API tools faq
paste
Advertisement
omegastripes

Procs_Start_and_Stop_WMI_Events_Log.vbs

omegastripes
May 23rd, 2013
268
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VisualBasic 2.09 KB | None | 0 0
raw download clone embed print report
  1. REM Procs Start and Stop WMI Events Log
  2. REM solution for http://sysadmins.ru/topic192410.html
  3.  
  4. on error resume next
  5.  
  6. set wall = new logwindow
  7.  
  8. computer = "."
  9. set service = getobject("winmgmts:\\" & computer & "\root\CIMV2")
  10.  
  11. set processstartsink = wscript.createobject("WbemScripting.SWbemSink","processstart_")
  12. service.execnotificationqueryasync processstartsink, "SELECT * FROM Win32_ProcessStartTrace"
  13.  
  14. set processstopsink = wscript.createobject("WbemScripting.SWbemSink","processstop_")
  15. service.execnotificationqueryasync processstopsink, "SELECT * FROM Win32_ProcessStopTrace"
  16.  
  17. do
  18.     wscript.sleep(1000)
  19. loop
  20.  
  21. sub processstart_onobjectready(receivedevent, asynccontext)
  22.     message2wall receivedevent, "Process Start"
  23. end sub
  24.  
  25. sub processstop_onobjectready(receivedevent, asynccontext)
  26.     message2wall receivedevent, "Process Stop"
  27. end sub
  28.  
  29. function message2wall(receivedevent, action)
  30.     REM uint4  PageDirectoryBase;
  31.     REM uint32 ParentProcessID;
  32.     REM uint32 ProcessID;
  33.     REM string ProcessName;
  34.     REM uint8  SECURITY_DESCRIPTOR[];
  35.     REM uint32 SessionID;
  36.     REM uint8  Sid[];
  37.     REM uint8  TIME_CREATED;
  38.     wall.write now() & " " & action
  39.     wall.write "ProcessName: " & receivedevent.processname
  40.     wall.write "ProcessID: " & receivedevent.processid
  41.     wall.write "ParentProcessID: " & receivedevent.parentprocessid
  42.     wall.write "SessionID: " & receivedevent.sessionid
  43.     wall.write "Sid: " & join(receivedevent.sid, "; ")
  44.     wall.write "TIME_CREATED: " & receivedevent.time_created & "<hr>"
  45. end function
  46.  
  47. class logwindow
  48.     private ie
  49.    
  50.     private sub class_initialize()
  51.         set ie = wscript.createobject("InternetExplorer.Application", "ie_")
  52.         with ie
  53.             .menubar = false
  54.             .toolbar = false
  55.             .resizable = true
  56.             .statusbar = false
  57.             .addressbar = false
  58.             .visible = true
  59.             .navigate "about:blank"
  60.             REM .FullScreen = True
  61.             .document.write "<title>Procs Start and Stop WMI Events Log</title>"
  62.         end with
  63.     end sub
  64.    
  65.     public sub write(text)
  66.         ie.document.write text & "<br>"
  67.     end sub
  68.  
  69. end class
  70.  
  71. sub ie_onquit()
  72.     processstartsink.cancel
  73.     processstopsink.cancel
  74.     wscript.quit
  75. end sub
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!