如何检测我的应用程序是否在命令提示符下被TASKKILL终止?
[英]How to detect my application is terminated by TASKKILL in Command Prompt?
问题描述
My purpose want to catch TASKKILL event in Command Prompt, and use this event. 
我的目的是在命令提示符下捕获TASKKILL事件,并使用此事件。
Maybe, I think need to use kernel32.dll but I can't find a handler for this. 也许,我认为需要使用kernel32.dll但我找不到为此的处理程序。
[DllImport("kernel32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool TerminateProcess(IntPtr hProcess, uint uExitCode);
Update 更新资料
Follow ways @Ben Voigt suggest: 遵循@Ben Voigt建议的方法:
_Using WMI: _使用WMI:
Step 1: Run the command mgmtclassgen Win32_Process /n root\\cimv2 /o WMI.Win32 to generate the class Process . 步骤1:运行命令mgmtclassgen Win32_Process /n root\\cimv2 /o WMI.Win32生成类Process 。 And then renaming the class Process to Win32_Process . 然后将类Process重命名为Win32_Process 。
http://notepad.cc/share/3SQfeJgEQR http://notepad.cc/share/3SQfeJgEQR
Step 2: Create a class with name ProcessWatcher 步骤2:创建一个名称为ProcessWatcher的类
http://notepad.cc/share/UIR1Tw5twy http://notepad.cc/share/UIR1Tw5twy
Step 3: Using this class with while loop for waiting my application status. 步骤3:将此类与while循环一起使用while以等待我的应用程序状态。 This is easy way but not my choice. 这是简单的方法,但不是我的选择。
http://notepad.cc/share/JXLGogGbai http://notepad.cc/share/JXLGogGbai
_Using Window Hook: _使用窗钩:
[DllImport("kernel32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool DuplicateHandle(IntPtr hSourceProcessHandle,
ushort hSourceHandle, IntPtr hTargetProcessHandle, out IntPtr lpTargetHandle,
uint dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, uint dwOptions);
But TerminateProcess and DuplicateHandle , I can't find a handler for this. 但是TerminateProcess和DuplicateHandle ,我找不到为此的处理程序。
1 个解决方案
解决方案1
2 已采纳 2014-11-03 01:21:26
From some other process, which we shall call the watchdog, you must get a handle to the process you will monitor for termination (the target process). 从其他流程(我们将其称为看门狗)中,您必须获得要监视其终止的流程(目标流程)的句柄。 You can have a handle created using DuplicateHandle and communicated via an IPC mechanism. 您可以使用DuplicateHandle创建一个句柄,并通过IPC机制进行通信。 If you know the PID of the target process, you can use OpenProcess or System.Diagnostics.Process.GetProcessById . 如果知道目标进程的PID,则可以使用OpenProcess或System.Diagnostics.Process.GetProcessById 。 If the target process is spawned by the watchdog, you get a handle from CreateProcess or System.Diagnostics.Process.Start . 如果目标进程是由看门狗生成的,则可以从CreateProcess或System.Diagnostics.Process.Start获得句柄。 Or you can enumerate running processes, for example using System.Diagnostics.Process.GetProcessesByName . 或者,您可以枚举正在运行的进程,例如使用System.Diagnostics.Process.GetProcessesByName 。
In any case, once you have a handle to the process, you can pass it to one of the wait functions such as WaitForSingleObject , WaitForMultipleObjects , or MsgWaitForMultipleObjectsEx . 无论如何,一旦有了处理的句柄,就可以将其传递给等待函数之一,例如WaitForSingleObject , WaitForMultipleObjects或MsgWaitForMultipleObjectsEx 。 When the process ceases running, for example because TASKKILL terminated it, the process handle becomes signaled and the wait will complete. 当进程停止运行时(例如由于TASKKILL终止了进程),进程句柄将发出信号,并且等待将完成。
If you use the .NET Process class and its WaitForExit method, be aware that unlike the Win32 wait functions, there is no multi-handle version; 如果您使用.NET Process类及其WaitForExit方法,请注意,与Win32等待函数不同,它没有多句柄版本。 you'll need to dedicate an entire thread. 您需要专用于整个线程。
A possibly easier way is to use WMI and subscribe to process events. 一种可能更简单的方法是使用WMI并订阅过程事件。 I tend not to use WMI myself, but it could be useful if you don't have a parent/child relationship between watchdog and target, making the handle otherwise difficult to get. 我一般不会自己使用WMI,但是如果您在看门狗和目标之间没有父/子关系,则可能很有用,否则将很难获得该句柄。 You can read about it on this blog: 您可以在此博客上阅读有关它的信息:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.