先看一下官方的教程:
NirCMD 虽然只有30KB,但是功能非常强大,尤其是对底层的操作,是第三方命令行扩展必备的工具!
想摆脱用 ping 延时耗资源又不准确的尴尬局面吗?想试试批处理控制键盘鼠标指哪打哪的快感吗?想把运行中的程序剥开,干点什么坏事吗?哈哈,还没接触过它的快快行动吧,下载下来放到 system32 里面去吧!!!
本人一向喜欢实验,至于什么弹弹光驱、创建快捷方式、改改注册表、弹个什么图形界面对话框这些玩意今天就不说了,今天给你们见识几个更高级,也更有意思的看得见的例子。
(注意:1 所有的都是隐藏运行,你试完过后记得杀掉cmd进程 ;2 其实隐藏自身也是可以用 NirCMD搞定的,但是我没这么做; 3 最后一个代码我没说怎么破解,你们自己试试先。。)
请到此官方网站下载:
http://www.nirsoft.net/utils/nircmd.html
我现在用的是 NirCmd v2.37
==========================================================
No 1. QQ2009 监控。(以程序本质为监控依据)
-------------------------
各位公司老板,各位部门经理,我向你们推荐写的脚本,简单实用,你们不用再那么麻烦去封端口啦,直接运行个服务,把我的批处理加到电脑就好了,嘿嘿。。。。。
第一个。这个是装在老板机器上的,只有以前登陆过的号码才可以登陆。
禁止别人在本机登陆QQ2009.bat
CODE: [Copy to clipboard]
--------------------------------------------------------------------------------
@echo off
if "%1" neq "" goto ching
start mshta vbscript:execute("createobject(""wscript.shell"").run ""%~s0 ching"", 0, false:window.close")
exit
:: 经测试,不能用NIRCMD自己的loop循环,否则的话重启QQ再打开就会失效。
:ching
nircmd win child class TXGuiFoundation disable class ATL:30A4E1D8
nircmd wait 1000
goto ching
第二个。这个是装在员工机器上的(看你怎么登,哼;就是已经登了也让你用不了,哼哼)。
禁止使用QQ2009.bat
CODE: [Copy to clipboard]
--------------------------------------------------------------------------------
@echo off
if "%1" neq "" goto ching
start mshta vbscript:execute("createobject(""wscript.shell"").run ""%~s0 ching"", 0, false:window.close")
exit
:ching
nircmd win child class TXGuiFoundation hide class Edit
nircmd win disable class TXGuiFoundation
nircmd wait 1000
goto ching
-------------------------------------------------------------------
No.2 网络信息浏览监控(以表面信息为监控依据)
第一个。
想在我机器上登陆人人网?开心网?QQ空间?还想偷菜?!! 门都没有!就是baidugoogle里面查一下都不许!!
(哼,IE不让上我换360安全浏览器上就是。)
你尽管试试,别说这垃圾浏览器,火狐也不行。
禁止偷菜.bat
CODE: [Copy to clipboard]
--------------------------------------------------------------------------------
@echo off
if "%1" neq "" goto ching
start mshta vbscript:execute("createobject(""wscript.shell"").run ""%~s0 ching"", 0, false:window.close")
exit
:ching
nircmd win sendmsg ititle "人人网" 0x0B 0 0
nircmd win sendmsg ititle "开心网" 0x0B 0 0
nircmd win sendmsg ititle "qzone.qq.com" 0x0B 0 0
nircmd wait 5000
goto ching
*** 2009-12-18 添加 ***
上面的代码注重的是通用性,任何浏览器或者任何程序窗口标题符合条件都将被封锁以致崩溃,下面是一个精确封杀的例子,效果是在 IE8 浏览器中登陆相关网站时,相应的选项卡中内容就看不见以致不能操作:
CODE: [Copy to clipboard]
--------------------------------------------------------------------------------
@echo off
if "%1" neq "" goto ching
start mshta vbscript:execute("createobject(""wscript.shell"").run ""%~s0 ching"", 0, false:window.close")
exit
:: 在IE8中禁止上一些网站
:ching
for %%i in ("人人网","开心网","qzone.qq.com") do (
nircmd win child class "IEFrame" child class "Frame Tab" hide ititle %%i
)
nircmd wait 5000
goto ching
--------------------------------
No.3 难道是 explorer.exe 被病毒感染了?我怎么什么都看不到啊??
