1.监视进程的创建
复制代码代码如下:
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!//" & strComputer & "/root/cimv2")
Set colMonitoredProcesses = objWMIService. _
ExecNotificationQuery("select * from __instancecreationevent " _
& " within 1 where TargetInstance isa 'Win32_Process'")
i = 0
Do While i = 0
Set objLatestProcess = colMonitoredProcesses.NextEvent
Wscript.Echo objLatestProcess.TargetInstance.Name
Loop
2.监视进程的删除,在每次进程终止时,临时事件消费程序都发出警报。
复制代码代码如下:
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!//" & strComputer & "/root/cimv2")
Set colMonitoredProcesses = objWMIService. _
ExecNotificationQuery("select * from __instancedeletionevent " _
& "within 1 where TargetInstance isa 'Win32_Process'")
i = 0
Do While i = 0
Set objLatestProcess = colMonitoredProcesses.NextEvent
Wscript.Echo objLatestProcess.TargetInstance.Name
Loop
3.监视进程使用处理器的情况
复制代码代码如下:
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!//" & strComputer & "/root/cimv2")
Set colProcesses = objWMIService.ExecQuery _
("Select * from Win32_process")
For Each objProcess in colProcesses
sngProcessTime = ( CSng(objProcess.KernelModeTime) + _
CSng(objProcess.UserModeTime)) / 10000000
Wscript
参考链接:
参考: http://hi.baidu.com/%B1%F9%D0%C4%B3%D5/blog/item/5691a1c3146ded55b219a861.html http://demon.tw/programming/vbs-monitoring-process-creation-and-deletion.html
