I’m trying to replicate the following VBS script, to check for process
creation:
Set objWMIService = GetObject(“winmgmts:\.\root\CIMV2”)
Set mySink =
WScript.CreateObject(“WbemScripting.SWbemSink”,“HOOKMETHOD_”)
SQL = “SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE
TargetInstance ISA ‘Win32_Process’”
objWMIservice.ExecNotificationQueryAsync mySink, SQL
Wscript.Sleep(100000)
Sub HOOKMETHOD_OnObjectReady(objObject, objAsyncContext)
Wscript.Echo "Creation of " & objObject.TargetInstance.Name
End Sub
The VBS script defines a HOOKMETHOD_OnObjectReady procedure to be called
when mySink sends an async event.
I’ve translated into this ruby code, but it doesn’t work. I think that
the problem is when defining the mySink HOOKMETHOD.
require ‘win32ole’
$stderr.sync = $stdout.sync = true
objWMIService = WIN32OLE.connect(‘winmgmts:\\.\root\CIMV2’)
mySink = WIN32OLE.new(“WbemScripting.SWbemSink”,“HOOKMETHOD_”)
SQL = “SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE
TargetInstance ISA ‘Win32_Process’”
objWMIservice.ExecNotificationQueryAsync mySink, SQL
sleep 100
def HOOKMETHOD_OnObjectReady(objObject, objAsyncContext)
print “Creation of #{objObject.TargetInstance.Name}”
end
The error that it gives to me is:
sink.rb:5:in initialize': failed to create DCOM serverWbemScripting.SWbemSink’ in HOOKMETHOD_' (WIN32OLERuntimeError) HRESULT error code:0x800706ba RPC server not available. from sink.rb:5:innew’
from sink.rb:5:in `’
Does anyone knows how to make this code works?