Theres the FileSystemWatcher in C# to keep track on files if they edited, created or deleted. Somehow, i also want to track a executionfile - ".exe" - to get like the time of its execution and parameters, which are transfered on the execution.
Is there any class in C# or any programming language, that supports this?
Although there is already a built in feature in windows if that is what you are using. Windows has its own Auditing system with the event viewer.
If you want to make a custom auditing software using C# specifically, here is a link to a framework that could help you out:
https://github.com/thepirat000/Audit.NET
It generates Audit logs in the desired format.
Output extensions are provided to log to JSON Files, Event Log, SQL, MySQL, PostgreSQL, MongoDB, AzureBlob, DocumentDB, Redis, Elasticsearch, DynamoDB, UDP datagrams and more.
Those are some of the available outputs, taken from the README file of the framework.
You can always watch the processes that are running on the current machine, if it helps you. Then you can use ProcessModule.FileName Property to read their executable.
Something like this should do mostly what you describe:
static void Main(string[] args)
{
foreach (var process in Process.GetProcesses())
{
Console.WriteLine($"Process: {GetMainModuleFilepath(process.Id)}");
}
Console.ReadKey();
}
private static string GetMainModuleFilepath(int processId)
{
string wmiQueryString = "SELECT ProcessId, ExecutablePath FROM Win32_Process WHERE ProcessId = " + processId;
using (var searcher = new ManagementObjectSearcher(wmiQueryString))
{
using (var results = searcher.Get())
{
ManagementObject mo = results.Cast<ManagementObject>().FirstOrDefault();
if (mo != null)
{
return (string)mo["ExecutablePath"];
}
}
}
return null;
}
