CyberMax Posted April 1, 2012 Share Posted April 1, 2012 (edited) These are 2 vbscript that monitor process creation and process deletion, if anyone could help convert it into autoit, I would be very grateful. Thank you.Monitor Process CreationstrComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!" & strComputer & "rootcimv2") Set colMonitoredProcesses = objWMIService. _ ExecNotificationQuery("select * from __instancecreationevent " _ & " within 1 where TargetInstance isa 'Win32_Process'") i = 0 Do While i = 0 Set objLatestProcess = colMonitoredProcesses.NextEvent Wscript.Echo objLatestProcess.TargetInstance.Name LoopMonitor Process DeletionstrComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!" & strComputer & "rootcimv2") Set colMonitoredProcesses = objWMIService. _ ExecNotificationQuery("select * from __instancedeletionevent " _ & "within 1 where TargetInstance isa 'Win32_Process'") i = 0 Do While i = 0 Set objLatestProcess = colMonitoredProcesses.NextEvent Wscript.Echo objLatestProcess.TargetInstance.Name Loop Edited April 1, 2012 by Melba23 Added cleaned code Link to comment Share on other sites More sharing options...
Moderators Melba23 Posted April 1, 2012 Moderators Share Posted April 1, 2012 CyberMax, Necroing a 6-year old thread as you originally did with this post is not what we encourage here - just start a new thread yourself next time. M23 P.S. And you might want to edit your code above as no-one is going to wade through all those tags to see what it is all about. Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind Open spoiler to see my UDFs: Spoiler ArrayMultiColSort ---- Sort arrays on multiple columnsChooseFileFolder ---- Single and multiple selections from specified path treeview listingDate_Time_Convert -- Easily convert date/time formats, including the language usedExtMsgBox --------- A highly customisable replacement for MsgBoxGUIExtender -------- Extend and retract multiple sections within a GUIGUIFrame ---------- Subdivide GUIs into many adjustable framesGUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView itemsGUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeViewMarquee ----------- Scrolling tickertape GUIsNoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxesNotify ------------- Small notifications on the edge of the displayScrollbars ----------Automatically sized scrollbars with a single commandStringSize ---------- Automatically size controls to fit textToast -------------- Small GUIs which pop out of the notification area Link to comment Share on other sites More sharing options...
Moderators Melba23 Posted April 1, 2012 Moderators Share Posted April 1, 2012 CyberMax,I have moved the cleaned-up code from your new necro-post in the other thread here and deleted the other post. DO NOT POST IN THAT THREAD ANY MORE!M23 Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind Open spoiler to see my UDFs: Spoiler ArrayMultiColSort ---- Sort arrays on multiple columnsChooseFileFolder ---- Single and multiple selections from specified path treeview listingDate_Time_Convert -- Easily convert date/time formats, including the language usedExtMsgBox --------- A highly customisable replacement for MsgBoxGUIExtender -------- Extend and retract multiple sections within a GUIGUIFrame ---------- Subdivide GUIs into many adjustable framesGUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView itemsGUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeViewMarquee ----------- Scrolling tickertape GUIsNoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxesNotify ------------- Small notifications on the edge of the displayScrollbars ----------Automatically sized scrollbars with a single commandStringSize ---------- Automatically size controls to fit textToast -------------- Small GUIs which pop out of the notification area Link to comment Share on other sites More sharing options...
CyberMax Posted April 1, 2012 Author Share Posted April 1, 2012 CyberMax,I have moved the cleaned-up code from your new necro-post in the other thread here and deleted the other post. DO NOT POST IN THAT THREAD ANY MORE!M23Sorry , and I did clean the colour tags, it was by accident when I copy and paste these scripts from my computer. Link to comment Share on other sites More sharing options...
Moderators Melba23 Posted April 1, 2012 Moderators Share Posted April 1, 2012 CyberMax, No problem! M23 Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind Open spoiler to see my UDFs: Spoiler ArrayMultiColSort ---- Sort arrays on multiple columnsChooseFileFolder ---- Single and multiple selections from specified path treeview listingDate_Time_Convert -- Easily convert date/time formats, including the language usedExtMsgBox --------- A highly customisable replacement for MsgBoxGUIExtender -------- Extend and retract multiple sections within a GUIGUIFrame ---------- Subdivide GUIs into many adjustable framesGUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView itemsGUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeViewMarquee ----------- Scrolling tickertape GUIsNoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxesNotify ------------- Small notifications on the edge of the displayScrollbars ----------Automatically sized scrollbars with a single commandStringSize ---------- Automatically size controls to fit textToast -------------- Small GUIs which pop out of the notification area Link to comment Share on other sites More sharing options...
