-
Notifications
You must be signed in to change notification settings - Fork 0
/
Softkiller.vbs
289 lines (276 loc) · 14.3 KB
/
Softkiller.vbs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
'File Name: Softkiller.vbs
'Version: v1.4, 10/28/2019
'Author: Justin Grimes, 10/28/2019
'Supported Arguments
' -e (Email) = Set 'emailResult' config entry to TRUE (send emails when run).
' -o (Output) = Set 'outputResult' config entry to TRUE (create a log file when this application kills other applications).
' -v (verbose) = Set 'verbose' config entry to TRUE (log output to the console).
' -f (Forced) = Set 'force' config entry to TRUE (bypass Office Application detection).
' -k (Process To Kill) = Set '-k <process name>' to the complete name of a process to kill (required).
' -h (Help) = Use the 'help' argument to display instructional text about this application.
' --------------------------------------------------
'Declare all variables to be used during execution of this application.
'Undeclared variables will cause a critical error and halt application execution.
Option Explicit
Dim argms, emailResult, outputResult, verbose, force, killExe, strComputer, strProgramToKill, SKScriptName, SKAppPath, SKLogPath, companyName, companyAbbr, companyDomain, _
toEmail, SKMailFile, objFSO, objWMIService, strSafeDate, strSafeTime, strDateTime, logFileName, scriptPath, i, oFile, objlogFile, message, officeApp, officeApps, skip, _
helpText, echoText, notText, methodText, killStatus, killResult, objShell, strUserName, objScript, strComputerName, colProcessList, objProcess, logFilePath, objApp
' --------------------------------------------------
' --------------------------------------------------
' ----------
' Company Specific variables.
' Change the following variables to match the details of your organization.
' The " SKScriptName" is the filename of this script.
SKScriptName = "Softkiller.vbs"
' The "SKAppPath" is the full absolute path for the script directory, with trailing slash.
SKAppPath = "\\SERVER\AutomationScripts\Softkiller\"
' The "SKLogPath" is the full absolute path for where network-wide logs are stored.
SKLogPath = "\\SERVER\Logs\"
' The "companyName" the the full, unabbreviated name of your organization.
companyName = "Company Inc."
' The "companyAbbr" is the abbreviated name of your organization.
companyAbbr = "Company"
' The "companyDomain" is the domain to use for sending emails. Generated report emails will appear
' to have been sent by "COMPUTERNAME@domain.com"
companyDomain = "company.com"
' The "toEmail" is a valid email address where notifications will be sent.
toEmail = "IT@company.com"
' Set "emailResult" to TRUE to receive an email when registry modifications are detected.
' Default is TRUE.
emailResult = TRUE
' Set "outputResult" to TRUE to create a lot file when registry modifications are detected.
' Default is TRUE.
outputResult = TRUE
' When "outputResult" is set to TRUE, set "verbose" to TRUE to create a logfile on success or on error (default is error only).
' Default is FALSE.
verbose = FALSE
' Set "force" to TRUE to force the script to continue even when it does not have elevated priviledges.
' Default is FALSE.
force = FALSE
' ----------
' --------------------------------------------------
' --------------------------------------------------
'Set commonly used objects.
strComputer = "."
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set objShell = CreateObject("Wscript.Shell")
Set argms = WScript.Arguments.Unnamed
'Some basic global variables.
officeApps = Array("WINWORD.EXE", "OUTLOOK.EXE", "EXCEL.EXE", "POWERPOINT.EXE")
strProgramToKill = ""
methodText = ""
echoText = ""
nottext = ""
killExe = ""
strComputerName = objShell.ExpandEnvironmentStrings("%COMPUTERNAME%")
strUserName = objShell.ExpandEnvironmentStrings("%USERNAME%")
'Date/Time related variables.
strSafeDate = DatePart("yyyy",Date) & Right("0" & DatePart("m",Date), 2) & Right("0" & DatePart("d",Date), 2)
strSafeTime = Right("0" & Hour(Now), 2) & Right("0" & Minute(Now), 2) & Right("0" & Second(Now), 2)
strDateTime = strSafeDate & "-" & strSafeTime
'File/Directory path related variables.
scriptPath = objFSO.GetParentFolderName(objScript)
logFileName = SKLogPath & strComputerName & "-" & strDateTime & "-Softkiller.txt"
SKMailFile = "C:\Users\" & strUserName & "\Softkiller_Warning.mail"
' --------------------------------------------------
' --------------------------------------------------
'Retrieve the specified arguments.
