Process Alert

[Pottery]

I've been searching for a while but I can't seem to find it.. I had a script on my PC before I reformatted and what it did was whenever a new process activated a msgbox would notify me, does anyone know where I can find this?

[Pottery]

Started a topic too soon sorry, I found it.

[Pottery]

Actually, I have another question.. How would I go about reading a username from Task Manager? For example I want to know whenever someone on my network runs something on my PC, but I don't want it to notify me when I run something myself, any ideas?

[99ojo]

Hi,

this should fit:

expandcollapse popup

#include <array.au3>
HotKeySet("+{ESC}", "_Exit")

Global $strComputer = "localhost"
;you may add some more entries
Dim $arallow [4] = [@UserName, "system", "network service", "local service"]

While 1
    $arproc = _getproc ()
    For $i = 1 To UBound ($arproc) - 1
        If _ArraySearch ($arallow, $arproc [$i] [1]) = - 1 Then
            MsgBox (0, "Alert", "Process " & $arproc [$i] [0] & " started by " & $arproc [$i] [1] & " !")
        EndIf
    Next
    Sleep (1000)
WEnd

Func _getproc ()
    ; Generated by AutoIt Scriptomatic
    Local $artemp [1] [2], $count = 1, $struser, $strdomain
    $wbemFlagReturnImmediately = 0x10
    $wbemFlagForwardOnly = 0x20
    $colItems = ""
    $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")
    $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process", "WQL", _
                                              $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

    If IsObj($colItems) then
        For $objItem In $colItems
            ReDim $artemp [$count] [2]
            $artemp [$count - 1] [0] = $objItem.Caption
            $objItem.GetOwner ($struser, $strdomain)
            $artemp [$count - 1] [1] = $struser
            $count += 1 
        Next
    Else
        Return 0
    EndIf
    Return $artemp
EndFunc

Func _Exit ()
    Exit
EndFunc

;-))

Stefan