How can I moitor file which is executed by user or program in window.
I need to write a code to monitor file. When user clicks the file(.exe) or
is called by program, the name of file will be return to a program.
so, excatly, I need to know the name of the executable file that is executed.
originally, I try to windows service + FileSystemWatcher.
but, There are just created, renamed, deleted, and changed four events in
the FileSystemWacher, not excuted.
So, How can I do???????
thanks.
17  2670 
Don't know about your exact requirements, but you could always just monitor
the running processes:
const string unknown = "{unknown}";
foreach(Process p in Process.GetProcesses()) {
int pid = p.Id;
string name = unknown, module = unknown;
try {name = p.ProcessName;} catch {}
try {module = p.MainModule.FileName;} catch {}
Console.WriteLine("{0}: {1} ({2})",pid,name,module);
}
Console.ReadLine();
Of course, you'd need to do this periodically to monitor new items, and
there is a chance short-lived items could slip between your checks. Not
ideal (and personally I don't like it on principle), but it is an option. It
seems a bit of a "big brother" thing to want to do, though...
Marc
"spentun" <sp*****@discussions.microsoft.com> wrote in message
news:B4**********************************@microsof t.com... How can I moitor file which is executed by user or program in window.
I need to write a code to monitor file. When user clicks the file(.exe) or
is called by program, the name of file will be return to a program.
so, excatly, I need to know the name of the executable file that is
executed.
originally, I try to windows service + FileSystemWatcher.
but, There are just created, renamed, deleted, and changed four events in
the FileSystemWacher, not excuted.
So, How can I do???????
thanks.
Hi,
"spentun" <sp*****@discussions.microsoft.com> wrote in message
news:B4**********************************@microsof t.com... How can I moitor file which is executed by user or program in window.
I need to write a code to monitor file. When user clicks the file(.exe) or
is called by program, the name of file will be return to a program.
so, excatly, I need to know the name of the executable file that is
executed.
originally, I try to windows service + FileSystemWatcher.
but, There are just created, renamed, deleted, and changed four events in
the FileSystemWacher, not excuted.
So, How can I do???????
There is no way of doing it
--
Ignacio Machin,
ignacio.machin AT dot.state.fl.us
Florida Department Of Transportation
"spentun" <sp*****@discussions.microsoft.com> wrote in message
news:B4**********************************@microsof t.com...
| How can I moitor file which is executed by user or program in window.
| I need to write a code to monitor file. When user clicks the file(.exe) or
| is called by program, the name of file will be return to a program.
| so, excatly, I need to know the name of the executable file that is
executed.
| originally, I try to windows service + FileSystemWatcher.
| but, There are just created, renamed, deleted, and changed four events in
| the FileSystemWacher, not excuted.
| So, How can I do???????
| thanks.
If you are running XP or higher,you'll can use the System.Management classes
and listen for WMI Win32_ProcessStartTrace events.
Here's a small sample.
using System;
using System.Management;
class App {
public static void Main() {
WqlEventQuery q = new WqlEventQuery( "Win32_ProcessStartTrace");
using(ManagementEventWatcher w = new ManagementEventWatcher(q)){
w.EventArrived += new
EventArrivedEventHandler(ProcessStartEventArrived) ;
w.Start();
Console.ReadLine(); // block this thread for test purposes
w.Stop();
}
}
static void ProcessStartEventArrived(object sender, EventArrivedEventArgs
e) {
//Get the Event object and display it's properties
foreach(PropertyData pd in e.NewEvent.Properties) {
Console.WriteLine("{0} : {1}",pd.Name, pd.Value);
}
}
}
Willy.
but.... why can the antivirus detect the malicious file when we click a
executable file. And, why can FileSystemWatcher know which file was changed,
but can't know which file was executed ????
"Ignacio Machin ( .NET/ C# MVP )" wrote: Hi,
"spentun" <sp*****@discussions.microsoft.com> wrote in message
news:B4**********************************@microsof t.com... How can I moitor file which is executed by user or program in window.
