexec.nt"
configNT=wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\config.nt"
HOSTS=wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\drivers\etc\hosts"
Function readtxt (txtfile)
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(txtfile, 1)
 oF.WriteLine "<TABLE BORDER=1 WIDTH=800 cellspacing=1><TR><TD><b><font size=3>" &txtfile &"</font></b>"
Do Until objFile.AtEndOfStream
    strCharacters = objFile.Readline
     oF.WriteLine "<p><font size=2>" &strCharacters &"</font></p>"
Loop
oF.WriteLine  "</TD></TR></TABLE>"
End Function
readtxt (autoexecBAT)
readtxt (configSYS)
readtxt (bootINI)
readtxt (winINI)
readtxt (systemINI)
readtxt (autoexecNT)
readtxt (configNT)
readtxt (HOSTS)
 '---------------------------------
'网络状态
' --------------------------------
oF.WriteLine "<h3>"&"<font color=MidnightBlue><a name=here5>"&"[  5. 网络状态  ]"&"</a></font >"&"</h3>"
Dim f1
Set ws=WScript.CreateObject ("wscript.shell")
ws.run "%comspec% /c echo ######################### ipconfig /all #########################  > ttmp",0,True
ws.run "%comspec% /c ipconfig /all  >> ttmp",0,True
ws.run "%comspec% /c echo ######################### netstat -r ######################### >> ttmp",0,True
ws.run "%comspec% /c netstat -r >>ttmp",0,True
ws.run "%comspec% /c echo ######################### arp -a ######################### >> ttmp",0,True
ws.run "%comspec% /c arp -a >>ttmp",0,True
ws.run "%comspec% /c echo ######################### netstat -an ######################### >> ttmp",0,True
ws.run "%comspec% /c netstat -an >>ttmp",0,True
ws.run "%comspec% /c echo ######################### nbtstat -r ######################### >> ttmp",0,True
ws.run "%comspec% /c nbtstat -r >>ttmp",0,True
ws.run "%comspec% /c echo ######################### nbtstat -n  ######################### >> ttmp",0,True
ws.run "%comspec% /c nbtstat -n >>ttmp",0,True
ws.run "%comspec% /c echo ######################### nbtstat -S ######################### >> ttmp",0,True
ws.run "%comspec% /c nbtstat -S >>ttmp",0,True
ws.run "%comspec% /c echo ######################### netstat -es ######################### >> ttmp",0,True
ws.run "%comspec% /c netstat -es >>ttmp",0,True
Set f1=oFSO.OpenTextFile ("ttmp",forreading,True)
oF.WriteLine "<TABLE BORDER=1 WIDTH=800 cellspacing=1><TR><TD>"
Do Until  f1.AtEndOfStream
a=f1.ReadLine
oF.WriteLine "<p><font size=2>" &a&"</font></p>"
Loop
oF.WriteLine  "</TD></TR></TABLE>"
f1.Close
ofso.DeleteFile "ttmp",True
'---------------------------------
'检查磁盘和共享
' --------------------------------
oF.WriteLine "<h3><font color=MidnightBlue><a name=here6>"&"[ 6. 磁盘和共享  ]"&"</a></font ></h3>"
Sub Enudisk
oF.writeline "<table BORDER=1 style=font-size:9pt cellspacing=1>"
On Error Resume Next
'Enumerate Disk Drive Properties 用了除法转成MB单位，并用clng函数取整
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set colDrives = objFSO.Drives
of.writeline "<tr><th bgColor=#808080>Drive letter: </th><th bgColor=#808080>Volume name: </th><th bgColor=#808080>File system: </th><th bgColor=#808080>Total size: </th><th bgColor=#808080>Free space: </th></tr>"
For Each objDrive in colDrives
    of.writeline "<tr><td>" & objDrive.DriveLetter &"</td>"&_
    "<td>" & objDrive.VolumeName&"</td>"&_
   "<td>" & objDrive.FileSystem&"</td>"&_
    "<td>" &  clng(objDrive.TotalSize /1024 /1024 ) &"MB"&"</td>"&_
   "<td>" &  CLng(objDrive.FreeSpace /1024 /1024 ) &"MB"&"</td></tr>"
Next
If Err <>0 Then
