Operating system event monitoring package

This package implements event monitoring with processes, file system, and registry.

Installation

$ pip install pywinwatcher

Usage

Process event monitoring

from threading import Thread
import keyboard
import pythoncom
import pywinwatcher

class Monitor(Thread):

    def __init__(self, action):

        Thread.__init__(self)
        self._action = action

    def run(self):
        print('Start monitoring...')
        #Use pythoncom.CoInitialize when starting monitoring in a thread.
        pythoncom.CoInitialize()
        proc_mon = pywinwatcher.ProcessMonitor(self._action)
        while not keyboard.is_pressed('ctrl+q'):
            proc_mon.update()
            print(
                proc_mon.timestamp,
                proc_mon.event_type,
                proc_mon.name,
                proc_mon.process_id
            )
        pythoncom.CoUninitialize()

monitor = Monitor('сreation')
monitor.start()

File system event monitoring

Example with FileMonitorAPI class use:

from threading import Thread
import keyboard
import pywinwatcher

class Monitor(Thread):

    def __init__(self, action):

        Thread.__init__(self)
        self._action = action

    def run(self):
        print('Start monitoring...')
        file_mon = pywinwatcher.FileMonitorAPI(Path=r'c:\\Windows')
        while not keyboard.is_pressed('ctrl+q'):
            file_mon.update()
            print(
                file_mon.timestamp,
                file_mon.event_type
            )
        pythoncom.CoUninitialize()

monitor = Monitor()
monitor.start()

Example with FileMonitorWMI class use:

from threading import Thread
import keyboard
import pythoncom
import pywinwatcher

class Monitor(Thread):

    def __init__(self):
        Thread.__init__(self)

    def run(self):
        print('Start monitoring...')
        #Use pythoncom.CoInitialize when starting monitoring in a thread.
        pythoncom.CoInitialize()
        file_mon = pywinwatcher.FileMonitorWMI(
            Drive=r'e:',
            Path=r'\\Windows\\',
            FileName=r'text',
            Extension=r'txt'
        )
        while not keyboard.is_pressed('ctrl+q'):
            file_mon.update()
            print(
                file_mon.timestamp,
                file_mon.event_type
            )
    pythoncom.CoUninitialize()

monitor = Monitor()
monitor.start()

Registry event monitoring

Example with RegistryMonitorAPI class use:

from threading import Thread
import keyboard
import pywinwatcher

class Monitor(Thread):

    def __init__(self, action):

        Thread.__init__(self)
        self._action = action

    def run(self):
        print('Start monitoring...')
        reg_mon = pywinwatcher.RegistryMonitorAPI(
            'UnionChange',
            Hive='HKEY_LOCAL_MACHINE',
            KeyPath=r'SOFTWARE'
        )
        while not keyboard.is_pressed('ctrl+q'):
            reg_mon.update()
            print(
                reg_mon.timestamp,
                reg_mon.event_type
            )
        pythoncom.CoUninitialize()

monitor = Monitor()
monitor.start()

Example with RegistryMonitorWMI class use:

from threading import Thread
import keyboard
import pythoncom
import pywinwatcher

class Monitor(Thread):

    def __init__(self):
        Thread.__init__(self)

    def run(self):
        print('Start monitoring...')
        #Use pythoncom.CoInitialize when starting monitoring in a thread.
        pythoncom.CoInitialize()
        reg_mon = pywinwatcher.RegistryMonitorWMI(
            'KeyChange',
            Hive='HKEY_LOCAL_MACHINE',
            KeyPath=r'SOFTWARE'
        )
        while not keyboard.is_pressed('ctrl+q'):
            reg_mon.update()
            print(
                reg_mon.timestamp,
                reg_mon.event_type
            )
    pythoncom.CoUninitialize()

monitor = Monitor()
monitor.start()

License

MIT Copyright (c) 2021 Evgeny Drobotun