No3:luacom WMI monitor process create and close

luacom中使用WMI监视进行的创建和关闭。还是挺酷的。然后打开一个Notepad.exe，再关闭它，就能看到两行输出。

WMI入门

package.cpath=[[C:\Program Files\Lua\5.1\clibs\?.dll]]require "luacom"strComputer = "mycomputername"objWMIService = luacom.GetObject("winmgmts:{impersonationLevel=Impersonate}!\\\\"..strComputer.."\\root\\cimv2")cSink = luacom.CreateObject( "WbemScripting.SWbemSink")dSink = luacom.CreateObject( "WbemScripting.SWbemSink")cSinkh = {}function cSinkh:OnObjectReady(objObject, objAsyncContext)print ("Process Create Detected: ",objObject:TargetInstance ():Name())endfunction cSinkh:OnCompleted(objObject, objAsyncContext)print ("Completed")enddSinkh = {}function dSinkh:OnObjectReady(objObject, objAsyncContext)print ("Process Delete Detected: ",objObject:TargetInstance ():Name())endfunction dSinkh:OnCompleted(objObject, objAsyncContext)print ("Completed")endobjWMIService:ExecNotificationQueryAsync( dSink, "SELECT * FROM __InstanceDeletionEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'")objWMIService:ExecNotificationQueryAsync (cSink, "SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'")luacom.Connect (cSink,cSinkh)luacom.Connect (dSink,dSinkh)luacom.StartMessageLoop()