版权声明:严禁将博客中涉及到的技术用于恶意破坏,如果造成法律责任,博主概不负责! https://blog.csdn.net/Fly_hps/article/details/88029600
Powershell获得未签名的进程路径,代码如下:
$Process = Get-WmiObject Win32_Process | Select Path
foreach($p in $Process){
if($p.Path -ne $null){
$Signa = Get-AuthenticodeSignature $p.Path
if($Signa.Status -eq 'NotSigned'){
Write-Host $Signa.Path
}
}
}
效果如下: