delphi利用wmi监视程序的启动与退出

unit Unit1;

interface

uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, ActiveX, WbemScripting_TLB, ExtCtrls;

type
TForm1 = class(TForm)
    Panel1: TPanel;
    Panel2: TPanel;
    Button1: TButton;
    Button2: TButton;
    Memo1: TMemo;
    procedure Button1Click(Sender: TObject);
    procedure Button2Click(Sender: TObject);
    procedure FormShow(Sender: TObject);
    procedure FormCloseQuery(Sender: TObject; var CanClose: Boolean);
private
    { Private declarations }
    Locator        : SWbemLocator;
    Service        : SWbemServices;
    wmiDateTime    : SWbemDateTime;
    wmiProcesses   : ISWbemEventSource;
    FlagClose      : Boolean;

public
    { Public declarations }
end;

var
Form1: TForm1;

implementation

{$R *.dfm}

procedure TForm1.FormShow(Sender: TObject);
begin
    Button2.Enabled := False;
end;

procedure TForm1.Button1Click(Sender: TObject);
var
    strSever       : WideString;
    strNameSpace   : WideString;
    strUser        : WideString;
    strPassword    : WideString;
    strLocale      : WideString;
    strAuthority   : WideString;
    iSecurityFlags : Integer;
    strQuery       : WideString;
    wmiClass       : WideString;
    iFlags         : Integer;
    Proc           : OleVariant;
    strText        : String;
begin
    strSever       := '.';
    strNameSpace   := 'root\CIMV2';
    strUser        := '';
    strPassword    := '';
    strLocale      := '';
    strAuthority   := '';
    iSecurityFlags := 0;

    try
    Locator := CoSWbemLocator.Create;
    Service := Locator.ConnectServer(strSever,strNameSpace,strUser,strPassword,
                                     strLocale,strAuthority,iSecurityFlags,nil);
    wmiDateTime := CoSWbemDateTime.Create;
    wmiClass := QuotedStr('Win32_Process');
    strQuery := 'SELECT * FROM __InstanceOperationEvent WITHIN 1 '+
               'WHERE TargetInstance ISA '+wmiClass;
    iFlags       := wbemFlagForwardOnly or wbemFlagReturnImmediately;
    //监视开始
    wmiProcesses := Service.ExecNotificationQuery(strQuery,'WQL',iFlags,nil);

    Button1.Enabled := False;
    Button2.Enabled := True;
    FlagClose       := False;
    Memo1.Lines.Clear;
    Panel1.Caption :='';

    while True do begin
     try

       Proc := wmiProcesses.NextEvent(10);

       if Proc.Path_.class='__InstanceCreationEvent' then begin
         strText := Proc.TargetInstance.Caption;
         wmiDateTime.Value := Proc.TargetInstance.CreationDate;
         Memo1.Lines.Add(strText+' '+
                         DateTimeToStr(wmiDateTime.GetVarDate(True))+'　　启动');
       end else
       if Proc.Path_.class='__InstanceDeletionEvent' then begin
         strText := Proc.TargetInstance.Caption;
         wmiDateTime.Value := Proc.TargetInstance.CreationDate;
         Memo1.Lines.Add(strText+' '+
                         DateTimeToStr(wmiDateTime.GetVarDate(True))+' 　退出');
       end;

     except
     end;

     if FlagClose then break;
     Application.ProcessMessages;
    end;
    except on ex: Exception do
    ShowMessage(ex.Message);
    end;
    Button1.Enabled := True;
    Button2.Enabled := False;

end;

procedure TForm1.Button2Click(Sender: TObject);
begin
   Locator        := nil;
   Service        := nil;
   wmiDateTime    := nil;
   wmiProcesses   := nil;
   Button1.Enabled := True;
   Button2.Enabled := False;
end;

procedure TForm1.FormCloseQuery(Sender: TObject; var CanClose: Boolean);
begin
    FlagClose := True;
end;

end.

http://hi.baidu.com/9908006/blog/item/cca583c218222539e4dd3b27.html