wmi监视进程的创建和结束
程序主要利用wmi异步的方法监视进程的启动和关闭。分别写进两个单独的线程 static void porcessWhater()和 static void processkill()中。在按钮中启动两个线程。希望大家一起学习 指出不足之处。同时调用窗体回调函数显示。
源码
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Management;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
using System.Windows.Forms;
//异步wmi监测进程
namespace ex198
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
static ManualResetEvent lin;
public const int SHOW_PROCESS = 0x500;
public const int SHOW_DELEATE = 0x501;
public static IntPtr main_whandle;
public static string All;
public static string deleateAll;
public static ManagementBaseObject name1;
public static ManagementBaseObject name2;
public static ManagementBaseObject instance2;
public static ManagementBaseObject instance;
[DllImport("User32.dll", EntryPoint = "SendMessage")]
private static extern int SendMessage(
IntPtr hWnd,
int Msg,
int wParam,
int lParam
);
protected override void DefWndProc(ref Message m)
{
switch (m.Msg)
{
case SHOW_PROCESS:
textBox1.AppendText(All+"\r\n");
break;
case SHOW_DELEATE:
textBox1.AppendText(deleateAll + "\r\n");
break;
default:
base.DefWndProc(ref m);
break;
}
}
static void processkill()//进程结束
{
WqlEventQuery queryCreate = new WqlEventQuery("__InstanceDeletionEvent",
new TimeSpan(0, 0, 1),
"TargetInstance ISA \"Win32_Process\"");
ManagementEventWatcher deleteprocess =
new ManagementEventWatcher(queryCreate);
deleteprocess.EventArrived += new EventArrivedEventHandler(DeleteEvent);
deleteprocess.Start();
while (!lin.WaitOne(500))
{
return;
}
deleteprocess.Stop();
}
static void porcessWhater()//进程创建
{
WqlEventQuery queryCreate = new WqlEventQuery("__InstanceCreationEvent",
new TimeSpan(0, 0, 1),
"TargetInstance ISA \"Win32_Process\"");
ManagementEventWatcher whaterQuery =
new ManagementEventWatcher(queryCreate);
whaterQuery.EventArrived += new EventArrivedEventHandler(HandleEvent);
whaterQuery.Start();
while (!lin.WaitOne(500))
{
return;
}
whaterQuery.Stop();
}
static private void DeleteEvent(object sender, EventArrivedEventArgs e)//结束的回调
{
name2 = e.NewEvent;
instance2=(ManagementBaseObject)name2["TargetInstance"];
deleateAll = "进程" + instance2["name"] + "结束";
SendMessage(main_whandle, SHOW_DELEATE, 0, 0);
}
static private void HandleEvent(object sender, EventArrivedEventArgs e)//开启的回调
{
name1 = e.NewEvent;
instance = (ManagementBaseObject)name1["TargetInstance"];
All = "进程:" + instance["name"] + "创建";
SendMessage(main_whandle, SHOW_PROCESS, 0, 0);
}
private void Form1_FormClosing(object sender, FormClosingEventArgs e)
{
lin.Set();
}
private void Form1_Load(object sender, EventArgs e)
{
main_whandle = this.Handle;
}
private void button1_Click(object sender, EventArgs e)
{
lin = new ManualResetEvent(false);
ThreadStart ts = new ThreadStart(porcessWhater);
Thread th = new Thread(ts);
th.IsBackground = true;
th.Start();
ThreadStart bc = new ThreadStart(processkill);
Thread bv = new Thread(bc);
bv.IsBackground = true;
bv.Start();
}
}
}
