PowerShell: how to get detailed information about a WMI event?

Question

I'm learning PowerShell 2.0 on Windows 7.

My task is simple: I want to listen for a WMI event and then display some information about it.

Here is what I'm currently doing:

Register-WmiEvent -class win32_ProcessStartTrace -sourceIdentifier processStart
Wait-Event

It seems to work. Indeed, I get this when I start a process:

ComputerName     :
RunspaceId       : bb0f38b9-2f2e-4f7c-98ec-ec3811e8e601
EventIdentifier  : 11
Sender           : System.Management.ManagementEventWatcher
SourceEventArgs  : System.Management.EventArrivedEventArgs
SourceArgs       : {System.Management.ManagementEventWatcher, System.Management.EventArrivedEventArgs}
SourceIdentifier : processStart
TimeGenerated    : 26/09/2009 15:19:25
MessageData      :

Problem is, I don't know how to get detailed information about the event. For example, how do I get the name of the process that just started? Ideally, I would have something like this:

__GENUS             : 2
__CLASS             : Win32_ProcessStartTrace
__SUPERCLASS        : Win32_ProcessTrace
__DYNASTY           : __SystemClass
__RELPATH           :
__PROPERTY_COUNT    : 7
__DERIVATION        : {Win32_ProcessTrace, Win32_SystemTrace, __ExtrinsicEvent, __Event...}
__SERVER            :
__NAMESPACE         :
__PATH              :
ParentProcessID     : 1480
ProcessID           : 6860
ProcessName         : notepad++.exe
SECURITY_DESCRIPTOR :
SessionID           : 1
Sid                 : {1, 5, 0, 0...}
TIME_CREATED        : 128984449371986347

I can get the above information when I do

(get-event).sender.waitfornextevent()

But, obviously, that's not really what I had in mind - I don't want to wait for another event, I want info on the current one.

Answer 1

Take a gander here: http://blogs.msdn.com/powershell/archive/2009/08/30/exploring-wmi-with-powershell-v2.aspx