' -e (Email) = Set 'emailResult' config entry to TRUE (send emails when run).
' -o (Output) = Set 'outputResult' config entry to TRUE (create a log file when this application kills other applications).
' -v (verbose) = Set 'verbose' config entry to TRUE (log output to the console).
' -f (Forced) = Set 'force' config entry to TRUE (bypass Office Application detection).
' -k (Process To Kill) = Set '-k <process name>' to the complete name of a process to kill (required).
' -h (Help) = Use the 'help' argument to display instructional text about this application.
Function ParseArgs()
ParseArgs = FALSE
'Iterate through all supplied arguments.
For i = 0 to argms.Count -1
'Detect the -e argument.
If argms.item(i) = "-e" Then
emailResult = TRUE
End If
'Detect the -o argument.
If argms.item(i) = "-o" Then
outputResult = TRUE
End If
'Detect the -v argument.
If argms.item(i) = "-v" Then
verbose = TRUE
End If
'Detect the -f argument.
If argms.item(i) = "-f" Then
force = TRUE
End If
'Detect the -h argument.
'Displays help text.
If argms.item(i) = "-h" Then
helpText = "Usage: " & SKScriptName & " -k <App-To-Kill.exe> -f -o -e -v" & VBNewLine & _
" -e (Email) = Set 'emailResult' config entry to TRUE (send emails when run)." & VBNewLine & _
" -o (Output) = Set 'outputResult' config entry to TRUE (create a log file when this application kills other applications)." & VBNewLine & _
" -v (verbose) = Set 'verbose' config entry to TRUE (log output to the console)." & VBNewLine & _
" -f (Forced) = Set 'force' config entry to TRUE (bypass Office Application detection)." & VBNewLine & _
" -k (Process To Kill) = Set '-k <process name>' to the complete name of a process to kill (required)." & VBNewLine & _
" -h (Help) = Use the 'help' argument to display instructional text about this application."
WScript.Echo(helpText)
End If
'Detect the -k argument.
'This is the only argument that is required for script execution.
'Without a -k argument specified this script will not run.
If argms.item(i) = "-k" Then
killExe = argms.item(i + 1)
ParseArgs = TRUE
End If
Next
End Function
' --------------------------------------------------
' --------------------------------------------------
'A function to create all required directories before the script can be run & delete any partial files that may already exist.
Function CreateReqdDirs()
CreateReqdDirs = FALSE
'Ensure a SKLogPath exists. Errors at this point probably indicate an intermediary directory does not exist or is not writable.
If Not objFSO.FolderExists(SKLogPath) Then
objFSO.CreateFolder(SKLogPath)
End If
'Double check to be sure that required folders were created.
If objFSO.FolderExists(SKLogPath) Then
CreateReqdDirs = TRUE
End If
End Function
' --------------------------------------------------
' --------------------------------------------------
'A function to create a Warning.mail file. Use to prepare an email before calling sendEmail().
Function CreateEmail()
'Check for an existing mail file and delete one if one exists.
If objFSO.FileExists(SKMailFile) Then
objFSO.DeleteFile(SKMailFile)
End If
'Check for an existing mail file and create one if none exists.
If Not objFSO.FileExists(SKMailFile) Then
objFSO.CreateTextFile(SKMailFile)
End If
'Set a handle for the "SKMailFile".
Set oFile = objFSO.CreateTextFile(SKMailFile, True)
'Write the actual email data to the mail file.
oFile.Write "To: " & toEmail & vbNewLine & "From: " & strComputerName & "@" & companyDomain & vbNewLine & _
"Subject: " & companyAbbr & " Softkiller Warning!!!" & vbNewLine & _
"This is an automatic email from the " & companyName & " Network to notify you that an application was automatically killed." & _
vbNewLine & vbNewLine & "Please verify that the equipment listed below is functioning properly." & vbNewLine & _
vbNewLine & "USER NAME: " & strUserName & vbNewLine & "WORKSTATION: " & strComputerName & vbNewLine & "PROCESS TERMINATED: " & killExe & VBNewLine & "OPERATION RESULT: " & UCase(killStatus) & _
vbNewLine & vbNewLine & "This check was generated by " & strComputerName & "." & vbNewLine & vbNewLine & "Script: """ & SKScriptName & """"
'Close the mail file.
oFile.close
End Function
' --------------------------------------------------
' --------------------------------------------------
'A function for running SendMail to send a prepared Warning.mail email message.
