監(jiān)視進程的創(chuàng)建，在每次創(chuàng)建新的進程時，臨時事件消費程序都發(fā)出警報。

1.監(jiān)視進程的創(chuàng)建

代碼如下:

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _

& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colMonitoredProcesses = objWMIService. _

ExecNotificationQuery("select * from __instancecreationevent " _

& " within 1 where TargetInstance isa 'Win32_Process'")

i = 0

Do While i = 0

Set objLatestProcess = colMonitoredProcesses.NextEvent

Wscript.Echo objLatestProcess.TargetInstance.Name

Loop

2.監(jiān)視進程的刪除，在每次進程終止時，臨時事件消費程序都發(fā)出警報。

代碼如下:

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _

& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colMonitoredProcesses = objWMIService. _

ExecNotificationQuery("select * from __instancedeletionevent " _

& "within 1 where TargetInstance isa 'Win32_Process'")

i = 0

Do While i = 0

Set objLatestProcess = colMonitoredProcesses.NextEvent

Wscript.Echo objLatestProcess.TargetInstance.Name

Loop

3.監(jiān)視進程使用處理器的情況

代碼如下:

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _

& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colProcesses = objWMIService.ExecQuery _

("Select * from Win32_process")

For Each objProcess in colProcesses

sngProcessTime = ( CSng(objProcess.KernelModeTime) + _

CSng(objProcess.UserModeTime)) / 10000000

Wscript