用VBS实现监视进程创建与删除的代码
- 作者: 灬跪求粉色木耳灬
- 来源: 51数据库
- 2021-09-23
监视进程的创建,在每次创建新的进程时,临时事件消费程序都发出警报。
1.监视进程的创建
strcomputer = "."
set objwmiservice = getobject("winmgmts:" _
& "{impersonationlevel=impersonate}!\" & strcomputer & "\root\cimv2")
set colmonitoredprocesses = objwmiservice. _
execnotificationquery("select * from __instancecreationevent " _
& " within 1 where targetinstance isa 'win32_process'")
i = 0
do while i = 0
set objlatestprocess = colmonitoredprocesses.nextevent
wscript.echo objlatestprocess.targetinstance.name
loop
2.监视进程的删除,在每次进程终止时,临时事件消费程序都发出警报。
strcomputer = "."
set objwmiservice = getobject("winmgmts:" _
& "{impersonationlevel=impersonate}!\" & strcomputer & "\root\cimv2")
set colmonitoredprocesses = objwmiservice. _
execnotificationquery("select * from __instancedeletionevent " _
& "within 1 where targetinstance isa 'win32_process'")
i = 0
do while i = 0
set objlatestprocess = colmonitoredprocesses.nextevent
wscript.echo objlatestprocess.targetinstance.name
loop
3.监视进程使用处理器的情况
strcomputer = "."
set objwmiservice = getobject("winmgmts:" _
& "{impersonationlevel=impersonate}!\" & strcomputer & "\root\cimv2")
set colprocesses = objwmiservice.execquery _
("select * from win32_process")
for each objprocess in colprocesses
sngprocesstime = ( csng(objprocess.kernelmodetime) + _
csng(objprocess.usermodetime)) / 10000000
wscript
1.监视进程的创建
复制代码 代码如下:
strcomputer = "."
set objwmiservice = getobject("winmgmts:" _
& "{impersonationlevel=impersonate}!\" & strcomputer & "\root\cimv2")
set colmonitoredprocesses = objwmiservice. _
execnotificationquery("select * from __instancecreationevent " _
& " within 1 where targetinstance isa 'win32_process'")
i = 0
do while i = 0
set objlatestprocess = colmonitoredprocesses.nextevent
wscript.echo objlatestprocess.targetinstance.name
loop
2.监视进程的删除,在每次进程终止时,临时事件消费程序都发出警报。
复制代码 代码如下:
strcomputer = "."
set objwmiservice = getobject("winmgmts:" _
& "{impersonationlevel=impersonate}!\" & strcomputer & "\root\cimv2")
set colmonitoredprocesses = objwmiservice. _
execnotificationquery("select * from __instancedeletionevent " _
& "within 1 where targetinstance isa 'win32_process'")
i = 0
do while i = 0
set objlatestprocess = colmonitoredprocesses.nextevent
wscript.echo objlatestprocess.targetinstance.name
loop
3.监视进程使用处理器的情况
复制代码 代码如下:
strcomputer = "."
set objwmiservice = getobject("winmgmts:" _
& "{impersonationlevel=impersonate}!\" & strcomputer & "\root\cimv2")
set colprocesses = objwmiservice.execquery _
("select * from win32_process")
for each objprocess in colprocesses
sngprocesstime = ( csng(objprocess.kernelmodetime) + _
csng(objprocess.usermodetime)) / 10000000
wscript
参考链接:
推荐阅读
