当前位置：首页 > news >正文

bat脚本实现获取非微软官方服务列表

news 2025/8/8 20:16:33

Get-CimInstance -ClassName Win32_Service |Where-Object { $_.State -eq 'Running' -and $_.StartMode -ne 'Disabled' } |
ForEach-Object {$isMicrosoft = $false$signerInfo = '无可执行路径'if ($_.PathName) {# 提取可执行文件路径（处理带引号/参数的路径）$exePath = $_.PathName.Trim()if ($exePath -match '^\"(.+?)\"') {$exePath = $matches[1]  # 提取引号内路径} else {$exePath = $exePath.Split(' ')[0]  # 取第一个空格前的部分}# 验证是否为文件（非目录）且存在if ($exePath -and (Test-Path -LiteralPath $exePath -PathType Leaf -ErrorAction SilentlyContinue)) {try {$sig = Get-AuthenticodeSignature -FilePath $exePath -ErrorAction Stopif ($sig.SignerCertificate) {$subject = $sig.SignerCertificate.Subject$issuer = $sig.SignerCertificate.Issuer$signerInfo = "$subject;$issuer"# 检查是否微软签名if ($signerInfo -match 'Microsoft|Windows') {$isMicrosoft = $true}} else {$signerInfo = '未签名'}} catch {$signerInfo = "签名错误: $($_.Exception.Message)"}} else {$signerInfo = '路径无效或非文件'}}if (-not $isMicrosoft) {[PSCustomObject]@{Name        = $_.NameDisplayName = $_.DisplayNameStartMode   = $_.StartModeState       = $_.StateCompany     = $signerInfo}}
} |
Sort-Object DisplayName |
Format-Table -AutoSize -Property Name, DisplayName, StartMode, State, Company