Err.Clear
End If
End Sub
Enudisk
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_Share",,48)
    of.writeline "<tr><th bgColor=#808080>Path: </th><th bgColor=#808080>Name: </th><th bgColor=#808080>Caption:</th><th bgColor=#808080>Status:</th><th bgColor=#808080>MaximumAllowed:</th></tr>"
For Each objItem in colItems
    of.writeline "<tr><td>"& objItem.Path&"</td>"&  _
     "<td>" & objItem.Name&"</td>"& _
    "<td>"  & objItem.Caption&"</td>"& _
    "<td>" & objItem.Status&"</td>"&_
     "<td>" &objItem.MaximumAllowed &"</td></tr>"
Next
oF.WriteLine "</table>"     
'---------------------------------
'检测进程  
' --------------------------------
oF.WriteLine "<h3><font color=MidnightBlue><a name=here7>"&"[  7. 进程  ]"&"</a></font ></h3>"
Set objWMI = _
   GetObject("winmgmts:{impersonationLevel=impersonate}//./root/cimv2")
Set colProcessList = objWMI.ExecQuery("SELECT * FROM Win32_Process")
Set objFSO = CreateObject("Scripting.FileSystemObject")
oF.WriteLine "<table BORDER=1  WIDTH=%100 style=font-size:9pt cellspacing=1>"
oF.writeline "<tr><th bgColor=#808080>UserDomain</th><th bgColor=#808080>Ownership</th><th bgColor=#808080>CreationDate</th><th bgColor=#808080>Process ID:</th><th bgColor=#808080>Process Name:</th>"&"<th bgColor=#808080>Executable Path:</th><th bgColor=#808080>Size:</th><th bgColor=#808080>File created:</th><th bgColor=#808080>File last modified:</th><th bgColor=#808080>File last accessed:</th></tr>"
For Each colprocess In colProcessList
colProperties=colProcess.GetOwner(strNameOfUser,strUserDomain)
Set objFile = objFSO.GetFile (colProcess.ExecutablePath)
   oF.WriteLine "<tr><td>" & strUserDomain  & "</td><td>"&strNameOfUser&"</td><td>"& colProcess.CreationDate&"</td><td>"&colProcess.Processid &"</td><td>" &colprocess.name&"</td><td>"&colProcess.ExecutablePath & "</td>"
oF.WriteLine  "<td>" & objFile.Size &"</td>"
oF.WriteLine "<td>" &  objFile.DateCreated &"</td>"
oF.WriteLine  "<td>" & objFile.DateLastModified &"</td>"
oF.WriteLine  "<td>" & objFile.DateLastAccessed &"</td></tr>"
Next
oF.WriteLine "</table>"
'---------------------------------
'检测进程id对应的服务  
' --------------------------------
oF.WriteLine "<h3><font color=MidnightBlue><a name=here8>"&"[  8. 进程ID对应的启动服务  ]"&"</a></font ></h3>"
  set objIdDictionary = CreateObject("Scripting.Dictionary")
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colServices = objWMIService.ExecQuery _
    ("Select * from Win32_Service Where State <> 'Stopped'")
For Each objService in colServices
    If objIdDictionary.Exists(objService.ProcessID) Then
    Else
        objIdDictionary.Add objService.ProcessID, objService.ProcessID
    End If
Next
colProcessIDs = objIdDictionary.Items
oF.WriteLine "<TABLE BORDER=1 style=font-size:9pt cellspacing=1>"
For i = 0 to objIdDictionary.Count - 1
    Set colServices = objWMIService.ExecQuery _
        ("Select * from Win32_Service Where ProcessID = '" & _
            colProcessIDs(i) & "'")
   oF.WriteLine "<TR><TH bgColor=#808080>Process ID: </TH><td>" &colProcessIDs(i)&"<td/>"
    For Each objService in colServices
          oF.WriteLine "<tr><td COLSPAN=2>" & objService.DisplayName &"</td></tr>"
    Next
Next
 oF.WriteLine  "</TABLE>"
'---------------------------------
'检测服务  
' --------------------------------
oF.WriteLine "<h3>"&"<font color=MidnightBlue><a name=here9>"&"[   9. 服务  ]"&"</a></font >"&"</h3>"
strComputer = "."  