I need to write a code to monitor file. When user clicks the file(.exe) or
is called by program, the name of file will be return to a program.
so, excatly, I need to know the name of the executable file that is
executed.
originally, I try to windows service + FileSystemWatcher.
but, There are just created, renamed, deleted, and changed four events in
the FileSystemWacher, not excuted.
So, How can I do???????
There is no way of doing it
--
Ignacio Machin,
ignacio.machin AT dot.state.fl.us
Florida Department Of Transportation
exactly, I need to know which file was executed in window.
and, I wanna deal with the file (.exe)
It is similar the antivirus. When we click a malicious file (.exe) , then
antivirus can detect it and deal with.
thank you
"Marc Gravell" wrote: Don't know about your exact requirements, but you could always just monitor
the running processes:
const string unknown = "{unknown}";
foreach(Process p in Process.GetProcesses()) {
int pid = p.Id;
string name = unknown, module = unknown;
try {name = p.ProcessName;} catch {}
try {module = p.MainModule.FileName;} catch {}
Console.WriteLine("{0}: {1} ({2})",pid,name,module);
}
Console.ReadLine();
Of course, you'd need to do this periodically to monitor new items, and
there is a chance short-lived items could slip between your checks. Not
ideal (and personally I don't like it on principle), but it is an option. It
seems a bit of a "big brother" thing to want to do, though...
Marc
"spentun" <sp*****@discussions.microsoft.com> wrote in message
news:B4**********************************@microsof t.com... How can I moitor file which is executed by user or program in window.
I need to write a code to monitor file. When user clicks the file(.exe) or
is called by program, the name of file will be return to a program.
so, excatly, I need to know the name of the executable file that is
executed.
originally, I try to windows service + FileSystemWatcher.
but, There are just created, renamed, deleted, and changed four events in
the FileSystemWacher, not excuted.
So, How can I do???????
thanks.
Antivirus applications use kernel space drivers to do their thing, don't
expect to do this kind of thing from user space. Take a look at my other
reply, it shows you how you can achieve your goal using C#.
Willy.
"spentun" <sp*****@discussions.microsoft.com> wrote in message
news:A9**********************************@microsof t.com...
| but.... why can the antivirus detect the malicious file when we click a
| executable file. And, why can FileSystemWatcher know which file was
changed,
| but can't know which file was executed ????
|
| "Ignacio Machin ( .NET/ C# MVP )" wrote:
|
| > Hi,
| >
| > "spentun" <sp*****@discussions.microsoft.com> wrote in message
| > news:B4**********************************@microsof t.com...
| > > How can I moitor file which is executed by user or program in window.
| > > I need to write a code to monitor file. When user clicks the
file(.exe) or
| > > is called by program, the name of file will be return to a program.
| > > so, excatly, I need to know the name of the executable file that is
| > > executed.
| > > originally, I try to windows service + FileSystemWatcher.
| > > but, There are just created, renamed, deleted, and changed four events
in
| > > the FileSystemWacher, not excuted.
| > > So, How can I do???????
| >
| >
| > There is no way of doing it
| >
| >
| >
| > --
| > Ignacio Machin,
| > ignacio.machin AT dot.state.fl.us
| > Florida Department Of Transportation
| >
| >
| >
I got your other reply. thank you very very very very much.
I try your code which can work.
so, now I don't need to use the window service to monitor file. right?
in fact, the project is my thesis in research institute.
I wanna design a anti-spyware software.
so, I need to grap the spyware in real-time
"Willy Denoyette [MVP]" wrote: Antivirus applications use kernel space drivers to do their thing, don't
expect to do this kind of thing from user space. Take a look at my other
reply, it shows you how you can achieve your goal using C#.
Willy.
