Home/ Questions/Q 134945
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T06:42:18+00:00

We are trying to develop a small application that can monitor the programs/processes that

  • 0

We are trying to develop a small application that can monitor the programs/processes that are executing in a windows machine.

If the program/process is not supposed to run, it should be blocked. It works similar to an antivirus.

This is the basic idea.

I want to know the ways to hook into the OS to get notified about every single program/process trying to run in the machine.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. The easiest way is to use WMI. Specifically monitor the Win32_ProcessStartTrace. This is better than Win32_Process, because it is setup to use events whereas Win32_Process requires polling which is more CPU intensive. Below is how to do it in C#. First make sure that System.Management is setup as a reference for your project.

        public System.Management.ManagementEventWatcher mgmtWtch;      public Form1()     {         InitializeComponent();         mgmtWtch = new System.Management.ManagementEventWatcher('Select * From Win32_ProcessStartTrace');         mgmtWtch.EventArrived += new System.Management.EventArrivedEventHandler(mgmtWtch_EventArrived);         mgmtWtch.Start();     }      void mgmtWtch_EventArrived(object sender, System.Management.EventArrivedEventArgs e)     {         MessageBox.Show((string)e.NewEvent['ProcessName']);     }      private void Form1_FormClosing(object sender, FormClosingEventArgs e)     {         mgmtWtch.Stop();     }

    The code will generate a messagebox everytime you launch a new process. From there you can check a whitelist/blacklist and act appropriately.

    • 0