Set objWMIService = GetObject("winmgmts:" & _
    "{impersonationLevel=Impersonate}!\\" & strComputer & "\root\cimv2")
Set colStartServices = objWMIService.ExecQuery _
  ("SELECT DisplayName,State FROM Win32_Service WHERE State = 'Running'")
oF.WriteLine "<table BORDER=1 style=font-size:9pt width=100% cellspacing=1>"
oF.WriteLine "<tr><th bgColor=#808080>Running server list:</th></tr>"
of.writeline "<tr><td>"
For Each objService in colStartServices
    of.writeline  "<p>" & objService.DisplayName & "</p>"  
Next
oF.WriteLine "</td></tr></table>"                  
Set objWMIService = GetObject("winmgmts:\\" & strComputer)
Set colServices = objWMIService.InstancesOf("Win32_Service")
oF.WriteLine "<table BORDER=1 style=font-size:9pt width=100% cellspacing=1>"
oF.WriteLine "<tr><th bgColor=#808080>Name:</th><th bgColor=#808080>Display Name:</th><th bgColor=#808080>Path Name:</th><th bgColor=#808080>Start Mode:</th><th bgColor=#808080>State:</th></tr>"
For Each objService In colServices
    oF.WriteLine "<tr>"&"<td>" &objService.Name    &"</td>"&_    
                "<td>" & objService.DisplayName&"</td>"& _
                "<td>" & objService.PathName     &"</td>"& _
                "<td>" & objService.StartMode    &"</td>"& _
                 "<td>" &objService.State        &"</td>"
Next                                           
oF.WriteLine "</tr></table>"                                
'---------------------------------
'检测补丁
' --------------------------------
oF.WriteLine "<h3>"&"<font color=MidnightBlue><a name=here10>"&"[  10. 补丁  ]"&"</a></font >"&"</h3>"
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colOperatingSystems = objWMIService.ExecQuery _
    ("Select * from Win32_OperatingSystem")
For Each objOperatingSystem in colOperatingSystems
    PACKVER = objOperatingSystem.ServicePackMajorVersion  _
        & "." & objOperatingSystem.ServicePackMinorVersion
        Next
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colQuickFixes = objWMIService.ExecQuery _
("Select * from Win32_QuickFixEngineering")
oF.WriteLine "<table BORDER=1 style=font-size:9pt cellspacing=1>"
oF.WriteLine "<tr><th bgColor=#808080>PackVersion: </th><td>"&PACKVER&"</td></tr>"
'   oF.WriteLine "<td>Computer: </td>"
   oF.WriteLine "<tr><th bgColor=#808080>Description:</th>"
   oF.WriteLine "<th bgColor=#808080>Hotfix ID:</th>"
 '   oF.WriteLine "<td>Installation Date:</td>"
 '  oF.WriteLine "<td>Installed By:</td>"
   oF.WriteLine "</tr>"
For Each objQuickFix in colQuickFixes
   oF.WriteLine "<tr>"
'    oF.WriteLine "<td>" & objQuickFix.CSName & "</td>"
   oF.WriteLine "<td>" & objQuickFix.Description & "</td>"
   oF.WriteLine "<td>" & objQuickFix.HotFixID & "</td>"
'   oF.WriteLine "<td>" & objQuickFix.InstallDate & "</td>"
'    oF.WriteLine "<td>" & objQuickFix.InstalledBy & "</td>"
   oF.WriteLine "</tr>"
Next
oF.WriteLine "</table>"
'---------------------------------
'检测软件
' --------------------------------
'get installed software
oF.WriteLine "<h3>"&"<font color=MidnightBlue><a name=here11>"&"[  11. 软件  ]"&"</a></font >"&"</h3>"
oF.WriteLine "<table BORDER=1 style=font-size:9pt cellspacing=1>"
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
oF.WriteLine "<tr><th bgColor=#808080>Caption:</th><th bgColor=#808080>version:</th></tr>"
Set colApps = objWMIService.ExecQuery("Select * from Win32_Product")
For Each objApp in colApps
oF.WriteLine "<tr><td>"&objApp.Caption &"</td><td>"& objApp.Version &"</td></tr>"
Next
Dim oRegistry, sBaseKey, iRC, sKey, arSubKeys, sValue
Const HKLM = &H80000002 'HKEY_LOCAL_MACHINE
Set oRegistry = GetObject("winmgmts:\\" & strComputer  & _
"/root/default:StdRegProv")
sBaseKey = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"
iRC = oRegistry.EnumKey(HKLM, sBaseKey, arSubKeys)
For Each sKey In arSubKeys
  iRC = oRegistry.GetStringValue(HKLM, sBaseKey & sKey, _
  "DisplayName", sValue)
  version= oRegistry.GetStringValue(HKLM, sBaseKey & sKey, _
  "DisplayVersion", sVer)
  If iRC <> 0 Then
    oRegistry.GetStringValue HKLM, sBaseKey & sKey, _
    "QuietDisplayName", sValue
  End If
  If sValue <> "" Then
    	of.writeline"<tr><td>" & sValue & "</td><td>" & sver & "</td></tr>"
  ElseIf Err <> 0 Then
	of.writeline"<tr><td>"& "Installed App Name Not Available" & "</td></tr>"
  	err.clear
	err.Number=0
  End If
Next
Const ADMINISTRATIVE_TOOLS = &H2f&
Set objShell = CreateObject("Shell.Application")
Set objFolder = objShell.Namespace(ADMINISTRATIVE_TOOLS)
