Just out of curiosity, is WMI able to list the TCP and UDP connections opened by a process or by the OS? We'll have to do this for psutil (http://code.google.com/p/psutil) and we guess it's not gonna be easy.
--- Giampaolo http://code.google.com/p/psutil http://code.google.com/p/pyftpdlib 2010/5/3 Tim Golden <m...@timgolden.me.uk>: > On 03/05/2010 12:02 PM, Richard Lamboj wrote: >> >> i want catch the following events: >> - registry has chanced >> - file has chanced >> - outgoing network connection >> - programm start >> >> and i want to be able to allow, or deny this "requests". > > Wow. That's quite a list. To do what you want in general > terms, you're into driver-level code which you're really > not going to be able to do with Python. Windows does > provide certain hooks and events but they're relatively > limited. And the final requirement of being able to allow > or deny requests is basically what the OS does via security, > so to do it yourself would be quite a large task, methinks. > > In principle, you can use WMI events to track some of > the things you've listed. The only one I'd really recommend > is "program[m] start" for which you can see an related example > here: > > http://timgolden.me.uk/python/wmi/cookbook.html#run-notepad-wait-until-it-s-closed-and-then-show-its-text > > Even there, WMI is polling on your behalf and if programs are > spawning fast enough you'll miss one or more events. > > File monitoring *can* be done with the same sort of technique > from within WMI, but don't: it will bring your disk to its > knees. Instead, use the file monitoring APIs, such as: > > http://timgolden.me.uk/python/win32_how_do_i/watch_directory_for_changes.html#use_readdirectorychanges > > I'm not aware of any technique for monitoring registry use, > altho' a scan of sysinternals (or its ms-owned replacement) > might yield something. And I'm not sure exactly what you > mean by "outgoing network connection": that's really what the > Windows firewall is there for. The firewall does have a WMI > interface, although at this moment I can't remember where it > is, which would enable you to set some things up, but I don't > believe it provides an event/callback mechanism. Might be worth > Googling to see if I'm wrong. > > And in all these cases, I'm really only talking about monitoring > usage: you can terminate a process once it's open; you can delete > a file once it's created; you can (possibly) nobble a socket > connection once it's been made, but anything else and you're > doing the Operating System's job for it. > > TJG > -- > http://mail.python.org/mailman/listinfo/python-list > -- http://mail.python.org/mailman/listinfo/python-list
