Scripts for monitoring Processes on Windows Operating Systems

Create a Higher Priority Process
Create a Process in a Hidden Window
Create a Process on a Remote Computer
List Process Owners
List the Scripts Running on a Computer
Modify the Priority Of a Running Process
Monitor Threads
Prevent a Process from Running
Terminate a Process


You can use any of the VBScript programs below in ActiveXperts Network Monitor. Click here for an explanation about how to include scripts in ActiveXperts Network Monitor.



Create a Higher Priority Process


Starts Notepad.exe with an Above Normal priority.
Const ABOVE_NORMAL = 32768

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set objStartup = objWMIService.Get("Win32_ProcessStartup")

Set objConfig = objStartup.SpawnInstance_
objConfig.PriorityClass = ABOVE_NORMAL
Set objProcess = GetObject("winmgmts:root\cimv2:Win32_Process")
objProcess.Create "Notepad.exe", Null, objConfig, intProcessID
	

Create a Process in a Hidden Window


Starts Notepad.exe on the local computer, but in a hidden window.
Const HIDDEN_WINDOW = 12

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set objStartup = objWMIService.Get("Win32_ProcessStartup")

Set objConfig = objStartup.SpawnInstance_
objConfig.ShowWindow = HIDDEN_WINDOW
Set objProcess = GetObject("winmgmts:root\cimv2:Win32_Process")
errReturn = objProcess.Create("Notepad.exe", null, objConfig, intProcessID)
	

Create a Process on a Remote Computer


Starts Notepad.exe on a remote computer. On Windows XP and Windows Server 2003, Notepad will run in a hidden window.
strComputer = "webserver"
Set objWMIService = GetObject _
    ("winmgmts:\\" & strComputer & "\root\cimv2:Win32_Process")
 
Error = objWMIService.Create("notepad.exe", null, null, intProcessID)

If Error = 0 Then
    Wscript.Echo "Notepad was started with a process ID of " _
         & intProcessID & "."
Else
    Wscript.Echo "Notepad could not be started due to error " & _
        Error & "."
End If
	

List Process Owners


Reports the account name under which each process on a computer is running.
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colProcessList = objWMIService.ExecQuery("Select * from Win32_Process")

For Each objProcess in colProcessList
    colProperties = objProcess.GetOwner(strNameOfUser,strUserDomain)
    Wscript.Echo "Process " & objProcess.Name & " is owned by " _ 
        & strUserDomain & "\" & strNameOfUser & "."
Next
	

List the Scripts Running on a Computer


Lists the file names of all Windows Script Host scripts currently running on a computer.
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colProcesses = objWMIService.ExecQuery _
    ("SELECT * FROM Win32_Process WHERE Name = " & _
        "'Wscript.exe' OR Name = 'Cscript.exe'")
 
If colProcesses.Count = 0 Then
    Wscript.Echo "No scripts are running."
Else
    For Each objProcess in colProcesses
        Wscript.Echo objProcess.CommandLine
    Next
End If
	

Modify the Priority Of a Running Process


Changes the priority of a running instance of Notepad.exe from Normal to Above Normal.
Const ABOVE_NORMAL = 32768

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colProcesses = objWMIService.ExecQuery _
    ("Select * from Win32_Process Where Name = 'Notepad.exe'")

For Each objProcess in colProcesses
    objProcess.SetPriority(ABOVE_NORMAL) 
Next
	

Monitor Threads


Returns a list of threads and thread states for each process running on a computer.
Set objDictionary = CreateObject("Scripting.Dictionary")

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colProcesses = objWMIService.ExecQuery("Select * from Win32_Process")

For each objProcess in colProcesses 
    objDictionary.Add objProcess.ProcessID, objProcess.Name 
Next

Set colThreads = objWMIService.ExecQuery _
    ("Select * from Win32_Thread")
For each objThread in colThreads
    intProcessID = CInt(objThread.ProcessHandle)
    strProcessName = objDictionary.Item(intProcessID) 
    Wscript.Echo strProcessName & VbTab & objThread.ProcessHandle & _
        VbTab & objThread.Handle & VbTab & objThread.ThreadState 
Next
	

Prevent a Process from Running


Temporary event consumer that terminates any new instances of Notepad.exe as soon as those new instances are created.
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colMonitoredProcesses = objWMIService. _        
    ExecNotificationQuery("select * from __instancecreationevent " _ 
        & " within 1 where TargetInstance isa 'Win32_Process'")
i = 0

Do While i = 0
    Set objLatestProcess = colMonitoredProcesses.NextEvent
    If objLatestProcess.TargetInstance.Name = "notepad.exe" Then
        objLatestProcess.TargetInstance.Terminate
    End If
Loop
	

Terminate a Process


Terminates any running instances of Notepad.exe.
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colProcessList = objWMIService.ExecQuery _
    ("Select * from Win32_Process Where Name = 'Notepad.exe'")

For Each objProcess in colProcessList
    objProcess.Terminate()
Next