privatestaticvoidmonitorProcessRuning(string name) { WqlEventQuery processQuery = new WqlEventQuery("__InstanceCreationEvent", new TimeSpan(0, 0, 1), "TargetInstance isa 'Win32_Process' AND TargetInstance.Name = '" + name + "'");
using (var watcher = new ManagementEventWatcher(processQuery)) { watcher.EventArrived += (sender, eventArgs) => { Console.WriteLine("Process [{0}] is running", name); }; watcher.Start();
privatestaticvoidmonitorUserChangeTime(bool kill) { var target = "rundll32.exe"; string arg = "timedate.cpl"; WqlEventQuery processQuery = new WqlEventQuery("__InstanceCreationEvent", new TimeSpan(0, 0, 1), "TargetInstance isa 'Win32_Process' AND TargetInstance.Name = '" + target + "'");
using (var watcher = new ManagementEventWatcher(processQuery)) { watcher.EventArrived += (sender, eventArgs) => { var plist = Process.GetProcessesByName(Path.GetFileNameWithoutExtension(target)); foreach (var p in plist) { using (var searcher = new ManagementObjectSearcher("SELECT CommandLine FROM Win32_Process WHERE ProcessId = " + p.Id)) { var commandLine = new StringBuilder(); foreach (var @object in searcher.Get()) { commandLine.Append(@object["CommandLine"]); commandLine.Append(" "); } if (commandLine.ToString().Contains(arg)) { if (kill) { Console.WriteLine("Killing the process!"); p.Kill(); } else { Console.WriteLine("User is changing the time!"); } } } } }; watcher.Start();
If you did not use the Start method to start a process, the StartInfo property does not reflect the parameters used to start the process. For example, if you use GetProcesses to get an array of processes running on the computer, the StartInfo property of each Process does not contain the original file name or arguments used to start the process.