Set objTools = objFolder.Items
oF.WriteLine "<tr><th bgColor=#808080>Admin tools:</th></tr>"
For i = 0 to objTools.Count - 1
   oF.WriteLine "<tr><td>"& objTools.Item(i)&"</td></tr>"
Next
oF.WriteLine "</table>"
'---------------------------------
'检测帐号
' --------------------------------
oF.WriteLine "<h3><font color=MidnightBlue><a name=here12>"&"[  12. 帐号  ]"&"</a></font ></h3>"
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_UserAccount",,48)
oF.WriteLine "<table width=100% BORDER=1 style=font-size:9pt  cellspacing=1>"
    oF.writeline "<tr><th bgColor=#808080>" &"Name: "& "</th>"_
    &"<th bgColor=#808080>"&"Description: "& "</th>"_
    &"<th bgColor=#808080>"&"Lockout: "& "</th>"_
     &"<th bgColor=#808080>"&"PasswordChangeable: "& "</th>"_
     &"<th bgColor=#808080>"&"PasswordExpires: "& "</t>"_
     &"<th bgColor=#808080>"&"SID: " & "</th>"_
     &"<th bgColor=#808080>"& "Status: "& "</th>"_
     &"<th bgColor=#808080>"& "administrators: "& "</th>"
For Each objItem in colItems
 strUser = objItem.Name
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
   oF.writeline  "<tr><td>" & objItem.Name &"</td><td>" & _
    objItem.Description &"</td><td>" & _
    objItem.Lockout &"</td><td>" & _
    objItem.PasswordChangeable &"</td><td>" & _
    objItem.PasswordExpires &"</td><td>" & _
    objItem.SID &"</td><td>" & _
    objItem.Status&"</td>"
    For Each objUser in objGroup.Members
    If objUser.Name = strUser Then
        oF.writeline "<td>True</td>"
    End If
   Next
Next
On Error Resume Next
Set objNetwork = CreateObject("Wscript.Network")
strComputer = objNetwork.ComputerName
strPassword = ""
Set colAccounts = GetObject("WinNT://" & strComputer)
colAccounts.Filter = Array("user")
For Each objUser In colAccounts
    objUser.ChangePassword strPassword, strPassword
    If Err = 0 or Err = -2147023569 Then
        oF.writeline  "<p><font size=2>" &objUser.Name &  " password is null !.</font></p>"
    End If
    Err.Clear
Next
oF.WriteLine "</tr>"
oF.WriteLine "</table>"
'---------------------------------
'检查计划任务
' --------------------------------
oF.WriteLine "<h3><font color=MidnightBlue><a name=here13>"&"[  13. AT创建的计划任务  ]"&"</a></font ></h3>"
oF.writeline "<table width=100% BORDER=1 style=font-size:9pt cellspacing=1>"
'oF.writeline "<tr><th bgColor=#808080>Caption:</th><th bgColor=#808080>Command:</th><th bgColor=#808080>Days Of Month:</th><th bgColor=#808080>Days Of Week:</th><th bgColor=#808080>Description: </th><th bgColor=#808080>Elapsed Time:</th><><></th><><><>
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colScheduledJobs = objWMIService.ExecQuery _
    ("Select * from Win32_ScheduledJob")
For Each objJob In colScheduledJobs
    oF.writeline "<tr><th bgColor=#808080>Caption:</th><td> " & objJob.Caption &"</td></tr>"
    oF.writeline "<tr><th bgColor=#808080>Command:</th><td> " & objJob.Command &"</td></tr>"
    oF.writeline "<tr><th bgColor=#808080>Days Of Month: </th><td>" & objJob.DaysOfMonth &"</td></tr>"
    oF.writeline "<tr><th bgColor=#808080>Days Of Week: </th><td>" & objJob.DaysOfWeek &"</td></tr>"
    oF.writeline "<tr><th bgColor=#808080>Description: </th><td>" & objJob.Description &"</td></tr>"
    oF.writeline "<tr><th bgColor=#808080>Elapsed Time: </th><td>" & objJob.ElapsedTime &"</td></tr>"
    oF.writeline "<tr><th bgColor=#808080>Install Date: </th><td>" & objJob.InstallDate &"</td></tr>"
    oF.writeline "<tr><th bgColor=#808080>Interact with Desktop: </th><td>" & objJob.InteractWithDesktop &"</td></tr>"
    oF.writeline "<tr><th bgColor=#808080>Job ID: </th><td>" & objJob.JobID &"</td></tr>"
    oF.writeline "<tr><th bgColor=#808080>Job Status: </th><td>" & objJob.JobStatus &"</td></tr>"
    oF.writeline "<tr><th bgColor=#808080>Name: </th><td>" & objJob.Name &"</td></tr>"
    oF.writeline "<tr><th bgColor=#808080>Notify: </th><td>" & objJob.Notify &"</td></tr>"
    oF.writeline "<tr><th bgColor=#808080>Owner: </th><td>" & objJob.Owner &"</td></tr>"
    oF.writeline "<tr><th bgColor=#808080>Priority: </th><td>" & objJob.Priority &"</td></tr>"
    oF.writeline "<tr><th bgColor=#808080>Run Repeatedly: </th><td>" & objJob.RunRepeatedly &"</td></tr>"
    oF.writeline "<tr><th bgColor=#808080>Start Time: </th><td>" & objJob.StartTime &"</td></tr>"
    oF.writeline "<tr><th bgColor=#808080>Status: </th><td>" & objJob.Status &"</td></tr>"
    oF.writeline "<tr><th bgColor=#808080>Time Submitted: </th><td>" & objJob.TimeSubmitted &"</td></tr>"
