连接到正在运行的进程以监视其状态
[英]Hooking into a running process to monitor its status
问题描述
I'm new to C# hooking and am looking for a little information on where to do my research. 
我是C#钩子的新手,正在寻找有关在哪里进行研究的一些信息。 I figured there are some folks here who may have done this before that might have a good idea of where to start! 我认为这里有些人可能已经做过这件事,然后才知道从哪里开始!
My overall goal is simple- to create a C# application, if possible, that can search the current running processes on a machine for one matching a certain name (we can assume for this situation that it is unique, only 1 process of that name) and "hook" into the process. 我的总体目标很简单-创建一个C#应用程序,如果可能的话,可以在计算机上当前正在运行的进程中搜索与某个名称匹配的一个(在这种情况下,我们可以假设它是唯一的,只有一个该名称的进程)并“挂钩”到流程中。 The goal would be to watch for that process to get hung up. 目的是要注意该过程是否挂断。 If it crashes, freezes, or generally has any bad health event that windows is capable of detecting, I'd like to be able to find out about it. 如果它崩溃,死机或通常具有Windows能够检测到的任何不良运行状况事件,我希望能够找到它。 Then, based on what it sees, it does other stuff. 然后,根据看到的内容执行其他操作。
I was able to do something similar in Python 2.7 using Pai Mei, but that project has been long abandoned and I've grown rather fond of C# in the recent years. 我可以使用Pai Mei在Python 2.7中执行类似的操作,但是该项目长期以来一直被放弃,并且近年来我对C#越来越喜欢。
So: Does this sound like something that is possible in C#? 因此:这听起来像C#中可能的事情吗? If so, does anyone have a good suggestion on where I can find some information on it? 如果是这样,是否有人对我在哪里可以找到一些信息有很好的建议? And finally, does anyone have some example code laying around they might be willing to share on the topic? 最后,是否有人愿意在这个主题上分享一些示例代码? =D = d
Thank you! 谢谢!
1 个解决方案
解决方案1
1 已采纳 2013-12-16 21:36:46
ManagementEventWatcher might be helpful to starts with. ManagementEventWatcher首先可能会有所帮助。 However, the complexity would be on how do you write or tune your WMI queries. 但是,复杂度取决于如何编写或调整WMI查询。
I don't own the following code and is been nicked from somewhere. 我不拥有以下代码,因此从某个地方被昵称。
using System;
using System.Management;
class Process {
public static void Main() {
ManagementEventWatcher startWatch = new ManagementEventWatcher(
new WqlEventQuery("SELECT * FROM Win32_ProcessStartTrace"));
startWatch.EventArrived += new EventArrivedEventHandler(startWatch_EventArrived);
startWatch.Start();
ManagementEventWatcher stopWatch = new ManagementEventWatcher(
new WqlEventQuery("SELECT * FROM Win32_ProcessStopTrace"));
stopWatch.EventArrived += new EventArrivedEventHandler(stopWatch_EventArrived);
stopWatch.Start();
Console.WriteLine("Press any key to exit");
while (!Console.KeyAvailable) System.Threading.Thread.Sleep(50);
startWatch.Stop();
stopWatch.Stop();
}
static void stopWatch_EventArrived(object sender, EventArrivedEventArgs e) {
Console.WriteLine("Process stopped: {0}", e.NewEvent.Properties["ProcessName"].Value);
}
static void startWatch_EventArrived(object sender, EventArrivedEventArgs e) {
Console.WriteLine("Process started: {0}", e.NewEvent.Properties["ProcessName"].Value);
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.