Board logo

标题: [转贴] VBS脚本实现监视进程创建与删除 [打印本页]

作者: find    时间: 2012-1-6 14:15     标题: VBS脚本实现监视进程创建与删除

监视进程的创建,在每次创建新的进程时,临时事件消费程序都发出警报。

1.监视进程的创建
  1. strComputer = "."
  2. Set objWMIService = GetObject("winmgmts:" _
  3. & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
  4. Set colMonitoredProcesses = objWMIService. _
  5. ExecNotificationQuery("select * from __instancecreationevent " _
  6. & " within 1 where TargetInstance isa 'Win32_Process'")
  7. i = 0
  8. Do While i = 0
  9. Set objLatestProcess = colMonitoredProcesses.NextEvent
  10. Wscript.Echo objLatestProcess.TargetInstance.Name
  11. Loop
复制代码
2.监视进程的删除,在每次进程终止时,临时事件消费程序都发出警报。
  1. strComputer = "."
  2. Set objWMIService = GetObject("winmgmts:" _
  3. & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
  4. Set colMonitoredProcesses = objWMIService. _
  5. ExecNotificationQuery("select * from __instancedeletionevent " _
  6. & "within 1 where TargetInstance isa 'Win32_Process'")
  7. i = 0
  8. Do While i = 0
  9. Set objLatestProcess = colMonitoredProcesses.NextEvent
  10. Wscript.Echo objLatestProcess.TargetInstance.Name
  11. Loop
复制代码
3.监视进程使用处理器的情况
  1. strComputer = "."
  2. Set objWMIService = GetObject("winmgmts:" _
  3. & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
  4. Set colProcesses = objWMIService.ExecQuery _
  5. ("Select * from Win32_process")
  6. For Each objProcess in colProcesses
  7. sngProcessTime = ( CSng(objProcess.KernelModeTime) + _
  8. CSng(objProcess.UserModeTime)) / 10000000
  9. Wscript
复制代码

作者: Demon    时间: 2012-1-6 14:24

转载连个出处都没有。




欢迎光临 批处理之家 (http://www.bathome.net/) Powered by Discuz! 7.2