如何监控用户正在执行的应用程序
[英]How to monitor apps which are being executed by user
问题描述
I want to create an application/service to monitor user activity, especially to log every application that user is running.
我想创建一个应用程序/服务来监视用户活动,尤其是记录用户正在运行的每个应用程序。
Is this possible in c#?这在 c# 中是否可行? I think not.我想不是。 So how to do this in c++ and winapi?那么如何在 c++ 和 winapi 中做到这一点呢? I don't want whole solution because it's surely complicated.我不想要完整的解决方案,因为它肯定很复杂。 Give me an advice only.只给我一个建议。
Thanks!谢谢!
3 个解决方案
解决方案1
1 已采纳
You could write a DLL that hooks CreateProcessW.您可以编写一个挂钩 CreateProcessW 的 DLL。 In this hook, you would (a) do what you want to do when a process is spawned, and (b) inject itself into the new process.在这个钩子中,您将 (a) 在生成进程时执行您想要执行的操作,并且 (b) 将自身注入到新进程中。
Then, inject the DLL into all currently running processes.然后,将 DLL 注入所有当前正在运行的进程中。
EDIT: My answer to another related question should help you.编辑:我对另一个相关问题的回答应该对您有所帮助。
解决方案2
0 2011-08-11 07:26:04
Have a look here http://msdn.microsoft.com/en-us/library/1f3ys1f9.aspx看看这里http://msdn.microsoft.com/en-us/library/1f3ys1f9.aspx
This will give you all processes running on the local computer.这将为您提供在本地计算机上运行的所有进程。
To get processes that have a window do:要获取具有 window 的进程,请执行以下操作:
var procWithWindow = from proc in Process.GetProcesses()
where IntPtr.Zero != proc.MainWindowHandle
select proc;
解决方案3
0 2011-08-11 07:26:51
Management.ManagementObjectSearcher Processes = new Management.ManagementObjectSearcher("SELECT * FROM Win32_Process");
foreach (Management.ManagementObject Process in Processes.Get())
{
if (Process.Item("ExecutablePath") != null)
{
string ExecutablePath = Process.Item("ExecutablePath").ToString();
string[] OwnerInfo = new string[2];
Process.InvokeMethod("GetOwner", (object[])OwnerInfo);
// do something
}
}
The process owner will be available in the OwnerInfo string array.流程所有者将在OwnerInfo字符串数组中可用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.