以非管理员身份监控新进程 [英] Monitor new processes as a non-admin

问题描述

关于如何监控进程，这里有一个明确的答案.它就像一个魅力......除了它必须在提升模式下运行，在我的程序上下文中这对我来说是一个明确的非选项.

There is a very clear answer here on how to monitor processes. It works like a charm... except it must be run in elevated mode, which is a definite non-option for me in the context of my program.

我需要做的基本上是监控所有新进程，并将它们与预先确定的列表进行比较.我想这样做而不是简单地使用秒表和轮询任何新进程.

What I need to do is basically monitor all new processes and compare them against a predetermined list. I would like to do this without simply using a stopwatch and polling for any new processes.

有谁知道会引发类似于 ManagementEventWatcher 的事件，不需要以管理员身份运行?

Does anyone know of an event that would be raised similar to the ManagementEventWatcher that doesn't require to be run as administrator?

谢谢！

推荐答案

我遇到了与 OP 相同的问题，但通过提供特定查询设法以非管理员身份使用 ManagementEventWatcher:

I had the same problem as OP but managed to use ManagementEventWatcher as non-admin by providing a specific query:

string queryString = "SELECT * FROM __InstanceCreationEvent WITHIN .025 WHERE TargetInstance ISA 'Win32_Process'";
ManagementEventWatcher managementEventWatcher = new ManagementEventWatcher(@"\\.\root\CIMV2", queryString);
managementEventWatcher.EventArrived += ProcessStartEventArrived;
managementEventWatcher.Start();

WITHIN 是要通知的时间范围.

WITHIN is the timeframe to be notified in.

停止方式相同，但使用 __InstanceDeletionEvent

Stopping is done the same way but using __InstanceDeletionEvent

string queryString = "SELECT * FROM __InstanceDeletionEvent WITHIN .025 WHERE TargetInstance ISA 'Win32_Process'";

这篇关于以非管理员身份监控新进程的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！