------------------------------------------------------------------------------------------------------------
use Win32;
use Thread::Use;
use threads;
use threads::shared;



my $thr2 = threads->new(\&ProcNotify,"ProcessId","2104",".","1");
my $thr = threads->new(\&ProcNotify,"ProcessId","3800","jjj","1");


while (1) {


Win32::Sleep(10);


}




sub ProcNotify
{
my ($KEY,$VAL,$HOST,$flag) = @_;


useit Win32::OLE qw(in EVENTS);


print "$KEY,$VAL,$HOST";


Win32::OLE->Option("Warn"=>3);



my $eo = myEvents->new(KEY => $KEY, VAL => $VAL, HOST => $HOST, WMI => $WMI, FLAG => $flag);

my $wbemsink = new Win32::OLE("WbemScripting.SWbemSink");


my $wbemloc = new Win32::OLE("WbemScripting.SWbemLocator");


my $wbemsvc = $wbemloc->ConnectServer("$HOST", "root/cimv2");


# Set impersonationlevel


$wbemsvc->{Security_}->{ImpersonationLevel} = 3;


Win32::OLE->WithEvents($wbemsink, "myEvents");


my $myQuery = "SELECT * FROM __InstanceModificationEvent WITHIN 5"


."WHERE TargetInstance ISA 'Win32_Process' and TargetInstance.$KEY = '$VAL'";


$wbemsvc->ExecNotificationQueryAsync($wbemsink, $myQuery);


while(1)
{
        Win32::Sleep(10);
        Win32::OLE->SpinMessageLoop();
}


}





package myEvents;



my $self;


sub new() {



    my $invocant = shift;
    my $class = ref($invocant) || $invocant;
    $self = {
        KEY => undef,
        VAL => undef,
        HOST => undef,
        WMI => undef,
        FLAG => undef,
        @_,
    };
    my $Machine = $self->{HOST};
     my $WMI;


     if($FLAG eq "1")
     {
        use Win32::OLE qw(in);
     }


$WMI = Win32::OLE->GetObject( "WinMgmts://$HOST" ) || do { print "WMI is not installed or supported on this OS\r\n";};

    $self->{WMI} = $WMI;


    return bless $self, $class;


}



sub OnObjectReady {
#my ($self) = @_;


print "Hello From OnObjectReady!".$self->{KEY},$self->{VAL}."\n";
my $key = $self->{KEY};
my $value = $self->{VAL};
my $WMI = $self->{WMI};
my $Class = $WMI->ExecQuery("SELECT * FROM Win32_Process WHERE $key = \"$value\"") || do { return "Cannot Perform Query"};
my $PRIORITY = "";
foreach my $struct(in $Class)
{
if($PRIORITY eq "LOW")
{
Win32::Sleep(5);
}
my @retvals;
my $structcount = 0;
foreach my $obj (in $struct->{Properties_})
{
if (ref($obj->{Value}) eq "ARRAY")
{

        if($PRIORITY eq "LOW")
        {                       
                Win32::Sleep(6);
        }
                foreach(in $obj->{Value})
                {
                        print $_,"\n";
                        #push(@retvals,$_);
                }


          } else
          {
        if($PRIORITY eq "LOW")
        {                       
                Win32::Sleep(6);
        }
                        #if (($obj->{Name} ne $ignore))
                        #{
                                my $val = $obj->{Value};
                                if( ($obj->{Value} eq "") || ($obj->{Value} eq undef))
                                {
                                        $val = 'NULL';
                                }
                                print $obj->{Name},">",$val,"\n";
                                #push(@retvals,{ Name => $obj->{Name}, Value => $val});
                        #}
          }     
        }


 }


}


sub OnCompleted {


print "Hello From OnCompleted!";
#print TargetInstance->{State};
#Win32::MsgBox("Hello From OnCompleted!");


}


sub OnObjectPut {


print "Hello From OnObjectPut!";
#Win32::MsgBox("Hello From OnObjectPut!");


}


sub OnProgress {


print "Hello From OnProgress!";
#Win32::MsgBox("Hello From OnProgress!");


}


1;