Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is there a way to attach an event handler to the list of running processes in C#?

Tags:

c#

windows

process

events

I'm currently writing a winforms application that is sensitive to programs being run in the background. At the moment I have a thread checking every second if the process I'm interested in has started/is still running, but I'm sure this would be much easier if I could just use an event to tell me when the user has opened/closed the application. Note that I am not starting the process manually within the program; the user has total control over that. Looking through the process documentation I don't see anything. Is there any way to hook into this?

like image 556
ssb Avatar asked Feb 12 '14 14:02

ssb

2 Answers

You can also use WMI Events to track this.

Here is an example:

static void Main(string[] args)
{
    var query = new EventQuery("SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance isa \"Win32_Process\"");

    using (var eventWatcher = new ManagementEventWatcher(query))
    {
        eventWatcher.EventArrived += eventWatcher_EventArrived;
        eventWatcher.Start();
        Console.WriteLine("Started");
        Console.ReadLine();
        eventWatcher.EventArrived -= eventWatcher_EventArrived;
        eventWatcher.Stop();
    }
}

static void eventWatcher_EventArrived(object sender, EventArrivedEventArgs e)
{
    try
    {
        var instanceDescription = e.NewEvent.GetPropertyValue("TargetInstance") as ManagementBaseObject;
        if(instanceDescription!=null)
        {
            var executablePath = instanceDescription.GetPropertyValue("ExecutablePath");
            if(executablePath!=null)
            {
                Console.WriteLine("Application {0} started", executablePath.ToString());
            }
         }
    }
    catch (ManagementException) { }
}

There are a lot of process attributes that can be received. Like Priority, Description, Command Line arguments, etc. You can look in instanceDescription.Properties for details.

like image 149
Nick Avatar answered Nov 03 '22 00:11

Nick

Well, at the very least, it should be possible to create a hook on the CreateProcess WinAPI method. You could even use that to prevent the process from starting at all (by simply returning false if you don't want the process to start). Of course, you'll have to make a hook on every method that can start a new process, but there's not all that many.

As Purrformance suggested, http://easyhook.codeplex.com/ is a great lib to easily create hooks from .NET.

like image 28
Luaan Avatar answered Nov 03 '22 00:11

Luaan
Sign in to Comment

Related questions

Is stringbuilder necessary anymore?
Automapper for a nested list with one item ignored
How can I get my MultiSelectList to bind to my data model?
ServiceStack - Using gzip/deflate compression with JSONP requests
System.Diagnostics.Trace, simplest possible programmatic configuration
LINQ: Order By Count of most common value
Task async controller method does not hit
Func<T, TResult> property in F#
Can I define C# aliases/keywords for my own classes like int, string, object?
Algorithmic complexity of Regular Languages in Extended Regular Language frameworks
SQL Select when data changes [closed]
How to convert boolean to localized string
Missing half of first pixel column after a Graphics Transform Scale
Exception that a constructor parameter doesn't exist when it does
Regex to parse function and parameters
Environment.UserName returning application pool name instead of username
P/Invoke with arrays of double - marshalling data between C# and C++
Windows Azure access App_Data
C# equivalent of VB.NET interface implementations
Error: member names cannot be the same as their enclosing type [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!