    oF.writeline "<tr><th bgColor=#808080>Until Time: </th><td>" & objJob.UntilTime &"</td></tr>"
Next
oF.writeline "</table>"
'----------------------------------
'获取文件信息函数
'----------------------------------
Function getfileinfo (targetfiles)
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.GetFile (targetfiles)
oF.WriteLine  "<tr><td>" & objFile.Path &"</td>"
oF.WriteLine  "<td>" & objFile.Size &"</td>"
oF.WriteLine  "<td>" & objFile.Type &"</td>"
oF.WriteLine "<td>" & objFile.DateCreated &"</td>"
oF.WriteLine  "<td>" & objFile.DateLastModified &"</td>"
oF.WriteLine  "<td>" & objFile.DateLastAccessed &"</td></tr>"
End Function
oF.WriteLine "<h3><font color=MidnightBlue><a name=here14>"&"[  14. 重要文件属性  ]"&"</a></font ></h3>"
oF.writeline "<table BORDER=1 style=font-size:9pt width=100% cellspacing=1>"
oF.WriteLine "<tr><th bgColor=#808080>Path:</th><th bgColor=#808080>Size:</th><th bgColor=#808080>Type:</th><th bgColor=#808080>Date created:</th><th bgColor=#808080>Date last modified:</th><th bgColor=#808080>Date last accessed:</th></tr>"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\cmd.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\services.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\xcopy.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\arp.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\posix.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\cacls.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\debug.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\telnet.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\ftp.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\tftp.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\tracert.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\edlin.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\rsh.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\ipconfig.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\regedt32.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\finger.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\at.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\netstat.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\wscript.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\cscript.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\ping.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\atsvc.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\rcp.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\regedit.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\nslookup.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\runonce.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\net.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\route.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\copy.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\user.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\csrss.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\rexec.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\nbtstat.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\notepad.exe"
getfileinfo wshshell.expandEnvironmentStrings("%systemroot%")&"\system32\edit.com"
oF.writeline "</table>"
'get autorun
oF.WriteLine "<h3><font color=MidnightBlue><a name=here15>"&"[  15. 自启动项  ]"&"</a></font></h3>"
oF.writeline "<table BORDER=1 style=font-size:9pt width=100% cellspacing=1>"
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colStartupCommands = objWMIService.ExecQuery _
    ("Select * from Win32_StartupCommand")
    oF.writeline "<tr><th bgColor=#808080>User:</th><th bgColor=#808080>Location:</th><th bgColor=#808080>Name:</th><th bgColor=#808080>Command:</th>"
For Each objStartupCommand in colStartupCommands
    oF.writeline "<tr><td>"&objStartupCommand.User&"</td><td>"&objStartupCommand.location&"</td><td>"&objStartupCommand.name &"</td><td>"& objStartupCommand.command&"</td></tr>"
Next
oF.WriteLine "</table>"
'---------------------------------
'检查注册表自启动项目
' --------------------------------
oF.WriteLine "<h3><font color=MidnightBlue><a name=here16>"&"[  16. 注册表  ]"&"</a></font></h3>"
Const HKEY_CLASSES_ROOT = &H80000000
Const HKEY_CURRENT_USER = &H80000001
Const HKEY_LOCAL_MACHINE = &H80000002
Const HKEY_USERS=&H80000003
Const HKEY_CURRENT_CONFIG=&H80000005
Const REG_SZ = 1
Const REG_EXPAND_SZ = 2
Const REG_BINARY = 3
Const REG_DWORD = 4
Const REG_MULTI_SZ = 7
strComputer = "."
