[陈辉经典文章]利用WMI进行进程监视
VERSION 5.00Begin VB.Form frmMain
Caption = "Form1"
ClientHeight = 3090
ClientLeft = 60
ClientTop = 450
ClientWidth = 4680
LinkTopic = "Form1"
ScaleHeight = 3090
ScaleWidth = 4680
StartUpPosition = 3'窗口缺省
Begin VB.CommandButton cmdStartModification
Caption = "开始监视修改"
Height = 375
Left = 3240
TabIndex = 5
Top = 2640
Width = 1455
End
Begin VB.CommandButton cmdStartDelete
Caption = "开始监视退出"
Height = 495
Left = 3240
TabIndex = 4
Top = 1800
Width = 1215
End
Begin VB.CommandButton cmdStartCreate
Caption = "开始监视创建"
Height = 495
Left = 2880
TabIndex = 3
Top = 840
Width = 1335
End
Begin VB.CommandButton cmdStopModification
Caption = "停止监视修改"
Height = 495
Left = 1440
TabIndex = 2
Top = 2520
Width = 1455
End
Begin VB.CommandButton cmdStopDelete
Caption = "停止监视退出"
Height = 495
Left = 1320
TabIndex = 1
Top = 1800
Width = 1695
End
Begin VB.CommandButton cmdStopCreate
Caption = "停止监视创建"
Height = 495
Left = 1320
TabIndex = 0
Top = 840
Width = 1455
End
End
Attribute VB_Name = "frmMain"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Option Explicit
Private objSWbemServices As SWbemServices
Private WithEvents CreateProcessEvent As SWbemSink
Attribute CreateProcessEvent.VB_VarHelpID = -1
Private WithEvents DeleteProcessEvent As SWbemSink
Attribute DeleteProcessEvent.VB_VarHelpID = -1
Private WithEvents ModificationProcessEvent As SWbemSink
Attribute ModificationProcessEvent.VB_VarHelpID = -1
Private Sub cmdStartCreate_Click()
StartMonitorCreateProcessEvent
End Sub
Private Sub cmdStartDelete_Click()
StartMonitorDeleteProcessEvent
End Sub
Private Sub cmdStartModification_Click()
StartMonitorModificationProcessEvent
End Sub
Private Sub cmdStopCreate_Click()
CreateProcessEvent.Cancel
End Sub
Private Sub cmdStopDelete_Click()
DeleteProcessEvent.Cancel
End Sub
Private Sub cmdStopModification_Click()
ModificationProcessEvent.Cancel
End Sub
Private Sub Form_Load()
StartMonitorCreateProcessEvent
StartMonitorDeleteProcessEvent
StartMonitorModificationProcessEvent
End Sub
Private Sub Form_Unload(Cancel As Integer)
CreateProcessEvent.Cancel
DeleteProcessEvent.Cancel
ModificationProcessEvent.Cancel
End Sub
'进程创建事件
Private Sub CreateProcessEvent_OnObjectReady(ByVal objWbemObject As WbemScripting.ISWbemObject, ByVal objWbemAsyncContext As WbemScripting.ISWbemNamedValueSet)
End Sub
'进程退出事件
Private Sub DeleteProcessEvent_OnObjectReady(ByVal objWbemObject As WbemScripting.ISWbemObject, ByVal objWbemAsyncContext As WbemScripting.ISWbemNamedValueSet)
End Sub
'进程属性变更事件
Private Sub ModificationProcessEvent_OnObjectReady(ByVal objWbemObject As WbemScripting.ISWbemObject, ByVal objWbemAsyncContext As WbemScripting.ISWbemNamedValueSet)
'MsgBox objWbemObject.Properties_.Item("TargetInstance").Value.Properties_.Item("Name").Value
End Sub
Private Sub StartMonitorCreateProcessEvent()
Set CreateProcessEvent = New SWbemSink
Set objSWbemServices = GetObject("winmgmts:\\.\root\cimv2")
objSWbemServices.ExecNotificationQueryAsync CreateProcessEvent, "SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'"
End Sub
Private Sub StartMonitorDeleteProcessEvent()
Set DeleteProcessEvent = New SWbemSink
Set objSWbemServices = GetObject("winmgmts:\\.\root\cimv2")
objSWbemServices.ExecNotificationQueryAsync DeleteProcessEvent, "SELECT * FROM __InstanceDeletionEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'"
End Sub
Private Sub StartMonitorModificationProcessEvent()
Set ModificationProcessEvent = New SWbemSink
Set objSWbemServices = GetObject("winmgmts:\\.\root\cimv2")
objSWbemServices.ExecNotificationQueryAsync ModificationProcessEvent, "SELECT * FROM __InstanceModificationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'"
End Sub 好帖子,顶一下!
页:
[1]