"spentun" <sp*****@discussions.microsoft.com> wrote in message
news:A9**********************************@microsof t.com...
| but.... why can the antivirus detect the malicious file when we click a
| executable file. And, why can FileSystemWatcher know which file was
changed,
| but can't know which file was executed ????
|
| "Ignacio Machin ( .NET/ C# MVP )" wrote:
|
| > Hi,
| >
| > "spentun" <sp*****@discussions.microsoft.com> wrote in message
| > news:B4**********************************@microsof t.com...
| > > How can I moitor file which is executed by user or program in window.
| > > I need to write a code to monitor file. When user clicks the
file(.exe) or
| > > is called by program, the name of file will be return to a program.
| > > so, excatly, I need to know the name of the executable file that is
| > > executed.
| > > originally, I try to windows service + FileSystemWatcher.
| > > but, There are just created, renamed, deleted, and changed four events
in
| > > the FileSystemWacher, not excuted.
| > > So, How can I do???????
| >
| >
| > There is no way of doing it
| >
| >
| >
| > --
| > Ignacio Machin,
| > ignacio.machin AT dot.state.fl.us
| > Florida Department Of Transportation
| >
| >
| >
and why can't we user kernel space rather than aitivirus can.
the Microsoft accept ???
"Willy Denoyette [MVP]" wrote: Antivirus applications use kernel space drivers to do their thing, don't
expect to do this kind of thing from user space. Take a look at my other
reply, it shows you how you can achieve your goal using C#.
Willy.
"spentun" <sp*****@discussions.microsoft.com> wrote in message
news:A9**********************************@microsof t.com...
| but.... why can the antivirus detect the malicious file when we click a
| executable file. And, why can FileSystemWatcher know which file was
changed,
| but can't know which file was executed ????
|
| "Ignacio Machin ( .NET/ C# MVP )" wrote:
|
| > Hi,
| >
| > "spentun" <sp*****@discussions.microsoft.com> wrote in message
| > news:B4**********************************@microsof t.com...
| > > How can I moitor file which is executed by user or program in window.
| > > I need to write a code to monitor file. When user clicks the
file(.exe) or
| > > is called by program, the name of file will be return to a program.
| > > so, excatly, I need to know the name of the executable file that is
| > > executed.
| > > originally, I try to windows service + FileSystemWatcher.
| > > but, There are just created, renamed, deleted, and changed four events
in
| > > the FileSystemWacher, not excuted.
| > > So, How can I do???????
| >
| >
| > There is no way of doing it
| >
| >
| >
| > --
| > Ignacio Machin,
| > ignacio.machin AT dot.state.fl.us
| > Florida Department Of Transportation
| >
| >
| >
if I wnna run in win2k, the code doesn't work. right?
"Willy Denoyette [MVP]" wrote:
"spentun" <sp*****@discussions.microsoft.com> wrote in message
news:B4**********************************@microsof t.com...
| How can I moitor file which is executed by user or program in window.
| I need to write a code to monitor file. When user clicks the file(.exe) or
| is called by program, the name of file will be return to a program.
| so, excatly, I need to know the name of the executable file that is
executed.
| originally, I try to windows service + FileSystemWatcher.
| but, There are just created, renamed, deleted, and changed four events in
| the FileSystemWacher, not excuted.
| So, How can I do???????
| thanks.
If you are running XP or higher,you'll can use the System.Management classes
and listen for WMI Win32_ProcessStartTrace events.
Here's a small sample.
using System;
using System.Management;
class App {
public static void Main() {
WqlEventQuery q = new WqlEventQuery( "Win32_ProcessStartTrace");
using(ManagementEventWatcher w = new ManagementEventWatcher(q)){
w.EventArrived += new
EventArrivedEventHandler(ProcessStartEventArrived) ;
w.Start();
Console.ReadLine(); // block this thread for test purposes
w.Stop();
}
}
static void ProcessStartEventArrived(object sender, EventArrivedEventArgs
e) {
//Get the Event object and display it's properties
foreach(PropertyData pd in e.NewEvent.Properties) {
Console.WriteLine("{0} : {1}",pd.Name, pd.Value);
}
}
}
Willy.
Nope.
Willy.
