[Tutor] How do I monitor running processes?

[Tim Golden]

[Ars]

| Is there a command that will monitor all running 
| processes/programs(on Windows ME)?  I'd like to make a 
| program that makes a beep when an unrecognized process, such 
| as an adware program, is running.  That way I'd know 
| immediately when one of these stealth programs not on my safe 
| list has installed itself.

I don't know if there's anything absolutely foolproof; I imagine
that stealth-type programs know pretty much all the tricks.
However, to answer your question in the most general way: you
might try looking at WMI. I don't know how much information I
need to give you, because you haven't indicated what level of
expertise you have, but if you're coming from zero, then start
with the Microsoft WMI page (tinyurl link to a Microsoft page):

http://tinyurl.com/awq7

and then at the WMI module for Python:

http://timgolden.me.uk/python/wmi.html

(<cough> yes, that is my name in the URL) and specifically at 
this example:

http://timgolden.me.uk/python/wmi_cookbook.html#watch_notepad

whicih gives you a simple example of how you set up a
WMI watcher to monitor a particular thing, in this case
a process. You can generalise it by watching for, in your
case, Creation rather than Deletion, and by removing the
ProcessId parameter which is narrowing it down to just the
notepad.exe process which the example creates. You could
check, for example, the Caption or Name or Description
attributes, all of which seem to hold the .exe of the
running program.

Be warned: I don't know how much of an overhead this will
have on the system. Try it cautiously before implementing
it for real.

TJG

________________________________________________________________________
This e-mail has been scanned for all viruses by Star. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________