Working with System Processes in WSH - Taking a look under the hood
(Page 2 of 4 )
Our first task is will be to list all currently running processes. This is useful when making a system snapshot or just for curiosity's sake. For this example we'll list each process by Name and Process ID.
strComputer = "."
Set objWMIService = GetObject("winmgmts: " _
"{impersonationLevel=impersonate}!" & strComputer _
& "rootcimv2")
Set colProcess = objWMIService.ExecQuery _
("Select * from Win32_Process")
For Each objProcess In colProcess
WScript.Echo objProcess.Name & ", PID: " & objProcess.ProcessId
Next
Here we're connecting to WMI and querying all objects belonging to the Win32_Process class. This returns a collection of objects representing each of the currently running processes. We are using the Name and ProcessID properties to return the Name and Process ID of each process respectively.
strComputer = "."
Set objWMIService = GetObject("winmgmts: " _
"{impersonationLevel=impersonate}!" & strComputer _
& "rootcimv2")
Set colProcess = objWMIService.ExecQuery _
("Select * from Win32_Process Where Name='explorer.exe'")
For Each objProcess In colProcess
WScript.Echo objProcess.Name & ", PID: " & objProcess.ProcessId
Next
A slight modification to our query allows this code to list specific processes instead. In this above example, I've used a Where clause to limit the objects returned to only those with the name Explorer.exe.
Again, this is useful if you are monitoring a specific process, however, we are kind of assuming that the process exists. Another slight rewrite makes this code a little more effective.
strProcess = "Explorer.exe"
strComputer = "."
Set objWMIService = GetObject("winmgmts: " _
"{impersonationLevel=impersonate}!" & strComputer _
& "rootcimv2")
Set colProcess = objWMIService.ExecQuery _
("Select * from Win32_Process Where Name = '" & strProcess & "'")
If colProcess.Count < 0 Then
WScript.Echo "Process is running."
Else
WScript.Echo "Process is not running."
End If
Instead of actually working with the objects, we're simply checking to see if the collection returned any objects. This would be useful if you simply wanted to return a True or False value indicating whether a particular process was active in memory.
A complete list of the properties and methods available through the Win32_Process can be found here.
Now that we've seen how to check whether a process is running, it could be useful to see how to start and stop them accordingly. Again, WMI provides a way for us to do this with very small modifications to our existing code sample.
strProcess = "Explorer.exe"
strComputer = "."
Set objWMIService = GetObject("winmgmts: " _
"{impersonationLevel=impersonate}!" & strComputer _
& "rootcimv2")
Set colProcess = objWMIService.ExecQuery _
("Select * from Win32_Process Where Name = '" & strProcess & "'")
For Each objProcess In colProcess
objProcess.Terminate
Next
This code returns all instances of a specified process and then makes use of the Terminate method to end each instance. Starting a process is done slightly differently.
strProcess = "Explorer.exe"
strComputer = "."
Set objWMIService = GetObject("winmgmts: " _
"{impersonationLevel=impersonate}!" & strComputer _
& "rootcimv2")
Set objProcess = objWMIService.Get("Win32_Process")
Set objProgram = objProcess.Methods_("Create") _
.InParameters.SpawnInstance_
objProgram.CommandLine = strProcess
Set objProcess = objWMIService.ExecMethod _
("Win32_Process", "Create", objProgram)
Here we resort to the Create method. This method is native to the Win32_Process class and is not provided by its objects as before. This method creates a process instance in memory with the command line provided. This command line should be a full path if this process is not located in the system path.
Next: More fun with processes >>
More Windows Scripting Articles
More By Nilpo
