stackoom
  简体   繁体   中英

vb.net - managementeventwatcher not capturing a second instance of any process

 原文  2022-02-03 12:08:02       vb.net/ wmi/ multiple-processes/ managementeventwatcher

Question

I've got an application which is watching over executed processes on a device using a managementeventwatcher, like so...

    Dim wmiq As String = "SELECT TargetInstance FROM __InstanceCreationEvent WITHIN  .025 WHERE TargetInstance ISA 'Win32_Process' AND TargetInstance.Name like '%'"
    Dim scope As String = "\\.\root\CIMV2"
    startProcWatcher = New ManagementEventWatcher(scope, wmiq)
    AddHandler startProcWatcher.EventArrived, AddressOf ProcessStarted
    startProcWatcher.Start()

And my handler (just logging for now)...

  Private Shared Sub ProcessStarted(sender As Object, e As EventArrivedEventArgs)
    Dim targetinstance As ManagementBaseObject = e.NewEvent.Properties("TargetInstance").Value
    Dim processname As String = targetinstance.Properties("Name").Value.ToString
    Dim exepath As String = targetinstance.Properties("ExecutablePath").Value.ToString
    Dim thisexeinfo As New FileInfo(exepath)
    If Not ProcessExclusionList.Contains(processname) Then
        MyApp.DoLogging("Process Started : " & processname & "(" & exepath & ")")
    End If

End Sub

This works a treat and I successfully capture the event creation with minimal resource usage (as opposed to Process.GetProcesses(), which was hammering resource,), however I notice that if a second instance of the same process is run. I do not get an event on the second execution.

For example, I can run calculator and my watcher will log calc.exe was executed with all the associated properties. If I then open a second calculator my watcher sees nothing.

I'm guessing I need to modify the WMI query slightly, but my WMI is limited and I'm not struggling.

Can anyone help out with this?

TIA

1 answers

solution1
 1  2022-02-03 15:08:42

The code I posted actually works perfectly for multiple instances of a process, however when I was testing, I used calc and it turns out calc spawns multiple instances of itself all under the same process.

repeating the test with any other executable/process results in the desired behavior.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question VB.Net Open New Form Instance as Separate Process Execute a method on an existing process instance. Vb.Net How to detect is a process has any VISIBLE windows (VB.NET) Capturing value of DataGridView CheckBox in VB.Net Vb.net kill process Child Process VB.NET vb.net multi process VB.net Process Affinity Inserting text before the second last instance of an element in a string VB.net VB.net Update Label Each Second
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM