16

I have a good working experience with C# but now I want to develop a simple(may be a console app) software which just detects the name and time of the process started or ended on my computer.

For example (I am assuming that my small app is already running) if a user opens Firefox then it should just insert firefox.exe into a database with time and if a user close it then it also do the same.

And same as above if a user open notepad then it should insert notepad.exe with time and so on.

I know how to insert values in database but I just need your help in identifying when the process/program starts or ends on my system.

Honestly saying I never developed this kind of application before so i have no idea that it can be possible using console app or i need to make a windows service app etc.

So please provide your answer just considering me as a beginner.

In the part of C# I am able to understand it so need to worry about that.

I am using visual studio 2010 with .net 4.0.

svarog
  • 9,477
  • 4
  • 61
  • 77
Peeyush
  • 4,728
  • 16
  • 64
  • 92

1 Answers1

24

To do this without polling requires WMI. This is well supported in .net and you can use the ManagementEventWatcher class to subscribe to WMI notifications.

This Code Project article illustrates how it is done. Here's an extract showing how straightforward it is.

notePad = new ProcessInfo("notepad.exe");
notePad.Started +=
    new Win32Process.ProcessInfo.StartedEventHandler(this.NotepadStarted);
notePad.Terminated +=
    new Win32Process.ProcessInfo.TerminatedEventHandler(this.NotepadTerminated);

Note that ProcessInfo is a class implemented in the code attached to that article.

David Heffernan
  • 601,492
  • 42
  • 1,072
  • 1,490
  • 1
    Does anyone know how expensive this watching of processes (i.e. query every 2s) actually is? I will write a windows service doing some stuff as soon as an application is started, but do not want to slow down working with the computer. – Kevkong Jul 27 '13 at 03:03
  • @Kevkong What do you mean "query every 2s"? That sounds like polling. What's described above is not polling. – David Heffernan Jul 27 '13 at 07:54
  • 3
    If you take a look into the sourcecode of ProcessInfo it sure looks like polling to me and that is the reason why I asked. Even the authors comment states that: "//querry every 2 seconds string pol = "2";" – Kevkong Jul 27 '13 at 14:04
  • The mentioned article describes how to observe process with particular name. But what if I want to observe for every process that runs on my computer? – Anatolii Humennyi Feb 16 '14 at 16:45
  • 1
    @Anatolli That cannot be answered in a comment if you cannot find an existing question, ask one yourself. – David Heffernan Feb 16 '14 at 16:48
  • 2
    Just tried the link. It's alive. Also Kevkong is right. It used polling. But it checked the existence of process via WMI rather than looping through processes using code like foreach (var p in Process.GetProcessesByName("foo"). Maybe in that way it consumed less resource. – Silent Sojourner Jul 11 '16 at 15:31
  • I didn't know comment cannot be edited after 5 minutes. So has to make another comment. I didn't actually tested the performance of the above solution, but according to this aritcle [link](http://stackoverflow.com/questions/345199/wmi-process-watching-uses-too-much-cpu-any-better-method) it does affect performance. – Silent Sojourner Jul 11 '16 at 15:47
  • Please consider posting the code straight into the post in the event the blog ever goes down – Lars Dormans Dec 21 '20 at 13:30