"spentun" <sp*****@discussions.microsoft.com> wrote in message
news:BC**********************************@microsof t.com...
| if I wnna run in win2k, the code doesn't work. right?
|
|
| "Willy Denoyette [MVP]" wrote:
|
| >
| > "spentun" <sp*****@discussions.microsoft.com> wrote in message
| > news:B4**********************************@microsof t.com...
| > | How can I moitor file which is executed by user or program in window.
| > | I need to write a code to monitor file. When user clicks the
file(.exe) or
| > | is called by program, the name of file will be return to a program.
| > | so, excatly, I need to know the name of the executable file that is
| > executed.
| > | originally, I try to windows service + FileSystemWatcher.
| > | but, There are just created, renamed, deleted, and changed four events
in
| > | the FileSystemWacher, not excuted.
| > | So, How can I do???????
| > | thanks.
| >
| > If you are running XP or higher,you'll can use the System.Management
classes
| > and listen for WMI Win32_ProcessStartTrace events.
| > Here's a small sample.
| >
| > using System;
| > using System.Management;
| > class App {
| > public static void Main() {
| > WqlEventQuery q = new WqlEventQuery( "Win32_ProcessStartTrace");
| > using(ManagementEventWatcher w = new ManagementEventWatcher(q)){
| > w.EventArrived += new
| > EventArrivedEventHandler(ProcessStartEventArrived) ;
| > w.Start();
| > Console.ReadLine(); // block this thread for test purposes
| > w.Stop();
| > }
| > }
| > static void ProcessStartEventArrived(object sender,
EventArrivedEventArgs
| > e) {
| > //Get the Event object and display it's properties
| > foreach(PropertyData pd in e.NewEvent.Properties) {
| > Console.WriteLine("{0} : {1}",pd.Name, pd.Value);
| > }
| > }
| > }
| >
| > Willy.
| >
| >
| >
one guy told me this. this code can run in win2k
but, it is just detect notepad.exe and a little slow
ManagementEventWatcher watcher;
private void button2_Click(object sender, System.EventArgs e)
{
string query = "select * from __InstanceCreationEvent " +
"within 5 where TargetInstance ISA 'Win32_Process' "+
" and TargetInstance.Name='notepad.exe'";
watcher = new ManagementEventWatcher(query);
watcher.EventArrived += new EventArrivedEventHandler(Display);
watcher.Start();
}
public void Display(object sender, EventArrivedEventArgs e)
{
this.textBox1.Text="notepad start";
}
C# or any other managed code can not be used for driver development,
antivirus products do have parts running as kernel mode drivers.
In short, you won't be able to develop antivirus software in C# only, you
can use C# for the UI part, but that's not key for an antivirus product.
Willy.
"spentun" <sp*****@discussions.microsoft.com> wrote in message
news:D8**********************************@microsof t.com...
| and why can't we user kernel space rather than aitivirus can.
| the Microsoft accept ???
|
| "Willy Denoyette [MVP]" wrote:
|
| > Antivirus applications use kernel space drivers to do their thing, don't
| > expect to do this kind of thing from user space. Take a look at my other
| > reply, it shows you how you can achieve your goal using C#.
| >
| > Willy.
| >
| >
| >
| > "spentun" <sp*****@discussions.microsoft.com> wrote in message
| > news:A9**********************************@microsof t.com...
| > | but.... why can the antivirus detect the malicious file when we click
a
| > | executable file. And, why can FileSystemWatcher know which file was
| > changed,
| > | but can't know which file was executed ????
| > |
| > | "Ignacio Machin ( .NET/ C# MVP )" wrote:
| > |
| > | > Hi,
| > | >
| > | > "spentun" <sp*****@discussions.microsoft.com> wrote in message
| > | > news:B4**********************************@microsof t.com...
| > | > > How can I moitor file which is executed by user or program in
window.
| > | > > I need to write a code to monitor file. When user clicks the
| > file(.exe) or
| > | > > is called by program, the name of file will be return to a
program.
| > | > > so, excatly, I need to know the name of the executable file that
is
| > | > > executed.
| > | > > originally, I try to windows service + FileSystemWatcher.
| > | > > but, There are just created, renamed, deleted, and changed four
events
| > in
| > | > > the FileSystemWacher, not excuted.
