strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!//" & strComputer & "/root/cimv2") Set colMonitoredProcesses = objWMIService. _ ExecNotificationQuery("select * from __instancecreationevent " _ & " within 1 where TargetInstance isa 'Win32_Process'") i = 0 Do While i = 0 Set objLatestProcess = colMonitoredProcesses.NextEvent Wscript.Echo objLatestProcess.TargetInstance.Name Loop
2.監視進程的刪除,在每次進程終止時,臨時事件消費程序都發出警報。
復制代碼 代碼如下:
strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!//" & strComputer & "/root/cimv2") Set colMonitoredProcesses = objWMIService. _ ExecNotificationQuery("select * from __instancedeletionevent " _ & "within 1 where TargetInstance isa 'Win32_Process'") i = 0 Do While i = 0 Set objLatestProcess = colMonitoredProcesses.NextEvent Wscript.Echo objLatestProcess.TargetInstance.Name Loop
3.監視進程使用處理器的情況
復制代碼 代碼如下:
strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!//" & strComputer & "/root/cimv2") Set colProcesses = objWMIService.ExecQuery _ ("Select * from Win32_process") For Each objProcess in colProcesses sngProcessTime = ( CSng(objProcess.KernelModeTime) + _ CSng(objProcess.UserModeTime)) / 10000000 Wscript
