C# .NET 进程监视器
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1986249/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
.NET Process Monitor
提问by Nick Vaccaro
Is there a way to determine when the last time a specific machine last ran a process?
有没有办法确定特定机器上次运行进程的时间?
I can use the following to determine if a process is running, but the application cannot grab the process if it has since stopped.
我可以使用以下内容来确定进程是否正在运行,但如果该进程已停止,则应用程序无法获取该进程。
Process[] process = Process.GetProcessesByName(processName, serverName);
采纳答案by Hans Passant
WMI provides a way to track processes starting and terminating with the Win32_ProcessTrace classes. Best shown with an example. Start a new Console application, Project + Add Reference, select System.Management. Paste this code:
WMI 提供了一种方法来跟踪使用 Win32_ProcessTrace 类启动和终止的进程。最好用一个例子来说明。启动一个新的控制台应用程序,Project + Add Reference,选择 System.Management。粘贴此代码:
using System;
using System.Management;
class Process {
public static void Main() {
ManagementEventWatcher startWatch = new ManagementEventWatcher(
new WqlEventQuery("SELECT * FROM Win32_ProcessStartTrace"));
startWatch.EventArrived += new EventArrivedEventHandler(startWatch_EventArrived);
startWatch.Start();
ManagementEventWatcher stopWatch = new ManagementEventWatcher(
new WqlEventQuery("SELECT * FROM Win32_ProcessStopTrace"));
stopWatch.EventArrived += new EventArrivedEventHandler(stopWatch_EventArrived);
stopWatch.Start();
Console.WriteLine("Press any key to exit");
while (!Console.KeyAvailable) System.Threading.Thread.Sleep(50);
startWatch.Stop();
stopWatch.Stop();
}
static void stopWatch_EventArrived(object sender, EventArrivedEventArgs e) {
Console.WriteLine("Process stopped: {0}", e.NewEvent.Properties["ProcessName"].Value);
}
static void startWatch_EventArrived(object sender, EventArrivedEventArgs e) {
Console.WriteLine("Process started: {0}", e.NewEvent.Properties["ProcessName"].Value);
}
}
Edit the manifestso this program runs elevated. Then simply start some programs to see it at work. Beware that it is not especially quick.
编辑清单,以便此程序运行提升。然后只需启动一些程序即可查看它的工作情况。请注意,它不是特别快。
回答by Dirk Vollmar
You won't be able to do this using the Processclass. However, it should be possible to figure out when an application was last run by configuring audit process tracking in Windows. The following links might get you started:
您将无法使用Process该类来执行此操作。但是,应该可以通过在 Windows 中配置审核进程跟踪来确定应用程序上次运行的时间。以下链接可能会让您入门:
The process tracking will create entries in the Windows event log which you can then access using C#.
进程跟踪将在 Windows 事件日志中创建条目,然后您可以使用 C# 访问这些条目。
