连接到正在运行的进程以监视其状态 [英] Hooking into a running process to monitor its status

问题描述

我不熟悉C#钩子，正在寻找有关在哪里进行研究的一些信息.我认为这里有些人可能已经做过这件事，然后才知道从哪里开始！

I'm new to C# hooking and am looking for a little information on where to do my research. I figured there are some folks here who may have done this before that might have a good idea of where to start!

我的总体目标很简单-创建一个C#应用程序(如果可能的话)，它可以在计算机上当前正在运行的进程中搜索与特定名称匹配的一个(在这种情况下，我们可以假设它是唯一的，只有一个该名称)，然后将其钩"到该过程中.目的是要注意该过程是否挂断.如果它崩溃，死机或通常具有Windows能够检测到的任何不良运行状况事件，我希望能够找到它.然后，根据看到的内容，它执行其他操作.

My overall goal is simple- to create a C# application, if possible, that can search the current running processes on a machine for one matching a certain name (we can assume for this situation that it is unique, only 1 process of that name) and "hook" into the process. The goal would be to watch for that process to get hung up. If it crashes, freezes, or generally has any bad health event that windows is capable of detecting, I'd like to be able to find out about it. Then, based on what it sees, it does other stuff.

我能够使用Pai Mei在Python 2.7中执行类似的操作，但是该项目长期以来一直被放弃，并且近年来我对C#变得非常喜欢.

I was able to do something similar in Python 2.7 using Pai Mei, but that project has been long abandoned and I've grown rather fond of C# in the recent years.

所以:这听起来像C#中可能的东西吗?如果是这样，请问有人在哪里可以找到有关我的信息的好建议吗?最后，是否有人愿意在这个主题上分享一些示例代码? = D

So: Does this sound like something that is possible in C#? If so, does anyone have a good suggestion on where I can find some information on it? And finally, does anyone have some example code laying around they might be willing to share on the topic? =D

谢谢！

推荐答案

ManagementEventWatcher might be helpful to starts with. However, the complexity would be on how do you write or tune your WMI queries.

我不拥有以下代码，并且在某处被昵称.

I don't own the following code and is been nicked from somewhere.

using System;
using System.Management;

class Process {
  public static void Main() {
    ManagementEventWatcher startWatch = new ManagementEventWatcher(
      new WqlEventQuery("SELECT * FROM Win32_ProcessStartTrace"));
    startWatch.EventArrived += new EventArrivedEventHandler(startWatch_EventArrived);
    startWatch.Start();
    ManagementEventWatcher stopWatch = new ManagementEventWatcher(
      new WqlEventQuery("SELECT * FROM Win32_ProcessStopTrace"));
    stopWatch.EventArrived += new EventArrivedEventHandler(stopWatch_EventArrived);
    stopWatch.Start();
    Console.WriteLine("Press any key to exit");
    while (!Console.KeyAvailable) System.Threading.Thread.Sleep(50);
    startWatch.Stop();
    stopWatch.Stop();
  }

  static void stopWatch_EventArrived(object sender, EventArrivedEventArgs e) {
    Console.WriteLine("Process stopped: {0}", e.NewEvent.Properties["ProcessName"].Value);
  }

  static void startWatch_EventArrived(object sender, EventArrivedEventArgs e) {
    Console.WriteLine("Process started: {0}", e.NewEvent.Properties["ProcessName"].Value);
  }
}

这篇关于连接到正在运行的进程以监视其状态的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！