Monitor Process Start in the System

Monitor when an exe is launched

From this article, you can use WMI (the System.Management namespace) in your service to watch for process start events.

 void WaitForProcess()
{
    ManagementEventWatcher startWatch = new ManagementEventWatcher(
      new WqlEventQuery("SELECT * FROM Win32_ProcessStartTrace"));
    startWatch.EventArrived
                        += new EventArrivedEventHandler(startWatch_EventArrived);
    startWatch.Start();

    ManagementEventWatcher stopWatch = new ManagementEventWatcher(
      new WqlEventQuery("SELECT * FROM Win32_ProcessStopTrace"));
    stopWatch.EventArrived
                        += new EventArrivedEventHandler(stopWatch_EventArrived);
    stopWatch.Start();
}

  static void stopWatch_EventArrived(object sender, EventArrivedEventArgs e) {
    stopWatch.Stop();
    Console.WriteLine("Process stopped: {0}"
                      , e.NewEvent.Properties["ProcessName"].Value);
  }

  static void startWatch_EventArrived(object sender, EventArrivedEventArgs e) {
    startWatch.Stop();
    Console.WriteLine("Process started: {0}"
                      , e.NewEvent.Properties["ProcessName"].Value);
  }
}

WMI allows for fairly sophisticated queries; you can modify the queries here to trigger your event handler only when your watched app launches, or on other criteria. Here's a quick introduction, from a C# perspective.

How to detect a process start & end using c# in windows?

To do this without polling requires WMI. This is well supported in .net and you can use the ManagementEventWatcher class to subscribe to WMI notifications.

This Code Project article illustrates how it is done. Here's an extract showing how straightforward it is.

notePad = new ProcessInfo("notepad.exe");
notePad.Started +=
    new Win32Process.ProcessInfo.StartedEventHandler(this.NotepadStarted);
notePad.Terminated +=
    new Win32Process.ProcessInfo.TerminatedEventHandler(this.NotepadTerminated);

Note that ProcessInfo is a class implemented in the code attached to that article.

Start process on specific screen

We created a similar solution not to long ago using the user32.dll's SetWindowPos. While it does not open the program on the desired window, it takes a couple of milliseconds to do so, so not really an issue for your requirement!

You can have a look at the following gist:

https://gist.github.com/reinhardholl/013a7c3fa319beeaf534#file-display-cs

Pay specific attention to the Display class:

    private void ShowAppOnDisplay(App app)
    {
        SetWindowPos(app.Process.MainWindowHandle, 0, _screen.WorkingArea.Left, _screen.WorkingArea.Top, _screen.WorkingArea.Width, _screen.WorkingArea.Height, SWP_SHOWWINDOW);
    }

Let me know if you require some more help!

Is there a system event when a process is created?

Rust can't do anything that the OS doesn't already provide, and Rust doesn't have its own runtime, so you can just use whatever the OS offers.

When there isn't already a crate for some thing, the problem boils down to: How would you do that in C? Find answer to that, and then use Rust's FFI (or some lower-level sys crate like winapi to call that.

.NET Process Monitor

WMI provides a way to track processes starting and terminating with the Win32_ProcessTrace classes. Best shown with an example. Start a new Console application, Project + Add Reference, select System.Management. Paste this code:

using System;
using System.Management;

class Process {
  public static void Main() {
    ManagementEventWatcher startWatch = new ManagementEventWatcher(
      new WqlEventQuery("SELECT * FROM Win32_ProcessStartTrace"));
    startWatch.EventArrived += new EventArrivedEventHandler(startWatch_EventArrived);
    startWatch.Start();
    ManagementEventWatcher stopWatch = new ManagementEventWatcher(
      new WqlEventQuery("SELECT * FROM Win32_ProcessStopTrace"));
    stopWatch.EventArrived += new EventArrivedEventHandler(stopWatch_EventArrived);
    stopWatch.Start();
    Console.WriteLine("Press any key to exit");
    while (!Console.KeyAvailable) System.Threading.Thread.Sleep(50);
    startWatch.Stop();
    stopWatch.Stop();
  }

  static void stopWatch_EventArrived(object sender, EventArrivedEventArgs e) {
    Console.WriteLine("Process stopped: {0}", e.NewEvent.Properties["ProcessName"].Value);
  }

  static void startWatch_EventArrived(object sender, EventArrivedEventArgs e) {
    Console.WriteLine("Process started: {0}", e.NewEvent.Properties["ProcessName"].Value);
  }
}

Edit the manifest so this program runs elevated. Then simply start some programs to see it at work. Beware that it is not especially quick.


Related Topics

How to Write a Comment to an Xml File When Using the Xmlserializer

How to Access Gmail API Using Service Account

How to Get Modified Date from File in C# on Windows Mobile

Accessing UI Controls in Task.Run with Async/Await on Winforms

Pass Two Models to View

Opening Process and Changing Window Position

How to Get Csc.Exe Path

Displaying Tooltip on Mouse Hover of a Text

How to Print a Text File on Thermal Printer Using Printdocument

How to Use Multi Color in Richtextbox

How to Remove Numbers from String Using Regex.Replace

How to Create a New Operator in C#

Convert Anonymous Type to Class

How to Change My New List Without Changing the Original List

C# Parameterized Queries for Oracle - Serious & Dangerous Bug!

Error "This Stream Does Not Support Seek Operations" in C#

How to Read the Current Path of |Datadirectory| from Config Settings

Comparing 2 Objects and Retrieve a List of Fields with Different Values


Leave a reply



Submit