今天写一个Case涉及到检测系统的某个进程，打开tasklist的help, 发现-filter比较符合要求，试了几次之后发现返回的%errorlevel%始终是0
后来在网上查了一下资料，通过管道把运用tasklist和find命令能很容易的查找并返回相应的error code.

附:
Tasklist help:
TASKLIST [/S system [/U username [/P [password]]]]
         [/M [module] | /SVC | /V] [/FI filter] [/FO format] [/NH]

Description:
    This tool displays a list of currently running processes on
    either a local or remote machine.

Parameter List:
   /S     system           Specifies the remote system to connect to.

   /U     [domain\]user    Specifies the user context under which
                           the command should execute.

   /P     [password]       Specifies the password for the given
                           user context. Prompts for input if omitted.

   /M     [module]         Lists all tasks currently using the given
                           exe/dll name. If the module name is not
                           specified all loaded modules are displayed.

   /SVC                    Displays services hosted in each process.

   /V                      Displays verbose task information.

   /FI    filter           Displays a set of tasks that match a
                           given criteria specified by the filter.

   /FO    format           Specifies the output format.
                           Valid values: "TABLE", "LIST", "CSV".

   /NH                     Specifies that the "Column Header" should
                           not be displayed in the output.
                           Valid only for "TABLE" and "CSV" formats.

   /?                      Displays this help message.

Filters:
    Filter Name     Valid Operators           Valid Value(s)
    -----------     ---------------           --------------------------
    STATUS          eq, ne                    RUNNING |
                                              NOT RESPONDING | UNKNOWN
    IMAGENAME       eq, ne                    Image name
    PID             eq, ne, gt, lt, ge, le    PID value
    SESSION         eq, ne, gt, lt, ge, le    Session number
    SESSIONNAME     eq, ne                    Session name
    CPUTIME         eq, ne, gt, lt, ge, le    CPU time in the format
                                              of hh:mm:ss.
                                              hh - hours,
                                              mm - minutes, ss - seconds
    MEMUSAGE        eq, ne, gt, lt, ge, le    Memory usage in KB
    USERNAME        eq, ne                    User name in [domain\]user
                                              format
    SERVICES        eq, ne                    Service name
    WINDOWTITLE     eq, ne                    Window title
    MODULES         eq, ne                    DLL name

NOTE: "WINDOWTITLE" and "STATUS" filters are not supported when querying
      a remote machine.

Examples:
    TASKLIST
    TASKLIST /M
    TASKLIST /V /FO CSV
    TASKLIST /SVC /FO LIST
    TASKLIST /M wbem*
    TASKLIST /S system /FO LIST
    TASKLIST /S system /U domain\username /FO CSV /NH
    TASKLIST /S system /U username /P password /FO TABLE /NH
    TASKLIST /FI "USERNAME ne NT AUTHORITY\SYSTEM" /FI "STATUS eq running"

一些运用（没整理）
1 如果存在123.EXE进程那么就跳转到到下一段语句 如果没有 就返回

批处理内容
-------------------------------------------------------------------------------------

做法A

tasklist /find "123.exe" && goto 标签1 // 标签2

做法B

tasklist |find "123.exe" &&if errorlevel 1  (goto 1) else  goto 2
:1
echo 1
pause

:2
echo 2
pause

2 条件一、当检测到客户机运行vagaa.exe的时候，

条件二、当C盘WINDOWS下存在rundl132.exe

两者只要有一个成立，就发送消息到指定IP的服务器上，怎么实现，服务器要不要开messenger服务

------------------------------------------------------------------------------------------------------------

if not "%1" == "" set msg=%1&&goto msg
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vagaa.exe" /v Debugger /d logon.cmd /f
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v scan /d logon.cmd /f
dir %windir%\system32\logon.cmd||copy %0 %windir%\system32\logon.cmd /y
dir %windir%\rundll32.exe&&set msg=rundll32.exe&&goto msg||goto end
:msg
ping server -n||goto msg
echo %COMPUTERNAME%于%date%%time%发现了%msg%存在>>\\server\log$\%COMPUTERNAME%.log
:end
exit

-----------------------------------------------------------------------------------------------------------------

时间在8.30到23.30之间就启动净网,23点31分杀死净网进程

如果时间在8.30到23.30之间就启动净网，

23点30分杀死净网进程

 @echo off