如何识别无响应的过程?
[英]How to identify an unresponsive process?
问题描述
I am refactoring a custom process monitoring application for a client that is deployed in Windows Server 2008 R2 and Windows Server 2012 environments. 
我正在为在Windows Server 2008 R2和Windows Server 2012环境中部署的客户端重构自定义过程监视应用程序。
The monitoring application needs to identify crashed, unresponsive processes (identified as "Not Responding" in the Task Manager), forcefully kill them and restart. 监视应用程序需要识别崩溃的无响应进程(在任务管理器中标识为“无响应”),强行杀死它们并重新启动。 The processes monitored can be either Console or Win32-based applications, predominantly Console-based. 监视的进程可以是基于控制台的应用程序,也可以是基于Win32的应用程序,主要是基于控制台的应用程序。
The Process.Responding property is of no use in this particular occasion as it determines if the UI is responding (potentially using a similar method "under the hood" as the one below to update this property). 在此特定情况下, Process.Responding属性没有用,因为它确定UI是否正在响应(可能使用与下面类似的“幕后”方法来更新此属性)。
The IsHungAppWindow method is also of no use if it were imported as the Console-based applications do not fulfill the following criteria: 如果导入了IsHungAppWindow方法,因为基于控制台的应用程序不满足以下条件,则该方法也没有用:
An application is considered to be not responding if it is not waiting for input, is not in startup processing, and has not called PeekMessage within the internal timeout period of 5 seconds.
The Status property of the Win32_Process WMI class is of no use were I monitoring processes using the WMI system classes since: 如果我监视使用WMI系统类的进程,则Win32_Process WMI类的Status属性没有用:
This property is not implemented and does not get populated for any instance of this class.
The ExecutionState property of the Win32_Process WMI class is of no use as it appears not to be implemented also. Win32_Process WMI类的ExecutionState属性没有用,因为它似乎也未实现。 Although not explicitly stated, after running local tests it repeatedly returns NULL and a third party indicates this. 尽管没有明确说明,但在运行本地测试后,它会反复返回NULL , 并由第三方指示。
How can I reasonably determine whether or not processes are unresponsive? 如何合理确定进程是否无响应?
1 个解决方案
解决方案1
2 2016-02-10 12:20:17
The best answer and solution I can determine is to monitor Application Error and Application Hang events from the Windows Event Viewer Application log. 我能确定的最佳答案和解决方案是从Windows事件查看器应用程序日志中监视Application Error和Application Hang事件。
As of .NET 3.5, a handy class was implemented to avoid reading and filtering the entire event logs: EventLogWatcher allowing to watch for specific events instead. 从.NET 3.5开始,实现了一个方便的类,以避免读取和过滤整个事件日志: EventLogWatcher允许监视特定事件。
Here is a very basic example, filtering by EventID , Level and ApplicationName using an XPath query: 这是一个非常基本的示例,使用XPath查询按EventID , Level和ApplicationName进行过滤:
using System.Globalization;
using System.Diagnostics.Eventing.Reader;
EventLogQuery filter = new EventLogQuery("Application", PathType.LogName, "Event[System[Level=2 and (EventID = 1000 or EventID = 1002)] and EventData[Data[1] = \"example.exe\"]]")
EventLogWatcher watcher = new EventLogWatcher(filter);
watcher.EventRecordWritten += Watcher_ApplicationError; // Register our handler
watcher.Enabled = true; // Start delivering events to the handler
private void Watcher_ApplicationError(object sender, EventRecordWrittenEventArgs e)
{
String rawId = e.EventRecord.Properties[8].Value.ToString(); // Faulting process id
Int32 id = -1;
if (!Int32.TryParse(rawId, out id)) // If not integer, possibly hexadecimal
{
if (!Int32.TryParse(rawId, NumberStyles.HexNumber, CultureInfo.InvariantCulture, out id)
return; // Unable to read the process id successfully
}
Process unresponsive = Process.GetProcessById(id); // Get the unresponsive process
unresponsive.Kill(); // Kill it
}
This can easily be expanded upon to filter by the fully qualified, faulty application execution path Properties[10] . 这可以很容易地扩展到完全合格的错误应用程序执行路径Properties[10]进行过滤。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.