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
On Error Resume Next
oF.writeline "<table BORDER=1 style=font-size:9pt width=100% cellspacing=1>"
oF.writeline "<tr><th bgColor=#808080>读取此项内容</th><th bgColor=#808080>内容</th></tr>"
'enum subkeys\all entryNames
oReg.GetdwordValue HKEY_LOCAL_MACHINE,"SYSTEM\CurrentControlSet\Services\lanmanserver\parameters","Autoshareserver",strValue
If IsNull(strValue) Then
Else
oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\Autoshareserver" &"</td>"
oF.WriteLine "<td>"&strValue &"</td></tr>"  
End If
oReg.GetstringValue HKEY_LOCAL_MACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon","Shell",strValue
If IsNull(strValue) Then
Else
oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\shell" &"</td>"
oF.WriteLine "<td>"&strValue &"</td></tr>"
End If
oreg.GetstringValue HKEY_LOCAL_MACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon","Userinit",strValue
If IsNull(strValue) Then
Else
oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\Userinit" &"</td>"
oF.WriteLine "<td>"&strValue &"</td></tr>"
End If
oReg.GetstringValue HKEY_LOCAL_MACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Windows","run",strValue
If IsNull(strValue) Then
Else
oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\run" &"</td>"
oF.WriteLine "<td>"&strValue &"</td></tr>"
End If
oReg.GetstringValue HKEY_CURRENT_USER,"Software\Microsoft\Windows NT\CurrentVersion\Windows","run",strValue
If IsNull(strValue) Then
Else
oF.WriteLine "<tr><td>"&"HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\run" &"</td>"
oF.WriteLine "<td>"&strValue &"</td></tr>"
End If
oReg.GetstringValue HKEY_CURRENT_USER,"Software\Microsoft\Windows NT\CurrentVersion\Windows","load",strValue
If IsNull(strValue) Then
Else
oF.WriteLine "<tr><td>"&"HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load" &"</td>"
oF.WriteLine "<td>"&strValue &"</td></tr>"
End If
oreg.getdwordvalue HKEY_LOCAL_MACHINE,"SYSTEM\CurrentControlSet\Services\EventLog\Application","Maxsize",dwordvalue
If IsNull(strValue) Then
Else
oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Maxsize" &"</td>"
oF.WriteLine "<td>"&dwordValue &"</td></tr>"
End If
oreg.getdwordvalue HKEY_LOCAL_MACHINE,"SYSTEM\CurrentControlSet\Services\EventLog\security","Maxsize",dwordvalue
If IsNull(strValue) Then
Else
oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\security\Maxsize" &"</td>"
oF.WriteLine "<td>"&dwordValue &"</td></tr>"
End If
oreg.getdwordvalue HKEY_LOCAL_MACHINE,"SYSTEM\CurrentControlSet\Services\EventLog\system","Maxsize",dwordvalue
If IsNull(strValue) Then
Else
oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\system\Maxsize" &"</td>"
oF.WriteLine "<td>"&dwordValue &"</td></tr>"
End If
oreg.getdwordvalue HKEY_LOCAL_MACHINE,"SYSTEM\CurrentControlSet\Control\Lsa","restrictanonymous",dwordvalue
If IsNull(strValue) Then
Else
oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymous" &"</td>"
oF.WriteLine "<td>"&dwordValue &"</td></tr>"
End If
oreg.getdwordvalue HKEY_LOCAL_MACHINE,"System\CurrentControlSet\Services\NetBT\Parameters","SMBDeviceEnabled",dwordvalue
If IsNull(strValue) Then
Else
oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\SMBDeviceEnabled" &"</td>"
oF.WriteLine "<td>"&dwordValue &"</td></tr>"
End If
oReg.GetStringValue HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows","Appinit_Dlls",stringvalue
If IsNull(strValue) Then
Else
oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" &"</td>"
oF.WriteLine "<td>"&stringvalue &"</td></tr>"
End If
oF.writeline "<tr><th bgColor=#808080>枚举此键内容</th><th bgColor=#808080>项目名</th><th bgColor=#808080>数据类型</th></tr>"
'get entryNames values
RegEnum HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
RegEnum HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx"
RegEnum HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"
RegEnum HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices"
RegEnum HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad"
RegEnum HKEY_CURRENT_USER,"SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
RegEnum HKEY_CURRENT_USER,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"
RegEnum HKEY_CURRENT_USER,"SOFTWARE\Micrsoft\Windows\CurrentVersion\RunOnceEx"
