Home/ Questions/Q 8402419
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T22:03:29+00:00

I am trying to create an app which monitors for process creation/termination and logs

  • 0

I am trying to create an app which monitors for process creation/termination and logs the amount of time it executed and its frequency which is finally being logged in mysql db. The problem that I am facing is that, I am using Win32_ProcessStartTrace and Win32_ProcessStopTrace for monitoring. As soon a process is created, its commandline is being queried using Win32_Process. There seems to be a “lag” between Process creation and the querying of its commandline for those processes which exit quickly so I can’t get the commandline.

Is there any way of getting this done?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This code watches for new processes starting and prints the command line used:

    using System;
using System.Management;

namespace ConsoleApplication1
{
    class Program
    {
        static void Main(string[] args)
        {
            new Test().Run();
            Console.ReadLine();
        }
    }

    internal class Test
    {
        public void Run()
        {
            ProcessWatcher procWatcher = new ProcessWatcher();
            procWatcher.Start();
        }

        private class ProcessWatcher : ManagementEventWatcher
        {
            private const string wql = 
                   @"SELECT * FROM __InstanceCreationEvent WITHIN 1
                     WHERE TargetInstance ISA 'Win32_Process'";

            public ProcessWatcher()
            {
                this.Query.QueryLanguage = "WQL";
                this.Query.QueryString = wql;
                this.EventArrived += newProcessStarted;
            }

            private void newProcessStarted(object sender, 
                                           EventArrivedEventArgs e)
            {
                var process = e.NewEvent["TargetInstance"] 
                              as ManagementBaseObject;

                if (process != null)
                {
                    var cmdLine = process.Properties["CommandLine"].Value;
                    Console.WriteLine(cmdLine);
                }
            }
        }
    }
}
    • 0