如果 任何 (不是特定程序)正在运行新进程,我想显示一个MessageBox。例如:
任何程序都已运行
运行任何程序时,都会显示一个MessageBox并显示New process!
这是怎么做的?
很抱歉,这个问题缺少细节。真的没什么可添加的。
答案 0 :(得分:2)
您可以为此使用WMI(Windows管理规范)。它提供Win32_ProcessStartTrace和Win32_ProcessStopTrace事件,以检测进程何时开始/终止。
在执行任何操作之前,您需要添加对托管WMI库的引用。在Solution Explorer中右键单击您的项目,然后按Add Reference...。然后转到.NET标签,选择System.Management并按OK。
Imports System.Management
Public Class Form1
Dim WithEvents ProcessStartWatcher As New ManagementEventWatcher(New WqlEventQuery("SELECT * FROM Win32_ProcessStartTrace"))
Dim WithEvents ProcessStopWatcher As New ManagementEventWatcher(New WqlEventQuery("SELECT * FROM Win32_ProcessStopTrace"))
Private Sub Form1_Load(sender As Object, e As System.EventArgs) Handles MyBase.Load
ProcessStartWatcher.Start()
ProcessStopWatcher.Start()
End Sub
Private Sub Form1_FormClosing(sender As Object, e As System.Windows.Forms.FormClosingEventArgs)
ProcessStartWatcher.Stop()
ProcessStopWatcher.Stop()
End Sub
Private Sub ProcessStartWatcher_EventArrived(sender As Object, e As System.Management.EventArrivedEventArgs) Handles ProcessStartWatcher.EventArrived
Dim ProcessName As String = e.NewEvent.Properties("ProcessName").Value
Dim PID As Integer = e.NewEvent.Properties("ProcessID").Value
MessageBox.Show(String.Format("Process ""{0}"" with ID {1} started.", ProcessName, PID))
End Sub
Private Sub ProcessStopWatcher_EventArrived(sender As Object, e As System.Management.EventArrivedEventArgs) Handles ProcessStopWatcher.EventArrived
Dim ProcessName As String = e.NewEvent.Properties("ProcessName").Value
Dim PID As Integer = e.NewEvent.Properties("ProcessID").Value
MessageBox.Show(String.Format("Process ""{0}"" with ID {1} stopped.", ProcessName, PID))
End Sub
End Class
这会在几秒钟后进行轮询,因此,如果您认为这太慢了,可以改为轮询__InstanceCreationEvent和__InstanceDeletionEvent事件,从而可以指定轮询间隔:
Const PollingInterval As Double = 2.0 'Seconds.
Dim WithEvents ProcessStartWatcher As New ManagementEventWatcher(New WqlEventQuery("SELECT * FROM __InstanceCreationEvent WITHIN " & PollingInterval & " WHERE TargetInstance ISA 'Win32_Process'"))
Dim WithEvents ProcessStopWatcher As New ManagementEventWatcher(New WqlEventQuery("SELECT * FROM __InstanceDeletionEvent WITHIN " & PollingInterval & " WHERE TargetInstance ISA 'Win32_Process'"))
(...form code...)
Private Sub ProcessStartWatcher_EventArrived(sender As Object, e As System.Management.EventArrivedEventArgs) Handles ProcessStartWatcher.EventArrived
Dim ProcessName As String = CType(e.NewEvent.Properties("TargetInstance").Value, ManagementBaseObject)("Name")
Dim PID As Integer = CType(e.NewEvent.Properties("TargetInstance").Value, ManagementBaseObject)("ProcessId")
MessageBox.Show(String.Format("Process ""{0}"" with ID {1} started.", ProcessName, PID))
End Sub
Private Sub ProcessStopWatcher_EventArrived(sender As Object, e As System.Management.EventArrivedEventArgs) Handles ProcessStopWatcher.EventArrived
Dim ProcessName As String = CType(e.NewEvent.Properties("TargetInstance").Value, ManagementBaseObject)("Name")
Dim PID As Integer = CType(e.NewEvent.Properties("TargetInstance").Value, ManagementBaseObject)("ProcessId")
MessageBox.Show(String.Format("Process ""{0}"" with ID {1} stopped.", ProcessName, PID))
End Sub
重要提示::WMI轮询会占用大量CPU,因此请不要设置太短的间隔。
答案 1 :(得分:-1)
使用WMI(Windows管理规范)接收有关进程创建的事件。在这些传入事件上显示您的MessageBox。