掏空EXPLORER.bat
CODE: [Copy to clipboard]
--------------------------------------------------------------------------------
@echo off
if "%1" neq "" goto ching
start mshta vbscript:execute("createobject(""wscript.shell"").run ""%~s0 ching"", 0, false:window.close")
exit
:ching
nircmd win trans class "CabinetWClass" 0
nircmd wait 1000
goto ching
要改回来请用
CODE: [Copy to clipboard]
--------------------------------------------------------------------------------
nircmd win trans class "CabinetWClass" 255
0 到 255 是透明度的意思,值得说明的是当值大于0时,窗口时镂空的,即在那个相框里面点鼠标实际上是点到它下一层,也就是你实际看到的东西;而大于0时,就是半透明效果,点到的是这个窗口之内的东西,即使你肉眼看不到。
----------------------------------------
No. 4 我的电脑你别动!!!
(卧槽,这么狂?我可知道你密码,看你怎么防!)
可惜啊,知道我的密码不够,还得信 Spring Brother 才行啊!
电脑死了.bat
CODE: [Copy to clipboard]
--------------------------------------------------------------------------------
@echo off
if "%1" neq "" goto ching
start mshta vbscript:execute("createobject(""wscript.shell"").run ""%~s0 ching"", 0, false:window.close")
exit
:ching
nircmd win disable class "Shell_TrayWnd"
nircmd win disable class "Progman"
nircmd win disable class "CabinetWClass"
nircmd wait 1000
goto ching
别怕,我有解药:
CODE: [Copy to clipboard]
--------------------------------------------------------------------------------
@echo off
nircmd win enable class "Shell_TrayWnd"
nircmd win enable class "Progman"
nircmd win enable class "CabinetWClass"
Version 2 --- 凝固并临时锁定屏幕
凝固屏幕.bat
CODE: [Copy to clipboard]
--------------------------------------------------------------------------------
@echo off
nircmd win activate class ConsoleWindowClass
nircmd setcursorwin 10 10
nircmd sendmouse right down
pause
nircmd sendmouse right up
(请勿删除 pause !!!)
单机鼠标右键即可退出此状态
Version 3 ---- 草,电脑被病毒控制了!菜鸟小心!!
(此批处理程序:你知道我这次为什么不隐身吗?嘿嘿嘿。。。)
人和电脑比手速.bat
CODE: [Copy to clipboard]
--------------------------------------------------------------------------------
@echo off
title (C)2009 『据说是李先生』
echo 我靠,电脑中病毒了,没办法,重启吧。。。
nircmd win hide class "Shell_TrayWnd"
nircmd win hide class "Progman"
nircmd win hide class "CabinetWClass"
:ching
nircmd win activate class ConsoleWindowClass
nircmd win activete title "(C)2009 『据说是李先生』"
nircmd setcursorwin 10 10
nircmd sendmouse right down
nircmd wait 100
goto ching
(好怕怕,他还没给解药就跑啦!!!)
