到目前为止,我有以下代码,每次创建新进程时都会告诉我。
import wmi
c = wmi.WMI()
process_watcher = c.Win32_Process.watch_for("creation")
while True:
new_process = process_watcher()
print(new_process.Caption)
print(new_process.ExecutablePath)
这很好用,但我真正想做的是获取进程描述,因为虽然我正在寻找的文件名可能会改变,但描述却没有。我在Win32_Process或win32file中找不到任何能够获取文件描述的内容。有人知道怎么做吗?
谢谢!
答案 0 :(得分:0)
while True:
try:
new_process = process_watcher()
proc_owner = new_process.GetOwner()
proc_owner = "%s\\%s" % (proc_owner[0],proc_owner[2])
create_date = new_process.CreationDate
executable = new_process.ExecutablePath
cmdline = new_process.CommandLine
pid = new_process.ProcessId
parent_pid = new_process.parentProcessId
privileges = "N/A"
process_log_message = "%s,%s,%s,%s,%s,%s,%s,\r\n" % (create_date,proc_owner,executable,cmdline,pid,parent_pid,privileges)
print "1"
print process_log_message
log_to_file(process_log_message)
except:
print "2"
pass
希望这会有所帮助:)