0

到目前为止,我有以下代码,每次创建新进程时都会告诉我。

import wmi
c = wmi.WMI()
process_watcher = c.Win32_Process.watch_for("creation")
while True:
    new_process = process_watcher()
    print(new_process.Caption)
    print(new_process.ExecutablePath)

这很好用,但我真正想做的是获取进程描述,因为虽然我正在寻找的文件名可能会改变,但描述不会。我在 Win32_Process 或 win32file 中找不到任何可以让我得到文件描述的东西。有人知道怎么做这个吗?

谢谢!

4

1 回答 1

0 
while True:
try:
    new_process = process_watcher()

    proc_owner = new_process.GetOwner()
    proc_owner = "%s\\%s" % (proc_owner[0],proc_owner[2])
    create_date = new_process.CreationDate
    executable = new_process.ExecutablePath
    cmdline = new_process.CommandLine
    pid = new_process.ProcessId
    parent_pid = new_process.parentProcessId
    privileges = "N/A"
    process_log_message = "%s,%s,%s,%s,%s,%s,%s,\r\n" % (create_date,proc_owner,executable,cmdline,pid,parent_pid,privileges)
    print "1"
    print process_log_message
    log_to_file(process_log_message)
except:
    print "2"
    pass

希望这可以帮助 :)

于 2017-04-30T00:14:26.897 回答