[Ars] | Is there a command that will monitor all running | processes/programs(on Windows ME)? I'd like to make a | program that makes a beep when an unrecognized process, such | as an adware program, is running. That way I'd know | immediately when one of these stealth programs not on my safe | list has installed itself.
I don't know if there's anything absolutely foolproof; I imagine that stealth-type programs know pretty much all the tricks. However, to answer your question in the most general way: you might try looking at WMI. I don't know how much information I need to give you, because you haven't indicated what level of expertise you have, but if you're coming from zero, then start with the Microsoft WMI page (tinyurl link to a Microsoft page): http://tinyurl.com/awq7 and then at the WMI module for Python: http://timgolden.me.uk/python/wmi.html (<cough> yes, that is my name in the URL) and specifically at this example: http://timgolden.me.uk/python/wmi_cookbook.html#watch_notepad whicih gives you a simple example of how you set up a WMI watcher to monitor a particular thing, in this case a process. You can generalise it by watching for, in your case, Creation rather than Deletion, and by removing the ProcessId parameter which is narrowing it down to just the notepad.exe process which the example creates. You could check, for example, the Caption or Name or Description attributes, all of which seem to hold the .exe of the running program. Be warned: I don't know how much of an overhead this will have on the system. Try it cautiously before implementing it for real. TJG ________________________________________________________________________ This e-mail has been scanned for all viruses by Star. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ _______________________________________________ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
