FiveTech Software tech support forums

www.FiveTechSoft.com
https://fivetechsupport.com/forums/

ID of the new process

https://fivetechsupport.com/forums/viewtopic.php?f=3&t=43907

Page 1 of 1

ID of the new process

PostPosted: Tue Nov 14, 2023 11:09 am
by Natter
Hi,

When creating an OLE object of an application (for example, Word), a new process is created. How do I get the ID of this process ?
I can make 2 lists of oWmi processes:ExecQuery("select * from Win32_Process where Name=") before and after creating the OLE object, and then compare them.
But maybe there are some other ways ?

Re: ID of the new process

PostPosted: Tue Nov 14, 2023 2:06 pm
by Antonio Linares
Your approach of comparing the lists of processes before and after creating the OLE object using WMI (Windows Management Instrumentation) is a reasonable way to identify the new process associated with the OLE object. However, there are a few other potential approaches you could consider:

1. **Using `GetOwner` Property:**
You can use the `GetOwner` property of the `Win32_Process` class to get the owner of the process. This information might help you identify the user who created the process.

```vbscript
Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
Set colProcesses = objWMIService.ExecQuery("Select * from Win32_Process Where Name = 'winword.exe'")

For Each objProcess In colProcesses
Set objOwner = objProcess.GetOwner()
WScript.Echo "Process ID: " & objProcess.ProcessId
WScript.Echo "Owner: " & objOwner.User
Next
```

This may not directly give you the ID of the process, but it provides additional information that might be useful.

2. **Using Shell.Application:**
Another approach is to use the `Shell.Application` object to open the document. This way, you can get a reference to the process and access its properties.

```vbscript
Set objShell = CreateObject("Shell.Application")
Set objDoc = objShell.Document

' Open Word document
Set objWord = objDoc.Application
' Now you can access the process ID using objWord.ProcessID
```

This approach directly provides access to the process ID associated with the Word application.

3. **Monitoring Process Creation:**
You can use the `Win32_ProcessStartTrace` event to monitor the creation of new processes. This approach involves setting up an event listener to capture process creation events.

```vbscript
Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
Set colMonitoredProcesses = objWMIService.ExecNotificationQuery _
("SELECT * FROM Win32_ProcessStartTrace")

Do
Set objProcess = colMonitoredProcesses.NextEvent
WScript.Echo "New Process ID: " & objProcess.ProcessID
Loop
```

Keep in mind that this method continuously monitors process creation, so you may need to implement some logic to filter out the specific process you are interested in.

Choose the method that best fits your requirements and the level of detail you need for your specific use case.

Re: ID of the new process

PostPosted: Tue Nov 14, 2023 8:00 pm
by Natter
Thank you, Antonio! A very comprehensive answer. A lot of useful things
All times are UTC
Page 1 of 1
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/