Whenever someone thinks about hooking Microsoft Windows events, one thinks about rootkits, low level C++ code, and Windows API calls. There’s another approach to achieve similar things using just pre-installed Windows tools and without knowing anything about Windows internals. WMI is its name.
From the Microsoft Developer Network (MSDN):
WMI (Windows Management Instrumentation) is the infrastructure for management data and operations on Windows-based operating systems. You can write WMI scripts or applications to automate administrative tasks