Enumerating the consumers of WMI Events

Question

There are many examples in the net which are demonstrating how to subscribe to an event source (like RegistryValueChangeEvent), and invoke some code in response to that event.

But is there a way to enumerate such listeners? For example, I'd like to list all scripts or programs (f.e. their PIDs) that are listening to RegistryValueChangeEvent. Is this possible in WMI?

Here is an example script file, listening for registry change event, that I'd like to detect:

strComputer = "."

Set objWMIServices=GetObject( _
    "winmgmts:{impersonationLevel=impersonate}!\\" & _ 
    strComputer & "\root\default")

set objSink = WScript.CreateObject( _
    "WbemScripting.SWbemSink","SINK_")

objWMIServices.ExecNotificationQueryAsync objSink, _
    "Select * from RegistryValueChangeEvent Where " & _
    "Hive = 'HKEY_LOCAL_MACHINE' and " & _
    "KeyPath = 'SYSTEM\\ControlSet001\\Control' and " & _
    "ValueName = 'CurrentUser'"

WScript.Echo "Listening for Registry " _
    & "Change Events..." & vbCrLf 

While(True) 
    WScript.Sleep 1000 
Wend 

Sub SINK_OnObjectReady(wmiObject, wmiAsyncContext) 
    WScript.Echo "Received Registry Value Change Event" _
    & vbCrLf & wmiObject.GetObjectText_() 
End Sub

Answer 1

This is one of those semi-answers that "gives some additional info" but doesn't solve your question

If you want to see the permanent event consumers, they'll be registered in the WMI root\subscription namespace (Win XP & later). Look for instances of the three things that permanent consumers require: __EventFilter, __EventConsumer (or one of the derived types), and __FilterToConsumerBinding.

Unfortunately, that doesn't address how to find temporary event consumers - calls to ExecNotificationQueryAsync - which is what you've asked about.
(But I thought I'd mention it in case it's at all helpful.)