| > | > > So, How can I do???????
| > | >
| > | >
| > | > There is no way of doing it
| > | >
| > | >
| > | >
| > | > --
| > | > Ignacio Machin,
| > | > ignacio.machin AT dot.state.fl.us
| > | > Florida Department Of Transportation
| > | >
| > | >
| > | >
| >
| >
| >
"spentun" <sp*****@discussions.microsoft.com> wrote in message
news:04**********************************@microsof t.com...
| one guy told me this. this code can run in win2k
| but, it is just detect notepad.exe and a little slow
|
| ManagementEventWatcher watcher;
| private void button2_Click(object sender, System.EventArgs e)
| {
| string query = "select * from __InstanceCreationEvent " +
| "within 5 where TargetInstance ISA 'Win32_Process' "+
| " and TargetInstance.Name='notepad.exe'";
| watcher = new ManagementEventWatcher(query);
| watcher.EventArrived += new EventArrivedEventHandler(Display);
| watcher.Start();
| }
|
| public void Display(object sender, EventArrivedEventArgs e)
| {
| this.textBox1.Text="notepad start";
| }
|
True, you can use this to trace process start-up, but the problem here is
that polling is used, which makes it possible to miss events.
Note, as I said in another reply, this is not the right code path when your
intention is to write an antivirus application.
Willy.
Could I ask one more issue?
Now, we got the name of the file. so, what is the path of file???? How to
get it?
thank you very very very very much!
Green
"Willy Denoyette [MVP]" wrote:
"spentun" <sp*****@discussions.microsoft.com> wrote in message
news:04**********************************@microsof t.com...
| one guy told me this. this code can run in win2k
| but, it is just detect notepad.exe and a little slow
|
| ManagementEventWatcher watcher;
| private void button2_Click(object sender, System.EventArgs e)
| {
| string query = "select * from __InstanceCreationEvent " +
| "within 5 where TargetInstance ISA 'Win32_Process' "+
| " and TargetInstance.Name='notepad.exe'";
| watcher = new ManagementEventWatcher(query);
| watcher.EventArrived += new EventArrivedEventHandler(Display);
| watcher.Start();
| }
|
| public void Display(object sender, EventArrivedEventArgs e)
| {
| this.textBox1.Text="notepad start";
| }
|
True, you can use this to trace process start-up, but the problem here is
that polling is used, which makes it possible to miss events.
Note, as I said in another reply, this is not the right code path when your
intention is to write an antivirus application.
Willy.
I think I got the solution. Reference the MSDN.
I can use system.diagnostics.processmodule.filename to compare the name in
process pool.
thank you very mcuh!!!
"Willy Denoyette [MVP]" wrote:
"spentun" <sp*****@discussions.microsoft.com> wrote in message
news:04**********************************@microsof t.com...
| one guy told me this. this code can run in win2k
| but, it is just detect notepad.exe and a little slow
|
| ManagementEventWatcher watcher;
| private void button2_Click(object sender, System.EventArgs e)
| {
| string query = "select * from __InstanceCreationEvent " +
| "within 5 where TargetInstance ISA 'Win32_Process' "+
| " and TargetInstance.Name='notepad.exe'";
| watcher = new ManagementEventWatcher(query);
| watcher.EventArrived += new EventArrivedEventHandler(Display);
| watcher.Start();
| }
|
| public void Display(object sender, EventArrivedEventArgs e)
| {
| this.textBox1.Text="notepad start";
| }
|
True, you can use this to trace process start-up, but the problem here is
that polling is used, which makes it possible to miss events.
Note, as I said in another reply, this is not the right code path when your
intention is to write an antivirus application.
Willy.
Hi Willy.
For one thing. I need to say thank you of you to give me a suggestion.
now, I could monitor the file in the system. But I got the file which name
is just 15 letter at most. If the name of .exe file is more then 15. It will
be cut.
ex: if the name of .exe file is "MonitorExFile.exe".
the "e.NewEvent.Properties["ProcessName"].Value" will just get
"MonitorExFile.e"
so, How could I get the full name of file ?
and exactly, I need to get the full path of .exe file. Because I need to
deal with the process of .exe file.
