Yesterdays Google Hangout

[Sunny Chakraborty]

Brendan and I did some code walkthroughs on WMI and WMI Eventing.

We didnt do much on the book.

Here is a sample of what we did:

Try this in Powershell. (copy paste)

$query =  "Select * FROM __InstanceCreationEvent WITHIN 2 WHERE TargetInstance ISA 'Win32_Process'"

Register-WmiEvent -Query $query -SourceIdentifier WMIEvtTrick -Action{$Global:I2=$event 

    Write-Host "$($Event.SourceEventArgs.NewEvent.TargetInstance.Name) created"

    }

---

then start notepad

or start any other application.