RegEnum HKEY_CURRENT_USER,"SOFTWARE\Micrsoft\Windows\CurrentVersion\RunServices"
'the dll files Location: C:\WINDOWS\system32
RegEnum HKEY_LOCAL_MACHINE,"System\CurrentControlSet\Control\Session Manager\KnownDLLs"
Function RegEnum (Subtrees,strKeyPath)
On Error Resume Next
oReg.EnumValues Subtrees, strKeyPath,_
 arrValueNames, arrValueTypes
 If Not IsNull(arrvaluenames) Then
    If Subtrees= &H80000002 Then
       oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\"&strKeyPath &"</td></tr>"
	Elseif Subtrees=&H80000001 Then
       oF.WriteLine "<tr><td>"& "HKEY_CURRENT_USER\"&strKeyPath &"</td></tr>"
    End If
End If
For i=0 To UBound(arrValueNames)
   oF.WriteLine "<tr><td></td><td>"& arrValueNames(i) &"</td>"
       Select Case arrValueTypes(i)
        Case REG_SZ
            oF.WriteLine "<td>"& "String" &"</td></tr>"
        Case REG_EXPAND_SZ
            oF.WriteLine "<td>"& "Expanded String"  &"</td></tr>"
        Case REG_BINARY
            oF.WriteLine "<td>"& "Binary" &"</td></tr>"
        Case REG_DWORD
            oF.WriteLine "<td>"& "DWORD"  &"</td></tr>"
        Case REG_MULTI_SZ
            oF.WriteLine "<td>"& "Multi String"  &"</td></tr>"
    End Select      
Next
End Function
strKeyPath = "SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg"
oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_QUERY_VALUE, bHasAccessRight
If bHasAccessRight = True Then
    a=" Query"
Else
    a= " Not Query"
End If
oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_SET_VALUE, bHasAccessRight
If bHasAccessRight = True Then
    b= " Set"
Else
    b=" Not Set "
End If
oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_CREATE_SUB_KEY, bHasAccessRight
If bHasAccessRight = True Then
    c= " Create"
Else
    c=" Not Create"
End If
oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, DELETE, bHasAccessRight
If bHasAccessRight = True Then
   d=" DELETE"
Else
    d=" NotDelete"
End If
oF.writeline "<tr><th bgColor=#808080>检查项目</th><th bgColor=#808080>支持的权限"
oF.WriteLine "<tr><td>"&"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg"&"</td><td>"&a&b&c&d&"</td></tr>"
oF.writeline "</table>"
'------------------------------------------------------------
'Set fs=CreateObject("scripting.filesystemobject")
'Set f0=fs.getspecialfolder(0)
'Set f1=fs.getspecialfolder(1)
'Set f2=fs.getspecialfolder(2)
'system32=f1
'oF.writeline "<table BORDER=1 style=font-size:9pt>"
'oF.WriteLine "<tr><th>"
'WScript.Echo f0&f1&f2
'Set objShell = CreateObject ("Shell.Application")
'Set objFolder = objShell.Namespace (system32)
'Set objFSO = CreateObject("Scripting.FileSystemObject")
'Dim arrHeaders(13)
'For i = 0 to 13
 '   arrHeaders(i) = objFolder.GetDetailsOf (objFolder.Items, i)
'Next
'For Each strFileName in objFolder.Items
 '   For i = 0 to 13
  '      If i <> 9 Then
   '     oF.writeline "<tr><th>"& arrHeaders(0)&"</th><th>"& arrHeaders(1)&"</th><th>"& arrHeaders(2)&"</th><th>"& arrHeaders(3)&"</th><th>"& arrHeaders(4)&"</th><th>"& arrHeaders(5)&"</th><th>"& arrHeaders(6)&"</th><th>"& arrHeaders(7)&"</th><th>"& arrHeaders(8)&"</th><th>"& arrHeaders(9)&"</th><th>"& arrHeaders(10)&"</th><th>"& arrHeaders(11)&"</th><th>"& arrHeaders(12)&"</th><th>"& arrHeaders(13)&"</th></tr>"
    ' oF.writeline "<tr><td>" &objFolder.GetDetailsOf (strFileName, 0) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 1) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 2) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 3) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 4) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 5) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 6) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 7) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName,8) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 9) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 10) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 11) &"</td>"&"<td>" &objFolder.GetDetailsOf (strFileName, 12) &"</td><td>" &objFolder.GetDetailsOf (strFileName, 13) &"</td></tr>"
     '   End If
    'Next
    'WScript.Echo
'Next
'sys file read
'Set fs=CreateObject("scripting.filesystemobject")
'Set f0=fs.getspecialfolder(0)
'Set f1=fs.getspecialfolder(1)
'Set f2=fs.getspecialfolder(2)
