All geek questions in one place

How to track application opening?

I use a desktop application that should record the names and times of programs that a user opens on a PC. This is a C # application (WPF) that starts when a user logs in and starts without a user interface. For programs such as Word or IE, it also captures which document or URL they are viewing.

I currently have a working solution as follows:

Install the Windows Hook for the mouse. When this event fires, I use p-Invoke for "GetForegroundWindow" and then use the window handle for "GetWindowThreadProcessId", and ProcessId can get a System.Diagnostics.Process object containing the name, start time and start of the argument list. I keep a history list, so I only write a tracking record if this process / dd descriptor combination has not been written before.

This solution works fine, but requires a mouse hook that can be removed by Windows without any notification or problematic ability to check if it is all connected. Not to mention that this implementation seems to be a hack.

If there is a simpler approach, consult with him.

Thanks.

+4
source share
3 answers

You can use the __InstanceCreationEvent event, and the Win32_Process WMI class to monitor the created processes.

Try this sample C # application

 using System; using System.Collections.Generic; using System.Management; using System.Text; namespace GetWMI_Info { public class EventWatcherAsync { private void WmiEventHandler(object sender, EventArrivedEventArgs e) { //in this point the new events arrives //you can access to any property of the Win32_Process class Console.WriteLine("TargetInstance.Handle : " + ((ManagementBaseObject)e.NewEvent.Properties["TargetInstance"].Value)["Handle"]); Console.WriteLine("TargetInstance.Name : " + ((ManagementBaseObject)e.NewEvent.Properties["TargetInstance"].Value)["Name"]); } public EventWatcherAsync() { try { string ComputerName = "localhost"; string WmiQuery; ManagementEventWatcher Watcher; ManagementScope Scope; Scope = new ManagementScope(String.Format("\\\\{0}\\root\\CIMV2", ComputerName), null); Scope.Connect(); WmiQuery ="Select * From __InstanceCreationEvent Within 1 "+ "Where TargetInstance ISA 'Win32_Process' "; Watcher = new ManagementEventWatcher(Scope, new EventQuery(WmiQuery)); Watcher.EventArrived += new EventArrivedEventHandler(this.WmiEventHandler); Watcher.Start(); Console.Read(); Watcher.Stop(); } catch (Exception e) { Console.WriteLine("Exception {0} Trace {1}", e.Message, e.StackTrace); } } public static void Main(string[] args) { Console.WriteLine("Listening process creation, Press Enter to exit"); EventWatcherAsync eventWatcher = new EventWatcherAsync(); Console.Read(); } } }
+12
source

If you want to control the performance of everything that runs on Windows, this is the PerformanceCounter class . Each time the application launches windows, dozens of performance counters are created to track the ProcessID application, CPU usage, memory usage, I / O operations per second, etc.

For example, the following code will give you the Chrome process id:

 PerformanceCounter perf = new PerformanceCounter("Process", "ID Process", "chrome"); int procId = (int)perf.NextValue();

And you can also easily list categories, instances, and counters using the PerformanceCounterCategory class.

You can use the Windows PerfMon tool to get an idea of ​​what information you can get. I suggest you take a look at the Process category (using PerfMon), in which you will find a list of all active processes.

+2
source

If someone struggles with the answer (RRUZ Answer) - using System.Management; doesn’t work, just click on your project => Add ... => Add link => Search for System.Management, and then check it and click "OK"

0
source

Source: https://habr.com/ru/post/1414274/

More articles:


All Articles