Remove From My Forums

How to detect lunch or closing process ?

Question

0

Sign in to vote

I try to detect the launch and closing process on my machine, in real time. I have already made a working prototype based on a timer which maintains a list of active processes, but this is relatively slow and not very optimized.

I looked for a hook to do so but I have found nothing conclusive.

Would you have an idea? Advice? A track where I could look?

Thanks.

Saturday, May 09, 2009 4:55 PM

Reply

|

Quote

Answers

0

Sign in to vote
You can do it with the WMI Win32_ProcessTrace classes. Start a new Console application, Project + Add Reference, select System.Management.

using System;
using System.Management;

class Process {
public static void Main() {
    ManagementEventWatcher startWatch = new ManagementEventWatcher(
      new WqlEventQuery("SELECT * FROM Win32_ProcessStartTrace"));
    startWatch.EventArrived += new EventArrivedEventHandler(startWatch_EventArrived);
    startWatch.Start();
    ManagementEventWatcher stopWatch = new ManagementEventWatcher(
      new WqlEventQuery("SELECT * FROM Win32_ProcessStopTrace"));
    stopWatch.EventArrived += new EventArrivedEventHandler(stopWatch_EventArrived);
    stopWatch.Start();
    Console.WriteLine("Press ENTER to exit");
    Console.ReadLine();
    startWatch.Stop();
    stopWatch.Stop();
}

static void stopWatch_EventArrived(object sender, EventArrivedEventArgs e) {
    Console.WriteLine("Process stopped: {0}", e.NewEvent.Properties["ProcessName"].Value);
}

static void startWatch_EventArrived(object sender, EventArrivedEventArgs e) {
    Console.WriteLine("Process started: {0}", e.NewEvent.Properties["ProcessName"].Value);
}
}

Hans Passant.
- Marked as answer by ThitoO Sunday, May 10, 2009 1:27 PM
Saturday, May 09, 2009 5:35 PM

Reply

|

Quote

Moderator

All replies

0

Sign in to vote
You can do it with the WMI Win32_ProcessTrace classes. Start a new Console application, Project + Add Reference, select System.Management.

using System;
using System.Management;

class Process {
public static void Main() {
    ManagementEventWatcher startWatch = new ManagementEventWatcher(
      new WqlEventQuery("SELECT * FROM Win32_ProcessStartTrace"));
    startWatch.EventArrived += new EventArrivedEventHandler(startWatch_EventArrived);
    startWatch.Start();
    ManagementEventWatcher stopWatch = new ManagementEventWatcher(
      new WqlEventQuery("SELECT * FROM Win32_ProcessStopTrace"));
    stopWatch.EventArrived += new EventArrivedEventHandler(stopWatch_EventArrived);
    stopWatch.Start();
    Console.WriteLine("Press ENTER to exit");
    Console.ReadLine();
    startWatch.Stop();
    stopWatch.Stop();
}

static void stopWatch_EventArrived(object sender, EventArrivedEventArgs e) {
    Console.WriteLine("Process stopped: {0}", e.NewEvent.Properties["ProcessName"].Value);
}

static void startWatch_EventArrived(object sender, EventArrivedEventArgs e) {
    Console.WriteLine("Process started: {0}", e.NewEvent.Properties["ProcessName"].Value);
}
}

Hans Passant.
- Marked as answer by ThitoO Sunday, May 10, 2009 1:27 PM
Saturday, May 09, 2009 5:35 PM

Reply

|

Quote

Moderator

0

Sign in to vote

Thank you very much, it works :)

Sunday, May 10, 2009 1:25 PM

Reply

|

Quote

0

Sign in to vote

Hi,

how to do same in c++?

Nandkumar T.

Thursday, December 30, 2010 2:08 PM

Reply

|

Quote

0

Sign in to vote

I am using the WMI classes to detect launch/exit of a process and it works well. However this requires my app to run in an elevated mode. I cannot do that and need to support the app running without admin privileges as well.

The only other solution I can think of is polling every some interval on Process.GetProcesses and Process.HasExited to detect this.

Are there any other solutions?

Thanks,

Purvi

Thursday, January 12, 2012 1:57 PM

Reply

|

Quote