监视进程的创建，在每次创建新的进程时，临时事件消费程序都发出警报。

1.监视进程的创建

代码如下:

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _

& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colMonitoredProcesses = objWMIService. _

ExecNotificationQuery("select * from __instancecreationevent " _

& " within 1 where TargetInstance isa 'Win32_Process'")

i = 0

Do While i = 0

Set objLatestProcess = colMonitoredProcesses.NextEvent

Wscript.Echo objLatestProcess.TargetInstance.Name

Loop

2.监视进程的删除，在每次进程终止时，临时事件消费程序都发出警报。

代码如下:

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _

& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colMonitoredProcesses = objWMIService. _

ExecNotificationQuery("select * from __instancedeletionevent " _

& "within 1 where TargetInstance isa 'Win32_Process'")

i = 0

Do While i = 0

Set objLatestProcess = colMonitoredProcesses.NextEvent

Wscript.Echo objLatestProcess.TargetInstance.Name

Loop

3.监视进程使用处理器的情况

代码如下:

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _

& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colProcesses = objWMIService.ExecQuery _

("Select * from Win32_process")

For Each objProcess in colProcesses

sngProcessTime = ( CSng(objProcess.KernelModeTime) + _

CSng(objProcess.UserModeTime)) / 10000000

Wscript