I am looking for a way to detect new processes on a Win32 machine as they are created.

I am currently using the Win32::OLE module to get a list of all the running processes.
This code I got from "Win32 Perl Scripting" by Dave Roth and is quite straightforward.

Can anyone please help as the deadline is approaching fast...

The process list code is as follows: 

#  WMI_PS.pl
use Win32::OLE qw( in );

$Machine = "." unless( $Machine = shift @ARGV );
$Machine =~ s#^[\\/]+## if( $ARGV[0] =~ m#^[\\/]{2}# );

# This is the WMI moniker that will connect to a machine's 
# CIM (Common Information Model) repository
$CLASS = "WinMgmts:{impersonationLevel=impersonate}!//
$Machine";

# Get the WMI (Microsoft's implementation of WBEM) interface
$WMI = Win32::OLE->GetObject( $CLASS ) 
  || die "Unable to connect to \\$Machine:" . Win32::OLE->LastError();

# Get the collection of Win32_Process objects
$ProcList = $WMI->InstancesOf( "Win32_Process" );

$~ = PROCESS_HEADER;
write;
$~ = PROCESS_INFO;

# Cycle through each Win32_Process object 
# and write out its details...
foreach $Proc ( sort( SortProcs ( in( $ProcList ) ) ) )
{
    write;    
}

sub SortProcs 
{
  lc $a->{Name} cmp lc $b->{Name};
}

sub FormatNumber
{
    my( $Number ) = @_;
    my( $Suffix ) = "";
    my $K = 1024;
    my $M = 1024 * $K;

    if( $M <= $Number )
    {
        $Suffix = "M";
        $Number /= $M;
    }
    elsif( $K <= $Number )
    {
        $Suffix = "K";
        $Number /= $K;
    }

    $Number =~ s/(\.\d{0,2})\d*$/$1/;

    {} while ($Number =~ s/^(-?\d+)(\d{3})/$1,$2/);

    return( $Number . $Suffix );
}

sub FormatDate
{
    my( $Date ) = @_;
    $Date =~ s/(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2}).*/$1.$2.$3 $
+4:$5:$6/;
    return( $Date );
}

format PROCESS_HEADER =
@||| @||||| @|||||||||||||||| @|||| @|||||| @||||||| @||||||||||||||||
+||
PID, Parent, "Process Name", "Thrds", "Memory", "Mem Peak", "Created"
---- ------ ----------------- ----- ------- -------- -----------------
+--
.

format PROCESS_INFO =
@||| @||||| @<<<<<<<<<<<<<<<< @>>>> @>>>>>> @>>>>>>> @>>>>>>>>>>>>>>>>
+>>
$Proc->{'ProcessID'}, $Proc->{'ParentProcessID'}, $Proc->{Name}, $Proc
+->{'ThreadCount'}, FormatNumber( $Proc->{'WorkingSetSize'} ), FormatN
+umber( $Proc->{'PeakWorkingSetSize'} ), FormatDate( $Proc->{'Creation
+Date'} )
.

[download]

jdporter - added code tags

In reply to Detect new processes on a Win32 machine as they are created using Win32::OLE by davidmcveigh

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.