Jump to content

Can InstanceCreationEvent of Win32_Process done with WinApi ?


Recommended Posts

any way to get the process that starts or ends like:

HotKeySet("{ESC}","ESC")
Func ESC()
    Exit(0)
EndFunc
Local $Obj    = ObjGet(    "winmgmts:{impersonationLevel=impersonate}!\\" & @ComputerName & "\root\cimv2")
Local $hObj   = ObjCreate( "WbemScripting.SWbemSink" )
If IsObj($Obj) And IsObj($hObj) Then
    ObjEvent( $hObj , "SINK_" )
    $Obj.ExecNotificationQueryAsync( $hObj , "SELECT * FROM __InstanceCreationEvent WITHIN 0.05 WHERE TargetInstance ISA 'Win32_Process'" )
    $Obj.ExecNotificationQueryAsync( $hObj , "SELECT * FROM __InstanceDeletionEvent WITHIN 0.5 WHERE TargetInstance ISA 'Win32_Process'" )
EndIf
Sleep(10000000)
Func SINK_OnObjectReady($OB)
    if $OB.Path_.Class =  "__InstanceCreationEvent"  Then
        consolewrite( "start " )
    else
        consolewrite( "end   " )
    EndIf
    consolewrite( $ob.targetinstance.name & " - ProcessId:"& $ob.targetinstance.ProcessId&" - TIME_CREATED: "&$ob.TIME_CREATED&" - ExecutablePath: "& $ob.targetinstance.ExecutablePath&" - CommandLine: "& $ob.targetinstance.CommandLine & @LF )
EndFunc

but with DLL calls ?

Thanks in advance.
 

Follow the link to my code contribution ( and other things too ).
FAQ - Please Read Before Posting.
autoit_scripter_blue_userbar.png

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...