OnProcess.vbs

'OnProcess v1.0.1
'https://pastebin.com/u/jcunews
'https://www.reddit.com/user/jcunews1
'
'Execute an application, display a message, or prompt to execute another
'application, when a specific process is started or stopped.
'
'Usage: OnProcess [log file] [/q]
'
'If log file is specified, process start and stop events will be added into
'the log file.
'
'A "OnProcess.ini" configuration file in the same directory as this script
'file is required. If not found, a prompt will be presented for creating
'a sample configuration file in the same directory as this script file.
'
'This script should be run with elevated privileges. Otherwise, it won't be
'able to check and match against processes which are elevated or were run
'using different user account.
'
'Only one instance of the script will be run. Use the /q switch to stop the
'script.

set ws = createobject("wscript.shell")
set fs = createobject("scripting.filesystemobject")
sf = fs.getspecialfolder(2) & "\OnProcess."
tf = sf & "stop"
sf = sf & "run"
if fs.fileexists(sf) then
  on error resume next
  fs.deletefile sf
  if err.number <> 0 then wsh.quit
  on error goto 0
end if
cf = left(wsh.scriptfullname, instrrev(wsh.scriptfullname, "\")) & _
  "OnProcess.ini"
if not fs.fileexists(cf) then
  if msgbox("OnProcess.ini configuration file is not found." & _
    vbcrlf & "Do you want to create a sample configuration file?", 36, _
    "OnProcess") = 6 then
    set f = fs.opentextfile(wsh.scriptfullname)
    s = f.readall
    f.close
    on error resume next
    set f = fs.createtextfile(cf, true)
    if err.number = 0 then
      f.write replace(mid(s, instr(s, "''" & vbcrlf) + 4), "'", "")
      f.close
      ws.run "notepad.exe """ & cf & """"
    else
      msgbox "Can not create sample configuration file." & vbcrlf & _
        err.description, 16, "OnProcess"
    end if
  end if
  wsh.quit 1
end if
pd = ""
if wsh.arguments.count > 0 then
  df = trim(wsh.arguments(0))
else
  df = ""
end if
set rf = fs.createtextfile(sf)
set es = wsh.createobject("wbemscripting.swbemsink", "es_")
set et = wsh.createobject("wbemscripting.swbemsink", "et_")
set wm = getobject("winmgmts:")
for each o in wm.execquery("select * from win32_process")
  set ob = o
  exit for
next
wm.execnotificationqueryasync es, "select * from __instancecreationevent " & _
  "within 1 where targetinstance isa 'win32_process'"
wm.execnotificationqueryasync et, "select * from __instancedeletionevent " & _
  "within 1 where targetinstance isa 'win32_process'"
do while not fs.fileexists(tf)
  wsh.sleep 1000
loop
fs.deletefile tf
rf.close
fs.deletefile sf

sub log(s)
  if df = "" then exit sub
  dim f
  f = timer
  s = now & "." & right("00000" & clng((f - int(f)) * 1000000), 6) & ": " & s
  on error resume next
  set f = fs.opentextfile(df, 8, true)
  if err.number = 0 then
    f.writeline s
    f.close
  end if
end sub

function pstr(ob)
  pstr = "PID=" & ob.processid & "/0x" & hex(ob.processid) & _
    ", ParentPID=" & ob.parentprocessid & "/0x" & hex(ob.parentprocessid) & _
    ", Name=" & ob.name & ", Path=" & ob.executablepath & _
    ", Cmdline=" & ob.commandline
end function

function repl(s)
  dim x, i, m, a
  set x = new regexp
  x.global = true
  x.pattern = "`[`n]"
  i = 1
  repl = ""
  set m = x.execute(s)
  for each a in m
    if a.firstindex > i then repl = repl & mid(s, i, a.firstindex - i + 1)
    select case ucase(a.value)
      case "``" repl = repl & "`"
      case "`N" repl = repl & vbcrlf
    end select
    i = a.firstindex + a.length + 1
  next
  if i <= len(s) then repl = repl & mid(s, i)
end function

sub doconfig(ob, start, t, n, p, r, s, c, a, y, o)
  if (start <> t) or ((n = "") and (p = "")) then _
    exit sub 'mismatched event type
  if ((n = "") or (n = ucase(ob.name))) and _
    ((p = "") or (p = ucase(ob.executablepath))) then
    if r <> "" then 'execute application
      ws.run r, s
    else 'execute internal command
      select case c
        case "MESSAGE"
          msgbox a, 64, "OnProcess"
        case "CONFIRM"
          select case msgbox(a, 35, "OnProcess")
            case 6 'execute application for "yes" answer
              if y <> "" then ws.run y, s
            case 7 'execute application for "no" answer
              if o <> "" then ws.run o, s
          end select 'else: cancel. do nothing
      end select 'else: ignore unsupported internal command
    end if
  end if 'else: mismatched
end sub