*** 2009-12-18 添加 ***
附件已经上传,里面包含这个的退出方法,以及网上找的中文说明文档
Examples of what you can do with NirCmd
Open the door of J: CD-ROM drive nircmd.exe cdrom open j:
Close the door of Y: CD-ROM drive nircmd.exe cdrom close y:
Speaks the text currently in the clipboard (For Windows XP and Vista). speak text ~$clipboard$
Increase the system volume by 2000 units (out of 65535) nircmd.exe changesysvolume 2000
Decrease the system volume by 5000 units (out of 65535) nircmd.exe changesysvolume -5000
Set the volume to the highest value nircmd.exe setsysvolume 65535
Mute the system volume nircmd.exe mutesysvolume 1
Unmute the system volume nircmd.exe mutesysvolume 0
Switch the system volume between the mute and normal state. nircmd.exe mutesysvolume 2
Create a shortcut on your desktop that switch the system volume between the mute and normal state. nircmd.exe cmdshortcut "~$folder.desktop$" "Switch Volume" mutesysvolume 2
Turn off the monitor nircmd.exe monitor off
Start the default screen saver nircmd.exe screensaver
Put your computer in 'standby' mode nircmd.exe standby
log off the current user nircmd.exe exitwin logoff
Ask if you want to reboot, and if you answer 'Yes', reboot the computer. nircmd.exe qboxcom "Do you want to reboot ?" "question" exitwin reboot
Turn off your computer nircmd.exe exitwin poweroff
Turn off all computers specified in computers.txt ! multiremote copy "c:\temp\computers.txt" exitwin poweroff force
Dial to "My Internet" connection nircmd.exe rasdial "My Internet"
Disconnect the "My Internet" connection nircmd.exe rashangup "My Internet"
Make your Internet Explorer windows 75% transparent ! (192 / 256) nircmd.exe win trans ititle "internet explorer" 192
Minimize all your Internet Explorer windows nircmd.exe win min class "IEFrame"
Close all your Internet Explorer windows nircmd.exe win close class "IEFrame"
Close all your Explorer windows (My Computer, folders, and so on) nircmd.exe win close class "CabinetWClass"
Hide all your Internet Explorer windows nircmd.exe win hide class "IEFrame"
Show all your Internet Explorer windows (after you made them hidden with previous example) nircmd.exe win show class "IEFrame"
Center all top-level windows nircmd.exe win center alltop
Remove the title bar of My Computer window. nircmd.exe win -style title "my computer" 0x00C00000
Return the title bar of My Computer window that we removed in the previous example. nircmd.exe win +style title "my computer" 0x00C00000
Set the My Computer window to right-to-left order (For hebrew and arabic languages) nircmd win +exstyle title "my computer" 0x00400000
Set all child windows of My Computer window to right-to-left order (For hebrew and arabic languages) nircmd win child title "my computer" +exstyle all 0x00400000
Create a shortcut on your desktop that closes all your Internet Explorer windows nircmd.exe cmdshortcut " "~$folder.desktop$ "Close All IE" win close class "IEFrame"
Create a shortcut on your desktop that hides all your Internet Explorer windows nircmd.exe cmdshortcut " "~$folder.desktop$ "Hide All IE" win hide class "IEFrame"
Create a shortcut on your desktop that shows back all your Internet Explorer windows nircmd.exe cmdshortcut " "~$folder.desktop$ "Show All IE" win show class "IEFrame"
Set the Windows Calculator as top-most window (above all other windows) nircmd.exe win settopmost title "Calculator" 1
Set the Windows Calculator back to regular window (non top-most window) nircmd.exe win settopmost title "Calculator" 0
Create a shortcut to Windows calculator under Start Menu->Programs->Calculators nircmd.exe shortcut "f:\winnt\system32\calc.exe" "~$folder.programs$\Calculators" "Windows Calculator"
Hide the desktop window nircmd.exe win hide class progman
Show the desktop window (After hiding it in previous example) nircmd.exe win show class progman
