用VBS监视进程创建和删除

标签: , , ,

微软脚本中心里的例子,用到了WMI事件,抄下来备查。

监视进程的创建,在每次创建新的进程时,临时事件消费程序都发出警报。

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colMonitoredProcesses = objWMIService. _
    ExecNotificationQuery("select * from __instancecreationevent " _
        & " within 1 where TargetInstance isa 'Win32_Process'")
i = 0
Do While i = 0
    Set objLatestProcess = colMonitoredProcesses.NextEvent
    Wscript.Echo objLatestProcess.TargetInstance.Name
Loop

监视进程的删除,在每次进程终止时,临时事件消费程序都发出警报。

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colMonitoredProcesses = objWMIService. _
    ExecNotificationQuery("select * from __instancedeletionevent " _
            & "within 1 where TargetInstance isa 'Win32_Process'")
i = 0
Do While i = 0
    Set objLatestProcess = colMonitoredProcesses.NextEvent
    Wscript.Echo objLatestProcess.TargetInstance.Name
Loop

参考链接:

  1. 监视进程的创建
  2. 监视进程的删除

随机文章:

  1. 再谈Msxml2.XMLHTTP、Msxml2.ServerXMLHTTP与缓存
  2. PHP & JavaScript: UTF-16 to UTF-8
  3. Windows下编译cURL
  4. “画蛇添足”的Python
  5. OpenWrt利用DNSPod实现动态域名解析DDNS

2 条评论 发表在“用VBS监视进程创建和删除”上

  1. fio说道:

    老兄,你那个解压的帖子,调用复制错啦,麻烦改下哦

  2. john说道:

    微软链接失效。creat delet 不仔细看还真看不出来。坦白说我是用 UltraCompare 文本比较才发现。

留下回复