如何监视应用程序被打开？ [英] How to monitor that an application is opened?

问题描述

我实施了需要记录的节目的用户打开在PC上的姓名和次桌面分析应用。这是一个C＃（WPF）应用程序，当用户登录并运行没有用户界面启动。对于诸如Word或IE浏览器程序，将同时拍摄他们正在查看哪些文件或URL。

I'm implementing a desktop analytics application that needs to record the names and times of programs a user opens on the PC. It's a C# (WPF) application that starts when the user logs on and runs without a UI. For programs such as Word or IE it would also capture what document or Url they are viewing.

目前我有一个有效的解决方案如下：

Currently I have a working solution as follows:

安装Windows钩子的鼠标。当事件触发我使用P-Invoke来GetForegroundWindow，然后使用窗口句柄GetWindowThreadProcessId，用进程ID，我可以得到包含名称中的System.Diagnostics.Process对象，开始时间和参数出发名单。我维护一个历史记录列表，所以我只写如果此进程ID /窗口句柄组合没有被记录之前跟踪的条目。

Install a Windows Hook for Mouse Down. When that event fires I use p-Invoke to "GetForegroundWindow" and then use the window handle to "GetWindowThreadProcessId", with the ProcessId I can get the System.Diagnostics.Process object containing the name, start time and argument start list. I maintain a history list so I only write a tracking entry if this processId/window handle combination has not been recorded before.

该解决方案不工作确定，但需要鼠标钩子，可以由Windows没有任何通知或问题在于检查它是否仍然大呼过瘾的能力会被丢弃。且不说这种实现似乎是一个黑客。

This solution does work ok but requires the mouse hook which can get dropped by Windows without any notification or ability to problematically check if it is still hooked. Not to mention this implementation seems like a hack.

如果有更好更直接的方法，请告知。

If there is a better more straightforward approach please advise.

感谢。

推荐答案

您可以使用<一个href="http://msdn.microsoft.com/en-us/library/windows/desktop/aa394649%28v=vs.85%29.aspx"><$c$c>__InstanceCreationEvent事件和<一href="http://msdn.microsoft.com/en-us/library/windows/desktop/aa394372%28v=vs.85%29.aspx"><$c$c>Win32_Process WMI类来监视创建的进程。

You can use the __InstanceCreationEvent event and the Win32_Process WMI class to monitor the created processes.

试试这个C＃示例应用程序

Try this sample C# application

using System;
using System.Collections.Generic;
using System.Management;
using System.Text;


namespace GetWMI_Info
{
    public class EventWatcherAsync 
    {
        private void WmiEventHandler(object sender, EventArrivedEventArgs e)
        {
            //in this point the new events arrives
            //you can access to any property of the Win32_Process class
            Console.WriteLine("TargetInstance.Handle :    " + ((ManagementBaseObject)e.NewEvent.Properties["TargetInstance"].Value)["Handle"]);
            Console.WriteLine("TargetInstance.Name :      " + ((ManagementBaseObject)e.NewEvent.Properties["TargetInstance"].Value)["Name"]);

        }

        public EventWatcherAsync()
        {
            try
            {
                string ComputerName = "localhost";
                string WmiQuery;
                ManagementEventWatcher Watcher;
                ManagementScope Scope;                

                Scope = new ManagementScope(String.Format("\\\\{0}\\root\\CIMV2", ComputerName), null);
                Scope.Connect();

                WmiQuery ="Select * From __InstanceCreationEvent Within 1 "+
                "Where TargetInstance ISA 'Win32_Process' ";

                Watcher = new ManagementEventWatcher(Scope, new EventQuery(WmiQuery));
                Watcher.EventArrived += new EventArrivedEventHandler(this.WmiEventHandler);
                Watcher.Start();
                Console.Read();
                Watcher.Stop();
            }
            catch (Exception e)
            {
                Console.WriteLine("Exception {0} Trace {1}", e.Message, e.StackTrace);
            }

        }

        public static void Main(string[] args)
        {
           Console.WriteLine("Listening process creation, Press Enter to exit");
           EventWatcherAsync eventWatcher = new EventWatcherAsync();
           Console.Read();
        }
    }
}

这篇关于如何监视应用程序被打开？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！