VERSION 5.00Begin VB.Form frmMain Caption = "Form1" ClientHeight = 3090 ClientLeft = 60 ClientTop = 450 ClientWidth = 4680 LinkTopic = "Form1" ScaleHeight = 3090 ScaleWidth = 4680 StartUpPosition = 3 '窗口缺省 Begin VB.CommandButton cmdStartModification Caption = "开始监视修改" Height = 375 Left = 3240 TabIndex = 5 Top = 2640 Width = 1455 End Begin VB.CommandButton cmdStartDelete Caption = "开始监视退出" Height = 495 Left = 3240 TabIndex = 4 Top = 1800 Width = 1215 End Begin VB.CommandButton cmdStartCreate Caption = "开始监视创建" Height = 495 Left = 2880 TabIndex = 3 Top = 840 Width = 1335 End Begin VB.CommandButton cmdStopModification Caption = "停止监视修改" Height = 495 Left = 1440 TabIndex = 2 Top = 2520 Width = 1455 End Begin VB.CommandButton cmdStopDelete Caption = "停止监视退出" Height = 495 Left = 1320 TabIndex = 1 Top = 1800 Width = 1695 End Begin VB.CommandButton cmdStopCreate Caption = "停止监视创建" Height = 495 Left = 1320 TabIndex = 0 Top = 840 Width = 1455 EndEndAttribute VB_Name = "frmMain"Attribute VB_GlobalNameSpace = FalseAttribute VB_Creatable = FalseAttribute VB_PredeclaredId = TrueAttribute VB_Exposed = FalseOption Explicit
Private objSWbemServices As SWbemServicesPrivate WithEvents CreateProcessEvent As SWbemSinkAttribute CreateProcessEvent.VB_VarHelpID = -1Private WithEvents DeleteProcessEvent As SWbemSinkAttribute DeleteProcessEvent.VB_VarHelpID = -1Private WithEvents ModificationProcessEvent As SWbemSinkAttribute ModificationProcessEvent.VB_VarHelpID = -1
Private Sub cmdStartCreate_Click() StartMonitorCreateProcessEventEnd Sub
Private Sub cmdStartDelete_Click() StartMonitorDeleteProcessEventEnd Sub
Private Sub cmdStartModification_Click() StartMonitorModificationProcessEventEnd Sub
Private Sub cmdStopCreate_Click() CreateProcessEvent.CancelEnd Sub
Private Sub cmdStopDelete_Click() DeleteProcessEvent.CancelEnd Sub
Private Sub cmdStopModification_Click() ModificationProcessEvent.CancelEnd Sub
Private Sub Form_Load() StartMonitorCreateProcessEvent StartMonitorDeleteProcessEvent StartMonitorModificationProcessEventEnd Sub
Private Sub Form_Unload(Cancel As Integer) CreateProcessEvent.Cancel DeleteProcessEvent.Cancel ModificationProcessEvent.CancelEnd Sub
'进程创建事件Private Sub CreateProcessEvent_OnObjectReady(ByVal objWbemObject As WbemScripting.ISWbemObject, ByVal objWbemAsyncContext As WbemScripting.ISWbemNamedValueSet)
End Sub
'进程退出事件Private Sub DeleteProcessEvent_OnObjectReady(ByVal objWbemObject As WbemScripting.ISWbemObject, ByVal objWbemAsyncContext As WbemScripting.ISWbemNamedValueSet)
End Sub
'进程属性变更事件Private Sub ModificationProcessEvent_OnObjectReady(ByVal objWbemObject As WbemScripting.ISWbemObject, ByVal objWbemAsyncContext As WbemScripting.ISWbemNamedValueSet) 'MsgBox objWbemObject.Properties_.Item("TargetInstance").Value.Properties_.Item("Name").ValueEnd Sub
Private Sub StartMonitorCreateProcessEvent() Set CreateProcessEvent = New SWbemSink Set objSWbemServices = GetObject("winmgmts://./root/cimv2") objSWbemServices.ExecNotificationQueryAsync CreateProcessEvent, "SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'"End Sub
Private Sub StartMonitorDeleteProcessEvent() Set DeleteProcessEvent = New SWbemSink Set objSWbemServices = GetObject("winmgmts://./root/cimv2") objSWbemServices.ExecNotificationQueryAsync DeleteProcessEvent, "SELECT * FROM __InstanceDeletionEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'"End Sub
Private Sub StartMonitorModificationProcessEvent() Set ModificationProcessEvent = New SWbemSink Set objSWbemServices = GetObject("winmgmts://./root/cimv2") objSWbemServices.ExecNotificationQueryAsync ModificationProcessEvent, "SELECT * FROM __InstanceModificationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'"End Sub