sub chkconfig(ob, start)
  dim f, d, l, m, i, t, n, p, r, s, c, a, y, o
  on error resume next
  set f = fs.opentextfile(cf)
  if err.number = 0 then
    err.clear
    d = f.readall
    if err.number = 0 then
      pd = d
    else
      d = pd
    end if
  else
    d = pd
  end if
  on error goto 0
  t = true
  n = ""
  p = ""
  r = ""
  s = 1
  c = ""
  a = ""
  y = ""
  o = ""
  for each l in split(d, vbcrlf)
    l = trim(l)
    if l <> "" then
      if left(l, 1) <> ";" then
        if left(l, 1) = "[" then 'start of event handler
          doconfig ob, start, t, n, p, r, s, c, a, y, o
          t = true
          n = ""
          p = ""
          r = ""
          s = 1
          c = ""
          a = ""
          y = ""
          o = ""
        else 'event handler settings
          i = instr(l, "=")
          if i > 0 then
            m = ucase(trim(left(l, i - 1)))
            l = trim(mid(l, i + 1))
            select case m
              case "TYPE"
                select case ucase(l)
                  case "START" t = true
                  case "STOP"  t = false
                end select
              case "NAME" n = ucase(l)
              case "PATH" p = ucase(l)
              case "RUN"
                if l <> "" then
                  if left(l, 1) = "*" then 'internal command
                    i = instr(l, ":")
                    if i > 0 then
                      c = ucase(trim(mid(l, 2, i - 2)))
                      select case c
                        case "MESSAGE" rem
                        case "CONFIRM" rem
                        case else c = ""
                      end select
                      a = repl(mid(l, i + 1))
                    end if 'else: ignore invalid internal command syntax
                  else 'application command line
                    r = l
                  end if
                end if 'else: ignore empty "run" setting
              case "SHOW"
                l = ucase(l)
                select case l
                  case "NORMAL"    s = 1
                  case "MAXIMIZED" s = 3
                  case "MINIMIZED" s = 2
                  case "HIDDEN"    s = 0
                end select 'else: ignore invalid show mode
              case "ONYES" y = l
              case "ONNO"  o = l
            end select
          end if 'else: ignore invalid setting
        end if
      end if
    end if
  next
  doconfig ob, start, t, n, p, r, s, c, a, y, o
  f.close
end sub

sub es_onobjectready(ob, ct)
  set ob = ob.targetinstance
  log "STARTED: " & pstr(ob)
  chkconfig ob, true
end sub

sub et_onobjectready(ob, ct)
  set ob = ob.targetinstance
  log "STOPPED: " & pstr(ob)
  chkconfig ob, false
end sub

''Do not delete below lone "''" line, since it's used as a marker for the
''start of the sample OnProcess.ini file.
''
';Lines which starts with semicolon or empty/blank lines, are ignored.
';
';Lines which starts with "[" followed by optional label and followed by "]",
';are used as the start of an event handler's settings. Any text
';following the "]" is ignored.
';
';Each event handler setting is a pair of a name and a value separated by "=".
';Settings:
';  type  Optional type of process event: start (default), or stop.
';  name  Process file name without any path.
';  path  Process file path including the file name.
';  run   Application command line to execute, or an internal command.
';  show  Application UI mode: normal (default), maximized, minimized, hidden.
';        This does not apply if "run" specifies an internal command.
';
';"name"/"path" and "run" settings must be present, otherwise the event
';handler is ignored. Any unsupported setting name is ignored.
';
';Internal command has this format: *command:parameters
';Commands:
';  message  Display a message box. Parameter is the message text. New lines
';           are specified using "`" and to specify literal "`", use "``".
';  confirm  Display a confirmation box. Parameter is same as above.
';           Optional "onyes" and "onno" settings contains an application
';           command line to execute.
';
';Any changes made to this file is immediately effective as long as it's not
';locked by the text editor application. There is no need to restart the script
';If the script fails to read the configuration file for any reason, it will
';use the cached version of the configuration file data.
'
'[notepad32]
'path=c:\windows\syswow64\notepad.exe
'run=*message:32-bit Notepad is executed.
'
'[wordpad]
'type=stop
'name=wordpad.exe
'run=winver.exe
'
'[calc]
'name=calc.exe
'run=*confirm:Is it`nthe ``correct```napplication?
'onno=winver.exe