Results 1 to 1 of 1

Thread: hook createProcess with wmi

  1. #1

    Thread Starter
    PowerPoster
    Join Date
    Jan 2020
    Posts
    3,746

    hook createProcess with wmi

    Code:
    Private Sub Command2_Click()
    Check1.Value = 0
    End Sub
    
    Private Sub Command1_Click()
    'ADD CONTROLS:Command1,Command2,List1,check1
    
    Check1.Value = 1
    strComputer = "."
    Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2:Win32_Process")
    Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
    
    Set colProcesses = objWMIService.ExecNotificationQuery _
        ("SELECT * FROM __instancecreationevent " _
                & " Within 1 Where TargetInstance ISA 'Win32_Process'")
                On Error Resume Next
                Dim objProcess As Object
                Dim A As String
    Do While Check1.Value = 1
        DoEvents
        If Check1.Value = 0 Then Exit Sub
        Set objProcess = Nothing
        Set objProcess = colProcesses.NextEvent(10)
            If Not objProcess Is Nothing Then
            A = objProcess.TargetInstance.Caption
        i = i + 1
        List1.AddItem i & "--" & A
        Debug.Print A
    End If
        DoEvents
    Loop
    End Sub
    This code will jam the process, it is better to use in multi-threading, there is also an event-based method:
    Code:
    Do While Check1.Value = 1
        Set objProcess = colProcesses.NextEvent()
       A = objProcess.TargetInstance.Caption
    loop
    .Caption :process exe name
    .ParentProcessId who create it
    .Handle IS PROCESS ID

    With objProcess.TargetInstance
    A = .Caption & "/" & .Handle & "/Create BY:" & .ParentProcessId
    End With
    'Notepad.exe/17964/Create BY:17744 (EXPLORER.EXE)
    Last edited by xiaoyao; Sep 2nd, 2021 at 07:40 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width