用VBS监视进程创建和删除

标签: , , ,

微软脚本中心里的例子,用到了WMI事件,抄下来备查。

监视进程的创建,在每次创建新的进程时,临时事件消费程序都发出警报。

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colMonitoredProcesses = objWMIService. _
    ExecNotificationQuery("select * from __instancecreationevent " _
        & " within 1 where TargetInstance isa 'Win32_Process'")
i = 0
Do While i = 0
    Set objLatestProcess = colMonitoredProcesses.NextEvent
    Wscript.Echo objLatestProcess.TargetInstance.Name
Loop

监视进程的删除,在每次进程终止时,临时事件消费程序都发出警报。

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colMonitoredProcesses = objWMIService. _
    ExecNotificationQuery("select * from __instancedeletionevent " _
            & "within 1 where TargetInstance isa 'Win32_Process'")
i = 0
Do While i = 0
    Set objLatestProcess = colMonitoredProcesses.NextEvent
    Wscript.Echo objLatestProcess.TargetInstance.Name
Loop

参考链接:

  1. 监视进程的创建
  2. 监视进程的删除
赞赏

微信赞赏支付宝赞赏

随机文章:

  1. VBS读取文本文件函数ReadTextFile
  2. VBS Scripting.Dictionary字典对象按键名Key进行冒泡排序
  3. 用C语言实现PHP的basename函数
  4. 会Python的人,你惹不起
  5. VBS关键字和保留字

2 条评论 发表在“用VBS监视进程创建和删除”上

  1. fio说道:

    老兄,你那个解压的帖子,调用复制错啦,麻烦改下哦

  2. john说道:

    微软链接失效。creat delet 不仔细看还真看不出来。坦白说我是用 UltraCompare 文本比较才发现。

fio 留下回复