在 Windows 想要監控其他程式執行
可以利用 ManagementEventWatcher 去查詢 __InstanceCreationEvent 這個事件
當某程式執行起來之後 ManagementEventWatcher 即可接收到該事件
程式碼如下:
public ManagementEventWatcher WatchForProcessStart()
{
string queryString =
"SELECT TargetInstance FROM __InstanceCreationEvent " +
"WITHIN 5 " +
" WHERE TargetInstance ISA 'Win32_Process' ";
// The dot in the scope means use the current machine
string scope = @"\\.\root\CIMV2";
// Create a watcher and listen for events
ManagementEventWatcher watcher = new ManagementEventWatcher(scope, queryString);
watcher.EventArrived += ProcessStarted;
watcher.Start();
return watcher;
}
private void ProcessStarted(object sender, EventArrivedEventArgs e)
{
try
{
// 取得執行的 Process 資訊
ManagementBaseObject targetInstance = (ManagementBaseObject)e.NewEvent.Properties["TargetInstance"].Value;
string queryResult = targetInstance.GetText(TextFormat.Mof);
// 截取執行的 ProcessID
string processId = queryResult.Split(new char[] {'"'})[1];
// 取得執行的 Process
Process p = Process.GetProcessById(Convert.ToInt16(processId));
System.Windows.Forms.MessageBox.Show(p.ProcessName);
}
catch (Exception ex)
{
System.Windows.Forms.MessageBox.Show(ex.Message);
}
}
以上程式為監看全部的程式
如果要指定特定程式
可以在 queryString 加上條件
如:
string queryString =
"SELECT TargetInstance FROM __InstanceCreationEvent " +
"WITHIN 5 " +
" WHERE TargetInstance ISA 'Win32_Process' " +
" AND TargetInstance.Name = 'notepad.exe'";
參考網址1
參考網址2
另外windows有個程式可以使用 "開始"->"執行"->"wbemtest"
可以利用 ManagementEventWatcher 去查詢 __InstanceCreationEvent 這個事件
當某程式執行起來之後 ManagementEventWatcher 即可接收到該事件
程式碼如下:
public ManagementEventWatcher WatchForProcessStart()
{
string queryString =
"SELECT TargetInstance FROM __InstanceCreationEvent " +
"WITHIN 5 " +
" WHERE TargetInstance ISA 'Win32_Process' ";
// The dot in the scope means use the current machine
string scope = @"\\.\root\CIMV2";
// Create a watcher and listen for events
ManagementEventWatcher watcher = new ManagementEventWatcher(scope, queryString);
watcher.EventArrived += ProcessStarted;
watcher.Start();
return watcher;
}
private void ProcessStarted(object sender, EventArrivedEventArgs e)
{
try
{
// 取得執行的 Process 資訊
ManagementBaseObject targetInstance = (ManagementBaseObject)e.NewEvent.Properties["TargetInstance"].Value;
string queryResult = targetInstance.GetText(TextFormat.Mof);
// 截取執行的 ProcessID
string processId = queryResult.Split(new char[] {'"'})[1];
// 取得執行的 Process
Process p = Process.GetProcessById(Convert.ToInt16(processId));
System.Windows.Forms.MessageBox.Show(p.ProcessName);
}
catch (Exception ex)
{
System.Windows.Forms.MessageBox.Show(ex.Message);
}
}
以上程式為監看全部的程式
如果要指定特定程式
可以在 queryString 加上條件
如:
string queryString =
"SELECT TargetInstance FROM __InstanceCreationEvent " +
"WITHIN 5 " +
" WHERE TargetInstance ISA 'Win32_Process' " +
" AND TargetInstance.Name = 'notepad.exe'";
參考網址1
參考網址2
另外windows有個程式可以使用 "開始"->"執行"->"wbemtest"
全站熱搜
留言列表