虽然powershell 直接可以执行但ps1的执行不如bat方便，因此制作了此脚本，非加密

powershell -EncodedCommand "RwBlAHQALQBDAGkAbQBJAG4AcwB0AGEAbgBjAGUAIAAtAEMAbABhAHMAcwBOAGEAbQBlACAAVwBpAG4AMwAyAF8AUwBlAHIAdgBpAGMAZQAgAHwACgAgAFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0ACAAewAgACQAXwAuAFMAdABhAHQAZQAgAC0AZQBxACAAJwBSAHUAbgBuAGkAbgBnACcAIAAtAGEAbgBkACAAJABfAC4AUwB0AGEAcgB0AE0AbwBkAGUAIAAtAG4AZQAgACcARABpAHMAYQBiAGwAZQBkACcAIAB9ACAAfAAKAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsACgAgACAAIAAgACQAaQBzAE0AaQBjAHIAbwBzAG8AZgB0ACAAPQAgACQAZgBhAGwAcwBlAAoAIAAgACAAIAAkAHMAaQBnAG4AZQByAEkAbgBmAG8AIAA9ACAAJwDgZe9TZ2JMiO+NhF8nAAoACgAgACAAIAAgAGkAZgAgACgAJABfAC4AUABhAHQAaABOAGEAbQBlACkAIAB7AAoAIAAgACAAIAAgACAAIAAgACMAIADQY9ZT71NnYkyIh2X2Tu+NhF8I/wRZBnQmXhVf91MvAMJTcGWEdu+NhF8J/woAIAAgACAAIAAgACAAIAAgACQAZQB4AGUAUABhAHQAaAAgAD0AIAAkAF8ALgBQAGEAdABoAE4AYQBtAGUALgBUAHIAaQBtACgAKQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAZQB4AGUAUABhAHQAaAAgAC0AbQBhAHQAYwBoACAAJwBeAFwAIgAoAC4AKwA/ACkAXAAiACcAKQAgAHsACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAeABlAFAAYQB0AGgAIAA9ACAAJABtAGEAdABjAGgAZQBzAFsAMQBdACAAIAAjACAA0GPWUxVf91OFUe+NhF8KACAAIAAgACAAIAAgACAAIAB9ACAAZQBsAHMAZQAgAHsACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAeABlAFAAYQB0AGgAIAA9ACAAJABlAHgAZQBQAGEAdABoAC4AUwBwAGwAaQB0ACgAJwAgACcAKQBbADAAXQAgACAAIwAgANZTLHsATipOeno8aE1ShHbokAZSCgAgACAAIAAgACAAIAAgACAAfQAKAAoAIAAgACAAIAAgACAAIAAgACMAIACMmsGLL2YmVDpOh2X2Tgj/XpfudlVfCf8UTlhbKFcKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAZQB4AGUAUABhAHQAaAAgAC0AYQBuAGQAIAAoAFQAZQBzAHQALQBQAGEAdABoACAALQBMAGkAdABlAHIAYQBsAFAAYQB0AGgAIAAkAGUAeABlAFAAYQB0AGgAIAAtAFAAYQB0AGgAVAB5AHAAZQAgAEwAZQBhAGYAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQApACAAewAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5ACAAewAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABzAGkAZwAgAD0AIABHAGUAdAAtAEEAdQB0AGgAZQBuAHQAaQBjAG8AZABlAFMAaQBnAG4AYQB0AHUAcgBlACAALQBGAGkAbABlAFAAYQB0AGgAIAAkAGUAeABlAFAAYQB0AGgAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAdABvAHAACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJABzAGkAZwAuAFMAaQBnAG4AZQByAEMAZQByAHQAaQBmAGkAYwBhAHQAZQApACAAewAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAHMAdQBiAGoAZQBjAHQAIAA9ACAAJABzAGkAZwAuAFMAaQBnAG4AZQByAEMAZQByAHQAaQBmAGkAYwBhAHQAZQAuAFMAdQBiAGoAZQBjAHQACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABpAHMAcwB1AGUAcgAgAD0AIAAkAHMAaQBnAC4AUwBpAGcAbgBlAHIAQwBlAHIAdABpAGYAaQBjAGEAdABlAC4ASQBzAHMAdQBlAHIACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABzAGkAZwBuAGUAcgBJAG4AZgBvACAAPQAgACIAJABzAHUAYgBqAGUAYwB0ADsAJABpAHMAcwB1AGUAcgAiAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACMAIADAaOVnL2YmVK5fb49+ew1UCgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAHMAaQBnAG4AZQByAEkAbgBmAG8AIAAtAG0AYQB0AGMAaAAgACcATQBpAGMAcgBvAHMAbwBmAHQAfABXAGkAbgBkAG8AdwBzACcAKQAgAHsACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcwBNAGkAYwByAG8AcwBvAGYAdAAgAD0AIAAkAHQAcgB1AGUACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQAgAGUAbABzAGUAIAB7AAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcwBpAGcAbgBlAHIASQBuAGYAbwAgAD0AIAAnACpnfnsNVCcACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB9ACAAYwBhAHQAYwBoACAAewAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABzAGkAZwBuAGUAcgBJAG4AZgBvACAAPQAgACIAfnsNVBmV74s6ACAAJAAoACQAXwAuAEUAeABjAGUAcAB0AGkAbwBuAC4ATQBlAHMAcwBhAGcAZQApACIACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB9AAoAIAAgACAAIAAgACAAIAAgAH0AIABlAGwAcwBlACAAewAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcwBpAGcAbgBlAHIASQBuAGYAbwAgAD0AIAAnAO+NhF/gZUhlFmJel4dl9k4nAAoAIAAgACAAIAAgACAAIAAgAH0ACgAgACAAIAAgAH0ACgAKACAAIAAgACAAaQBmACAAKAAtAG4AbwB0ACAAJABpAHMATQBpAGMAcgBvAHMAbwBmAHQAKQAgAHsACgAgACAAIAAgACAAIAAgACAAWwBQAFMAQwB1AHMAdABvAG0ATwBiAGoAZQBjAHQAXQBAAHsACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABOAGEAbQBlACAAIAAgACAAIAAgACAAIAA9ACAAJABfAC4ATgBhAG0AZQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAEQAaQBzAHAAbABhAHkATgBhAG0AZQAgAD0AIAAkAF8ALgBEAGkAcwBwAGwAYQB5AE4AYQBtAGUACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABTAHQAYQByAHQATQBvAGQAZQAgACAAIAA9ACAAJABfAC4AUwB0AGEAcgB0AE0AbwBkAGUACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABTAHQAYQB0AGUAIAAgACAAIAAgACAAIAA9ACAAJABfAC4AUwB0AGEAdABlAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAQwBvAG0AcABhAG4AeQAgACAAIAAgACAAPQAgACQAcwBpAGcAbgBlAHIASQBuAGYAbwAKACAAIAAgACAAIAAgACAAIAB9AAoAIAAgACAAIAB9AAoAfQAgAHwACgBTAG8AcgB0AC0ATwBiAGoAZQBjAHQAIABEAGkAcwBwAGwAYQB5AE4AYQBtAGUAIAB8AAoARgBvAHIAbQBhAHQALQBUAGEAYgBsAGUAIAAtAEEAdQB0AG8AUwBpAHoAZQAgAC0AUAByAG8AcABlAHIAdAB5ACAATgBhAG0AZQAsACAARABpAHMAcABsAGEAeQBOAGEAbQBlACwAIABTAHQAYQByAHQATQBvAGQAZQAsACAAUwB0AGEAdABlACwAIABDAG8AbQBwAGEAbgB5AA=="

查看全文

http://www.dtcms.com/a/317225.html