标题: [转贴] VBS脚本实现监视进程创建与删除 [打印本页]
作者: find 时间: 2012-1-6 14:15 标题: VBS脚本实现监视进程创建与删除
监视进程的创建,在每次创建新的进程时,临时事件消费程序都发出警报。
1.监视进程的创建- strComputer = "."
- Set objWMIService = GetObject("winmgmts:" _
- & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
- Set colMonitoredProcesses = objWMIService. _
- ExecNotificationQuery("select * from __instancecreationevent " _
- & " within 1 where TargetInstance isa 'Win32_Process'")
- i = 0
- Do While i = 0
- Set objLatestProcess = colMonitoredProcesses.NextEvent
- Wscript.Echo objLatestProcess.TargetInstance.Name
- Loop
2.监视进程的删除,在每次进程终止时,临时事件消费程序都发出警报。- strComputer = "."
- Set objWMIService = GetObject("winmgmts:" _
- & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
- Set colMonitoredProcesses = objWMIService. _
- ExecNotificationQuery("select * from __instancedeletionevent " _
- & "within 1 where TargetInstance isa 'Win32_Process'")
- i = 0
- Do While i = 0
- Set objLatestProcess = colMonitoredProcesses.NextEvent
- Wscript.Echo objLatestProcess.TargetInstance.Name
- Loop
3.监视进程使用处理器的情况- strComputer = "."
- Set objWMIService = GetObject("winmgmts:" _
- & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
- Set colProcesses = objWMIService.ExecQuery _
- ("Select * from Win32_process")
- For Each objProcess in colProcesses
- sngProcessTime = ( CSng(objProcess.KernelModeTime) + _
- CSng(objProcess.UserModeTime)) / 10000000
- Wscript
作者: Demon 时间: 2012-1-6 14:24
转载连个出处都没有。
| 欢迎光临 批处理之家 (http://bbs.bathome.net/) |
Powered by Discuz! 7.2 |