Hide the start button on the system tray nircmd.exe win child class "Shell_TrayWnd" hide class "button"
Show the start button on the system tray nircmd.exe win child class "Shell_TrayWnd" show class "button"
Hide the clock on the system tray nircmd.exe win child class "Shell_TrayWnd" hide class "TrayClockWClass"
Show the clock on the system tray nircmd.exe win child class "Shell_TrayWnd" show class "TrayClockWClass"
Kill (terminate) all instance of Internet Explorer processes nircmd.exe killprocess iexplore.exe
Create a shortcut on your desktop that opens the door of K: CDROM drive when you run it. nircmd.exe cmdshortcut "~$folder.desktop$" "Open CDROM" cdrom open k:
Create a shortcut to NirSoft Web site on your desktop nircmd.exe urlshortcut "http://www.nirsoft.net" "~$folder.desktop$" "NirSoft"
Add NirSoft Web site to your Favorities under Links folder. nircmd.exe urlshortcut "http://www.nirsoft.net" "~$folder.favorites$\Links" "NirSoft"
Create a shortcut to NirSoft Web site on the desktop of all computers listed in computers.txt nircmd.exe multiremote copy "c:\temp\computers.txt" urlshortcut "http://www.nirsoft.net" "~$folder.common_desktop$" "NirSoft"
Set the display mode to 800x600x24bit colors nircmd.exe setdisplay 800 600 24
Create a shortcut on the desktop that set the display mode to 800x600x24bit colors nircmd.exe cmdshortcut "~$folder.desktop$" "800x600x24" setdisplay 800 600 24
Copy all shortcuts on your desktop to another folder (f:\temp\desktop). nircmd.exe execmd copy "~$folder.desktop$\*.lnk" f:\temp\desktop
Restart your Apache server (under Windows NT/2000/XP/2003) nircmd.exe service restart apache
Create a shortcut on your desktop that restarts the Apache server nircmd.exe cmdshortcut "~$folder.desktop$" "Restart Apache" service restart apache
Restart your IIS nircmd.exe service restart w3svc
Restart MySql nircmd.exe service restart MySql
Open the desired Registry key/value in RegEdit nircmd.exe regedit "HKLM\Software\Microsoft\Windows\CurrentVersion" "CommonFilesDir"
Open the Registry key that you copied to the clipboard in RegEdit. nircmd regedit "~$clipboard$"
Disable the screen saver nircmd.exe regsetval sz "HKCU\control panel\desktop" "ScreenSaveActive" 0
Enable the screen saver nircmd.exe regsetval sz "HKCU\control panel\desktop" "ScreenSaveActive" 1
Change the date/time of the specified filename (creation time and modified time) nircmd.exe setfiletime "c:\temp\myfile.txt" "24-06-2003 17:57:11" "22-11-2005 10:21:56"
Copy your desktop folder path to the clipboard nircmd.exe clipboard set ~$folder.desktop$
Copy your start menu folder path to the clipboard nircmd.exe clipboard set ~$folder.start_menu$
Copy the content of info1.txt (simple text file) to the clipboard nircmd.exe clipboard readfile "c:\My Files\info1.txt"
Add the text content of clipboard to info1.txt nircmd.exe clipboard addfile "c:\My Files\info1.txt"
Clear the clipboard nircmd.exe clipboard clear
Create all folders specified in "c:\temp\folders.txt". The folder path names are separated by CRLF characters. nircmd.exe paramsfile "c:\temp\folders.txt" "" "" execmd md ~$fparam.1$
Install the specified .NET assembly in the global assembly cache (like gacutil) nircmd.exe gac install "C:\temp\MyAssembly\bin\MyAssembly.dll"
Empty the recycle bin in all drives. nircmd.exe emptybin
Answer 'Yes' to a standard Windows message-box. nircmd.exe dlg "" "" click yes
Wait 2 seconds, and then save the current screen to shot.png nircmd.exe cmdwait 2000 savescreenshot "f:\temp\shot.png"
Save 10 screenshots in a loop, and wait 60 seconds between the screenshot save calls. The filenames of the screenshot will contain the time and date of the saved screenshot. nircmd.exe loop 10 60000 savescreenshot c:\temp\scr~$currdate.MM_dd_yyyy$-~$currtime.HH_mm_ss$.png
Wait until Firefox is closed, and then say "Firefox was closed" waitprocess firefox.exe speak text "Firefox was closed"