WMI监视进程启动
来源:互联网 发布:怎么发网络短信 编辑:程序博客网 时间:2024/05/19 19:13
// WMIProcessCreateMonitor.cpp : 定义控制台应用程序的入口点。//#include "stdafx.h"#include <iostream>#include <windows.h>#include <Shlwapi.h>#include <comdef.h>#include <wbemidl.h>using namespace std;#pragma comment(lib, "wbemuuid.lib")#pragma comment(lib, "Shlwapi.lib")int _tmain(int argc, _TCHAR* argv[]){ HRESULT hRet = S_OK; // 初始化COM组件 hRet = CoInitializeEx(NULL, COINIT_MULTITHREADED); if (FAILED(hRet)) { cout<<"初始化COM库组件失败。错误码:"<<hRet<<endl; return hRet; } IWbemLocator *pIWbemLocator = NULL; hRet = CoCreateInstance(CLSID_WbemLocator, NULL, CLSCTX_INPROC_SERVER, IID_IWbemLocator, (LPVOID*)&pIWbemLocator); if (FAILED(hRet)) { cout<<"创建IWbemLocator对象失败!错误码:"<<hRet<<endl; CoUninitialize(); return hRet; } IWbemServices *pIWbemServices = NULL; bstr_t strNetwoekResource("ROOT\\CIMV2"); hRet = pIWbemLocator->ConnectServer(strNetwoekResource, NULL, NULL, NULL, 0, NULL, NULL, &pIWbemServices); if (FAILED(hRet)) { cout<<""<<hRet<<endl; pIWbemLocator->Release(); CoUninitialize(); return hRet; } hRet = CoSetProxyBlanket(pIWbemServices, RPC_C_AUTHN_WINNT, RPC_C_AUTHZ_NONE, NULL, RPC_C_AUTHN_LEVEL_CALL, RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE); if (FAILED(hRet)) { cout<<""<<endl; pIWbemServices->Release(); pIWbemLocator->Release(); CoUninitialize(); return hRet; } bstr_t strQueryLanguage("WQL"); bstr_t strQuery("SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'"); IEnumWbemClassObject *pIEnumWbemClassObject = NULL; hRet = pIWbemServices->ExecNotificationQuery(strQueryLanguage, strQuery, WBEM_FLAG_FORWARD_ONLY|WBEM_FLAG_RETURN_IMMEDIATELY, NULL, &pIEnumWbemClassObject); if (SUCCEEDED(hRet)) { do { ULONG uReturned = 0; IWbemClassObject *pIWbemClassObject = NULL; hRet = pIEnumWbemClassObject->Next(WBEM_INFINITE, 1, &pIWbemClassObject, &uReturned); if (SUCCEEDED(hRet) && pIWbemClassObject) { VARIANT vtInstanceObject; hRet = pIWbemClassObject->Get(_T("TargetInstance"), 0, &vtInstanceObject, NULL, NULL); if (SUCCEEDED(hRet) && vtInstanceObject.vt == VT_UNKNOWN && vtInstanceObject.punkVal != NULL) { IWbemClassObject *pTargetInstance = (IWbemClassObject*)vtInstanceObject.punkVal; VARIANT vtProcessID, vtExecutablePath; // 获取进程ID hRet = pTargetInstance->Get(_T("ProcessID"), 0, &vtProcessID, NULL, NULL); if (SUCCEEDED(hRet)) { // 获取进程名 hRet = pTargetInstance->Get(_T("Name"), 0, &vtExecutablePath, NULL, NULL); if (SUCCEEDED(hRet)) { wchar_t pName[MAX_PATH] = {0}; wsprintf(pName, L"%s", vtExecutablePath.bstrVal); _wcsupr_s(pName, MAX_PATH); wcout<<L"ProcessName:"<<pName<<L" ProcessId:"<<vtProcessID.ulVal<<" is started..."<<endl; } } vtInstanceObject.punkVal->Release(); } } } while (TRUE); } pIWbemServices->Release(); pIWbemLocator->Release(); CoUninitialize(); return 0;}
0 0
- WMI监视进程启动
- VB 利用WMI进行进程监视
- WMI远程启动进程
- ring3下利用WMI监视进程创建(vc版)
- ring3下利用WMI监视进程创建(vc版)
- 使用 WMI 监视性能
- 监视一个指定进程是不是启动
- 监视进程
- 进程监视
- 监视某进程,保持进程处于启动状态(非正常退出后能自动启动)
- 运行情况如何?使用WMI 监视性能
- VB 利用WMI进行日志监视
- C# 利用WMI进行日志监视
- C# 利用WMI进行注册表监视
- VB 利用WMI进行USB监视
- VB 利用WMI进行PNP监视
- VB 利用WMI进行服务监视
- wmi监视系统动作 摘自msdn
- 黑马程序员--java基础--网络编程
- 关于VC出现 0x0C150002 错误的原因以及解决方案
- Java线程(四):Timer和TimerTask
- 3.在线手册速查
- Cscope的使用(领略Vim + Cscope的强大魅力)
- WMI监视进程启动
- 联合体
- Java开发网站总结——Servlet实现图片上传、验证码实现
- 你了解Cisco的PVST、PVST+和Rapid-PVST+吗
- vs2010 使用备忘
- 对象拷贝类PropertyUtils,BeanUtils,BeanCopier的技术沉淀
- iptables配置——NAT地址转换
- IllegalArgumentException: Comparison method violates its general contract错误详细内容
- [Win32]获取当前系统可用磁盘空间最大的盘符