Ejemplo n.º 1
0
<?php

$strComputer = ".";
$wmi = new COM("winmgmts:\\\\" . $strComputer . "\\root\\cimv2");
$wmiEvent = $wmi->ExecNotificationQuery("SELECT * FROM __InstanceOperationEvent Within 1 Where TargetInstance ISA 'Win32_LogicalDisk'");
$i = 1;
$i++;
while ($i != 0) {
    $usb = $wmiEvent->NextEvent;
    if ($usb->TargetInstance->DriveType == 2) {
        switch ($usb->Path_->Class) {
            case "__InstanceCreationEvent":
                echo "Drive " . $usb->TargetInstance->DeviceId . " has been added.\n";
                break;
            case "__InstanceDeletionEvent":
                echo "Drive " . $usb->TargetInstance->DeviceId . " has been removed.\n";
                break;
        }
    }
}
Ejemplo n.º 2
0
<?php

//This function converts "20120201211425.631101-300" and rearranges it from
// 2012 02 01 21 14 25 .631101-300
// Year  M  D  H  m  s  micro secs | -300 is offset (EST timezone in this case)
function win_time($timestr)
{
    return substr($timestr, 4, 2) . "/" . substr($timestr, 6, 2) . "/" . substr($timestr, 0, 4) . " " . substr($timestr, 8, 2) . ":" . substr($timestr, 10, 2) . ":" . substr($timestr, 12, 2) . " " . substr($timestr, -4);
    // OUTPUT: 02/01/2012 21:14:25 -300  (M/D/Y H:m:s TZ)
}
$strComputer = ".";
$wmi = new COM("winmgmts:\\\\" . $strComputer . "\\root\\cimv2");
$wmiEvent = $wmi->ExecNotificationQuery("SELECT * FROM __InstanceOperationEvent " . " Within .1 WHERE TargetInstance ISA 'Win32_Process'", "WQL");
$get_user = new Variant("", VT_BSTR);
$get_domain = new Variant("", VT_BSTR);
echo "Monitoring Processes ...\n";
while (true) {
    $evt = $wmiEvent->NextEvent;
    switch ($evt->Path_->Class) {
        case "__InstanceCreationEvent":
            $error = $evt->TargetInstance->GetOwner($get_user);
            if ($error != 0) {
                echo "Could not get Owner Info - Error: " . $error;
            } else {
                $evtCreated = win_time($evt->TargetInstance->CreationDate);
                $evt->TargetInstance->GetOwner($get_user, $get_domain);
                echo "New Process Created  : " . $evtCreated . "\n";
                echo "New Process Name     : " . $evt->TargetInstance->Name . "\n";
                echo "Process Owner        : " . $get_domain . "\\" . $get_user;
                echo "\n" . "New Process Path     : " . $evt->TargetInstance->ExecutablePath . "\n";
                echo "New Process ID       : " . $evt->TargetInstance->ProcessId . "\n";