用VBS实现监视进程创建与删除的代码
2016-07-07来源:易贤网

监视进程的创建,在每次创建新的进程时,临时事件消费程序都发出警报。

1.监视进程的创建

代码如下:

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _

& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colMonitoredProcesses = objWMIService. _

ExecNotificationQuery("select * from __instancecreationevent " _

& " within 1 where TargetInstance isa 'Win32_Process'")

i = 0

Do While i = 0

Set objLatestProcess = colMonitoredProcesses.NextEvent

Wscript.Echo objLatestProcess.TargetInstance.Name

Loop

2.监视进程的删除,在每次进程终止时,临时事件消费程序都发出警报。

代码如下:

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _

& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colMonitoredProcesses = objWMIService. _

ExecNotificationQuery("select * from __instancedeletionevent " _

& "within 1 where TargetInstance isa 'Win32_Process'")

i = 0

Do While i = 0

Set objLatestProcess = colMonitoredProcesses.NextEvent

Wscript.Echo objLatestProcess.TargetInstance.Name

Loop

3.监视进程使用处理器的情况

代码如下:

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _

& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colProcesses = objWMIService.ExecQuery _

("Select * from Win32_process")

For Each objProcess in colProcesses

sngProcessTime = ( CSng(objProcess.KernelModeTime) + _

CSng(objProcess.UserModeTime)) / 10000000

Wscript

2025公考·省考培训课程试听预约报名

  • 报班类型
  • 姓名
  • 手机号
  • 验证码
推荐信息