Skitty Posted April 1, 2012 Share Posted April 1, 2012 (edited) expandcollapse popupHotKeySet("{ESC}","ESC") Global Const $hPSAPI = DllOpen("psapi.dll") Global Const $hKERNEL32 = DllOpen("kernel32.dll") ObjEvent("AutoIt.Error", "_DeBug"); capture any com errors just in case, this way the app wont crash. Local $Obj = ObjGet("winmgmts:{impersonationLevel=impersonate}!" & @ComputerName & "rootcimv2") Local $hObj = ObjCreate("WbemScripting.SWbemSink") If IsObj($Obj) And IsObj($hObj) Then ObjEvent($hObj, "SINK_"); Set up a callback to populate the list view when a process dies or spawns every 500 miliseconds ;I didn't know I could monitor events this way instead of capturing other unwanted events... We'll use this now :) $Obj.ExecNotificationQueryAsync($hObj, "SELECT * FROM __InstanceCreationEvent WITHIN 0.5 WHERE TargetInstance ISA 'Win32_Process'") $Obj.ExecNotificationQueryAsync($hObj, "SELECT * FROM __InstanceDeletionEvent WITHIN 0.5 WHERE TargetInstance ISA 'Win32_Process'") EndIf Sleep(9999999999) Func SINK_OnObjectReady($OB) Switch $OB.Path_.Class Case "__InstanceCreationEvent" ConsoleWrite("+~>" & _ProcessGetPath($OB.TargetInstance.ProcessID) & @CR) Case "__InstanceDeletionEvent" ConsoleWrite("!~>" & $OB.TargetInstance.ProcessID & @CR) EndSwitch Return 1 EndFunc ;==>SINK_OnObjectReady Func _Debug($oError) ConsoleWrite( _ "!>##################### AUTOIT OBJECT ERROR ######################################" & @CRLF & _ "->err.number is : " & @TAB & $oError.number & @CRLF & _ "err.scriptline is : " & @TAB & $oError.scriptline & @CRLF & _ ">err.retcode is : " & @TAB & $oError.retcode & @CRLF & _ "!>################################################################################" & @CRLF _ ) Return 0 EndFunc ;==>_Debug Func _ProcessGetPath($vProcess) Local $i_PID, $aProcessHandle, $tDLLStruct, $iError, $sProcessPath $i_PID = ProcessExists($vProcess) If Not $i_PID Then Return SetError(1, 0, "");process doesn't exist? $aProcessHandle = DllCall($hKERNEL32, "int", "OpenProcess", "int", 0x0400 + 0x0010, "int", 0, "int", $i_PID) If @error Or $aProcessHandle[0] = 0 Then Return SetError(2, $iError, "");openprocess failed EndIf $tDLLStruct = DllStructCreate("char[1000]") DllCall($hPSAPI, "long", "GetModuleFileNameEx", "int", $aProcessHandle[0], "int", 0, "ptr", DllStructGetPtr($tDLLStruct), "long", DllStructGetSize($tDLLStruct)) If @error Then $tDLLStruct = 0 DllCall($hKERNEL32, "int", "CloseHandle", "int", $aProcessHandle[0]) Return SetError(4, $iError, "");getmodulefilenamex failed EndIf DllCall($hKERNEL32, "int", "CloseHandle", "int", $aProcessHandle[0]) $sProcessPath = DllStructGetData($tDLLStruct, 1) $tDLLStruct = 0;format the output If StringLen($sProcessPath) < 2 Then Return SetError(5, 0, "");is empty or non readable If StringLeft($sProcessPath, 4) = "??" Then $sProcessPath = StringReplace($sProcessPath, "??", "") If StringLeft($sProcessPath, 20) = "SystemRootSystem32" Then $sProcessPath = StringReplace($sProcessPath, "SystemRootSystem32", @SystemDir) Return SetError(0, 0, $sProcessPath) EndFunc ;==>_ProcessGetPath Func ESC() Exit(0) EndFunc Edited April 1, 2012 by ApudAngelorum Link to comment Share on other sites More sharing options...
ripdad Posted April 1, 2012 Share Posted April 1, 2012 CyberMax, Here's the first one ... you can do the second. $strComputer = "." $objLatestProcess = "" $objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate}!" & $strComputer & "rootcimv2") $colMonitoredProcesses = $objWMIService.ExecNotificationQuery("select * from __instancecreationevent " _ & " within 1 where TargetInstance isa 'Win32_Process'") While 1 $objLatestProcess = $colMonitoredProcesses.NextEvent MsgBox(0, '', $objLatestProcess.TargetInstance.Name) WEnd "The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now