I got a mothed in MSDN in following.
It must create a process , then I could get the full path of file.
but. I just need to deal with the process of file which is monitored by me.
Could get any sugesstion from you?
thank you very much!!
-----------------------------------
Process myProcess = new Process();
// Get the process start information of notepad.
ProcessStartInfo myProcessStartInfo = new ProcessStartInfo("notepad.exe");
// Assign 'StartInfo' of notepad to 'StartInfo' of 'myProcess' object.
myProcess.StartInfo = myProcessStartInfo;
// Create a notepad.
myProcess.Start();
System.Threading.Thread.Sleep(1000);
ProcessModule myProcessModule;
// Get all the modules associated with 'myProcess'.
ProcessModuleCollection myProcessModuleCollection = myProcess.Modules;
Console.WriteLine("File names of the modules associated "
+"with 'notepad' are:");
// Display the 'FileName' of each of the modules.
for( int i = 0;i < myProcessModuleCollection.Count; i++)
{
myProcessModule = myProcessModuleCollection[i];
Console.WriteLine(myProcessModule.ModuleName+" : "
+myProcessModule.FileName);
}
// Get the main module associated with 'myProcess'.
myProcessModule = myProcess.MainModule;
// Display the 'FileName' of the main module.
Console.WriteLine("The process's main module's FileName is: "
+myProcessModule.FileName);
myProcess.CloseMainWindow();
-----------------------------------------------------------------------
"Willy Denoyette [MVP]" wrote:
"spentun" <sp*****@discussions.microsoft.com> wrote in message
news:04**********************************@microsof t.com...
| one guy told me this. this code can run in win2k
| but, it is just detect notepad.exe and a little slow
|
| ManagementEventWatcher watcher;
| private void button2_Click(object sender, System.EventArgs e)
| {
| string query = "select * from __InstanceCreationEvent " +
| "within 5 where TargetInstance ISA 'Win32_Process' "+
| " and TargetInstance.Name='notepad.exe'";
| watcher = new ManagementEventWatcher(query);
| watcher.EventArrived += new EventArrivedEventHandler(Display);
| watcher.Start();
| }
|
| public void Display(object sender, EventArrivedEventArgs e)
| {
| this.textBox1.Text="notepad start";
| }
|
True, you can use this to trace process start-up, but the problem here is
that polling is used, which makes it possible to miss events.
Note, as I said in another reply, this is not the right code path when your
intention is to write an antivirus application.
Willy.
Use the ProcessID property returned to get the process instance and iuse
this one to get the mainmodules file name like:
....
Process proc =
Process.GetProcessById((int)(uint)e.NewEvent.Prope rties["ProcessID"].Value);
string s = proc.MainModule.FileName; // full exe path...
Willy.
"spentun" <sp*****@discussions.microsoft.com> wrote in message
news:5B**********************************@microsof t.com...
| Hi Willy.
| For one thing. I need to say thank you of you to give me a suggestion.
| now, I could monitor the file in the system. But I got the file which name
| is just 15 letter at most. If the name of .exe file is more then 15. It
will
| be cut.
| ex: if the name of .exe file is "MonitorExFile.exe".
| the "e.NewEvent.Properties["ProcessName"].Value" will just get
| "MonitorExFile.e"
|
| so, How could I get the full name of file ?
| and exactly, I need to get the full path of .exe file. Because I need to
| deal with the process of .exe file.
| I got a mothed in MSDN in following.
| It must create a process , then I could get the full path of file.
| but. I just need to deal with the process of file which is monitored by
me.
| Could get any sugesstion from you?
| thank you very much!!
| -----------------------------------
| Process myProcess = new Process();
| // Get the process start information of notepad.
| ProcessStartInfo myProcessStartInfo = new
ProcessStartInfo("notepad.exe");
| // Assign 'StartInfo' of notepad to 'StartInfo' of 'myProcess' object.