Function SendEmail()
objShell.run "c:\Windows\System32\cmd.exe /c " & SKAppPath & "sendmail.exe " & SKmailFile, 0, TRUE
End Function
' --------------------------------------------------
' --------------------------------------------------
'A function to create a log file when -l is set.
'Returns "True" if logFilePath exists, "False" on error.
Function CreateSoftKillLog(message)
'Make sure the message is not blank.
If message <> "" Then
'Set a handle for the "logFileName".
Set objlogFile = objFSO.CreateTextFile(logFileName, True)
'Write the "message" to the log file.
objlogFile.WriteLine(message)
'Close the log file.
objlogFile.Close
End If
'Check that a lot file was created and return the result.
If objFSO.FileExists(logFilePath) Then
error = FALSE
End If
End Function
' --------------------------------------------------
' --------------------------------------------------
'A function to detect if the selected application is running.
'If the selected application to kill is a Microsoft Office application then we can access it with CreateObject.
'Killing a Microsoft Office application using "objApp.Quit" is much gentler than using "objApp.Terminate()."
'If we simply terminate a program like Outlook while the PST's are being accessed we might corrupt data.
'Returns "TRUE" on success. Returns "FALSE" on error.
Function KillProcess(strProgramToKill)
KillProcess = FALSE
skip = FALSE
'Execute the query set in global variables and return processes which match the user supplied application.
Set colProcessList = objWMIService.ExecQuery("Select * from Win32_Process Where Name = '" & strProgramToKill & "'")
'Iterate through the results of the "colProcessList" query and return any process matching the one supplied by the user.
For Each objProcess in colProcessList
'Loop through each element in the "officeApps" array for each process found in the loop above.
For Each officeApp in officeApps
'See if the current process is a match for the one specified by the user.
If LCase(strProgramToKill) = LCase(objProcess.Name) Then
'See if the current process is in the "officeApps" array.
If LCase(objProcess.Name) = LCase(officeApp) Then
Set objApp = CreateObject(Replace(officeApp, ".EXE", "") & ".Application")
'Kill the selected Office application.
objApp.Quit
KillProcess = TRUE
skip = TRUE
methodText = " gently"
End If
End If
Next
'If the "force" argument is set we terminate the currently selected program regardless.
If Not skip And force Then
'Termination the currently selected process.
objProcess.Terminate()
KillProcess = TRUE
End If
'If we skipped the "Quit()" method above we will now kill the selected process using Terminate() instead.
If Not skip And Not force Then
'Termination the currently selected process.
objProcess.Terminate()
KillProcess = TRUE
End If
Next
WScript.Sleep 1500
'Execute the query set again to check that the terminated process was actually terminated.
Set colProcessList = objWMIService.ExecQuery("Select * from Win32_Process Where Name = '" & strProgramToKill & "'")
'Iterate through the results of the "colProcessList" query and return any process matching the one supplied by the user.
For Each objProcess in colProcessList
'See if the current process is still running.
If LCase(objProcess.Name) = LCase(strProgramToKill) Then
KillProcess = FALSE
End If
Next
'Prepare some text to use for console & log entries.
If KillProcess = FALSE Then
killStatus = "Failed"
notText = "not "
Else
killStatus = "Succeeded"
End If
End Function
' --------------------------------------------------
' --------------------------------------------------
'The main logic & entry point for the script. Makes use of the functions above.
'Parse the arguments supplied to the script and use them to prepare the operating environment for the session.
'If no arguments are supplied hard-coded configuration entries will be used instead.
If ParseArgs() Then
'Create directories & verify user input is valid.
If CreateReqdDirs() and Len("" & killExe) > 0 Then
'Kill the specified process.
killResult = KillProcess(killExe)
'Prepare some display text for log & console output.
echoText = Replace(SKScriptName, ".vbs", "") & ", " & strDateTime & ": Operation " & killStatus & "! " & killExe & " was " & notText & "terminated" & methodText & "."
End If
'Send an email if the "-e" argument or config entry is set.
If emailResult Then
CreateEmail()
SendEmail()
End If
'Create a log file if the "-o" argument or config entry is set.
If outputResult Then
CreateSoftKillLog(echoText)
End If
'Write output to the console if the "-v" argument or config entry is set.
If verbose Then
WScript.Echo(echoText)
End If
End If
' --------------------------------------------------