确定用户或其他进程是否已使用C#打开进程? [英] Determin if a process has been opened by user or other process with C#?
问题描述
我在某些计算机上运行的服务正在向服务器报告。该服务对所有正在运行的进程进行审计,然后检查是否有任何已列入黑名单的进程。如果进程被列入黑名单,该服务将收集名称,用户名,计算机名,启动时和运行时,然后将其发送到服务器。这很好用。
我还想要的是查看进程是否由另一个应用程序而不是用户操作。例如。 Cinema4D(一个3D建模应用程序)启动它的渲染器。这与用户直接打开可执行文件不同。
用法是在考试期间监控学生,以便我们看看他们是否使用禁止软件。这是统计使用,因为候选人使用随机用户名,但如果我们得到很多误报,我们就不能用它作为作弊的文件。
任何感谢帮助!
我尝试了什么:
我'谷歌搜索它,但我没有得到任何相关的答案
I have a service running on some computers, that are reporting to a server. The service takes an audit of all running processes, then checks if any are blacklisted or not. If a process is blacklisted, the service collects name, username, machine-name, start-time and running-time, then sends it to the server. This works fine.
What I would also like, is to see if a process is opebed by another application and not the user. E.G. Cinema4D, (a 3D modeling application), starts it's renderer. Which is not the same as if the user opens the executable directly.
The usage is to monitor students during exams, so that we can see if they use "forbidden" software. It's for statistical usage, as the candidates use random usernames, but if we get a lot of false positives, we can't use it as documentation for cheating.
Any help is appreciated!
What I have tried:
I've googled it but I'm not getting any relevant answers
推荐答案
如果你已经有过程信息,你应该能够得到父进程的PID(例如使用WMI)并使用它来获取通常的进程信息。
我不是很确定但是用户启动的进程应该有 explorer.exe 作为父级(桌面的资源管理器实例)。
考虑到这可能还有其他父母:
- 从内部启动时的另一个Explorer实例。
- A cmd.exe 从shell提示符启动时的实例。
If you already have the process information you should be able to get the PID of the parent process (e.g. using WMI) and use that to get the usual process information.
I'm not absolutely sure but processes started by the user should have explorer.exe as parent (the Explorer instance for the Desktop).
Thinking about it there might be also other parents:
- Another Explorer instance when started from within there.
- A cmd.exe instance when started from a shell prompt.
这篇关于确定用户或其他进程是否已使用C#打开进程?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