'winfile=f0&"\"&"win.ini"
'sysfile="C:\WINDOWS\SYSTEM.INI"
'set file2=oFSO.OpenTextFile (sysfile,forreading,True)
'While file2.AtEndOfStream<>True
'ccc=ReadLine
'oF.WriteLine "<p><font size=2>" &ccc&"</font></p>"
'Wend
'---------------------------------
'导出系统日志为html
' --------------------------------
oF.WriteLine "<h3><font color=MidnightBlue><a name=here17>"&"[  17. 系统日志  ]"&"</a></font></h3>"
msg="是否导出系统日志为单独的html报告？"& VbCrLf
msg=msg&"日志筛选内容包括："& VbCrLf
msg=msg&"  1.登录失败"& VbCrLf
msg=msg&"  2.错误、警告、安全审核失败 "& VbCrLf
Set objShell = WScript.CreateObject("Wscript.Shell")
EventDoIt = MsgBox(msg,vbQuestion+vbYesNo+vbSystemModal,"运行提示")
If EventDoIt = vbNo Then
oF.writeline "<p><font size=2>程序运行没有选择导出日志</font></p>"
Run_complete
WScript.Quit
End If
oF.writeline "<p><font size=2><a href="&EventReport&">点击打开 "&EventReport&" 查看日志</a></font></p>"
Set objWMIService = GetObject("winmgmts:{(Security)}\\" & strComputer & "\root\cimv2")
Set colEvents = objWMIService.ExecQuery("Select * from Win32_NTLogEvent Where Logfile = 'Security' and EventCode = '529'")
eventlog.WriteLine "<head><title>eventLog build by bkReport.vbs</title></head>"
eventlog.writeline "<table BORDER=1 style=font-size:9pt width=100% cellspacing=1>"
eventlog.Writeline "<tr><th bgColor=#808080 COLSPAN=6>登录失败日志信息</th></tr>"
eventlog.Writeline "<tr><th bgColor=#808080>Category: </th>"
eventlog.Writeline "<th bgColor=#808080>Event Code: </th>"
eventlog.Writeline "<th bgColor=#808080>Record Number: </th>"
eventlog.Writeline "<th bgColor=#808080>Event Type: </th>"
eventlog.Writeline "<th bgColor=#808080>Time Written: </th>"  
eventlog.Writeline "<th bgColor=#808080>Message: </th></tr>"
For Each objEvent in colEvents
eventlog.Writeline "<tr><td>"  & objEvent.Category &"</td>"
eventlog.Writeline "<td>" & objEvent.EventCode &"</td>"
eventlog.Writeline "<td>" & objEvent.RecordNumber &"</td>"
eventlog.Writeline "<td>" & objEvent.Type &"</td>"
eventlog.Writeline "<td>" & objEvent.TimeWritten &"</td>"
eventlog.Writeline "<td>" & objEvent.Message &"</td></tr>"
Next
Set colLoggedEvents = objWMIService.ExecQuery _
    ("Select * from Win32_NTLogEvent Where Type <> 'information' AND Type <> 'audit success'")
eventlog.Writeline "<tr><th bgColor=#808080 COLSPAN=6>错误、警告、安全审核失败日志信息</th></tr>"
eventlog.Writeline "<tr><th bgColor=#808080>Category: </th>"
eventlog.Writeline "<th bgColor=#808080>Event Code: </th>"
eventlog.Writeline "<th bgColor=#808080>Record Number: </th>"
eventlog.Writeline "<th bgColor=#808080>Event Type: </th>"
eventlog.Writeline "<th bgColor=#808080>Time Written: </th>"  
eventlog.Writeline "<th bgColor=#808080>Message: </th></tr>"
For Each objEvent in colLoggedEvents
eventlog.Writeline "<tr><td>"  & objEvent.Category &"</td>"
eventlog.Writeline "<td>" & objEvent.EventCode &"</td>"
eventlog.Writeline "<td>" & objEvent.RecordNumber &"</td>"
eventlog.Writeline "<td>" & objEvent.Type &"</td>"
eventlog.Writeline "<td>" & objEvent.TimeWritten &"</td>"
eventlog.Writeline "<td>" & objEvent.Message &"</td></tr>"
Next
oF.writeline "</table>"
oF.WriteLine "</html>"
Run_complete
oF.closee
Sub Run_complete
dtmEnd = Now()
oF.Writeline "<p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p>"
oF.Writeline "<hr width=90% color=#ff8000>"
oF.Writeline  "<p align=center><font size=2>脚本运行时间 "& DateDiff("s", dtmStart, dtmEnd)&" 秒  问题反馈eMail: qinbo@nsfocus.com</font></p>"
objShell.run  MainReport
End Sub
'********************************************************************
'*                                                                  *
'*                           End of File                            *
'*                                                                  *
'********************************************************************
标签：搜集,Set,WriteLine,Windows,HKEY,expandEnvironmentStrings,vbs,writeline,wshshell
来源： https://www.cnblogs.com/autopwn/p/16501657.html
本站声明： 1. iCode9 技术分享网（下文简称本站）提供的所有内容，仅供技术学习、探讨和分享；
2. 关于本站的所有留言、评论、转载及引用，纯属内容发起人的个人观点，与本站观点和立场无关；
3. 关于本站的所有言论和文字，纯属内容发起人的个人观点，与本站观点和立场无关；
4. 本站文章均是网友提供，不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属；如您发现该文章侵犯了您的权益，可联系我们第一时间进行删除；
5. 本站为非盈利性的个人网站，所有内容不会用来进行牟利，也不会利用任何形式的广告来间接获益，纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。
ICode9

（转载）Windows信息搜集vbs脚本
