Working with System Processes in WSH - Modifying processes

(Page 4 of 4 )

The final set of code samples I have for you is designed for special needs when working with processes that you just may develop a need to script.  We'll begin by modifying a specific process and then we'll look at some cool things we can do with our own.

Const IDLE = 64

Const BELOW_NORMAL = 16384

Const NORMAL = 32

Const ABOVE_NORMAL = 32768

Const HIGH_PRIORITY = 128

Const REAL_TIME = 256

 

strProcess = "iexplore.exe"

strComputer = "."

Set objWMIService = GetObject("winmgmts: " _

   "{impersonationLevel=impersonate}!" & strComputer _

      & "rootcimv2")

Set colProcesses = objWMIService.ExecQuery _

   ("Select * from Win32_Process Where Name = '" & strProcess & "'")

 

For Each objProcess In colProcesses

   result = objProcess.SetPriority(ABOVE_NORMAL)

Next

The setPriority method allows you to control the priority of a running process.  It accepts predefined constant values to indicate the priority level and issues a return code from the table below.

strProcess = "iexplore.exe"

strComputer = "."

Set objWMIService = GetObject("winmgmts: " _

   "{impersonationLevel=impersonate}!" & strComputer _

      & "rootcimv2")

Const ABOVE_NORMAL = 32768

 

Set objStartup = objWMIService.Get("Win32_ProcessStartup")

Set objConfig = objStartup.SpawnInstance_

objConfig.PriorityClass = ABOVE_NORMAL

  

Set objProcess = GetObject("winmgmts:rootcimv2:Win32_Process")

objProcess.Create strProcess, Null, objConfig

In the same way, it might also be useful to start a process at a specific priority level.  This code does just that for you.  It's a slightly modified combination of two examples you've already seen.  The PriorityClass property accepts the same values as the setPriority method that we just examined.

But settings a process' priority isn't all there is to do, is it?  It might also be nice to control how the process starts and runs.  After all, most processes run hidden, don't they?

strProcess = "iexplore.exe"

strComputer = "."

Set objWMIService = GetObject("winmgmts: " _

   "{impersonationLevel=impersonate}!" & strComputer _

      & "rootcimv2")

Const HIDDEN_WINDOW = 12

  

Set objStartup = objWMIService.Get("Win32_ProcessStartup")

Set objConfig = objStartup.SpawnInstance_

objConfig.ShowWindow = HIDDEN_WINDOW

  

Set objProcess = GetObject("winmgmts:rootcimv2:Win32_Process")

objProcess.Create strProcess, Null, objConfig

This time we rely on the ShowWindow property of the Win32_ProcessStartup class to set our process to run hidden.  This additional class allows us to control how processes start.  There are many properties and methods available with this class to control how a process starts and operates.  For more information, visit the link below.

MSDN: Win32_ProcessStartup Class

The final example I would like to provide for you is one that I sometimes find very useful.  It gives you the ability to prevent a process from running.  Essentially, it monitors for a process to start and then ends it.

strProcess = "iexplore.exe"

strComputer = "."

Set objWMIService = GetObject("winmgmts: " _

   "{impersonationLevel=impersonate}!" & strComputer _

      & "rootcimv2")

Set colProcess = objWMIService.ExecNotificationQuery _

   ("Select * from __InstanceCreationEvent" _

       & " WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'")

 

Do While True

   Set objLatestProcess = colProcess.NextEvent

   If objLatestProcess.TargetInstance.Name = strProcess Then

       objLatestProcess.TargetInstance.Terminate

   End If

Loop

This code basically combines our examples for monitoring a process start-up and ending a process.  Again, this code can be further modified to suit your needs.  This example demonstrates how you can combine the techniques you've seen to produce a usable script.

Take the time to explore the MSDN documentation for the Win32_Process and Win32_ProcessStartup classes.  They provide many other properties and methods that I was unable to include for lack of space.  By reading the documentation and getting to know these WMI classes, you can add a lot of power to your scripts and more weapons to your scripting arsenal.  Until next time, keep coding!

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

Comments On: Working with System Processes in WSH

· Learn how to capture the power of WMI in your WSH scripts to manipulate, create, and...   >>> Post your comment now!