How to trap the event of a new process starting with wmi

gel geli at tasmail.com
Thu Jul 6 21:34:45 EDT 2006 

gel wrote:

> placid wrote:
>
> > gel wrote:
> > > placid wrote:
> > >
> > > > gel wrote:
> > > > > gel wrote:
> > > > >
> > > > > > Below is how it is down with vbscript.  What is the best way to convert
> > > > > > this to python?
> > > > > >
> > > > > > strComputer = "."
> > > > > > Set objWMIService = GetObject("winmgmts:" _
> > > > > >     & "{impersonationLevel=impersonate}!\\" & strComputer &
> > > > > > "\root\cimv2")
> > > > > > Set colMonitoredProcesses = objWMIService. _
> > > > > >     ExecNotificationQuery("select * from __instancecreationevent " _
> > > > > >         & " within 1 where TargetInstance isa 'Win32_Process'")
> > > > > > i = 0
> > > > > >
> > > > > > Do While i = 0
> > > > > >     Set objLatestProcess = colMonitoredProcesses.NextEvent
> > > > > >     Wscript.Echo objLatestProcess.TargetInstance.Name
> > > > > > Loop
> > > > >
> > > > > A better question might be is there a method or guide for converting
> > > > > from vbs wmi to python wmi?
> > > >
> > > > Dont know about converting vbs to python but using Tim Golden's wmi
> > > > module to trap the event of a new process starting is easy.
> > > >
> > > > wmi module can be found at http://timgolden.me.uk/python/wmi.html
> > > >
> > > > >>>  import wmi
> > > > >>>  c = wmi.WMI()
> > > > >>>  watcher = c.watch_for (
> > > > >>>       notification_type="Creation"
> > > > >>>       wmi_class="Win32_Process"
> > > > >>>       delay_secs=2,
> > > > >>>       Name='calc.exe'
> > > > >>>  )
> > > > >>>  calc_created = watcher ()
> > > > >>>  print calc_created
> > > >
> > > > and if you want to trap closing down of processes then change
> > > > notification_type to "Deletion"
> > > >
> > > >
> > > > -Cheers
> > >
> > > Great, thanks for that, where did you find details on using it.  I am
> > > already using it for another part, but could not find information on
> > > watching processes start and stop.
> >
> > >>>  c=wmi.WMI()
> > >>>  help(c)
> >
> > ive been using the wmi module for 1.5 months and i had some help from
> > the author of the module (Tim Golden).
>
> Do you have any docs that might help me?


What would be the best way to watch for multiple pieces of software at
the same time, eg. watching for the start up of calc.exe notepad.exe.
Or even how could I query what the value of the attribute Name is equal
to in the object calc_created from the example above?

More information about the Python-list mailing list