| myProcess.StartInfo = myProcessStartInfo;
| // Create a notepad.
| myProcess.Start();
| System.Threading.Thread.Sleep(1000);
| ProcessModule myProcessModule;
| // Get all the modules associated with 'myProcess'.
| ProcessModuleCollection myProcessModuleCollection = myProcess.Modules;
| Console.WriteLine("File names of the modules associated "
| +"with 'notepad' are:");
| // Display the 'FileName' of each of the modules.
| for( int i = 0;i < myProcessModuleCollection.Count; i++)
| {
| myProcessModule = myProcessModuleCollection[i];
| Console.WriteLine(myProcessModule.ModuleName+" : "
| +myProcessModule.FileName);
| }
| // Get the main module associated with 'myProcess'.
| myProcessModule = myProcess.MainModule;
| // Display the 'FileName' of the main module.
| Console.WriteLine("The process's main module's FileName is: "
| +myProcessModule.FileName);
| myProcess.CloseMainWindow();
| -----------------------------------------------------------------------
|
|
| "Willy Denoyette [MVP]" wrote:
|
| >
| > "spentun" <sp*****@discussions.microsoft.com> wrote in message
| > news:04**********************************@microsof t.com...
| > | one guy told me this. this code can run in win2k
| > | but, it is just detect notepad.exe and a little slow
| > |
| > | ManagementEventWatcher watcher;
| > | private void button2_Click(object sender, System.EventArgs e)
| > | {
| > | string query = "select * from __InstanceCreationEvent " +
| > | "within 5 where TargetInstance ISA 'Win32_Process' "+
| > | " and TargetInstance.Name='notepad.exe'";
| > | watcher = new ManagementEventWatcher(query);
| > | watcher.EventArrived += new EventArrivedEventHandler(Display);
| > | watcher.Start();
| > | }
| > |
| > | public void Display(object sender, EventArrivedEventArgs e)
| > | {
| > | this.textBox1.Text="notepad start";
| > | }
| > |
| >
| > True, you can use this to trace process start-up, but the problem here
is
| > that polling is used, which makes it possible to miss events.
| > Note, as I said in another reply, this is not the right code path when
your
| > intention is to write an antivirus application.
| >
| > Willy.
| >
| >
| >
| >
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: KJM |
last post by:
How can I detect if the user has dual monitors and then how do I control
which monitor a form is displayed on. Currently my forms always come up on
my right monitor. What if I want to have it...
|
by: Bill Burwell |
last post by:
I am converting a VB6 WebClass application to VB.Net. Used the VB upgrade
tool to do the conversion - and it left me a lot of little code things to
do. Did those code things and got my app to...
|
by: Omid |
last post by:
Hi.
I have problems when I try to redirect everything that is sent to cout
to a file.
I have one piece of code that works and one that does not work.
The only difference is which headers I use....
|
by: sonic_soul |
last post by:
Hi,
Is there a way to monitor a newly opepend child window with opener,
even when the page keeps reloading ?
Say window A opens window B and gives it a name/handle "myWindow".
At this point...
|
by: Jack David |
last post by:
Using the code below I am able to monitor a single directory for a new file
and then kick-off a process to deal with the file. The question is??? How
would I modify this code to be able to monitor...
|
by: Mike |
last post by:
I have a program which runs in a dos window. That program generates output and
writes it to the dos window as well as piping it to a text file.
I would like to be able to monitor the window or...
|
by: Jim Hubbard |
last post by:
Is it possible to emulate a monitor (create a virtual monitor) using vb.net?
Any code snippets or pointers to helpful articles would be very much
appreciated.
|
by: Clark Sann |
last post by:
Can someone help me understand what object should be used as the lock
object? I've seen some programs that use Monitor.Enter(Me). Then, in those
same programs, they sometimes use another object. ...
|
by: nanban4u |
last post by:
Hi,
Programming Language - HTML, JavaScript
Web server : IIS 6
Browser : IE 6 +
I am working in a Dual Monitor screen setup. I have a scenario some times the user move the IE screen from...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
