|
说明书里是上面,照这样写,新版这些版本PECMD,输出不对.
- FORX * X86 AMD64,&F,
- {
- //优先检测离线win目录下SERVICING\VERSION目录下的文件来识别
- FORX /S %&FD%\WINDOWS\SERVICING\VERSION\%&F%_INSTALLED,&VT,1,
- {
- FDIR &F=%&VT%
- STRL &I=%&F%
- STRL &J=%&FD%\WINDOWS\SERVICING\VERSION\
- CALC #&I=%&I%-%&J%
- RSTR WVER=%&I%,%&F%
- }
- FIND $%WVER%=NUL,!EXIT FORX
- }
- FIND $%WVER%=NUL,IFEX %WINDIR%\SYSTEM32\WBEM\WMIC.EXE,
- {
- // 其实较为精准可靠的是WMIC识别,奈何很多PE精简了WMCI组件,如果上面的方法失败,试用本法
- WRIT %TEMP%\GETLXWV.CMD,+0,if not exist "%~1" goto :aaa
- WRIT %TEMP%\GETLXWV.CMD,+0,if %~2 lss 1 goto :aaa
- WRIT %TEMP%\GETLXWV.CMD,+0,set "f1=%~1"
- WRIT %TEMP%\GETLXWV.CMD,+0,for /f "skip=1 tokens=1-2 delims=. " %%a in ('wmic datafile where name^="%f1:\=\\%" get Version') do (reg add "HKLM\SYSTEM\Setup" /f /v "WVER-%~2" /t REG_SZ /d "%%a.%%b"&goto :aaa)
- WRIT %TEMP%\GETLXWV.CMD,+0,:aaa
- WRIT %TEMP%\GETLXWV.CMD,+0,del "%~0" /f
- EXEC =%TEMP%\GETLXWV.CMD %~1 %WI%
- REGI $HKLM\SYSTEM\Setup\WVER-%WI%,WVER
- }
- // 由于发现最近期的这些PECMD.exe SITE命令在识别离线或在线Windows 10 系统文件的时候把10.0.xxxx识别为6.2.xxxx,才有上面两种方法来识别离线windows版本的代码,如果上面的都失败,才用下面这条PECMD.exe SITE命令
- FIND $%WVER%=NUL,SITE ?WVER=FVER,%~1
复制代码
|
|