.NET Process Monitor

Question

Is there a way to determine when the last time a specific machine last ran a process?

I can use the following to determine if a process is running, but the application cannot grab the process if it has since stopped.

Process[] process = Process.GetProcessesByName(processName, serverName); 

Answer 1

WMI provides a way to track processes starting and terminating with the Win32_ProcessTrace classes. Best shown with an example. Start a new Console application, Project + Add Reference, select System.Management. Paste this code:

using System; using System.Management;  class Process {   public static void Main() {     ManagementEventWatcher startWatch = new ManagementEventWatcher(       new WqlEventQuery("SELECT * FROM Win32_ProcessStartTrace"));     startWatch.EventArrived += new EventArrivedEventHandler(startWatch_EventArrived);     startWatch.Start();     ManagementEventWatcher stopWatch = new ManagementEventWatcher(       new WqlEventQuery("SELECT * FROM Win32_ProcessStopTrace"));     stopWatch.EventArrived += new EventArrivedEventHandler(stopWatch_EventArrived);     stopWatch.Start();     Console.WriteLine("Press any key to exit");     while (!Console.KeyAvailable) System.Threading.Thread.Sleep(50);     startWatch.Stop();     stopWatch.Stop();   }    static void stopWatch_EventArrived(object sender, EventArrivedEventArgs e) {     Console.WriteLine("Process stopped: {0}", e.NewEvent.Properties["ProcessName"].Value);   }    static void startWatch_EventArrived(object sender, EventArrivedEventArgs e) {     Console.WriteLine("Process started: {0}", e.NewEvent.Properties["ProcessName"].Value);   } } 

Edit the manifest so this program runs elevated. Then simply start some programs to see it at work. Beware that it is not especially quick.