当前位置:theitroad>C# 进程可执行文件启动的 .NET 事件

C# 进程可执行文件启动的 .NET 事件

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/848618/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-08-05 04:03:42  来源:igfitidea点击:

.NET Events for Process executable start

c#.neteventsprocess

提问by Adam Haile

Is there any way to register for an event that fires when an executable of a particular filename starts? I know it's easy enough to get an event when a process exits, by getting the process handle and registering for the exited event. But how can you be notified when a process, that isn't already running, starts...without polling all the running processes?

有没有办法注册特定文件名的可执行文件启动时触发的事件?我知道通过获取进程句柄并注册退出事件,在进程退出时获取事件很容易。但是,当一个尚未运行的进程启动时,您如何得到通知......而不轮询所有正在运行的进程?

采纳答案by Clive

You could use the following:

您可以使用以下内容:

    private ManagementEventWatcher WatchForProcessStart(string processName)
    {
        string queryString =
            "SELECT TargetInstance" +
            "  FROM __InstanceCreationEvent " +
            "WITHIN  10 " +
            " WHERE TargetInstance ISA 'Win32_Process' " +
            "   AND TargetInstance.Name = '" + processName + "'";

        // The dot in the scope means use the current machine
        string scope = @"\.\root\CIMV2";

        // Create a watcher and listen for events
        ManagementEventWatcher watcher = new ManagementEventWatcher(scope, queryString);
        watcher.EventArrived += ProcessStarted;
        watcher.Start();
        return watcher;
    }

    private ManagementEventWatcher WatchForProcessEnd(string processName)
    {
        string queryString =
            "SELECT TargetInstance" +
            "  FROM __InstanceDeletionEvent " +
            "WITHIN  10 " +
            " WHERE TargetInstance ISA 'Win32_Process' " +
            "   AND TargetInstance.Name = '" + processName + "'";

        // The dot in the scope means use the current machine
        string scope = @"\.\root\CIMV2";

        // Create a watcher and listen for events
        ManagementEventWatcher watcher = new ManagementEventWatcher(scope, queryString);
        watcher.EventArrived += ProcessEnded;
        watcher.Start();
        return watcher;
    }

    private void ProcessEnded(object sender, EventArrivedEventArgs e)
    {
        ManagementBaseObject targetInstance = (ManagementBaseObject) e.NewEvent.Properties["TargetInstance"].Value;
        string processName = targetInstance.Properties["Name"].Value.ToString();
        Console.WriteLine(String.Format("{0} process ended", processName));
    }

    private void ProcessStarted(object sender, EventArrivedEventArgs e)
    {
        ManagementBaseObject targetInstance = (ManagementBaseObject)e.NewEvent.Properties["TargetInstance"].Value;
        string processName = targetInstance.Properties["Name"].Value.ToString();
        Console.WriteLine(String.Format("{0} process started", processName));
    }

You would then call either WatchForProcessStart and/or WatchForProcessEnd passing in your process name (eg "notepad.exe").

然后您将调用 WatchForProcessStart 和/或 WatchForProcessEnd 并传入您的进程名称(例如“notepad.exe”)。

The ManagementEventWatcher object is returned from the two Watch* methods as it implements IDisposable and so you should call Dispose on these objects when you have finished with them to prevent issues.

ManagementEventWatcher 对象在实现 IDisposable 时从两个 Watch* 方法返回,因此您应该在完成这些对象后调用 Dispose 以防止出现问题。

You could also change the polling value in the queries if you need the event to be raised more quickly after the process has started. To do this change the line "WITHIN 10" to be WITHIN something less than 10.

如果您需要在流程开始后更快地引发事件,您还可以更改查询中的轮询值。为此,将“WITHIN 10”行更改为小于 10 的内容。

回答by Richard

WMI can create events when processes are created. You could then filter these events.

WMI 可以在创建进程时创建事件。然后您可以过滤这些事件。

回答by Developer

Here is code.

这是代码。

Notice that you have to start Visual Studio like Administrator in order to execute this code.

请注意,您必须像管理员一样启动 Visual Studio 才能执行此代码。

using System;
using System.Management;

namespace AppLaunchDetector
{
    class Program
    {
        static void Main(string[] args)
        {           
            ManagementEventWatcher w = null;
            WqlEventQuery q;
            try
            {
                q = new WqlEventQuery();
                q.EventClassName = "Win32_ProcessStartTrace";
                w = new ManagementEventWatcher(q);
                w.EventArrived += new EventArrivedEventHandler(ProcessStartEventArrived);
                w.Start();
                Console.ReadLine(); // block main thread for test purposes
            }
            catch (Exception ex)
            {

            }
            finally
            {
                w.Stop();
            }
        }

        static void ProcessStartEventArrived(object sender, EventArrivedEventArgs e)
        {
            foreach (PropertyData pd in e.NewEvent.Properties)
            {
                Console.WriteLine("\n============================= =========");
                Console.WriteLine("{0},{1},{2}", pd.Name, pd.Type, pd.Value);
            }
        }
    }
}

相关推荐

Linux UDP丢包原因

Linux UDP丢包原因

如何以编程方式限制我的 c# 应用程序的带宽使用?

如何以编程方式限制我的 c# 应用程序的带宽使用?

Linux 如果使用 NGINX 找不到文件,如何重写

Linux 如果使用 NGINX 找不到文件,如何重写

如何设置 GTK+ 以在 Ubuntu Linux 上使用 Code::Blocks 进行开发

如何设置 GTK+ 以在 Ubuntu Linux 上使用 Code::Blocks 进行开发

相关推荐
最近更新
标签