确定程序是否已启动

时间:2012-01-31 22:36:49

标签: windows hook

我想开发一个Windows应用程序,它将监视程序是否已启动(比如说windows计算器)以及它使用了多长时间的时间。我知道我可以轮询该过程以查看它是否已开启,但我不确定这是否是最佳解决方案。

我正在考虑全球系统挂钩但是在看了几个小时后,我比起初开始时更加困惑。是否有任何关于如何做我想要的教程或只是一些想法的指针。这是需要全局挂钩还是其他更好的东西?

我不介意使用C#或C ++,所以请随意指出任何相关的教程或文档。

由于

1 个答案:

答案 0 :(得分:0)

检查流程信息(使用轮询)

Process [] processes = Process.GetProcessesByName("notepad");
if(processes.Length > 0)
   processes[0].StartTime;

使用本机Windows(WMI)API注册活动:

using System;
using System.ComponentModel;
using System.Collections;
using System.Globalization;
using System.Management;

namespace WMI.Win32
{
    public delegate void ProcessEventHandler(Win32_Process proc);
    public class ProcessWatcher : ManagementEventWatcher
    {
        // Process Events
        public event ProcessEventHandler ProcessCreated;
        public event ProcessEventHandler ProcessDeleted;
        public event ProcessEventHandler ProcessModified;

        // WMI WQL process query strings
        static readonly string WMI_OPER_EVENT_QUERY = @"SELECT * FROM 
__InstanceOperationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'";
        static readonly string WMI_OPER_EVENT_QUERY_WITH_PROC =
            WMI_OPER_EVENT_QUERY + " and TargetInstance.Name = '{0}'";

        public ProcessWatcher()
        {
            Init(string.Empty);
        }
        public ProcessWatcher(string processName)
        {
            Init(processName);
        }
        private void Init(string processName)
        {
            this.Query.QueryLanguage = "WQL";
            if (string.IsNullOrEmpty(processName))
            {
                this.Query.QueryString = WMI_OPER_EVENT_QUERY;
            }
            else
            {
                this.Query.QueryString =
                    string.Format(WMI_OPER_EVENT_QUERY_WITH_PROC, processName);
            }

            this.EventArrived += new EventArrivedEventHandler(watcher_EventArrived);
        }
        private void watcher_EventArrived(object sender, EventArrivedEventArgs e)
        {
            string eventType = e.NewEvent.ClassPath.ClassName;
            Win32_Process proc = new 
                Win32_Process(e.NewEvent["TargetInstance"] as ManagementBaseObject);

            switch (eventType)
            {
                case "__InstanceCreationEvent":
                    if (ProcessCreated != null) ProcessCreated(proc); break;
                case "__InstanceDeletionEvent":
                    if (ProcessDeleted != null) ProcessDeleted(proc); break;
                case "__InstanceModificationEvent":
                    if (ProcessModified != null) ProcessModified(proc); break;
            }
        }
    }

    // Auto-Generated running: mgmtclassgen Win32_Process /n root\cimv2 /o WMI.Win32
    // Renaming the class from Process to Win32_Process
    public class Win32_Process { ... }
}

// Sample Usage
ProcessWatcher procWatcher = new ProcessWatcher("notepad.exe");
procWatcher.ProcessCreated += new ProcessEventHandler(procWatcher_ProcessCreated);
procWatcher.ProcessDeleted += new ProcessEventHandler(procWatcher_ProcessDeleted);
procWatcher.ProcessModified += new ProcessEventHandler(procWatcher_ProcessModified);
procWatcher.Start();

// Do Work

procWatcher.Stop();
相关问题
最新问题